Summary of the invention
Technical problem: the implementation method that the purpose of this invention is to provide a kind of movement-based agency's double-layer satellite trust model, the advantage of Agent is applied in satellite network, and in conjunction with the characteristics of satellite network self, make satellite can effectively find best route when topology changes, the mechanism that has also proposed simultaneously a kind of mutual mistrust guarantees the safety of data in satellite communication.
Technical scheme: method of the present invention is a kind of method of tactic, acting on behalf of (Agent) by introducing proposes, its target is to introduce geostationary satellite in original dummy satellite, can better solve the link Problem of Failure, also introduce simultaneously a kind of faith mechanism and improved Security of the system.The implementation method of a kind of movement-based agency's of the present invention double-layer satellite trust model is in the double-layer satellite model that is comprised of IRIDIUM and 3 geostationary satellites, the all mutual mistrusts in the process of communication mutually of all satellite nodes, and the data of satellite in communication process are all encrypted, thereby avoid malicious node to intercept and capture, distort communication data, realize reliable, secure communication, specific as follows:
1a) at first introduce geostationary satellite in IRIDIUM, formed new medium and low earth orbit satellites mixed model, source satellite SSat calculates route according to this new dummy satellite, and send a request communication agent to purpose satellite DSat according to this route, simultaneously with the data in corresponding encrypted private key agency, and arrange one and reply overtime T;
After 1b) purpose satellite DSat receives the communication request of source satellite transmission, if source satellite and purpose satellite are covered by same geostationary satellite DSC, the purpose satellite sends a checking to act on behalf of the legitimacy of verifying the source satellite to DSC, verifies the legitimacy of source satellite node to the covering satellite SSC of source satellite otherwise send the checking agency;
1c) at first geostationary satellite DSC or covering satellite SSC verify the legitimacy of purpose satellite node according to the information of database, if legal verify the legitimacy of the satellite node SSat of purpose satellite requests verification, send a checking agency if satellite node SSat is legal to purpose satellite DSat; Cover the legitimacy that satellite can not only the verifying satellites node, can also solve the isolated satellite node problem that satellite link lost efficacy or node failure brings;
1d) whether purpose satellite DSat can communicate by letter with source satellite SSat according to the information decision that the checking agency returns, if source satellite SSat is legal satellite node uses corresponding PKI decryption agent data, return simultaneously one and reply the agency and begin communication, otherwise abandon the request communication agent that source satellite SSat sends;
1e) satellite SSat in source T receives purpose satellite DSat in the time the agency that replys, begins communication, and the data in communication process also all are encrypted, and uses corresponding secret key decryption after the arrival destination node; If do not receive in the time to reply at T and turn 1a).
At step 1a) in, geostationary satellite introduced in IRIDIUM, when the inter-satellite link around satellite node all opens circuit, satellite node just becomes isolated node, not only wasted resource for whole communication system, and affected the efficient of satellite communication, specifically described as follows:
2a) satellite SSat in source calculates route and sends a Detect Agent according to topology;
2b) satellite SSat in source obtains the link condition of the shortest path that Detect Agent returns, if link normally begin communication, otherwise link is disconnected or the information of node failure sends to administration agent;
2c) administration agent upgrades the topological relation database and up-to-date topological relation is sent to source node;
2d) the source satellite recomputates route according to up-to-date topology, if the link around source satellite or purpose satellite has all disconnected, that source satellite just sends to the agency geostationary satellite SSC that covers it; If source satellite SSat is covered communicates by letter by route SSat->SSC->DSat by same geostationary satellite SSC with purpose satellite DSat, otherwise just by route SSat->SSC->DSC->DSat communication.
Data in described communication process are all encrypted, and with this safety that guarantees satellite communication, concrete steps are as follows:
Data during 3a) the source satellite node is acted on behalf of with corresponding secret key encryption, agency after encrypting is sent to purpose satellite or geostationary satellite according to different requirements, if the agency is sent to the purpose satellite with the purpose satellite communication, the agency is sent to geostationary satellite if send topological update agent to geostationary satellite;
3b) the purpose satellite reception is after the agency, and with the data in corresponding secret key decryption agency, communication is completed;
3c) afterwards with the data in corresponding secret key decryption agency, successful decryption upgrades the covering satellite reception as requested, otherwise does not upgrade to the agency of the renewal network topology of satellite transmission.
