CN113079016A - Identity-based authentication method facing space-based network - Google Patents

Identity-based authentication method facing space-based network Download PDF

Info

Publication number
CN113079016A
CN113079016A CN202110306820.3A CN202110306820A CN113079016A CN 113079016 A CN113079016 A CN 113079016A CN 202110306820 A CN202110306820 A CN 202110306820A CN 113079016 A CN113079016 A CN 113079016A
Authority
CN
China
Prior art keywords
authentication
leo
private key
module
satellite
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110306820.3A
Other languages
Chinese (zh)
Other versions
CN113079016B (en
Inventor
赵宝康
苏金树
王宝生
陈曙晖
虞万荣
毛席龙
宋光磊
原玉磊
韩彪
魏子令
刘谱光
苏晓乾
穆凡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Original Assignee
National University of Defense Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology filed Critical National University of Defense Technology
Priority to CN202110306820.3A priority Critical patent/CN113079016B/en
Publication of CN113079016A publication Critical patent/CN113079016A/en
Application granted granted Critical
Publication of CN113079016B publication Critical patent/CN113079016B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/14Relay systems
    • H04B7/15Active relay systems
    • H04B7/185Space-based or airborne stations; Stations for satellite systems
    • H04B7/1851Systems using a satellite or space-based relay
    • H04B7/18519Operations control, administration or maintenance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Physics & Mathematics (AREA)
  • Astronomy & Astrophysics (AREA)
  • Aviation & Aerospace Engineering (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Radio Relay Systems (AREA)

Abstract

The invention discloses an identity-based authentication method facing a space-based network, which aims to solve the problem of security authentication between a ground terminal and a satellite in the space-based network and improve the security of space-based network communication. The technical scheme is that an identity-based authentication system facing a space-based network, which consists of a ground terminal, a key generation center KGC and a low-orbit satellite, is constructed; the KGC initialization calculation module calculates a system master key and public parameters; the KGC private key calculation module calculates a corresponding private key and distributes the private key and the public parameters to the ground terminal and the satellite. Terminal TEAPerforming current over-the-top satellite LEO upon accessAAnd TEAMutual authentication and session key agreement, then LEOAAnd TEAIs normalCommunication, LEOAPredicting LEO at end of service ifAThe user is about to leave the current area, inter-satellite switching authentication is carried out, and if LEO is judged in advanceANot leave, then LEOAAnd TEAThe communication is continued. The invention effectively reduces the size of the transmission message, and realizes the fast switching authentication and the session key negotiation while ensuring the safety.

