空间信息网络中基于动态撤销机制的安全高效批量认证方案

doi:10.11959/j.issn.1000-436x.2022063

通信学报 ›› 2022, Vol. 43 ›› Issue (4): 164-176.doi: 10.11959/j.issn.1000-436x.2022063

空间信息网络中基于动态撤销机制的安全高效批量认证方案

张应辉¹^,²^,³, 胡凌云¹^,³, 李艺昕¹^,³, 宁建廷²^,⁴, 郑东¹^,³^,⁵

¹ 西安邮电大学网络空间安全学院，陕西西安 710121
² 福建师范大学福建省网络安全与密码技术重点实验室，福建福州 350007
³ 西安邮电大学无线网络安全技术国家工程实验室，陕西西安 710121
⁴ 中国科学院信息工程研究所信息安全国家重点实验室，北京 100093
⁵ 卫士通摩石实验室，北京 100070

修回日期:2022-01-19 出版日期:2022-04-25 发布日期:2022-04-01
作者简介:张应辉（1985- ），男，陕西西安人，博士，西安邮电大学教授，主要研究方向为公钥密码学、云安全和无线网络安全
胡凌云（1998- ），女，安徽马鞍山人，西安邮电大学硕士生，主要研究方向为无线网络安全和通信协议安全
李艺昕（1996- ），女，陕西西安人，西安邮电大学硕士生，主要研究方向为云安全和无线网络安全
宁建廷（1988- ），男，浙江衢州人，博士，中国科学院教授，主要研究方向为公钥密码学和云安全
郑东（1964- ），男，山西临汾人，博士，西安邮电大学教授，主要研究方向为编码密码学和网络安全
基金资助:
国家自然科学基金资助项目(62072369);国家自然科学基金资助项目(62072371);国家自然科学基金资助项目(61972094);陕西省创新能力支撑计划基金资助项目(2020KJXX-052);陕西省特支计划青年拔尖人才支持计划基金资助项目;陕西省重点研发计划基金资助项目(2021ZDLGY06-02);陕西省重点研发计划基金资助项目(2020ZDLGY08-04)

Secure and efficient batch authentication scheme based on dynamic revocation mechanism in space information network

Yinghui ZHANG¹^,²^,³, Lingyun HU¹^,³, Yixin LI¹^,³, Jianting NING²^,⁴, Dong ZHENG¹^,³^,⁵

¹ School of Cyberspace Security, Xi’an University of Posts and Telecommunications, Xi’an 710121, China
² Fujian Provincial Key Laboratory of Network Security and Cryptology, Fujian Normal University, Fuzhou 350007, China
³ National Engineering Laboratory for Wireless Security , Xi’an University of Posts and Telecommunications, Xi’an 710121, China
⁴ State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
⁵ Westone Cryptologic Research Center, Beijing 100070, China

Revised:2022-01-19 Online:2022-04-25 Published:2022-04-01
Supported by:
The National Natural Science Foundation of China(62072369);The National Natural Science Foundation of China(62072371);The National Natural Science Foundation of China(61972094);The Innovation Capability Support Program of Shaanxi Province(2020KJXX-052);The Shaanxi Special Support Program Youth Top-notch Talent Program;The Key Research and Development Program of Shaanxi Province(2021ZDLGY06-02);The Key Research and Development Program of Shaanxi Province(2020ZDLGY08-04)

摘要/Abstract

摘要：

针对空间信息网络中大量移动用户跨域认证问题，提出了一种基于动态撤销机制的安全高效的批量认证方案。所提方案通过对卫星行动轨迹的预测以及实时更新会话密钥，达到提前完成密钥协商的作用。同时，还设计了可供单个以及大量移动终端进行签名并验证的算法，有效减轻了卫星的计算负担，结合布谷鸟过滤器实现了移动终端动态撤销和恶意接入控制的功能。最后，在 Diffie-Hellman 假设下，基于随机预言机模型和自动化验证工具证明了所提方案可以抵抗重放以及中间人等攻击；方案实现了可追踪性、可撤销性等安全目标，与现有最优方案相比，传输和计算效率分别提高了80%和20%以上。

关键词: 空间信息网络, 密钥协商, 动态撤销, 批量认证, 自动化验证工具

Abstract:

A secure and efficient batch authentication scheme based on dynamic revocation mechanism was proposed for the problem of cross-domain authentication of a large number of mobile users in space information networks.Early key negotiation was achieved by predicting the satellite trajectory and updating the session key in real time.Algorithms were designed for a single as well as a large number of mobile terminals to perform signing and verification, which effectively reduce the computational burden of satellites.Cuckoo filters were adopted by the new scheme to achieve dynamic revocation and malicious access control of mobile terminals.Finally, under the Diffie-Hellman assumption, the proposed scheme was proved to be resistant to replay and man-in-the-middle attacks based on a random oracle model and automated validation of internet security protocols and applications.Security goals such as traceability and revocability were achieved by the scheme, thus improving the efficiency of transmission and computation by more than 80% and 20%, respectively, compared with the existing optimal scheme.

Key words: space information network, key agreement, dynamic revocation, batch authentication, AVISPA

中图分类号:

TP309

张应辉, 胡凌云, 李艺昕, 宁建廷, 郑东. 空间信息网络中基于动态撤销机制的安全高效批量认证方案[J]. 通信学报, 2022, 43(4): 164-176.

Yinghui ZHANG, Lingyun HU, Yixin LI, Jianting NING, Dong ZHENG. Secure and efficient batch authentication scheme based on dynamic revocation mechanism in space information network[J]. Journal on Communications, 2022, 43(4): 164-176.

