CN113595718A - PHM host of train and encryption method thereof - Google Patents

PHM host of train and encryption method thereof Download PDF

Info

Publication number
CN113595718A
CN113595718A CN202110869389.3A CN202110869389A CN113595718A CN 113595718 A CN113595718 A CN 113595718A CN 202110869389 A CN202110869389 A CN 202110869389A CN 113595718 A CN113595718 A CN 113595718A
Authority
CN
China
Prior art keywords
message
train
data
physical
phm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110869389.3A
Other languages
Chinese (zh)
Inventor
张元庆
王志刚
高广恩
康强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dalian Seasky Automation Co ltd
Original Assignee
Dalian Seasky Automation Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dalian Seasky Automation Co ltd filed Critical Dalian Seasky Automation Co ltd
Priority to CN202110869389.3A priority Critical patent/CN113595718A/en
Publication of CN113595718A publication Critical patent/CN113595718A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/34Encoding or coding, e.g. Huffman coding or error correction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Abstract

The invention provides a PHM (physical power management) host of a train, which comprises an inner end machine, an outer end machine and a physical network brake; the inner terminal machine is used for receiving Ethernet data of the train, the outer terminal machine is used for transmitting the data in the train network to the ground server, the data message of the inner terminal machine reaches the physical network brake through a protocol, the physical network brake processes the data message after receiving the correct data message, then the data message is ferred to the outer terminal machine through the protocol, and the outer terminal machine receives the data message of the physical network brake. The unidirectional data transmission among the internal terminal, the external terminal and the physical gatekeeper greatly improves the safety of data flow direction; in addition, complex encryption algorithms are designed in the internal terminal machine, the external terminal machine and the physical gatekeeper, so that the safety of data flow is ensured, and the data content is not easy to crack, modify and the like; and the message transmitted among the internal terminal, the physical network gate and the external terminal uses a 'stream encryption algorithm' to realize specific functions, and the security of data content can be ensured.

