国密算法在5G-R系统中的应用研究  

作　　者：李春铎 杨轶杰 屈毅 LI Chunduo;YANG Yijie;QU Yi

机构地区：[1]中国铁道科学研究院集团有限公司通信信号研究所,北京100081 [2]中国铁道科学研究院集团有限公司电子计算技术研究所,北京100081 [3]中国铁路北京局集团有限公司北京铁路通信信号运维中心,北京100038

出　　处：《铁道通信信号》2025年第4期50-56,共7页Railway Signalling & Communication

基　　金：中国国家铁路集团有限公司科技研究开发计划项目(N2022G032)。

摘　　要：为保障5G-R系统的安全,提升铁路关键信息基础设施的国产化水平,对我国自主研发的国密算法在5G-R系统中的应用展开研究。基于5G-R系统安全架构,针对接入域、网络域、用户域、基于服务化架构(SBA)域的加密方法,分析国际标准化组织3GPP提出的基于国际加密算法的加密方案,探讨采用国密算法的替换方案;研究应用域数据的端到端加密技术,以调度通信业务为例,根据业务场景和数据特性,采用国密SM4加密算法对数据进行加密,采用国密SM3算法对数据进行完整性保护;提出建设铁路统一的密钥管理中心进行密钥分发,并结合个呼、组呼、短数据和文件传输业务流程设计数据加密方案。研究成果为推动国密算法在5G-R系统中的应用提供建议方案,有助于进一步提升铁路信息基础设施的自主可控水平。To ensure the security of the 5G-R system and enhance the localization level of key railway information infrastructures,the application of Chinese national cryptographic algorithms independently developed in the 5G-R system is studied.Based on the 5G-R system security architecture,the encryption methods used in the access domain,network domain,user domain,and service-based architecture(SBA)domain are explored,the encryption solutions based on international encryption algorithms proposed by the international standardization organization 3GPP are analyzed,and alternative solutions adopting Chinese national cryptographic algorithms are discussed.The end-to-end encryption technology of application domain data is studied.Taking scheduling communication service as an example,according to the business scenario and data characteristics,the SM4 encryption algorithm is used to encrypt the data,and the SM3 algorithm is used to protect the integrity of the data.An unified key management center for railway key distribution is proposed,and a data encryption scheme is designed by combining individual call,group call,short data and file transmission business flow.The research results provide suggestions for promoting the application of Chinese national cryptographic algorithm in the 5G-R system,and help to further improve the independent and controllable level of railway information infrastructures.

关 键 词：5G-R 国密算法 服务化架构 调度通信 安全协议 密钥管理 

分 类 号：U285.2[交通运输工程—交通信息工程及控制]