(1.Nantong Road Development Authority, Nantong 226006, China;2.School of Cyberspace Security, Southeast University, Nanjing 211100, China;3.Sangfor Technologies Inc., Shenzhen 518055, China)
Abstract： According to the characteristics of complex access range and high risks of network security in traffic information system engineering, this research proposes a comprehensive zerotrust system architecture for highways. This architecture mainly consists of six platforms, including a gateway management platform and a trusted identity control platform and other platforms. The research mainly focuses on security interaction based on the gateway management platform. Firstly, it can implement automatic routing strategies under multiple physical environments. Secondly, this research studies the dual mode Single Packet Authorization (SPA) knocking mechanism, with a particular analysis of UDP authentication and TCP knocking data access. Relied on the Smart Agricultural Road System Engineering, this research evaluates effectiveness and efficiency of secure access before and after application implementation. The results indicate that the system can run on domestic Loongson3A4000 chips. The access rate of dual mode SPA technology, combining UDP SPA with TCP SPA capabilities, has a 50% increase when compared to singlemode SPA. Based on meeting the requirements of threelevel Equal Protection, network invisibility can be achieved.
Key words : traffic network security; information system engineering; zero trust architecture; dual mode single packet authorization; software defined perimeter