Description

PHM host of train and encryption method thereof
Technical Field
The invention relates to the field of PHM of trains, in particular to a PHM host of a train and an encryption method thereof.
Background
PHM (Prognostics and Health Management) of trains is the development direction of future train operation support. The PHM carries out targeted and predictive maintenance according to the monitoring and analysis of the current running situation of the train, and pre-judges the occurrence time of the fault in advance without waiting for the real occurrence of the fault and then carrying out post maintenance. The predictive maintenance can reduce the maintenance cost, reduce the maintenance time, improve the efficiency of train operation and simultaneously avoid major malignant accidents. In view of the data volume of the existing motor train units and in view of long-term development and planning, the PHM system of the motor train unit should be constructed in a big data mode so as to improve the real-time performance and convenience of monitoring of each train of the railway.
However, the PHM physical gatekeeper in the prior art has low data unidirectionality and data security, and cannot meet the use requirements of the existing train.
Disclosure of Invention
The invention aims to provide a PHM host and an encryption method thereof, which can ensure the data unidirectionality and data security of a PHM physical network brake and can meet the requirements of the existing train.
In order to achieve the above purpose, the invention provides the following technical scheme:
a PHM host of a train comprises an inner end machine, an outer end machine and a physical network brake; the train monitoring system comprises an inner terminal machine, an outer terminal machine and a physical network brake, wherein the inner terminal machine is used for receiving data of an Ethernet of a train, the outer terminal machine is used for transmitting the data in a train network to a ground server, a data message of the inner terminal machine reaches the physical network brake through a protocol, the physical network brake processes the data message after receiving the correct data message, then the data message is ferred to the outer terminal machine through the protocol, and the outer terminal machine receives the data message of the physical network brake.
Furthermore, the internal terminal, the FPGA physical gatekeeper and the external terminal are respectively provided with an encryption algorithm.
Furthermore, a stream encryption algorithm is set in the data messages among the internal terminal, the FPGA physical gatekeeper and the external terminal.
An encryption method of a PHM host of a train comprises the following steps,
the inner terminal machine uses the inner terminal machine MAC and the fixed sequence A to select an encryption algorithm and seed information, encrypts a text and sends a message to a physical gatekeeper;
after receiving the message, the physical gateway identifies an encryption algorithm and seed information according to a message source MAC and a fixed sequence A, and decrypts the message;
the physical network gate selects a new encryption algorithm and seed information by using the MAC and the fixed sequence B of the physical network gate, re-encrypts the decrypted message and sends the message to the external terminal;
and after receiving the message, the external terminal identifies the encryption algorithm and the seed information according to the message source MAC and the fixed sequence B, and decrypts the message.
Furthermore, the internal end machine, the physical gatekeeper and the external end machine use AES-256 encryption keys and perform algorithm processing twice before use.
Furthermore, the encryption algorithm of the message and the seed value thereof can be changed.
Further, the body part has a secure CRC32 check process.
Further, the physical gatekeeper identifies that the encryption algorithm is abnormal or the CRC32 is abnormal, so that the message can be directly discarded without transiting.
The invention has the beneficial effects that:
the unidirectional data transmission among the internal terminal, the external terminal and the physical gatekeeper greatly improves the safety of data flow direction; in addition, complex encryption algorithms are designed in the internal terminal machine, the external terminal machine and the physical gatekeeper, so that the safety of data flow is ensured, and the data content is not easy to crack, modify and the like; and the message transmitted among the internal terminal, the physical network gate and the external terminal uses a 'stream encryption algorithm' to realize specific functions, and the security of data content can be ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a block schematic diagram of the present invention.
The attached drawings indicate the following:
1. a PHM host; 2. an inner end machine; 3. an outer end machine; 4. a physical gatekeeper;
Detailed Description
In order that those skilled in the art will better understand the technical solutions of the present invention, the following detailed description of the present invention is provided in conjunction with the accompanying drawings and the specific embodiments.
As shown in fig. 1, a PHM master 1 of a train, the PHM master 1 includes an internal terminal 2, an external terminal 3 and a physical gatekeeper 4, and the physical gatekeeper 4 may be an FPGA physical gatekeeper 4; the inner terminal machine 2 is used for receiving TRDP of the Ethernet of the train and other relevant data, the outer terminal machine 3 is used for transmitting the data in the train network to the ground server, the data message of the inner terminal machine 2 reaches the physical network brake 4 through a protocol, the physical network brake 4 processes the data message after receiving the correct data message, and then the data message is ferred to the outer terminal machine 3 through the protocol, and the outer terminal machine 3 receives the data message of the physical network brake 4.
The data unidirectional transmission among the internal terminal 2, the external terminal 3 and the physical gatekeeper 4 greatly improves the safety of data flow direction; in addition, complex encryption algorithms are designed in the internal terminal 2, the external terminal 3 and the physical gatekeeper 4 to ensure the safety of data flow, so that the data content is not easy to crack, modify and the like; and the messages transmitted among the internal terminal 2, the physical gatekeeper 4 and the external terminal 3 use a 'stream encryption algorithm' to realize specific functions, and the security of data content can be ensured.
The data unidirectional transmission of the invention comprises the following steps: the data message of the internal terminal 2 can only reach the physical gatekeeper 4 through a specific protocol; and the physical gateway 4 receives the correct message and processes the message. Then ferrying to the external terminal 3 through a specific protocol; the external terminal 3 can only receive the ferry message of the physical gatekeeper 4 and cannot see the original message of the internal terminal 2; the physical network gate 4 can not ferry the message of the external terminal 3 to the internal terminal 2, so that the unidirectional property of the data can be ensured;
the data content security of the invention is ensured, the inner terminal machine 2, the physical network gate 4 and the outer terminal machine 3 are designed with complex encryption algorithm to ensure the security of data flow, so that the data content is not easy to crack, modify and the like; in addition, messages among the internal terminal machine 2, the physical gatekeeper 4 and the external terminal machine 3 use a 'stream encryption algorithm' to realize specific functions;
an encryption method of a PHM host 1 of a train,
message format: the message is in UDP format and consists of 2 parts, namely an encryption algorithm header and an encryption text.
The encryption algorithm header contains the following information:
1. a type of text encryption algorithm;
2. a seed of a text encryption algorithm;
3. the initial value of CRC32 for text integrity verification; (the last 4 bytes of the body are the CRC32 value after taking the initial value of CRC32 here and calculating the decrypted UDP body part)
4. In order to avoid the head of the encryption algorithm from being easily cracked, the head content is encrypted by AES-256. The AES-256 encrypted key is 'source MAC address + fixed sequence A';
the encryption calculation process comprises the following steps: and calculating a random sequence for encrypting the text according to the encryption algorithm type in the encryption algorithm header and the seed information of the algorithm, and encrypting the text content.
The inter-device encryption processing procedure comprises
The internal terminal machine 2 uses the MAC of the internal terminal machine 2 and the fixed sequence A to select an encryption algorithm and seed information, encrypts a message and sends the message to the physical gatekeeper 4;
after receiving the message, the physical gateway 4 identifies an encryption algorithm and seed information according to the message source MAC and the fixed sequence A, and decrypts the message;
the physical gateway 4 selects a new encryption algorithm and seed information by using the MAC and the fixed sequence B of the physical gateway 4, re-encrypts the decrypted message and sends the decrypted message to the external terminal 3;
after receiving the message, the external terminal 3 identifies the encryption algorithm and the seed information according to the message source MAC and the fixed sequence B, and decrypts the message.
After the PHM host 1 of the train is encrypted by the encryption method, the data security is greatly improved for the following reasons:
1) AES-256 encryption keys used by the internal terminal 2, the FPGA physical gatekeeper 4 and the external terminal 3 are not public, algorithm processing is carried out twice before use, and analysis and reverse pushing cannot be carried out on messages captured by a network;
2) the encryption algorithm and the seed value of each message can be changed, and the messages cannot be decrypted by using a fixed random sequence;
3) the safe CRC32 checking processing exists in the text part, and the text content is ensured not to be tampered;
4) if the gatekeeper identifies that the encryption algorithm is abnormal or the CRC32 is abnormal, the message can be directly discarded without transiting, so as to avoid influencing the safety.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (8)

