铁路5G-R终端及应用接入安全管控关键技术

Key Technologies for Security Control of Railway 5G-R Terminals and Application Access Key Technologies for Security Control of Railway 5G-R Terminals and Application Access

终端及其接入是铁路5G-R系统安全保障的薄弱环节。为了加强对5G-R终端及其接入应用的管控,梳理铁路5G-R终端应用场景、运用模式、承载业务及其接入铁路应用业务系统的数据路由,分析5G-R手持终端智能化、物联网通信终端轻量化、车载综合无线传输设备公专融合化特点带来的安全风险。针对上述风险提出终端安全管控需求,结合已规划的铁路5G-R系统架构及终端身份认证、行为审计等安全技术,提出铁路5G-R终端安全管控系统的总体架构、功能实现及接口设置等成套解决方案,实现对5G-R手持终端、物联网通信终端、车载综合无线通信设备接入铁路应用系统的统一准入和访问控制、终端行为及应用数据的安全监控和分析、终端的安全管理以及移动应用的安全发布、下载和安装。

Terminals and their access are weak links in the security framework of the railway 5G-R system.To enhance control over 5G-R terminals and their access applications,this paper analyzed the application scenarios,operational modes,bearer services of railway 5G-R terminals,and the data routes connecting these terminals to the railway application service system.Furthermore,the paper assessed the security risks posed by the characteristics of intelligent 5G-R handheld terminals,lightweight IoT communication terminals,and the convergence of public-private onboard integrated wireless transmission equipment.In light of the risks above,this paper put forward terminal security control requirements.Based on the planned architecture of the railway 5G-R system and security technologies such as terminal identity authentication and behavior auditing,the paper proposed a complete solution for the overall architecture,functional implementation,and interface configuration of the railway 5G-R terminal security control system.This solution aims to achieve unified admission and access control for 5G-R handheld terminals,IoT communication terminals,and onboard integrated wireless communication equipment connecting to the railway application system.Additionally,it will enable security monitoring and analysis of terminal behaviors and application data,facilitate terminal security management,and ensure the secure release,download,and installation of mobile applications.