CN112564775A - Spatial information network access control system and authentication method based on block chain - Google Patents

Spatial information network access control system and authentication method based on block chain Download PDF

Info

Publication number
CN112564775A
CN112564775A CN202011505566.1A CN202011505566A CN112564775A CN 112564775 A CN112564775 A CN 112564775A CN 202011505566 A CN202011505566 A CN 202011505566A CN 112564775 A CN112564775 A CN 112564775A
Authority
CN
China
Prior art keywords
satellite
block chain
ground
inter
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011505566.1A
Other languages
Chinese (zh)
Other versions
CN112564775B (en
Inventor
霍如
王志浩
汪硕
魏亮
刘江
黄韬
刘韵洁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Upeed Network Technology Co ltd
Jiangsu Future Networks Innovation Institute
Original Assignee
Nanjing Upeed Network Technology Co ltd
Jiangsu Future Networks Innovation Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Upeed Network Technology Co ltd, Jiangsu Future Networks Innovation Institute filed Critical Nanjing Upeed Network Technology Co ltd
Priority to CN202011505566.1A priority Critical patent/CN112564775B/en
Publication of CN112564775A publication Critical patent/CN112564775A/en
Application granted granted Critical
Publication of CN112564775B publication Critical patent/CN112564775B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/14Relay systems
    • H04B7/15Active relay systems
    • H04B7/185Space-based or airborne stations; Stations for satellite systems
    • H04B7/1851Systems using a satellite or space-based relay
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/14Relay systems
    • H04B7/15Active relay systems
    • H04B7/185Space-based or airborne stations; Stations for satellite systems
    • H04B7/1853Satellite systems for providing telephony service to a mobile station, i.e. mobile satellite service
    • H04B7/18565Arrangements for preventing unauthorised access or for providing user protection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Astronomy & Astrophysics (AREA)
  • Aviation & Aerospace Engineering (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a space information network access control system and an authentication method based on a block chain, and the space information network access control system based on the block chain comprises a ground block chain module, an inter-satellite block chain module and a user side, wherein the ground block chain module comprises a ground station and a gateway station, and each ground station and each gateway station are mutually provided with a link; the inter-satellite block chain module comprises a low-orbit satellite; the user terminal includes each mobile user. The invention also provides a space information network access control authentication method based on the block chain, which comprises a relevant parameter initialization and registration process, an access authentication and authority management control process and a block chain-based handover process. The invention can meet the requirements of rapid authentication and access authority confirmation of user equipment, further enhances the data integrity and safety in the whole process by introducing the block chain, solves the problem of single-point failure of network control NCC in an actual scene, and provides access control and operation traceability functions.

