通信学报 ›› 2016, Vol. 37 ›› Issue (11): 156-168.doi: 10.11959/j.issn.1000-436x.2016229
出版日期:
2016-11-25
发布日期:
2016-11-30
基金资助:
Feng-hua LI1(),Li-hua YIN1,Wei WU2,Lin-jie ZHANG2,Guo-zhen SHI3
Online:
2016-11-25
Published:
2016-11-30
Supported by:
摘要:
天地一体化信息网络由天基骨干网、天基接入网、地基节点网、地面互联网、移动通信网等多种异构网络互联融合而成,对实现国家安全战略目标具有重要意义。首先,介绍了天地一体化信息网络架构,以及卫星节点暴露、信道开放、异构网络互连等特征,并从物理层、运行层、数据层3个层面分析了天地一体化信息网络面临的威胁;其次,从物理安全、运行安全、数据安全3个层面对抗损毁、抗干扰、安全接入、安全路由、安全切换、安全传输、密钥管理等安全保障技术的研究现状进行了阐述;最后,针对天地一体化信息网络特点和安全保障需求,指出了天地一体化信息网络安全保障技术发展趋势和研究方向。
李凤华,殷丽华,吴巍,张林杰,史国振. 天地一体化信息网络安全保障技术研究进展及发展趋势[J]. 通信学报, 2016, 37(11): 156-168.
Feng-hua LI,Li-hua YIN,Wei WU,Lin-jie ZHANG,Guo-zhen SHI. Research status and development trends of security assurance for space-ground integration information network[J]. Journal on Communications, 2016, 37(11): 156-168.
表2
现有相关安全切换研究工作对比"
切换方案 | 切换方向 | 切换层次 | 切换策略 | 切换延迟 | 安全性 |
文献[ | 水平切换 | 网络层切换 | 基于上下文 | 较低 | 较高 |
文献[ | 水平切换 | 链路层切换 | 基于签密 | 一般 | 较高 |
文献[ | 水平切换 | 网络层切换 | 基于上下文和历史信息 | 较低 | 较高 |
文献[ | 水平切换 | 链路层切换 | 基于虚拟拓扑 | 较高 | 一般 |
文献[ | 垂直切换 | 链路层切换 | 基于位置信息 | 较高 | 较低 |
文献[ | 水平切换 | 网络层切换 | 基于频谱变化效率 | 较高 | 较低 |
文献[ | 水平切换 | 网络层切换 | 基于属性 | 一般 | 一般 |
文献[ | 水平切换 | 网络层切换 | 基于位置信息 | 较高 | 一般 |
文献[ | 水平切换 | 网络层切换 | 基于位置信息 | 较高 | 一般 |
表3
现有相关密钥管理研究工作对比"
密钥管理方案 | 计算开销 | 通信开销 | 存储开销 | 可扩展性 | 抗单点失效 | |||||
密钥协商 | 成员加入 | 成员离开 | 密钥协商 | 成员加入 | 成员离开 | |||||
文献[ | – | tP+M | tP+M | – | 2n +1 | n+1 | – | 一般 | 是 | |
文献[ | – | – | – | – | – | – | – | 较高 | 是 | |
文献[ | – | – | – | 5n-4 | – | 一般 | 否 | |||
文献[ | (2+logn)M+(1+logn)P | (2n+2)(M+P) | (2n–logn)(M+P) | 3n–1 | logn+3 | logn–1 | 1+2logn | 一般 | 是 | |
文献[ | (nlogk+8n–2)M+(nlogk+ n–2)P | n | 2 | 2 | – | 一般 | 否 | |||
文献[ | – | – | – | – | 2+logn | 2logn | logn+1 | 较高 | 是 |
[1] | 李凤华 . 信息技术与网络空间安全发展趋势[J]. 网络与信息安全学报, 2016,1(1):8-17. LI F H . Development trends of the information technology and cyber-space security[J]. Chinese Journal of Network and Information Secu-rity, 2016,1(1):8-17. |
[2] | 方滨兴, 殷丽华 . 关于信息安全定义的研究[J]. 信息网络安全, 2008(1):8-10. FANG B X , YIN L H . Research on the definition of information secu-rity[J]. Netinfo Security, 2008(1):8-10. |
[3] | CLEMENT D M , JOHNSON A W . Satellite survivability estimates[J]. IEEE Transactions on Nuclear Science, 1981,28(6):4198-4203. |
[4] | SEGNER S M , GIORDANO F A . Surrogate satellite applications and survivability[C]// Military Communications Conference, 1984. MIL-COM 1984. IEEE. IEEE, 1984,2:267-270. |
[5] | 张方明 . 一种基于信号互检测的 TDMA 系统主站热备份方法[J]. 电子技术与软件工程, 2016,13:47-48. ZHANG F M . A hot backup method for TDMA system master station based on signal mutual detection[J]. Electronic Technology & Software Engineering, 2016,13:47-48. |
[6] | 董飞鸿, 吕晶, 巩向武 , 等. 空间信息网络结构抗毁性优化设计[J]. 通信学报, 2014,35(10):50-58. DONG F H , LYV J , GONG X W , et al. Optimization design of struc-ture invulnerability in space information network[J]. Journal on Communications, 2014,35:50-58. |
[7] | 黄龙, 唐小妹, 王飞雪 . 卫星导航接收机抗欺骗干扰方法研究[J]. 武汉大学学报: 信息科学版, 2011,36(11):1344-1347. HUANG L , TANG X M , WANG F X . Anti-spoofing techniques for GNSS receiver[J]. Geomatics and Information Science of Wuhan Uni-versity, 2011,36(11):1344-1347. |
[8] | FAN Y , ZHANG Z , TRINKLE M , et al. A cross-layer defense mecha-nism against GPS spoofing attacks on PMUs in smart grids[J]. IEEE Transactions on Smart Grid, 2015,6(6):2659-2668. |
