通信学报 ›› 2023, Vol. 44 ›› Issue (4): 201-215.doi: 10.11959/j.issn.1000-436x.2023071
谢人超1,2, 文雯1, 唐琴琴1, 刘云龙1, 谢高畅1, 黄韬1,2
修回日期:
2023-01-31
出版日期:
2023-04-25
发布日期:
2023-04-01
作者简介:
谢人超(1984- ),男,福建南平人,博士,北京邮电大学教授、博士生导师,主要研究方向为算力网络、工业互联网和移动边缘计算等基金资助:
Renchao XIE1,2, Wen WEN1, Qinqin TANG1, Yunlong LIU1, Gaochang XIE1, Tao HUANG1,2
Revised:
2023-01-31
Online:
2023-04-25
Published:
2023-04-01
Supported by:
摘要:
在环境复杂、乘客密集、高速移动的轨道交通场景中引入移动边缘计算(MEC)技术可满足其对低时延、移动性和海量连接等的需求。然而,MEC 在改善轨道交通通信网络性能的同时也带来了安全挑战。首先对轨道交通通信网络和MEC进行了概述;然后讨论了MEC在轨道交通中的价值和轨道交通移动边缘计算网络的架构;接着分析了轨道交通移动边缘计算网络面临的安全威胁并提出了防护方案;最后提出了一些开放性问题,希望对后续的研究提供思路。
中图分类号:
谢人超, 文雯, 唐琴琴, 刘云龙, 谢高畅, 黄韬. 轨道交通移动边缘计算网络安全综述[J]. 通信学报, 2023, 44(4): 201-215.
Renchao XIE, Wen WEN, Qinqin TANG, Yunlong LIU, Gaochang XIE, Tao HUANG. Survey on rail transit mobile edge computing network security[J]. Journal on Communications, 2023, 44(4): 201-215.
表1
轨道交通安全防护技术"
防护技术 | 文献 | 方案 | 技术方法 | 安全威胁 |
身份认证 | 文献[ | 提出了一种高效认证方案 | 椭圆曲线密码体制 | 非授权访问;非法基站; |
文献[ | 提出了一种轻量级高效认证机制 | 混沌系统 | 恶意代码植入 | |
数据加密 | 文献[ | 提出了一种铁路无线通信领域的密钥协议提出了一种改进协议以优化协议密钥服务流程 | Diffie-Hellman密钥协议算法高级加密标准 | 隐私泄露 |
访问控制 | 文献[ | 提出了一种基于位置的安全访问控制方案 | 基于轨迹等的定位算法 | 非授权访问;非法基站; |
文献[ | 提出了一种基于角色的安全访问控制方案 | 基于角色的访问控制 | 恶意代码植入 | |
入侵检测 | 文献[ | 提出了一种基于贝叶斯博弈的中间人攻击的检测方法 | 贝叶斯博弈 | 中间人攻击 |
高速切换 | 文献[ | 提出了一种新颖的车载架构 | 多个固定波束定向天线 | 信令风暴,呼叫丢弃 |
文献[ | 提出了一种基于预测算法的高速铁路场景切换方案 | 灰色模型预测 |
表2
MEC安全防护技术"
防护技术 | 文献 | 方案 | 技术方法 | 安全威胁 |
身份认证技术 | 文献[ | 提出了一种建立在边缘节点上的区块链网络,为车载网络提供访问控制 | 区块链 | 恶意节点 |
文献[ | 提出了面向服务的身份验证框架并设计了一种保护隐私的切片选择机制 | 网络切片 | 攻击 | |
DoS攻击防护技术 | 文献[ | 提出了一种基于流量变化的DDoS攻击检测算法 | LSTM、CNN | DoS攻击 |
MitM攻击防护技术 | 文献[ | 提出一种基于区块链的MitM攻击检测方法,实现零信任系统 | 区块链 | MitM攻击 |
隐私保护 | 文献[ | 提出了一种在支持物联网MEC场景中保护隐私的模型 | Boneh-Goh-Nissim | 隐私泄露 |
表3
轨道交通移动边缘计算网络安全威胁"
攻击角度 | 攻击模型 | 易感于攻击或加重影响的原因 | 造成影响 |
DoS攻击 | 防护能力弱;通信协议多样化;缺乏数据加密和消息验证机制 | 轨道交通移动边缘计算网络无法提供正常的网络服务,继而造成整个网络瘫痪 | |
网络基础设施 | MitM攻击 | 通信关系复杂 | 隐私泄露、传达错误指令和结果影响行车决策 |
恶意网关攻击 | 开放性 | 数据泄露、干扰网络设备提供服务 | |
DoS攻击 | 依赖虚拟化、防护能力弱 | MEC主机无法提供服务、对整个轨道交通系统产生影响 | |
服务基础设施 | 恶意注入攻击 | 身份认证机制和防护能力都比较薄弱 | MEC服务器做出错误的判断和指令影响列车业务、造成更多的服务器感染 |
非授权访问攻击 | 身份认证、访问管理机制存在缺陷 | 隐私泄露、MEC服务器对沿途列车的运行判断失误 | |
恶意节点攻击 | 身份认证、访问管理机制存在缺陷 | 破坏核心网络的稳定性、造成整个边缘计算网络的瘫痪 | |
DoS攻击 | 多租户 | 耗尽运行虚拟机的边缘服务器的资源、影响其他应用程序 | |
虚拟化基础设施 | 虚拟机逃逸 | 软件漏洞 | 在虚拟机管理器层或者管理域中安装后门、执行DoS攻击、窃取用户数据以及控制其他虚拟机等 |
虚拟机复制 | 频繁的网络切换 | 发动从信息抽取到复制运算密集型任务等多种形式的攻击、损害其他服务器或数据中心的安全性 | |
终端设备 | 侧信道攻击 | 具有丰富的信道信息 | 隐私泄露 |
非授权访问攻击 | 身份认证、访问管理机制存在缺陷;频繁切换 | 影响行车决策、隐私泄露、导致更多的MEC服务器被感染 |
[1] | LIEM M , MENDIRATTA V B . Mission critical communication networks for railways[J]. Bell Labs Technical Journal, 2011,16(3): 29-46. |
[2] | WU H , LI F , DU C X ,et al. City urban rail transit train-ground wireless communication network research based on LTE technology[C]// Proceedings of 2020 IEEE International Conference on Information Technology,Big Data and Artificial Intelligence (ICIBA). Piscataway:IEEE Press, 2020: 217-220. |
