CN108566240B - Inter-satellite networking authentication system and method suitable for double-layer satellite network - Google Patents

Abstract

The invention belongs to the technical field of information security, and discloses an inter-satellite networking authentication system and method suitable for a double-layer satellite network. The system includes a ground authentication server, a high-orbit satellite authentication client and a low-orbit satellite authentication client; the ground authentication The server is responsible for completing the initialization of the satellite authentication system, that is, generating and distributing the identity information, keys, and orbital parameters required for inter-satellite authentication; high-orbit satellite authentication clients and low-orbit satellite authentication clients are the main bodies of inter-satellite networking authentication , to achieve inter-satellite identity authentication and key negotiation through interactive authentication parameters. Taking advantage of the features of highly synchronized satellite network clocks and predictable node running trajectories, the present invention designs an authentication pre-calculation mechanism, which effectively improves the authentication efficiency between satellites. The invention can realize the safe and efficient identity authentication and key negotiation of the high and low orbit satellites in the double-layer satellite network in the networking stage, and can be used for the networking authentication between the high and low orbit satellites.

Description

An inter-satellite networking authentication system and method suitable for double-layer satellite networks

technical field

The invention belongs to the technical field of information security, and in particular relates to an inter-satellite networking authentication system and method suitable for a double-layer satellite network. It can be used to provide satellite identity authentication services for commercial satellite networks during satellite networking, and can realize trust establishment and secure communication between satellites without the participation of a trusted third party.

Background technique

At present, the existing technologies commonly used in the industry are as follows:

Since the current satellite network contains a small number of satellites, such as Iridium (66) and GPS (24), the satellite network is mainly controlled by the ground station. Satellite networking authentication usually adopts the method that the ground station directly assigns authentication parameters, session keys, etc. to the satellite. In this control structure, satellites usually do not have the ability to form autonomous networks, so that the authentication of their networking relies heavily on ground stations.

However, with the development of aerospace technology, the satellite network tends to be complicated, such as the large number of satellite nodes and the complex satellite control model. Under this trend, the traditional satellite networking control method has certain application limitations due to the deployment location, processing capability, and management capability of the ground station. At the same time, because the satellite communication link adopts wireless transmission medium, the channel is highly open, and the communication content is very easy to be monitored, tampered with, and forged. In addition, the special deployment environment of the satellite network puts forward higher requirements for the design of the inter-satellite identity authentication protocol. First of all, onboard resources are limited and it is difficult to cope with the large computational overhead. The scheme that requires complex computation will seriously affect the authentication efficiency. Secondly, the distance between satellites is long, the communication delay cannot be ignored, and the communication overhead becomes a problem that must be considered in the scheme design.

For the networking problem of satellite networks, some solutions have been proposed, such as:

The patent "a method for identifying an on-orbit satellite" (application number CN 2017101415439, application publication number CN106850674A) applied for by the 30th Research Institute of China Electronics Technology Group Corporation discloses a method for identifying an on-orbit satellite, which is based on the period of the satellite orbit. It adopts the public and private key authentication mechanism to solve the problem of identity authentication between the stars and the earth.

However, with the development of aerospace technology, the satellite network under design contains more and more nodes. If the satellite network certification requires frequent participation of ground stations, the certification efficiency will be seriously affected by problems such as satellite-ground communication delay. Therefore, in order to ensure the safety and efficiency of satellite networking, the authentication protocol needs to minimize the participation of third parties such as ground stations, and improve the autonomy and independence of authentication nodes, so as to ensure that the satellite network can operate safely in the event of ground station failures.

To sum up, the problems existing in the prior art are:

(1) Inter-satellite identity authentication requires ground participation. Without the participation of trusted third parties such as ground stations, it is difficult to achieve independent and autonomous trust establishment and secure communication between satellites, which is not suitable for satellite network groups with massive nodes. web scene;

(2) Inter-satellite identity authentication does not protect its own identity information, so that attackers can use the intercepted plaintext identity information to forge access requests, thereby implementing denial of service attacks and interfering with satellite networking;

(3) The computational overhead of inter-satellite identity authentication will affect the authentication delay. Compared with a satellite network with a small number of nodes, in a satellite network with a large number of nodes, due to more frequent networking authentication, inter-satellite networking will be affected by the satellite network. The authentication delay is caused by the problem of the computing power of the computer. The difficulty and significance of solving the above technical problems:

(1) To design an independent and autonomous inter-satellite networking authentication method, it is necessary to design a safe and efficient key update method for it, which not only reduces the participation of the ground station, but also ensures that the satellite can accurately update the authentication key;

(2) To design an authentication method for inter-satellite networking to protect the identity information of satellites, it is necessary to consider the additional computational overhead caused by this, not only to ensure the confidentiality of the satellite identity information, but also to reduce the resulting computational overhead;

(3) To design an authentication method for inter-satellite networking suitable for complex satellite networks, it is necessary to consider the computational overhead in the authentication process, and try to avoid the computational delay caused by limited computational resources when multiple satellites are authenticated at the same time.

With the development of aerospace technology, future satellite networks will inevitably contain more and more satellite nodes. Designing an authentication method for inter-satellite networking that can achieve independent and autonomous networking without the frequent participation of ground stations is important for ensuring that there are a large number of satellite nodes. The stable operation of the satellite network is of great significance.

SUMMARY OF THE INVENTION

In view of the problems existing in the prior art, the present invention provides an inter-satellite networking authentication system and method suitable for a double-layer satellite network.

The present invention is realized in this way,

An inter-satellite networking authentication system suitable for a double-layer satellite network of the present invention includes:

The ground authentication server is responsible for completing the initialization of the satellite authentication system, that is, generating and distributing the identity information, keys, and orbital parameters required for inter-satellite authentication;

The high-orbit satellite (GEO) authentication client is responsible for receiving the authentication request from LEO, calculating and returning the authentication token Token, calculating the expected response XRES and session key CK, and checking whether the temporary identity TID used by LEO in the authentication request is valid. Whether the response value RES returned by LEO is correct, maintain an authentication information table for LEO;

The low-orbit satellite (LEO) authentication client is responsible for submitting an authentication request to GEO, checking whether the authentication token Token returned by GEO is valid, calculating the temporary identity TID, response value RES and session key CK, and maintaining an authentication information table for GEO.

