ATMS通訊安全動態加密技術研究

Abstract

ITS的目標在於促進交通安全、減少交通擁擠、提高機動性、增進經濟生產力、減少環境衝擊、提昇能源使用效率及帶動相關產業發展。而先進交通管理系統(Advanced Transportation Management System, ATMS)乃為ITS下之核心系統之一，其中最重要的乃是駕駛人所需即時交通資訊之傳輸、交通控制中心須依即時收取之資料，將最正確的訊息與決策傳給用路人與路側設施；在這環環相扣的過程中涉及許多技術專業如通訊、電機、資訊工程等領域的發展。目前， ATMS之資料傳輸中，採用NTCIP (National Transportation Communications for ITS Protocol)作為其傳輸協定，為了與現行通用之通訊協定相結合而不致有所衝突，NTCIP之堆疊(Stack)亦依循ISO-OSI(Open Systems Interconnect)之七層模型架構。 採用ISO-OSI之模型架構使得NTCIP不致於與現行通訊協定不相容，但開放式的網路環境也為NTCIP帶來許多安全性(Security)的問題，如駭客(Hacker)可在封包傳輸途中進行攔截，並對其進行竄改、偽裝、重送等攻擊，然而在實際應用上，其資料的傳輸安全性卻往往為人們所忽略。故本研究透過現行之密碼學相關技術，針對資料傳輸之確認性(Authentication)、機密性(Confidentiality)與完整性(Integrity)等對傳輸訊息進行加密保護，對於ATMS之傳輸建立ㄧ套動態安全機制(Dynamic Security Mechanism, DSM)，藉此提高ATMS之傳輸安全性。 此外，在通訊安全的領域中並無所謂絕對性的安全機制；安全機制的安全性應取決於使用者的需求以及可使用之軟硬體設備、支援等。本研究DSM最大的特色為可變動式金鑰產生器DSKG (Dynamic Secret Key Generator) 以及DPKG (Dynamic Public Key Pair Generator)。此機制使得每一次的傳輸加密皆有不同的金鑰產生，藉此來達到防止駭客入侵、取得傳輸資料之安全漏洞。 由於在原有的資料傳輸過程中加入加解密程序對於原系統亦會產生其負效應，因此本研究尚進行實驗設計，以探討其封包於加密前後對於系統運作影響以及封包傳輸時間之影響，並進行統計檢定，以確認封包加密對其之影響幅度，最後會依實驗結果對於加密前後之封包於ISP與VPN之有線網路及無線網路傳輸架構下之傳輸與系統運作時間進行DSM運作效率分析，以使得採用加密機制之交控中心人員能夠依其所需，訂立相關傳輸時間之門檻值。

ITS aims at enhancing traffic safety, reducing congestion, increasing travel mobility, enlarging economic power and controlling efficient energy-use. Advanced Transportation Management System (ATMS) is the major sub-system of ITS, and it utilizes monitor apparatus, communications and other control technologies to obtain or exchange traffic information between the traffic devices. However, during the data transmission, the situation of the data packets switching is exposed and not protected. Someone can use existing software to intercept the data packets from transmission process easily and these attacks will cause ATMS to become paralysed and disorder the signal timing or impaired traffic safety seriously. Therefore, the traffic data transmission security should be the principal issue for ATMS nowadays, but less people concern with the issue. By these reasons, this study concentrates on the information security of ATMS data transmission through modern cryptography and sets up a suitable security mechanism which aims at the message packet exchange and transmission via Java programming language. In which, the cryptography techniques would be adopted to protect the contents of data packet from masquerading, replying and tampering; and the general encryption algorithm is used to transform the plaintext into the ciphertext via the secret keys. In the past, the secret key algorithms during the encryption/decryption procedures are invariable and regular; furthermore, and the message packets are transmitted frequently in traffic control. In these conditions, one could crack the secret key algorithms easily by the frequent transmission. Thus, this research designs and implements an encryption technique which the secret keys could be changeable for each message and suitable for the ATMS data transmission; we called it dynamic encryption technique. On the other hand, we expect the security mechanism would not only achieve the data security but also consume less resources of the core system. Unfortunately, in the process of improving the data security, it also brings some negative-effects on the core system. Therefore, the system operation efficiency is also the major consideration of the security mechanism design. In additional, the security mechanism could be suitable for the existing communications media which transportation filed commonly uses nowadays, namely: wired network communications and 3.5G mobile communications.