网络与信息安全学报 ›› 2023, Vol. 9 ›› Issue (1): 18-31.doi: 10.11959/j.issn.2096-109x.2023004

• 学术论文 • 上一篇    下一篇

融合双层卫星网络的星地和星间AKA协议

曹进, 石小平, 马如慧, 李晖   

  1. 西安电子科技大学网络与信息安全学院,陕西 西安 710126
  • 修回日期:2022-11-02 出版日期:2023-02-25 发布日期:2023-02-01
  • 作者简介:曹进(1985- ),男,陕西西安人,西安电子科技大学教授、博士生导师,主要研究方向为4G/5G网络、天地一体化网络安全性及认证协议设计与分析
    石小平(1997- ),女,山东潍坊人,西安电子科技大学硕士生,主要研究方向为4G/5G网络、天地一体化网络安全认证机制
    马如慧(1991- ),女,陕西榆林人,西安电子科技大学讲师,主要研究方向为 4G/5G 网络、天地一体化网络安全认证机制
    李晖(1968- ),男,陕西西安人,西安电子科技大学教授、博士生导师,主要研究方向为密码学、无线网络安全、信息理论和网络编码
  • 基金资助:
    国家重点研发计划(2022YFB2902200);国家自然科学基金(62172317);陕西省重点研发计划(2020ZDLGY08-08)

Fusion of satellite-ground and inter-satellite AKA protocols for double-layer satellite networks

Jin CAO, Xiaoping SHI, Ruhui MA, Hui LI   

  1. School of Cyber Engineering, Xidian University, Xi’an 710126, China
  • Revised:2022-11-02 Online:2023-02-25 Published:2023-02-01
  • Supported by:
    The National Key R&D Program of China(2022YFB2902200);The National Natural Science Foundation of China(62172317);The Key R&D Program of Shaanxi(2020ZDLGY08-08)

摘要:

天地一体化网络以其大时空、天网地网和星地融合的特性备受关注,卫星不仅可以作为应急通信补充,还可以充当空中中继站,扩大地面网络覆盖范围,在军用和民用场景都占据着重要地位。实体身份认证和密钥协商机制可以防止假冒实体加入天地一体化网络,窃取用户隐私行为的发生,保障网络信息安全。针对天地一体化网络星地传输时延较大、链路高度暴露、星上处理能力有限以及星间拓扑结构动态时变等特点,提出一种轻量级的双层卫星网络的星间和星地组网实体身份认证(AKA,authenticated key agreement)协议,以实现安全的卫星组网架构,后续基于协商的会话密钥保护数据传输。所提协议基于对称密码体制,采用轻量级密码算法,引入群密钥和分层管理机制,针对双层卫星网络的不同场景特点,将认证协议分为高轨卫星星地和星间认证、层间和同轨道低轨卫星间认证以及相邻轨道低轨卫星间认证3部分。群密钥和分层管理机制提高了群组间信息的传递效率,减轻了地面控制中心的认证压力,且在三方认证协议中实现了双重验证,提高了认证安全强度。不同于以往的单场景认证,部分认证协议采取复用认证参数的形式,在一次认证转发过程中可实现双场景的认证需求。通过协议形式化安全仿真工具 Scyther 分析结果表明,所提协议均实现了安全接入认证。与现有协议相比,所提协议提高了认证安全性,降低了通信和计算开销。

关键词: 卫星通信, 双层卫星网络, 认证, 对称加密

Abstract:

With the characteristics of large space-time and satellite-ground network integration, the space integrated ground network has attracted much attention.Satellites can not only be used as emergency communication supplements, but also serve as air stations to expand the coverage of terrestrial networks, occupying an important position in both military and civilian scenarios.The entity authentication and key negotiation mechanism can prevent the malicious entities from joining the integrated network to steal users’ privacy, and guarantee network information security.In view of the characteristics of the high satellite-ground transmission delays, exposed links, limited processing capability and dynamic topology of the integrated network, a lightweight authentication scheme between satellites and ground suitable for double-layer satellite network was proposed to achieve a secure satellite networking architecture with session keys to protect data transmission.The scheme was based on symmetric cryptographic system, using lightweight cryptographic algorithms and introducing group key and hierarchical management mechanisms.The proposed scheme included three parts: inter-satellite authentication for geostationary earth orbit satellites, layer and inter-satellite authentication for same low earth orbit, and inter-satellite authentication for adjacent low earth orbit satellites.The group key and hierarchical management mechanism improved the efficiency of inter-group information transfer, reduced the authentication pressure on the ground control center, and enhanced the authentication security strength by realizing double verification in the three-entities authentication protocol.Different from the previous single scene authentication, the proposed authentication protocol took the form of multiplexing authentication parameters, which can realize the authentication requirements of dual scenes in one process.The results of Scyther, a protocol formal security simulation tool, show that the proposed scheme achieves secure access authentication.Compared with existing protocols, the proposed scheme improves authentication security and reduces communication and computational overhead.

Key words: satellite communications, double-layer satellite network, authentication, symmetric encryption

中图分类号: 

No Suggested Reading articles found!