The ground authentication server includes:

The system initialization module is used to complete the initialization of the satellite authentication system, that is, the identity information generated by the identity information generation module, the key generated by the key generation module, and the orbit parameters allocated by the orbit allocation module are written into the satellite authentication system;

The identity information generation module is used to generate the identity information required for the authentication of the satellite according to the production sequence and launch sequence of the satellite;

The key generation module is used to generate the key required for authentication for the satellite;

Orbit allocation module for allocating operating orbits to satellites.

High-orbit satellite (GEO) certified clients include:

The system initialization module is used to complete the initialization of the on-board authentication system, that is, to obtain the identity information, key and orbit parameters required for satellite authentication from the ground authentication server;

The networking authentication module includes three sub-modules: an authentication sub-module, a data processing sub-module, and a pre-computing management sub-module. Among them, the authentication sub-module is used to interact with the low-orbit satellite (LEO) authentication client for parameters required for authentication; the data processing sub-module is used to generate and parse the authentication parameters, and check whether the received authentication parameters are valid; pre-computing management The sub-module is used to pre-calculate the certification parameters of the satellite according to the data in the certification information table, and maintain the certification information table;

The orbit prediction module is used to calculate the time node of the next certification between satellites;

The authentication information management module is used to manage the registration and update of LEO authentication information.

Low Earth Orbit (LEO) certified clients include:

The system initialization module is used to complete the initialization of the on-board authentication system, that is, to obtain the identity information, key and orbit parameters required for satellite authentication from the ground authentication server;

The networking authentication module includes three sub-modules: an authentication sub-module, a data processing sub-module, and a pre-computing management sub-module. Among them, the authentication sub-module is used to interact with the high-orbit satellite (GEO) authentication client for the parameters required for authentication; the data processing sub-module is used to generate and parse the authentication parameters, and check whether the received authentication parameters are valid; pre-computing management The sub-module is used to pre-calculate the certification parameters of the satellite according to the data in the certification information table, and maintain the certification information table;

The orbit prediction module is used to calculate the time node of the next certification between satellites;

The authentication information management module is used to manage the registration and update of GEO authentication information.

Another object of the present invention is to provide an information data processing terminal equipped with the inter-satellite networking authentication system suitable for a two-layer satellite network.

To achieve the above object, the present invention provides an inter-satellite networking authentication method suitable for a double-layer satellite network, including:

1. Initialize the authentication system

(1a) In the launch preparation stage, the satellite submits a system initialization application to the ground certification server.

(1b) After receiving the application, the ground authentication server generates and distributes identity information, keys, and orbital parameters for the satellite, including identity information ID, group identity information SGID, the anonymous protection key IDKey of the satellite's identity information, and the authentication of the satellite. The main key MainKey.

2. Satellite certification information registration

(2a) LEO sends its own precise orbital data to GEO, such as orbital height, orbital inclination and other orbital parameters required for satellite orbital position prediction.

(2b) After receiving the orbit information sent by LEO, GEO adds the authentication information of the LEO to the authentication information table, that is, stores the ID of the LEO together with the orbit data into the authentication information database on the satellite. After the registration is completed, GEO returns its precise orbit data to the LEO.

(2c) After receiving the returned orbit data, LEO uses the same operation to store the data in its own authentication database.

3. Inter-satellite identity authentication and key negotiation

Inter-satellite identity authentication and key agreement are divided into two sub-protocols according to the execution stage of inter-satellite networking authentication, namely the authentication sub-protocol before satellite authentication information registration and the authentication sub-protocol after satellite authentication information registration.

3.1) Authentication sub-protocol before authentication information registration

(3.1.a) LEO obtains the timestamp T _TID through the onboard clock. Based on the acquired T _TID and the preset IDKey, the LEO calculates the temporary identity TID that should be used for this authentication, TID=f _TID (IDKey, T _TID ||RID). After the calculation is complete, LEO sends the TID to GEO along with the authentication request.

(3.1b) After receiving the TID, GEO uses the preset IDKey to decrypt the TID, and judges the freshness and validity of the authentication request through the decrypted T _TID and RID.

并计算预期响应XRES和会话密钥CK，CK＝f_CK(AuthKey，RAND)，XRES＝f_RES(CK，RAND)。(3.1.c) GEO obtains the timestamp T _Auth required to generate AuthKey through the onboard clock. Based on the acquired T _Auth and the preset MainKey, AuthKey=f _AK (MainKey, T _Auth ); GEO generates a one-time random number RAND; based on the generated RAND and AuthKey, GEO calculates the timestamp protection sequence TK, TK=f _TK (AuthKey, RAND); GEO obtains the timestamp T _Token required to generate Token through the onboard clock. Based on the generated RAND, the acquired T _Token and the stored SGID, GEO calculates the message verification code MAC, MAC=f _MAC (AuthKey, RAND||T _Token ||SGID); GEO calculates the RAND, T _Token , TK, SGID, MAC Combined into an authentication token Token,

And calculate the expected response XRES and session key CK, CK=f _CK (AuthKey, RAND), XRES=f _RES (CK, RAND).

(3.1.d) LEO uses the AuthKey generated in the same way, and uses the generated AuthKey to determine the freshness and validity of the Token.

(3.1.e) After the verification is passed, LEO calculates CK and RES in the same way, and returns RES to GEO.

(3.1.f) After receiving the RES, GEO compares the received RES with the stored XRES for equality. If they are equal, the authentication to LEO is completed; otherwise, the authentication fails.