[3] | 纪艺勇 . LTE技术在地铁专用通信系统中的应用方案[J]. 中国科技纵横, 2016(21): 21-22. |
JI Y Y . Application research on LTE technology in subway dedicated communication system[J]. China Science & Technology Overview, 2016(21): 21-22. | |
[4] | 彭亚枫 . 城轨 CBTC 系统中间人攻击检测与防御方法研究[D]. 北京:北京交通大学, 2018. |
PENG Y F . Research on detection and defense method of man-in-the-middle attack in CBTC system of urban rail transit[D]. Beijing:Beijing Jiaotong University, 2018. | |
[5] | 熊桢 . 轨道交通无线通信系统业务类型及技术方案探析[J]. 智能城市, 2020,6(12): 172-173. |
XIONG Z . Analysis on the service type and technical scheme of rail transit wireless communication system[J]. Intelligent City, 2020,6(12): 172-173. | |
[6] | 毛磊, 翟浩杰, 尹尚国 . 5G在轨道交通行业的应用探讨[J]. 移动通信, 2020,44(1): 63-70. |
MAO L , ZHAI H J , YIN S G . Discussion on the application of 5G in the rail transportation industry[J]. Mobile Communications, 2020,44(1): 63-70. | |
[7] | 丁超, 陈英, 鉴纪凯 ,等. 城市轨道交通列车网络安全研究[J]. 现代城市轨道交通, 2022(9): 81-86. |
DING C , CHEN Y , JIAN J K ,et al. Research on network security of urban rail transit trains[J]. Modern Urban Transit, 2022(9): 81-86. | |
[8] | 刘魁 . 城市轨道交通网络安全集中管控防护方案[J]. 都市快轨交通, 2022,35(2): 85-90. |
LIU K . Centralized control and protection scheme for urban rail transit network security[J]. Urban Rapid Rail Transit, 2022,35(2): 85-90. | |
[9] | WANG Y , ZHANG W F , WANG X M ,et al. Improving the security of LTE-R for high-speed railway:from the access authentication view[J]. IEEE Transactions on Intelligent Transportation Systems, 2022,23(2): 1332-1346. |
[10] | XU T , GAO D Y , DONG P ,et al. Improving the security of wireless communications on high-speed trains by efficient authentication in SCN-R[J]. IEEE Transactions on Vehicular Technology, 2019,68(8): 7283-7295. |
[11] | HEI X H , GAO W , WANG Y C ,et al. Railway key exchange scheme for improving communication efficiency of RSSP-II protocol[C]// Proceedings of 2019 IEEE Globecom Workshops (GC Wkshps). Piscataway:IEEE Press, 2020: 1-6. |
[12] | WU P W , WU Z D , LI L Y . Research on MAC verification code of railway signal security communication protocol[J]. Journal of Physics:Conference Series, 2021:doi.org/10.1088/1742-6596/1757/1/012166. |
[13] | LI J , WU H . Localisation algorithm for security access control in railway communications[J]. IET Intelligent Transport Systems, 2020,14(14): 2151-2159. |
[14] | CHENG J F , KANG R W , ZHAO X Q . Role based access control and its application in high speed railway[C]// Proceedings of 2013 Sixth International Conference on Advanced Computational Intelligence (ICACI). Piscataway:IEEE Press, 2014: 362-364. |