[9] | 韩雪谦 . 卫星通信系统多域协同抗干扰技术[J]. 现代雷达, 2016,38(5):78-81. HAN X Q . Multi-domain collaborative anti-jamming technique for satellite communication system[J]. Modern Radar, 2016,38(5):78-81. |
[10] | DAI L , RIZOS C , WANG J . The role of pseudo-satellite signals in precise GPS-based positioning[J]. Journal of Geospatial Engineering, 2001,3(1):33-44. |
[11] | GREJNER-BRZEZINSKA D A , TOTH C K , SUN H , et al. A robust solution to high-accuracy geolocation: quadruple integration of GPS, IMU, pseudolite, and terrestrial laser scanning[J]. IEEE Transactions on Instrumentation and Measurement, 2011,60(11):3694-3708. |
[12] | YANG G , YANG X . Design of adaptive anti-jamming antennas of direct sequence spread spectrum receiver[C]// The 2012 Second Inter-national Conference on Electric Technology and Civil Engineering. IEEE Computer Society, 2012:846-849. |
[13] | GOEL S , NEGI R . Guaranteeing secrecy using artificial noise[J]. IEEE Transactions on Wireless Communications, 2008,7(6):2180-2189. |
[14] | YANG G , YANG X . Design of adaptive anti-jamming antennas of direct sequence spread spectrum receiver[C]// The 2012 Second Inter-national Conference on Electric Technology and Civil Engineering. IEEE Computer Society, 2012:846-849. |
[15] | ZHENG G , ARAPOGLOU P D , OTTERSTEN B . Physical layer security in multibeam satellite systems[J]. IEEE Transactions on wire-less communications, 2012,11(2):852-863. |
[16] | HWANG M S , YANG C C , SHIU C Y . An authentication scheme for mobile satellite communication systems[J]. ACM SIGOPS Operating Systems Review, 2003,37(4):42-47. |
[17] | ZHENG G , MA H T , CHENG C , et al. Design and logical analysis on the access authentication scheme for satellite mobile communication networks[J]. IET Information Security, 2012,6(1):6-13. |
[18] | BAYRAKDAR M E , ATMACA S , Karahan A . A slotted Aloha based random access cognitive radio network and its performance evalua-tion[C]// Software, Telecommunications and Computer Networks (SoftCOM), 2012 20th International Conference. IEEE, 2012:1-5. |
[19] | HOUSE T C . Client\server access: satellite-ATM connectivity using a knowledge management approach[C]// International Conference on Information Technology: New Generations. 2007:863-867. |
[20] | 肖楠, 梁俊, 张衡阳 , 等. 一种基于认知无线电的卫星网络信道接入策略[J]. 宇航学报, 2015,36(5):589-595. XIAO N , LIANG J , ZHANG H Y , et al. A channel access strategy based on cognitive radio for satellite communication network[J]. Journal of Astronautics, 2015,36(5):589-595. |
[21] | HOU W , XIAN B , GUO L , et al. Novel routing algorithms in space information networks based on timeliness-aware data mining and time-space graph[C]// Wireless Communications & Signal Processing (WCSP), 2015 International Conference. IEEE, 2015:1-5. |
[22] | YIN Z , ZHANG L , ZHOU X , et al. Qo-guaranteed secure multicast routing protocol for satellite IP networks using hierarchical architec-ture[J]. Int'l J. of Communications, Network and System Sciences, 2010,3(04):355. |
[23] | LU Y , ZHAO Y , SUN F , et al. A survivable routing protocol for two-layered LEO/MEO satellite networks[J]. Wireless Networks, 2014,20(5):871-887. |
