CN105827304B - Satellite network anonymous authentication method based on gateway station - Google Patents

Satellite network anonymous authentication method based on gateway station Download PDF

Info

Publication number
CN105827304B
CN105827304B CN201610162478.3A CN201610162478A CN105827304B CN 105827304 B CN105827304 B CN 105827304B CN 201610162478 A CN201610162478 A CN 201610162478A CN 105827304 B CN105827304 B CN 105827304B
Authority
CN
China
Prior art keywords
user
gateway station
tid
key
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610162478.3A
Other languages
Chinese (zh)
Other versions
CN105827304A (en
Inventor
孙力娟
陈思雨
王汝传
韩崇
周剑
肖甫
郭剑
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post and Telecommunication University
Original Assignee
Nanjing Post and Telecommunication University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post and Telecommunication University filed Critical Nanjing Post and Telecommunication University
Priority to CN201610162478.3A priority Critical patent/CN105827304B/en
Publication of CN105827304A publication Critical patent/CN105827304A/en
Application granted granted Critical
Publication of CN105827304B publication Critical patent/CN105827304B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/14Relay systems
    • H04B7/15Active relay systems
    • H04B7/185Space-based or airborne stations; Stations for satellite systems
    • H04B7/18578Satellite systems for providing broadband data service to individual earth stations
    • H04B7/18593Arrangements for preventing unauthorised access or for providing user protection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/14Relay systems
    • H04B7/15Active relay systems
    • H04B7/185Space-based or airborne stations; Stations for satellite systems
    • H04B7/1853Satellite systems for providing telephony service to a mobile station, i.e. mobile satellite service
    • H04B7/18565Arrangements for preventing unauthorised access or for providing user protection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Astronomy & Astrophysics (AREA)
  • Aviation & Aerospace Engineering (AREA)
  • General Physics & Mathematics (AREA)
  • Radio Relay Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of satellite network anonymous authentication method based on gateway station, traditional satellite network authentication method all uses network control center NCC to carry out authorization identifying to user, in order to reduce the authentication calculations amount of network control center NCC, authorization identifying function is transferred to gateway station G by the present invention, alleviate the burden of network control center NCC, the present invention uses message authentication code MAC in verification process, realize the anonymous authentication of user, protect the privacy of user, the present invention is after realizing satellite network to the safety certification of user, complete safety certification of the user to satellite network, two-way authentication is achieved the purpose that, further increase the safety of network.The authentication method of the present invention is broadly divided into two stages, i.e. registration phase and authentication phase.

