CN101431361B - Method for implementing double-layer satellite trust model based on mobile proxy - Google Patents
Method for implementing double-layer satellite trust model based on mobile proxy Download PDFInfo
- Publication number
- CN101431361B CN101431361B CN 200810243912 CN200810243912A CN101431361B CN 101431361 B CN101431361 B CN 101431361B CN 200810243912 CN200810243912 CN 200810243912 CN 200810243912 A CN200810243912 A CN 200810243912A CN 101431361 B CN101431361 B CN 101431361B
- Authority
- CN
- China
- Prior art keywords
- satellite
- agency
- communication
- src
- source
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a realization method for a double layer satellite trust model based on a mobile agent, and relates to a system simulating communication of a polar constellation and a geostationary satellite. The routing lookup efficiency when a link is in a failure is increased by introducing the geostationary satellite, and meanwhile, the introduction of the geostationary satellite can also strengthen the threats of human fators to the safety of a satellite. In a double layer satellite model formed by an iridium system and three geostationary satellites, all the satellite nodes in the intercommunication process all distrust with each other, and data of the satellites in the communication process is encrypted, thereby malicious node interception and communication data tampering are avoided, and reliable as well as safe communication is realized. On the basis of the model, a trust mechanism and a mobile Agent are combined, thereby not only the satellite routing intelligence is realized, but also the data safety problem existing for a long time in the satellite communication is enhanced. The invention can solve the routing lookup problem when the link is in a failure and the data safety problem in the satellite communication.
Description
Technical field
The present invention is a kind of under Agent (agency) environment, realizes a kind of model of satellite communication, mainly solves link failure and problem of data safety between the satellite communication Satellite.
Background technology
Mobile proxy technology is a kind of emerging technology that occurs along with the development of Internet (internet), and it has adapted to the characteristics of Internet preferably, effectively simplifies design, realization and the maintenance of distributed system.In general, mobile agent refers to one section independently computer program, and it is according to certain rules, can be autonomous move on the network of isomery, representative of consumer is completed specific task.The advantage of mobile agent mainly contains 2 points: on the one hand, it has realized calculating to the drawing close of resource requirement, and this can save bandwidth of network and have asynchronous feature; On the other hand, permission program dynamically is published to main frame.
Due to the plurality of advantages of mobile agent, it has application prospect preferably at the aspects such as intelligence discovery of ecommerce, mobile computing, Internet information, and the research of mobile proxy technology is just being become one of focus of academia and industrial quarters.The key technology of mobile agent comprises mobile mechanism, communication mechanism and security mechanism.Fail safe is one of widely used key factor of restriction mobile proxy technology, and the safety problem of therefore studying mobile agent is significant.
The world today, the development of land mobile communication brings great convenience to people's life, but relatively globalize such trend, still can not communicate by letter normally with the external world in some place, and this just requires to expand the requirement that existing communication system satisfies people.The Iridium system is the low rail GLOBAL PERSONAL MOBILE-SATELLITE COMMUNICATIONS that U.S. Motorola Inc. (Motorola) proposed in 1987, and it and existing communication anastomose close, and can realize the global figure personal communication.This system is former is designed to 77 grapefruit satellites, respectively around 7 polar region circular orbits operations, because of electron number identical gain the name of satellite number with iridium atom.Change afterwards 66 satellites into around 6 polar region circular orbit operations, but still used Old Name.Polar region circular orbit height is 780km approximately, each orbit plane distribute 11 satellite and 1 backup satellite in orbit, and every satellite nearly weighs 700kg.Iridium market mainly is positioned business travelers, maritime affairs user, aviation users, emergency aid, outlying district.The roaming scheme of Iridium design also solves roaming across agreement between the terrestrial cellular net except the roaming that solves satellite network and terrestrial cellular net, this is the another characteristics that Iridium is different from other satellite mobile communication system.Iridium also provides the business such as fax, data, location, paging except voice service is provided.
Summary of the invention
Technical problem: the implementation method that the purpose of this invention is to provide a kind of movement-based agency's double-layer satellite trust model, the advantage of Agent is applied in satellite network, and in conjunction with the characteristics of satellite network self, make satellite can effectively find best route when topology changes, the mechanism that has also proposed simultaneously a kind of mutual mistrust guarantees the safety of data in satellite communication.
Technical scheme: method of the present invention is a kind of method of tactic, acting on behalf of (Agent) by introducing proposes, its target is to introduce geostationary satellite in original dummy satellite, can better solve the link Problem of Failure, also introduce simultaneously a kind of faith mechanism and improved Security of the system.The implementation method of a kind of movement-based agency's of the present invention double-layer satellite trust model is in the double-layer satellite model that is comprised of IRIDIUM and 3 geostationary satellites, the all mutual mistrusts in the process of communication mutually of all satellite nodes, and the data of satellite in communication process are all encrypted, thereby avoid malicious node to intercept and capture, distort communication data, realize reliable, secure communication, specific as follows:
1a) at first introduce geostationary satellite in IRIDIUM, formed new medium and low earth orbit satellites mixed model, source satellite SSat calculates route according to this new dummy satellite, and send a request communication agent to purpose satellite DSat according to this route, simultaneously with the data in corresponding encrypted private key agency, and arrange one and reply overtime T;
After 1b) purpose satellite DSat receives the communication request of source satellite transmission, if source satellite and purpose satellite are covered by same geostationary satellite DSC, the purpose satellite sends a checking to act on behalf of the legitimacy of verifying the source satellite to DSC, verifies the legitimacy of source satellite node to the covering satellite SSC of source satellite otherwise send the checking agency;
1c) at first geostationary satellite DSC or covering satellite SSC verify the legitimacy of purpose satellite node according to the information of database, if legal verify the legitimacy of the satellite node SSat of purpose satellite requests verification, send a checking agency if satellite node SSat is legal to purpose satellite DSat; Cover the legitimacy that satellite can not only the verifying satellites node, can also solve the isolated satellite node problem that satellite link lost efficacy or node failure brings;
1d) whether purpose satellite DSat can communicate by letter with source satellite SSat according to the information decision that the checking agency returns, if source satellite SSat is legal satellite node uses corresponding PKI decryption agent data, return simultaneously one and reply the agency and begin communication, otherwise abandon the request communication agent that source satellite SSat sends;
1e) satellite SSat in source T receives purpose satellite DSat in the time the agency that replys, begins communication, and the data in communication process also all are encrypted, and uses corresponding secret key decryption after the arrival destination node; If do not receive in the time to reply at T and turn 1a).
At step 1a) in, geostationary satellite introduced in IRIDIUM, when the inter-satellite link around satellite node all opens circuit, satellite node just becomes isolated node, not only wasted resource for whole communication system, and affected the efficient of satellite communication, specifically described as follows:
2a) satellite SSat in source calculates route and sends a Detect Agent according to topology;
2b) satellite SSat in source obtains the link condition of the shortest path that Detect Agent returns, if link normally begin communication, otherwise link is disconnected or the information of node failure sends to administration agent;
2c) administration agent upgrades the topological relation database and up-to-date topological relation is sent to source node;
2d) the source satellite recomputates route according to up-to-date topology, if the link around source satellite or purpose satellite has all disconnected, that source satellite just sends to the agency geostationary satellite SSC that covers it; If source satellite SSat is covered communicates by letter by route SSat->SSC->DSat by same geostationary satellite SSC with purpose satellite DSat, otherwise just by route SSat->SSC->DSC->DSat communication.
Data in described communication process are all encrypted, and with this safety that guarantees satellite communication, concrete steps are as follows:
Data during 3a) the source satellite node is acted on behalf of with corresponding secret key encryption, agency after encrypting is sent to purpose satellite or geostationary satellite according to different requirements, if the agency is sent to the purpose satellite with the purpose satellite communication, the agency is sent to geostationary satellite if send topological update agent to geostationary satellite;
3b) the purpose satellite reception is after the agency, and with the data in corresponding secret key decryption agency, communication is completed;
3c) afterwards with the data in corresponding secret key decryption agency, successful decryption upgrades the covering satellite reception as requested, otherwise does not upgrade to the agency of the renewal network topology of satellite transmission.
Beneficial effect: native system has increased geostationary satellite on the basis of original Iridium system, reduced the impact of human factor on satellite communication, simultaneously also by this intelligent entity of mobile Agent, imitated the whole process of satellite communication, the fail safe of satellite communication has been strengthened in the proposition of faith mechanism especially greatly.The below provides specific description:
1, expansibility
Simulate satellite node in reality with this software entity of mobile Agent in native system, therefore to reality in dummy satellite can be by increasing node and the change database manipulation be realized.For example to verify the signal intelligence of Teledic constellation in this system, only the number of Agency need to be revised, then get final product revising corresponding data in the database of topological relation.
2, routing intelligence
The best route of selection that can intelligence when the introducing of intelligent Agent makes Agent communicate by letter between different Agency is even link condition changes and the same can arrive smoothly destination node.When for example Agency A communicates by letter with Agency B, at first A sends an Agent according to the route that calculates, when Agent runs into node failure or link when abnormal, it can select node and the link of normal operation automatically, can't affect because of the abnormal of node and link the smooth arrival of Agent.
3, fail safe
It is all opaque to other communication party that the application of security agent and faith mechanism makes user's all contents when communicating by letter, relevant information that can obtaining communication except it self neither one Agent, can not be threatened security of system even intercept and capture, only to have key and can know just now information in Agent.Physical security has also obtained certain guarantee simultaneously, because the development of mankind's technology is also very weak to the striking capabilities of geostationary satellite, so system can strengthen the fail safe of satellite communication.
4, high efficiency
The Iridium system can improve the feasibility of communicating by letter with the system that geostationary satellite consists of, if illustrate certain satellite node other satellite nodes on every side because human factor all can not be worked, this satellite has also just lost the function that should have so, after increasing geostationary satellite, when this satellite node of bag arrival can not forward, can forward by geostationary satellite, although the time delay of communication is larger, but effectively utilized resource, isolated satellite node is widely applied in communication.
Description of drawings
Polar region satellite and geostationary satellite location map in Fig. 1 IRIDIUM,
Dummy satellite structure chart in Fig. 2 mobile agent platform,
The flow process that Fig. 3 Agency A communicates by letter with Agency B,
The flow process of Fig. 4 Agency A inspection database Query Information correctness,
The trusting relationship figure of Fig. 5 source node and other satellite node.
Fig. 6 is the schematic flow sheet of implementation method of movement-based of the present invention agency's double-layer satellite trust model.
Embodiment
The implementation method of movement-based agency's of the present invention double-layer satellite trust model, in the double-layer satellite model that is formed by IRIDIUM and 3 geostationary satellites, the all mutual mistrusts in the process of communication mutually of all satellite nodes, and the data of satellite in communication process all will be encrypted, thereby avoided the malicious node intercepting and capturing, distorted communication data, realized reliable, secure communication, specific as follows:
1) at first source satellite SSat (Source Satellite) calculates route according to topological model (polar region satellite and geostationary satellite model), and send a request communication agent to purpose satellite DSat (Destination Satellite) according to this route, simultaneously to the information encryption in the agency, and arrange one and reply overtime T;
2) send a checking agency and cover the legitimacy of satellite DSC checking source satellite SSat to it when source satellite SSat and purpose satellite DSat are covered DSat by same satellite, otherwise purpose satellite DSat sends a checking agency to the legitimacy of the covering satellite SSC checking source satellite SSat of source satellite SSat;
3) satellite DSC (Destination Satellite Cover) or SSC (Source Satellite Cover) are according to the legitimacy of the Information Authentication purpose satellite node of database, if legal verify the legitimacy of the satellite node SSat of purpose satellite requests verification, send a checking agency if node SSat is legal to purpose satellite DSat;
4) information returned according to checking agency of purpose satellite DSat determines whether can communicate by letter with SSat, if SSat be legal satellite node return one and reply the agency and begin communication, otherwise abandon the request communication agent that SSat sends;
5) satellite SSat in source T receives purpose satellite DSat in the time the agency that replys, begins communication, otherwise turns 1).
Added 3 geostationary satellites in the individual layer satellite communication system that is formed by the polar region satellite, solved that single-pathway (being that between source satellite and purpose satellite, shortest path only has) occurs that link opens circuit or satellite around link realize the problem of satellite reliable communication when all losing efficacy.Specifically describe as follows:
(1) satellite SSat in source calculates route and sends a Detect Agent according to topology;
(2) satellite SSat in source obtains the link condition of the shortest path that Detect Agent returns, if link normally begin communication, otherwise link is disconnected or the information of node failure sends to administration agent;
(3) administration agent upgrades the topological relation database and up-to-date topological relation is sent to source node;
(4) source node repeats (2) (3) step, recomputates topology.If source satellite SSat is covered communicates by letter by route SSat->SSC->DSat by same geostationary satellite SSC with purpose satellite DSat, otherwise just by route SSat->SSC->DSC->DSat communication.
Encrypt the information in the agency in the satellite communication process by RSA cryptographic algorithms, and then protect the safety of data in communication process, specific as follows:
(1) the source satellite node with the data in the encrypted private key agency, can not obtain relevant information even malicious agent has intercepted the agency;
(2) after the agency arrives the purpose satellite, the data of purpose satellite in the PKI decryption agent;
(3) the database agency that receives the renewal network topology that satellite sends uses the data in the PKI decryption agent afterwards, and successful decryption upgrades as requested, otherwise does not upgrade.
One, architecture
Double-layer satellite network communicating system based on security agent mainly is comprised of two parts, and a part is the foundation of new topological model, and another part is exactly the foundation of trust model.
Building of topological model:
In this model, we represent a satellite node with Agency, come communication between analog satellite with the forwarding of wrapping between Agency.Original IRIDIUM model comprises 66 satellites, when in the iridium satellite model, the link situation occurred being arranged, if source satellite and purpose satellite only have a shortest path, and so just can't proper communication, therefore increased by 3 geostationary satellites in this model.
In this satellite network model, all satellite nodes all represent with Agency, and Agency has all functions that satellite node has.Concrete arrangement is as follows:
Geostationary satellite Agency: we set a special satellite node, and it has disposal ability and route forwarding function on star.In native system, geostationary satellite Agency can communicate by letter with polar region satellite Agency.
Polar region satellite node Agency: this is Agency the most basic in native system, and it can know the information of the satellite node in 3 jumping scopes on every side.The polar region satellite node can be communicated by letter with geostationary satellite Agency with ground based terminal in native system.
Ground based terminal node Agency: it is illustrated in the entity that communicates on the earth, and than the machine station of saying ground or the people who directly communicates etc., no matter be machine station or people, they have identical function certainly in this system, all represent a side of communication.Ground based terminal Agency can communicate by letter with the polar region satellite node, but not every polar region satellite can communicate with, and certain relation must be satisfied in the elevation angle between them.
Definition: suppose to have polar region satellite A and geostationary satellite B, if satisfy certain relation between A and B, such as the difference of longitude of two satellites 60 spend in, claim that B is the covering satellite of A.
Each Agency can send a plurality of Agent, and the function of Agent is also different because of different requirements, mainly contains inquiry Agent in native system, detects Agent and verify in addition Agent, route Agent.
Route is the core of communication, and route will improve the efficient of communication efficiently.Route querying is the core of whole system, and due to the complexity of satellite network self, this has just required a simple algorithm efficiently to adapt with it.In native system, Agency carries out is routing algorithm of short jumping figure.We are defined in two satellite jumping figures adjacent on the geographical position is 1, jumping figure between the polar region satellite of geostationary satellite and its covering is also 1, jumping figure between geostationary satellite is also 1, and therefore in this model, any two intersatellite jumping figures in polar region can not surpass 3.It has certain robustness, when link occur to lose efficacy, its can Automatic-searching effective path communicate.
Suppose to have two satellite Agency A and Agency B, the below is the flow process that they will be communicated by letter
(1) at first Agency A sends an inquiry Agent to the satellite topological database, and the result that inquiry Agent will inquire about is returned to AgencyA;
(2) Agency A obtains current topology information, according to topology calculate between A and B shortest path by;
(3) Agency A surveys Agent according to shortest path by sending one, surveys the break-make situation of current link;
(4) survey Agent and report to Agency A link information, if there is no the abnormal routing to communicate that directly calculates according to Agency A of link;
(5) if surveying Agent detects link and exist and open circuit, the Agency A information that will open circuit sends to database and notification database to upgrade topological data, simultaneously up-to-date link information is notified the A to Agency.
(6) Agency A recomputate after receiving up-to-date topology information shortest path by, then repeat 3-5 step until link information when consistent with actual routing iinformation Agency A just communicate by letter with Agency B.
Module declaration: in this system, mainly contain following module: database module, inquiry Agent module, detection Agent module and Management Agent module.Database has been stored the topological relation between satellite, and link break-make situation, the information of each satellite node in can accessing database, and whether the polar region satellite can be searched route by it, can also find to exist on shortest path and open circuit.Geostationary satellite can judge by the information of database whether certain satellite node can communicate with.
Inquiry Agent module: because the special relationship of satellite network, any one satellite node all can not be trusted the information from other satellite fully, therefore satellite node is separate in system, when certain satellite node will be with other node communications, except calculating route by the topology information in database, it also will send one and survey Agent to related satellite, the information of all satellite nodes and the link information between them above the investigation shortest path.If there is satellite node to occur lost efficacy or the generation of opening circuit is arranged on shortest path, to survey Agent collected information is returned to the source satellite node, the source satellite node recomputates route according to the information of returning.Geostationary satellite also can generated query Agent, because when the polar region satellite will communicate with, must judge first whether the polar region satellite is that it covers satellite, inquiry Agent issues database together with the information of polar region satellite and geostationary satellite, if satisfy covering relation inquire about the information that Agency will can communicate by letter to polar region satellite and geostationary satellite transmission, otherwise Returning ball synchronous satellite and tell its polar region satellite not communicate by letter with it.
Survey the Agent module: detection Agent is an important component part in this mechanism, because between all satellites be all the distrust relation, so when the information that the acquisition database provides, we must go the correctness of authorization information, survey Agent and go to explore the correctness of link information according to given route.Each Agency will transmission regularly survey that Agent detects information to database, with integrality that database is provided and ageing.Because the change database of link circuit condition can not obtain relevant information timely, so explore Agency, the link information of exploring is submitted to database, database just can provide up-to-date topology information like this, only in this way could set up efficient route, improves the efficient of communication.
Management Agent module: due to situations such as being tampered can appear in Agent in this system, inefficacies, therefore just need to there be a unified Agent to manage, in this system, we have a special Agent to be appointed Management Agent, because when a node in network is revised by malice Agent, other Agency in the situation that do not know truth in case and it information interaction is arranged, information leakage will occur so.After having increased Management Agent, after certain Agent is by malicious modification, Management Agent will send to database the information of a node failure, and database root is according to resulting information updating information.Database and Management Agent are being distributed on same main frame, and have set up a kind of complete faith mechanism between Management Agent and database, and namely database information that Management Agent is transmitted can not suspected.
Database module: it is the core of whole system, each Agent can communicate by letter with it, but also there is a kind of trusting relationship between it and Agent, be that database is not necessarily to believe inquiry Agent, because each inquiry Agent possible spoofing becomes a node in the satellite of polar region to obtain the relevant information of other satellite node.Therefore, for inquiry Agent, we have set the reliability that certain cryptographic algorithm guarantees its source.Illustrate: node A sends an inquiry Agent to database, database can not determine whether this Agent really comes from node A, therefore it will be encrypted with PKI the information of inquiry Agent after receiving inquiry Agency, can not obtain relevant information even the information after encryption is intercepted and captured by other malice Agent, set simultaneously a timer.If node A receives inquiry Agent, decipher this Agent with private key and can obtain desired information.Send one if node A does not receive this Agent and reply Agent requirement database repeating transmission inquiry Agent.In timer time, if database is received the Agent that replys that node A sends, retransmission data, otherwise do not send out.Node A is the same with database also to be set one and replys timer, if do not receive at timer time the result that inquiry Agent returns, retransmits inquiry Agent.Geostationary satellite also carries out information interaction with database simultaneously, and the process of specific implementation is similar with the polar region satellite.When the polar region satellite sent information to geostationary satellite, geostationary satellite confirmed that the foundation that can all communicate by letter is exactly that the inquiry Agent that himself sends is from the result of data base querying.
Faith mechanism:
Because intersatellite special relationship, each satellite are selfish independent individuals, are not to trust fully for other information that inquires, only have just can be accepted by satellite through the practice test check.In the fact, because the diverse location of satellite, satellite probably is subject to artificial attack or destruction, and the information that inquires of other satellite may be just efficient and the safety that the foundation of the information of mistake so faith mechanism can improve system greatly so.For example database can often be received the topology information that satellite node returns, for correct information, after database is accepted, safety is not affected, just in case accepted wrong information so the topology of whole system all can change, the efficient of route etc. all can reduce, wasting of resources of satellite node etc., these all disastrous effects are all because malice Agent causes, so the management Agency at database place also will send one and detects Agent and go to confirm whether the information that receives is correct after receiving the return information of satellite node.That is to say that any node all only believes the information that the Agent that oneself sends returns, all will report the attitude of suspection for what other node sent, wait and be sure of to accept after errorless.
Illustrate, if two satellite node A and B, the inquiry Agent of A returns to A with the information of inquiry, the inquiry Agent of B returns to B with the information of inquiry, simultaneously they also will be inquired about satellite topological relation database and then verify whether the information that self inquiry Agent obtains is true, if it is A can communicate by letter with B, otherwise cannot.This mechanism is mainly in order to prevent that malice Agent from intercepting and capturing the inquiry Agent that satellite sends, and destroys intersatellite communication by the information of distorting.
Two, working-flow
From graphical interfaces input relevant parameter, the system acquisition relevant parameter is determined communicating pair (transmit leg and recipient), then notifies transmit leg to begin communication.Suppose that transmit leg is Agency A, the recipient is Agency B, and the below is the detailed workflow of transmit leg.
Agency A workflow:
(1) Agency A sends inquiry Agent to database, searches the best path between Agency A and Agency B according to topology;
(2) database returns to an Agent as a result, tells Agency A how this communicates by letter;
(3) result returned according to database of Agency A sends one and surveys Agent;
(4) result that will return if link has problems is submitted to database update;
(5) database is submitted to Agency A with new routing iinformation, loops, until the information that Agency A submits to according to database is be sure of the no problem rear communication that just begins of link.
Agency B workflow:
(1) B detects the reliability in the source of A after the communication request that receives the A transmission, sends one and confirms that Agent is to management Agency;
(2) management has been after Agency checked the reliability of caller information, gives one of B Agent as a result;
(3) refuse its communication request if there is potential safety hazard in A, otherwise send the Agent that to communicate by letter to A;
For convenience of description, our hypothesis has such application example:
In BeiJing, China and Washington, two people A and B are arranged respectively, they via satellite network come communication.At first to determine the polar region satellite that A and B are nearest.The below is the workflow that first will be communicated by letter:
(1) at first A finds out its nearest polar region satellite Agency A according to geographical relationship, B also will find out its nearest polar region satellite Agency B the same as A;
(2) polar region satellite Agency A Query Database draws the topological relation of current satellite network
(3) calculate source satellite node Agency A to the shortest path of Agency B according to the shortest jumping figure algorithm
(4) send according to the shortest path that calculates the validity that detection Agent verifies will give out a contract for a project path link and node;
(5) if exist on the path link or node abnormal, the details that this is abnormal report to database, database upgrades, and simultaneously up-to-date topology information is sent to Agency A
(6) after Agency A receives up-to-date topology information, circulation (3)->step of (5), until topology does not exist abnormal Agency A just to begin to send bag, send overtime timer one of Agency A inner setting simultaneously;
Agency B is the recipient in satellite communication, and for the bag that sends, it also will guarantee the safety of communicating by letter through certain confirmation process, and the below is the workflow of Agency B;
(1) Agency B is after receiving the bag that Agency A sends, and the relevant information of Agency A is sent to database identification;
(2) whether database identification node Agency A is the node of registration, and will confirm that result returns to Agency B;
(3) receive bag if Agency A is legal node Agency B, begin communication, otherwise refuse its communication request; For Agency A, begin to wait for after sending bag, do not begin proper communication if receive the information that Agency B returns think in sending time-out time, certainly for the Agency of malice, Agency B confirms directly to abandon after its legitimacy the bag of its transmission.
Claims (3)
1. the implementation method of movement-based agency's double-layer satellite trust model, it is characterized in that in the double-layer satellite model that is formed by IRIDIUM and 3 geostationary satellites, the all mutual mistrusts in the process of communication mutually of all satellites, and the data of satellite in communication process are all encrypted, thereby avoided the malice satellite to intercept and capture, distort communication data, realized reliable, secure communication, specific as follows:
1a) at first introduce geostationary satellite in IRIDIUM, formed the medium and low earth orbit satellites mixed model, source satellite SRC calculates route according to this new dummy satellite, and send a request communication agent to purpose satellite DST according to this route, simultaneously with the data in corresponding secret key encryption agency, and arrange one and reply overtime T;
After 1b) purpose satellite DST receives the communication request of source satellite SRC transmission, if source satellite SRC and purpose satellite DST are covered by same geostationary satellite DC, purpose satellite DST sends a checking agency to the legitimacy of geostationary satellite DC with checking source satellite SRC, otherwise sends the checking agency to the legitimacy of the geostationary satellite SC that covers source satellite SRC with checking source satellite SRC;
1c) at first geostationary satellite DC or SC verify the legitimacy of purpose satellite DST according to the information of database, if legal verify the legitimacy of the source satellite SRC of purpose satellite DST requests verification, send a checking agency if source satellite SRC is legal to purpose satellite DST; Geostationary satellite can not only verifying satellites legitimacy, can also solve the isolated satellite problem that satellite link lost efficacy or satellite lost efficacy and brings;
1d) whether purpose satellite DST can communicate by letter with source satellite SRC according to the information decision that the checking agency returns, if source satellite SRC is legal satellite uses corresponding secret key decryption proxy data, return simultaneously one and reply the agency and begin communication, otherwise abandon the request communication agent that source satellite SRC sends;
1e) satellite SRC in source T receives purpose satellite DST in the time the agency that replys, begins communication, and the data in communication process also all adopt RSA Algorithm to be encrypted deciphering; If do not receive in the time to reply at T and turn 1a).
According to claim 1 the movement-based of describing agency's the implementation method of double-layer satellite trust model, it is characterized in that the introducing of geostationary satellite, solved isolated satellite problem in multimedia LEO satellite communications; When the inter-satellite link around satellite all opens circuit, not only wasted resource for whole communication system, and affected the efficient of satellite communication; Specifically describe as follows: 2a) satellite SRC in source calculates route and sends a Detect Agent according to topology; 2b) satellite SRC in source obtains the link condition of the shortest path that Detect Agent returns, if link is normally begin communication, otherwise will
The information that link disconnects or satellite lost efficacy sends to administration agent;
2c) administration agent upgrades the topological relation database and up-to-date topological relation is sent to source satellite SRC;
2d) satellite SRC in source recomputates route according to up-to-date topology, if the link around source satellite SRC or purpose satellite DST has all disconnected, that source satellite SRC just sends to the agency geostationary satellite SC that covers it; If source satellite SRC and purpose satellite DST are covered by same geostationary satellite DC by route SRC-DC-DST communicate by letter, otherwise just by route SRC-SC-EC-DST communicates by letter, geostationary satellite EC covering purpose satellite DST wherein.
According to claim 1 the movement-based of describing agency's the implementation method of double-layer satellite trust model, it is characterized in that the data in communication process are all encrypted, concrete steps are as follows:
Data during 3a) satellite SRC in source acts on behalf of with corresponding secret key encryption, agency after encrypting is sent to purpose satellite DST or database according to different requirements, directly the agency is sent to purpose satellite DST if communicate by letter with purpose satellite DST, the agency is sent to database if send topological update agent to database;
After 3b) purpose satellite DST received the agency, with the data in corresponding secret key decryption agency, communication was completed; 3c) database receives after the topological update agent that source satellite SRC sends with the data in corresponding secret key decryption agency, and successful decryption is renewal as requested, otherwise does not upgrade.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810243912 CN101431361B (en) | 2008-12-10 | 2008-12-10 | Method for implementing double-layer satellite trust model based on mobile proxy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810243912 CN101431361B (en) | 2008-12-10 | 2008-12-10 | Method for implementing double-layer satellite trust model based on mobile proxy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101431361A CN101431361A (en) | 2009-05-13 |
| CN101431361B true CN101431361B (en) | 2013-05-08 |
Family
ID=40646553
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200810243912 Active CN101431361B (en) | 2008-12-10 | 2008-12-10 | Method for implementing double-layer satellite trust model based on mobile proxy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101431361B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104052538A (en) * | 2013-03-12 | 2014-09-17 | 南京理工大学常熟研究院有限公司 | Multi-network integration node safety access middleware |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6023605A (en) * | 1997-03-19 | 2000-02-08 | Fujitsu Limited | Dual layer satellite communications system and geostationary satellite therefor |
| CN101257386A (en) * | 2008-03-11 | 2008-09-03 | 南京邮电大学 | Dynamic accesses control method based on trust model |
| CN101309218A (en) * | 2008-07-09 | 2008-11-19 | 南京邮电大学 | Hierarchical peer-to-peer network traffic detection and control method based on mobile proxy |
-
2008
- 2008-12-10 CN CN 200810243912 patent/CN101431361B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6023605A (en) * | 1997-03-19 | 2000-02-08 | Fujitsu Limited | Dual layer satellite communications system and geostationary satellite therefor |
| CN101257386A (en) * | 2008-03-11 | 2008-09-03 | 南京邮电大学 | Dynamic accesses control method based on trust model |
| CN101309218A (en) * | 2008-07-09 | 2008-11-19 | 南京邮电大学 | Hierarchical peer-to-peer network traffic detection and control method based on mobile proxy |
Non-Patent Citations (1)
| Title |
|---|
| 张勇等.基于移动Agent的双层卫星网动态路由算法.《计算机技术与发展》.2008,第18卷(第9期), * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101431361A (en) | 2009-05-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Choudhary et al. | Internet of drones (iod): Threats, vulnerability, and security perspectives | |
| Chaudhry et al. | A lightweight authentication scheme for 6G-IoT enabled maritime transport system | |
| US9515826B2 (en) | Network topology aided by smart agent download | |
| Sharma et al. | A novel approach for securing data against intrusion attacks in unmanned aerial vehicles integrated heterogeneous network using functional encryption technique | |
| CN104885427A (en) | Context aware network security monitoring for threat detection | |
| CN112953726B (en) | Satellite-ground and inter-satellite networking authentication method, system and application for fusing double-layer satellite network | |
| Wang et al. | An efficient and privacy-preserving blockchain-based authentication scheme for low earth orbit satellite-assisted internet of things | |
| CN104038937A (en) | Network access authentication method applicable to satellite mobile communication network | |
| CN105103619A (en) | Secure routing based on the physical locations of routers | |
| US11392615B2 (en) | Process for establishing trust between multiple autonomous systems for the purposes of command and control | |
| CN108282779A (en) | Incorporate Information Network low time delay anonymous access authentication method | |
| Karbasi et al. | A post-quantum end-to-end encryption over smart contract-based blockchain for defeating man-in-the-middle and interception attacks | |
| Jianwei et al. | Survey on key security technologies for space information networks | |
| Feng et al. | MSNET-Blockchain: A new framework for securing mobile satellite communication network | |
| Liu et al. | A secure and efficient authentication protocol for satellite-terrestrial networks | |
| Guo et al. | Fog service in space information network: Architecture, use case, security and challenges | |
| CN115022879A (en) | Enhanced Beidou user terminal access authentication method and system based on position key | |
| Wu et al. | Threat analysis for space information network based on network security attributes: a review | |
| von Maurich et al. | Data authentication, integrity and confidentiality mechanisms for federated satellite systems | |
| Bao et al. | Blockchain-based secure communication for space information networks | |
| Singh et al. | Blockchain mechanism with Byzantine fault tolerance consensus for Internet of Drones services | |
| CN101483469B (en) | Satellite network safe routing implementing method based on mobile proxy | |
| CN101431361B (en) | Method for implementing double-layer satellite trust model based on mobile proxy | |
| Xiong et al. | A blockchain-based and privacy-preserved authentication scheme for inter-constellation collaboration in Space-Ground Integrated Networks | |
| Wu et al. | Blockchain-based trust model for air traffic management network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20090513 Assignee: Jiangsu Nanyou IOT Technology Park Ltd. Assignor: Nanjing Post & Telecommunication Univ. Contract record no.: 2016320000220 Denomination of invention: Method for implementing double-layer satellite trust model based on mobile proxy Granted publication date: 20130508 License type: Common License Record date: 20161121 |
|
| LICC | Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model | ||
| EC01 | Cancellation of recordation of patent licensing contract | ||
| EC01 | Cancellation of recordation of patent licensing contract |
Assignee: Jiangsu Nanyou IOT Technology Park Ltd. Assignor: Nanjing Post & Telecommunication Univ. Contract record no.: 2016320000220 Date of cancellation: 20180116 |