1. The utility model provides a PHM host computer of train which characterized in that: the PHM host comprises an inner end machine, an outer end machine and a physical network gate; the train monitoring system comprises an inner terminal machine, an outer terminal machine and a physical network brake, wherein the inner terminal machine is used for receiving data of an Ethernet of a train, the outer terminal machine is used for transmitting the data in a train network to a ground server, a data message of the inner terminal machine reaches the physical network brake through a protocol, the physical network brake processes the data message after receiving the correct data message, then the data message is ferred to the outer terminal machine through the protocol, and the outer terminal machine receives the data message of the physical network brake.
2. The PHM master of a train as claimed in claim 1, wherein: and the internal terminal, the FPGA physical gateway and the external terminal are respectively provided with an encryption algorithm.
3. The PHM master of a train as claimed in claim 1, wherein: and a stream encryption algorithm is set in the data messages among the internal terminal, the FPGA physical gateway and the external terminal.
4. An encryption method for a PHM host of a train is characterized in that: comprises the following steps of (a) carrying out,
the inner terminal machine uses the inner terminal machine MAC and the fixed sequence A to select an encryption algorithm and seed information, encrypts a text and sends a message to a physical gatekeeper;
after receiving the message, the physical gateway identifies an encryption algorithm and seed information according to a message source MAC and a fixed sequence A, and decrypts the message;
the physical network gate selects a new encryption algorithm and seed information by using the MAC and the fixed sequence B of the physical network gate, re-encrypts the decrypted message and sends the message to the external terminal;
and after receiving the message, the external terminal identifies the encryption algorithm and the seed information according to the message source MAC and the fixed sequence B, and decrypts the message.
5. The encryption method of the PHM host of the train according to claim 4, wherein: the internal end machine, the physical network gate and the external end machine use AES-256 encryption keys and carry out algorithm processing twice before use.
6. The encryption method of the PHM host of the train according to claim 4, wherein: the encryption algorithm of the message and the seed value thereof can be changed.
7. The encryption method of the PHM host of the train according to claim 4, wherein: the body portion has a secure CRC32 check process.
8. The encryption method of the PHM master of the train according to claim 7, wherein: and when the physical gatekeeper identifies the encryption algorithm abnormity or the CRC32 abnormity, the message can be directly discarded without transiting.
CN202110869389.3A 2021-07-30 2021-07-30 PHM host of train and encryption method thereof Pending CN113595718A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110869389.3A CN113595718A (en) 2021-07-30 2021-07-30 PHM host of train and encryption method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110869389.3A CN113595718A (en) 2021-07-30 2021-07-30 PHM host of train and encryption method thereof