Description

Satellite network anonymous authentication method based on gateway station
Technical field
The present invention relates to a kind of satellite network anonymous authentication method based on gateway station realizes the double of user and satellite network To certification, the safety of network is further increased, technical field of satellite communication is belonged to.
Background technology
Due to the opening of satellite network channel, the safety issue of satellite network can not be ignored, especially military and Safety problem is most important in business application.Although communication technology of satellite is relatively ripe, security protection therein Technology is still in theory study and experimental stage, it is still desirable to carry out a large amount of research work.How believable satellite network is built How network realizes secret communication, how to confirm the identity information of business participant, these safety problems are us in structure satellite It must take into consideration and solve when network.
User can access system and obtain service by the certification of satellite communication system.If system is not taken more high-strength The authentication mechanism of degree, disabled user can be accessed by protocol attack, to illegally obtain service or destroy system, so Realize the two-way authentication between user terminal and satellite communication system, it is ensured that information comes from validated user, can be effectively prevented from and attack The person of hitting implements to cheat by palming off terminal and satellite.
Invention content
The present invention proposes a kind of satellite network anonymous authentication method based on gateway station, traditional satellite network authentication method All the network control center (Network Control Center, NCC) is used to carry out authorization identifying to user, in order to reduce NCC Authentication calculations amount, authorization identifying function is transferred to gateway station (Gateway, G);The present invention uses in verification process to disappear Authentication code (Message Authentication Code, MAC) is ceased, the anonymous authentication of user is realized, protects that user's is hidden It is private;The present invention completes certification of the user to satellite, has reached two-way authentication while realizing satellite to user safety authentication Purpose further increases the safety of network.
Satellite network anonymous authentication method provided by the invention based on gateway station, the base of conventional satellite method for network authorization On plinth, authorization identifying function is transferred to gateway station, the authentication calculations amount of network control center NCC is greatly reduced, in certification Message authentication code is used in the process, realizes the anonymous authentication of user, protects the privacy of user;The present invention is realizing satellite While to user safety authentication, certification of the user to satellite is completed, has achieved the purpose that two-way authentication, is a kind of safe and effective Authentication method, authentication method of the invention is broadly divided into two stages, i.e. registration phase and authentication phase.
Registration phase:
User U sends the identification number ID of oneselfUGive network control center NCC, network control center's NCC computation keys Key=h (IDU| | the m) key as user U, and provide a temporary identity TID for user UU, finally calculate login keyWherein, m is the permanent private keys of network control center NCC;After registration is completed, user U is preserved Information be [IDU, TIDU, key], registration gateway station preserves a proof list { TIDU, V } and network control center NCC private key m, Network control center NCC preserves information [TIDU, IDU, IDG’, IDSAT], wherein IDG’And IDSATRegistration gateway station G ' is indicated respectively With the identification number of satellite SAT;
Authentication phase:
Step 1:User U generates session key sk=h (key, TIDU) and message authentication code macu=MACkey(IDU, sk), And send message [TIDU, macu] and give access satellite;
Step 2:After satellite SAT receives the message that user U is sent, the identification number ID of oneself is addedSAT, send message [TIDU, macu, IDSAT] give gateway station G;
Step 3:After gateway station G receives the message that satellite SAT is sent, satellite number ID is first checked forSATIt is whether legal, such as Fruit is legal, and gateway station G passes through TIDUThe identity information that user U is checked in proof list, if finding corresponding user information, It is then transferred to step 6, otherwise gateway station G sends message [ID by safe laneG, TIDU] give network control center NCC, wherein IDG For the identification number of gateway station G;
Step 4:Network control center NCC is in the message [ID for receiving gateway station G and sendingG, TIDU] after, pass through TIDUIt searches User's registration information [TIDU, IDU, IDG’, IDSAT], the registration gateway station G ' of user U is searched, if network control center NCC does not have Respective user information is found, then notifies that this user of gateway station G is disabled user, authentification failure;Otherwise, the ID by findingG’ Corresponding registration gateway station G ' is found, and TID is found in the proof list of registration gateway station G 'UCorresponding login key V, so Gateway station G will be transferred to for the login key V of certification user by safe lane afterwards;
Step 5:After gateway station receives the message that the relative users that network control center NCC is sent are disabled user, letter Pass this message of station G is sent to respective satellite and user, and certification terminates;Otherwise, gateway station G is received passes through peace by registration gateway station G ' User authentication message { the TID that all channel is sentU, V }, and this message is preserved;
Step 6:Gateway station G utilizes the TID receivedUCalculate h (TIDU, m), then calculate It obtains IDU', calculate separately key key '=h (IDU', m), session key sk '=h (key ', TIDU), message authentication code macu '= MACkey(IDU', sk '), it checks whether the macu ' being calculated and the macu received are equal, if equal, completes pair The authentication of user, and session key determines, otherwise authentification failure;