Description

Identity-based authentication method facing space-based network
Technical Field
The invention relates to the field of space network security communication, in particular to an identity-based authentication method facing a space-based network.
Background
As a powerful supplement to the traditional ground network, the space-based network can provide access service to special areas such as desert, and real global interconnection is realized. However, due to the natural open environment of satellite communication, a malicious attacker can easily acquire communication data between satellites and the ground or pretend that a legitimate user issues malicious instructions, and these behaviors pose a great challenge to the security of the space-based network. Therefore, the space-based network needs an authentication scheme to ensure the self-operation safety; the main roles of authentication are two: firstly, the legality of the ground terminal is identified, and it is guaranteed that only a legal terminal can send acquired data to a satellite; and secondly, the terminal authenticates the legality of the satellite to ensure that the satellite sending the control command is legal. The space-based network is a concept which is created in recent years, research on security technologies in the space-based network is relatively few at home and abroad, in the existing research on the security technologies of the space-based network, authentication between a user and a network control center is mostly considered in an authentication method, however, in the space-based network, a satellite needs to send a control instruction to a ground terminal, and the ground terminal needs to upload collected data to the satellite, so that authentication between the satellite and the ground terminal in the space-based network is an extremely important link. Currently, the research on the authentication between the satellite and the ground terminal is poor, and therefore, a mutual authentication method between the satellite and the ground terminal in the space-based network needs to be designed to ensure the secure communication between the sky and the ground.
When designing the authentication method, the characteristics of the space-based network need to be considered:
(1) the network topology changes highly. Since the satellites move around the earth at a high speed with time, each satellite only has a few minutes of time to provide service for the ground terminal in a specific area, and therefore, the authentication method in the space-based network should enable the ground terminal to perform bidirectional authentication quickly when switching from the current service satellite to the next satellite.
(2) The network transmission delay is high. The link transmission rate in the space-based network is kbps level, which is limited by the development of the ground platform terminal, and the interaction times required by the authentication between the satellite and the ground terminal are as small as possible in order to reduce the total time consumed by the authentication.
(3) Network bandwidth resources are limited. The space-based network depends on a low-orbit narrow-band satellite constellation, and the network bandwidth is very limited, so the message size involved in the authentication process is as small as possible.
(4) Ground terminals and on-board computing storage capabilities are limited. Under the influence of satellite payload technology and terminal infrastructure, the computation storage capacities of both the satellite and the terminal are very limited, and the computation operations required to complete the authentication process cannot be very complex.
The traditional space-based network security authentication method comprises an authentication method based on a traditional digital certificate, a source authentication method based on an extended broadcast identity verification protocol certificate, a lightweight authentication method based on identity identification, a distributed authentication method based on an identity-based cryptography technology and a block chain technology, and a dynamic access method based on a token. However, the traditional space-based network security authentication method has the following technical problems:
(1) the authentication method based on the traditional digital certificate refers to bidirectional authentication and session key negotiation in a space-based network by using a public key encryption algorithm. In the method, both communication parties need to send own digital certificates to each other, the communication and calculation costs are high, and the method is not suitable for the space-based network environment with limited communication bandwidth.
(2) The source authentication method based on the extended broadcast identity authentication protocol certificate is characterized in that a satellite is used as an authentication center to generate the extended broadcast identity authentication protocol certificate and operate a source authentication protocol.
(3) The lightweight authentication method based on the identity identification refers to a symmetric encryption algorithm is used for transmitting a user ID and a session key between a user and a network control center. However, by adopting the method, once the attacker obtains the key once in the data transmission process, the key of the subsequent session can be obtained from the message, thereby causing serious potential safety hazard.
(4) A distributed authentication method based on an identity-based cryptography technology and a block chain technology is characterized in that the identity-based cryptography is used to avoid complex certificate management and reduce communication overhead caused by certificate transmission, and the block chain is used in the authentication process to prevent the authentication bottleneck problem caused by a centralized authentication protocol. However, the block chain technique adopted in the method has higher requirements on the calculation and storage capacities of the satellite loads, the space-based network is influenced by the satellite payload technique and the terminal infrastructure, and the calculation and storage capacities of the satellite and the terminal are very limited, so that the method is not suitable for the current space-based network environment.
(5) A dynamic access method based on a token is characterized in that a pre-authentication vector is constructed by utilizing the certainty of a satellite running track in a low-orbit satellite network and the high synchronism of clocks of all communication nodes, and a user does not need to interact with a network control center except an initial access process by utilizing the pre-authentication vector, so that the authentication delay is effectively reduced. However, with the method, an attacker can pass authentication as long as acquiring the true identity authentication value (ID value) of the user, and then access the space-based network to implement attacks such as impersonation, replay, tampering and the like.
In view of this, how to solve the problem of security authentication between the ground terminal and the satellite in the space-based network environment, and effectively improving the security of the space-based network communication become problems to be urgently solved by researchers in the field.
Generally, in order to ensure the resistance of a message (which means that some mechanisms are used so that two communication parties cannot deny the behavior of sending information and the content of the information by themselves), a sender of the message uses a private key to generate a signature for the message, and sends an original message and the signature together, and after a receiver receives the message (including the original message and the signature), the receiver verifies the validity of the signature according to a public key of the sender and the original message. The signature method with the message recovery function means that a sender can recover the corresponding original message by using the signature and the public key without sending the complete original message. Compared with the traditional signature scheme, the signature scheme with the message recovery function needs to transmit a smaller message size. Signature methods with message functions are currently generally used in environments where network transmission bandwidth is limited, such as mobile ad hoc networks; identity-based cryptography means that two communication parties can deduce a corresponding public key according to an Identity (ID) provided by the other party, thereby avoiding transmitting own digital certificates in the communication process and effectively reducing the size of transmitted messages. Identity-based cryptography is currently commonly used in secure email systems and mobile ad hoc networks. The identity-based signature method with the message recovery function (belonging to identity-based cryptography) effectively reduces the size of the transmitted message while ensuring the resistance to denial, so that the method is suitable for the communication environment with limited bandwidth resources. In the space-based network, the communication bandwidth is limited, and the identity-based signature method with the message recovery function is a good choice. But no prior publication relates to the use of an identity-based signature algorithm with message recovery for bidirectional authentication and session key agreement of satellite and terrestrial terminals in space-based networks.
Disclosure of Invention
The technical problem to be solved by the invention is to provide an authentication method which has the characteristics of fast switching authentication, less interaction times, small authentication message size, proper calculation operation difficulty, capability of resisting various network attacks and the like, is suitable for a space-based network environment, solves the safety authentication problem of a ground terminal and a satellite in a space-based network, and effectively improves the safety of space-based network communication.
The technical scheme of the invention is as follows: and realizing mutual authentication and session key negotiation between the satellite and the ground terminal by using the cryptography technologies such as an identity-based signature method with a message recovery function, a message verification code, an ECDH (explicit Curve Diffie-Hellman, which is translated into a Diffie-Hellman key exchange algorithm on an Elliptic Curve, and Diffie and Hellman are personal names) algorithm and the like. The identity-based signature method with the message recovery function does not require a sender to send a complete original message, a receiver can recover the corresponding message by using the signature and the public key, and compared with a general signature method, the method has the advantages that the size of the message to be transmitted is smaller; the identity-based cryptography can avoid complex certificate management, avoid the transmission of a digital certificate in the authentication process and effectively reduce the size of a message transmitted in the authentication; the message verification code technology is used for an inter-satellite switching authentication process to realize rapid switching authentication; the ECDH algorithm is used for completing the negotiation of the session key while the authentication is performed, and compared with the method for performing the negotiation of the session key after the authentication is completed, the method can reduce the interaction between the satellite and the ground once.
Aiming at the identity authentication problem in the space-based network, the invention designs an identity-based security authentication scheme facing the space-based network. The scheme effectively reduces the size of the transmission message and the interaction turns between the satellite and the ground in the authentication process by using the identity-based signature method with the message recovery function. In addition, in order to reduce the influence caused by inter-satellite switching, a corresponding inter-satellite switching authentication message is designed by particularly utilizing a message verification code technology, and inter-satellite switching authentication is efficiently realized. The security analysis shows that the invention has the security characteristics of bidirectional authentication, replay attack resistance, session key agreement and the like.
The specific technical scheme of the invention is as follows:
firstly, an identity-based authentication system facing a space-based network is constructed. The identity-based authentication system facing the space-based network consists of three network entities, namely a ground terminal (recorded as TE), a key generation center (recorded as KGC) and a low-earth orbit satellite (recorded as LEO). The KGC is connected to a plurality of TEs and LEOs via wireless links.
Before mutual Authentication between TE and LEO, KGC calculates a system main key x and public parameter params by using an initialization parameter generation algorithm in an identity-based signature scheme with a message recovery function (see Shim K-A. foundation: a Practical Wireless Sensor network Multi-User Broadcast Authentication scheme [ J ]. IEEE Information Forensics and secure transaction 2017, PP:1-1. English literature index is Shim K-A.BASIS: A Practical Multi-User Broadcast Authentication scheme [ J ]. IEEE transaction scheme Wireless Sensor Networks [ J ]. IEEE Transactions on Information dynamics and security 2017, PP: 1-1.); KGC receives identity identification, a request for applying public parameters and a request for applying a private key from TE and LEO, KGC uses a private key generation algorithm in an identity-based signature scheme with a message recovery function provided by Kyung-Ah Shim, calculates the private keys of TE and LEO by using public parameters params and a master key x, distributes satellite private keys and public parameters to satellites in a safe environment (for example, two communication parties establish safe session connection by adopting a secure socket protocol), and distributes private keys and public parameters of ground terminals to ground terminals.
TE and LEO are connected with each other and connected with KGC, before communication, they are registered with KGC, and submit the ID selected by TE or LEO, request and application for public parameter, and current satellite over-the-top (order is LEO)A) After receiving the satellite's private key from the KGC, the LEOAGenerating satellite authentication message (denoted as L)A) Sending to the current ground terminal (order is TE)A),TEATo LAAfter the authentication is passed, a ground terminal authentication message (marked as T) is generatedA) Is sent to LEOA。LEOAFor TAAnd performing authentication to complete mutual authentication of the satellite and the ground terminal. Due to the high speed of satellite motion around the earth over time. Each satellite only has a few minutes of providing service for ground terminals in a specific area, and the LEO of the current over-the-top satelliteAWhen leaving, it will switch authentication security parameter k over the secure channels(LEOAAn integer k selected randomlys∈N*,N*Is a positive integer set) to the current ground terminal TEAWill k issAnd TEAID ofASent to the next over-the-top satellite (noted LEO)B),TEAGenerating terminal rapid authentication message (marked as TF)A) Is sent to LEOB,LEOBFor TFACarrying out authentication, and generating a satellite rapid authentication message (marked as LF) after the authentication is passedA) Is sent to TEA,TEAFor LFAAnd performing authentication to finish the rapid switching authentication process.
The KGC is provided with an initialization calculation module and a private key calculation module, and the ground terminal and the satellite are provided with a private key and public parameter management module, an authentication calculation module, a verification module and a switching authentication module.
The initialization calculation module on the KGC generates a public parameter params and a system master key x, and sends the params and x to the private key calculation module of the KGC. The private key calculation module is connected with the private key and public parameter management module of the ground terminal and the satellite. The private key calculation module receives the identity of the ground terminal, a request for applying for the public parameters and a request for applying the private key from the private key and public parameter management module of the ground terminal, calculates the private key of the ground terminal according to the identity of the ground terminal and sends the private key and the public parameters to the private key and public parameter management module of the ground terminal. The private key calculation module receives the identity identification of the satellite, the request for applying the public parameter and the request for applying the private key from the private key and public parameter management module of the satellite, calculates the private key of the satellite according to the identity identification of the satellite and sends the private key and the public parameter to the private key and public parameter management module of the satellite.