[24] | 李喆, 刘军 . 卫星网络安全路由研究[J]. 通信学报, 2006,27(8):113-118. LI Z , LIU J . Research on secure routing algorithm in satellite net-works[J]. Journal on Communications, 2006,27(8):113-118. |
[25] | 潘艳辉, 王韬, 吴杨 , 等. 基于信任的低地球轨道卫星网络路由安全机制[J]. 计算机工程, 2011,37(20):149-151. PAN Y H , WANG T , WU Y , et al. Route security mechanism based on trust for low earth orbit satellite network[J]. Computer Engineering, 2010,37(20):149-151. |
[26] | 杨力, 杨校春, 潘成胜 . 一种 GEO/LEO 双层卫星网络路由算法及仿真研究[J]. 宇航学报, 2012,33(10):1445-1452. YANG L , YANG X C , PAN C S , et al. A GEO /LEO double-layered satellite network routing algorithm and its simulation[J]. Journal of Astronautics, 2012,33(10):1445-1452. |
[27] | KUO C F , PANG A C , CHAN S K . Dynamic routing with security considerations[J]. IEEE Transactions on Parallel and Distributed Sys-tems, 2009,20(1):48-58. |
[28] | YU Z , ZHOU H , WU Z . A trust-based secure routing protocol for multi-layered satellite networks[C]// 2012 IEEE International Confer-ence on Information Science and Technology. IEEE, 2012:313-317. |
[29] | 徐国愚, 陈性元, 杜学绘 . 一种新的基于上下文传递的临近空间安全切换机制[J]. 计算机科学, 2013,40(4):160-163. XU G Y , CHEN X Y , DU X H , et al. New near space security handoff scheme based on content transfer[J]. Computer Science, 2013,40(4):160-163. |
[30] | HE D , CHEN C , CHAN S , et al. Secure and efficient handover au-thentication based on bilinear pairing functions[J]. IEEE Transactions on Wireless Communications, 2012,11(1):48-53. |
[31] | 孟梦, 陈性元, 徐国愚 , 等. 一种安全高效的 LEO 卫星网络任意点切换方案[J]. 计算机工程, 2015,41(3):1-6. MENG M , CHEN X Y , XU G Y , et al. A secure and efficient LEO sat-ellite network switching scheme at any point[J]. Computer Engineering, 2015,41(3):1-6. |
[32] | KORCAK O , ALAGOZ F . Virtual topology dynamics and handover mechanisms in earth-fixed LEO satellite systems[J]. Computer Net-works, 2009,53(9):1497-1511. |
[33] | KORCAK O , ALAGOZ F . Link-layer handover in earth-fixed LEO satellite systems[C]// 2009 IEEE International Conference on Commu-nications. IEEE, 2009:1-5. |
[34] | DENG Z , LONG B , LIN W , et al. GEO satellite communications system soft handover algorithm based on residence time[C]// Computer Science and Network Technology (ICCSNT), 2013 3rd International Conference on IEEE, 2013:834-838. |
[35] | RAHMAN M , WALINGO T , TAKAWIRA F . Adaptive handover scheme for LEO satellite communication system[C]// AFRICON, 2015. IEEE, 2015:1-5. |
[36] | ZHAOFENG W , GUYU H , SEYEDI Y , et al. A simple real-time handover management in the mobile satellite communication net-works[C]// Network Operations and Management Symposium (AP-NOMS), 2015 17th Asia-Pacific. IEEE, 2015:175-179. |
[37] | ZHANG Z , GUO Q , GAO Z . A prediction based SCTP handover scheme for ip/leo satellite network[C]// 2010 6th International Confer-ence on Wireless Communications Networking and Mobile Computing (WiCOM). IEEE, 2010:1-4. |
[38] | CHEN L M , GUO Q , WANG H Y . A handover management scheme based on adaptive probabilistic resource reservation for multimedia LEO satellite networks[C]// Information Engineering (ICIE), 2010 WASE International Conference. IEEE, 2010,1:255-259. |
[39] | ANDERSON J P . Computer security threat monitoring and surveil-lance[R]. Technical Report, James P. Anderson Company, Fort Wash-ington, Pennsylvania, 1980. |
[40] | WEN-BO Z , PEIGEN S , ZHI-GUO L , et al. An intrusion detection model for satellite network[C]// Information Management and Engi-neering (ICIME), 2010 The 2nd IEEE International Conference. IEEE, 2010:167-170. |
[41] | 关汉男 . 基于 LEO 的空间网络安全体系及关键技术研究[D]. 上海交通大学, 2014. GUAN H N . Research on key security technologies in LEO-based space network[D]. Shanghai Jiao Tong University, 2014 |
[42] | 李凤华, 熊金波 . 复杂网络环境下访问控制技术[M]. 北京: 人民邮电出版社, 2015. LI F H , XIONG J B . Access control technology for complex network environment[M]. Beijing: Posts & Telecom Press, 2015 |
[43] | 封孝生, 刘德生, 乐俊 , 等. 临近空间信息资源访问控制策略初探[J]. 计算机应用研究, 2008,25(12):3702-3704. FENG X S , LIU D S , YUE J , et al. Exploration on access control to near space information resources[J]. Application Research of Com-puters, 2008,25(12):3702-3704. |
[44] | QI H , MA H , LI J , et al. Access control model based on role and at-tribute and its applications on space-ground integration networks[C]// 2015 4th International Conference on Computer Science and Network Technology (ICCSNT). IEEE, 2015,1:1118-1122. |
[45] | 杨磊, 刘鹏飞, 赵勇 , 等. 微纳卫星星载设备管理方法[J]. 仪器仪表学报, 2014(s2):141-145. YANG L , LIU P F , ZHAO Y , et al. Equipment management of nano- satel-lite[J]. Chinese Journal of Scientific Instrument, 2014(s2):141-145. |
[46] | HAN W H , WANG Q G . Security situation analysis and prediction system for large-scale network SSAP[C]// Computing and Conver-gence Technology (ICCCT), 2012 7th International Conference. IEEE, 2012:1125-1129. |
[47] | YAVUZ A A , ALAGZ F , ANARIM E , et al. SAT05-6: NAMEPS: n-tier satellite multicast security protocol based on signcryption schemes[C]// IEEE Globecom 2006. IEEE, 2006:1-6. |
[48] | 张民, 罗光春, 王俊峰 , 等. 空间信息网络可靠传输协议研究[J]. 通信学报, 2008,29(6):63-68. ZHANG M , LUO G C , WANG J F , et al. Reliable transmission control protocol for spatial information networks[J]. Journal on Communica-tions, 2008,29(6):63-68. |
[49] | 王路, 胡月梅, 刘立祥 , 等. 基于跳到跳信息的卫星网络传输控制协议研究[J]. 通信学报, 2012,33(6):91-102. WANG L , HU Y M , LIU L X , et al. Transmission control protocol based on hop-by-hop for satellite networks[J]. Journal on Communica-tions, 2012,33(6):91-102. |
[50] | ROY-CHOWDHURY A , BARAS J S . Performance-aware security of unicast communication in hybrid satellite networks[C]// 2009 IEEE In-ternational Conference on Communications. IEEE, 2009:1-6. |
[51] | ROSETI C , LUGLIO M , PROVENZANO S , et al. A cross-layer ar-chitecture for satellite network security: CL-IPsec[C]// 2008 4th Ad-vanced Satellite Mobile Systems. IEEE, 2008:82-87. |
[52] | ZHANG Y , PENG H , GU J , et al. Design and implementation of a TCP performance enhancement gateway for satellite networks[C]// Com-munications and Intelligence Information Security (ICCIIS), 2010 In-ternational Conference. IEEE, 2010:252-255. |
[53] | GULZAR W A , KHAN Z A , NAWAZ R , et al. Implementation of IPsec on performance enhancing proxies for long distance wireless and satellite networks[C]// Multitopic Conference (INMIC), 2012 15th International. IEEE, 2012:395-402. |
[54] | SU N Y , JI Z , WANG H . TFRC-satellite: a TFRC variant with a loss differentiation algorithm for satellite networks[J]. IEEE Transactions on Aerospace Electronic Systems, 2013,49(2):716-725. |
[55] | PRADHAN S , EMFINGER W , DUBEY A , et al. Establishing secure interactions across distributed applications in satellite clusters[C]// Space Mission Challenges for Information Technology (SMC-IT), 2014 IEEE International Conference on. IEEE, 2014:67-74. |
[56] | 罗长远, 李伟, 霍士伟 . 基于身份的空间网络组密钥管理方案[J]. 通信学报, 2010,31(12):104-110. LUO C Y , LI W , HUO S W . Identity-based group key management scheme for space networks[J]. Journal of China Institute of Commu-nications, 2010,31(12):104-110. |
[57] | ZHOU J , ZHOU X . Autonomous shared key management scheme for space networks[J]. Wireless Personal Communications, 2013,72(4):2425-2443. |
[58] | 周林, 矫文成, 吴杨 , 等. 一种基于层簇式的卫星网络组密钥管理方案[J]. 宇航学报, 2013,34(4):559-567. ZHOU L , JIAO W C , WU Y , et al. A group key agreement protocol based on layer-cluster for satellite network[J]. Journal of Astronautics, 2013,34(4):559-567. |
[59] | JIAO W , HU J , LU Z , et al. A threshold value-based group key man-agement for satellite network[C]// 2013 IEEE Third International Con-ference on Information Science and Technology (ICIST). IEEE, 2013:718-721. |
[60] | WANG Z , DU X , SUN Y . Group key management scheme based on proxy re-cryptography for near-space network[C]// Network Comput-ing and Information Security (NCIS), 2011 International Conference on IEEE, 2011,1:52-56. |
[61] | SUN Y , MA H . Satellite multi-group key management[C]// 2013 IEEE Third International Conference on Information Science and Technol-ogy (ICIST). IEEE, 2013:894-899. |
[62] | ELMASRI M H , MEGAHED M H , ELAZEEM M H A . Design and software implementation of new high performance group key man-agement algorithm for tactical satellite[C]// 2016 33rd National Radio Science Conference (NRSC). IEEE, 2016:149-158. |
[63] | HU S M X . Classification and key management approaches for space networks security[C]// International Conference on Anti-counterfeiting, Security and Identification. Guiyang, China, 2008:127. |
[1] | 郭渊博, 李勇飞, 陈庆礼, 方晨, 胡阳阳. 融合Focal Loss的网络威胁情报实体抽取[J]. 通信学报, 2022, 43(7): 85-92. |
[2] | 冷涛, 蔡利君, 于爱民, 朱子元, 马建刚, 李超飞, 牛瑞丞, 孟丹. 基于系统溯源图的威胁发现与取证分析综述[J]. 通信学报, 2022, 43(7): 172-188. |
[3] | 杨秀璋, 彭国军, 李子川, 吕杨琦, 刘思德, 李晨光. 基于Bert和BiLSTM-CRF的APT攻击实体识别及对齐研究[J]. 通信学报, 2022, 43(6): 58-70. |
[4] | 张玲翠, 许瑶冰, 李凤华, 房梁, 郭云川, 李子孚. 天地一体化信息网络安全动态赋能架构[J]. 通信学报, 2021, 42(9): 87-95. |
[5] | 杨毅宇, 周威, 赵尚儒, 刘聪, 张宇辉, 王鹤, 王文杰, 张玉清. 物联网安全研究综述:威胁、检测与防御[J]. 通信学报, 2021, 42(8): 188-205. |
[6] | 张红斌, 尹彦, 赵冬梅, 刘滨. 基于威胁情报的网络安全态势感知模型[J]. 通信学报, 2021, 42(6): 182-194. |
[7] | 张玲翠, 李凤华, 房梁, 郭云川, 李子孚. 基于区间决策图的威胁处置策略快速匹配[J]. 通信学报, 2021, 42(5): 13-22. |
[8] | 刁嘉文, 方滨兴, 崔翔, 王忠儒, 甘蕊灵, 冯林, 姜海. DNS隐蔽信道综述[J]. 通信学报, 2021, 42(5): 164-178. |
[9] | 张晨,张更新,王显煜. 基于跳波束的新一代高通量卫星通信系统设计[J]. 通信学报, 2020, 41(7): 59-72. |
[10] | 丁绍虎,齐宁,郭义伟. 基于M-FlipIt博弈模型的拟态防御策略评估[J]. 通信学报, 2020, 41(7): 186-194. |
[11] | 韩珍珍,赵国锋,徐川,周文涛,周洋洋. 基于时延的LEO卫星网络SDN控制器动态放置方法[J]. 通信学报, 2020, 41(3): 126-135. |
[12] | 杨宏宇,王峰岩. 基于无监督多源数据特征解析的网络威胁态势评估[J]. 通信学报, 2020, 41(2): 143-154. |
[13] | 杨增印,李贺武,吴茜,吴建平,刘君. 天地一体化信息网络域间协议实验平台[J]. 通信学报, 2019, 40(5): 1-12. |
[14] | 李凤华,李子孚,李凌,张铭,耿魁,郭云川. 复杂网络环境下面向威胁监测的采集策略精化方法[J]. 通信学报, 2019, 40(4): 49-61. |
[15] | 李凤华,李勇俊,杨正坤,张晗,张玲翠. 不完全信息下的威胁处置效果模糊评估[J]. 通信学报, 2019, 40(4): 117-127. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|