Description

Spatial information network access control system and authentication method based on block chain
Technical Field
The invention relates to the technical field of block chains, in particular to a spatial information network access control system and an authentication method based on a block chain.
Background
The spatial information network makes it possible for any object to connect to the internet anywhere, and the access authentication is the key of the access control of the secure user, mainly to prevent an illegal adversary from accessing the secure network service. However, the communication environment of the star sensor is very complex, which presents a challenging problem for designing a safe and efficient authentication scheme. Blockchains can be viewed as a common, digital and distributed ledger built on peer-to-peer networks, and this technique has been introduced and applied to many network scenarios.
In a blockchain system, data generated by participating entities is issued as transactions, which are packed into one block. Miners add data to the blockchain in chronological order. Notably, the miners who add data are independent entities, without an authority of three parties in the blockchain. All participating entities are stored in blockchains and the blockchains are updated periodically. It is easy for entities in multiple blockchains to accomplish information sharing. Blockchains facilitate systems that do not require a trusted party (e.g., a certificate authority). Therefore, blockchains are ideal techniques for user identity management and access control.
In the aspects of access control and authentication schemes of the spatial information network, an authentication protocol which can prove safe and effective and an effective switching mechanism are designed in the existing scheme. In this scheme, a new authentication system model is introduced, in which the satellite is given the capability to authenticate the user, to avoid online participation of the network control center NCC in authenticating the user, thereby reducing long authentication delays and avoiding single point bottlenecks in the NCC. Furthermore, the support for batch verification in the design of this solution can significantly improve handover efficiency when a group of users is handed over to another satellite.
Through analysis, the scheme is safe to various attacks and can meet various safety requirements. However, the above access control and authentication scheme for the spatial information network has problems in the following aspects:
1. the security of mutual authentication is not high enough
In the mutual authentication of the scheme, the used information is sent from both sides, and further information verification is carried out, so that only non-tampering of the information can be ensured, and a node sending the information cannot be ensured not to be forged maliciously.
2. The provided traceability is not strong
The scheme provides that the corresponding relation based on the user identity and the virtual identity is recorded through the NCC, then the operation behavior of the virtual identity is recorded through the log, and further the behavior of the user is tracked. However, the NCC under this scheme may be attacked or maliciously operated by an operator as a central mechanism, resulting in tampering or deleting the relevant log.
3. Fail to provide fine grained access control
According to the specific flow provided by the scheme, the scheme can only carry out authentication access, and in actual operation, according to the importance of resources, under the application scene of a spatial information network, fine-grained scheme control is necessary.
4. Idealized channel conditions
This scheme assumes that the hub is trusted by all entities in the system and that any adversary cannot compromise the hub. There is a secure channel between the network entity and the NCC to protect the registration process. This is practically impossible.
Disclosure of Invention
Aiming at the problems, the invention designs an access control and authentication method of a space information network based on a block chain, and in order to achieve the purpose of remedying the problems, the technical scheme provided by the invention is as follows:
a spatial information network access control system based on a block chain, comprising: the system comprises a ground block chain module, an inter-satellite block chain module and a user side, wherein the ground block chain module comprises ground stations and gateway stations, and each ground station and each gateway station are provided with a link; the inter-satellite blockchain module comprises a low earth orbit satellite; the user side comprises each mobile user.
Preferably, the ground block chain module is constructed by ground base stations, wherein the ground base stations are divided into the ground stations and the gateway stations, the gateway stations are responsible for satellite control, the ground stations are equivalent to a communication transfer station and are responsible for communication with a satellite, all the ground base stations are part of a block chain, but only the gateway stations are used as part of a network control NCC to jointly fulfill the function of the network control NCC to complete related management work, and the rest ground stations are used as common block chain nodes; and the ground block chain module stores an access identity list, an access control authority list, a real identity and virtual identity corresponding list and a user operation record.
Preferably, the inter-satellite blockchain module is constructed by a low-orbit satellite, and the low-orbit satellite can complete preliminary access verification and access control authority verification by verifying the data of the inter-satellite blockchain module; the inter-satellite blockchain module only stores an access identity list and an access control authority list.
Preferably, the mobile user is composed of user equipments of different types and different architectures, and the user may use multiple ways to complete the access to the spatial information network, and further obtain the relevant service through the verification of the inter-satellite blockchain module or the ground blockchain module.
A spatial information network access authentication method based on a block chain is characterized by comprising a relevant parameter initialization and registration process, an access authentication and authority management control process and a block chain-based handover process.
Preferably, the related parameter initialization and registration process specifically includes the following steps:
step 1: initializing parameters:
when the system is started, nodes with the function of network control NCC in each ground base station are based on the prime field GFPElliptic curve E ofpi(a, b) generating a base point GiWhile generating the long-term private key skNCCiAnd official business form pkNCCi,pkNCCi=skNCCiG; mobile user MUjAlso generates its own private key skjAnd official business form pkj,pkj=skj·G;
Step 2: user registration:
mobile user MUjBy sending registration requests and access rights requests to the network control NCC for the purpose of corresponding the real identity to the virtual identity IDjRegistering to a spatial information network together; after receiving the registration message, the network control NCC first selects n random numbers i (i is 1, 2, …, n), then calculates the ith public key, the temporary identity, a partial private key, and a signature (a mapping table of the temporary identity and the real identity, a timestamp, a temporary lifetime, and an access right), and then the network control NCC needs to complete the uplink operation of the registration record, the signature, and the access right on the ground block chain module, and the update of the access right and the injected identity authentication on the inter-satellite block chain module; then the corresponding satellite node sends the relevant information to the user to the mobile user, the mobile user completes verification of the relevant information, and the mobile user obtainsAfter the relevant information, the generation of the private key of the user is continuously completed through a CL-PKC algorithm, and the registration is completed;
and step 3: satellite registration:
the satellite sends a registration request to the network control NCC; after receiving the registration message, the network control NCC first selects n random numbers i (i is 1, 2, …, n), then calculates the ith public key, the temporary identity, a partial private key, and a signature (a temporary identity and real identity mapping table, a timestamp, a temporary lifetime, and an access right), and then the network control NCC needs to complete the registration record, the signature, the uplink operation of the access right on the ground block chain, and the update of the access right and the injected identity authentication on the inter-satellite block chain; and then other inter-satellite nodes send related information to the newly added satellite node, the satellite node verifies the related information, and after the satellite node obtains the related information, the generation of the private key of the satellite node is continuously completed through a CL-PKC algorithm, so that the registration is completed.
Preferably, the access authentication and rights management control process specifically includes the following steps:
step 1: the mobile user generates parameters such as elliptic curve password basic parameters, secret random numbers, access control authority, time stamps and the like, and then sends a request message containing the parameters to the satellite access node;
step 2: the satellite access node checks the timestamp and calculates delay, if the delay is too large, a rejection message is sent, and the process is stopped; otherwise, taking out the relevant parameters from the inter-satellite block chain, comparing the messages sent by the mobile user, if the comparison is inconsistent, sending a rejection message, and stopping the process; otherwise, the satellite node generates a random number and a time stamp of the satellite node, adds part of parameters sent by the mobile user and sends a message to the ground base station;
and step 3: the method comprises the steps that the ground obtains a message sent by a satellite node, firstly, delay judgment is carried out, and if the message passes, whether the message is sent by the satellite node is continuously checked; if the satellite node passes the encryption, a session key is generated, after encryption, the session key is synchronized to a ground block chain, and is synchronized to an inter-satellite block chain through an intelligent contract, and a notification message is sent to the satellite node; after receiving the message, the satellite node takes out the data from the inter-satellite block chain and sends the data and other negotiation parameters to the mobile user; and after the mobile user receives the data sent by the satellite node, the verification is completed, the user uses the key for decryption to obtain a session key, and the whole verification process is completed.
Preferably, the handover procedure based on the block chain includes two handover schemes, and a specific step of the scheme for the low mobile user is as follows:
(a) preparing:
the ground station has the topology of the satellite constellation and the motion of the satellite, so that the upcoming satellite can be predicted; the ground station then writes the white list (mobile user temporary identity, current connected satellite identity, identity of the satellite to be converted) plus its own signature into the ground and inter-satellite block chain.
(b) The method comprises the following steps:
when the mobile user is located at the overlap of the old and new satellite nodes, he or she decides whether to perform handover according to the received signal strength; before handover, a mobile user sends a request message to an old satellite node, wherein the request message comprises a temporary identity and a new satellite node identity; the old satellite then forwards the request message to the new satellite node.
(c) Step two:
after receiving the request message, the new satellite node performs an inquiry action in the block chain, completes the inquiry and completes the comparison, and otherwise, returns a rejection message.
Preferably, the handover procedure based on the block chain includes two handover schemes, and a second scheme for a high mobile user includes the following specific steps:
(a) preparation of
The ground station possesses the topology of the satellite constellation and the motion of the satellites, so that the upcoming satellites can be predicted. And then the ground station adds the signature of the ground station to the white list, writes the white list into the ground and the inter-satellite block chain, and additionally writes parameters such as the encrypted session key into the ground block chain.
(b) The method comprises the following steps:
when the mobile user is in the overlap area, deciding whether to hand over according to the received signal strength; if the handover is decided, the mobile user sends a request message to the old satellite node, and the generation and the steps of the request message are the same as those in the low-speed moving scheme; then, the old satellite node forwards all the request messages to the new satellite node; after the new satellite node completes verification in the inter-satellite block chain, sending a request message to a new corresponding ground station;
(c) step two:
and after receiving the message, the ground station finishes verification and takes out the related information from the ground block chain, and finishes the transfer work.
The invention provides a system architecture which is divided into three parts, and block chains are constructed and divided according to the difference between ground base stations and between the ground base stations and satellites; then, a registration process of a satellite and a user based on a block chain is provided, and the construction of block chain service and the initialization of related access authority and data are completed; secondly, analyzing the service flow of the spatial information network used by the user, and providing an access authentication and authority management control scheme based on a block chain; finally, a handover scheme based on a block chain is provided for a high-speed mobile satellite and a high-speed mobile user.
