城市轨道交通运营信息智能服务系统安全方案的设计与实现
摘要
城市轨道交通运营信息智能服务系统(即TOS)系统,采用具有高认知度、易于识别的红、黄、绿三色来表达轨道交通的实时运营状态,向轨道交通乘客和运营管理者两方面提供运营信息服务。TOS系统实时监控轨道交通空间内各个断面和特定位置的客流密度和运营状态,根据运营状态进行着色,形成了具备上海城市轨道交通特色的三色全网图。TOS系统由实时数据采集子系统、运营状态分析子系统和运营信息发布子系统构成。本论文正是为满足这一要求而做的基础性设计及研究,特别是系统安全方面的研究。
本文一共分为三部分进行阐述:
第一部分是本论文的绪论部分,主要介绍本论文的研究背景,论文结构安排。
第二部分是本论文的主体,包括第二到第六章。首先是TOS系统的简介,包括系统的建设目标、功能定位和既有系统条件;接着介绍TOS系统的整体设计方案和实时数据采集、运营状态分析及运营信息发布系统方案,同时介绍了系统在上海地铁的应用情况;接着论述TOS系统面临的安全威胁以及为规避风险所采取的安全性设计;然后论述TOS系统安全方案的应用及案例介绍,包括组网方案、实现功能、测试方案及结果和安全方案使用结论等;最后分析及展望安全系统的发展趋势及应用前景。
第三部分是本论文的结束语。
Tricolor Operating Status (TOS) system shows the real-time operating status of the Shanghai metro network in three colors (Red, Yellow and Green) to the metro staff and the passenger. TOS supervises the density of passenger and the operating status of the pre-defined position. TOS contains three important sub-systems—collection system, analysis system and distribution system. This article is the foundational design and research to meet the requirement, especially for the system security.
There are three parts in this paper.
The first part is the introduction. It will introduce the background of this project, the structure of the whole article, and the achievement.
The second part is the main body. It includes chapter 2 to chapter 6. Firstly it introduces the TOS System Briefly, including construction object, function requirement and existing conditions. Secondly it shows the system design proposal and the application case in shanghai Metro. Thirdly it analyses system security threat and related system security design.Forthly it introduces the security application,including network topology, security function,test proposal and user report. At last , summarizes the whole security system design and forecast.
The third part is the summary. Basing on the second part, it gives the conclusion.
本文一共分为三部分进行阐述:
第一部分是本论文的绪论部分,主要介绍本论文的研究背景,论文结构安排。
第二部分是本论文的主体,包括第二到第六章。首先是TOS系统的简介,包括系统的建设目标、功能定位和既有系统条件;接着介绍TOS系统的整体设计方案和实时数据采集、运营状态分析及运营信息发布系统方案,同时介绍了系统在上海地铁的应用情况;接着论述TOS系统面临的安全威胁以及为规避风险所采取的安全性设计;然后论述TOS系统安全方案的应用及案例介绍,包括组网方案、实现功能、测试方案及结果和安全方案使用结论等;最后分析及展望安全系统的发展趋势及应用前景。
第三部分是本论文的结束语。
Tricolor Operating Status (TOS) system shows the real-time operating status of the Shanghai metro network in three colors (Red, Yellow and Green) to the metro staff and the passenger. TOS supervises the density of passenger and the operating status of the pre-defined position. TOS contains three important sub-systems—collection system, analysis system and distribution system. This article is the foundational design and research to meet the requirement, especially for the system security.
There are three parts in this paper.
The first part is the introduction. It will introduce the background of this project, the structure of the whole article, and the achievement.
The second part is the main body. It includes chapter 2 to chapter 6. Firstly it introduces the TOS System Briefly, including construction object, function requirement and existing conditions. Secondly it shows the system design proposal and the application case in shanghai Metro. Thirdly it analyses system security threat and related system security design.Forthly it introduces the security application,including network topology, security function,test proposal and user report. At last , summarizes the whole security system design and forecast.
