卫星互联网地面缺省场景下用户设备的接入认证及重认证机制研究  

作　　者：卜秋雨 曹进 程利甫 马如慧 李晖 BU Qiuyu;CAO Jin;CHENG Lifu;MA Ruhui;LI Hui(School of Cyber Engineering,Xidian University,Xi'an 710126,China;Shanghai Aerospace Electronic Technology Institute,Shanghai 201109,China)

机构地区：[1]西安电子科技大学网络与信息安全学院,陕西西安710126 [2]上海航天电子技术研究所,上海201109

出　　处：《天地一体化信息网络》2023年第2期31-46,共16页Space-Integrated-Ground Information Networks

基　　金：国家自然科学基金面上项目(No.61772404)。

摘　　要：针对当前用户设备接入认证机制均需要地面参与带来较大的通信时延以及可扩展性差等问题,提出一种卫星互联网地面缺省场景下的用户设备接入认证及重认证协议,并进一步针对用户设备认证过程中可能发生断电重新连接和AV不同步等问题,提出一种断电重连场景下的用户设备快速认证机制和AV快速安全同步机制,确保用户可以安全地接入卫星网络并获取相关服务。在所提出的方案中,利用初次接入认证中生成的AV向量来辅助重认证过程完成实体之间的身份认证,无须网络控制中心的参与,保障了通信系统的容灾性。形式化验证工具Scyther表明,该协议可以抵抗常见的协议攻击,保障通信过程中的机密性和完整性,并且具有较小的计算、带宽以及存储开销,适用于卫星互联网。For the current user device access authentication mechanism requires ground participation to bring about large communication delays and poor scalability,a user device access authentication and re-authentication protocol in the ground default scenario in the space-ground integrated network was proposed,and further for the user device authentication process may occur in the power outage reconnection and AV asynchronization and other problems,a user device fast authentication mechanism and AV fast security synchronization mechanism under power failure reconnection scenario were proposed to ensured that users could safely accessed the satellite network and obtain related services.In the proposed scheme,the AV vector generated in the initial access authentication was used to assisted the re-authentication process to completed the authentication between entities without the involvement of the network control center,which guaranteed the communication system resilience.The formal verification tool Scyther showed that the proposed protocol was resistant to common protocol attacks,guaranteed the confidentiality and integrity of the communication process,and had a small signaling,computational,and bandwidth overhead,made it suitable for the satellite internet.

关 键 词：卫星互联网 地面缺省 接入认证 重认证 

分 类 号：TP302[自动化与计算机技术—计算机系统结构]