面向卫星互联网的链路层加密系统设计  

作　　者：王逸璇 李洋 杨皓琪 李妍 刘艳梅 WANG Yixuan;LI Yang;YANG Haoqi;LI Yan;LIU Yanmei(China Satellite Communications Co.,Ltd.,Beijing,100094,China)

机构地区：[1]中国卫通集团股份有限公司,北京100094

出　　处：《网络空间安全科学学报》2024年第4期95-105,共11页Journal of Cybersecurity

摘　　要：全球卫星通信行业进入卫星互联网发展阶段,面对复杂多变的国际政治格局环境及日益严峻的网络攻击挑战,卫星互联网安全至关重要。针对上述问题创新性地构建了卫星互联网网络模型,分析卫星互联网海量用户、空间开放、网络互联、网络拓扑高动态等特点带来的卫星互联网空间链路安全风险。基于“适度防护、应密尽密”的原则,设计一套卫星互联网链路层加密系统,该系统架构灵活适配卫星互联网网络架构、运营模式、应用场景特征等。特别是面向卫星互联网海量用户不同需求,优化加密通信协议;针对卫星互联网网络节点多、高动态的特点重点对链路层加密系统密钥管理功能进行设计,保障卫星互联网业务全流程应用过程中的业务数据和关键管理信息安全传输,显著提升卫星互联网空间链路的安全防护水平。基于中星26号卫星实测验证本系统在全业务流程、不同数据类型的加密能力,结果表明本加密系统可对业务数据和关键信息加密。The global satellite communication industry has entered the era of Satellite Internet development.In the face of com-plex and ever-changing international political landscapes and increasingly severe cyberattacks,the security of Satellite Internet is of paramount importance.In response to the aforementioned issues,an innovative Satellite Internet network model had been constructed,analyzing the space link security risks posed by the characteristics of Satellite Internet,including the massive user base,open space envi-ronment,network interconnection,and highly dynamic network topology.Based on the principle of"adequate protection and compre-hensive encryption where necessary",a flexible link layer encryption system for Satellite Internet is designed,which seamlessly adapts to the network architecture,operation mode,application scenario characteristics.Particularly,focusing on the diverse needs of massive Satellite Internet users,the system optimizes the encryption communication protocols.Given the numerous and highly dynamic network nodes of Satellite Internet,the key management function of the link layer encryption system is emphatically designed to ensure secure transmission of the business data and critical management information throughout the Satellite Internet service process,thereby signifi-cantly enhancing the security protection level of Satellite Internet space links.This designed system has undergone the practical testing and verification across the entire business process with different data types based on the ChinaSat-26 satellite.The results demonstrate that this encryption system can effectively encrypt the business data and critical information.

关 键 词：卫星互联网 网络模型 空间开放 网络互联 高动态 链路层 加密系统 

分 类 号：TN927[电子电信—通信与信息系统]