Blockchain enabled zero trust based authentication scheme for railway communication networks

With the introduction of emerging technologies such as cloud computing, the railway communication network has the characteristics of complex structure and blurred boundaries, which leads to a series of security threats including information leakage and malicious access. Specifically, the third-party cloud services are difficult to be supervised, and network traffic is untrustworthy. To ensure system security, we propose a zero-trust security model in this paper. Then, we introduce blockchain and Merkle tree to build a distributed identity storage scheme for guaranteeing reliable, confidential and efficient data updates, and improving authentication efficiency. Furthermore, the proxy was introduced for two-way authentication with cloud servers, so that internal and external threats could be counteracted. Moreover, reputation assessment mechanism has been adopted to reduce the possibility of nodes accessing malicious cloud services. Performance analysis demonstrated that the proposed security model is able to enhance the security, efficiency and stability of the system, and consequently can guarantee the safety and reliability of railway transportation.