3.2) Authentication sub-protocol after authentication information registration

(3.2.a) After establishing the communication link, the LEO first determines whether its own orbital parameters have changed. If the orbit perturbation occurs, because the authentication parameters obtained by the authentication pre-calculation have become invalid, this protocol needs to be terminated and the authentication sub-protocol (3.1) needs to be re-executed. If the running track is normal, LEO sends the pre-computed TID and RES to GEO together with the access request.

(3.2.b) After receiving the access request, GEO compares the received TID and RES with the stored XTID and XRES. If they are equal, complete the authentication to LEO and return the stored Token to LEO; if not, return an error and re-execute the authentication sub-protocol (3.1).

(3.2.c) LEO uses the pre-computed AuthKey to determine the validity of the authentication token.

(3.2.d) If the verification is passed, LEO uses AuthKey to calculate the session key CK.

4. Authentication pre-calculation

The authentication pre-computation is divided into two sub-protocols according to the execution stage of the inter-satellite networking authentication, namely the pre-computation sub-protocol before the registration of the satellite authentication information and the pre-computation sub-protocol after the registration of the satellite authentication information.

4.1) Authentication pre-computation sub-protocol before authentication information registration

(4.1.a) LEO applies for a blank Token from GEO.

(4.1.b) GEO calculates and returns a blank Token.

(4.1.c) LEO calculates the next time for authentication with the target GEO through orbit prediction technology, and obtains three time parameters T _TID , T _Auth , and T _Token . Next, LEO generates the TID and AuthKey that should be used in the next authentication through T _TID and T _Auth respectively. Based on the blank Token returned by GEO, LEO calculates the RES that should be used for the next authentication. After the calculation, LEO stores the TID and RES.

(4.1.d) GEO calculates the next time for authentication with the target LEO through orbit prediction technology, and obtains three time parameters T _TID , T _Auth , and T _Token . Based on the acquired time parameter, stored satellite ID, stored key IDKey and MainKey, GEO calculates the XTID, XRES, Token, and CK to be used for the next authentication. After the calculation is completed, GEO stores XTID, XRES, , Token, and CK.

4.2) Authentication pre-computation sub-protocol after authentication information registration

(4.1.a) LEO calculates the next time for authentication with the target GEO through orbit prediction technology, and obtains three time parameters T _TID , T _Auth , and T _Token . Next, LEO generates the TID and AuthKey that should be used in the next authentication through T _TID and T _Auth respectively. Based on the Token returned by GEO in the authentication sub-protocol (3.2), LEO calculates the RES that should be used for the next authentication. After the calculation, LEO stores the TID and RES.

(4.1.b) GEO calculates the next time for authentication with the target LEO through orbit prediction technology, and obtains three time parameters T _TID , T _Auth , and T _Token . Based on the acquired time parameter, stored satellite ID, stored key IDKey and MainKey, GEO calculates the XTID, XRES, Token, and CK to be used for the next authentication. After the calculation, GEO stores XTID, XRES, Token, and CK.

Another object of the present invention is to provide a computer program for realizing the authentication method for inter-satellite networking applicable to a dual-layer satellite network.

Another object of the present invention is to provide an information data processing terminal for realizing the authentication method for inter-satellite networking applicable to a two-layer satellite network.

Another object of the present invention is to provide a computer-readable storage medium, including instructions, which, when executed on a computer, cause the computer to execute the described method for inter-satellite networking authentication suitable for a two-layer satellite network.

The invention achieves the purpose of anti-replay attack by rationally using the time stamp in the generation process of the authentication parameter. During identity authentication, the authentication parameters that need to be passed between GEO and LEO are TID, Token and RES. Among them, the generation of TID requires timestamp T _TID , GEO can use this to judge the freshness of TID; Token contains the encrypted time parameter T _Token , LEO can combine the MAC value to judge whether the received Token is a replay message; RES There is a corresponding relationship with the Token, and whether the RES is a replay message can be judged by the message return speed.

In the present invention, the inter-satellite identity authentication and key negotiation are divided into two sub-protocols according to the execution stage of the inter-satellite networking authentication, namely the authentication sub-protocol before satellite authentication information registration and the authentication sub-protocol after satellite authentication information registration. After the satellite completes the registration of the authentication information, the authentication parameters can be pre-calculated through the exchanged satellite precise orbit parameters. By designing a pre-computing mechanism, the inter-satellite authentication after the registration of authentication information can implement a lightweight networking authentication protocol, which greatly improves the authentication efficiency.

The temporary identity generation method of the present invention, when generating the temporary identity, the satellite uses the IDKey shared between the GEO and LEO groups to perform cryptographic operations on the composite string of the timestamp _TID and the real identity RID, and the operation result is used to represent the temporary identity of the satellite. . Since the temporary identity is generated based on time, it can ensure that each time LEO initiates authentication, different identity information is used.

The method for generating the authentication key AuthKey of the present invention, the authentication key is derived from the time-based distribution of the master key MainKey by the ground authentication server. Taking advantage of the features of highly synchronized satellite network clocks and predictable running trajectories, both GEO and LEO can update the authentication key according to the predicted time. The authentication parameters are calculated in advance based on the predicted time, which not only ensures the synchronization of the calculation between the two parties of the agreement, but also improves the authentication efficiency between satellites.

The method of the present invention reduces the calculation overhead in the process of inter-satellite authentication, utilizes the characteristics of high synchronization of satellite network clocks and predictable running orbits, designs authentication pre-calculation steps, and calculates the next authentication time in advance during the period when the utilization rate of on-board computers is low. required parameters. In the next authentication, only need to compare the parameters to realize the identity authentication, which can effectively avoid the authentication delay caused by insufficient computing power of the on-board computer during the inter-satellite networking authentication.

To sum up, the advantages and positive effects of the present invention are:

The invention realizes the two-way identity authentication between satellites.

In the present invention, after the authentication system of the satellite is initialized by the ground station, LEO and GEO can independently and autonomously perform network authentication. LEO realizes the identity authentication of GEO by judging whether the locally calculated XMAC is equal to the MAC in the Token; GEO realizes the identity authentication of LEO by judging whether the locally stored XRES is equal to the returned RES. The two-way identity authentication mechanism can resist network attacks such as counterfeiting and tampering in the process of satellite networking, ensuring the security and orderly progress of satellite networking.

