CN112688728B - Inter-satellite authentication method, system, medium, equipment, terminal and application - Google Patents
Inter-satellite authentication method, system, medium, equipment, terminal and application Download PDFInfo
- Publication number
- CN112688728B CN112688728B CN202011496129.8A CN202011496129A CN112688728B CN 112688728 B CN112688728 B CN 112688728B CN 202011496129 A CN202011496129 A CN 202011496129A CN 112688728 B CN112688728 B CN 112688728B
- Authority
- CN
- China
- Prior art keywords
- satellite
- authentication
- certificate
- node
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention belongs to the technical field of satellite network communication, and discloses an inter-satellite authentication method, a system, a medium, equipment, a terminal and application, wherein a satellite node acquires an identity and a certificate for authentication between required satellite nodes, certificate information is used as a transaction packaging generation block, the generation block is added into a block chain through consensus verification, a satellite initiates an authentication request, and the satellite node inquires local account book information; if the relevant satellite information is not inquired, satellite authentication is completed by adopting a signaling-based interactive authentication mode and an authentication result is packaged in a new block; if the relevant satellite information is inquired, verifying whether a complete certificate chain exists between the satellite nodes by adopting an authentication mode based on a block chain verification trust chain; if the verification is successful, the satellite nodes finish the authentication, and if the complete certificate chain is not formed, the satellite authentication is finished by adopting a signaling-based interactive authentication mode among the satellites. The invention reduces the time and the expense of encryption and identity authentication by means of a block chain technology.
Description
Technical Field
The invention belongs to the technical field of satellite network communication, and particularly relates to an inter-satellite authentication method, a system, a medium, equipment, a terminal and application.
Background
At present: the medium and low orbit satellite network plays an important role in the communication field due to the characteristics of wide coverage range, high transmission bandwidth, flexible networking, easy maintenance and the like. The satellite communication network and the ground network have similar network vulnerability and face various attacks, and the establishment of a security mechanism is crucial to provide security protection for the satellite network. The safe identity authentication technology can effectively avoid attacks such as entity impersonation, unauthorized access, authentication deception and the like, so that the authentication technologies such as network access, communication entity authentication and the like are important guarantees for realizing safe and stable operation of the satellite communication network. Satellite authentication mainly comprises three authentication requirements, namely satellite-ground authentication, same-layer satellite authentication and inter-layer satellite authentication. At present, a common satellite inter-satellite authentication mode adopts a certificate issued based on public key infrastructure PKI to perform identity authentication, and identity authentication is completed based on signature algorithm information interaction. Depending on the identity authentication of a PKI facility, when the number of nodes is too large, the node authentication time is too long, the node authentication time cannot be well adapted to the dynamic topological change of a satellite network, or a single-point fault is caused when the PKI has a problem, and the subsequent identity authentication of a satellite is directly influenced. The satellite is small in size and multiple in processing services, the mutual restriction factors of the key length, the encryption overhead and the key security need to be considered when the signature algorithm is used, a light-weight encryption algorithm is adopted on a general satellite, the encryption time is shortened by sacrificing part of the key security, and the encryption overhead is reduced.
Through the above analysis, the problems and defects of the prior art are as follows: at present, according to a network dynamic topological structure, a hierarchical CA system is designed, the hierarchical structure jointly bears PKI functions, the satellite size is small, the processing services are more, and the factors of mutual restriction of the aspects of key length, encryption overhead and key safety need to be considered when a signature algorithm is used; the satellite adopts a lightweight encryption algorithm, and the encryption time is reduced by sacrificing part of key security, so that the encryption cost is reduced.
The difficulty in solving the above problems and defects is: in order to ensure the safety and reliability of satellite node identity authentication in the satellite network, more new requirements are put on the length of the secret key. Generally, the longer the key, the higher the security, but the larger the authentication overhead, and how to reasonably balance the length of the key and the security and reliability of the authentication is one of the difficulties in solving the above problems. At present, the common authentication method among satellites is not completely suitable for satellite scenes with various topological structures and dynamically changeable topologies, and how to design a stable inter-satellite authentication method is the second difficulty in solving the problem of satellite authentication. The significance of solving the problems and the defects is as follows: the reliability, traceability and irreplaceability of certificate and identity information storage are realized by using a block chain technology, and rapid authentication among satellites is realized in the satellite authentication process by using the identity and authentication certificate information of the whole network satellite nodes stored and recorded in the local account book of each satellite node.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides an inter-satellite authentication method, a system, a medium, equipment, a terminal and application.