The third part is the summary. Basing on the second part, it gives the conclusion.
引文
[1] William Stallings.密码编码学与网络安全-原理与实践(第四版).孟庆树,王丽娜,傅建明等译.北京:电子工业出版社,2006.11
[2]蔡皖东,网络与信息安全【M】,西安:西北工业大学出版社,2004
[3] Davis CR. IPSec VPN的安全实施【M】。周永彬等译。北京:清华大学出版社,2002
[4]刑戈,张玉清,冯登国,网络安全管理平台研究【J】,计算机工程2004
[5]信息安全管理【EB/OL】,Http://www.cnns.net/news/db/4368.htm
[6]王红阳,安全管理实践【EB/OL】,Http://www.cww.net/cn/cwwservice/weekly/artical.asp?specialID=175&SpecialRowId=337&ID=10474
[7] OASIS, Common Alerting Protocol,v.1.0,OASIS Standard 2004 02,March 2004
[8] Anderw Nash,William Duane等著,公钥基础设施(PKI)实现和管理电子安全,清华大学出版社,2002
[9] Anderaon R. Biham E.Knudaen I. Serpent: A proposal for the advanced encryption standard. NIST AES Proposal. 1998
[10] Matsui M. New block encryption algorithm MISTY. Fast Software Encryption. FSE’97. LNCS 1267, SpringerVerlag. 1997
[11]王滨,张少武,马智:基于密码协议认证目标的协议分析方法的研究【J】微计算机信息,2005,
[12]吕锋,周亮。电子商务安全系统框架研究【J】.武汉理工大学学报,2004.2
[13]张蜂,察志光等.电子商务安全体系结构【J】.计算机科学,2002
[14]蔡酞花,张歧山.电子商务安全问题综述【J】.科技管理研究,2003
[15] S. Kent and R. Atkinson, Security Architecture for the Internet Protocol, RFC 2401, 1998
[16] S. Kent and R. Atkinson, IP Authentication Header, RFC 2402, 1998
[17] C. Madson and R. Glenn, The Use of HMAC-MD5-96 within ESP and AH, RFC 2403, 1998
[18] C. Madson and R. Glenn, The Use of HMAC-SHA-1-96 within ESP and AH, RFC 2404, 1998
[19] S. Kent and R. Atkinson, IP Encapsulating Security Payload (ESP), RFC 2406, 1998
[20] D. Piper, The Internet IP Security Domain of Interpretation for ISAKMP, RFC 2407, 1998
[21] D. Maughan, M. Schertler, M. Schneider and J. Turner, Internet Security Association and Key Management Protocol (ISAKMP), RFC 2408, 1998
[22] D. Harkins and D. Carrel, The Internet Key Exchange (IKE), RFC 2409, 1998
[23] R. Glenn and S. Kent, The NULL Encryption Algorithm and Its Use With IPsec, RFC 2410, 1998
[24] R. Thayer, N. Doraswamy and R. Glenn, IP Security Document Roadmap, RFC 2411, 1998
[25] LIN Y-N. VPN gateways over network processors : Implementation and Evaluation【A】. Real Time and Embedded Technology and Application Symposium【C】.2005
[26]王国伟.网络安全分布式DDoS攻击【N/OL】. http://it.rising.com.cn
[27] S. M. Bellovin, Security problems in the TCP/I Protocol Suit. A CM Computer Communications Review,Apr. 1989
[28] Merike Kaeo,网络安全性设计【M】潇湘工作室译.北京:人民邮电出版社
[29]《上海城市轨道交通网络化运营系统建设规划》
[30]《运营网络运营协调与应急中心建设指导意见》(STF-FR-010001);
[31]《网络控制中心建设指导意见》(STF-KZ-010001)
[32]《通信_网络无线通信系统建设指导意见》(上海申通地铁集团有限公司);