The invention realizes the anonymous protection of satellite identity information.

In the present invention, when LEO sends an authentication request, a temporary identity is used, and the temporary identity is encrypted and generated by real identity information based on timestamp, so that the identity information used for each authentication is different; at the same time, due to the setting of the authentication pre-computing mechanism , the verification of identity information in the authentication process mainly adopts the method of character comparison, which will not increase the extra computational cost of the satellite.

The invention reduces the computational cost of the satellite in the authentication process.

Combining the scene characteristics of highly uniform satellite network clocks and predictable running trajectories, the invention designs authentication pre-calculation steps, so that the satellite can use the time parameters obtained from orbit prediction to calculate in advance the parameters required for the next authentication, and when the network is re-established Only need to perform a simple parameter comparison operation to complete the authentication. By designing the authentication pre-computing mechanism, the present invention arranges a large amount of calculation required in the authentication process in the low utilization rate stage of the satellite processor, thereby avoiding the problem of insufficient satellite computing power in the case of simultaneous authentication of multiple satellites. Authentication delay.

Description of drawings

FIG. 1 is a diagram of an inter-satellite networking authentication system suitable for a two-layer satellite network provided by an embodiment of the present invention.

FIG. 2 is a flowchart of an authentication method for inter-satellite networking applicable to a two-layer satellite network provided by an embodiment of the present invention.

FIG. 3 is a flowchart of authentication of a low-orbit satellite provided by an embodiment of the present invention.

FIG. 4 is a flowchart of authentication of a high-orbit satellite provided by an embodiment of the present invention.

Detailed ways

In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

The existing technology cannot realize trust establishment and secure communication between satellites without the participation of a trusted third party. The invention provides an inter-satellite networking authentication method suitable for a double-layer satellite network, including:

LEO completes the identity authentication of GEO by judging whether the locally calculated XMAC is equal to the MAC in the Token; GEO completes the identity authentication of LEO by judging whether the locally stored XRES is equal to the returned RES; during identity authentication, GEO and The authentication parameters passed between LEOs are TID, Token, and RES; among them, the generation of TID requires timestamp TTID, and GEO uses this to judge the freshness of TID; Token contains the encrypted time parameter T _Token , and LEO combines the MAC value to judge the receipt. Whether the received Token is a replay message; there is a corresponding relationship between RES and Token, and GEO can judge whether RES is a replay message through the speed of message return;

When LEO sends an authentication request, it uses a temporary identity generated based on time, and the identity information used for each authentication is different; the verification of identity information during the authentication process adopts the method of character comparison; when generating a temporary identity, the satellite uses a group of GEO and LEO groups. The IDKey shared between the groups performs cryptographic operations on the composite string of the timestamp _TID and the real identity RID, and uses the operation result to represent the temporary identity of the satellite;

Taking advantage of the characteristics of highly synchronized satellite network clocks and predictable running trajectories, both GEO and LEO update the authentication key AuthKey according to the predicted time and calculate the authentication parameters in advance.

1, an inter-satellite networking authentication system suitable for a two-layer satellite network provided by an embodiment of the present invention includes three modules: a ground authentication server, a high-orbit satellite (GEO) authentication client, and a low-orbit satellite (LEO) authentication client.

in:

The ground authentication server is responsible for completing the initialization of the satellite authentication system, that is, generating and distributing the identity information, keys, and orbital parameters required for inter-satellite authentication;

The high-orbit satellite (GEO) authentication client is responsible for receiving the authentication request from LEO, calculating and returning the authentication token Token, calculating the expected response XRES and session key CK, and checking whether the temporary identity TID used by LEO in the authentication request is valid. , check whether the response value RES returned by LEO is correct, and maintain an authentication information table for LEO;

The low-orbit satellite (LEO) authentication client is responsible for submitting an authentication request to GEO, checking whether the authentication token Token returned by GEO is valid, calculating the temporary identity TID, response value RES and session key CK, and maintaining an authentication information for GEO surface.

The ground authentication server includes: a system initialization module, an identity information generation module, a key generation module, and a track distribution module.

The system initialization module is used to complete the initialization of the satellite authentication system, that is, the identity information generated by the identity information generation module, the key generated by the key generation module, and the orbit parameters allocated by the orbit allocation module are written into the satellite authentication system;

The identity information generation module is used to generate the identity information required for the authentication of the satellite according to the production sequence and launch sequence of the satellite;

The key generation module is used to generate the key required for authentication for the satellite;

The orbit allocation module is used for allocating operating orbits for satellites.

The high-orbit satellite (GEO) authentication client includes: a system initialization module, a network authentication module, an orbit prediction module, and an authentication information management module.

The system initialization module is used to complete the initialization of the on-board authentication system, that is, to obtain the identity information, key and orbital parameters required for satellite authentication from the ground authentication server;

The networking authentication module includes three sub-modules: an authentication sub-module, a data processing sub-module, and a pre-computing management sub-module. Among them, the authentication sub-module is used to interact with the low-orbit satellite (LEO) authentication client for parameters required for authentication; the data processing sub-module is used to generate and parse the authentication parameters, and check whether the received authentication parameters are valid; pre-computing management The sub-module is used to pre-calculate the certification parameters of the satellite according to the data in the certification information table, and maintain the certification information table;

The orbit prediction module is used to calculate the time node of the next certification between satellites;

The authentication information management module is used to manage the registration and update of LEO authentication information.

The low-orbit satellite (LEO) authentication client includes: a system initialization module, a network authentication module, an orbit prediction module, and an authentication information management module.

