基于CFL的空间网络认证策略研究  被引量：1

作　　者：王琳[1] 王夕冉 侯博文 石乐义[2] Wang Lin;Wang Xiran;Hou Bowen;Shi Leyi(College of Oceanography&Space Information,China University of Petroleum,Qingdao Shangdong 266580,China;College of Computer Science&Technology,China University of Petroleum,Qingdao Shangdong 266580,China)

机构地区：[1]中国石油大学(华东)海洋与空间信息学院,山东青岛266580 [2]中国石油大学(华东)计算机科学与技术学院,山东青岛266580

出　　处：《计算机应用研究》2022年第11期3455-3460,共6页Application Research of Computers

基　　金：国家自然科学基金资助项目(61772551);山东省自然科学基金资助项目(ZR2019MF034)。

摘　　要：卫星网络作为一种新兴的网络,具有覆盖范围广、传输环节少等优点,但拓扑结构复杂、链路频繁切换,因而面临诸多网络安全威胁。为解决卫星网络中身份认证等安全性问题,结合CFL认证体制,提出了一种适用于卫星网络的安全认证策略研究。在注册阶段,用户和卫星分别向地面控制中心申请证书,地面控制中心验证用户和卫星的身份后为用户和卫星签署证书;在认证阶段,用户与卫星互相交换证书,自主生成验证密钥并验证证书,实现用户与卫星的双向快速认证。分析结果表明,所提方案能够满足卫星网络的安全需求,抵御各种常见的网络安全攻击;与其他相关方案的相比,该方案无须地面中心参与认证过程,通信开销与计算开销较小,在保证安全性的基础上,与最低计算开销方法相比,将通信效率提升了33%,有效提高了认证效率。因此,本方案不仅适合星载资源有限的卫星网络,且能够增强卫星网络的安全性。As a new network,satellite network has the advantage of wide range and few transmission links.However,due to the complex topology and frequent link switching,it faces many network security threats.To solve security problems such as identity authentication in satellite network,combined with CFL authentication,this paper put forward a applicable satellite network security authentication scheme.In the registration stage,the user and the satellite applied for certificates to the ground control center respectively.The ground control center verified the identity of the user and the satellite and signed the certificates for the user and the satellite.In the authentication stage,users and satellites exchanged certificates,generated authentication keys and verified certificates independently,and realized two-way fast authentication between users and satellites.The results of security analysis show that the proposed scheme can meet the security requirements of satellite network and resist various kinds of common network security attacks.Compared with other related schemes,this scheme didn’t require the ground center to participate in the authentication process,and the communication overhead and computing overhead are small.On the basis of ensuring security,compared with the minimum computing overhead method,the communication overhead is reduced by nearly 33%,which effectively improves the authentication efficiency.Therefore,this scheme is not only suitable for satellite network with limited on-board resources,but also can enhance the security of satellite network.

关 键 词：卫星网络 安全认证 CFL证书 指数乘积型密码算法 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]