The invention is realized in this way, a satellite node of the inter-satellite authentication method obtains the identity and the certificate of authentication between the required satellite nodes, the certificate information is used as a transaction packaging generation block, the generation block is added into a block chain after consensus verification, the satellite initiates an authentication request, and the satellite node inquires the local account book information; if the information of the relevant satellite is not inquired, satellite authentication is completed by adopting a signaling-based interactive authentication mode and the authentication result is packaged in a new block; if the information of the relevant satellite is inquired, verifying whether a complete certificate chain exists between the satellite nodes by adopting an authentication mode based on a block chain verification trust chain; if the verification is successful, the satellite nodes finish rapid authentication, and if a complete certificate chain is not formed, the satellite authentication is finished by adopting a signaling-based interactive authentication mode among satellites.
Further, the inter-satellite authentication method specifically includes:
firstly, a satellite node initiates an authentication request;
secondly, inquiring whether a local account book has information of relevant satellite nodes;
step three, local account book information is not inquired, and the satellite node performs authentication based on signaling interaction;
fourthly, local account book information is inquired, and the satellite node inquires a complete trust chain based on the block chain for authentication;
fifthly, verifying whether a complete certificate chain is formed between the satellite nodes according to the certificate information;
sixthly, forming a complete certificate chain among the satellite nodes to finish the rapid authentication of the satellite nodes;
seventhly, forming a complete certificate chain between the satellite nodes, and finishing satellite authentication by the satellite nodes based on signaling interaction;
further, the satellite-initiated authentication request comprises: before the first satellite node communicates with the second satellite node, the first satellite node needs to complete mutual identity authentication, and then can negotiate a session key of the communication to complete subsequent satellite communication;
the method for inquiring whether the local account book has the satellite node related information comprises the following steps: the method comprises the steps that a first satellite node adopts an inter-satellite rapid authentication method based on local account book inquiry, firstly, the first satellite node inquires a block chain account book stored locally and searches whether the first satellite node has identity and certificate information of a second satellite node needing communication;
the satellite node authentication method based on signaling interaction comprises the steps that local account book information is not inquired; if the certificate and the identity information of the second satellite node are not found in the local account book by the first satellite node, the fact that rapid authentication cannot be conducted between the first satellite node and the second satellite node is shown, and the first satellite node completes authentication on the second satellite node in an authentication mode based on signaling interaction;
the first satellite node and the second satellite node communicate with each other to realize signaling interaction, respectively authenticate the identity of the other party and pack new authentication information as a transaction into blocks to be stored in a block chain account book;
the method for inquiring the local account book information and the satellite node to inquire the complete trust chain for authentication based on the block chain comprises the following steps: the first satellite node successfully inquires the identity and certificate information of the second satellite node in a local account book, and the first satellite node uses the acquired certificate information to complete the rapid satellite authentication in an authentication mode of inquiring a complete trust chain based on a block chain;
verifying whether a complete certificate chain is formed between two of the satellite nodes based on the certificate information, the method comprising: the first satellite node verifies whether the certificate can form a complete certificate chain or not through the inquired certificate information of the second satellite node, and whether trust transfer between the first satellite node and the second satellite node can be realized or not;
a complete certificate chain is formed among the satellite nodes, and the method for completing the rapid authentication of the satellite nodes comprises the following steps: if a complete certificate chain is formed, the rapid authentication of the satellite node is completed, and the authentication result is packaged into a block as a transaction;
the method for completing satellite authentication by the satellite nodes based on signaling interaction comprises the following steps: if a certificate chain is not formed between the first satellite node and the second satellite node, the first satellite node and the second satellite node cannot realize rapid inter-satellite authentication, the first satellite node completes identity verification of the second satellite node by adopting an authentication mode based on signaling interaction, and new authentication information is packaged into blocks as transactions and stored in a block chain account book.
It is a further object of the invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of: the satellite node acquires an identity and a certificate for authentication between the required satellite nodes, certificate information is used as a transaction packaging generation block, the generation block is added into a block chain after consensus verification, the satellite initiates an authentication request, and the satellite node inquires local account book information; if the information of the relevant satellite is not inquired, satellite authentication is completed by adopting a signaling-based interactive authentication mode and the authentication result is packaged in a new block; if the information of the relevant satellite is inquired, verifying whether a complete certificate chain exists between the satellite nodes by adopting an authentication mode based on a block chain verification trust chain; if the verification is successful, the satellite nodes finish rapid authentication, and if a complete certificate chain is not formed, the satellite authentication is finished by adopting a signaling-based interactive authentication mode among satellites.