Beneficial effect: native system has increased geostationary satellite on the basis of original Iridium system, reduced the impact of human factor on satellite communication, simultaneously also by this intelligent entity of mobile Agent, imitated the whole process of satellite communication, the fail safe of satellite communication has been strengthened in the proposition of faith mechanism especially greatly.The below provides specific description:
1, expansibility
Simulate satellite node in reality with this software entity of mobile Agent in native system, therefore to reality in dummy satellite can be by increasing node and the change database manipulation be realized.For example to verify the signal intelligence of Teledic constellation in this system, only the number of Agency need to be revised, then get final product revising corresponding data in the database of topological relation.
2, routing intelligence
The best route of selection that can intelligence when the introducing of intelligent Agent makes Agent communicate by letter between different Agency is even link condition changes and the same can arrive smoothly destination node.When for example Agency A communicates by letter with Agency B, at first A sends an Agent according to the route that calculates, when Agent runs into node failure or link when abnormal, it can select node and the link of normal operation automatically, can't affect because of the abnormal of node and link the smooth arrival of Agent.
3, fail safe
It is all opaque to other communication party that the application of security agent and faith mechanism makes user's all contents when communicating by letter, relevant information that can obtaining communication except it self neither one Agent, can not be threatened security of system even intercept and capture, only to have key and can know just now information in Agent.Physical security has also obtained certain guarantee simultaneously, because the development of mankind's technology is also very weak to the striking capabilities of geostationary satellite, so system can strengthen the fail safe of satellite communication.
4, high efficiency
The Iridium system can improve the feasibility of communicating by letter with the system that geostationary satellite consists of, if illustrate certain satellite node other satellite nodes on every side because human factor all can not be worked, this satellite has also just lost the function that should have so, after increasing geostationary satellite, when this satellite node of bag arrival can not forward, can forward by geostationary satellite, although the time delay of communication is larger, but effectively utilized resource, isolated satellite node is widely applied in communication.
Embodiment
The implementation method of movement-based agency's of the present invention double-layer satellite trust model, in the double-layer satellite model that is formed by IRIDIUM and 3 geostationary satellites, the all mutual mistrusts in the process of communication mutually of all satellite nodes, and the data of satellite in communication process all will be encrypted, thereby avoided the malicious node intercepting and capturing, distorted communication data, realized reliable, secure communication, specific as follows:
1) at first source satellite SSat (Source Satellite) calculates route according to topological model (polar region satellite and geostationary satellite model), and send a request communication agent to purpose satellite DSat (Destination Satellite) according to this route, simultaneously to the information encryption in the agency, and arrange one and reply overtime T;
2) send a checking agency and cover the legitimacy of satellite DSC checking source satellite SSat to it when source satellite SSat and purpose satellite DSat are covered DSat by same satellite, otherwise purpose satellite DSat sends a checking agency to the legitimacy of the covering satellite SSC checking source satellite SSat of source satellite SSat;
3) satellite DSC (Destination Satellite Cover) or SSC (Source Satellite Cover) are according to the legitimacy of the Information Authentication purpose satellite node of database, if legal verify the legitimacy of the satellite node SSat of purpose satellite requests verification, send a checking agency if node SSat is legal to purpose satellite DSat;
4) information returned according to checking agency of purpose satellite DSat determines whether can communicate by letter with SSat, if SSat be legal satellite node return one and reply the agency and begin communication, otherwise abandon the request communication agent that SSat sends;
5) satellite SSat in source T receives purpose satellite DSat in the time the agency that replys, begins communication, otherwise turns 1).
Added 3 geostationary satellites in the individual layer satellite communication system that is formed by the polar region satellite, solved that single-pathway (being that between source satellite and purpose satellite, shortest path only has) occurs that link opens circuit or satellite around link realize the problem of satellite reliable communication when all losing efficacy.Specifically describe as follows:
(1) satellite SSat in source calculates route and sends a Detect Agent according to topology;
(2) satellite SSat in source obtains the link condition of the shortest path that Detect Agent returns, if link normally begin communication, otherwise link is disconnected or the information of node failure sends to administration agent;
(3) administration agent upgrades the topological relation database and up-to-date topological relation is sent to source node;
(4) source node repeats (2) (3) step, recomputates topology.If source satellite SSat is covered communicates by letter by route SSat->SSC->DSat by same geostationary satellite SSC with purpose satellite DSat, otherwise just by route SSat->SSC->DSC->DSat communication.
Encrypt the information in the agency in the satellite communication process by RSA cryptographic algorithms, and then protect the safety of data in communication process, specific as follows:
(1) the source satellite node with the data in the encrypted private key agency, can not obtain relevant information even malicious agent has intercepted the agency;
(2) after the agency arrives the purpose satellite, the data of purpose satellite in the PKI decryption agent;
(3) the database agency that receives the renewal network topology that satellite sends uses the data in the PKI decryption agent afterwards, and successful decryption upgrades as requested, otherwise does not upgrade.
One, architecture
Double-layer satellite network communicating system based on security agent mainly is comprised of two parts, and a part is the foundation of new topological model, and another part is exactly the foundation of trust model.
Building of topological model:
In this model, we represent a satellite node with Agency, come communication between analog satellite with the forwarding of wrapping between Agency.Original IRIDIUM model comprises 66 satellites, when in the iridium satellite model, the link situation occurred being arranged, if source satellite and purpose satellite only have a shortest path, and so just can't proper communication, therefore increased by 3 geostationary satellites in this model.
In this satellite network model, all satellite nodes all represent with Agency, and Agency has all functions that satellite node has.Concrete arrangement is as follows:
Geostationary satellite Agency: we set a special satellite node, and it has disposal ability and route forwarding function on star.In native system, geostationary satellite Agency can communicate by letter with polar region satellite Agency.
Polar region satellite node Agency: this is Agency the most basic in native system, and it can know the information of the satellite node in 3 jumping scopes on every side.The polar region satellite node can be communicated by letter with geostationary satellite Agency with ground based terminal in native system.
Ground based terminal node Agency: it is illustrated in the entity that communicates on the earth, and than the machine station of saying ground or the people who directly communicates etc., no matter be machine station or people, they have identical function certainly in this system, all represent a side of communication.Ground based terminal Agency can communicate by letter with the polar region satellite node, but not every polar region satellite can communicate with, and certain relation must be satisfied in the elevation angle between them.
Definition: suppose to have polar region satellite A and geostationary satellite B, if satisfy certain relation between A and B, such as the difference of longitude of two satellites 60 spend in, claim that B is the covering satellite of A.
Each Agency can send a plurality of Agent, and the function of Agent is also different because of different requirements, mainly contains inquiry Agent in native system, detects Agent and verify in addition Agent, route Agent.
Route is the core of communication, and route will improve the efficient of communication efficiently.Route querying is the core of whole system, and due to the complexity of satellite network self, this has just required a simple algorithm efficiently to adapt with it.In native system, Agency carries out is routing algorithm of short jumping figure.We are defined in two satellite jumping figures adjacent on the geographical position is 1, jumping figure between the polar region satellite of geostationary satellite and its covering is also 1, jumping figure between geostationary satellite is also 1, and therefore in this model, any two intersatellite jumping figures in polar region can not surpass 3.It has certain robustness, when link occur to lose efficacy, its can Automatic-searching effective path communicate.
Suppose to have two satellite Agency A and Agency B, the below is the flow process that they will be communicated by letter
(1) at first Agency A sends an inquiry Agent to the satellite topological database, and the result that inquiry Agent will inquire about is returned to AgencyA;
(2) Agency A obtains current topology information, according to topology calculate between A and B shortest path by;
(3) Agency A surveys Agent according to shortest path by sending one, surveys the break-make situation of current link;
(4) survey Agent and report to Agency A link information, if there is no the abnormal routing to communicate that directly calculates according to Agency A of link;
(5) if surveying Agent detects link and exist and open circuit, the Agency A information that will open circuit sends to database and notification database to upgrade topological data, simultaneously up-to-date link information is notified the A to Agency.
(6) Agency A recomputate after receiving up-to-date topology information shortest path by, then repeat 3-5 step until link information when consistent with actual routing iinformation Agency A just communicate by letter with Agency B.
Module declaration: in this system, mainly contain following module: database module, inquiry Agent module, detection Agent module and Management Agent module.Database has been stored the topological relation between satellite, and link break-make situation, the information of each satellite node in can accessing database, and whether the polar region satellite can be searched route by it, can also find to exist on shortest path and open circuit.Geostationary satellite can judge by the information of database whether certain satellite node can communicate with.
Inquiry Agent module: because the special relationship of satellite network, any one satellite node all can not be trusted the information from other satellite fully, therefore satellite node is separate in system, when certain satellite node will be with other node communications, except calculating route by the topology information in database, it also will send one and survey Agent to related satellite, the information of all satellite nodes and the link information between them above the investigation shortest path.If there is satellite node to occur lost efficacy or the generation of opening circuit is arranged on shortest path, to survey Agent collected information is returned to the source satellite node, the source satellite node recomputates route according to the information of returning.Geostationary satellite also can generated query Agent, because when the polar region satellite will communicate with, must judge first whether the polar region satellite is that it covers satellite, inquiry Agent issues database together with the information of polar region satellite and geostationary satellite, if satisfy covering relation inquire about the information that Agency will can communicate by letter to polar region satellite and geostationary satellite transmission, otherwise Returning ball synchronous satellite and tell its polar region satellite not communicate by letter with it.
Survey the Agent module: detection Agent is an important component part in this mechanism, because between all satellites be all the distrust relation, so when the information that the acquisition database provides, we must go the correctness of authorization information, survey Agent and go to explore the correctness of link information according to given route.Each Agency will transmission regularly survey that Agent detects information to database, with integrality that database is provided and ageing.Because the change database of link circuit condition can not obtain relevant information timely, so explore Agency, the link information of exploring is submitted to database, database just can provide up-to-date topology information like this, only in this way could set up efficient route, improves the efficient of communication.
Management Agent module: due to situations such as being tampered can appear in Agent in this system, inefficacies, therefore just need to there be a unified Agent to manage, in this system, we have a special Agent to be appointed Management Agent, because when a node in network is revised by malice Agent, other Agency in the situation that do not know truth in case and it information interaction is arranged, information leakage will occur so.After having increased Management Agent, after certain Agent is by malicious modification, Management Agent will send to database the information of a node failure, and database root is according to resulting information updating information.Database and Management Agent are being distributed on same main frame, and have set up a kind of complete faith mechanism between Management Agent and database, and namely database information that Management Agent is transmitted can not suspected.
Database module: it is the core of whole system, each Agent can communicate by letter with it, but also there is a kind of trusting relationship between it and Agent, be that database is not necessarily to believe inquiry Agent, because each inquiry Agent possible spoofing becomes a node in the satellite of polar region to obtain the relevant information of other satellite node.Therefore, for inquiry Agent, we have set the reliability that certain cryptographic algorithm guarantees its source.Illustrate: node A sends an inquiry Agent to database, database can not determine whether this Agent really comes from node A, therefore it will be encrypted with PKI the information of inquiry Agent after receiving inquiry Agency, can not obtain relevant information even the information after encryption is intercepted and captured by other malice Agent, set simultaneously a timer.If node A receives inquiry Agent, decipher this Agent with private key and can obtain desired information.Send one if node A does not receive this Agent and reply Agent requirement database repeating transmission inquiry Agent.In timer time, if database is received the Agent that replys that node A sends, retransmission data, otherwise do not send out.Node A is the same with database also to be set one and replys timer, if do not receive at timer time the result that inquiry Agent returns, retransmits inquiry Agent.Geostationary satellite also carries out information interaction with database simultaneously, and the process of specific implementation is similar with the polar region satellite.When the polar region satellite sent information to geostationary satellite, geostationary satellite confirmed that the foundation that can all communicate by letter is exactly that the inquiry Agent that himself sends is from the result of data base querying.
Faith mechanism:
Because intersatellite special relationship, each satellite are selfish independent individuals, are not to trust fully for other information that inquires, only have just can be accepted by satellite through the practice test check.In the fact, because the diverse location of satellite, satellite probably is subject to artificial attack or destruction, and the information that inquires of other satellite may be just efficient and the safety that the foundation of the information of mistake so faith mechanism can improve system greatly so.For example database can often be received the topology information that satellite node returns, for correct information, after database is accepted, safety is not affected, just in case accepted wrong information so the topology of whole system all can change, the efficient of route etc. all can reduce, wasting of resources of satellite node etc., these all disastrous effects are all because malice Agent causes, so the management Agency at database place also will send one and detects Agent and go to confirm whether the information that receives is correct after receiving the return information of satellite node.That is to say that any node all only believes the information that the Agent that oneself sends returns, all will report the attitude of suspection for what other node sent, wait and be sure of to accept after errorless.
Illustrate, if two satellite node A and B, the inquiry Agent of A returns to A with the information of inquiry, the inquiry Agent of B returns to B with the information of inquiry, simultaneously they also will be inquired about satellite topological relation database and then verify whether the information that self inquiry Agent obtains is true, if it is A can communicate by letter with B, otherwise cannot.This mechanism is mainly in order to prevent that malice Agent from intercepting and capturing the inquiry Agent that satellite sends, and destroys intersatellite communication by the information of distorting.
Two, working-flow
From graphical interfaces input relevant parameter, the system acquisition relevant parameter is determined communicating pair (transmit leg and recipient), then notifies transmit leg to begin communication.Suppose that transmit leg is Agency A, the recipient is Agency B, and the below is the detailed workflow of transmit leg.
Agency A workflow:
(1) Agency A sends inquiry Agent to database, searches the best path between Agency A and Agency B according to topology;
(2) database returns to an Agent as a result, tells Agency A how this communicates by letter;
(3) result returned according to database of Agency A sends one and surveys Agent;
(4) result that will return if link has problems is submitted to database update;
(5) database is submitted to Agency A with new routing iinformation, loops, until the information that Agency A submits to according to database is be sure of the no problem rear communication that just begins of link.
Agency B workflow:
(1) B detects the reliability in the source of A after the communication request that receives the A transmission, sends one and confirms that Agent is to management Agency;
(2) management has been after Agency checked the reliability of caller information, gives one of B Agent as a result;
(3) refuse its communication request if there is potential safety hazard in A, otherwise send the Agent that to communicate by letter to A;
For convenience of description, our hypothesis has such application example:
In BeiJing, China and Washington, two people A and B are arranged respectively, they via satellite network come communication.At first to determine the polar region satellite that A and B are nearest.The below is the workflow that first will be communicated by letter:
(1) at first A finds out its nearest polar region satellite Agency A according to geographical relationship, B also will find out its nearest polar region satellite Agency B the same as A;
(2) polar region satellite Agency A Query Database draws the topological relation of current satellite network
(3) calculate source satellite node Agency A to the shortest path of Agency B according to the shortest jumping figure algorithm
(4) send according to the shortest path that calculates the validity that detection Agent verifies will give out a contract for a project path link and node;
(5) if exist on the path link or node abnormal, the details that this is abnormal report to database, database upgrades, and simultaneously up-to-date topology information is sent to Agency A
(6) after Agency A receives up-to-date topology information, circulation (3)->step of (5), until topology does not exist abnormal Agency A just to begin to send bag, send overtime timer one of Agency A inner setting simultaneously;
Agency B is the recipient in satellite communication, and for the bag that sends, it also will guarantee the safety of communicating by letter through certain confirmation process, and the below is the workflow of Agency B;
(1) Agency B is after receiving the bag that Agency A sends, and the relevant information of Agency A is sent to database identification;
(2) whether database identification node Agency A is the node of registration, and will confirm that result returns to Agency B;
(3) receive bag if Agency A is legal node Agency B, begin communication, otherwise refuse its communication request; For Agency A, begin to wait for after sending bag, do not begin proper communication if receive the information that Agency B returns think in sending time-out time, certainly for the Agency of malice, Agency B confirms directly to abandon after its legitimacy the bag of its transmission.