摘要
LKJ车载数据无线换装系统采用无线传输方式实现车载数据文件从地面到车载,解决既有换装方式费时费力、存在数据安全隐患的问题。从数据的存储安全、传输安全及系统网络安全防护3个角度出发,对LKJ车载数据无线换装系统的安全架构进行分析。数据安全存储方面,采用三副本存储架构来实现;安全传输方面,采用IPSec VPN技术建立安全的车地传输通道,采用数字证书认证的方式,通过铁路安全传输平台实现铁路内外网的数据交互;网络安全方面,按照等保三级的要求,部署网络安全设备对来自铁路外部和内部的网络攻击行为进行安全防护。通过对系统安全架构的研究,能够有效提高LKJ车载数据传输的安全性,从而保障行车安全,提升路网运输效率。
The wireless reloading system for LKJ onboard data can realize data file transmission from the ground to trains by wireless transmission technology, which can solve the problems of huge time and effort consumption and risks of data security in existing reloading methods. This paper analyzed the security architecture of the system thoroughly from the aspects of data storage security, data transmission security, and system network security protection. For secure data storage, the storage architecture of three copies was applied;for secure data transmission, IPSec VPN was adopted to establish secure ground-train transmission channels, and the communication between the internal and external network data of railways was achieved on a secure data transmission platform for railways by digital certificate authentication;for system network security, the network security devices were applied to protect against network attacks from external and internal hackers of railways. The research on the security architecture of the system can effectively improve the transmission security of LKJ onboard data;thus, the operation security of LKJ trains can be ensured, and the transportation efficiency of the railway network can be enhanced.
作者
何之煜
李辉
郑理华
侯大山
吉志军
HE Zhiyu;LI Hui;ZHENG Lihua;HOU Dashan;JI Zhijun(Signal&Communication Research Institute,China Academy of Railway Sciences Corporation Limited,Beijing 100081,China;Beijing HUA-TIE Information Technology Co.,Ltd.,Beijing 100081,China)
出处
《铁道运输与经济》
北大核心
2022年第3期60-66,共7页
Railway Transport and Economy
基金
中国铁道科学研究院集团有限公司科研项目(2020YJ123)。
关键词
铁路
无线换装
车载数据
安全架构
分布式存储
安全传输
Railway
Wireless Reloading
Onboard Data
Security Architecture
Distributed Storage
Secure Transmission