图/表 10

图1

表1

图2

图3

图4

图5

图6

表2

图7

图8

参考文献 29

[1]	李凤华, 殷丽华, 吴巍 ,等. 天地一体化信息网络安全保障技术研究进展及发展趋势[J]. 通信学报, 2016,37(11): 156-168.
	LI F H , YIN L H , WU W ,et al. Research status and development trends of security assurance for space-ground integration information network[J]. Journal on Communications, 2016,37(11): 156-168.
[2]	KHALILI H , KHODASHENAS P S , SIDDIQUI S . On the orchestration of integrated satellite components in 5G networks and beyond[C]// Proceedings of 2020 22nd International Conference on Transparent Optical Networks (ICTON). Piscataway:IEEE Press, 2020: 1-4.
[3]	ZHANG J X , ZHANG X , WANG P ,et al. Double-edge intelligent integrated satellite terrestrial networks[J]. China Communications, 2020,17(9): 128-146.
[4]	薛开平, 马永金, 洪佳楠 ,等. 天地一体化网络中基于令牌的安全高效漫游认证方案[J]. 通信学报, 2018,39(5): 48-58.
	XUE K P , MA Y J , HONG J N ,et al. Secure and efficient token based roaming authentication scheme for space-earth integration network[J]. Journal on Communications, 2018,39(5): 48-58.
[5]	LARCOM J A , LIU H . Modeling and characterization of GPS spoofing[C]// Proceedings of 2013 IEEE International Conference on Technologies for Homeland Security. Piscataway:IEEE Press, 2013: 729-734.
[6]	SHENG J , CAI X Q , LI Q Y ,et al. Space-air-ground integrated network development and applications in high-speed railways:a survey[J]. IEEE Transactions on Intelligent Transportation Systems, 2021,PP(99): 1-20.
[7]	SCHRAML M G , SCHWARZ R T , KNOPP A . Multiuser MIMO concept for physical layer security in multibeam satellite systems[J]. IEEE Transactions on Information Forensics and Security, 2021,16: 1670-1680.
[8]	KALANTARI A , ZHENG G , GAO Z ,et al. Secrecy analysis on network coding in bidirectional multibeam satellite communications[J]. IEEE Transactions on Information Forensics and Security, 2015,10(9): 1862-1874.
[9]	徐国愚, 陈性元, 杜学绘 . 一种新的基于上下文传递的临近空间安全切换机制[J]. 计算机科学, 2013,40(4): 160-163.
	XU G Y , CHEN X Y , DU X H . New near space security handoff scheme based on context transfer[J]. Computer Science, 2013,40(4): 160-163.
[10]	SU K , DONG Q Z , ZHU W Q . Space information security and cyberspace defense technology[C]// Proceedings of 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber,Physical and Social Computing. Piscataway:IEEE Press, 2013: 1509-1511.
[11]	DING X H , ZHANG Z L , LIU D P . Low-delay secure handover for space-air-ground integrated networks[C]// Proceedings of 2020 IEEE 31st Annual International Symposium on Personal,Indoor and Mobile Radio Communications. Piscataway:IEEE Press, 2020: 1-6.
[12]	CRUICKSHANK H S , . A security system for satellite networks[C]// Proceedings of the Fifth International Conference on Satellite Systems for the Mobile Communications and Navigation. London:IET, 1996: 187-190.
[13]	HWANG M S , YANG C C , SHIU C Y . An authentication scheme for mobile satellite communication systems[J]. ACM SIGOPS Operating Systems Review, 2003,37(4): 42-47.
[14]	CHANG Y F , CHANG C C . An efficient authentication protocol for mobile satellite communication systems[J]. ACM SIGOPS Operating Systems Review, 2005,39(1): 70-84.
[15]	WANG Y , ZHANG W F , WANG X M . A lightweight and secure authentication protocol for space-ground integrated network of railway[C]// Proceedings of 2021 International Conference on Communications,Information System and Computer Engineering (CISCE). Piscataway:IEEE Press, 2021: 30-35.
[16]	ZHANG Y H , DENG R H , BERTINO E ,et al. Robust and universal seamless handover authentication in 5G HetNets[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(2): 858-874.
[17]	XUE K P , MENG W , ZHOU H C ,et al. A lightweight and secure group key based handover authentication protocol for the software-defined space information network[J]. IEEE Transactions on Wireless Communications, 2020,19(6): 3673-3684.
[18]	周彦伟, 杨波, 张文政 . 异构无线网络可控匿名漫游认证协议[J]. 电子学报, 2016,44(5): 1117-1123.
	ZHOU Y W , YANG B , ZHANG W Z . Controllable and anonymous roaming protocol for heterogeneous wireless network[J]. Acta Electronica Sinica, 2016,44(5): 1117-1123.
[19]	刘丹, 石润华, 张顺 ,等. 无线网络中基于无证书聚合签名的高效匿名漫游认证方案[J]. 通信学报, 2016,37(7): 182-192.
	LIU D , SHI R H , ZHANG S ,et al. Efficient anonymous roaming authentication scheme using certificateless aggregate signature in wireless network[J]. Journal on Communications, 2016,37(7): 182-192.
[20]	许芷岩, 吴黎兵, 李莉 ,等. 无线漫游认证中可证安全的无证书聚合签名方案[J]. 通信学报, 2017,38(7): 123-130.
	XU Z Y , WU L B , LI L ,et al. Provably secure certificateless aggregate signature scheme in wireless roaming authentication[J]. Journal on Communications, 2017,38(7): 123-130.
[21]	WANG L , ZHANG X J , ZHANG A Q ,et al. EGIP:an efficient group identification protocol in roaming network[C]// Proceedings of 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC). Piscataway:IEEE Press, 2017: 1280-1284.
[22]	XUE K P , MENG W , LI S H ,et al. A secure and efficient access and handover authentication protocol for Internet of things in space information networks[J]. IEEE Internet of Things Journal, 2019,6(3): 5485-5499.
[23]	MENG W , XUE K P , XU J ,et al. Low-latency authentication against satellite compromising for space information network[C]// Proceedings of 2018 IEEE 15th International Conference on Mobile Ad Hoc and Sensor Systems. Piscataway:IEEE Press, 2018: 237-244.
[24]	IBRAHIM M H , KUMARI S , DAS A K ,et al. Jamming resistant non-interactive anonymous and unlinkable authentication scheme for mobile satellite networks[J]. Security and Communication Networks, 2016,9(18): 5563-5580.
[25]	GUO J Y , DU Y . A secure three-factor anonymous roaming authentication protocol using ECC for space information networks[J]. Peer-to-Peer Networking and Applications, 2021,14(2): 898-916.
[26]	FAN B , ANDERSEN D G , KAMINSKY M ,et al. Cuckoo filter:practically better than bloom[C]// Proceedings of the 10th ACM International on Conference on Emerging Networking Experiments and Technologies. New York:ACM Press, 2014: 75-88.
[27]	唐郑熠, 李祥 . Dolev-Yao 攻击者模型的形式化描述[J]. 计算机工程与科学, 2010,32(8): 36-38,45.
	TANG Z Y , LI X . The formalization description of the Dolev-Yao intruder model[J]. Computer Engineering ＆ Science, 2010,32(8): 36-38,45.
[28]	BLANCO V , GONZáLEZ P , CABALEIRO J C ,et al. AVISPA:visualizing the performance prediction of parallel iterative solvers[J]. Future Generation Computer Systems, 2003,19(5): 721-733.
[29]	DE C A , IOVINO V . jPBC:Java pairing based cryptography[C]// Proceedings of 2011 IEEE Symposium on Computers and Communications. Piscataway:IEEE Press, 2011: 850-855.