[15] | PARICHEHREH A , SPAGNOLINI U . Seamless LTE connectivity in high speed trains[C]// Proceedings of 2014 IEEE Wireless Communications and Networking Conference (WCNC). Piscataway:IEEE Press, 2014: 2067-2072. |
[16] | WANG J R , YANG X J , ZHAO S Y ,et al. Handover performance improvement for ultra dense network of high-speed railway[C]// Proceedings of 2017 IEEE 85th Vehicular Technology Conference (VTC Spring). Piscataway:IEEE Press, 2017: 1-5. |
[17] | ETSI. Mobile-edge computing:introductory technical white paper[R]. 2014. |
[18] | 谢人超, 廉晓飞, 贾庆民 ,等. 移动边缘计算卸载技术综述[J]. 通信学报, 2018,39(11): 138-155. |
XIE R C , LIAN X F , JIA Q M ,et al. Survey on computation offloading in mobile edge computing[J]. Journal on Communications, 2018,39(11): 138-155. | |
[19] | 边缘计算产业联盟和工业互联网产业联盟. 边缘计算安全白皮书[R]. 2019. |
Edge Computing Consortium and Alliance of Industrial Internet . White paper on edge computing security[R]. 2019. | |
[20] | GUO S Y , HU X , ZHOU Z Q ,et al. Trust access authentication in vehicular network based on blockchain[J]. China Communications, 2019,16(6): 18-30. |
[21] | NI J B , LIN X D , SHEN X S . Efficient and secure service-oriented authentication supporting network slicing for 5G-enabled IoT[J]. IEEE Journal on Selected Areas in Communications, 2018,36(3): 644-657. |
[22] | JIA Y Z , ZHONG F T , ALRAWAIS A ,et al. FlowGuard:an intelligent edge defense mechanism against IoT DDoS attacks[J]. IEEE Internet of Things Journal, 2020,7(10): 9552-9562. |
[23] | CHOI J , AHN B , BERE G ,et al. Blockchain-based man-in-the-middle (MITM) attack detection for photovoltaic systems[C]// Proceedings of 2021 IEEE Design Methodologies Conference (DMC). Piscataway:IEEE Press, 2021: 1-6. |
[24] | LI X , LIU S P , WU F ,et al. Privacy preserving data aggregation scheme for mobile edge computing assisted IoT applications[J]. IEEE Internet of Things Journal, 2019,6(3): 4755-4763. |
[25] | ZHAO J H , LIU J , YANG L H ,et al. Future 5G-oriented system for urban rail transit:opportunities and challenges[J]. China Communications, 2021,18(2): 1-12. |
[26] | 谢高畅, 卢华, 唐琴琴 ,等. 区块链在轨道交通移动边缘计算网络中的应用[J]. 电信科学, 2021,37(10): 117-125. |
XIE G C , LU H , TANG Q Q ,et al. Application of blockchain in rail transit edge computing network[J]. Telecommunications Science, 2021,37(10): 117-125. | |
[27] | LIU X , ZHANG M J , ZOU C M ,et al. Edge intelligence for smart metro systems:architecture and enabling technologies[J]. IEEE Network, 2022,36(1): 136-143. |
[28] | ROMAN R , LOPEZ J ,, MAMBO M.Mobile edge computing , fog et al . :a survey and analysis of security threats and challenges[J]. Future Generation Computer Systems, 2018,78(2): 680-698. |
[29] | ALI B , GREGORY M A , LI S . Multi-access edge computing architecture,data security and privacy:a review[J]. IEEE Access, 2021,9: 18706-18721. |
