高速铁路信号安全数据网网络隔离技术研究  

作　　者：牛鹏军 陈利东 严之伟 NIU Pengjun;CHEN Lidong;YAN Zhiwei

机构地区：[1]中国铁路青藏集团有限公司西宁电务段,西宁810000 [2]中国铁路郑州局集团有限公司电务部,郑州450000 [3]怀邵衡铁路有限责任公司,长沙400014

出　　处：《铁道通信信号》2024年第8期41-46,共6页Railway Signalling & Communication

摘　　要：信号安全数据网是高速铁路信号系统的核心控制网络,承载着列控中心、计算机联锁、临时限速服务器、无线闭塞中心等信号设备的行车控制数据通信业务,其安全性是保障列车安全、有序、稳定、可靠运行的基础。为提高数据网安全性,首先结合现场的实际应用情况,梳理网元管理系统(EMS)与信号安全数据网间的连接方式和采用的数据交互协议,分析信号安全数据网可能面临的风险与威胁;其次针对存在的安全风险问题,开展网络安全隔离技术研究,通过采用物理隔离、协议转换、接入认证,以及网管业务功能代理等技术手段,实现EMS与信号安全数据网间网络通信的安全隔离;最后结合黄冈-黄梅高速铁路现场应用的网管数据摆渡系统与主机加固软件,对该技术在保证高速铁路信号安全数据网的封闭性和独立性,有效阻断由EMS引入的网络攻击和病毒扩散等方面进行验证。验证结果表明,该网络安全隔离技术在实际场景中可行有效。The signal safety data network is the core control network of the signaling system for high-speed railways,bearing the data communication services of the train control center,computer-based interlocking,temporary speed restriction server,radio block center,and other signal equipment for train operation control.Its security is the basis for ensuring the safe,orderly,stable,and reliable operation of trains.To improve the security of data network,firstly,the connection mode and data exchange protocol between the element management system(EMS)and the signal safety data network are reviewed alongside potential risks and threats.Secondly,network isolation technology is researched to address security concerns.Physical isolation,protocol conversion,access authentication,and network management service function proxy are applied to securely isolate the network communication between the EMS and the signal safety data network.Finally,the effectiveness of this technology is verified through the application of the network management data ferry system and host hardening software at the Huanggang—Huangmei high-speed railway line,demonstrating significant effectiveness by ensuring network closure and independence,and effectively preventing network attacks and virus spreading introduced by the EMS.The verification results confirm the significant effectiveness of the adopted network safety isolation technology in practical scenarios.

关 键 词：信号安全数据网 网元管理系统 安全隔离 接入认证 网管数据摆渡 

分 类 号：U285.8[交通运输工程—交通信息工程及控制]