Compared with the prior art, the invention has the following advantages:
1. the invention can meet the requirements of rapid authentication and access authority confirmation of user equipment, enhances the data integrity and security of a mobile user in the process of using the space information network service by using a block chain technology, solves the problem of single-point failure of network control NCC in an actual scene, and provides access control and operation traceability functions.
2. The invention provides a satellite based on a block chain and a registration process of a user. The method is characterized in that the access control list and the corresponding data are stored by using the block chain, so that the safety and the integrity of the data are guaranteed.
3. The invention provides an access authentication and authority management control flow based on a block chain. The method is characterized in that the access authentication and the authority management of the mobile user are completed by using a block chain and an intelligent contract technology.
4. The invention provides a handover flow based on a block chain.
Drawings
Fig. 1 is a system architecture diagram of a spatial information network access control system and an authentication method based on a block chain according to the present invention;
fig. 2 is a user registration flowchart of a spatial information network access control system and authentication method based on a block chain;
FIG. 3 is a flow chart of a satellite registration process of a spatial information network access control system and authentication method based on block chains;
fig. 4 is a flow chart of access authentication and right management control of a spatial information network access control system and authentication method based on a block chain;
FIG. 5 is a flow chart of a handover scheme of a low speed mobile subscriber based on a spatial information network access control system and an authentication method of a block chain;
fig. 6 is a flow chart of a handover scheme of a high speed mobile subscriber based on a spatial information network access control system and an authentication method of a block chain.
Detailed Description
The present invention is described in detail below with reference to the drawings and examples, but the present invention is not limited thereto.
The invention provides an access control system of a space information network based on a block chain, which comprises the following steps:
as shown in fig. 1, the present invention divides all entities involved in the resource request process into three parts, including a terrestrial block chain module, an inter-satellite block chain module, and a user end.
(1) Ground block chain module:
the construction is completed by the ground base station. The ground base station is divided into a ground station and a gateway station, the gateway station is responsible for satellite control, such as selection and change of inter-satellite links, and the ground station is equivalent to a communication transfer station and is responsible for communication with the satellite, such as receiving information network transmission data and forwarding to a ground backbone network. All the ground stations are part of the block chain, but only the gateway station can be used as a part of the network control NCC to perform the function of the network control NCC together and complete the related management work, and the rest ground stations are only used as common block chain nodes. And the ground block chain stores an access identity list, an access control authority list, a real identity and virtual identity corresponding list and a user operation record.
(2) Inter-satellite blockchain module:
construction is done by low earth orbit satellites. The satellite can complete preliminary access verification and access control authority verification by verifying the data of the inter-satellite block chain. The inter-satellite block chain only stores an access identity list and an access control authority list.
(3) A user side:
the system consists of user equipment of different types and different architectures, such as a smart phone, an unmanned aerial vehicle, Internet of things equipment, a smart vehicle and the like. The mobile user can use various modes to complete the access of the spatial information network, and further obtain related services through the verification of the inter-satellite block chain or the ground block chain.
The invention also provides a spatial information network access authentication method based on the block chain, which comprises the following steps:
the authentication method comprises three processes, namely a related parameter initialization and registration process, an access authentication and authority management control process and a block chain-based handover process.
As a possible implementation manner, as shown in fig. 2 to 3, the relevant parameter initialization and registration process specifically includes the following steps:
step 1: initializing parameters:
when the system is started, nodes with the function of network control NCC in each ground base station are based on the prime field GFPElliptic curve E ofpi(a, b) generating a base point GiWhile generating the long-term private key skNCCiAnd official business form pkNCCi,pkNCCi=skNCCiG; mobile user MUjAlso generates its own private key skjAnd official business form pkj,pkj=skj·G;
Step 2: user registration:
mobile user MUjBy sending registration requests and access rights requests to the network control NCC for the purpose of corresponding the real identity to the virtual identity IDjRegistering to a spatial information network together; after receiving the registration message, the network control NCC first selects n random numbers i (i is 1, 2, …, n), then calculates the ith public key, the temporary identity, a partial private key, and a signature (a mapping table of the temporary identity and the real identity, a timestamp, a temporary lifetime, and an access right), and then the network control NCC needs to complete the uplink operation of the registration record, the signature, and the access right on the ground block chain module, and the update of the access right and the injected identity authentication on the inter-satellite block chain module; then the corresponding satellite node sends the relevant information to the user to verify the relevant information, and after the mobile user obtains the relevant information, the mobile user continues to complete the generation of the private key by the CL-PKC algorithm, and the registration is completed;
and step 3: satellite registration:
the satellite sends a registration request to the network control NCC; after receiving the registration message, the network control NCC first selects n random numbers i (i is 1, 2, …, n), then calculates the ith public key, the temporary identity, a partial private key, and a signature (a temporary identity and real identity mapping table, a timestamp, a temporary lifetime, and an access right), and then the network control NCC needs to complete the registration record, the signature, the uplink operation of the access right on the ground block chain, and the update of the access right and the injected identity authentication on the inter-satellite block chain; and then other inter-satellite nodes send related information to the newly added satellite node, the satellite node verifies the related information, and after the satellite node obtains the related information, the generation of the private key of the satellite node is continuously completed through a CL-PKC algorithm, so that the registration is completed.
As a possible implementation manner, as shown in fig. 4, the access authentication and rights management control flow specifically includes the following steps:
step 1: the mobile user generates parameters such as elliptic curve password basic parameters, secret random numbers, access control authority, time stamps and the like, and then sends a request message containing the parameters to the satellite access node;
step 2: the satellite access node checks the timestamp and calculates delay, if the delay is too large, a rejection message is sent, and the process is stopped; otherwise, taking out the relevant parameters from the inter-satellite block chain, comparing the messages sent by the mobile user, if the comparison is inconsistent, sending a rejection message, and stopping the process; otherwise, the satellite node generates a random number and a time stamp of the satellite node, adds part of parameters sent by the mobile user and sends a message to the ground base station;
and step 3: the method comprises the steps that the ground obtains a message sent by a satellite node, firstly, delay judgment is carried out, and if the message passes, whether the message is sent by the satellite node is continuously checked; if the satellite node passes the encryption, a session key is generated, after encryption, the session key is synchronized to a ground block chain, and is synchronized to an inter-satellite block chain through an intelligent contract, and a notification message is sent to the satellite node; after receiving the message, the satellite node takes out the data from the inter-satellite block chain and sends the data and other negotiation parameters to the mobile user; and after the mobile user receives the data sent by the satellite node, the verification is completed, the user uses the key for decryption to obtain a session key, and the whole verification process is completed.
As a possible implementation, as shown in fig. 5, there are two handover schemes for the handover procedure based on the block chain, and a specific step of the scheme for the low mobile user is as follows:
(a) preparing:
the ground station has the topology of the satellite constellation and the motion of the satellite, so that the upcoming satellite can be predicted; the ground station then writes the white list (mobile user temporary identity, current connected satellite identity, identity of the satellite to be converted) plus its own signature into the ground and inter-satellite block chain.
(b) The method comprises the following steps:
when the mobile user is located at the overlap of the old and new satellite nodes, he or she decides whether to perform handover according to the received signal strength; before handover, a mobile user sends a request message to an old satellite node, wherein the request message comprises a temporary identity and a new satellite node identity; the old satellite then forwards the request message to the new satellite node.
(c) Step two:
after receiving the request message, the new satellite node performs an inquiry action in the block chain, completes the inquiry and completes the comparison, and otherwise, returns a rejection message.
As a possible implementation manner, as shown in fig. 6, the handover procedure based on the block chain specifically includes the following steps:
(a) preparation of
The ground station possesses the topology of the satellite constellation and the motion of the satellites, so that the upcoming satellites can be predicted. And then the ground station adds the signature of the ground station to the white list, writes the white list into the ground and the inter-satellite block chain, and additionally writes parameters such as the encrypted session key into the ground block chain.
(b) The method comprises the following steps:
when the mobile user is in the overlap area, deciding whether to hand over according to the received signal strength; if the handover is decided, the mobile user sends a request message to the old satellite node, and the generation and the steps of the request message are the same as those in the low-speed moving scheme; then, the old satellite node forwards all the request messages to the new satellite node; after the new satellite node completes verification in the inter-satellite block chain, sending a request message to a new corresponding ground station;
(c) step two:
and after receiving the message, the ground station finishes verification and takes out the related information from the ground block chain, and finishes the transfer work.
The invention provides a system architecture which is divided into three parts, and block chains are constructed and divided according to the difference between ground base stations and between the ground base stations and satellites; then, a registration process of a satellite and a user based on a block chain is provided, and the construction of block chain service and the initialization of related access authority and data are completed; secondly, analyzing the service flow of the spatial information network used by the user, and providing an access authentication and authority management control scheme based on a block chain; finally, a handover scheme based on a block chain is provided for a high-speed mobile satellite and a high-speed mobile user.
The invention solves the tracking problem of user behavior and network control NCC behavior by writing the real-time operation record log into the block chain, and solves the problem of single-point attack and malicious log tampering of operators by controlling the NCC right to each ground base station through the decentralized network.
The invention adds the synchronization of the access control list between the inter-satellite block chain and the ground block chain, thereby solving the problem of fine-grained access control which is not provided by the prior scheme.
The invention disperses the centralized power of the original network control NCC by using the block chain, thereby eliminating the dependence on a trusted channel. This scheme works well even if some networks control the NCC base stations to be under attack or in an environment of untrusted channels.
In particular, the scheme introduces a double-chain mechanism, and further accelerates the verification process of the equipment.
The foregoing shows and describes the general principles, essential features, and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, and the preferred embodiments of the present invention are described in the above embodiments and the description, and are not intended to limit the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (9)

