中图分类号：U495;TP393.08
文献标识码：A
DOI:10.19358/j.issn.2097-1788.2023.10.014
引用格式：陈瑜，殷浩，姚蕾，等.基于双模单包授权的公路零信任安全应用研究 ［J］.网络安全与数据治理，2023，42（10）：87-93.

Research on the application of road zero trust security based on dual mode single packet authorization

Abstract： According to the characteristics of complex access range and high risks of network security in traffic information system engineering, this research proposes a comprehensive zerotrust system architecture for highways. This architecture mainly consists of six platforms, including a gateway management platform and a trusted identity control platform and other platforms. The research mainly focuses on security interaction based on the gateway management platform. Firstly, it can implement automatic routing strategies under multiple physical environments. Secondly, this research studies the dual mode Single Packet Authorization (SPA) knocking mechanism, with a particular analysis of UDP authentication and TCP knocking data access. Relied on the Smart Agricultural Road System Engineering, this research evaluates effectiveness and efficiency of secure access before and after application implementation. The results indicate that the system can run on domestic Loongson3A4000 chips. The access rate of dual mode SPA technology, combining UDP SPA with TCP SPA capabilities, has a 50% increase when compared to singlemode SPA. Based on meeting the requirements of threelevel Equal Protection, network invisibility can be achieved.

Key words : traffic network security; information system engineering; zero trust architecture; dual mode single packet authorization; software defined perimeter