The system initialization module is used to complete the initialization of the on-board authentication system, that is, to obtain the identity information, key and orbital parameters required for satellite authentication from the ground authentication server;

The networking authentication module includes three sub-modules: an authentication sub-module, a data processing sub-module, and a pre-computing management sub-module. Among them, the authentication sub-module is used to interact with the high-orbit satellite (GEO) authentication client for parameters required for authentication; the data processing sub-module is used to generate and parse the authentication parameters, and check whether the received authentication parameters are valid; pre-computing management The sub-module is used to pre-calculate the certification parameters of the satellite according to the data in the certification information table, and maintain the certification information table;

The orbit prediction module is used to calculate the time node of the next certification between satellites;

The authentication information management module is used to manage the registration and update of GEO authentication information.

As shown in FIG. 2 to FIG. 4 , an inter-satellite networking authentication method applicable to a two-layer satellite network provided by an embodiment of the present invention includes authentication system initialization, satellite authentication information registration, inter-satellite identity authentication and key negotiation, and authentication pre-calculation Four parts.

The present invention will be further described below in conjunction with the initialization of the authentication system.

1. Initialize the authentication system:

Step 1: In the launch preparation stage, the satellite submits a system initialization application to the ground certification server;

Step 2: After receiving the application, the ground authentication server generates ID, SGID, IDKey, MainKey and orbit parameters for the satellite according to the satellite's production number, launch sequence and other information. After the parameters are generated, each parameter is stored in the satellite's certification database, where:

(1) the ID is the identity information of the satellite, and is used to uniquely identify the satellite node when the inter-satellite identity authentication protocol is executed;

(2) The SGID is the group identity information of the satellite, which is used to identify the group to which the satellite belongs, and belongs to the auxiliary identity of the satellite, which can be configured in combination with the actual situation;

(3) the IDKey is the anonymous protection key of the identity information of the satellite, which belongs to the shared key between GEO and the LEO group, and is used for the generation of the LEO temporary identity in the authentication process;

(4) The MainKey is the master key when the satellite performs inter-satellite authentication, which belongs to the shared secret between the GEO and LEO satellites, and is used to generate the authentication key AuthKey.

The present invention will be further described below in conjunction with registration of satellite authentication information.

2. Satellite certification information registration

The registration of satellite authentication information is carried out after the first inter-satellite identity authentication between GEO and LEO is completed, including the following steps:

Step 1: LEO sends its own precise orbit data to GEO, such as orbit height, orbit inclination and other orbit parameters required for satellite orbit position prediction;

Step 2: After receiving the orbit information sent by LEO, GEO adds the authentication information of the LEO to the authentication information table, that is, the ID of the LEO is stored in the authentication information database on the satellite together with the orbit data. After the registration is completed, GEO returns its own precise orbit data to the LEO;

Step 3: After receiving the returned orbit data, LEO uses the same operation to store the data in its own authentication database.

The present invention will be further described below in conjunction with inter-satellite identity authentication and key agreement.

3. Inter-satellite identity authentication and key negotiation

The inter-satellite identity authentication and key negotiation of the authentication method of the present invention is divided into two sub-protocols according to the execution stage of the inter-satellite networking authentication, namely the authentication sub-protocol before satellite authentication information registration and the authentication sub-protocol after satellite authentication information registration.

(1) Authentication sub-protocol before authentication information registration

The inter-satellite identity authentication and key agreement sub-protocol that occurs before the registration of satellite authentication information needs to perform the following steps:

Step 1: LEO generates and sends a temporary identity.

The LEO obtains the timestamp T _TID from the onboard clock. Based on the acquired T _TID and the preset IDKey, the LEO calculates the temporary identity TID that should be used for this authentication, TID=f _TID (IDKey, T _TID ||RID). Among them, f _TID is a temporary identity generation algorithm, which can be implemented with reference to HMAC-SM3 (Hash message authentication code based on the national secret SM3 algorithm); RID is the real identity information of the satellite. After the calculation is complete, LEO sends the TID to GEO along with the authentication request.

Step 2: GEO determines the validity of the authentication request.

2.1) Freshness verification

After receiving the TID, GEO uses the preset IDKey to decrypt the TID. If the obtained T _TID satisfies T _TID -T ₀ <ΔT _TID , then the request meets the freshness requirement, and proceeds to step 2.2), otherwise the authentication is terminated and the connection is released;

2.2) Validity verification

If the RID obtained by decryption conforms to the predetermined naming specification, the identity verification is passed, and step 3 is performed; otherwise, the authentication is terminated and the connection is released.

Step 3: GEO generates and returns an authentication token.

3.1) Generate authentication key

GEO obtains the timestamp T _Auth required to generate the AuthKey through the onboard clock. Based on the acquired T _Auth and the preset MainKey, GEO calculates the authentication key AuthKey used for this authentication, AuthKey=f _AK (MainKey, T _Auth ). Among them, f _AK is the authentication key generation algorithm, which is used for the generation of AuthKey, which can be realized by referring to ECB-SM4 (National Secret SM4 Algorithm Code Book Mode).

3.2) Generate timestamp protection sequence

GEO generates a one-time random number RAND. Based on the generated RAND and AuthKey, GEO calculates the timestamp protection sequence TK, _TK =fTK(AuthKey, RAND). Among them, f _TK is a timestamp protection sequence generation algorithm, which can be implemented with reference to ECB-SM4.

3.3) Generate message verification code

GEO obtains the timestamp T _Token required to generate the authentication token Token through the onboard clock. Based on the generated RAND, the acquired T _Token and the stored SGID, GEO calculates the message authentication code MAC, MAC=f _MAC (AuthKey, RAND||T _Token ||SGID). Where f _MAC is the message verification code generation algorithm, which can be implemented by referring to MAC-SM4.

3.4) Generate authentication token

GEO combines RAND, T _Token , TK, S _GID and MAC into one Token,

3.5) Generate expected response and session key

GEO computes the expected response XRES and session key CK, CK=f _CK (AuthKey, RAND), XRES=f _RES (CK, RAND). Among them, f _CK is an authentication key generation algorithm, and f _RES is an authentication response value generation algorithm, which can be implemented with reference to HMAC-SM3.