The private key and public parameter management module is connected with the private key calculation module and the authentication calculation module (belonging to the same network entity with the private key and public parameter management module) of the KGC, and is responsible for receiving the private key and the public parameter sent by the private key calculation module and sending the private key and the public parameter to the authentication calculation module.
The authentication calculation module is connected with the private key and public parameter management module (belonging to the same network entity with the authentication calculation module), the verification module (belonging to the same network entity with the authentication calculation module), and the authentication calculation module of another network entity (such as the authentication calculation module of a satellite (a class of network entity) is connected with the authentication calculation module of a ground terminal (another class of network entity), but the authentication calculation module of the satellite A (a class of network entity) is connected with the authentication calculation module of another satellite B (the same class of network entity)), the authentication calculation module receives the public parameters and the private key from the private key and public parameter management module, generates an authentication message by using the private key and the public parameters, and sends the authentication message to the authentication calculation module of the other network entity; and after receiving the authentication message sent by the authentication calculation module of another network entity, the authentication calculation module sends the received authentication message to the verification module.
The verification module is connected with the authentication calculation module (belongs to the same network entity with the verification module), the verification module receives the authentication message from the authentication calculation module and then verifies the authentication message, a session key is calculated after the authentication is passed, the session key and any symmetric encryption algorithm (such as AES, DES and the like) are used for encrypting and decrypting the message in the subsequent communication process with another network entity (for example, the satellite calculates the session key and then encrypts the message by using the session key of the satellite and then sends the message to the ground terminal, the ground terminal decrypts the received message by using the session key of the ground terminal after receiving the message, the ground terminal also encrypts the message by using the session key of the ground terminal before sending the message and then sends the message to the satellite, and the satellite decrypts the message by using the session key of the satellite) so as to complete the safe communication.
Current ground terminal TEACurrent overhead satellite LEOANext satellite LEO over the topBThe switching authentication modules of the three are connected with each other. The overhead satellites of any ground terminal at any time are fixed throughout the system (the satellites move around the earth at high speed over time, the time that each satellite services a ground terminal in a particular area is fixed for only a few minutes, and therefore the overhead satellites of a ground terminal are fixed for any period of time throughout the system.) at the LEOAAt the end of the service, the LEOADetermine imminent handover, LEOATo the TEAThe switching authentication module sends a switching authentication security parameter ksTo LEOBThe switching authentication module of (1) sends the TEAID ofAAnd handover authentication security parameter ks. Then TEAThe switching authentication module generates a terminal rapid authentication message TFAIs sent to LEOBOf the switching authentication module, LEOBIs switched to TFAPerforming authentication, and after the authentication is passed, LEOBSwitching authentication module generates satellite fast authentication message LFAIs sent to TEAOf the handover authentication module, TEAHandover authentication module pair LFAAnd verifying to finish the fast switching authentication.
Secondly, an initialization calculation module on the KGC calculates a main key and public parameters of the system by using an initialization parameter generation algorithm in an identity-based signature scheme with a message recovery function (see Shim K-A. foundation: a Practical Wireless Sensor network Multi-User Broadcast Authentication scheme [ J ]. IEEE Information Forensics and secure transaction 2017, PP:1-1. English literature index is Shim K-A.BASIS: A Practical Multi-User Broadcast Authentication scheme [ J ]. IEEE transaction on Information Forensics and security 2017, PP: 1-1.) provided by Kyung-Ah Shim, and the specific flow is as follows:
2.1 initializing calculation Module selecting finite field FqThe elliptic curve E above, and after determining E, the initial calculationThe module randomly selects prime P (P can divide the number of points on E equally) and point P (the order of point P is P) according to the current Secp256k1 standard, the number of points on the elliptic curve is fixed and not a random variable, and the number of points on E is not generally prime.
2.2 from the prime integer space (denoted by
Figure BDA0002987889180000071
) Select a number x
Figure BDA0002987889180000072
As the master key of the identity-based authentication system facing the space-based network, the global public key P is calculatedpub=xP。
2.3 selection of four Hash Functions H1,H2,F1,F2Wherein H1,H2:{0,1}*→ZP(H1,H2The function of (1) is to map a 01 binary sequence code with an arbitrary length into a 01 binary sequence code with a length of a, and a belongs to Zp,ZpIs a prime integer space containing p),
Figure BDA0002987889180000073
(F1the function of the method is to map 01 binary sequence codes with arbitrary length into a length k2The 01 binary sequence code of),
Figure BDA0002987889180000074
(F2has the effect of reducing the length to k1Mapping 01 binary sequence code to length k201 binary sequence code), k1And k2Is two positive integers and satisfies p ═ k1+k2
2.4 mixing Fq,E,p,P,Ppub,H1,H2,F1,F2,k1,k2The identity-based authentication system public parameters params and params which are combined to form the space-based network<Fq,E,p,P,Ppub,H1,H2,F1,F2,k1,k2>Params is published.
And thirdly, the private key calculation module on the KGC calculates a corresponding private key according to the identity submitted by the ground terminal and the satellite, and distributes the private key and the public parameter params to the private key and public parameter management module of the ground terminal and the satellite. The method comprises the following steps:
3.1 ground terminal TEAThe private key and public parameter management module submits an identity ID to a private key calculation module of the KGCAA request for applying the public parameter params and a request for applying the private key.
3.2 private Key computation Module from ground terminal TEAThe private key and public parameter management module receives the IDAAnd request for public parameter params, request for private key, calculation and IDACorresponding private key skA(ii) a The method for calculating the private key adopts a private key generation algorithm in an identity-based signature scheme with a message recovery function, which is provided by Kyung-Ah Shim, and comprises the following steps:
3.2.1 private Key computation Module from
Figure BDA0002987889180000081
Randomly selecting any number from the middle random selection list as a ground terminal registration random number, and recording the random number as rA
Figure BDA0002987889180000082
3.2.2 private Key computation Module compute private Key skA,skA=(RA,vA),RA=rAP,vA=rA+cAxmod p, wherein cA=H1(IDA,RA),RAIs the front part of the private key of the ground terminal, cAIs a ground terminal private key hash intermediate value, vAIs the back part of the private key of the ground terminal, and x is the system master key.
3.3 private Key computation Module will skAAnd params to TEAThe private key and public parameter management module.
3.4TEAThe private key and public parameter management module will skAAnd params are stored locally.
3.5 satellite LEOAThe private key and public parameter management module submits the identity selected by the private key and public parameter management module to the private key calculation module of the KGC
Figure BDA0002987889180000083
The application discloses a request of parameter params and a request of applying a private key.
3.6 private Key computation Module Slave satellite LEOAPrivate key and public parameter management module receiving
Figure BDA0002987889180000084
And request for public parameter params, request for private key, calculation and
Figure BDA0002987889180000085
corresponding private key
Figure BDA0002987889180000086
Figure BDA0002987889180000087
The calculation method of the private key is the same as that of 3.2, and a private key generation algorithm in an identity-based signature scheme with a message recovery function proposed by Kyung-Ah Shim is also adopted, and the method comprises the following steps:
3.6.1 private Key computation Module from
Figure BDA0002987889180000088
Randomly selecting any number as satellite registration random number, and recording as
Figure BDA0002987889180000089
Figure BDA00029878891800000810
3.6.2 private Key computation Module computation
Figure BDA00029878891800000811
Corresponding private key
Figure BDA00029878891800000812
Figure BDA00029878891800000813
Figure BDA00029878891800000814
Wherein
Figure BDA00029878891800000815
Figure BDA00029878891800000816
Is the front part of the satellite private key,
Figure BDA00029878891800000817
is the hash intermediate value of the satellite private key,
Figure BDA00029878891800000818
behind the satellite private key.
3.7 private Key computation Module
Figure BDA00029878891800000819
And params to LEOAThe private key and public parameter management module.
3.8LEOAThe private key and public parameter management module of
Figure BDA00029878891800000820
And params are stored locally.
Fourth, ground terminal TEAPerforming current satellite LEO over the top when accessing an identity-based authentication system facing a space-based network for the first timeAAnd TEAAnd computing the session key: TEAComplete the LEO pair firstAThe authentication of (1); then to ensure that the ground terminals accessing the space based network are authorized, the LEOAFor TEACarrying out authentication; finally according to LEO in the authentication processAAnd TEAReceived message, LEOAAnd TEAA corresponding session key is calculated. In particular toThe process is as follows:
4.1LEOAthe authentication computing module generates a satellite authentication message LAAnd broadcasts L to the groundA(the efficiency of authentication is improved by using the broadcasting characteristic of the satellite, and the calculation expense of the satellite is reduced), the method comprises the following specific steps:
4.1.1LEOAauthentication computing module of
Figure BDA0002987889180000091
Randomly selecting an integer as the random number of the satellite authentication message (noted as
Figure BDA0002987889180000092
Figure BDA0002987889180000093
) And computes the plaintext of the satellite authentication message
Figure BDA0002987889180000094
Figure BDA0002987889180000095
Figure BDA0002987889180000096
Is a binary sequence code consisting of 0 and 1.
4.1.2LEOAUsing private key
Figure BDA0002987889180000097
Using signature algorithm (signature algorithm in identity-based signature scheme with message recovery function proposed by Kyung-Ah Shim) pair
Figure BDA0002987889180000098
Signing to generate LEOASatellite authentication message LAThe method comprises the following steps:
4.1.2.1LEOAauthentication computing module of
Figure BDA0002987889180000099
In the random selectionAn integer is used as a satellite signature random number (recorded as
Figure BDA00029878891800000910
Figure BDA00029878891800000911
)。
4.1.2.2LEOAAuthentication computing module of
Figure BDA00029878891800000912
Divided into two parts
Figure BDA00029878891800000913
And
Figure BDA00029878891800000914
wherein
Figure BDA00029878891800000915
Has a sequence code length of k2(i.e. the
Figure BDA00029878891800000916
Has a number of bits of k2)。
4.1.2.3LEOAThe authentication calculation module calculates the intermediate quantity (recorded as the signature intermediate quantity) of the satellite verification message
Figure BDA00029878891800000917
),
Figure BDA00029878891800000918
(| | is a binary operator, and 01 binary sequence codes of two elements participating in operation are spliced together in sequence;
Figure BDA00029878891800000919
the operator is a binary operator, and the 01 binary sequence codes of the two elements participating in the operation are subjected to exclusive OR operation;
Figure BDA00029878891800000920
higher priority than |); computing deviceComponent of elliptic curve of star signature message (denoted as
Figure BDA00029878891800000921
),
Figure BDA00029878891800000922
(
Figure BDA00029878891800000923
Representing points on the elliptic curve E
Figure BDA00029878891800000924
X-axis coordinates of); computing the Hash intermediate value of the satellite signature message (note as
Figure BDA00029878891800000925
),
Figure BDA00029878891800000926
Compute satellite signature message trailer (note
Figure BDA00029878891800000927
)
Figure BDA0002987889180000101
Figure BDA0002987889180000102
Behind the satellite private key.
4.1.2.4 will
Figure BDA0002987889180000103
Generating a plaintext
Figure BDA0002987889180000104
Signed encrypted message of
Figure BDA0002987889180000105
Is that
Figure BDA0002987889180000106
Constituent quadruplets, i.e.
Figure BDA0002987889180000107
Wherein
Figure BDA0002987889180000108
Are all 01 binary sequence codes and are provided with a code,
Figure BDA0002987889180000109
is according to
Figure BDA00029878891800001010
Sequentially arranged 01 binary sequence codes.
4.1.2.5 will
Figure BDA00029878891800001011
Spliced into satellite authentication message LA(
Figure BDA00029878891800001012
Is LEOATime stamp of (3), record LEOAThe current time),
Figure BDA00029878891800001013
wherein
Figure BDA00029878891800001014
Are all 01 binary sequence codes, LAIs according to
Figure BDA00029878891800001015
Sequentially arranged 01 binary sequence codes.
4.1.3LEOAWill authenticate message LABroadcasting to ground while recording satellite broadcast LAAt time t1
4.1.4LEOAObtaining LEOACurrent time t2Let time interval T equal to T2-t1(ii) a Setting a first time threshold T1(T1According to the system requirement, if the system is required to consume less communication resources, the broadcast period should be as long as possible, but the shortest residence time of the satellite above the node cannot be exceeded,T1typically set at 200 seconds; if the system is required to operate efficiently, the broadcast period should be as short as possible, but the proportion of broadcast messages to communication resources should not be too high, T1Typically set at 50 seconds), if T<T1Turning to step 4.2, if T is more than or equal to T1Then 4.1.3 steps are taken.
4.2 ground terminal TEATo satellite LEOAAnd (3) performing authentication, which specifically comprises the following steps:
4.2.1TEAreceiving LEO by the authentication calculation moduleABroadcasted message LAIs prepared by mixing LAIs sent to TEAThe verification module of (1).
4.2.2TEAThe verification module receives LALook over LATime stamp on
Figure BDA00029878891800001016
And TEAIs at a second time threshold T2(T2According to the actual condition of the system to set T2Can not be longer than the time for transmitting the message from the satellite to the ground terminal, generally set to 1 second-10 seconds), if T ≦ T2Turning to step 4.2.3; if t is>T2Then TEARecognizes the issue LALEO (R) ofAIs illegal, TEARefusing to access the space-based network, and turning to the step 4.1;
4.2.3TEAthe verification module of (2) pairs the message LAIn (1)
Figure BDA0002987889180000111
Performing verification, if the verification passes, TEADetermine satellite LEOAIs legitimate and can obtain satellite authentication message plaintext
Figure BDA0002987889180000112
Turning to step 4.2.4; if the verification fails, TEARecognizes the issue LALEO (R) ofAIs illegal, TEARefusing to access the space-based network, and turning to the step 4.1; the verification algorithm adopts a verification algorithm in an identity-based signature scheme with a message recovery function proposed by Kyung-Ah ShimThe method specifically comprises the following steps:
4.2.3.1TEAthe verification module calculates the hash intermediate values of the satellite signature messages in turn
Figure BDA0002987889180000113
Satellite private key hash intermediate value
Figure BDA0002987889180000114
Satellite authentication message signature intermediate volume
Figure BDA0002987889180000115
And satellite authentication message plaintext back
Figure BDA0002987889180000116
(
Figure BDA0002987889180000117
To represent
Figure BDA0002987889180000118
Rightmost k of2A binary sequence code of bit 01 is set,
Figure BDA0002987889180000119
to represent
Figure BDA00029878891800001110
Leftmost k1Bit 01 binary sequence code).
4.2.3.2 if
Figure BDA00029878891800001111
The verification passes (i.e. the 01 binary sequence codes at both ends of the equation are equal), go to step 4.2.4, otherwise the verification fails, TEARecognizes the issue LALEO (R) ofAIs illegal, TEAAnd refusing to access the space-based network, and turning to the step 4.1.
4.2.4 at this time, TEAThe verification module of (2) determines satellite LEOAIs legitimate, TEAFrom the verification module LAExtracting to obtain