符号	定义
G	椭圆曲线E_p的基点
n	基点G 的阶
H ₁,H₂,H₃	映射到椭圆曲线E_p上的哈希函数

方案	双向认证	匿名性	可追踪性	抗重放攻击	抗DoS攻击
文献[15]方案	√	×	√	√	×
文献[22]方案	√	√	√	√	×
文献[25]方案	√	√	×	√	√
本文方案	√	√	√	√	√

空间信息网络中基于动态撤销机制的安全高效批量认证方案

Secure and efficient batch authentication scheme based on dynamic revocation mechanism in space information network

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 29

相关文章 15

Metrics

推荐阅读 0

[1]	张海波, 兰凯, 陈舟, 王汝言, 邹灿, 王明月. 车联网中基于环的匿名高效批量认证与组密钥协商协议[J]. 通信学报, 2023, 44(6): 103-116.
[2]	刘雪娇, 钟强, 夏莹杰. 基于双层分片区块链的车联网跨信任域高效认证方案[J]. 通信学报, 2023, 44(5): 213-223.
[3]	张海波, 陈舟, 黄宏武, 贺晓帆. VANET系统中基于中国剩余定理的群内相互认证密钥协商协议[J]. 通信学报, 2022, 43(1): 182-193.
[4]	姚志强, 竺智荣, 叶帼华. 基于密钥协商的防范DHCP中间人攻击方案[J]. 通信学报, 2021, 42(8): 103-110.
[5]	崔琪楣, 赵文静, 顾晓阳, 朱增宝, 朱晓暄, 陶小峰, 倪巍. 面向B5G网络的高效切换认证与安全密钥更新机制[J]. 通信学报, 2021, 42(12): 96-108.
[6]	何友,姚力波,江政杰. 基于空间信息网络的海洋目标监视分析与展望[J]. 通信学报, 2019, 40(4): 1-9.
[7]	张子剑,周琪,张川,童逍瑶,李春磊,王龙. 新的低轨星座组网认证与群组密钥协商协议[J]. 通信学报, 2018, 39(6): 146-154.
[8]	韩牟,华蕾,王良民,江浩斌,马世典. 车载自组网中高效的群组协商通信协议[J]. 通信学报, 2018, 39(1): 34-45.
[9]	于少波,吴玲达,张喜涛. 基于形式概念分析的空间信息表征模型研究[J]. 通信学报, 2017, 38(Z2): 78-85.
[10]	于少波,吴玲达,张喜涛. DaaC：空间信息网络体系结构建模方法[J]. 通信学报, 2017, 38(Z1): 165-170.
[11]	马新迎,陈智,马斯,方俊. 空间信息网络中毫米波MIMO通信系统关键技术[J]. 通信学报, 2017, 38(Z1): 179-185.
[12]	王真,马兆丰,罗守山. 基于身份的移动互联网高效认证密钥协商协议[J]. 通信学报, 2017, 38(8): 19-27.
[13]	李晓伟,杨邓奇,陈本辉,张玉清. 基于生物特征和口令的双因子认证与密钥协商协议[J]. 通信学报, 2017, 38(7): 89-95.
[14]	苏航,刘建伟,陶芮. 无证书的层次认证密钥协商协议[J]. 通信学报, 2016, 37(7): 161-171.
[15]	李强，冯登国，张立武. 支持用户撤销的属性认证密钥协商协议[J]. 通信学报, 2014, 35(5): 5-43.