| 列车通信网络WTB链路层攻击方法研究 |
| 万海1, 孙雷2, 王恬1, 黄晋1, 赵曦滨1 |
| 1. 清华大学 软件学院 信息系统安全教育部重点实验室, 北京 100084; 2. 天津大学 精密仪器与光电子工程学院, 天津 300072 |
| Analysis of a method for attacking WTBlink layers in a train communication network |
| WAN Hai1, SUN Lei2, WANG Tian1, HUANG Jin1, ZHAO Xibin1 |
| 1. Information System Security Key Laboratory of Ministry of Education, School of Software, Tsinghua University, Beijing 100084, China; 2. School of Precision Instrument & Opto-electronics Engineering, Tianjin University, Tianjin 300072, China |
摘要:
| |||
| 摘要列车通信网络(TCN)是列车专用的工业控制网络, 其安全问题是列车运营的重中之重。目前尚缺乏直接针对TCN底层的安全监控手段。WTB是TCN标准体系中规定的一种底层总线通信模块。该文通过分析WTB的网络通信协议, 发现了一种存在于列车通信网络底层的安全隐患以及可能的攻击方法。采用形式化建模验证和真实平台实验两种方式确认了攻击的有效性。此外, 该文还根据攻击的特点, 提出了相应的防范方法。 | |||
| 关键词 :列车通信网络,WTB,攻击,解决 | |||
| Abstract:Train communication network (TCN) is a specialized industrial control network, whose safety and security problems are of great importance. The wire train bus (WTB) is one of the link layer communication modules of TCN architectures. A potential risk and a possible attack method were found based on the analysis of WTB communication protocol. Formal modeling verification and experiments show that the attack method is feasible. Based on the characteristics of the attack method, this paper also proposes a precautionary method. | |||
| Key words:train communication network (TCN)wire train bus (WTB)attackspreliminary solutions | |||
| 收稿日期: 2014-10-28 出版日期: 2016-01-29 | |||
| |||
| 通讯作者:黄晋,博士后,E-mail:huangjin@tsinghua.edu.cnE-mail: huangjin@tsinghua.edu.cn | |||
| 引用本文: |
| 万海, 孙雷, 王恬, 黄晋, 赵曦滨. 列车通信网络WTB链路层攻击方法研究[J]. 清华大学学报(自然科学版), 2016, 56(1): 42-50. WAN Hai, SUN Lei, WANG Tian, HUANG Jin, ZHAO Xibin. Analysis of a method for attacking WTBlink layers in a train communication network. Journal of Tsinghua University(Science and Technology), 2016, 56(1): 42-50. |
| 链接本文: |
| http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2016.23.010或 http://jst.tsinghuajournals.com/CN/Y2016/V56/I1/42 |
图表:
 |
| 图1 列车通信网络结构示意图 |
 |
| 图2 TCN 标准体系结构 |
 |
| 图3 WTB参考模型 |
 |
| 图4 MAU 结构示例图 |
 |
| 图5 WTB节点宏状态关系图 |
 |
| 图6 REGULAR_MASTER 宏状态展开图 |
 |
| 图7 WTB链路层攻击示意 |
 |
| 图8 直接转发 |
 |
| 图9 跨周期转发 |
 |
| 图10 系统模型结构 |
 |
| 图11 WTB链路层攻击的拓扑 |
 |
| 图12 恶意WTB节点系统结构 |
参考文献:
| [1] 石淑华, 池瑞楠. 计算机网络安全技术. 北京: 人民邮电出版社, 2012. [2] 晋宽, 淑华, 雨川. 工业网络技术. 北京: 北京邮电学院出版社, 2007. [3] 李战宝, 潘卓. 透视“震网”病毒[J]. 信息网络安全, 2011(9): 230-232.LI Zhanbao, PAN Zhuo. The perspective of Stuxnet viru [J]. Netinfo Security, 2011( 9): 230-232. (in Chinese) [4] 陶艳. 列车网络控制技术原理与应用 [M]. 北京: 中国电力出版社, 2010. [5] 全宏宇. CTCS-3级列控系统地车安全信息传输子系统的建模与分析 [M]. 北京: 北京交通大学出版社, 2014. [6] 张文远. 全面加强LKJ系统设备运用管理 [J]. 铁道通信信号, 2009, 45(10): 49-50.ZHANG Wenyuan. Strengthening LKJ system equipment application management in all aspects [J]. Railway Signalling & Communication, 2009, 45(10): 49-50. (in Chinese) [7] 申瑞源. 机车车载安全防护系统(6A系统)总体方案研究 [J]. 中国铁路, 2012(12): 1-6.SHEN Ruiyuan. Research on the overall scheme of train-carried safety protection system (6A system) [J]. Chinese Railways, 2012(12): 1-6. (in Chinese) [8] IEC. IEC 61375-1. Electric railway equipment-Train bus- Part 1: Train communication network [S]. Switzerland: IEC, 1999. [9] Bengtsson J, Larsen K, Larsson F, et al. Uppaal: A tool suite for automatic verification of real-time systems [J]. Hybrid Systems III, 1996, 232-243. [10] Alur R, Dill D. A theory of timed automata [J]. Theoretical Computer Science, 1994, 126(2): 183-235. [11] YU Jiang, ZHANG Hehua, SONG Xiaoyu, et al. Verification and implementation of the protocol standard in train control system [C]//Computer Software and Applications Conference (COMPSAC), 2013 IEEE 37th Annual. IEEE, 2013: 549-558. null |
相关文章:
|
