天地一体化信息网络 ›› 2021, Vol. 2 ›› Issue (3): 2-14.doi: 10.11959/j.issn.2096-8930.2021026

• 专题:天地一体化信息网络安全防护技术 • 上一篇    下一篇

面向多类型终端的天地一体化信息网络接入与切换认证机制研究

曹进1, 陈李兰1, 马如慧1, 李晖1, 李凤华2,2   

  1. 1 西安电子科技大学网络与信息安全学院,陕西 西安 710071
    2 中国科学院信息工程研究所,北京 100093;3.中国科学院大学网络空间安全学院,北京 100049
  • 修回日期:2021-08-26 出版日期:2021-09-01 发布日期:2021-09-01
  • 作者简介:曹进(1985-),男,博士,西安电子科技大学教授,主要研究方向为4G/5G网络、天地一体化信息网络安全及认证协议设计分析等
    陈李兰(1997-),女,西安电子科技大学硕士生,主要研究方向为天地一体化信息网络终端接入安全等
    马如慧(1991-),女,博士,西安电子科技大学讲师,主要研究方向为4G/5G网络、天地一体化信息网络安全认证机制研究等
    李晖(1968-),男,博士,西安电子科技大学网络与信息安全学院教授、博士生导师,主要研究方向为密码学、无线网络安全、信息理论和网络编码等
    李凤华(1966-),男,博士,中国科学院信息工程研究所教授、博士生导师,主要研究方向为网络与系统安全、隐私计算、密码应用等
  • 基金资助:
    国家自然科学基金面上项目(61772404);陕西省重点产业创新链(群)-工业领域项目(2020ZDLGY08-08);国家自然科学基金重点类项目(U1836203)

Research on Access and Handover Authentication Mechanism of SpaceIntegrated-Ground Information Network for Multi-Type Terminals

Jin CAO1, Lilan CHEN1, Ruhui MA1, Hui LI1, Fenghua LI2,2   

  1. 1 School of Cyber Engineering, Xidian University, Xi'an 710071, China
    2 Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China 3.School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
  • Revised:2021-08-26 Online:2021-09-01 Published:2021-09-01
  • Supported by:
    The National Natural Science Foundation of China(61772404);Shaanxi Province Key Industrial Innovation Chain (Group)-Industrial Field Project(2020ZDLGY08-08);The National Natural Science Foundation of China(U1836203)

摘要:

随着天地一体化信息网络新频段的关键技术研究成熟,网络能容纳各种频段类型的用户。为实现资源有效利用,针对差异化终端需要设计有针对性、定制化的安全防护机制。在统一网络架构下,针对普通终端、关键终端和Ka终端3种类型终端,分别提出3种接入认证机制。同时,为确保不同类型终端接入网络后仍可获得连续的网络服务,提出一种基于预切换的切换认证机制,为3类终端提供统一安全的切换服务。形式化验证工具Scyther以及非形式化安全分析结果表明,所提方案满足相关场景下的多种安全需求,同时与同类型方案进行对比,发现所提方案能实现安全和性能的有效平衡,满足多维化天地一体化信息网络场景的终端接入与切换认证需求。

关键词: 多类型终端, 天地一体化信息网络, 接入认证, 切换认证

Abstract:

With the maturity of the key technologies of the new spectrum of the network, the network can accommodate users of various frequency bands.In order to make eff ective use of resources, diff erentiated terminals need targeted and customized security protection mechanisms.In the unifi ed network architecture, three access authentication mechanisms were proposed for common terminals, high-speed terminals and Ka terminals.At the same time, in order to ensured that diff erent types of terminals could still obtain continuous network services after accessing the network, a switching authentication mechanism based on pre-switching was proposed to provided unifi ed security switching services for the three types of terminals.Formal verifi cation tool named Scyther and informal security analysis results showed that the proposed scheme meet a variety of security requirements of the proposed scenario.At the same time, compared with the same type schemes, the proposed scheme can achieve the eff ective balance between security and performance, which can meet multidimensional integration of heaven and earth network of the scene terminal access switch and certifi cation requirements.

Key words: multi-type terminal, space-integrated-ground information network, access authentication, handover authentication

中图分类号: 

No Suggested Reading articles found!