After the authentication parameters are calculated, GEO stores XRES and CK, and returns Token to LEO.

Step 4: LEO determines the validity of the authentication token.

4.1) Freshness verification

LEO uses the generated AuthKey and RAND in the Token to calculate TK. After decrypting the Token with TK to obtain the T _Token , determine whether T _Token -T ₀ <ΔT holds. If the T _Token meets the message freshness requirement, go to step 4.2), otherwise, the authentication fails and the connection is released.

4.2) Authentication of identity information

LEO uses the generated AuthKey and RAND, T _Token and SGID in the Token to calculate the message verification code XMAC in the same way. After the calculation is completed, it is judged whether the calculated XMAC is equal to the MAC in the Token. If they are equal, the GEO authentication is completed. If they are not equal, the authentication fails and the connection is released.

Step 5: LEO generates authentication response value and session key.

After the verification is passed, LEO uses RAND and AuthKey to calculate CK and RES using f _CK and f _RES , and returns RES to GEO.

Step 6: GEO validates the response value.

After receiving the RES, GEO compares the received RES with the stored XRES for equality. If they are equal, the authentication to LEO is completed; otherwise, the authentication fails.

Authentication sub-protocol after authentication information registration

The identity authentication that occurs after the authentication information is registered needs to use the authentication parameters obtained in the authentication pre-calculation. The execution of the authentication sub-protocol requires the following steps:

Step 1: LEO sends an authentication request.

After establishing the communication link, LEO first determines whether its own orbital parameters have changed. If orbital perturbation occurs, because the authentication parameters obtained by authentication pre-calculation are invalid, this protocol needs to be terminated, and the authentication sub-protocol (1) needs to be re-executed. If the running track is normal, LEO sends the pre-computed TID and RES to GEO together with the access request.

Step 2: GEO determines the validity of the access request.

Upon receiving an access request, GEO compares the received TID and RES with the stored XTID and XRES. If they are equal, complete the authentication for LEO and return the stored Token to LEO; if not, return an error and re-execute the authentication sub-protocol (1).

Step 3: LEO determines the validity of the authentication token.

3.1) Freshness verification

LEO uses the pre-calculated AuthKey and RAND in the Token to calculate TK. After decrypting the Token with TK to obtain the T _Token , determine whether T _Token -T ₀ <ΔT holds. If the T _Token meets the message freshness requirement, go to step 3.2), otherwise, the authentication fails and the connection is released.

3.2) Authentication of identity information

LEO uses the generated AuthKey and RAND, T _Token and SGID in the Token to calculate the message verification code XMAC in the same way. After the calculation is completed, it is judged whether the calculated XMAC is equal to the MAC in the Token. If they are equal, the GEO authentication is completed. If they are not equal, the authentication fails and the connection is released.

Step 4: LEO generates a session key.

If the verification is passed, LEO uses the pre-calculated AuthKey and RAND in the Token to calculate the CK using f _CK .

The present invention will be further described below in conjunction with authentication pre-computation.

4. Authentication pre-calculation

The authentication pre-calculation of the authentication method of the present invention is divided into two sub-protocols according to the execution stage of the inter-satellite networking authentication, namely the pre-calculation sub-protocol before satellite authentication information registration and the pre-calculation sub-protocol after satellite authentication information registration.

(1) Authentication pre-computation sub-protocol before authentication information registration

The authentication pre-computation sub-protocol that occurs prior to registration of satellite authentication information requires the following steps:

Step 1: LEO applies for a blank Token from GEO.

Step 2: GEO calculates and returns a blank Token.

Step 3: LEO performs authentication pre-computation

LEO calculates the next time for authentication with the target GEO through the orbit prediction technology, and obtains three time parameters: T _TID , T _Auth , and T _Token . Next, LEO generates the TID and AuthKey that should be used in the next authentication through T _TID and T _Auth respectively. Based on the blank Token returned by GEO, LEO calculates the RES that should be used for the next authentication. After the calculation, LEO stores the TID and RES.

Step 4: GEO performs certification precomputing

GEO calculates the next time for authentication with the target LEO through orbit prediction technology, and obtains three time parameters: T _TID , T _Auth , and T _Token . Based on the acquired time parameter, stored satellite ID, stored key IDKey and MainKey, GEO calculates the XTID, XRES, Token, and CK to be used for the next authentication. After the calculation is completed, GEO stores XTID, XRES, , Token, and CK.

(2) Authentication pre-computation sub-protocol after authentication information registration

The authentication pre-computation sub-protocol that occurs after the registration of satellite authentication information needs to perform the following steps: Step 1: LEO performs authentication pre-computation

LEO calculates the next time for authentication with the target GEO through the orbit prediction technology, and obtains three time parameters: T _TID , T _Auth , and T _Token . Next, LEO generates the TID and AuthKey that should be used in the next authentication through T _TID and T _Auth respectively. Based on the GEO return Token in the authentication sub-protocol (2),

LEO calculates the RES that should be used for the next certification. After the calculation, LEO stores the TID and RES.

Step 2: GEO performs authentication precomputing

GEO calculates the next time for authentication with the target LEO through orbit prediction technology, and obtains three time parameters: T _TID , T _Auth , and T _Token . Based on the acquired time parameter, stored satellite ID, stored key IDKey and MainKey, GEO calculates the XTID, XRES, Token, and CK to be used for the next authentication. After the calculation, GEO stores XTID, XRES, Token, and CK.

The above steps 1 and 2 are independently calculated by LEO and GEO during the idle time of the processor, without considering the sequence of execution.

The present invention will be further described below in conjunction with simulation experiments.

In the above authentication method, if the communication and calculation overhead brought by authentication pre-computation during the inter-satellite networking authentication process is not considered (because the core idea of the authentication method of the present invention is to design the authentication pre-computation mechanism to reduce the time when the satellite performs authentication interaction overhead), the authentication overhead of the authentication method of the present invention is as follows:

(1) Number of interactions, identity authentication that occurs before satellite authentication information registration requires 3 session interactions, and identity authentication that occurs after satellite authentication information registration requires 2 session interactions;

(2) Number of core operations, identity authentication that occurs before satellite authentication information registration requires 2B+2H+2M+2C operations, and identity authentication that occurs after satellite authentication information registration requires 1M+2C operations, where B represents one operation Block encryption, H represents a hash operation, M represents a message verification code operation, and C represents a comparison operation;

(3) Computing time, the identity authentication that occurs before the registration of satellite authentication information takes 20.3 microseconds, and the identity authentication that occurs after the registration of satellite authentication information takes 5.9 microseconds. The above experimental environment is a computer with i5 4590+8G RAM, using SM3 -256bit for Hash calculation, SM3-HMAC-256bit for MAC calculation, SM4-128bit for block encryption, using a random number with a length of 128bits and a timestamp with a length of 48bits.

It can be seen from the above experimental results that when using this authentication method, due to the setting of the authentication pre-computation mechanism, as long as the registration of the authentication information is completed between the satellites, the inter-satellite networking authentication can be completed with less overhead, and at the same time, the satellite network authentication can be completed at a lower cost. Overhead to achieve anonymity protection of LEO identity information.

In the above-mentioned embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented in whole or in part in the form of a computer program product, the computer program product includes one or more computer instructions. When the computer program instructions are loaded or executed on a computer, all or part of the processes or functions described in the embodiments of the present invention are generated. The computer may be a general purpose computer, special purpose computer, computer network, or other programmable device. The computer instructions may be stored in or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be downloaded from a website site, computer, server or data center Transmission to another website site, computer, server, or data center by wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL), or wireless (eg, infrared, wireless, microwave, etc.)). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, a data center, or the like that includes an integration of one or more available media. The usable media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVD), or semiconductor media (eg, Solid State Disk (SSD)), among others.

The above descriptions are only preferred embodiments of the present invention and are not intended to limit the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention shall be included in the protection of the present invention. within the range.

Claims (7)

1. an inter-satellite networking authentication method applicable to a double-layer satellite network, is characterized in that, the described inter-satellite networking authentication method applicable to a double-layer satellite network specifically comprises: The first step is to initialize the authentication system to generate and distribute the identity information, keys, and orbital parameters required for inter-satellite authentication; The second step is to register the satellite certification information. After receiving the orbit information sent by LEO, GEO adds the certification information of the LEO to the certification information table, and stores the LEO ID together with the orbit data into the certification information database on the satellite; the registration is completed After that, GEO returns its own precise orbit data to LEO; The registration of satellite certification information specifically includes: (2a) LEO sends its own precise orbit data to GEO, including orbital height and orbital inclination parameters for satellite orbital position prediction; (2b) After receiving the orbit information sent by LEO, GEO adds the authentication information of LEO to the authentication information table, and stores the LEO ID together with the orbit data in the authentication information database on the satellite; after the registration is completed, GEO returns itself to LEO accurate orbital data; (2c) After receiving the returned orbit data, LEO stores the data in its own authentication database; The third step, inter-satellite identity authentication and key negotiation, according to the authentication stage, select the authentication sub-protocol before the satellite authentication information registration and the authentication sub-protocol after the satellite authentication information registration; The third step, inter-satellite identity authentication and key negotiation specifically includes: Execute the authentication sub-protocol before satellite authentication information registration and the authentication sub-protocol after satellite authentication information registration; The authentication sub-protocol before the authentication information registration includes: (3a) LEO obtains the time stamp T _TID through the onboard clock; based on the obtained T _TID and the preset IDKey, LEO calculates the temporary identity TID that should be used in this authentication, TID=f _TID (IDKey, T _TID ||RID) ; After the calculation is completed, LEO sends the TID together with the authentication request to GEO; (3b) After receiving the TID, GEO uses the preset IDKey to decrypt the TID, and judges the freshness and validity of the authentication request through the decrypted _TID and RID; (3c) GEO obtains the timestamp T _Auth required to generate the AuthKey through the onboard clock; based on the acquired T _Auth and the preset MainKey, AuthKey=f _AK (MainKey, T _Auth ); GEO generates a one-time random number RAND; Based on the generated RAND and AuthKey, GEO calculates the timestamp protection sequence TK, TK=f _TK (AuthKey, RAND); GEO obtains and generates a Token timestamp T _Token through the onboard clock; based on the generated RAND, the acquired T _Token , the stored SGID, GEO calculates the message verification code MAC, MAC=f _MAC (AuthKey, RAND||T _Token ||SGID); GEO combines RAND, T _Token , TK, SGID, and MAC into an authentication token Token,

