低轨卫星网络能够作为地基网络的补充网络为地形复杂的区域提供网络服务。针对低轨卫星网络信道开放、网络拓扑结构动态变化和用户终端海量的特点导致的安全问题、服务质量问题和网络控制中心负载问题,提出了一种基于Token的动态接入认证协议,基于卫星轨迹可预测性和时钟高度同步的特点构造预认证向量,实现用户的随遇接入和无缝切换。仿真分析结果表明:该协议完全满足安全需求,并且具有较低的切换延时和计算开销,可实现低轨卫星网络中用户的高效、安全接入认证。
Low earth orbit (LEO) satellite networks can be used as supplementary networks for ground-based networks to provide network services for complex areas. However, the satellite networks characteristics such as open channels, a dynamic network topology, and a large number of user terminals can lead to problems of security, quality of service (QoS), and network control center overloading. This paper presents a dynamic access authentication protocol based on Token and the satellite orbit predictability and accurate clock synchronization to construct pre-authentication vectors which implement user random access and seamless switching. Simulations show that this protocol satisfies the security requirements with low handover delay and low computational costs for efficient and secure access authentication for users in LEO satellite networks.
[1] LEOPOLD R J, MILLER A. The IRIDIUM communications system[C]//1993 IEEE MTT-S International Microwave Symposium Digest. Atlanta, USA, 1993:575-578.
[2] 付毅飞. 我国计划2020年建成"鸿雁星座"[N]. 科技日报, 2016-11-03(1). FU Y F. China plans to build "Swan Goose Constellation" in 2020[N]. Science and Technology Daily, 2016-11-03(1). (in Chinese)
[3] CAO J, MA M, LI H, et al. A survey on security aspects for LTE and LTE-A networks[J]. IEEE Communications Surveys & Tutorials, 2014, 16(1):283-302.
[4] CRUICKSHANK H S. A security system for satellite networks[C]//Proceedings of the 5th International Conference on Satellite Systems for Mobile Communications and Navigation. London, UK:IET, 1996:187-190.
[5] HE D J, CHEN C, CHAN S, et al. Secure and efficient handover authentication based on bilinear pairing functions[J]. IEEE Transactions on Wireless Communications, 2012, 11(1):48-53.
[6] GABA G S, SARO T. A lightweight authentication protocol based on ECC for satellite communication[J]. Pertanika Journal of Science & Technology, 2017, 25(4):1317-1330.
[7] HWANG M S, YANG C C, SHIU C Y. An authentication scheme for mobile satellite communication system[J]. ACM SIGOPS Operating Systems Review, 2003, 37(4):42-47.
[8] ZHENG G, MA H T, CHENG C, et al. Design and logical analysis on the access authentication scheme for satellite mobile communication networks[J]. IET Information Security, 2012, 6(1):6-13.
[9] CHEN T H, LEE W B, CHEN H B. A self-verification authentication mechanism for mobile satellite communication systems[J]. Computers & Electrical Engineering, 2009, 35(1):41-48.
[10] LEE C C, LI C T, CHANG R X. A simple and efficient authentication scheme for mobile satellite communication systems[J]. International Journal of Satellite Communications and Networking, 2012, 30(1):29-38.
[11] ZHANG Y Y, CHEN J H, HUANG B J. An improved authentication scheme for mobile satellite communication systems[J]. International Journal of Satellite Communications and Networking, 2015, 33(2):135-146.
[12] CHEN C L, CHENG K W, CHEN Y L, et al. An improvement on the self-verification authentication mechanism for a mobile satellite communication system[J]. Applied Mathematics & Information Sciences, 2014, 8(1L):97-106.
[13] TSAI J L, LO N W, WU T C. Secure anonymous authentication scheme without verification table for mobile satellite communication systems[J]. International Journal of Satellite Communications and Networking, 2014, 32(5):443-452.
[14] LIN H Y. Efficient dynamic authentication for mobile satellite communication systems without verification table[J] International Journal of Satellite Communications and Networking, 2016, 34(1):3-10.
[15] EVANS J V. Satellite systems for personal communications[J]. IEEE Antennas and Propagation Magazine, 1997, 39(3):7-20.
[16] DOLEV D, YAO A C. On the security of public key protocols[J]. IEEE Transactions on Information Theory, 1983, 29(2):198-208.
[17] BURROWS M, ABADI M, NEEDHAM R. A logic of authentication[J]. ACM SIGOPS Operating Systems Review, 1989, 23(5):1-13.