Figure BDA00029878891800001112
Will be provided with
Figure BDA00029878891800001113
And 4.2.3.1 calculated in step
Figure BDA00029878891800001114
Splicing to obtain satellite verification message
Figure BDA00029878891800001115
And to TEAThe authentication computing module of (2) sends a confirmation instruction (the content of the confirmation instruction is to inform the authentication computing module that the satellite is legal and can start to generate a ground terminal authentication message).
4.2.5TEAThe authentication computing module generates a ground terminal authentication message TAAnd generating TAMeanwhile, ECDH (The elliptic curve is translated into Diffie-Hellman key exchange algorithm on elliptic curve, Diffie and Hellman are names of people, which is specifically referred to Haakegaard R, Lang J]The method comprises the following steps of calculating a session key by using an Online at https:// koclab. cs. ucsb. edu/teaching/ecc/project/2015 project/Haakegaard + Lang. pdf.2015.) key exchange algorithm:
4.2.5.1TEAauthentication computing module of
Figure BDA0002987889180000121
Randomly selecting an integer as a random number (marked as k) of the ground terminal verification messageA
Figure BDA0002987889180000122
) And calculating the plaintext m of the ground terminal verification messageA,mA=kAP(mAIs a binary sequence code composed of 0 and 1, in the elliptic curve encryption theory, a plaintext message is generally encoded to a certain point on an elliptic curve, and the point and the plaintext message are in a one-to-one correspondence relationship).
4.2.5.2TEAAuthentication computing module ofPrivate key skAUsing signature algorithm to pair mASigning is carried out to generate a pair of plaintext mASigned encrypted message sigma (m)A) The method comprises the following steps:
4.2.5.2.1TEAauthentication computing module of
Figure BDA0002987889180000123
Randomly selecting an integer as a ground terminal signature random number (denoted as t)A
Figure BDA0002987889180000124
)。
4.2.5.2.2TEAM is calculated by the authentication calculation moduleADivided into two parts mA1And mA2Wherein m isA2Has a sequence code length of k2(i.e., m)A2Has a number of bits of k2)。
4.2.5.2.3TEAThe authentication calculation module calculates a ground terminal verification message signature intermediate quantity (denoted as m'A),
Figure BDA0002987889180000125
Calculating elliptic curve component (marked as y) of signature message of ground terminalA),
Figure BDA0002987889180000126
((tAP)XRepresenting a point t on the elliptic curve EACoordinates on the X-axis of P); calculating the hash intermediate value (marked as h) of the signature message of the ground terminalA),hA=H2(IDA||RA||yA),hA=H2(IDA||RA||yA) Indicates the IDA,RA,yAConcatenating into a binary sequence, and then using the binary sequence as function H2Calculating the hash value of the binary sequence; computing ground terminal signature message tail element (noted as z)A)zA=tA+hAvA mod p,vAIs the back part of the private key of the ground terminal.
4.2.5.2.4 mixing mA1,RA,yA,zAGenerating a plaintext mASigned encrypted message sigma (m)A),σ(mA) Is mA1,RA,yA,zAConstituent quadruples, σ (m)A)=(mA1||RA||yA||zA) (ii) a Wherein m isA1,RA,yA,zAAre all 01 binary sequence codes, σ (m)A) Is according to mA1,RA,yA,zASequentially arranged 01 binary sequence codes.
4.2.5.3TEAAuthentication computation module of (2) select TEATime stamp ttAWill IDA、ttA、σ(mA) Spliced ground terminal authentication message TA,TA=IDA||ttA||σ(mA) (ii) a Wherein the IDA、ttA、σ(mA) Are all 01 binary sequence codes, TAIs in accordance with IDA、ttA、σ(mA) Sequentially arranged 01 binary sequence codes. TEAThe authentication calculation module of (A) is to beAIs sent to LEOAThe authentication calculation module of (1).
4.2.5.4TEAThe authentication calculation module calculates the session key
Figure BDA0002987889180000131
In TEAAnd LEOAAfter the mutual authentication is finished, the two parties encrypt the session information by using a symmetric encryption algorithm (such as AES, DES and the like), K1I.e. the key used in the symmetric encryption algorithm.
4.3LEOAThe authentication computing module receives the message TAWill TAIs sent to LEOAThe verification module of (1).
4.4LEOAThe verification module of (2) receives TATo ground terminal TEAThe authentication is carried out by the following method:
4.4.1LEOAthe verification module of (1) checks TATime stamp tt onAAnd LEOAIs at a third time threshold T3(T3According to the systemActual condition set, T3Not more than the time of transmission of the message from the ground terminal to the satellite, generally set to 1-10 seconds), if T ≦ T3Turning to step 4.4.2; if t is>T3Then LEOARecognizing the issue of TATE ofAIs illegal, LEOARejection of TEAAccess to space-based network, stop and TEAGo to step 4.2.5.
4.4.2LEOAVerification module pair TAσ (m) of (1)A) Performing verification, if the verification is passed, LEOATE can be determinedAIs legal and gets the corresponding plaintext mATurning to step 4.4.3; if the verification fails, LEOARecognizing the issue of TATE ofAIs illegal, LEOARejection of TEAAccess to space-based network, stop and TEAStep 4.2.5; the verification algorithm is the same as sigma (m) in step 4.2.3l) The verification algorithm of (1) is specifically as follows:
4.4.2.1LEOAthe verification module calculates the hash intermediate value h of the ground terminal signature message in turnA=H2(IDA||RA||yA) The intermediate value c of the private key hash of the ground terminalA=H1(IDA||RA) Ground terminal verifying message signature intermediate quantity
Figure BDA0002987889180000132
And the ground terminal verifies the back part of the message plaintext
Figure BDA0002987889180000133
(
Figure BDA0002987889180000134
Is m'ARightmost k of2A binary sequence code of bit 01 is set,
Figure BDA0002987889180000135
is m'ALeftmost k1Bit 01 binary sequence code).
4.4.2.2 if
Figure BDA0002987889180000141
The verification is passed, go to step 4.4.3, otherwise the verification fails, LEOARecognizing the issue of TATE ofAIs illegal, LEOARejection of TEAAccess to space-based network, stop and TEAStep 4.2.5;
4.4.3LEOAthe verification module of (2) determines the TEAIs legitimate, LEOAFrom the verification module of TAExtract mA1M isA1And mA2The two are spliced to obtain a ground terminal verification message mAThen LEOATo the LEOAThe authentication computation module of (1) sends a confirmation instruction.
4.4.4LEOAThe authentication calculation module adopts an ECDH key exchange algorithm to calculate a session key
Figure BDA0002987889180000142
And the negotiation of the session key is completed by using an ECDH algorithm in the authentication process. The algorithm is based on a discrete logarithm problem on an elliptic curve. At this stage, the discrete logarithm problem on elliptic curves is considered to be difficult to solve, and therefore the key exchange algorithm can be considered to be secure. The correctness of the above procedure is demonstrated as follows:
K1=H1(IDA||IDLEO||kt*ml||ttLEO||ttA)
=H1(IDA||IDLEO||kt*klP||ttLEO||ttA)
=H1(IDA||IDLEO||kl*ktP||ttLEO||ttA)
=H1(IDA||IDLEO||kl*mt||ttLEO||ttA)
=K2
fifthly, after completing the mutual authentication, LEOAAnd TEANormal communication, LEOAPredicting LEO at the end of serviceAAnd when the user is about to leave the current area, the step six is carried out. LEOAPredicting LEO at the end of serviceAAnd turning to the fifth step without leaving the current area.
Sixthly, the currently leaving overhead satellite LEOAGround terminal TEANext satellite LEO over the topBThe authentication is carried out by switching among planets by LEOAGenerates an authentication security parameter ksWill k issIs sent to TEASwitching authentication module of (2) to switch the TEAID ofAAnd ksIs sent to LEOBSwitch authentication module (assuming LEO is present at this time)AAnd TEA、LEOBThe two-way authentication is completed, and as long as the two-way authentication is passed, a secure channel exists between the two communication parties); then TEAThe switching authentication module generates a terminal rapid authentication message (marked as TF)A) Is sent to LEOBOf the switching authentication module, LEOBThe handover authentication module of (1) receives the TFAThereafter, the TE is verifiedAAfter the verification is passed, LEOBThe switching authentication module generates a satellite fast authentication message (marked as LF)B) And will LFBIs sent to TEAAfter the verification is passed, the switching authentication stage is ended, and TEAAnd LEOBAnd (4) normal communication. The method comprises the following specific steps:
6.1LEOAfrom a positive integer set N*Randomly selecting an integer as an authentication security parameter (denoted as k)s,ks∈N*) Will k issIs sent to TEASwitching authentication module of (2) to switch the TEAID ofAAnd authenticating a security parameter ksIs sent to LEOBThe handover authentication module of (1). TEAAnd LEOBAfter receiving the message, the switching authentication module stores the relevant parameters locally.
6.2TEAThe switching authentication module generates a terminal rapid authentication message TFAThe method comprises the following steps:
6.2.1TEAswitch authentication module of
Figure BDA0002987889180000151
Randomly selecting an integer as a terminal switching authentication parameter (marked as k)t2
Figure BDA0002987889180000152
) Computing terminal switching authentication message plaintext mt2,mt2=kt2P。
6.2.2TEAThe switching authentication module generates a terminal rapid authentication message TFA,TFA=IDA||mt2||ttA′||H1(ks||mt2)(TFAIs composed of an IDA、mt2、ttA、H1(ks||mt2) 01 binary sequence code tt formed by splicing four 01 binary sequence codes in sequenceAIs' is TFATime stamp of (2) indicating TEAThe current time; h1(ks||mt2) Means that k iss,mt2Spliced 01 binary sequence code as Hash function H1The calculated 01 binary sequence) and converting the TFAIs sent to LEOBThe handover authentication module of (1).
6.3LEOBIs switched to TEAThe method for authenticating and calculating the session key comprises the following steps:
6.3.1LEOBfrom TE to the handover authentication moduleAThe handover authentication module of (1) receives the TFAAfter that, TF is checkedATime stamp tt onA' and LEOBIs at a fourth time threshold T4(T4According to the actual condition of the system to set T4Not more than the time of transmission of the message from the ground terminal to the satellite, generally set to 1-10 seconds), if T ≦ T4Turning to step 6.3.2; if t is>T4Then LEOBIdentify TEAIs illegal, refused to be TEAAnd (6) providing the service, and turning to step 6.2.
6.3.2LEOBAccording to TFAIdentity ID ofARetrieving authentication security parameter k corresponding theretosAnd use ksAnd mt2Computing satellite handover hash authentication values
Figure BDA0002987889180000161
If it is not
Figure BDA0002987889180000162
And slave message TFALifting the extracted H1(ks||mt2) If the values are equal, the authentication is passed, and the step 6.3.3 is carried out; otherwise LEOBIdentify TEAIs illegal, refused to be TEAAnd (6) providing the service, and turning to step 6.2.
6.3.3LEOBSwitching authentication module generates satellite fast authentication message LFBAnd calculating a session key, the method comprising:
6.3.3.1LEOBswitch authentication module of
Figure BDA0002987889180000163
Randomly selecting an integer as a satellite switching authentication parameter (marked as k)l2
Figure BDA0002987889180000164
) And calculating the satellite switching authentication message plaintext ml2,ml2=kl2P。
6.3.3.2LEOBSwitching authentication module generates satellite fast authentication message LFB,LFB=ml2||ttLEO′||H1(ks||ml2)(LFBIs formed by ml2、ttLEO′、H1(ks||ml2) A 01 binary sequence code tt formed by sequentially splicing three 01 binary sequence codesLEOIs LFBTime stamp of (3), representing LEOBThe current time; h1(ks||ml2) Means that k iss,ml2Spliced 01 binary sequence code as Hash function H1Is calculated to obtain01 binary sequence) and apply the LFBIs sent to TEAThe handover authentication module of (1).
6.3.3.3LEOBThe switching authentication module calculates the session key
Figure BDA0002987889180000165
The meaning of the formula is ttA,ttLEO′,kl2×mt2,ksSplicing four 01 binary sequence codes in sequence to form a 01 binary sequence code, and taking the 01 binary sequence code as a hash function H1Is input. At the LEOBAnd TEAAfter the switching authentication is finished, the two are like LEOAAnd TEAThe communication uses a symmetric encryption algorithm (such as AES, DES and the like) for secure communication,
Figure BDA0002987889180000166
is the session key used in the symmetric encryption algorithm.
6.4TEATo LEOBThe method for authenticating and calculating the session key comprises the following steps:
6.4.1TEAswitch authentication module slave LEOBReceiving LF by the switching authentication moduleBChecking LFBTime stamp tt onLEO' and with TEAIs at a fifth time threshold T5(T5According to the actual condition of the system to set T5Not more than the time of transmission of the message from the ground terminal to the satellite, generally set to 1-10 seconds), if T ≦ T5Turning to step 6.4.2; if t is>T5Then TEAIdentify LEOBIs illegal, TEAAnd refusing to access the space-based network, and turning to step 6.3.3.
6.4.2TEAAccording to the authentication security parameter k stored locallysAnd message LFBM of (a)l2Calculating the Hash authentication value h of the ground terminalA′=H1(ks||ml2) If h is calculatedAAND message LFBExtracted H1(ks||ml2) If the values are equal, the authentication is passed, and the step 6.4.3 is carried out; otherwise TEAIdentify LEOBIs illegal, TEADenying access to space-based network, stopping with LEOBGo to step 6.3.3.
6.4.3TEAComputing a session key KA=H1(ttA||ttLEO||kt2×ml2||ks). At the LEOBAnd TEAAfter the switching authentication is finished, the two are like LEOAAnd TEAThe communication uses a symmetric encryption algorithm (such as AES, DES and the like) for safe communication, KAIs the session key used in the symmetric encryption algorithm.
And step seven, finishing.
Compared with the prior art, the invention can achieve the following technical effects:
1. in the fourth step of the invention, the ground terminal and the satellite both adopt a signature method with a message recovery function to sign the original message (plaintext) and generate respective authentication messages, a sender does not need to send the complete original message, a receiver can recover corresponding information by using the signature and the public key, and compared with a general signature method (the sender generates a signature for a specific message by using a private key of the sender and then sends the original message together with the signature, a receiver verifies the validity of the signature according to the public key of the sender and the original message after receiving the message, and the original message needs to be sent together with the corresponding signature in the process), the size of the message transmitted by the method is smaller.
2. In the fourth step of the invention, an identity-based cryptography method is introduced in the authentication process of the ground terminal and the satellite, and both communication parties can deduce the corresponding public key according to the ID provided by the other party, thereby avoiding transmitting the own digital certificate in the communication process and effectively reducing the size of the transmitted message.
3. In the fourth step of the invention, the ground terminal and the satellite use the ECDH algorithm to complete the negotiation of the session key while carrying out authentication, and compared with the method for carrying out the negotiation of the session key after completing the authentication, the method can reduce the interaction between the satellite and the ground once.
4. In the sixth step of the invention, the satellite and the ground terminal use the message verification code technology to carry out switching authentication, thereby realizing fast switching authentication and session key agreement while ensuring the security.
Drawings
FIG. 1 is a general flow diagram of the present invention;
FIG. 2 is a logic structure diagram of the identity-based authentication system facing the sky-based network in the first step of the present invention;
Detailed Description
FIG. 1 is a general flow diagram of the present invention; the invention comprises the following steps:
firstly, an identity-based authentication system facing a space-based network is constructed. As shown in fig. 2, the identity-based authentication system for the space-based network is composed of three types of network entities, namely, a ground terminal (denoted as TE), a key generation center (denoted as KGC), and a low-earth satellite (denoted as LEO). The KGC is connected to a plurality of TEs and LEOs via wireless links.
Before mutual Authentication between TE and LEO, KGC calculates a system main key x and public parameter params by using an initialization parameter generation algorithm in an identity-based signature scheme with a message recovery function (see Shim K-A. foundation: a Practical Wireless Sensor network Multi-User Broadcast Authentication scheme [ J ]. IEEE Information Forensics and secure transaction 2017, PP:1-1. English literature index is Shim K-A.BASIS: A Practical Multi-User Broadcast Authentication scheme [ J ]. IEEE transaction scheme Wireless Sensor Networks [ J ]. IEEE Transactions on Information dynamics and security 2017, PP: 1-1.); KGC receives identity identification, a request for applying public parameters and a request for applying a private key from TE and LEO, KGC uses a private key generation algorithm in an identity-based signature scheme with a message recovery function provided by Kyung-Ah Shim, calculates the private keys of TE and LEO by using public parameters params and a master key x, distributes satellite private keys and public parameters to satellites in a safe environment (for example, two communication parties establish safe session connection by adopting a secure socket protocol), and distributes private keys and public parameters of ground terminals to ground terminals.