And calculate the expected response XRES and session key CK, CK=f _CK (AuthKey, RAND), XRES=f _RES (CK, RAND); (3d) LEO uses the AuthKey generated by (3b)-(3c), and uses the generated AuthKey to determine the freshness and validity of the Token; (3e) After verification, LEO calculates CK and RES, and returns RES to GEO; (3f) After receiving the RES, GEO compares whether the received RES and the stored XRES are equal; completes the authentication of the LEO; otherwise, the authentication fails; The authentication sub-protocol after the authentication information is registered includes: After the communication link is established, LEO first determines whether its own orbital parameters have changed; if orbital perturbation occurs, the authentication parameters obtained by the authentication pre-calculation are invalid, terminate this protocol, and re-execute the authentication sub-protocol before the authentication information registration; if the running orbit is normal , LEO sends the pre-computed TID and RES together with the access request to GEO; After receiving the access request, GEO compares the received TID and RES with the stored XTID and XRES; if they are equal, completes the authentication of LEO, and returns the stored Token to LEO; if not, returns an error, and restarts Execute the authentication sub-protocol; LEO uses the pre-calculated AuthKey to determine the validity of the authentication token; If the verification is passed, LEO uses AuthKey to calculate the session key CK; The fourth step, the authentication pre-calculation specifically includes: Execute the pre-computing sub-protocol before satellite certification information registration and the pre-computing sub-protocol after satellite certification information registration; The authentication pre-calculation sub-protocol before the authentication information is registered, specifically includes: (4a) LEO applies to GEO for a blank Token; (4b) GEO calculates and returns a blank Token; (4c) LEO calculates the time point for the next authentication with the target GEO through the orbit prediction technology, and obtains three time parameters T _TID , T _Auth , and T _Token ; then, LEO generates the next authentication through T _TID and T _Auth respectively. TID and AuthKey; based on the blank Token returned by GEO, LEO calculates the RES for the next authentication; after the calculation, LEO stores the TID and RES; (4d) GEO calculates the next time for authentication with the target LEO through the orbit position prediction technology, and obtains three time parameters T _TID , T _Auth , and T _Token ; based on the obtained time parameters, stored satellite ID, stored key IDKey and MainKey, GEO calculates the XTID, XRES, Token, and CK for the next authentication; after the calculation, GEO stores the XTID, XRES, Token, and CK; The authentication pre-computing sub-protocol after the authentication information is registered specifically includes: LEO calculates the time point for the next authentication with the target GEO through orbit prediction technology, and obtains three time parameters T _TID , T _Auth , and T _Token ; then, LEO generates TID and AuthKey for the next authentication through T _TID and T _Auth respectively ;Based on the Token returned by GEO in the authentication sub-protocol, LEO calculates the RES for the next authentication; after the calculation, LEO stores the TID and RES; GEO calculates the next time for authentication with the target LEO through orbit prediction technology, and obtains three time parameters T _TID , T _Auth , and T _Token ; based on the acquired time parameters, stored satellite ID, stored key IDKey and MainKey , GEO calculates the XTID, XRES, Token, and CK for the next authentication; after the calculation, GEO stores the XTID, XRES, Token, and CK; The fourth step is authentication pre-computation, and the pre-computing sub-protocol before satellite authentication information registration and the pre-computation sub-protocol after satellite authentication information registration are selected according to the authentication stage. 2. the inter-satellite networking authentication method applicable to double-layer satellite network as claimed in claim 1, is characterized in that, the first step, authentication system initialization specifically comprises: (1a) During the launch preparation stage, the satellite submits a system initialization application to the ground certification server; (1b) After receiving the application, the ground authentication server generates and distributes identity information, keys, and orbital parameters for the satellite, including identity information ID, group identity information SGID, the anonymous protection key IDKey of the satellite's identity information, and the authentication of the satellite. MainKey MainKey. 3. An information data processing terminal that implements the authentication method for inter-satellite networking applicable to a two-layer satellite network according to any one of claims 1 to 2. 4. A computer-readable storage medium, comprising instructions that, when executed on a computer, cause the computer to execute the inter-satellite networking authentication method applicable to a two-layer satellite network according to any one of claims 1 to 2. 5. An inter-satellite networking authentication system applicable to a double-layer satellite network for the method for inter-satellite networking authentication of a double-layer satellite network as claimed in claim 1, wherein the described method is applicable to a double-layer satellite network. The inter-satellite networking authentication system of the network includes: The ground authentication server is used to complete the initialization of the satellite authentication system, and to generate and distribute the identity information, keys, and orbit parameters for inter-satellite authentication; The high-orbit satellite GEO authentication client is used to receive the authentication request from LEO, calculate and return the authentication token Token, calculate the expected response XRES and session key CK, verify whether the temporary identity TID used by LEO in the authentication request is valid, and verify the LEO Whether the returned response value RES is correct, maintain an authentication information table for LEO; The low-orbit satellite (LEO) authentication client is used to submit an authentication request to GEO, check whether the authentication token Token returned by GEO is valid, calculate the temporary identity TID, response value RES and session key CK, and maintain an authentication information table for GEO . 6. The inter-satellite networking authentication system applicable to a double-layer satellite network as claimed in claim 5, wherein the ground authentication server comprises: The system initialization module is used to complete the initialization of the satellite authentication system, and write the identity information generated by the identity information generation module, the key generated by the key generation module, and the orbit parameters allocated by the orbit allocation module into the satellite authentication system; The identity information generation module is used to generate the identity information required for the authentication of the satellite according to the production sequence and launch sequence of the satellite; The key generation module is used to generate the key required for authentication for the satellite; Orbit allocation module for allocating operating orbits to satellites; High-orbit satellite GEO certified clients include: The system initialization module is used to complete the initialization of the on-board authentication system, and obtain the identity information, key and orbit parameters required for satellite authentication from the ground authentication server; Network authentication module, including authentication sub-module, data processing sub-module and pre-computing management sub-module; The authentication sub-module is used to interact with the LEO satellite LEO authentication client to authenticate the required parameters; The data processing sub-module is used to generate and parse authentication parameters and check whether the received authentication parameters are valid; The pre-calculation management sub-module is used to pre-calculate the authentication parameters of the data management satellites in the authentication information table, and maintain the authentication information table; The orbit prediction module is used to calculate the time node of the next certification between satellites; The authentication information management module is used to manage the registration and update of LEO authentication information; Low-orbit satellite LEO certified clients include: The system initialization module is used to complete the initialization of the on-board authentication system, and obtain the identity information, key and orbit parameters required for satellite authentication from the ground authentication server; Network authentication module, including authentication sub-module, data processing sub-module and pre-computing management sub-module; Authentication sub-module, used for the parameters required for interactive authentication with the high-orbit satellite GEO authentication client; The data processing sub-module is used to generate and parse authentication parameters and check whether the received authentication parameters are valid; The pre-calculation management sub-module is used to pre-calculate the authentication parameters of the data management satellites in the authentication information table, and maintain the authentication information table; The orbit prediction module is used to calculate the time node of the next certification between satellites; The authentication information management module is used to manage the registration and update of GEO authentication information. 7. An information data processing terminal equipped with the inter-satellite networking authentication system applicable to a two-layer satellite network according to any one of claims 5 to 6.

Images