Publications (1)

Publication Number Publication Date
CN113595718A true CN113595718A (en) 2021-11-02

Family

ID=78252365

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110869389.3A Pending CN113595718A (en) 2021-07-30 2021-07-30 PHM host of train and encryption method thereof

Country Status (1)

Country Link
CN (1) CN113595718A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114710399A (en) * 2022-04-13 2022-07-05 西安热工研究院有限公司 Method and system for hot standby and capacity expansion of forward network gate

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104540237A (en) * 2014-11-28 2015-04-22 普联技术有限公司 Method and system for connecting intelligent device to network
CN104683352A (en) * 2015-03-18 2015-06-03 宁波科安网信通讯科技有限公司 Industrial communication isolation gap with double-channel ferrying function
CN105007272A (en) * 2015-07-21 2015-10-28 陈巨根 Information exchange system with safety isolation
CN111586041A (en) * 2020-05-07 2020-08-25 英赛克科技(北京)有限公司 Industrial unidirectional isolation network gate system and data transmission method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104540237A (en) * 2014-11-28 2015-04-22 普联技术有限公司 Method and system for connecting intelligent device to network
CN104683352A (en) * 2015-03-18 2015-06-03 宁波科安网信通讯科技有限公司 Industrial communication isolation gap with double-channel ferrying function
CN105007272A (en) * 2015-07-21 2015-10-28 陈巨根 Information exchange system with safety isolation
CN111586041A (en) * 2020-05-07 2020-08-25 英赛克科技(北京)有限公司 Industrial unidirectional isolation network gate system and data transmission method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114710399A (en) * 2022-04-13 2022-07-05 西安热工研究院有限公司 Method and system for hot standby and capacity expansion of forward network gate

Similar Documents

Publication Publication Date Title
CN108347331B (en) Method and device for safe communication between T _ Box device and ECU device in Internet of vehicles system
CN106357690B (en) data transmission method, data sending device and data receiving device
CN111049803A (en) Data encryption and platform security access method based on vehicle-mounted CAN bus communication system
CN109309688B (en) New energy power station operation control method based on cloud monitoring and data encryption transmission
CN103441983A (en) Information protection method and device based on link layer discovery protocol
WO2015003512A1 (en) Concentrator, ammeter, and message processing method therefor
CN106453391A (en) Long repeating data encryption and transmission method and system
CN107995160A (en) A kind of JSON data packet encrypting and decrypting methods based on high in the clouds management and control
JP6391823B2 (en) RDP data collection apparatus and method
CN113595718A (en) PHM host of train and encryption method thereof
CN112235308A (en) Data transmission method and system for industrial equipment with different communication protocols
CN111211894B (en) Data transmission method, device and system
CN108833380A (en) The method of data exchange between a kind of system the superior and the subordinate platform
CN112291296A (en) Internet of things equipment access system for urban fire-fighting remote monitoring system and method thereof
CN115484030A (en) Enterprise tax data sharing method and system based on Internet of things technology
CN112491833B (en) Data security transmission method for central monitoring system of wind turbine generator
CN104363098B (en) A kind of distributed monitoring end message safety protecting method based on digital encryption
CN109587155B (en) Wireless vehicle brake test system for guaranteeing information safety
CN113472539A (en) Method for carrying out national encryption by using RDMA R _ Key
CN109194490B (en) Power distribution network communication security authentication system and method
CN107896231B (en) Data encryption method for remote communication of energy hosting platform system
CN108924117B (en) Power quality monitoring and inquiring method
CN107087000B (en) Safety processing method for secondary shared information of transformer substation
CN112953898A (en) Audio and video encryption and decryption transmission control method
CN105407081A (en) Safe and high-efficiency satellite data transmission system and data synchronization and transmission method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20211102

RJ01 Rejection of invention patent application after publication