TE and LEO are connected with each other and connected with KGC, and before communication, all register with KGC and submit to KGCTE or LEO selected identification, request for public parameters, request for current over-the-top satellite (let be LEO)A) After receiving the satellite's private key from the KGC, the LEOAGenerating satellite authentication message (denoted as L)A) Sending to the current ground terminal (order is TE)A),TEATo LAAfter the authentication is passed, a ground terminal authentication message (marked as T) is generatedA) Is sent to LEOA。LEOAFor TAAnd performing authentication to complete mutual authentication of the satellite and the ground terminal. Due to the high speed of satellite motion around the earth over time. Each satellite only has a few minutes of providing service for ground terminals in a specific area, and the LEO of the current over-the-top satelliteAWhen leaving, it will switch authentication security parameter k over the secure channels(LEOAAn integer k selected randomlys∈N*,N*Is a positive integer set) to the current ground terminal TEAWill k issAnd TEAID ofASent to the next over-the-top satellite (noted LEO)B),TEAGenerating terminal rapid authentication message (marked as TF)A) Is sent to LEOB,LEOBFor TFACarrying out authentication, and generating a satellite rapid authentication message (marked as LF) after the authentication is passedA) Is sent to TEA,TEAFor LFAAnd performing authentication to finish the rapid switching authentication process.
The KGC is provided with an initialization calculation module and a private key calculation module, and the ground terminal and the satellite are provided with a private key and public parameter management module, an authentication calculation module, a verification module and a switching authentication module.
The initialization calculation module on the KGC generates a public parameter params and a system master key x, and sends the params and x to the private key calculation module of the KGC. The private key calculation module is connected with the private key and public parameter management module of the ground terminal and the satellite. The private key calculation module receives the identity of the ground terminal, a request for applying for the public parameters and a request for applying the private key from the private key and public parameter management module of the ground terminal, calculates the private key of the ground terminal according to the identity of the ground terminal and sends the private key and the public parameters to the private key and public parameter management module of the ground terminal. The private key calculation module receives the identity identification of the satellite, the request for applying the public parameter and the request for applying the private key from the private key and public parameter management module of the satellite, calculates the private key of the satellite according to the identity identification of the satellite and sends the private key and the public parameter to the private key and public parameter management module of the satellite.
The private key and public parameter management module is connected with the private key calculation module and the authentication calculation module (belonging to the same network entity with the private key and public parameter management module) of the KGC, and is responsible for receiving the private key and the public parameter sent by the private key calculation module and sending the private key and the public parameter to the authentication calculation module.
The authentication calculation module is connected with the private key and public parameter management module (belonging to the same network entity with the authentication calculation module), the verification module (belonging to the same network entity with the authentication calculation module), and the authentication calculation module of another network entity (such as the authentication calculation module of a satellite (a class of network entity) is connected with the authentication calculation module of a ground terminal (another class of network entity), but the authentication calculation module of the satellite A (a class of network entity) is connected with the authentication calculation module of another satellite B (the same class of network entity)), the authentication calculation module receives the public parameters and the private key from the private key and public parameter management module, generates an authentication message by using the private key and the public parameters, and sends the authentication message to the authentication calculation module of the other network entity; and after receiving the authentication message sent by the authentication calculation module of another network entity, the authentication calculation module sends the received authentication message to the verification module.
The verification module is connected with the authentication calculation module (belongs to the same network entity with the verification module), the verification module receives the authentication message from the authentication calculation module and then verifies the authentication message, a session key is calculated after the authentication is passed, the session key and any symmetric encryption algorithm (such as AES, DES and the like) are used for encrypting and decrypting the message in the subsequent communication process with another network entity (for example, the satellite calculates the session key and then encrypts the message by using the session key of the satellite and then sends the message to the ground terminal, the ground terminal decrypts the received message by using the session key of the ground terminal after receiving the message, the ground terminal also encrypts the message by using the session key of the ground terminal before sending the message and then sends the message to the satellite, and the satellite decrypts the message by using the session key of the satellite) so as to complete the safe communication.
Current ground terminal TEACurrent overhead satellite LEOANext satellite LEO over the topBThe switching authentication modules of the three are connected with each other. The overhead satellites of any ground terminal at any time are fixed throughout the system (the satellites move around the earth at high speed over time, the time that each satellite services a ground terminal in a particular area is fixed for only a few minutes, and therefore the overhead satellites of a ground terminal are fixed for any period of time throughout the system.) at the LEOAAt the end of the service, the LEOADetermine imminent handover, LEOATo the TEAThe switching authentication module sends a switching authentication security parameter ksTo LEOBThe switching authentication module of (1) sends the TEAID ofAAnd handover authentication security parameter ks. Then TEAThe switching authentication module generates a terminal rapid authentication message TFAIs sent to LEOBOf the switching authentication module, LEOBIs switched to TFAPerforming authentication, and after the authentication is passed, LEOBSwitching authentication module generates satellite fast authentication message LFAIs sent to TEAOf the handover authentication module, TEAHandover authentication module pair LFAAnd verifying to finish the fast switching authentication.
Secondly, an initialization calculation module on the KGC calculates a main key and public parameters of the system by using an initialization parameter generation algorithm in an identity-based signature scheme with a message recovery function (see Shim K-A. foundation: a Practical Wireless Sensor network Multi-User Broadcast Authentication scheme [ J ]. IEEE Information Forensics and secure transaction 2017, PP:1-1. English literature index is Shim K-A.BASIS: A Practical Multi-User Broadcast Authentication scheme [ J ]. IEEE transaction on Information Forensics and security 2017, PP: 1-1.) provided by Kyung-Ah Shim, and the specific flow is as follows:
2.1 initializing calculation Module selecting finite field FqAfter determining E, the initialization calculation module randomly selects a prime number P (P can divide the number of points on E) and a point P (the order of the point P is P) according to the current Secp256k1 standard, the number of points on the elliptic curve is fixed and is not a random variable, and the number of points on E is not a prime number in general.
2.2 from the prime integer space (denoted by
Figure BDA0002987889180000201
) Select a number x
Figure BDA0002987889180000202
As the master key of the identity-based authentication system facing the space-based network, the global public key P is calculatedpub=xP。
2.3 selection of four Hash Functions H1,H2,F1,F2Wherein H1,H2:{0,1}*→ZP(H1,H2The function of (1) is to map a 01 binary sequence code with an arbitrary length into a 01 binary sequence code with a length of a, and a belongs to Zp,ZpIs a prime integer space containing p),
Figure BDA0002987889180000211
(F1the function of the method is to map 01 binary sequence codes with arbitrary length into a length k2The 01 binary sequence code of),
Figure BDA0002987889180000212
(F2has the effect of reducing the length to k1Mapping 01 binary sequence code to length k201 binary sequence code), k1And k2Is two positive integers and satisfies p ═ k1+k2
2.4 mixing Fq,E,p,P,Ppub,H1,H2,F1,F2,k1,k2Identity-based authentication system combined into space-based networkThe public parameter params, params ═<Fq,E,p,P,Ppub,H1,H2,F1,F2,k1,k2>Params is published.
And thirdly, the private key calculation module on the KGC calculates a corresponding private key according to the identity submitted by the ground terminal and the satellite, and distributes the private key and the public parameter params to the private key and public parameter management module of the ground terminal and the satellite. The method comprises the following steps:
3.1 ground terminal TEAThe private key and public parameter management module submits an identity ID to a private key calculation module of the KGCAA request for applying the public parameter params and a request for applying the private key.
3.2 private Key computation Module from ground terminal TEAThe private key and public parameter management module receives the IDAAnd request for public parameter params, request for private key, calculation and IDACorresponding private key skA(ii) a The method for calculating the private key adopts a private key generation algorithm in an identity-based signature scheme with a message recovery function, which is provided by Kyung-Ah Shim, and comprises the following steps:
3.2.1 private Key computation Module from
Figure BDA0002987889180000213
Randomly selecting any number from the middle random selection list as a ground terminal registration random number, and recording the random number as rA
Figure BDA0002987889180000214
3.2.2 private Key computation Module compute private Key skA,skA=(RA,vA),RA=rAP,vA=rA+cAxmod p, wherein cA=H1(IDA,RA),RAIs the front part of the private key of the ground terminal, cAIs a ground terminal private key hash intermediate value, vAIs the back part of the private key of the ground terminal, and x is the system master key.
3.3 private Key computation Module will skAAnd params to TEAThe private key and public parameter management module.
3.4TEAThe private key and public parameter management module will skAAnd params are stored locally.
3.5 satellite LEOAThe private key and public parameter management module submits the identity selected by the private key and public parameter management module to the private key calculation module of the KGC
Figure BDA0002987889180000221
The application discloses a request of parameter params and a request of applying a private key.
3.6 private Key computation Module Slave satellite LEOAPrivate key and public parameter management module receiving
Figure BDA0002987889180000222
And request for public parameter params, request for private key, calculation and
Figure BDA0002987889180000223
corresponding private key
Figure BDA0002987889180000224
Figure BDA0002987889180000225
The calculation method of the private key is the same as that of 3.2, and a private key generation algorithm in an identity-based signature scheme with a message recovery function proposed by Kyung-Ah Shim is also adopted, and the method comprises the following steps:
3.6.1 private Key computation Module from
Figure BDA0002987889180000226
Randomly selecting any number as satellite registration random number, and recording as
Figure BDA0002987889180000227
Figure BDA0002987889180000228
3.6.2 private Key computation Module computation
Figure BDA0002987889180000229
Corresponding private key
Figure BDA00029878891800002210
Figure BDA00029878891800002211
Figure BDA00029878891800002212
Wherein
Figure BDA00029878891800002213
Figure BDA00029878891800002214
Is the front part of the satellite private key,
Figure BDA00029878891800002215
is the hash intermediate value of the satellite private key,
Figure BDA00029878891800002216
behind the satellite private key.
3.7 private Key computation Module
Figure BDA00029878891800002217
And params to LEOAThe private key and public parameter management module.
3.8LEOAThe private key and public parameter management module of
Figure BDA00029878891800002218
And params are stored locally.
Fourth, ground terminal TEAPerforming current satellite LEO over the top when accessing an identity-based authentication system facing a space-based network for the first timeAAnd TEAAnd computing the session key: TEAComplete the LEO pair firstAThe authentication of (1); then to ensure that the ground terminals accessing the space based network are authorized, the LEOAFor TEACarrying out authentication; most preferablyPost-base on LEO in authentication ProcessAAnd TEAReceived message, LEOAAnd TEAA corresponding session key is calculated. The specific process is as follows:
4.1LEOAthe authentication computing module generates a satellite authentication message LAAnd broadcasts L to the groundA(the efficiency of authentication is improved by using the broadcasting characteristic of the satellite, and the calculation expense of the satellite is reduced), the method comprises the following specific steps:
4.1.1LEOAauthentication computing module of
Figure BDA0002987889180000231
Randomly selecting an integer as the random number of the satellite authentication message (noted as
Figure BDA0002987889180000232
Figure BDA0002987889180000233
) And computes the plaintext of the satellite authentication message
Figure BDA0002987889180000234
Figure BDA0002987889180000235
Figure BDA0002987889180000236
Is a binary sequence code consisting of 0 and 1.
4.1.2LEOAUsing private key
Figure BDA0002987889180000237
Using signature algorithm (signature algorithm in identity-based signature scheme with message recovery function proposed by Kyung-Ah Shim) pair
Figure BDA0002987889180000238
Signing to generate LEOASatellite authentication message LAThe method comprises the following steps:
4.1.2.1LEOAauthentication calculation ofModular slave
Figure BDA0002987889180000239
Randomly selects an integer as a satellite signature random number (recorded as
Figure BDA00029878891800002310
Figure BDA00029878891800002311
)。
4.1.2.2LEOAAuthentication computing module of
Figure BDA00029878891800002312
Divided into two parts
Figure BDA00029878891800002313
And
Figure BDA00029878891800002314
wherein
Figure BDA00029878891800002315
Has a sequence code length of k2(i.e. the
Figure BDA00029878891800002316
Has a number of bits of k2)。
4.1.2.3LEOAThe authentication calculation module calculates the intermediate quantity (recorded as the signature intermediate quantity) of the satellite verification message
Figure BDA00029878891800002317
),
Figure BDA00029878891800002318
(| | is a binary operator, and 01 binary sequence codes of two elements participating in operation are spliced together in sequence;
Figure BDA00029878891800002319
the operator is a binary operator, and the 01 binary sequence codes of the two elements participating in the operation are subjected to exclusive OR operation;
Figure BDA00029878891800002320
higher priority than |); computing elliptic curve components (denoted as
Figure BDA00029878891800002321
),
Figure BDA00029878891800002322
(
Figure BDA00029878891800002323
Representing points on the elliptic curve E
Figure BDA00029878891800002338
X-axis coordinates of); computing the Hash intermediate value of the satellite signature message (note as
Figure BDA00029878891800002325
),
Figure BDA00029878891800002326
Compute satellite signature message trailer (note
Figure BDA00029878891800002327
)
Figure BDA00029878891800002328
Figure BDA00029878891800002329
Behind the satellite private key.
4.1.2.4 will
Figure BDA00029878891800002330
Generating a plaintext
Figure BDA00029878891800002331
Signed encrypted message of
Figure BDA00029878891800002332
Is that
Figure BDA00029878891800002333
Constituent quadruplets, i.e.
Figure BDA00029878891800002334
Wherein
Figure BDA00029878891800002335
Are all 01 binary sequence codes and are provided with a code,
Figure BDA00029878891800002336
is according to
Figure BDA00029878891800002337