If certification success, gateway station G first notifies network control center NCC authenticating user identification successes, NCC to generate One new temporary identity code T IDUnewReplace original TIDU, and by TIDUnewIt is sent to gateway station G, gateway station receives it Afterwards, the TIDU in proof list is replaced with into TIDUnew.And calculate access session codeAnd macG= MACsk’(TIDUnew), then send message [c, macG, IDSAT] give access satellite;
Step 7:Satellite is by macGIt is transmitted to user U with c, after user U is received, calculates authentication registration code macG'= MACsk’(TIDUnew'), whereinCompare the mac being calculatedG' and connect The mac receivedGIt is whether equal, if equal, the success of this access authentication, and next certification TIDUnewIt is authenticated.
The invention has the advantages that:Traditional satellite network authentication method all authorizes user using NCC Certification, the satellite network anonymous authentication method based on gateway station provided by the invention applied to satellite network, by authorization identifying Function is transferred to gateway station, greatly reduces the authentication calculations amount of network control center NCC, and the present invention uses in verification process Message authentication code, realizes the anonymous authentication of user, and the privacy of user, the present invention is protected to realize satellite to user security While certification, certification of the user to satellite is completed, has achieved the purpose that two-way authentication, has further increased the safety of network.
Description of the drawings
Fig. 1 is satellite communication network architecture;
Fig. 2 is the registration phase of authentication method provided by the invention;
Fig. 3 is the authentication phase of authentication method provided by the invention.
Specific implementation mode
As shown in Figure 1, the link that the satellite communication network architecture that the present invention uses is related to has:Inter-satellite link, user Link, feeder link and escape way.
The mark meaning that the present invention uses is:U:Terminal user, SAT:Satellite, G:Gateway station, G ':Registration gateway station, NCC:The network control center.
Message authentication code (MAC):In cryptography, a kind of authentication mechanism that communication entity both sides use ensures message count According to a kind of tool of integrality, the hash functions with secret key can also be referred to as.Message authentication code is plucked based on key and message An obtained value is wanted, data source hair certification and completeness check are can be used for.
Satellite network anonymous authentication method provided by the invention based on gateway station mainly has two stages of registration and certification, Main flow is as follows:
Registration phase, as shown in Figure 2:
User U is before using network, it is necessary first to go to register to network control center NCC, and be distributed for it by NCC User information, it is assumed that NCC is gathered around there are one permanent private key m.User U sends the ID of oneself firstUTo NCC, NCC computation keys Key=h (IDU| | the m) key as user U, and provide a temporary identity TID for user UU, finally calculateAfter registration is completed, the information that user U is preserved is [IDU, TIDU, key], registration gateway station preserves One proof list { TIDU, V } and NCC private keys m, NCC preservation information [TIDU, IDU, IDG’, IDSAT], wherein IDG’And IDSATRespectively Indicate the identification number of registration gateway station G ' and satellite SAT.
Authentication phase, as shown in Figure 3:
Step 1:User U generates session key sk=h (key, TIDU) and message authentication code macu=MACkey(IDU, sk), And send message [TIDU, macu] and give access satellite.
Step 2:After satellite SAT receives the message that user U is sent, the identification number ID of oneself is addedSAT, send message [TIDU, macu, IDSAT] give gateway station G.
Step 3:After gateway station G receives the message that satellite SAT is sent, satellite number ID is first checked forSATIt is whether legal, such as Fruit is legal, and gateway station G passes through TIDUThe identity information that user U is checked in proof list, if finding corresponding user information, It is then transferred to step 6, otherwise gateway station G sends message [ID by safe laneG, TIDU] give network control center NCC.
Step 4:NCC is in the message [ID for receiving gateway station G and sendingG, TIDU] after, pass through TIDUSearch user's registration information [TIDU, IDU, IDG’, IDSAT], the registration gateway station G ' for searching user U is accused if NCC does not find respective user information Know that this user of gateway station G is disabled user, authentification failure.Otherwise, the ID by findingG’Corresponding registration gateway station G ' is found, And find TID in the proof list of G 'UCorresponding login key V, then will be for the note of certification user by safe lane Volume key V is transferred to gateway station G.
Step 5:It, will if gateway station G receives network control center NCC and sends the message that associated user is disabled user This message is sent to respective satellite and user, and certification terminates.Otherwise, gateway station G is received by registration gateway station G ' by believing safely User authentication message { the TID that road is sentU, V }, and this message is preserved.
Step 6:Gateway station G utilizes the TID receivedUCalculate h (TIDU, m), then calculate It obtains IDU', calculate separately key key '=h (IDU', m), session key sk '=h (key ', TIDU), message authentication code macu '= MACkey(IDU', sk '), it checks whether the macu ' being calculated and the macu received are equal, if equal, completes pair The authentication of user, and session key is it was determined that otherwise authentification failure.If certification success, gateway station G are first notified Network control center NCC authenticating user identification successes, NCC generate a new temporary identity code T IDUnewIt replaces originally TIDU, and TIDUnewIt will be sent to gateway station G, after gateway station receives, the TIDU in proof list is also replaced with into TIDUnew.And It calculatesAnd macG=MACsk’(TIDUnew), then send message [c, macG, IDSAT] to access Satellite.
Step 7:Satellite is by macGIt is transmitted to user U with c, after user U is received, is calculated Obtain TIDUnew' and according to TIDUnew' mac is calculatedG'=MACsk’(TIDUnew'), compare the mac being calculatedG' and connect The mac receivedGIt is whether equal, if equal, the success of this access authentication, and next certification TIDUnewIt is authenticated.

