天地一体化网络中基于令牌的安全高效漫游认证方案

薛开平; 马永金; 洪佳楠; 许婕; 杨青友

doi:10.11959/j.issn.1000-436x.2018076

您当前的位置：

首页 >

文章列表页 >

天地一体化网络中基于令牌的安全高效漫游认证方案

学术论文 | 更新时间：2024-06-05

- 天地一体化网络中基于令牌的安全高效漫游认证方案
- Secure and efficient token based roaming authentication scheme for space-earth integration network
- 通信学报 2018年39卷第5期页码：48-58
- 作者机构：
  
  中国科学技术大学电子工程与信息科学系，安徽合肥 230026
- 作者简介：
  
  [ "薛开平（1980-），男，江苏东台人，中国科学技术大学副教授，主要研究方向为下一代网络体系结构与网络安全。" ]
  [ "马永金（1994-），男，福建龙岩人，中国科学技术大学硕士生，主要研究方向为系统与网络安全。" ]
  [ "洪佳楠（1989-），男，浙江宁波人，中国科学技术大学博士生，主要研究方向为网络安全协议设计与分析。" ]
  [ "许婕（1995-），女，安徽六安人，中国科学技术大学硕士生，主要研究方向为网络安全协议设计与分析。" ]
  [ "杨青友（1993-），男，海南万宁人，中国科学技术大学硕士生，主要研究方向为网络安全协议设计与分析。" ]
- 基金信息：
  
  国家重点基础研究发展计划（“973”计划）基金资助项目(2016YFB0800301);国家自然科学基金资助项目(61379129)
- DOI：10.11959/j.issn.1000-436x.2018076
  中图分类号： TP302
- 网络出版日期：2018-05，
  
  纸质出版日期：2018-05-25
- 稿件说明：
移动端阅览
薛开平, 马永金, 洪佳楠, 等. 天地一体化网络中基于令牌的安全高效漫游认证方案[J]. 通信学报, 2018,39(5):48-58.

Kaiping XUE, Yongjin MA, Jia’nan HONG, et al. Secure and efficient token based roaming authentication scheme for space-earth integration network[J]. Journal on communications, 2018, 39(5): 48-58.
薛开平, 马永金, 洪佳楠, 等. 天地一体化网络中基于令牌的安全高效漫游认证方案[J]. 通信学报, 2018,39(5):48-58. DOI： 10.11959/j.issn.1000-436x.2018076.

Kaiping XUE, Yongjin MA, Jia’nan HONG, et al. Secure and efficient token based roaming authentication scheme for space-earth integration network[J]. Journal on communications, 2018, 39(5): 48-58. DOI： 10.11959/j.issn.1000-436x.2018076.

摘要

针对天地一体化网络中卫星和地面实体通信链路时延长、不稳定的问题，提出一种基于令牌的两方漫游认证方案。该方案利用网络中卫星节点具有一定计算能力的特性，将用户认证过程从网络控制中心（NCC）提前到接入卫星，由卫星直接检验 NCC 颁发的令牌来验证用户的身份；同时，基于单向累加器的令牌机制，实现了用户的动态加入、轻量级的用户自主业务定制和计费；并通过Bloom Filter的引入实现有效的用户撤销和恶意接入控制。和已有的方案相比，该方案在保证漫游认证的安全性同时，显著减少了认证和密钥协商过程的计算和通信开销。

Abstract

Aiming at the problem of prolongation and instability of satellite and terrestrial physical communication links in the space-earth integration network

a two-way token based roaming authentication scheme was proposed.The scheme used the characteristics of the computing capability of the satellite nodes in the network to advance the user authentication process from the network control center (NCC) to the access satellite.The satellite directly verified the token issued by the NCC to verify the user's identity.At the same time

the token mechanism based on the one-way accumulator achieved the user's dynamic join

lightweight user self-service customization and billing

and the introduction of Bloom Filter enabled effective user revocation and malicious access management.Compared with the existing scheme

the scheme can guarantee the security of roaming authentication and significantly reduce the calculation and communication overhead of the authentication and key negotiation process.

关键词

Keywords

references

李凤华 , 殷丽华 , 吴巍 , 等 . 天地一体化信息网络安全保障技术研究进展及发展趋势 [J ] . 通信学报 , 2016 , 37 ( 11 ): 156 - 168 .

LI F H , YIN L H , WU W , et al . Research status and development trends of security assurance for space-ground integration information network [J ] . Journal on Communications , 2016 , 37 ( 11 ): 156 - 168 .

CHEN C L , CHENG K W , CHEN Y L , et al . An improvement on the self-verification authentication mechanism for a mobile satellite communication system [J ] . Applied Mathematics ＆ Information Sciences , 2014 , 8 ( 1L ): 97 - 106 .

ZHAO W , ZHANG A , LI J , et al . Analysis and design of an authentication protocol for space information network [C ] // IEEE Military Communications Conference on MILCOM . IEEE , 2016 : 43 - 48 .

LIU Y , ZHANG A , LI J , et al . An anonymous distributed key management system based on CL-PKC for space information network [C ] // IEEE International Conference on Communications (ICC) . 2016 : 1 - 7 .

HE D , BU J , CHAN S , et al . Privacy-preserving universal authentication protocol for wireless communications [J ] . IEEE Transactions on Wireless Communications , 2011 , 10 ( 2 ): 431 - 436 .

LIU J K , CHU C K , CHOW S S M , et al . Time-bound anonymous authentication for roaming networks [J ] . IEEE Transactions on Information Forensics and Security , 2015 , 10 ( 1 ): 178 - 189 .

CRUICKSHANK H S , . A security system for satellite networks [C ] // Fifth International Conference on Satellite Systems for Mobile Communications and Navigation,IET . 1996 : 187 - 190 .

HWANG M S , YANG C C , SHIU C Y . An authentication scheme for mobile satellite communication systems [J ] . ACM SIGOPS Operating Systems Review , 2003 , 37 ( 4 ): 42 - 47 .

CHANG Y F , CHANG C C . An efficient authentication protocol for mobile satellite communication systems [J ] . ACM SIGOPS Operating Systems Review , 2005 , 39 ( 1 ): 70 - 84 .

CHEN T H , LEE W B , CHEN H B . A self-verification authentication mechanism for mobile satellite communication systems [J ] . Computers＆ Electrical Engineering , 2009 , 35 ( 1 ): 41 - 48 .

JIANG Y , LIN C , SHEN X , et al . Mutual authentication and key exchange protocols for roaming services in wireless mobile networks [J ] . IEEE Transactions on Wireless Communications , 2006 , 5 ( 9 ): 2569 - 2577 .

YANG G , WONG D S , DENG X . Anonymous and authenticated key exchange for roaming networks [J ] . IEEE Transactions on Wireless Communications , 2007 , 6 ( 9 ): 3461 - 3472 .

YANG G , WONG D S , DENG X . Formal security definition and efficient construction for roaming with a privacy-preserving extension [J ] . Journal of Universal Computer Science , 2008 , 14 ( 3 ): 441 - 462 .

BENALOH J C , MARE M D . One-way accumulators:a decentralized alternative to digital signatures [C ] // Workshop on the Theory and Application of of Cryptographic Techniques . 1993 : 274 - 285 .

BLOOM B H . Space/time trade-offs in hash coding with allowable errors [J ] . Communications of the ACM , 1970 , 13 ( 7 ): 422 - 426 .

MUKHERJEE J , RAMAMURTHY B . Communication technologies and architectures for space network and interplanetary internet [J ] . IEEE Communications Surveys ＆ Tutorials , 2013 , 15 ( 2 ): 881 - 897 .

AKYILDIZ I F , UZUNALIOĞLU H , BENDER M D . Handover management in low earth orbit (LEO) satellite networks [J ] . Mobile Networks and Applications , 1999 , 4 ( 4 ): 301 - 310 .

HE D , BU J , CHAN S , et al . Handauth:efficient handover authentication with conditional privacy for wireless networks [J ] . IEEE Transactions on Computers , 2013 , 62 ( 3 ): 616 - 622 .

浏览量

883

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

无线网络中基于无证书聚合签名的高效匿名漫游认证方案

工作流系统中一个基于多权角色和规则的条件化RBAC安全访问控制模型

适用于无线传感器网络的广播认证算法