Sequentially arranged 01 binary sequence codes.
4.1.2.5 will
Figure BDA0002987889180000241
Spliced into satellite authentication message LA(
Figure BDA0002987889180000242
Is LEOATime stamp of (3), record LEOAThe current time),
Figure BDA0002987889180000243
wherein
Figure BDA0002987889180000244
Are all 01 binary sequence codes, LAIs according to
Figure BDA0002987889180000245
Sequentially arranged 01 binary sequence codes.
4.1.3LEOAWill authenticate message LABroadcasting to ground while recording satellite broadcast LAAt time t1
4.1.4LEOAObtaining LEOACurrent time t2Let time interval T equal to T2-t1(ii) a Setting a first time threshold T1(T1According toThe system requirement is set, if the system is required to consume less communication resources, the broadcast period is as long as possible, but the shortest residence time, T, of the satellite above the node is not exceeded1Typically set at 200 seconds; if the system is required to operate efficiently, the broadcast period should be as short as possible, but the proportion of broadcast messages to communication resources should not be too high, T1Typically set at 50 seconds), if T<T1Turning to step 4.2, if T is more than or equal to T1Then 4.1.3 steps are taken.
4.2 ground terminal TEATo satellite LEOAAnd (3) performing authentication, which specifically comprises the following steps:
4.2.1TEAreceiving LEO by the authentication calculation moduleABroadcasted message LAIs prepared by mixing LAIs sent to TEAThe verification module of (1).
4.2.2TEAThe verification module receives LALook over LATime stamp on
Figure BDA0002987889180000246
And TEAIs at a second time threshold T2(T2According to the actual condition of the system to set T2Can not be longer than the time for transmitting the message from the satellite to the ground terminal, generally set to 1 second-10 seconds), if T ≦ T2Turning to step 4.2.3; if t is>T2Then TEARecognizes the issue LALEO (R) ofAIs illegal, TEARefusing to access the space-based network, and turning to the step 4.1;
4.2.3TEAthe verification module of (2) pairs the message LAIn (1)
Figure BDA0002987889180000247
Performing verification, if the verification passes, TEADetermine satellite LEOAIs legitimate and can obtain satellite authentication message plaintext
Figure BDA0002987889180000248
Turning to step 4.2.4; if the verification fails, TEARecognizes the issue LALEO (R) ofAIs illegal, TEARefusing to access the space-based network, and turning to the step 4.1; the verification algorithm adopts a verification algorithm in an identity-based signature scheme with a message recovery function, which is provided by Kyung-Ah Shim, and specifically comprises the following steps:
4.2.3.1TEAthe verification module calculates the hash intermediate values of the satellite signature messages in turn
Figure BDA0002987889180000251
Satellite private key hash intermediate value
Figure BDA0002987889180000252
Satellite authentication message signature intermediate volume
Figure BDA0002987889180000253
And satellite authentication message plaintext back
Figure BDA0002987889180000254
(
Figure BDA0002987889180000255
To represent
Figure BDA0002987889180000256
Rightmost k of2A binary sequence code of bit 01 is set,
Figure BDA0002987889180000257
to represent
Figure BDA0002987889180000258
Leftmost k1Bit 01 binary sequence code).
4.2.3.2 if
Figure BDA0002987889180000259
The verification passes (i.e. the 01 binary sequence codes at both ends of the equation are equal), go to step 4.2.4, otherwise the verification fails, TEARecognizes the issue LALEO (R) ofAIs illegal, TEAAnd refusing to access the space-based network, and turning to the step 4.1.
4.2.4 at this time, TEAIs verified by a verification moduleSatellite-fixed LEOAIs legitimate, TEAFrom the verification module LAExtracting to obtain
Figure BDA00029878891800002510
Will be provided with
Figure BDA00029878891800002511
And 4.2.3.1 calculated in step
Figure BDA00029878891800002512
Splicing to obtain satellite verification message
Figure BDA00029878891800002513
And to TEAThe authentication computation module of (1) sends a confirmation instruction.
4.2.5TEAThe authentication computing module generates a ground terminal authentication message TAAnd generating TAMeanwhile, ECDH (The elliptic curve is translated into Diffie-Hellman key exchange algorithm on elliptic curve, Diffie and Hellman are names of people, which is specifically referred to Haakegaard R, Lang J]The method comprises the following steps of calculating a session key by using an Online at https:// koclab. cs. ucsb. edu/teaching/ecc/project/2015 project/Haakegaard + Lang. pdf.2015.) key exchange algorithm:
4.2.5.1TEAauthentication computing module of
Figure BDA00029878891800002514
Randomly selecting an integer as a random number (marked as k) of the ground terminal verification messageA
Figure BDA00029878891800002515
) And calculating the plaintext m of the ground terminal verification messageA,mA=kAP(mAIs a binary sequence code composed of 0 and 1, in the elliptic curve encryption theory, a plaintext message is generally encoded to a certain point on an elliptic curve, and the point and the plaintext message are in a one-to-one correspondence relationship).
4.2.5.2TEAThe authentication calculation module uses the private key skAUsing signature algorithm to pair mASigning is carried out to generate a pair of plaintext mASigned encrypted message sigma (m)A) The method comprises the following steps:
4.2.5.2.1TEAauthentication computing module of
Figure BDA0002987889180000261
Randomly selecting an integer as a ground terminal signature random number (denoted as t)A
Figure BDA0002987889180000262
)。
4.2.5.2.2TEAM is calculated by the authentication calculation moduleADivided into two parts mA1And mA2Wherein m isA2Has a sequence code length of k2(i.e., m)A2Has a number of bits of k2)。
4.2.5.2.3TEAThe authentication calculation module calculates a ground terminal verification message signature intermediate quantity (denoted as m'A),
Figure BDA0002987889180000263
Calculating elliptic curve component (marked as y) of signature message of ground terminalA),
Figure BDA0002987889180000264
((tAP)XRepresenting a point t on the elliptic curve EACoordinates on the X-axis of P); calculating the hash intermediate value (marked as h) of the signature message of the ground terminalA),hA=H2(IDA||RA||yA),hA=H2(IDA||RA||yA) Indicates the IDA,RA,yAConcatenating into a binary sequence, and then using the binary sequence as function H2Calculating the hash value of the binary sequence; computing ground terminal signature message tail element (noted as z)A)zA=tA+hAvA mod p,vAIs the back part of the private key of the ground terminal.
4.2.5.2.4 mixing mA1,RA,yA,zAGenerating a plaintext mASigned encrypted message sigma (m)A),σ(mA) Is mA1,RA,yA,zAConstituent quadruples, σ (m)A)=(mA1||RA||yA||zA) (ii) a Wherein m isA1,RA,yA,zAAre all 01 binary sequence codes, σ (m)A) Is according to mA1,RA,yA,zASequentially arranged 01 binary sequence codes.
4.2.5.3TEAAuthentication computation module of (2) select TEATime stamp ttAWill IDA、ttA、σ(mA) Spliced ground terminal authentication message TA,TA=IDA||ttA||σ(mA) (ii) a Wherein the IDA、ttA、σ(mA) Are all 01 binary sequence codes, TAIs in accordance with IDA、ttA、σ(mA) Sequentially arranged 01 binary sequence codes. TEAThe authentication calculation module of (A) is to beAIs sent to LEOAThe authentication calculation module of (1).
4.2.5.4TEAThe authentication calculation module calculates the session key
Figure BDA0002987889180000265
In TEAAnd LEOAAfter the mutual authentication is finished, the two parties encrypt the session information by using a symmetric encryption algorithm (such as AES, DES and the like), K1I.e. the key used in the symmetric encryption algorithm.
4.3LEOAThe authentication computing module receives the message TAWill TAIs sent to LEOAThe verification module of (1).
4.4LEOAThe verification module of (2) receives TATo ground terminal TEAThe authentication is carried out by the following method:
4.4.1LEOAthe verification module of (1) checks TATime stamp tt onAAnd LEOAIs at a third time thresholdT3(T3According to the actual condition of the system to set T3Not more than the time of transmission of the message from the ground terminal to the satellite, generally set to 1-10 seconds), if T ≦ T3Turning to step 4.4.2; if t is>T3Then LEOARecognizing the issue of TATE ofAIs illegal, LEOARejection of TEAAccess to space-based network, stop and TEAGo to step 4.2.5.
4.4.2LEOAVerification module pair TAσ (m) of (1)A) Performing verification, if the verification is passed, LEOATE can be determinedAIs legal and gets the corresponding plaintext mATurning to step 4.4.3; if the verification fails, LEOARecognizing the issue of TATE ofAIs illegal, LEOARejection of TEAAccess to space-based network, stop and TEAStep 4.2.5; the verification algorithm is the same as sigma (m) in step 4.2.3l) The verification algorithm of (1) is specifically as follows:
4.4.2.1LEOAthe verification module calculates the hash intermediate value h of the ground terminal signature message in turnA=H2(IDA||RA||yA) The intermediate value c of the private key hash of the ground terminalA=H1(IDA||RA) Ground terminal verifying message signature intermediate quantity
Figure BDA0002987889180000271
And the ground terminal verifies the back part of the message plaintext
Figure BDA0002987889180000272
(
Figure BDA0002987889180000273
Is m'ARightmost k of2A binary sequence code of bit 01 is set,
Figure BDA0002987889180000274
is m'ALeftmost k1Bit 01 binary sequence code).
4.4.2.2 if
Figure BDA0002987889180000275
The verification is passed, go to step 4.4.3, otherwise the verification fails, LEOARecognizing the issue of TATE ofAIs illegal, LEOARejection of TEAAccess to space-based network, stop and TEAStep 4.2.5;
4.4.3LEOAthe verification module of (2) determines the TEAIs legitimate, LEOAFrom the verification module of TAExtract mA1M isA1And mA2The two are spliced to obtain a ground terminal verification message mAThen LEOATo the LEOAThe authentication computation module of (1) sends a confirmation instruction.
4.4.4LEOAThe authentication calculation module adopts an ECDH key exchange algorithm to calculate a session key
Figure BDA0002987889180000281
And the negotiation of the session key is completed by using an ECDH algorithm in the authentication process. The algorithm is based on a discrete logarithm problem on an elliptic curve. At this stage, the discrete logarithm problem on elliptic curves is considered to be difficult to solve, and therefore the key exchange algorithm can be considered to be secure. The correctness of the above procedure is demonstrated as follows:
K1=H1(IDA||IDLEO||kt*ml||ttLEO||ttA)
=H1(IDA||IDLEO||kt*klP||ttLEO||ttA)
=H1(IDA||IDLEO||kl*ktP||ttLEO||ttA)
=H1(IDA||IDLEO||kl*mt||ttLEO||ttA)
=K2
the fifth step is finishedAfter becoming authenticated bidirectionally, LEOAAnd TEANormal communication, LEOAPredicting LEO at the end of serviceAAnd when the user is about to leave the current area, the step six is carried out. LEOAPredicting LEO at the end of serviceAAnd turning to the fifth step without leaving the current area.
Sixthly, the currently leaving overhead satellite LEOAGround terminal TEANext satellite LEO over the topBThe authentication is carried out by switching among planets by LEOAGenerates an authentication security parameter ksWill k issIs sent to TEASwitching authentication module of (2) to switch the TEAID ofAAnd ksIs sent to LEOBSwitch authentication module (assuming LEO is present at this time)AAnd TEA、LEOBThe two-way authentication is completed, and as long as the two-way authentication is passed, a secure channel exists between the two communication parties); then TEAThe switching authentication module generates a terminal rapid authentication message (marked as TF)A) Is sent to LEOBOf the switching authentication module, LEOBThe handover authentication module of (1) receives the TFAThereafter, the TE is verifiedAAfter the verification is passed, LEOBThe switching authentication module generates a satellite fast authentication message (marked as LF)B) And will LFBIs sent to TEAAfter the verification is passed, the switching authentication stage is ended, and TEAAnd LEOBAnd (4) normal communication. The method comprises the following specific steps:
6.1LEOAfrom a positive integer set N*Randomly selecting an integer as an authentication security parameter (denoted as k)s,ks∈N*) Will k issIs sent to TEASwitching authentication module of (2) to switch the TEAID ofAAnd authenticating a security parameter ksIs sent to LEOBThe handover authentication module of (1). TEAAnd LEOBAfter receiving the message, the switching authentication module stores the relevant parameters locally.
6.2TEAThe switching authentication module generates a terminal rapid authentication message TFAThe method comprises the following steps:
6.2.1TEAswitch authentication module of
Figure BDA0002987889180000291
Randomly selecting an integer as a terminal switching authentication parameter (marked as k)t2
Figure BDA0002987889180000292
) Computing terminal switching authentication message plaintext mt2,mt2=kt2P。
6.2.2TEAThe switching authentication module generates a terminal rapid authentication message TFA,TFA=IDA||mt2||ttA′||H1(ks||mt2)(TFAIs composed of an IDA、mt2、ttA、H1(ks||mt2) 01 binary sequence code tt formed by splicing four 01 binary sequence codes in sequenceAIs' is TFATime stamp of (2) indicating TEAThe current time; h1(ks||mt2) Means that k iss,mt2Spliced 01 binary sequence code as Hash function H1The calculated 01 binary sequence) and converting the TFAIs sent to LEOBThe handover authentication module of (1).
6.3LEOBIs switched to TEAThe method for authenticating and calculating the session key comprises the following steps:
6.3.1LEOBfrom TE to the handover authentication moduleAThe handover authentication module of (1) receives the TFAAfter that, TF is checkedATime stamp tt onA' and LEOBIs at a fourth time threshold T4(T4According to the actual condition of the system to set T4Not more than the time of transmission of the message from the ground terminal to the satellite, generally set to 1-10 seconds), if T ≦ T4Turning to step 6.3.2; if t is>T4Then LEOBIdentify TEAIs illegal, refused to be TEAAnd (6) providing the service, and turning to step 6.2.
6.3.2LEOBAccording to TFAIdentity ID ofARetrieving authentication security parameter k corresponding theretosAnd use ksAnd mt2Computing satellite handover hash authentication values
Figure BDA0002987889180000293
If it is not
Figure BDA0002987889180000294
And slave message TFALifting the extracted H1(ks||mt2) If the values are equal, the authentication is passed, and the step 6.3.3 is carried out; otherwise LEOBIdentify TEAIs illegal, refused to be TEAAnd (6) providing the service, and turning to step 6.2.
6.3.3LEOBSwitching authentication module generates satellite fast authentication message LFBAnd calculating a session key, the method comprising:
6.3.3.1LEOBswitch authentication module of
Figure BDA0002987889180000295
Randomly selecting an integer as a satellite switching authentication parameter (marked as k)l2
Figure BDA0002987889180000301
) And calculating the satellite switching authentication message plaintext ml2,ml2=kl2P。
6.3.3.2LEOBSwitching authentication module generates satellite fast authentication message LFB,LFB=ml2||ttLEO′||H1(ks||ml2)(LFBIs formed by ml2、ttLEO′、H1(ks||ml2) A 01 binary sequence code tt formed by sequentially splicing three 01 binary sequence codesLEOIs LFBTime stamp of (3), representing LEOBThe current time; h1(ks||ml2) Means that k iss,ml2Spliced 01 binary sequence code as Hash function H1The calculated 01 binary sequence) and apply the LFBIs sent to TEAThe handover authentication module of (1).
6.3.3.3LEOBThe switching authentication module calculates the session key
Figure BDA0002987889180000302
The meaning of the formula is ttA,ttLEO′,kl2×mt2,ksSplicing four 01 binary sequence codes in sequence to form a 01 binary sequence code, and taking the 01 binary sequence code as a hash function H1Is input. At the LEOBAnd TEAAfter the switching authentication is finished, the two are like LEOAAnd TEAThe communication uses a symmetric encryption algorithm (such as AES, DES and the like) for secure communication,
Figure BDA0002987889180000303
is the session key used in the symmetric encryption algorithm.
6.4TEATo LEOBThe method for authenticating and calculating the session key comprises the following steps:
6.4.1TEAswitch authentication module slave LEOBReceiving LF by the switching authentication moduleBChecking LFBTime stamp tt onLEO' and with TEAIs at a fifth time threshold T5(T5According to the actual condition of the system to set T5Not more than the time of transmission of the message from the ground terminal to the satellite, generally set to 1-10 seconds), if T ≦ T5Turning to step 6.4.2; if t is>T5Then TEAIdentify LEOBIs illegal, TEAAnd refusing to access the space-based network, and turning to step 6.3.3.
6.4.2TEAAccording to the authentication security parameter k stored locallysAnd message LFBM of (a)l2Calculating the Hash authentication value h of the ground terminalA′=H1(ks||ml2) If h is calculatedAAND message LFBExtracted H1(ks||ml2) If the values are equal, the authentication is passed, and the step 6.4.3 is carried out; otherwise TEAIdentify LEOBIs illegal, TEADenying access to space-based network, stopping with LEOBGo to step 6.3.3.
6.4.3TEAComputing a session key KA=H1(ttA||ttLEO||kt2×ml2||ks). At the LEOBAnd TEAAfter the switching authentication is finished, the two are like LEOAAnd TEAThe communication uses a symmetric encryption algorithm (such as AES, DES and the like) for safe communication, KAIs the session key used in the symmetric encryption algorithm.
And step seven, finishing.

Claims (10)

1. An identity-based authentication method facing a space-based network is characterized by comprising the following steps:
firstly, constructing an identity-based authentication system facing a space-based network; the identity-based authentication system facing the space-based network consists of three network entities, namely a ground terminal TE, a key generation center KGC and a low earth orbit satellite LEO; the KGC is connected with a plurality of TEs and LEOs through wireless links;
before mutual authentication of TE and LEO, KGC calculates a system master key x and a public parameter params; KGC receives the identity, the request for applying the public parameters and the request for applying the private key from TE and LEO, the KGC calculates the private keys of the TE and LEO by using the public parameters params and the master key x, distributes the satellite private key and the public parameters to the satellite in a safe environment, and distributes the private key and the public parameters of the ground terminal to the ground terminal;
TE and LEO are connected with each other and connected with KGC, registration is carried out on KGC before communication, requests and applications of identity marks and application publishing parameters selected by TE or LEO are submitted to KGC, and the current satellite LEO passing through top is adoptedAAfter receiving the satellite's private key from the KGC, the LEOAGenerating satellite authentication message LASending to the current ground terminal TEA,TEATo LAAfter passing the authentication, generating a ground terminal identificationCertificate message TAIs sent to LEOA;LEOAFor TAPerforming authentication to complete mutual authentication of the satellite and the ground terminal; current over-the-top satellite LEOAAbout to leave, LEOAAuthenticating a handover authentication security parameter k over a secure channelsSending to the current ground terminal TEAWill k issAnd TEAID ofASend to the next over-the-top satellite LEOB,TEAGenerating a terminal fast authentication message TFAIs sent to LEOB,LEOBFor TFACarrying out authentication, and generating a satellite rapid authentication message LF after the authentication is passedAIs sent to TEA,TEAFor LFAPerforming authentication to complete a rapid switching authentication process;
the KGC is provided with an initialization calculation module and a private key calculation module, and the ground terminal and the satellite are provided with a private key and public parameter management module, an authentication calculation module, a verification module and a switching authentication module;
an initialization calculation module on the KGC generates a public parameter params and a system master key x, and sends the params and the x to a private key calculation module of the KGC; the private key calculation module is connected with the private key and public parameter management modules of the ground terminal and the satellite; the private key calculation module receives the identity of the ground terminal, a request for applying for public parameters and a request for applying for a private key from the private key and public parameter management module of the ground terminal, calculates the private key of the ground terminal according to the identity of the ground terminal and sends the private key and the public parameters to the private key and public parameter management module of the ground terminal; the private key calculation module receives the identity identification of the satellite, a request for applying the public parameter and a request for applying the private key from the private key and public parameter management module of the satellite, calculates the private key of the satellite according to the identity identification of the satellite and sends the private key and the public parameter to the private key and public parameter management module of the satellite;
the private key and public parameter management module is connected with the private key calculation module of the KGC and the authentication calculation module belonging to the same network entity as the private key and public parameter management module, and is responsible for receiving the private key and the public parameter sent by the private key calculation module and sending the private key and the public parameter to the authentication calculation module;
the authentication calculation module is connected with a private key and public parameter management module, a verification module and an authentication calculation module of another network entity, wherein the private key and public parameter management module and the authentication calculation module belong to the same network entity; after receiving the authentication message sent by the authentication calculation module of another network entity, the authentication calculation module sends the received authentication message to the verification module;
the verification module is connected with an authentication calculation module which belongs to the same network entity with the verification module, receives the authentication message from the authentication calculation module, verifies the authentication message, calculates a session key after the verification is passed, and then completes the safe communication between the satellite and the ground terminal with another network entity;
current ground terminal TEACurrent overhead satellite LEOANext satellite LEO over the topBThe switching authentication modules of the three modules are connected with each other; at the LEOAAt the end of the service, the LEOADetermine imminent handover, LEOATo the TEAThe switching authentication module sends a switching authentication security parameter ksTo LEOBThe switching authentication module of (1) sends the TEAID ofAAnd handover authentication security parameter ks(ii) a Then TEAThe switching authentication module generates a terminal rapid authentication message TFAIs sent to LEOBOf the switching authentication module, LEOBIs switched to TFAPerforming authentication, and after the authentication is passed, LEOBSwitching authentication module generates satellite fast authentication message LFAIs sent to TEAOf the handover authentication module, TEAHandover authentication module pair LFAVerifying to complete the fast switching authentication;
secondly, an initialization calculation module on the KGC calculates a system master key and public parameters by using an initialization parameter generation algorithm in an identity-based signature scheme with a message recovery function, and the specific process is as follows:
2.1 initializing calculation Module selecting finite field FqAfter the elliptic curve E is determined, initializing a calculation module to randomly select a prime number P and a point P, wherein the order of the point P is P, and the P requires that the number of points on the E can be divided completely;
2.2 removal of the prime integer space from p
Figure FDA0002987889170000021
One number x is selected from the group,
Figure FDA0002987889170000022
as the master key of the identity-based authentication system facing the space-based network, the global public key P is calculatedpub=xP;
2.3 selection of four Hash Functions H1,H2,F1,F2Wherein H1,H2:{0,1}*→ZP,F1:
Figure FDA0002987889170000031
F2:
Figure FDA0002987889170000032
H1,H2The function of (1) is to map a 01 binary sequence code with an arbitrary length into a 01 binary sequence code with a length of a, and a belongs to Zp,ZpIs a prime integer space containing p, F1The function of the method is to map 01 binary sequence codes with arbitrary length into a length k201 binary sequence code, F2Has the effect of reducing the length to k1Mapping 01 binary sequence code to length k201 binary sequence code, k1And k2Is two positive integers and satisfies p ═ k1+k2
2.4 mixing Fq,E,p,P,Ppub,H1,H2,F1,F2,k1,k2The identity-based authentication system public parameter params is combined to form the space-based network-oriented identity-based authentication system, and the params is ═ Fq,E,p,P,Ppub,H1,H2,F1,F2,k1,k2Para, published by params;
thirdly, a private key calculation module on the KGC calculates a corresponding private key according to the identity submitted by the ground terminal and the satellite, and distributes the private key and the public parameter params to a private key and public parameter management module of the ground terminal and the satellite; the method comprises the following steps:
3.1 ground terminal TEAThe private key and public parameter management module submits an identity ID to a private key calculation module of the KGCAA request for applying a public parameter params and a request for applying a private key;
3.2 private Key computation Module from ground terminal TEAThe private key and public parameter management module receives the IDAAnd request for public parameter params, request for private key, calculation and IDACorresponding private key skA
3.3 private Key computation Module will skAAnd params to TEAThe private key and public parameter management module;
3.4 TEAthe private key and public parameter management module will skAAnd params stored locally;
3.5 satellite LEOAThe private key and public parameter management module submits the identity selected by the private key and public parameter management module to the private key calculation module of the KGC
Figure FDA0002987889170000033
Applying for a request of a public parameter params and a request of a private key;
3.6 private Key computation Module Slave satellite LEOAPrivate key and public parameter management module receiving
Figure FDA0002987889170000034
And request for public parameter params, request for private key, calculation and
Figure FDA0002987889170000035
corresponding private key
Figure FDA0002987889170000036
3.7 private Key computation Module
Figure FDA0002987889170000037
And params to LEOAThe private key and public parameter management module;
3.8 LEOAthe private key and public parameter management module of
Figure FDA0002987889170000041
And params stored locally;
fourth, ground terminal TEAPerforming current satellite LEO over the top when accessing an identity-based authentication system facing a space-based network for the first timeAAnd TEAMutual authentication and session key agreement: TEAComplete the LEO pair firstAThe authentication of (1); then LEOAFor TEACarrying out authentication; finally according to LEO in the authentication processAAnd TEAReceived message, LEOAAnd TEACalculating a corresponding session key, wherein the specific process is as follows:
4.1 LEOAthe authentication computing module generates a satellite authentication message LAAnd broadcasts L to the groundAThe method comprises the following specific steps:
4.1.1 LEOAauthentication computing module of
Figure FDA0002987889170000042
Randomly selecting an integer as the random number of the satellite authentication message
Figure FDA0002987889170000043
And computes the plaintext of the satellite authentication message
Figure FDA0002987889170000044
Figure FDA0002987889170000045
Figure FDA0002987889170000046
Is a binary sequence code consisting of 0 and 1;
4.1.2 LEOAusing private key
Figure FDA0002987889170000047
Using signature algorithm pair
Figure FDA0002987889170000048
Signing to generate LEOASatellite authentication message LAThe method comprises the following steps:
4.1.2.1 LEOAauthentication computing module of
Figure FDA0002987889170000049
Randomly selecting an integer as a satellite signature random number
Figure FDA00029878891700000410
Figure FDA00029878891700000411
4.1.2.2 LEOAAuthentication computing module of
Figure FDA00029878891700000412
Divided into two parts
Figure FDA00029878891700000413
And
Figure FDA00029878891700000414
wherein
Figure FDA00029878891700000415
Has a sequence code length of k2I.e. by
Figure FDA00029878891700000416
Has a number of bits of k2
4.1.2.3 LEOAThe authentication calculation module calculates the intermediate quantity of the satellite verification message signature
Figure FDA00029878891700000417
Figure FDA00029878891700000418
P is a binary operator, and 01 binary sequence codes of two elements participating in operation are spliced in sequence;
Figure FDA00029878891700000419
the operator is a binary operator, and the 01 binary sequence codes of the two elements participating in the operation are subjected to exclusive OR operation;
Figure FDA00029878891700000420
is higher than P; computing elliptic curve components of satellite signature messages
Figure FDA00029878891700000421
Figure FDA00029878891700000422
Figure FDA00029878891700000423
Representing points on the elliptic curve E
Figure FDA00029878891700000424
X-axis coordinates of (a); computing a hash intermediate value for a satellite signature message
Figure FDA00029878891700000425
Figure FDA0002987889170000051
Computing satellite signature message tail elements
Figure FDA0002987889170000052
Figure FDA0002987889170000053
Figure FDA0002987889170000054
Is the back of the satellite private key;
4.1.2.4 will
Figure FDA0002987889170000055
Generating a plaintext
Figure FDA0002987889170000056
Signed encrypted message of
Figure FDA0002987889170000057
Is that
Figure FDA0002987889170000058
Constituent quadruplets, i.e.
Figure FDA0002987889170000059
Wherein
Figure FDA00029878891700000510
Are all 01 binary sequence codes and are provided with a code,
Figure FDA00029878891700000511
is according to
Figure FDA00029878891700000512
Sequentially arranged 01 binary sequence codes;
4.1.2.5 will
Figure FDA00029878891700000513
Spliced into satellite authentication message LA
Figure FDA00029878891700000514
Is LEOATime stamp of (3), record LEOAThe current time of day is the time of day,
Figure FDA00029878891700000515
wherein
Figure FDA00029878891700000516
Are all 01 binary sequence codes, LAIs according to
Figure FDA00029878891700000517
Sequentially arranged 01 binary sequence codes;
4.1.3 LEOAwill authenticate message LABroadcasting to ground while recording satellite broadcast LAAt time t1
4.1.4 LEOAObtaining LEOACurrent time t2Let time interval T equal to T2-t1If T is less than T1,T1Turning to 4.2 steps for the first time threshold value, if T is more than or equal to T14.1.3 steps are carried out;
4.2 ground terminal TEATo satellite LEOAAnd (3) performing authentication, which specifically comprises the following steps:
4.2.1 TEAreceiving LEO by the authentication calculation moduleABroadcasted message LAIs prepared by mixing LAIs sent to TEAThe verification module of (1);
4.2.2 TEAthe verification module receives LALook over LATime stamp on
Figure FDA00029878891700000518
And TEAIs at a second time threshold T2If T is less than or equal to T2Turning to step 4.2.3; if T > T2Then TEARecognizes the issue LALEO (R) ofAIs illegal, TEARefusing to access the space-based network, and turning to the step 4.1;
4.2.3 TEAthe verification module of (2) pairs the message LAIn (1)
Figure FDA00029878891700000519
Performing verification, if the verification passes, TEADetermine satellite LEOAIs legitimate and can obtain satellite authentication message plaintext
Figure FDA00029878891700000520
Turning to step 4.2.4; if the verification fails, TEARecognizes the issue LALEO (R) ofAIs illegal, TEARefusing to access the space-based network, and turning to the step 4.1;
4.2.4 TEAfrom the verification module LAExtracting to obtain
Figure FDA0002987889170000061
Will be provided with
Figure FDA0002987889170000062
And 4.2.3.1 calculated in step
Figure FDA0002987889170000063
Splicing to obtain satellite verification message
Figure FDA0002987889170000064
And to TEAThe authentication calculation module sends a confirmation instruction indicating that the satellite is legal;
4.2.5 TEAthe authentication computing module generates a ground terminal authentication message TAAnd generating TAMeanwhile, an ECDH key exchange algorithm is adopted to calculate the session key, and the specific steps are as follows:
4.2.5.1 TEAauthentication computing module of
Figure FDA0002987889170000065
Randomly selecting an integer as a random number k of the ground terminal verification messageA
Figure FDA0002987889170000066
And calculating the plaintext m of the ground terminal verification messageA,mA=kAP,mAIs a binary sequence code consisting of 0 and 1;
4.2.5.2 TEAthe authentication calculation module uses the private key skAUsing signature algorithm to pair mASigning is carried out to generate a pair of plaintext mASigned encrypted message sigma (m)A),σ(mA) Is mA1,RA,yA,zAConstituent quadruples, σ (m)A)=(mA1,RA,yA,zA);mA1Is mAA moiety of (A), RAIs the ground terminal private key skAFront part, yASigning the elliptic curve component of the message, z, for the ground terminalASigning the message tail element, m, for the ground terminalA1,RA,yA,zAAre all 01 binary sequence codes, σ (m)A) Is according to mA1,RA,yA,zASequentially arranged 01 binary sequence codes;
4.2.5.3 TEAauthentication computation module of (2) select TEATime stamp ttAWill IDA、ttA、σ(mA) Spliced ground terminal authentication message TA,TA=IDAPttAPσ(mA) (ii) a Wherein the IDA、ttA、σ(mA) Are all 01 binary sequence codes, TAIs in accordance with IDA、ttA、σ(mA) Sequentially arranged 01 binary sequence codes; TEAThe authentication calculation module of (A) is to beAIs sent to LEOAThe authentication calculation module of (1);
4.2.5.4 TEAthe authentication calculation module calculates the session key
Figure FDA0002987889170000067
In TEAAnd LEOAAfter the mutual authentication is finished, the two parties encrypt the session information by using a symmetric encryption algorithm, K1Namely a secret key used in a symmetric encryption algorithm;
4.3 LEOAthe authentication computing module receives the message TAWill TAIs sent to LEOAThe verification module of (1);
4.4 LEOAthe verification module of (2) receives TATo ground terminal TEAThe authentication is carried out by the following method:
4.4.1 LEOAthe verification module of (1) checks TATime stamp tt onAAnd LEOAIs at a third time threshold T3If T is less than or equal to T3Turning to step 4.4.2; if T > T3Then LEOARecognizing the issue of TATE ofAIs illegal, LEOARejection of TEAAccess to space-based network, stop and TEAStep 4.2.5;
4.4.2 LEOAverification module pair TAσ (m) of (1)A) Performing verification, if the verification is passed, LEOATE can be determinedAIs legal and gets the corresponding plaintext mATurning to step 4.4.3; if the verification fails, LEOARecognizing the issue of TATE ofAIs illegal, LEOARejection of TEAAccess to space-based network, stop and TEAStep 4.2.5;
4.4.3 LEOAfrom the verification module of TAExtract mA1M isA1And mA2The two are spliced to obtain a ground terminal verification message mAThen LEOATo the LEOAThe authentication calculation module sends a confirmation instruction;
4.4.4 LEOAthe authentication calculation module adopts an ECDH key exchange algorithm to calculate a session key
Figure FDA0002987889170000071
Fifth step, LEOAAnd TEANormal communication, LEOAPredicting LEO at the end of serviceATurning to the sixth step when the user leaves the current area; LEOAPredicting LEO at the end of serviceATurning to the fifth step without leaving the current area;
sixthly, the satellite LEO which is about to leave at presentAGround terminal TEANext satellite LEO over the topBThe authentication is carried out by switching among planets by LEOAGenerates an authentication security parameter ksWill k issIs sent to TEASwitching authentication module of (2) to switch the TEAID ofAAnd ksIs sent to LEOBRequesting the LEO at that timeAAnd TEA、LEOBBoth-way authentication is completed; then TEAThe switching authentication module generates a terminal rapid authentication message TFAIs sent to LEOBOf the switching authentication module, LEOBThe handover authentication module of (1) receives the TFAThereafter, the TE is verifiedAAfter the verification is passed, LEOBSwitching authentication module generates satellite fast authentication message LFBAnd will LFBIs sent to TEAAfter the verification is passed, the switching authentication stage is ended, and TEAAnd LEOBNormal communication; the method comprises the following specific steps:
6.1 LEOAfrom a positive integer set N*Randomly selecting an integer as the authentication security parameter ks,ks∈N*Will k issIs sent to TEASwitching authentication module of (2) to switch the TEAID ofAAnd authenticating a security parameter ksIs sent to LEOBThe switching authentication module of (1); TEAAnd LEOBAfter receiving the message, the switching authentication module stores the related parameters locally;
6.2 TEAthe switching authentication module generates a terminal rapid authentication message TFAThe method comprises the following steps:
6.2.1 TEAswitch authentication module of
Figure FDA0002987889170000081
Randomly selecting an integer as a terminal switching authentication parameter kt2
Figure FDA0002987889170000082
Computing terminal switching authentication message plaintext mt2,mt2=kt2P;
6.2.2 TEAThe switching authentication module generates a terminal rapid authentication message TFA,TFA=IDA Pmt2 PttA′PH1(ksPmt2),TFABy IDA、mt2、ttA、H1(ks Pmt2) 01 binary sequence code tt formed by splicing four 01 binary sequence codes in sequenceAIs' is TFATime stamp of (2) indicating TEAThe current time; h1(ks Pmt2) Means that k iss,mt2Spliced 01 binary sequence code as Hash function H1Is input, is operated on to obtain a 01 binary sequence, and is output to the TFAIs sent to LEOBThe switching authentication module of (1);
6.3 LEOBis switched to TEAThe method for authenticating and calculating the session key comprises the following steps:
6.3.1 LEOBfrom TE to the handover authentication moduleAThe handover authentication module of (1) receives the TFAAfter that, TF is checkedATime stamp tt onA' and LEOBIs at a fourth time threshold T4If T is less than or equal to T4Turning to step 6.3.2; if T > T4Then LEOBIdentify TEAIs illegal, refused to be TEAProviding service, and turning to step 6.2;
6.3.2 LEOBaccording to TFAIdentity ID ofARetrieving authentication security parameter k corresponding theretosAnd use ksAnd mt2Computing satellite handover hash authentication values
Figure FDA0002987889170000083
If it is not
Figure FDA0002987889170000084
And slave message TFALifting the extracted H1(ks Pmt2) If the values are equal, the authentication is passed, and the step 6.3.3 is carried out; otherwise LEOBIdentify TEAIs illegal, refused to be TEAProviding service, and turning to step 6.2;
6.3.3 LEOBswitching authentication module generates satellite fast authentication message LFBAnd calculates a session key
Figure FDA0002987889170000085
The method comprises the following steps:
6.3.3.1 LEOBswitch authentication module of
Figure FDA0002987889170000091
Randomly selecting an integer as a satellite switching authentication parameter kl2
Figure FDA0002987889170000092
And calculating the plaintext m of the satellite switching authentication messagel2,ml2=kl2P;
6.3.3.2LEOBSwitching authentication module generates satellite fast authentication message LFB,LFB=ml2 PttLEO′PH1(ksPml2),LFBIs formed by ml2、ttLEO′、H1(ks Pml2) A 01 binary sequence code tt formed by sequentially splicing three 01 binary sequence codesLEOIs LFBTime stamp of (3), representing LEOBThe current time; h1(ks Pml2) Means that k iss,ml2Spliced 01 binary sequence code as Hash function H1Is input, is calculated to obtain a 01 binary sequence, and is processed to obtain LFBIs sent to TEAThe switching authentication module of (1);
6.3.3.3 LEOBthe switching authentication module calculates the session key
Figure FDA0002987889170000093
The meaning of the formula is ttA,ttLEO′,kl2×mt2,ksSplicing four 01 binary sequence codes in sequence to form a 01 binary sequence code, and taking the 01 binary sequence code as a hash function H1The input of (1); at the LEOBAnd TEAAfter the handover authentication is finished, the LEOBAnd TEASecure communications using a symmetric encryption algorithm in which the session key is used
Figure FDA0002987889170000094
6.4 TEATo LEOBThe method for authenticating and calculating the session key comprises the following steps:
6.4.1 TEAswitch authentication module slave LEOBReceiving LF by the switching authentication moduleBChecking LFBTime stamp tt onLEO' and with TEAIs at a fifth time threshold T5If T is less than or equal to T5Turning to step 6.4.2; if T > T5Then TEAIdentify LEOBIs illegal, TEARefusing to access the space-based network, and turning to the step 6.3.3;
6.4.2 TEAaccording to the authentication security parameter k stored locallysAnd message LFBM of (a)l2Calculating the Hash authentication value h of the ground terminalA′=H1(ks Pml2) If h is calculatedAAND message LFBExtracted H1(ks Pml2) If the values are equal, the authentication is passed, and the step 6.4.3 is carried out; otherwise TEAIdentify LEOBIs illegal, TEADenying access to space-based network, stopping with LEOBStep 6.3.3;
6.4.3 TEAcomputing a session key KA=H1(ttAPttLEOPkt2×ml2 Pks) (ii) a At the LEOBAnd TEAAfter the handover authentication is finished, the LEOBAnd TEASecure communication using a symmetric encryption algorithm, KAIs the session key used in the symmetric encryption algorithm;
and step seven, finishing.
2. The identity-based authentication method for the space-based network according to claim 1, wherein in the first step, in the secure environment, the two communicating parties establish the secure session connection by using a secure socket protocol.
3. The identity-based authentication method for space-based network as claimed in claim 1, wherein 3.2 steps of said private key calculation module calculation and IDACorresponding private key skAThe computing method adopts a private key generation algorithm in an identity-based signature scheme with a message recovery function, and comprises the following specific steps:
3.2.1 private Key computation Module from
Figure FDA0002987889170000101
Randomly selecting any number from the middle random selection list as a ground terminal registration random number, and recording the random number as rA
Figure FDA0002987889170000102
3.2.2 private Key computation Module compute private Key skA,skA=(RA,vA),RA=rAP,vA=rA+cAxmod p, where cA=H1(IDA,RA),RAIs the front part of the private key of the ground terminal, cAIs a ground terminal private key hash intermediate value, vAIs the back of the ground terminal private key, and x is the master key.
4. The identity-based authentication method for space-based network as claimed in claim 1, wherein 3.6 steps of said private key computation modelBlock computation and
Figure FDA00029878891700001014
corresponding private key
Figure FDA00029878891700001015
The method adopts a private key generation algorithm in an identity-based signature scheme with a message recovery function, and comprises the following specific steps:
3.6.1 private Key computation Module from
Figure FDA0002987889170000103
Randomly selecting any number as satellite registration random number, and recording as
Figure FDA0002987889170000104
Figure FDA0002987889170000105
3.6.2 private Key computation Module computation
Figure FDA0002987889170000106
Corresponding private key
Figure FDA0002987889170000107
Figure FDA0002987889170000108
Figure FDA0002987889170000109
Wherein
Figure FDA00029878891700001010
Figure FDA00029878891700001011
Is the front part of the satellite private key,
Figure FDA00029878891700001012
is the hash intermediate value of the satellite private key,
Figure FDA00029878891700001013
behind the satellite private key.
5. The identity-based authentication method for space-based networks according to claim 1, wherein the first time threshold T is1According to the system requirement setting, when the system is required to consume less communication resources and the broadcasting period is long T1Set to 200 seconds; when the system is required to operate efficiently and the broadcast period is short, T is set1Set to 50 seconds.
6. The identity-based authentication method for space-based networks according to claim 1, wherein the second time threshold T is2A third time threshold T3A fourth time threshold T4A fifth time threshold T5Are all set according to the actual condition of the system and require T2Not greater than the time, T, of transmission of the message from the satellite to the ground terminal3Not greater than the time, T, of transmission of the message from the ground terminal to the satellite4、T5No greater than the time of transmission of the message from the ground terminal to the satellite.
7. The identity-based authentication method for space-based networks according to claim 6, wherein the second time threshold T is2A third time threshold T3A fourth time threshold T4A fifth time threshold T5Set to 1 second to 10 seconds.
8. The identity-based authentication method for the space-based network as claimed in claim 1, wherein the step of TE 4.2.3 is performedAThe verification module of (2) pairs the message LAσ (m) of (1)LEOA) The verification method comprises the following steps:
4.2.3.1 TEAthe verification module calculates the hash intermediate values of the satellite signature messages in turn
Figure FDA0002987889170000111
Satellite private key hash intermediate value
Figure FDA0002987889170000112
Satellite authentication message signature intermediate volume
Figure FDA0002987889170000113
And satellite authentication message plaintext back
Figure FDA0002987889170000114
Figure FDA0002987889170000115
To represent
Figure FDA0002987889170000116
Rightmost k of2A binary sequence code of bit 01 is set,
Figure FDA0002987889170000117
to represent
Figure FDA0002987889170000118
Leftmost k1Bit 01 binary sequence code;
4.2.3.2 if
Figure FDA0002987889170000119
The verification passes, otherwise the verification fails.
9. The identity-based authentication method for the space-based network as claimed in claim 1, wherein step 4.2.5.2 said TEAThe authentication calculation module generates a pair of plaintext mASigned encrypted message sigma (m)A) The method comprises the following steps:
4.2.5.2.1 TEAauthentication computing module of
Figure FDA00029878891700001110
Randomly selecting an integer as a ground terminal signature random number tA
Figure FDA00029878891700001111
4.2.5.2.2 TEAM is calculated by the authentication calculation moduleADivided into two parts mA1And mA2Wherein m isA2Has a sequence code length of k2I.e. mA2Has a number of bits of k2
4.2.5.2.3 TEAThe authentication calculation module calculates m 'as a medium quantity of the verification message signature of the ground terminal'A
Figure FDA00029878891700001112
Calculating elliptic curve component y of ground terminal signature messageA,
Figure FDA00029878891700001113
(tAP)XRepresenting a point t on the elliptic curve EACoordinates on the X-axis of P; calculating the hash intermediate value h of the ground terminal signature messageA,hA=H2(IDA,RA,yA),hA=H2(IDA,RA,yA) Indicates the IDA,RA,yAConcatenating into a binary sequence, and then using the binary sequence as function H2Computing the hash value, R, of the binary sequenceAIs the front part of the private key of the ground terminal; calculating ground terminal signature message tail element zA,zA=tA+hAvAmod p,vAIs the back part of the private key of the ground terminal;
4.2.5.2.4 mixing mA1,RA,yA,zAGenerating a plaintext mASigned encrypted message sigma (m)A),σ(mA) Is mA1,RA,yA,zAConstituent quadruples, σ (m)A)=(mA1,RA,yA,zA) (ii) a Wherein m isA1,RA,yA,zAAre all 01 binary sequence codes, σ (m)A) Is according to mA1,RA,yA,zASequentially arranged 01 binary sequence codes.
10. The space-based network-oriented identity-based authentication method of claim 1, wherein the LEO in step 4.4.2AVerification module pair TAσ (m) of (1)A) The verification method comprises the following steps:
4.4.2.1 LEOAthe verification module calculates the hash intermediate value h of the ground terminal signature message in turnA=H2(IDA PRAPyA) The intermediate value c of the private key hash of the ground terminalA=H1(IDA PRA) Ground terminal verifying message signature intermediate quantity
Figure FDA0002987889170000121
And the ground terminal verifies the back part of the message plaintext
Figure FDA0002987889170000122
Figure FDA0002987889170000123
Is m'ARightmost k of2A binary sequence code of bit 01 is set,
Figure FDA0002987889170000124
is m'ALeftmost k1Bit 01 binary sequence code;
4.4.2.2 if
Figure FDA0002987889170000125
The verification passes, otherwise the verification fails.
CN202110306820.3A 2021-03-23 2021-03-23 Identity-based authentication method facing space-based network Active CN113079016B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110306820.3A CN113079016B (en) 2021-03-23 2021-03-23 Identity-based authentication method facing space-based network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110306820.3A CN113079016B (en) 2021-03-23 2021-03-23 Identity-based authentication method facing space-based network

Publications (2)

Publication Number Publication Date
CN113079016A true CN113079016A (en) 2021-07-06
CN113079016B CN113079016B (en) 2022-01-21

Family

ID=76613274

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110306820.3A Active CN113079016B (en) 2021-03-23 2021-03-23 Identity-based authentication method facing space-based network

Country Status (1)

Country Link
CN (1) CN113079016B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113660026A (en) * 2021-07-26 2021-11-16 长光卫星技术有限公司 Satellite security management method based on multi-user autonomous access control
CN113783703A (en) * 2021-11-10 2021-12-10 清华大学 Satellite network terminal security access authentication method, device and system
CN114221821A (en) * 2021-12-31 2022-03-22 清华大学 Method, device and system for realizing satellite communication authentication
CN114466359A (en) * 2022-01-07 2022-05-10 中国电子科技集团公司电子科学研究院 Distributed user authentication system and authentication method suitable for low earth orbit satellite network
CN114826651A (en) * 2022-03-08 2022-07-29 重庆邮电大学 Lightweight certificateless authentication method for low-earth orbit satellite network
CN115665732A (en) * 2022-10-24 2023-01-31 中国人民解放军国防科技大学 Certificateless signature authentication method for satellite internet
CN116056078A (en) * 2022-10-10 2023-05-02 西安电子科技大学 High-speed terminal security authentication method based on track prediction in space-earth integrated scene
CN116056080A (en) * 2022-08-18 2023-05-02 重庆邮电大学 Satellite switching authentication method for low-orbit satellite network
CN116996113A (en) * 2023-09-26 2023-11-03 北京数盾信息科技有限公司 Satellite terminal networking method, device and equipment
WO2023216206A1 (en) * 2022-05-12 2023-11-16 北京小米移动软件有限公司 Wireless transmission method and apparatus, and communication device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110971415A (en) * 2019-12-13 2020-04-07 重庆邮电大学 Space-ground integrated space information network anonymous access authentication method and system
CN111314056A (en) * 2020-03-31 2020-06-19 四川九强通信科技有限公司 Heaven and earth integrated network anonymous access authentication method based on identity encryption system
CN112087750A (en) * 2020-08-05 2020-12-15 西安电子科技大学 Access and switching authentication method and system under satellite network intermittent communication scene
CN112332900A (en) * 2020-09-27 2021-02-05 贵州航天计量测试技术研究所 Low-earth-orbit satellite communication network rapid switching authentication method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110971415A (en) * 2019-12-13 2020-04-07 重庆邮电大学 Space-ground integrated space information network anonymous access authentication method and system
CN111314056A (en) * 2020-03-31 2020-06-19 四川九强通信科技有限公司 Heaven and earth integrated network anonymous access authentication method based on identity encryption system
CN112087750A (en) * 2020-08-05 2020-12-15 西安电子科技大学 Access and switching authentication method and system under satellite network intermittent communication scene
CN112332900A (en) * 2020-09-27 2021-02-05 贵州航天计量测试技术研究所 Low-earth-orbit satellite communication network rapid switching authentication method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘谱光: "天基物联网安全认证关键技术研究", 《中国优秀博硕士学位论文全文数据库(硕士) 信息科技辑 2021年第01期》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113660026A (en) * 2021-07-26 2021-11-16 长光卫星技术有限公司 Satellite security management method based on multi-user autonomous access control
CN113783703A (en) * 2021-11-10 2021-12-10 清华大学 Satellite network terminal security access authentication method, device and system
CN114221821A (en) * 2021-12-31 2022-03-22 清华大学 Method, device and system for realizing satellite communication authentication
CN114466359A (en) * 2022-01-07 2022-05-10 中国电子科技集团公司电子科学研究院 Distributed user authentication system and authentication method suitable for low earth orbit satellite network
CN114466359B (en) * 2022-01-07 2024-03-01 中国电子科技集团公司电子科学研究院 Distributed user authentication system and authentication method suitable for low orbit satellite network
CN114826651A (en) * 2022-03-08 2022-07-29 重庆邮电大学 Lightweight certificateless authentication method for low-earth orbit satellite network
CN114826651B (en) * 2022-03-08 2023-07-18 重庆邮电大学 Lightweight and certificateless authentication method for low orbit satellite network
WO2023216206A1 (en) * 2022-05-12 2023-11-16 北京小米移动软件有限公司 Wireless transmission method and apparatus, and communication device and storage medium
CN116056080A (en) * 2022-08-18 2023-05-02 重庆邮电大学 Satellite switching authentication method for low-orbit satellite network
CN116056078A (en) * 2022-10-10 2023-05-02 西安电子科技大学 High-speed terminal security authentication method based on track prediction in space-earth integrated scene
CN116056078B (en) * 2022-10-10 2024-05-31 西安电子科技大学 High-speed terminal security authentication method based on track prediction in space-earth integrated scene
CN115665732B (en) * 2022-10-24 2023-10-27 中国人民解放军国防科技大学 Certificate-free signature authentication method for satellite Internet
CN115665732A (en) * 2022-10-24 2023-01-31 中国人民解放军国防科技大学 Certificateless signature authentication method for satellite internet
CN116996113A (en) * 2023-09-26 2023-11-03 北京数盾信息科技有限公司 Satellite terminal networking method, device and equipment
CN116996113B (en) * 2023-09-26 2023-12-26 北京数盾信息科技有限公司 Satellite terminal networking method, device and equipment

Also Published As

Publication number Publication date
CN113079016B (en) 2022-01-21

Similar Documents

Publication Publication Date Title
CN113079016B (en) Identity-based authentication method facing space-based network
CN109218018B (en) Identity-based unmanned aerial vehicle key management and networking authentication system and method
CN111083131B (en) Lightweight identity authentication method for power Internet of things sensing terminal
CN108989318B (en) Light-weight security authentication and key exchange method for narrowband Internet of things
CN108111301B (en) Method and system for realizing SSH protocol based on post-quantum key exchange
CN102946313B (en) A kind of user authentication model for quantum key distribution network and method
CN102315937B (en) System and method for secure transaction of data between wireless communication device and server
CN109257346B (en) Concealed transmission system based on block chain
CN112953726B (en) Satellite-ground and inter-satellite networking authentication method, system and application for fusing double-layer satellite network
CN113612605A (en) Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology
CN108964897B (en) Identity authentication system and method based on group communication
CN111049647B (en) Asymmetric group key negotiation method based on attribute threshold
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN104079412B (en) The threshold proxy signature method without credible PKG based on intelligent grid identity security
CN108881186B (en) Compressed sensing encryption method capable of realizing key sharing and error control
Shukla et al. A bit commitment signcryption protocol for wireless transport layer security (wtls)
CN113055394A (en) Multi-service double-factor authentication method and system suitable for V2G network
CN104618113B (en) The method that the authentication of a kind of mobile terminal and safe lane are set up
KR100456624B1 (en) Authentication and key agreement scheme for mobile network
CN114844649A (en) Secret key distribution method containing trusted third party based on superlattice PUF
CN114584975A (en) Anti-quantum satellite network access authentication method based on SDN
CN109274506B (en) Certificateless signature method based on SM2 secret
Rahman et al. Man in the Middle Attack Prevention for edg-fog, mutual authentication scheme
CN112822018A (en) Mobile equipment security authentication method and system based on bilinear pairings
EP3883178A1 (en) Encryption system and method employing permutation group-based encryption technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant