摘要
调度通信是铁路行车指挥控制的关键业务,其业务数据安全直接影响铁路运输安全。5G-R为IP化网络,业务数据以IP报文的形式在网络中明文传输,存在被伪造、窃听和篡改的风险。为保证业务数据在5G-R网络中传输的安全性和完整性,研究提出一种面向5G-R调度通信业务的媒体数据加密方法。首先,提出5G-R调度通信系统的密钥管理架构,明确各组成单元功能和相关接口;其次,对媒体数据加密涉及的安全实时传输协议SRTP、密钥管理协议MIKEY及基于MIKEY的调度通信系统密钥分发机制等关键技术进行研究;最后,梳理分析调度通信媒体加密相关密钥的生成和应用场景,对个呼、组呼、短消息和文件业务的数据加密流程展开研究。针对点对点通信,提出一种基于共享PCK生成会话密钥的加密方法;针对铁路组通信的特殊场景,提出基于共享GMK生成会话密钥的组呼叫加密方法,以及基于CSK、GMK混合加密的组数据和文件加密方法。研究提出的业务加密方法能够实现铁路5G专网调度通信业务媒体数据的加密传输,保障铁路关键业务数据的安全。
Dispatching communication is a critical service for railway operation control and command,and the security of its service data directly affects the safety of railway transportation.5G-R is an IPbased network where service data is transmitted in plaintext as IP packets,posing risks of forgery,eavesdropping,and tampering.To ensure the security and integrity of service data transmission in the 5G-R network,this study proposed a media data encryption method for 5G-R dispatching communication services.First,a key management architecture for the 5G-R dispatching communication system was introduced,clarifying the functions and interfaces of each component.Then,key technologies involved in media data encryption were investigated,including SRTP,MIKEY protocol,and MIKEY-based key distribution mechanism for dispatching communication systems.Finally,the generation and application scenarios of encryption keys for dispatching communication media were summarized and analyzed,and the encryption processes for individual call,group call,short message,and file services were studied.For point-to-point communication,an encryption method based on shared PCK was proposed to generate session keys.For railway group communication scenarios,a group call encryption method based on shared GMK was proposed to generate session keys,along with a hybrid encryption method based on CSK and GMK for group data and files.The proposed encryption methods enable encrypted transmission of media data for dispatching communication services in railway 5G private networks,thereby ensuring the security of critical railway service data.
作者
李春铎
郭强亮
闫晓宇
蔺伟
LI Chunduo;GUO Qiangliang;YAN Xiaoyu;LIN Wei(Signal and Communication Research Institute,China Academy of Railway Sciences Corporation Limited,Beijing 100081,China;National Research Center of Railway Intelligence Transportation System Engineering Technology,Beijing 100081,China)
出处
《铁道标准设计》
北大核心
2025年第6期171-177,186,共8页
Railway Standard Design
基金
中国国家铁路集团有限公司科技研究开发计划重大课题(K2022G018)
中国铁道科学研究院集团有限公司科研项目重点课题(2022YJ191)。
关键词
铁路
5G-R
调度通信
媒体
加密
密钥分发机制
railway
5G-R
dispatching communication
media
encryption
key distribution mechanism
作者简介
李春铎(1994-),女,助理研究员,2019年毕业于中国铁道科学研究院交通信息工程及控制专业,工学硕士,主要从事铁路通信研究工作,E-mail:790975197@qq.com;通信作者:郭强亮(1988-),男,副研究员,2018年毕业于北京航空航天大学检测技术与自动化装置专业,工学博士,主要从事铁路通信研究工作,E-mail:guoqiangliang2008@163.com。