[30] | RANAWEERA P , JURCUT A , LIYANAGE M . MEC-enabled 5G use cases:a survey on security vulnerabilities and countermeasures[J]. ACM Computing Surveys, 2022,54(9): 1-37. |
[31] | XIAO Y H , JIA Y Z , LIU C C ,et al. Edge computing security:state of the art and challenges[J]. Proceedings of the IEEE, 2019,107(8): 1608-1631. |
[32] | RANAWEERA P , JURCUT A D , LIYANAGE M . Survey on multi-access edge computing security and privacy[J]. IEEE Communications Surveys & Tutorials, 2021,23(2): 1078-1124. |
[33] | 叶润国, 蔡磊, 栾尚聪 . 虚拟机逃逸漏洞分析和安全对策研究[J]. 信息技术与标准化, 2015(12): 30-34. |
YE R G , CAI L , LUAN S C . Analysis and research on VM escaping and associated countermeasures[J]. Information Technology & Standardization, 2015(12): 30-34. | |
[34] | LIYANAGE M , PORAMBAGE P , DING A Y . Five driving forces of multi-access edge computing[J]. arXiv Preprint,arXiv:1810.00827, 2018. |
[35] | SUN S , DU R , CHEN S D ,et al. Blockchain-based IoT access control system:towards security,lightweight,and cross-domain[J]. IEEE Access, 2021,9: 36868-36878. |
[36] | 彭维平, 熊长可, 贺军义 ,等. 边缘计算场景下车联网身份隐私保护方案研究[J]. 小型微型计算机系统, 2020,41(11): 2399-2406. |
PENG W P , XIONG C K , HE J Y ,et al. Research on the identity privacy protection scheme of Internet of vehicles in edge computing scenario[J]. Journal of Chinese Computer Systems, 2020,41(11): 2399-2406. | |
[37] | XIANG Y , LI K , ZHOU W L . Low-rate DDoS attacks detection and traceback by using new information metrics[J]. IEEE Transactions on Information Forensics and Security, 2011,6(2): 426-437. |
[38] | WU W F , HUANG Y Z , KURACHI R ,et al. Sliding window optimized information entropy analysis method for intrusion detection on In-vehicle networks[J]. IEEE Access, 2018,6: 45233-45245. |
[39] | HU L R , BU B . Intrusion detection methods in communication-based train control systems based on relative entropy and trust evaluation[C]// Proceedings of 2021 IEEE International Intelligent Transportation Systems Conference (ITSC). Piscataway:IEEE Press, 2021: 3939-3944. |
[40] | LI Y , ZHU L , WANG H W ,et al. A cross-layer defense scheme for edge intelligence-enabled CBTC systems against MitM attacks[J]. IEEE Transactions on Intelligent Transportation Systems, 2021,22(4): 2286-2298. |
[41] | GAO B , BU B . A novel intrusion detection method in train-ground communication system[J]. IEEE Access, 2019,7: 178726-178743. |
[42] | 刘艺璇, 陈红, 刘宇涵 ,等. 联邦学习中的隐私保护技术[J]. 软件学报, 2022,33(3): 1057-1092. |
LIU Y X , CHEN H , LIU Y H ,et al. Privacy-preserving techniques in federated learning[J]. Journal of Software, 2022,33(3): 1057-1092. | |
[43] | LIANG K , AU M H , LIU J K ,et al. A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing[J]. Future Generation Computer Systems, 2015,52: 95-108. |
[44] | MA L , PEI Q , XIAO H ,et al. Edge computing enhanced privacy preserving for location based services[C]// Proceedings of IEEE INFOCOM 2019-IEEE Conference on Computer Communications Workshops(INFOCOM WKSHPS). Piscataway:IEEE Press, 2019: 1-6. |
[45] | 刘庆祥, 许小龙, 张旭云 ,等. 基于联邦学习的边缘智能协同计算与隐私保护方法[J]. 计算机集成制造系统, 2021,27(9): 2604-2610. |
LIU Q X , XU X L , ZHANG X Y ,et al. Federated learning based method for intelligent computing with privacy preserving in edge computing[J]. Computer Integrated Manufacturing Systems, 2021,27(9): 2604-2610. | |
[46] | GARFINKEL T , ROSENBLUM M . A virtual machine introspection based architecture for intrusion detection[C]// Proceedings of Network and Distributed System Security Symposium. Piscataway:IEEE Press, 2003: 191-206. |
[47] | 林昆, 黄征 . 基于 Intel VT-d 技术的虚拟机安全隔离研究[J]. 信息安全与通信保密, 2011,9(5): 101-103. |
LIN K , HUANG Z . Study on virtual machine security isolation based on Intel VT-d[J]. Information Security and Communications Privacy, 2011,9(5): 101-103. | |
[48] | KALKAN K , ZEADALLY S . Securing Internet of things with software defined networking[J]. IEEE Communications Magazine, 2018,56(9): 186-192. |
[49] | BHUNIA S S , GURUSAMY M . Dynamic attack detection and mitigation in IoT using SDN[C]// Proceedings of 2017 27th International Telecommunication Networks and Applications Conference (ITNAC). Piscataway:IEEE Press, 2017: 1-6. |
[50] | 曹扬晨, 朱国胜, 孙文和 ,等. 未知网络攻击识别关键技术研究[J]. 计算机科学, 2022,49(S1): 581-587. |
CAO Y C , ZHU G S , SUN W H ,et al. Study on key technologies of unknown network attack identification[J]. Computer Science, 2022,49(S1): 581-587. |
[1] | 赵仕祺, 黄小红, 钟志港. 基于信誉的域间路由选择机制的研究与实现[J]. 通信学报, 2023, 44(6): 47-56. |
[2] | 鲁蔚锋, 李宁, 徐佳, 徐力杰, 徐建. 多接入边缘计算中相关性任务的联合调度算法[J]. 通信学报, 2023, 44(4): 87-98. |
[3] | 苏新, 张桂福, 行鸿彦, Zenghui Wang. 基于平衡生成对抗网络的海洋气象传感网入侵检测研究[J]. 通信学报, 2023, 44(4): 124-136. |
[4] | 余雪勇, 邱礼翔, 宋家宁, 朱洪波. 无人机辅助边缘计算中安全通信与能效优化策略[J]. 通信学报, 2023, 44(3): 45-54. |
[5] | 徐明, 张保俊, 伍益明, 应晨铎, 郑宁. 面向网络攻击和隐私保护的多智能体系统分布式共识算法[J]. 通信学报, 2023, 44(3): 117-127. |
[6] | 范伟, 彭诚, 朱大立, 王雨晴. 移动边缘计算网络下基于静态贝叶斯博弈的入侵响应策略研究[J]. 通信学报, 2023, 44(2): 70-81. |
[7] | 康海燕, 龙墨澜. 基于吸收马尔可夫链攻击图的网络攻击分析方法研究[J]. 通信学报, 2023, 44(2): 122-135. |
[8] | 赵庶旭, 韦萍, 王小龙. 多任务并发边缘计算环境中最优联盟结构生成策略[J]. 通信学报, 2023, 44(2): 172-184. |
[9] | 龙隆, 刘子辰, 陆在旺, 张玉成, 李蕾. 移动边缘网络下服务缓存与资源分配联合优化策略[J]. 通信学报, 2023, 44(1): 64-74. |
[10] | 张宇, 程旻. NDN中边缘计算与缓存的联合优化[J]. 通信学报, 2022, 43(8): 164-175. |
[11] | 王子园, 杜瑞忠. 边缘环境下基于无证书公钥密码的数据完整性审计方案[J]. 通信学报, 2022, 43(7): 62-72. |
[12] | 郭渊博, 李勇飞, 陈庆礼, 方晨, 胡阳阳. 融合Focal Loss的网络威胁情报实体抽取[J]. 通信学报, 2022, 43(7): 85-92. |
[13] | 莫梓嘉, 高志鹏, 杨杨, 林怡静, 孙山, 赵晨. 面向车联网数据隐私保护的高效分布式模型共享策略[J]. 通信学报, 2022, 43(4): 83-94. |
[14] | 杨力, 潘成胜, 孔相广, 黄琦龙, 戚耀文. 5G融合卫星网络研究综述[J]. 通信学报, 2022, 43(4): 202-215. |
[15] | 王继锋, 王国峰. 边缘计算模式下密文搜索与共享技术研究[J]. 通信学报, 2022, 43(4): 227-238. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|