1. A spatial information network access control system based on a block chain, comprising: the system comprises a ground block chain module, an inter-satellite block chain module and a user side, wherein the ground block chain module comprises ground stations and gateway stations, and each ground station and each gateway station are provided with a link; the inter-satellite blockchain module comprises a low earth orbit satellite; the user side comprises each mobile user.
2. The spatial information network access control system based on the block chain as claimed in claim 1, wherein the ground block chain module is constructed by ground base stations, wherein the ground base stations are divided into the ground stations and the gateway stations, the gateway stations are responsible for satellite control, the ground stations are equivalent to a communication transfer station and are responsible for communication with a satellite, all the ground base stations are part of the block chain, but only the gateway stations are used as part of the NCC to jointly fulfill the function of the NCC to complete related management work, and the rest ground stations are used as common block chain nodes only; and the ground block chain module stores an access identity list, an access control authority list, a real identity and virtual identity corresponding list and a user operation record.
3. The system according to claim 1, wherein the inter-satellite blockchain module is constructed by a low earth orbit satellite, and the low earth orbit satellite can complete preliminary access verification and access control authority verification by verifying data of the inter-satellite blockchain module; the inter-satellite blockchain module only stores an access identity list and an access control authority list.
4. The system according to claim 1, wherein the mobile subscriber comprises different types of user equipment with different architectures, and the user can use multiple ways to complete access to the spatial information network, and further obtain the related service through the verification of the inter-satellite blockchain module or the ground blockchain module.
5. A spatial information network access authentication method based on a block chain is characterized by comprising a relevant parameter initialization and registration process, an access authentication and authority management control process and a block chain-based handover process.
6. The method according to claim 5, wherein the initialization and registration process of the related parameters specifically includes the following steps:
step 1: initializing parameters:
when the system is started, nodes with the function of network control NCC in each ground base station are based on the prime field GFPElliptic curve E ofpi(a, b) generating a base point GiWhile generating the long-term private key skNCCiAnd official business form pkNCCi,pkNCCi=skNCCiG; mobile user MUjAlso generates its own private key skjAnd official business form pkj,pkj=skj·G;
Step 2: user registration:
mobile user MUjBy sending registration requests and access rights requests to the network control NCC for the purpose of corresponding the real identity to the virtual identity IDjRegistering to a spatial information network together; after receiving the registration message, the network control NCC first selects n random numbers i (i is 1, 2, …, n), then calculates the ith public key, the temporary identity, a partial private key, and a signature (a mapping table of the temporary identity and the real identity, a timestamp, a temporary lifetime, and an access right), and then the network control NCC needs to complete the uplink operation of the registration record, the signature, and the access right on the ground block chain module, and the update of the access right and the injected identity authentication on the inter-satellite block chain module; then the corresponding satellite node sends the relevant information to the user to verify the relevant information, and after the mobile user obtains the relevant information, the mobile user continues to complete the generation of the private key by the CL-PKC algorithm, and the registration is completed;
and step 3: satellite registration:
the satellite sends a registration request to the network control NCC; after receiving the registration message, the network control NCC first selects n random numbers i (i is 1, 2, …, n), then calculates the ith public key, the temporary identity, a partial private key, and a signature (a temporary identity and real identity mapping table, a timestamp, a temporary lifetime, and an access right), and then the network control NCC needs to complete the registration record, the signature, the uplink operation of the access right on the ground block chain, and the update of the access right and the injected identity authentication on the inter-satellite block chain; and then other inter-satellite nodes send related information to the newly added satellite node, the satellite node verifies the related information, and after the satellite node obtains the related information, the generation of the private key of the satellite node is continuously completed through a CL-PKC algorithm, so that the registration is completed.
7. The method for spatial information network access control authentication based on a block chain according to claim 5, wherein the access authentication and rights management control process specifically includes the following steps:
step 1: the mobile user generates parameters such as elliptic curve password basic parameters, secret random numbers, access control authority, time stamps and the like, and then sends a request message containing the parameters to the satellite access node;
step 2: the satellite access node checks the timestamp and calculates delay, if the delay is too large, a rejection message is sent, and the process is stopped; otherwise, taking out the relevant parameters from the inter-satellite block chain, comparing the messages sent by the mobile user, if the comparison is inconsistent, sending a rejection message, and stopping the process; otherwise, the satellite node generates a random number and a time stamp of the satellite node, adds part of parameters sent by the mobile user and sends a message to the ground base station;
and step 3: the method comprises the steps that the ground obtains a message sent by a satellite node, firstly, delay judgment is carried out, and if the message passes, whether the message is sent by the satellite node is continuously checked; if the satellite node passes the encryption, a session key is generated, after encryption, the session key is synchronized to a ground block chain, and is synchronized to an inter-satellite block chain through an intelligent contract, and a notification message is sent to the satellite node; after receiving the message, the satellite node takes out the data from the inter-satellite block chain and sends the data and other negotiation parameters to the mobile user; and after the mobile user receives the data sent by the satellite node, the verification is completed, the user uses the key for decryption to obtain a session key, and the whole verification process is completed.
8. The method as claimed in claim 5, wherein there are two handover schemes in the handover procedure based on blockchain, and a specific step of the scheme for low mobility users is as follows:
(a) preparing:
the ground station has the topology of the satellite constellation and the motion of the satellite, so that the upcoming satellite can be predicted; the ground station then writes the white list (mobile user temporary identity, current connected satellite identity, identity of the satellite to be converted) plus its own signature into the ground and inter-satellite block chain.
(b) Step 1:
when the mobile user is located at the overlap of the old and new satellite nodes, he or she decides whether to perform handover according to the received signal strength; before handover, a mobile user sends a request message to an old satellite node, wherein the request message comprises a temporary identity and a new satellite node identity; the old satellite then forwards the request message to the new satellite node.
(c) Step 2:
after receiving the request message, the new satellite node performs an inquiry action in the block chain, completes the inquiry and completes the comparison, and otherwise, returns a rejection message.
9. The method as claimed in claim 5, wherein there are two handover schemes in the handover procedure based on the blockchain, and the second scheme for the high mobility user specifically includes the following steps:
(a) preparation of
The ground station possesses the topology of the satellite constellation and the motion of the satellites, so that the upcoming satellites can be predicted. And then the ground station adds the signature of the ground station to the white list, writes the white list into the ground and the inter-satellite block chain, and additionally writes parameters such as the encrypted session key into the ground block chain.
(b) Step 1:
when the mobile user is in the overlap area, deciding whether to hand over according to the received signal strength; if the handover is decided, the mobile user sends a request message to the old satellite node, and the generation and the steps of the request message are the same as those in the low-speed moving scheme; then, the old satellite node forwards all the request messages to the new satellite node; after the new satellite node completes verification in the inter-satellite block chain, sending a request message to a new corresponding ground station;
(c) step 2:
and after receiving the message, the ground station finishes verification and takes out the related information from the ground block chain, and finishes the transfer work.
CN202011505566.1A 2020-12-18 2020-12-18 Spatial information network access control system and authentication method based on block chain Active CN112564775B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011505566.1A CN112564775B (en) 2020-12-18 2020-12-18 Spatial information network access control system and authentication method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011505566.1A CN112564775B (en) 2020-12-18 2020-12-18 Spatial information network access control system and authentication method based on block chain