[33]《基于轨道交通网络化PIS系统建设指导意见》(上海申通地铁集团有限公司);
[34]《网络信息传输、同步与有线交换系统建设指导意见(试行)》(上海申通地铁集团有限公司2006年11月)。
[2]蔡皖东,网络与信息安全【M】,西安:西北工业大学出版社,2004
[3] Davis CR. IPSec VPN的安全实施【M】。周永彬等译。北京:清华大学出版社,2002
[4]刑戈,张玉清,冯登国,网络安全管理平台研究【J】,计算机工程2004
[5]信息安全管理【EB/OL】,Http://www.cnns.net/news/db/4368.htm
[6]王红阳,安全管理实践【EB/OL】,Http://www.cww.net/cn/cwwservice/weekly/artical.asp?specialID=175&SpecialRowId=337&ID=10474
[7] OASIS, Common Alerting Protocol,v.1.0,OASIS Standard 2004 02,March 2004
[8] Anderw Nash,William Duane等著,公钥基础设施(PKI)实现和管理电子安全,清华大学出版社,2002
[9] Anderaon R. Biham E.Knudaen I. Serpent: A proposal for the advanced encryption standard. NIST AES Proposal. 1998
[10] Matsui M. New block encryption algorithm MISTY. Fast Software Encryption. FSE’97. LNCS 1267, SpringerVerlag. 1997
[11]王滨,张少武,马智:基于密码协议认证目标的协议分析方法的研究【J】微计算机信息,2005,
[12]吕锋,周亮。电子商务安全系统框架研究【J】.武汉理工大学学报,2004.2
[13]张蜂,察志光等.电子商务安全体系结构【J】.计算机科学,2002
[14]蔡酞花,张歧山.电子商务安全问题综述【J】.科技管理研究,2003
[15] S. Kent and R. Atkinson, Security Architecture for the Internet Protocol, RFC 2401, 1998
[16] S. Kent and R. Atkinson, IP Authentication Header, RFC 2402, 1998
[17] C. Madson and R. Glenn, The Use of HMAC-MD5-96 within ESP and AH, RFC 2403, 1998
[18] C. Madson and R. Glenn, The Use of HMAC-SHA-1-96 within ESP and AH, RFC 2404, 1998
[19] S. Kent and R. Atkinson, IP Encapsulating Security Payload (ESP), RFC 2406, 1998
[20] D. Piper, The Internet IP Security Domain of Interpretation for ISAKMP, RFC 2407, 1998
[21] D. Maughan, M. Schertler, M. Schneider and J. Turner, Internet Security Association and Key Management Protocol (ISAKMP), RFC 2408, 1998
[22] D. Harkins and D. Carrel, The Internet Key Exchange (IKE), RFC 2409, 1998
[23] R. Glenn and S. Kent, The NULL Encryption Algorithm and Its Use With IPsec, RFC 2410, 1998
[24] R. Thayer, N. Doraswamy and R. Glenn, IP Security Document Roadmap, RFC 2411, 1998
[25] LIN Y-N. VPN gateways over network processors : Implementation and Evaluation【A】. Real Time and Embedded Technology and Application Symposium【C】.2005
[26]王国伟.网络安全分布式DDoS攻击【N/OL】. http://it.rising.com.cn
[27] S. M. Bellovin, Security problems in the TCP/I Protocol Suit. A CM Computer Communications Review,Apr. 1989
[28] Merike Kaeo,网络安全性设计【M】潇湘工作室译.北京:人民邮电出版社
[29]《上海城市轨道交通网络化运营系统建设规划》
[30]《运营网络运营协调与应急中心建设指导意见》(STF-FR-010001);
[31]《网络控制中心建设指导意见》(STF-KZ-010001)
[32]《通信_网络无线通信系统建设指导意见》(上海申通地铁集团有限公司);
[33]《基于轨道交通网络化PIS系统建设指导意见》(上海申通地铁集团有限公司);
[34]《网络信息传输、同步与有线交换系统建设指导意见(试行)》(上海申通地铁集团有限公司2006年11月)。