Current Issue

20 September 2021, Volume 2 Issue 3

Previous Issue    Next Issue

Special Issue: Security Protection Technology for Space-Integrated-Ground Information Network

Research on Access and Handover Authentication Mechanism of SpaceIntegrated-Ground Information Network for Multi-Type Terminals

Jin CAO, Lilan CHEN, Ruhui MA, Hui LI, Fenghua LI

2021, 2(3):  2-14.  doi:10.11959/j.issn.2096-8930.2021026

Asbtract ( 296 )   HTML ( 60)   PDF (1965KB) ( 498 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

With the maturity of the key technologies of the new spectrum of the network, the network can accommodate users of various frequency bands.In order to make eff ective use of resources, diff erentiated terminals need targeted and customized security protection mechanisms.In the unifi ed network architecture, three access authentication mechanisms were proposed for common terminals, high-speed terminals and Ka terminals.At the same time, in order to ensured that diff erent types of terminals could still obtain continuous network services after accessing the network, a switching authentication mechanism based on pre-switching was proposed to provided unifi ed security switching services for the three types of terminals.Formal verifi cation tool named Scyther and informal security analysis results showed that the proposed scheme meet a variety of security requirements of the proposed scenario.At the same time, compared with the same type schemes, the proposed scheme can achieve the eff ective balance between security and performance, which can meet multidimensional integration of heaven and earth network of the scene terminal access switch and certifi cation requirements.

Research on Satellite Internet Security Protection Based on Zero Trust

Yufei SONG, Wenhui ZHOU, Jiandong LIU, Xinpeng LI

2021, 2(3):  15-23.  doi:10.11959/j.issn.2096-8930.2021027

Asbtract ( 679 )   HTML ( 103)   PDF (1410KB) ( 793 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Satellite internet, as a new infrastructure, is an important part of China's future information infrastructure, and its security importance is self-evident.Based on the typical architecture of satellite internet system, the security risks faced by satellite platform control, satellite digital transmission and satellite communication were analyzed, the satellite internet security protection architecture based on zero trust was put forward.The implementation process of zero trust security protection architecture in satellite control, digital transmission and communication typical application scenarios, and its advantages compared with the traditional security protection architecture were described.

Access and Handover Authentication in Intermittent Connection Scenario of Satellite Network

Xiaoping SHI, Ruhui MA, Jin CAO, Hui LI, Lilan CHEN, Fenghua LI

2021, 2(3):  24-34.  doi:10.11959/j.issn.2096-8930.2021028

Asbtract ( 382 )   HTML ( 67)   PDF (1394KB) ( 570 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

This article disclosed an authentication method for access and handover in a low-orbit satellite network intermittent connection scenario.The scheme was based on a symmetrical cryptographic system.Based on hash function, XOR operation and timestamp, the safe access of the terminal to the satellite network was ensured.It reduced signaling overhead, bandwidth overhead, and computing overhead as well.In view of the link interruption, the solution was based on the current session key between the user and satellites to quickly and safely resume communication to ensured the quality of service.Through the orbit prediction technology, according to the current session key between the user and satellites and random number, the safe switching between satellites was realized, and the communication cost during the satellite switching process was reduced.The scheme realized the anonymity of user identity, and refreshed the temporary identity for the next authentication after successful authentication.

Optimization and Security Analysis of Interconnected Security Control Based on Semantic of Process Communication

Bo LU, Yueming LU

2021, 2(3):  35-47.  doi:10.11959/j.issn.2096-8930.2021029

Asbtract ( 166 )   HTML ( 15)   PDF (1064KB) ( 397 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Facing the demand of multi-domain security control in the integrated network of air and ground, to solve the problem that singleprocess regular matching restricts the performance of interconnected security gateway, the method of high-performance optimization of interconnected security control based on semantic security analysis of process communication was proposed.The interaction model of master-slave processes was described in a parallel programming language in the method.The state transition system semantics were given to accurately express the combined semantics of the master-slave processes.The security of master-slave processes in combinatorial semantics was analyzed, which ensured that the parallel running of processes had no deadlock and starvation, and was equivalent to the original regular matching.Experimental results showed that the proposed method could give full play to the advantages of multi-core hardware and reduced the context switching overhead of the scheduler.In the case of complex regular expressions, the method was an order of magnitude better than single-core running.

A Non-interactive Key Exchange Scheme for Space-IntegratedGround Information Network Based on Blockchain

Mengru LIU, Yulong FU, Jin CAO, Hui LI

2021, 2(3):  48-56.  doi:10.11959/j.issn.2096-8930.2021030

Asbtract ( 288 )   HTML ( 41)   PDF (1777KB) ( 397 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

For scenarios such as space-integrated-ground information network where satellite resources are limited and communication delays are large, in response to the requirements of non-interactive key exchange in the satellite communication network, a non-interactive key exchange scheme for space-integrated-ground information network based on blockchain and Diffi e-Hellman key exchange protocol was proposed.The scheme arranged the blockchain in space-integrated-ground information network to form TDYTH blockchain.After the satellite node was registered, its related information was stored in TDYTH blockchain.When the satellite node needed to communicated with the long-distance node such as NCC, the two parties could query the immutable information stored in TDYTH blockchain to generated the shared session key, established consensus, and then completed access authentication and key distribution under non-interactive conditions.The result of simulation demonstrated that the scheme we proposed could meet the requirements of non-interactive key distribution of satellites and other nodes, and could signifi cantly improved security and robustness.