Publications (2)

Publication Number Publication Date
CN112564775A true CN112564775A (en) 2021-03-26
CN112564775B CN112564775B (en) 2023-04-07

Family

ID=75030364

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011505566.1A Active CN112564775B (en) 2020-12-18 2020-12-18 Spatial information network access control system and authentication method based on block chain

Country Status (1)

Country Link
CN (1) CN112564775B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113051350A (en) * 2021-04-26 2021-06-29 湖南链聚信息科技有限责任公司 Zero trust network access system based on block chain
CN113709734A (en) * 2021-09-17 2021-11-26 中国传媒大学 Unmanned aerial vehicle distributed identity authentication method based on block chain
CN113836552A (en) * 2021-09-18 2021-12-24 中国人民解放军63921部队 Micro-nano star cluster intelligent sensing method based on block chain and application thereof
CN114465815A (en) * 2022-03-15 2022-05-10 浙江大学 Access right control system and method based on block chain and SGX
CN114466359A (en) * 2022-01-07 2022-05-10 中国电子科技集团公司电子科学研究院 Distributed user authentication system and authentication method suitable for low earth orbit satellite network
CN114567366A (en) * 2022-02-17 2022-05-31 北京电信规划设计院有限公司 System and method for sharing vehicle-mounted satellite communication resources based on block chain

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104038937A (en) * 2014-06-24 2014-09-10 中国科学院软件研究所 Network access authentication method applicable to satellite mobile communication network
CN105827304A (en) * 2016-03-21 2016-08-03 南京邮电大学 Gateway station-based satellite network anonymous authentication method
CN107147489A (en) * 2017-05-02 2017-09-08 南京理工大学 Distributed access authentication management method in a kind of LEO satellite network
CN108282779A (en) * 2018-01-24 2018-07-13 中国科学技术大学 Incorporate Information Network low time delay anonymous access authentication method
CN109547213A (en) * 2018-12-14 2019-03-29 西安电子科技大学 Suitable for networking Verification System and method between the star of low-track satellite network
CN110971415A (en) * 2019-12-13 2020-04-07 重庆邮电大学 Space-ground integrated space information network anonymous access authentication method and system
CN111586000A (en) * 2020-04-28 2020-08-25 北京物资学院 Full-proxy homomorphic re-encryption transmission system and operation mechanism thereof
CN112039872A (en) * 2020-08-28 2020-12-04 武汉见邦融智科技有限公司 Cross-domain anonymous authentication method and system based on block chain
CN112087750A (en) * 2020-08-05 2020-12-15 西安电子科技大学 Access and switching authentication method and system under satellite network intermittent communication scene

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104038937A (en) * 2014-06-24 2014-09-10 中国科学院软件研究所 Network access authentication method applicable to satellite mobile communication network
CN105827304A (en) * 2016-03-21 2016-08-03 南京邮电大学 Gateway station-based satellite network anonymous authentication method
CN107147489A (en) * 2017-05-02 2017-09-08 南京理工大学 Distributed access authentication management method in a kind of LEO satellite network
CN108282779A (en) * 2018-01-24 2018-07-13 中国科学技术大学 Incorporate Information Network low time delay anonymous access authentication method
CN109547213A (en) * 2018-12-14 2019-03-29 西安电子科技大学 Suitable for networking Verification System and method between the star of low-track satellite network
CN110971415A (en) * 2019-12-13 2020-04-07 重庆邮电大学 Space-ground integrated space information network anonymous access authentication method and system
CN111586000A (en) * 2020-04-28 2020-08-25 北京物资学院 Full-proxy homomorphic re-encryption transmission system and operation mechanism thereof
CN112087750A (en) * 2020-08-05 2020-12-15 西安电子科技大学 Access and switching authentication method and system under satellite network intermittent communication scene
CN112039872A (en) * 2020-08-28 2020-12-04 武汉见邦融智科技有限公司 Cross-domain anonymous authentication method and system based on block chain

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113051350A (en) * 2021-04-26 2021-06-29 湖南链聚信息科技有限责任公司 Zero trust network access system based on block chain
CN113051350B (en) * 2021-04-26 2022-05-27 湖南链聚信息科技有限责任公司 Zero trust network access system based on block chain
CN113709734A (en) * 2021-09-17 2021-11-26 中国传媒大学 Unmanned aerial vehicle distributed identity authentication method based on block chain
CN113709734B (en) * 2021-09-17 2024-04-26 中国传媒大学 Unmanned aerial vehicle distributed identity authentication method based on blockchain
CN113836552A (en) * 2021-09-18 2021-12-24 中国人民解放军63921部队 Micro-nano star cluster intelligent sensing method based on block chain and application thereof
CN114466359A (en) * 2022-01-07 2022-05-10 中国电子科技集团公司电子科学研究院 Distributed user authentication system and authentication method suitable for low earth orbit satellite network
CN114466359B (en) * 2022-01-07 2024-03-01 中国电子科技集团公司电子科学研究院 Distributed user authentication system and authentication method suitable for low orbit satellite network
CN114567366A (en) * 2022-02-17 2022-05-31 北京电信规划设计院有限公司 System and method for sharing vehicle-mounted satellite communication resources based on block chain
CN114567366B (en) * 2022-02-17 2024-02-23 北京电信规划设计院有限公司 Vehicle-mounted satellite communication resource sharing method based on block chain
CN114465815A (en) * 2022-03-15 2022-05-10 浙江大学 Access right control system and method based on block chain and SGX
CN114465815B (en) * 2022-03-15 2022-11-08 浙江大学 Access right control system and method based on block chain and SGX

Also Published As

Publication number Publication date
CN112564775B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
CN112564775B (en) Spatial information network access control system and authentication method based on block chain
CN111371730B (en) Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scene
US8295488B2 (en) Exchange of key material
CN109547213B (en) Inter-satellite networking authentication system and method suitable for low-earth-orbit satellite network
RU2406251C2 (en) Method and device for establishing security association
CN112039872A (en) Cross-domain anonymous authentication method and system based on block chain
CN108521662B (en) Method and system for safe overhead switching of satellite
CN102447679B (en) Method and system for ensuring safety of peer-to-peer (P2P) network data
CN112953726B (en) Satellite-ground and inter-satellite networking authentication method, system and application for fusing double-layer satellite network
CN104038937A (en) Network access authentication method applicable to satellite mobile communication network
Liu et al. A secure and efficient authentication protocol for satellite-terrestrial networks
CN112235792B (en) Multi-type terminal access and switching authentication method, system, equipment and application
CN112332901A (en) Heaven and earth integrated mobile access authentication method and device
CN115396887A (en) Rapid and safe switching authentication method, device and system for high-speed mobile terminal
CN114466318B (en) Method, system and equipment for realizing multicast service effective authentication and key distribution protocol
CN112653506B (en) Block chain-based handover flow method for spatial information network
CN112615721B (en) Access authentication and authority management control flow method of spatial information network based on block chain
CN109600745B (en) Novel 5G cellular network channel safety system and safety implementation method
Lin et al. A fast iterative localized re-authentication protocol for heterogeneous mobile networks
CN112261650B (en) Network access switching method and device, electronic equipment and storage medium
CN112968765B (en) Parameter initialization registration process method of spatial information network based on block chain
WO2001022685A1 (en) Method and arrangement for communications security
CN112954679B (en) DH algorithm-based LoRa terminal secure access method
Kou et al. An Efficient Authentication and Key Distribution Protocol for Multicast Service in Space‐Ground Integration Network
CN116471037A (en) Identity authentication method and system based on space network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant