A kind of satellite network dynamic routing method based on mobile agent security
Technical field
The present invention is a kind of dynamic routing method based on mobile proxy technology, is mainly used in solution and uses mobile proxy technology to realize the problem of implementation of the dynamic routing algorithm that data security transmits in satellite network, belongs to the procotol design field.
Background technology
Satellite network is made up of spacecraft, and the maximum effectively principle of comprehensive utilization according to space information resource interconnects the space wireless communication systems of organic formation by wireless communication link between star.Compare with GCF ground communication facility, satellite network communication has wide coverage, especially the wide geographic area (as ocean, desert, zone, polar region) that can the mulched ground torus network is difficult to lay, not influenced by the ground natural calamity, characteristics such as communication cost and range-independence can satisfy the user to professional ever-increasing demands such as high definition television, video conferencing, high transfer of data, video telephone, video request and long-distance educations.To the satellite network Study on Technology, become a focus of research field gradually.
Mobile proxy technology is a kind of emerging technology, can simplify design, realization and the maintenance of distributed system in catenet effectively, is widely used in ecommerce in present stage, information gathering and issue, fields such as network immediately monitoring.Agent be a kind of can be under specific environment the software entity of running continuously and independently, mobile agent can be automatically from a node motion to another node, representative of consumer is carried out different task.Agent generally has following feature:
1) reactivity: a kind of selectable perception and ability to act.
2) autonomy: the ability of Autonomous Control self behavior and internal state.
3) cooperative: coordinate to reach common objective with other Agent.
4) self-learning capability: self possess certain knowledge, and can with user and other Agent mutual in learn new knowledge.
Transmit because mobile agent is the information of carrying out in open network, when the Agent program was roamed in network, its procedure code and data all were unsafe, may have very big security threat in data passes and the communication linkage.In general, the safety problem of mobile agent mainly is divided into two kinds: a kind of is the attack that the protection main frame is not subjected to other mobile agent; Another kind is the attack that the mobile mobile agent of protection is not subjected to other main frame.To this, people have found out the security performance that various mechanism improve mobile agent, as mobile agent is encrypted, the main frame in the network are limited etc.
Routing algorithm is the key technology of supporting network transmission.Present routing algorithm has a lot, generally speaking is divided into two classes: static routing algorithm and dynamic routing algorithm at dissimilar needs, respectively have its pluses and minuses.Static routing is a kind of outstanding route, and it is set by improvement person is manual, and algorithm complex is fairly simple, but has limitation, after network topology changes, can not change automatically; Dynamic algorithm is to calculate route automatically by router, can adapt to the network that topological structure changes easily better.Along with the development and the new business exploitation of network size, traditional Dynamic Routing Algorithm becomes the bottleneck of the mechanism of focusing on gradually.An importance that addresses this problem is that the route algorithm is redesigned.
Because mobile agent possesses various advantages such as mobility, a plurality of route mobile agent traverses network acquisition of informations that can send by routing node improve the route algorithm.Simultaneously, though the method for existing raising mobile agent security performance can be protected Agent to a certain extent, all have defective.Therefore, need to propose a kind of satellite network dynamic routing algorithm, further go deep into research satellite network based on mobile agent security.
Summary of the invention
Technical problem: the objective of the invention is in order to propose a kind of dynamic routing method that can be applicable to satellite network, add mobile mobile proxy technology therein, come the traverses network acquisition of information by the migration of mobile mobile agent in network, carry out the transmission of information.Simultaneously, at the security threat that mobile agent can run in network, adopt to have proposed the safety problem that a kind of new method ensures mobile agent.
Technical scheme: method of the present invention is that the set of node S with whole satellite network is divided into several regional subnet N1, N2 ... Nm (
), each subnet has a central satellite, and other satellites in the subnet are called conventional satellite, and central satellite is in charge of all satellite nodes in the subnet.Each satellite node all has a sub attribute and a neighbor table Nlist (Net List), the sub attribute record subnet number at satellite place, the Nlist neighbor table has write down the Route Selection that satellite arrives other satellites in the subnet.The Nlist of central satellite node also records the path that arrives other subnet central satellite except the Route Selection of the satellite node of record arrival book net.Central satellite has a trust table Tlist (TrustList), has put down in writing which subnet and has been trusted, and can directly carry out data communication.