Claims (2)

1. a kind of satellite network anonymous authentication method based on gateway station, it is characterised in that:Including registration phase and authentication phase;
Registration phase:
User U sends the identification number ID of oneselfUGive network control center NCC, network control center NCC computation keys key=h (IDU| | the m) key as user U, and provide a temporary identity TID for user UU, finally calculate login keyWherein, m is the permanent private keys of network control center NCC;After registration is completed, user U is preserved Information be [IDU, TIDU, key], registration gateway station preserves a proof list { TIDU, V } and network control center NCC private key m, Network control center NCC preserves information [TIDU, IDU, IDG’, IDSAT], wherein IDG’And IDSATRegistration gateway station G ' is indicated respectively With the identification number of satellite SAT;
Authentication phase:
Step 1:User U generates session key sk=h (key, TIDU) and message authentication code macu=MACkey(IDU, sk), concurrently Send message [TIDU, macu] and give access satellite;
Step 2:After satellite SAT receives the message that user U is sent, the identification number ID of oneself is addedSAT, send message [TIDU, Macu, IDSAT] give gateway station G;
Step 3:After gateway station G receives the message that satellite SAT is sent, satellite number ID is first checked forSATIt is whether legal, if closed Method, gateway station G pass through TIDUCheck that the identity information of user U turns if finding corresponding user information in proof list Enter step 6, otherwise gateway station G sends message [ID by safe laneG, TIDU] give network control center NCC, wherein IDGFor letter Close the identification number of station G;
Step 4:Network control center NCC is in the message [ID for receiving gateway station G and sendingG, TIDU] after, pass through TIDUSearch user Log-on message [TIDU, IDU, IDG’, IDSAT], the registration gateway station G ' of user U is searched, if network control center NCC is not looked for To respective user information, then notify that this user of gateway station G is disabled user, authentification failure;Otherwise, the ID by findingG’It finds Corresponding registration gateway station G ', and find TID in the proof list of registration gateway station G 'UCorresponding login key V, then leads to Gateway station G will be transferred to for the login key V of certification user by crossing safe lane;
Step 5:Gateway station G receives the user authentication message { TID sent by safe lane by registration gateway station G 'U, V }, and This message is preserved;
Step 6:Gateway station G utilizes the TID receivedUCalculate h (TIDU, m), then calculate Obtain IDU', Calculate separately key key '=h (IDU', m), session key sk '=h (key ', TIDU), message authentication code macu '=MACkey (IDU', sk '), check whether the macu ' being calculated and the macu received are equal, if equal, complete to user Authentication, and session key determines, otherwise authentification failure;
If certification success, gateway station G first notifies network control center NCC authenticating user identification successes, NCC to generate one New temporary identity code T IDUnewReplace original TIDU, and by TIDUnewIt is sent to gateway station G, after gateway station receives, TIDU in proof list is replaced with into TIDUnew, and calculate access session codeAnd macG=MACsk’ (TIDUnew), then send message [c, macG, IDSAT] give access satellite;
Step 7:Satellite is by macGIt is transmitted to user U with c, after user U is received, calculates authentication registration code macG'=MACsk’ (TIDUnew'), whereinCompare the mac being calculatedG' and receive macGIt is whether equal, if equal, the success of this access authentication, and next certification TIDUnewIt is authenticated.
2. the satellite network anonymous authentication method based on gateway station as described in claim 1, it is characterised in that:The step 4 In, network control center NCC notifies gateway station G relative users for after disabled user, this message of gateway station G is sent to respective satellite And user, certification terminate.
CN201610162478.3A 2016-03-21 2016-03-21 Satellite network anonymous authentication method based on gateway station Active CN105827304B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610162478.3A CN105827304B (en) 2016-03-21 2016-03-21 Satellite network anonymous authentication method based on gateway station

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610162478.3A CN105827304B (en) 2016-03-21 2016-03-21 Satellite network anonymous authentication method based on gateway station

Publications (2)

Publication Number Publication Date
CN105827304A CN105827304A (en) 2016-08-03
CN105827304B true CN105827304B (en) 2018-11-09

Family

ID=56524186

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610162478.3A Active CN105827304B (en) 2016-03-21 2016-03-21 Satellite network anonymous authentication method based on gateway station

Country Status (1)

Country Link
CN (1) CN105827304B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106850674B (en) * 2016-12-02 2019-07-16 中国电子科技集团公司第三十研究所 A kind of satellite in orbit identity identifying method
CN108055663B (en) * 2017-12-08 2020-08-28 北京理工大学 Lightweight low-orbit constellation networking authentication and group key negotiation method
CN108282778B (en) * 2018-01-23 2020-05-12 中国科学技术大学 Anonymous and rapid roaming access authentication method in space network
CN108282779B (en) * 2018-01-24 2020-05-12 中国科学技术大学 Space-ground integrated space information network low-delay anonymous access authentication method
CN109039436B (en) * 2018-10-23 2020-09-15 中国科学院信息工程研究所 Method and system for satellite security access authentication
CN111431586B (en) * 2020-04-17 2021-09-21 中国电子科技集团公司第三十八研究所 Satellite network safety communication method
CN112968765B (en) * 2020-12-18 2022-07-22 江苏省未来网络创新研究院 Parameter initialization registration process method of spatial information network based on block chain
CN112564775B (en) * 2020-12-18 2023-04-07 江苏省未来网络创新研究院 Spatial information network access control system and authentication method based on block chain
CN112615721B (en) * 2020-12-18 2022-12-06 江苏省未来网络创新研究院 Access authentication and authority management control flow method of spatial information network based on block chain
CN114760030A (en) * 2020-12-26 2022-07-15 西安西电捷通无线网络通信股份有限公司 Identity authentication method and device
CN113472778B (en) * 2021-06-30 2023-04-07 中国人民解放军国防科技大学 Information network safety protection trust system and method
CN113783703B (en) * 2021-11-10 2022-02-25 清华大学 Satellite network terminal security access authentication method, device and system
CN114172669B (en) * 2022-02-15 2022-05-03 之江实验室 Two-stage security access authentication method fusing space-time characteristics in satellite-ground communication

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101945387A (en) * 2010-09-17 2011-01-12 中兴通讯股份有限公司 Method and system of binding access layer secret key and device
CN102761868A (en) * 2012-04-28 2012-10-31 黄林果 Security access authentication method under space network condition
CN103780394A (en) * 2014-01-23 2014-05-07 北京邮电大学 Access authentication and certification scheme applicable to satellite DCS
CN104038937A (en) * 2014-06-24 2014-09-10 中国科学院软件研究所 Network access authentication method applicable to satellite mobile communication network

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9215244B2 (en) * 2010-11-18 2015-12-15 The Boeing Company Context aware network security monitoring for threat detection
US20140229997A1 (en) * 2013-02-08 2014-08-14 Electronics And Telecommunications Research Institute Satellite broadcasting and communication transmitting method and apparatus operable in broad signal to noise ratio (snr) environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101945387A (en) * 2010-09-17 2011-01-12 中兴通讯股份有限公司 Method and system of binding access layer secret key and device
CN102761868A (en) * 2012-04-28 2012-10-31 黄林果 Security access authentication method under space network condition
CN103780394A (en) * 2014-01-23 2014-05-07 北京邮电大学 Access authentication and certification scheme applicable to satellite DCS
CN104038937A (en) * 2014-06-24 2014-09-10 中国科学院软件研究所 Network access authentication method applicable to satellite mobile communication network

Also Published As

Publication number Publication date
CN105827304A (en) 2016-08-03

Similar Documents

Publication Publication Date Title
CN105827304B (en) Satellite network anonymous authentication method based on gateway station
CN110719158B (en) Edge calculation privacy protection system and method based on joint learning
CN105516201B (en) Lightweight anonymous authentication and cryptographic key negotiation method under a kind of environment of multi-server
Chaudhry et al. A lightweight authentication scheme for 6G-IoT enabled maritime transport system
CN109327313A (en) A kind of Bidirectional identity authentication method with secret protection characteristic, server
CN106506168A (en) A kind of safe method based on biological characteristic long-distance identity-certifying
Amin et al. A Two‐Factor RSA‐Based Robust Authentication System for Multiserver Environments
CN109347626B (en) Safety identity authentication method with anti-tracking characteristic
CN105871553A (en) Identity-free three-factor remote user authentication method
CN105471845B (en) Prevent the communication means and system of man-in-the-middle attack
CN104243494B (en) A kind of data processing method
CN108282779A (en) Incorporate Information Network low time delay anonymous access authentication method
Qi et al. An enhanced authentication with key agreement scheme for satellite communication systems
CN105119721B (en) A kind of three factor remote identity authentication methods based on smart card
CN105827395A (en) Network user authentication method
CN105072110A (en) Two-factor remote identity authentication method based on smart card
US20220116385A1 (en) Full-Duplex Password-less Authentication
CN109379176A (en) A kind of certifiede-mail protocol method of anti-password leakage
Singh et al. Information security: Components and techniques
Tzemos et al. Security and efficiency analysis of one time password techniques
Li et al. Comments on “provably secure dynamic id-based anonymous two-factor authenticated key exchange protocol with extended security model”
Li et al. Two-factor user authentication in multi-server networks
Zhai et al. A multi-server biometric authentication scheme based on extended chaotic map for telecare medical information system
Chen et al. An improvement on the self-verification authentication mechanism for a mobile satellite communication system
Sun et al. A lightweight multi-factor mobile user authentication scheme

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20160803

Assignee: NUPT INSTITUTE OF BIG DATA RESEARCH AT YANCHENG CO., LTD.

Assignor: Nanjing Post & Telecommunication Univ.

Contract record no.: X2019980001249

Denomination of invention: Gateway station-based satellite network anonymous authentication method

Granted publication date: 20181109

License type: Common License

Record date: 20191224

EE01 Entry into force of recordation of patent licensing contract