Attack Analysis Framework of Space-Integrated-Ground Information Network Based on Cybersecurity Knowledge Graph

Yulu QI, Rong JIANG, Xing RONG, Aiping LI

2021, 2(3):  57-65.  doi:10.11959/j.issn.2096-8930.2021031

Asbtract ( 572 )   HTML ( 62)   PDF (1468KB) ( 558 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

While realizing global coverage, random access, on-demand service, security and credibility, the space-integrated-ground information network(SGIN) is confronted with more complex and variable security threats.Compared with the internet, satellite network has a lot of diff erences, such as highly dynamic changes of topology, transfer protocol and data format.In terms of these questions, it was necessary to integrated the rule of satellite network attacks into the rules of APT attacks, developed the cybersecurity knowledge graph and the attack rules library to analyzed the attacks of the SGIN.The pattern of attack rules was expressed based on time-space data model, which was used to completed the attack chain when there were non-continuous missed data or false positives data.The attack analysis framework proposed in this paper could accurately perceived the security status of the SGIN in real time , and provided decision support for the SGIN.

User Behavior Traffi c Replay Technology for Space-IntegratedGround Information Network Based on Profi le Analyzing

Qingsong XUE, Xiaofeng WANG

2021, 2(3):  66-75.  doi:10.11959/j.issn.2096-8930.2021032

Asbtract ( 211 )   HTML ( 16)   PDF (1924KB) ( 297 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

Faced the needs of user behavior emulation of the space-integrated-ground information network with complex behaviors and diverse protocols, an architecture based on cloud computing and virtualization technologies for replaying user behavior traffi c in the spaceintegrated-ground information network was designed.Furthermore, a user behavior traffi c automatic analysis and traffi c profi le generation technology based on deep packet inspection, and a user behavior traffi c replay technology of the space-integrated-ground information network based on traffi c profi le were researched, to achieve unifi ed, automated, and realistic simulation of miscellaneous kinds of user behavior traffi c.An emulation scenario of a space-integrated-ground information network with 6 space-based backbone network satellites and 66 space-based access network satellites was constructed.The experimental verifi cation of protocol traffi c profi le generation and traffi c replay of the broadband user behavior and narrow-band user behavior showed that the emulation of diversifi ed user interaction behaviors could provide eff ective support for the emulation of the space-integrated-ground information network.

Study

Research on Wavelength Algorithm for Cross-Layer Routing in Software Defi ned Satellite Optical Network

Hai LI, Shanghong ZHAO, Yongjun LI, Cong PENG

2021, 2(3):  76-80.  doi:10.11959/j.issn.2096-8930.2021033

Asbtract ( 158 )   HTML ( 16)   PDF (990KB) ( 129 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

In response to the difficulty of satellite network management and maintenance and the urgent need for large-capacity data transmission, a software-defi ned satellite optical network cross-layer wavelength routing algorithm based on ant colony algorithm (SDNCLRWA) was proposed.The algorithm took delay and available wavelength rate as heuristic functions, and designed a two-stage cross-layer wavelength routing mechanism to reduced routing hops and network congestion rate.First, it was routed in the LEO satellite single-layer network.The MEO satellite network was used for routing only when the routing fails or the routing hop count was too high.The simulation was carried out under the software-defi ned satellite optical network architecture and the results showed that the SDNCL-RWA algorithm proposed was better than the traditional Dijkstra+FF algorithm and the wavelength routing ant colony algorithm (ACO+FF) in terms of network blocking rate and average routing hops.

Applications

Research on Satellite Communication System’s Design and Verifi cation Based on SysML

Can LIAO, Tian ZHAO, Xu FENG, Shuangai XIAO

2021, 2(3):  81-88.  doi:10.11959/j.issn.2096-8930.2021034

Asbtract ( 197 )   HTML ( 11)   PDF (4091KB) ( 417 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

As an important part of the space-integrated-ground information network, the satellite communication system has become a research hotspot.The system modeling language (SysML), which is the most popular digital design language, was adopted to analyzing requirements, decomposing functions and synthesizing designs of the satellite communication system.The verifi cation result indicated that the architecture and the service process of the satellite communication system designed in this paper is of robustness to some degree.By used SysML in the digital design of satellite communication system, this research supported the key technologies’ design and verifi cation in the satellite communication system.

Investigation on Typical Cases of the Ground Information Port Based on Cloud Service

Jinjie WANG

2021, 2(3):  89-95.  doi:10.11959/j.issn.2096-8930.2021035

Asbtract ( 164 )   HTML ( 10)   PDF (708KB) ( 264 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

As a pioneer part of the major project of space-integrated-ground information network (SIGN), the typical application services provided by the ground information port (GIP) are the basic starting point and footing point for the implementation of major project to serve our national strategy and economic construction.Based on the basic framework of the ground information port and the idea of cloud service construction, the typical case of the ground information port was explored, providing reference for the development of the related technical services in the ground information port.

Discussion on the Construction of PNT Policies, Regulations and Standard System

Gang LIU, Zuoya ZHENG, Qinghao XUE, Yao WANG

2021, 2(3):  96-101.  doi:10.11959/j.issn.2096-8930.2021036

Asbtract ( 181 )   HTML ( 14)   PDF (29836KB) ( 173 )   Knowledge map   

Figures and Tables | References | Related Articles | Metrics

The national comprehensive PNT system of systems (SoS) with the BeiDou system as its core is a signifi cant part of the new generation of information infrastructures.Perfect policies, regulations and standards are important prerequisites and guarantees for ensuring its (PNT SoS) orderly development.The development and research progress of PNT policies, regulations and standards system at home and abroad were summarized.The bottleneck and short plate in the development of the PNT SoS were summarized and analyzed.The thinking of the PNT policy, regulation and standard SoS architecture were put forward.Finally, suggestions were given to promote the development of the PNT SoS based on China's national conditions.