All satellite nodes in the central satellite management subnet are responsible for the behavior of conventional satellite, regularly detect each conventional satellite, guarantee that the satellite node in the subnet all is safe, can not make malicious act.Trust each other between the conventional satellite in the same subnet, for central satellite is utmost good faith, therefore can directly carry out message transmission between the satellite of same subnet, and not worry that the agent data that transmits data attacked by malicious node or the malice access node.Simultaneously, central satellite also is responsible for communicating the judgement that exchanges with communication security with the satellite of other subnets.The central satellite meeting timed sending test data of each subnet is acted on behalf of the central satellite to other subnet zones, after the central satellite of reception subnet is received, mark off a virtual region for the TestDataAgent operation, and record test data agency's action, if do not record malicious act after test data agency operation is finished, then give the test data agency mandate that allows visit, expression receives the central satellite of subnet and trusts the central satellite that sends subnet.After test data agency migration postbacks the central satellite of sending subnet, check whether its some valuable sources, attribute are modified, if do not distorted, and obtained access authorization, the central satellite that then should send subnet is trusted the central satellite that receives subnet.When the central satellite that the central satellite of subnet P has been trusted subnet Q, just mean that also all satellite nodes of subnet P trust the satellite of subnet Q, the satellite between two subnets just can carry out exchanges data safely, and does not worry having safety problem.
When carrying out data passes between the satellite,, then can directly carry out exchanges data between the two if source satellite and purpose satellite are in same subnet; If source satellite and purpose satellite are in different sub-network, then the source satellite sends the data to the central satellite of place subnet earlier, is sent the data to the central satellite of purpose satellite place subnet again by central satellite, and then is transmitted to the purpose satellite.
The task of central satellite is a lot, both needed to be in charge of the book web area, communicate with the satellite in the subnet, upgrade the routing table in the subnet, detect the behavior act of conventional satellite, handle the communication issue between conventional satellite, communicate with other subnets again simultaneously, upgrade the routing table between the subnet, be responsible for the safety guarantee that communicates with other subnets.If all the time by a satellite as central satellite, occur congestedly possibly at the central satellite place because the amount of information at central satellite place is excessive, become the bottleneck of whole network, cause the decreased performance of network.For this reason, can set a threshold values Ef, when the center satellite contain much information in Ef the time, just in this zone, reselect a central satellite, central satellite originally then becomes conventional satellite.
Routing algorithm of the present invention is a dynamic routing algorithm, can independently upgrade the Route Selection of satellite node according to the topologies change of satellite network.Act on behalf of detective path by the timed sending path between the satellite node, upgrade routing table.Conventional satellite is the agency of the satellite transmission path in this subnet only, upgrades the Nlist of self; Central satellite be except upgrading the Route Selection of this subnet, also wants the timed sending path to act on behalf of central satellite to other subnets, is updated to the Route Selection of other subnet satellites.
The satellite network dynamic routing method that the present invention is based on mobile agent security is divided into several little subnets with whole network, by the mobility characteristics of mobile agent, comes traverses network to carry out the transmission of data, adopt the method for Virtual Space simultaneously, ensure the safety of mobile agent in network, wherein
The partiting step of subnet is as follows:
1.1. satellite i has center
i, cover
i, sub
iThree attributes are put center
iAnd cover
iBe vacation, sub
i=100 represent satellite i neither central satellite does not add any subnet yet,
1.2. with Probability p=2
-αTo neighbours' satellite broadcasting message m sg of satellite i (D
i), wherein α is neighbours' number of satellite i,
1.3. if information msg (D
i) send successfully, then put center
iFor very, sub
i=i, expression satellite i becomes the central satellite of subnet i, changes step 1.5,
1.4. after V timeslice, detect center
iAnd cover
iAttribute is if all be false, after Probability p is doubled, to neighbours' satellite broadcasting message m sg (D
i), change step 1.3,
1.5. when satellite j receives message m sg (D
i) time, judge whether oneself has become central satellite earlier, or added certain subnet; If center
j, cover
jBe vacation, show satellite j neither central satellite, also not adding certain subnet becomes conventional satellite; Loopback a piece of news msg (BD
j) giving satellite i, expression satellite j adds subnet i, becomes the conventional satellite of subnet i, puts cover
jFor very, sub
j=i, otherwise abandon msg (D
i),
1.6. satellite i receives msg (BD
j) after, satellite j is classified as the conventional satellite of this subnet;
After subnet was divided and finished, each subnet all comprised a central satellite and several conventional satellites, and central satellite is responsible for notifying each conventional satellite with the satellite member of this subnet, and the renewal and the information of carrying out route then transmit:
2.1. satellite timed sending route mobile agent t gives satellite on every side, upgrades the Route Selection of self,
2.1.1. conventional satellite is that the purpose satellite sends the route mobile agent successively with the satellite of this subnet,
2.1.2. central satellite is classified the central satellite of this subnet satellite and other subnets as the purpose satellite respectively and is sent the route mobile agent successively,
2.1.3. after the route mobile agent moved from the purpose satellite, the transmission satellite through the path, upgraded the routing table of self according to it;
2.2. central satellite timed sending detection information is given conventional satellite, the action of supervision conventional satellite prevents malicious act, checks the network condition and the resource operating position of conventional satellite, the improper activity of conventional satellite is handled,
2.2.1. the central satellite regularly conventional satellite in subnet sends detection information,
After 2.2.2. detection information reached conventional satellite, behavior act, network condition and the resource operating position of record satellite node were returned central satellite,
2.2.3. detected satellite is implemented unallowed operation or network resource status occurs unusually if detection information has recorded, central satellite is handled it, guarantees normally operation,
2.2.4. if problem is then submitted to central satellite with problem, handle between conventional satellite by it;
2.3. timed sending TestDataAgent between the central satellite of different sub-network detects mobile Agent transmits information between subnet fail safe, testing process each other is as follows:
2.3.1 satellite k regularly sends the test data mobile agent to satellite r,
After 2.3.2. satellite r receives the test data mobile agent, mark off a virtual region for the TestDataAgent operation, the action of record test data mobile agent,
2.3.3. after the operation of test data mobile agent was finished, if everything all is legal, satellite r added regional K in the trust list of oneself, and the permission access attribute of test data mobile agent is changed to very; If have malicious act, then regional K is rejected from trust list, the permission access attribute of test data mobile agent is changed to vacation,
2.3.4. test data mobile agent t moves back satellite k, satellite k checks if do not distorted its valuable source and attribute, and to allow access attribute be very, then region R is added in the trust list, otherwise regional K is rejected from trust list,
Transmit 2.4. carry out data by mobile agent between the satellite,, then directly send according to Route Selection if transmission satellite and purpose satellite are in same subnet; If be in two different sub-networks, the migration path of data mobile agent is: send the central satellite-purpose satellite of the central satellite-purpose satellite place subnet of satellite-transmission satellite place subnet,
2.5. central satellite regularly detects the information flow-rate of self, when amount of information surpasses threshold values Ef, replaces central satellite, the step of replacement is as follows:
2.5.1. the conventional satellite in the subnet is assessed, from amount of information, resource utilization, the central satellite that makes new advances is selected in aspects such as network condition,
2.5.2. former central satellite sends to new central satellite with relevant information, the center attribute of former central satellite is changed to vacation, and the cover attribute is changed to very,
2.5.3. new central satellite is changed to the center attribute of self very,
2.5.4. the message that satellite and other subnets substitute about central satellite in the transmission information notice subnet.
Beneficial effect: the objective of the invention is in order to propose a kind of dynamic routing algorithm that can be applicable to satellite network, in routing algorithm, add mobile proxy technology, come the traverses network acquisition of information by the migration of mobile agent in network, the information of carrying out in the satellite network transmits.
Compare with routing algorithm in the past, the various advantages such as mobility that the present invention has utilized mobile agent to possess, a plurality of route agents traverses network acquisition of information by routing node sends by a kind of special communication mode cooperation, upgrades routing table and network condition adaptively.
Whole satellite network is divided into several local subnets, when certain part of network topology changes, only needs to change that the local subnet zone that changes, can not have influence on other parts of network.Each subnet is in charge of by a central satellite, can the interior satellite node of maximized assurance subnet all be believable, can not make malicious act, only need between the subnet just can guarantee after the central satellite mutual trust that the satellite in whole zone can both trust each other, significantly reduced the overhead and the Internet resources that need for the trust between the assurance satellite.Use the Virtual Space to move mobile agent between the different sub-network, the behavior of record mobile agent has improved the safety guarantee of mobile agent in network.
Conventional satellite in the subnet can alternately become central satellite, has avoided the decline owing to excessive network congestion that causes of the amount of information of central satellite and network performance.Simultaneously, the dynamic routing algorithm that uses among the present invention, each satellite only need regularly be updated to the Route Selection of this subnet satellite, and need not write down the route of whole network, greatly reduced owing to overhead and the Internet resources that cause are surveyed in the path, alleviate the load of network, helped keeping the unobstructed of network.
Description of drawings
Fig. 1 is a flow chart of dividing the subnet zone.
Fig. 2 is the schematic diagram after network subnet is divided.
Fig. 3 is the service chart of mobile agent t in satellite network.
Fig. 4 is the schematic diagram of secure communication between subnet.
Fig. 5 is an inter-satellite data communication schematic diagram.
Embodiment
One, architecture
Satellite network dynamic routing algorithm based on mobile agent security realizes that by the mobile Agent technology renewal of routing algorithm and data transmit.Whole satellite network is divided into several regional subnets, becomes interior satellite node communication of subnet and the data communication between each subnet, simplified network configuration.Adopt virtual region to ensure the communication security of mobile agent.Wherein, the division module of regional subnet, it is to realize the main functional parts of the inventive method that subnet internal control module, secure communication module between subnet, routing update module, central satellite substitute module, below just several concrete parts are provided explanation:
The division of zone subnet
Each satellite node has the sub attribute, center attribute, cover attribute and Nlist neighbor table.The initialization satellite network, putting sub is 100, the attribute of center and cover is false, neighbours' satellite that record can carry out direct communication among the Nlist.To neighbours' satellite broadcasting message, if send successfully, the attribute of putting center is for true with Probability p for satellite node, and sub is the node number of satellite, forms a sub-web area, and this satellite is exactly the central satellite of this subnet.When neighbours' satellite is received message, if center attribute and cover attribute all are false,, show to add this subnet with regard to the loopback a piece of news, become conventional satellite, put the central satellite node number that sub equals to add subnet, put the cover attribute simultaneously for true.When all-ones subnet divide finish after, central satellite number sends to all member's satellites with the subnet number of this subnet and member node.
The subnet internal control
Central satellite is in charge of all conventional satellites in the subnet.Regularly send some detection information to conventional satellite, detect the operation conditions of each conventional satellite, whether have malicious act, if there is malicious act to exist, central satellite will be supervised this conventional satellite, makes it revise the behavior act of self.The problem dispute that takes place when communicating by letter between the conventional satellite also can be submitted to central satellite, is adjudicated by it.Central satellite has absolute authority to supervise and adjudicatory power in subnet, the normal operation of management subnet, and it is safe and reliable to guarantee that all interior conventional satellites of subnet all are.
Secure communication between subnet
The satellite directly migration of the mobile agent by data carries out the transmission of data.Each central satellite has all been represented the satellite subnet at its place, judge whether a subnet can be trusted, as long as judge whether its central satellite can trust.In the present invention, the method for employing Virtual Space realizes the secure communication between subnet, guarantees the safety of the mobile agent of transmission data.Communicate between any two subnet K (central satellite is k) and the subnet R (central satellite is r), the mobile agent of satellite k timed sending test data is given satellite r, after satellite r receives, mark off of the mobile agent operation of a virtual region for test data, the action of the mobile agent of record test data, after the mobile agent operation of test data is finished, if everything all is legal, then satellite r adds regional K in the trust list of oneself, represent that the DataAgent that regional K comes from regional K migration is safe, can trust.Permission access attribute with the mobile agent of test data is changed to very simultaneously; If have malicious act, then regional K is rejected from trust list, the permission access attribute of TestDataAgent is changed to vacation, do not accept for the mobile agent of the data of coming afterwards from regional K migration.TestDataAgent executes the back at satellite r and moves back satellite k, whether be modified by its some valuable sources of satellite k inspection, attribute, if do not distorted, and it is true allowing access attribute, then region R is added in the trust list, the mobile agent of transmission data that can be safe is to regional K, otherwise declare area R is unsafe.
Routing update
Along with the variation of time, the topological structure of satellite network and the position of satellite also can change, and the routing table of satellite need be upgraded immediately.The renewal of Route Selection comprises two kinds of routing update in the subnet and the routing updates between subnet.For conventional satellite, only write down the Route Selection that arrives the satellite in this subnet in their routing table, only need timing to upgrade route to other satellite transmission route mobile agents of this subnet.For Centroid,, also to regularly upgrade the route that arrives other central satellite except writing down the Route Selection that reaches the satellite in this subnet.
Central satellite substitutes
The central satellite whether standard of conversion is the threshold values Ef of amount of information, when center satellite place contain much information in Ef the time, just the conventional satellite in the subnet is assessed, the central satellite that selection makes new advances, former central satellite just becomes conventional satellite after relevant information is sent to new central satellite, with satellite and the message of other subnets about the central satellite replacement in the stylish central satellite transmission information notice subnet.
Two, method flow
Whole satellite network is carried out initialization, neighbours' satellite that record can carry out direct communication in the Nlist neighbor table of every satellite, the amount of information threshold values Ef of setting central satellite carries out the division of subnet.
The partition process of subnet is as follows:
1) satellite i has center
i, cover
i, sub
iThree attributes are put center
iAnd cover
iBe vacation, sub
i=100, satellite i is not neither central satellite adds any subnet yet in expression
2) with Probability p=2
-αTo neighbours' satellite broadcasting message m sg of satellite i (D
i), wherein α is neighbours' number of satellite i
3) if information msg (D
i) send successfully, then put center
iFor very, sub
i=i, expression satellite i becomes the central satellite of subnet i, changes step 5
4) through after V the timeslice, detect center
iAnd cover
iAttribute is if all be false, after Probability p is doubled, to neighbours' satellite broadcasting message m sg (D
i), change step 3
5) receive message m sg (D as satellite j
i) time, judge whether oneself has become central satellite earlier, or added certain subnet.If center
j, cover
jBe vacation, show satellite j neither central satellite, also not adding certain subnet becomes conventional satellite.Loopback a piece of news msg (BD
j) giving satellite i, expression satellite j adds subnet i, becomes the conventional satellite of subnet i, puts cover
jFor very, sub
j=i, otherwise abandon msg (D
i)
6) satellite i receives msg (BD
j) after, satellite j is classified as the conventional satellite of this subnet
After subnet was divided and finished, each subnet all comprised a central satellite and several conventional satellites.Central satellite is responsible for notifying each conventional satellite with the satellite member of this subnet.The renewal and the information of carrying out route then transmit:
1. satellite timed sending route mobile agent is given satellite on every side, upgrades the Route Selection of self
A) conventional satellite is that the purpose satellite sends the route mobile agent successively with the satellite of this subnet
B) central satellite is classified the central satellite of this subnet satellite and other subnets as the purpose satellite respectively and is sent the route mobile agent successively
C) after the route mobile agent moves from the purpose satellite, the transmission satellite through the path, upgrades the routing table of self according to it.
2. central satellite timed sending detection information is given conventional satellite, and the action of supervision conventional satellite prevents malicious act,
Check the network condition and the resource operating position of conventional satellite, the improper activity of conventional satellite is handled
A) conventional satellite of central satellite timing in subnet sends detection information
B) after detection information reached conventional satellite, behavior act, network condition and the resource operating position of record satellite node were returned central satellite
C) detected satellite is implemented unallowed operation or network resource status occurs unusually if detection information has recorded, and central satellite is handled it, guarantees normally operation
D) between conventional satellite if problem is then submitted to central satellite with problem, handle by it
3. timed sending test data mobile agent between the central satellite of different sub-network, detect mobile Agent transmits information between subnet fail safe, for example the mutual testing process between subnet K (central satellite is a satellite k) and the subnet R (central satellite is satellite r) is as follows:
A) satellite k regularly after satellite r transmission test data mobile agent satellite r receives TestDataAgent, marks off a virtual region for the operation of test data mobile agent, the action of record test data mobile agent
B) after the operation of test data mobile agent was finished, if everything all is legal, satellite r added regional K in the trust list of oneself, and the permission access attribute of test data mobile agent is changed to very; If have malicious act, then regional K is rejected from trust list, the permission access attribute of TestDataAgent is changed to vacation
C) the test data mobile agent moves back satellite k, and satellite k checks if do not distorted its valuable source and attribute, and to allow access attribute be very, then region R is added in the trust list, otherwise regional K is rejected from trust list
4. carrying out data by the data mobile agent between the satellite transmits.Be in identical same subnet if send satellite with the purpose satellite, then directly send according to Route Selection; If be in two different sub-networks, the migration path of test data mobile agent is: the central satellite-purpose satellite that sends the central satellite-purpose satellite place subnet of satellite-transmission satellite place subnet
5. central satellite regularly detects the information flow-rate of self, when amount of information surpasses threshold values Ef, replaces central satellite, and the step of replacement is as follows
A) conventional satellite in the subnet is assessed, from amount of information, resource utilization, the central satellite that makes new advances is selected in aspects such as network condition
B) former central satellite sends to new central satellite with relevant information, and the center attribute of former central satellite is changed to vacation, and the cover attribute is changed to very
C) new central satellite is changed to the center attribute of self very
D) message that satellite and other subnets substitute about central satellite in the transmission information notice subnet