It is another object of the present invention to provide a computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of: the satellite node acquires an identity and a certificate for authentication between the required satellite nodes, certificate information is used as a transaction packaging generation block, the generation block is added into a block chain after consensus verification, the satellite initiates an authentication request, and the satellite node inquires local account book information; if the information of the relevant satellite is not inquired, satellite authentication is completed by adopting a signaling-based interactive authentication mode and the authentication result is packaged in a new block; if the information of the relevant satellite is inquired, verifying whether a complete certificate chain exists between the satellite nodes by adopting an authentication mode based on a block chain verification trust chain; if the verification is successful, the satellite nodes finish rapid authentication, and if a complete certificate chain is not formed, the satellite authentication is finished by adopting a signaling-based interactive authentication mode among satellites.
Another object of the present invention is to provide an information data processing terminal, which is used for implementing the inter-satellite authentication method.
Another object of the present invention is to provide an inter-satellite authentication system for implementing the inter-satellite authentication method, the inter-satellite authentication system including:
the authentication request initiating module is used for initiating an authentication request by the satellite node;
the relevant satellite node information confirmation module is used for inquiring whether the local account book has information of relevant satellite nodes;
the signaling interaction authentication module is used for authenticating the satellite node based on signaling interaction without inquiring local account book information;
the trust chain authentication module is used for inquiring local account book information, and the satellite node inquires a complete trust chain based on the block chain to authenticate;
the complete certificate chain forming module is used for verifying whether a complete certificate chain is formed between the satellite nodes according to the certificate information;
the satellite node rapid authentication module is used for forming a complete certificate chain among the satellite nodes to finish rapid authentication of the satellite nodes;
and the satellite authentication complete module is used for completing satellite authentication on the basis of signaling interaction by the satellite nodes without forming a complete certificate chain between the satellite nodes.
Further, the inter-satellite authentication system further includes:
the first certificate: self-certificate information representing the acquired first satellite node and second satellite node;
the second certificate: representing the acquired authentication request and authentication result of the first satellite node and the adjacent second satellite node;
a third certificate: the authentication request and the authentication result of other second satellite nodes within the communication distance from the acquired first satellite node are represented;
a fourth certificate: representing the re-authentication request and the authentication result of the acquired first satellite node and other second satellite nodes within the communication distance;
a fifth certificate: the authentication request and the authentication result of the acquired first satellite node and other second satellite nodes which are not subjected to identity authentication are represented;
a sixth certificate: and the issuing time of the first certificate, the second certificate, the third certificate, the fourth certificate and the fifth certificate of each acquired satellite node is represented.
Further, the first certificate: the first satellite node and the second satellite node use the unique identity marks which are possessed before transmission, use a private key to sign to obtain a self-issued certificate, and identify the identities in the satellite network as transaction records in the block;
the second certificate: the first satellite node and the adjacent second satellite node perform trust transfer with each other, perform authentication based on signaling interaction with the adjacent second satellite node, and use a private key signature certificate to represent the trust relationship between the satellites and the authentication result as a transaction record in a block, wherein the authentication is successful;
a third certificate: the first satellite node and other second satellite nodes within the communication distance adopt an authentication mode based on signaling interaction, if the authentication is successful, the authentication request and the authentication result are all broadcasted in the satellite network and are recorded in the block as transactions;
a fourth certificate: the first satellite node authenticates other second satellite nodes within the communication distance again, due to the driving of the running track of the satellite node and related tasks, after a plurality of complete satellite running periods, the satellite nodes meet again and need to authenticate again, and an authentication mode based on signaling interaction is adopted to record an authentication request and an authentication result as transactions in a block;
a fifth certificate: the first satellite node and other second satellite nodes which never perform identity authentication adopt an authentication mode based on signaling interaction to realize the identity authentication of the two satellite nodes, and an authentication request and an authentication result are taken as transaction records in a block;
a sixth certificate: and for the certificate, acquiring the time for issuing the certificate, and ensuring the timeliness of the certificate.
Another object of the present invention is to provide a satellite network communication terminal, which is used for implementing the inter-satellite authentication method.
By combining all the technical schemes, the invention has the advantages and positive effects that: the invention realizes the rapid authentication between the satellites based on the block chain technology and the trust transfer mechanism. At present, a common authentication mode is inter-satellite authentication which depends on key signature, the overhead of key generation and the time and cost of mutual communication need to be considered, and meanwhile, the authentication time is too long, another common authentication mode is certificate authentication which depends on PKI, the task of central node is too heavy due to centralized storage of a certificate and issuance of the certificate, the certificate issuance time is too long, if a single point of failure occurs, the certificate issuance and authentication of subsequent satellites are directly influenced, and effective identity authentication cannot be provided for each satellite node in a satellite network. By adopting the authentication mode based on local account book inquiry, frequent communication among satellites is not needed, the subsequent authentication problem caused by single-point failure is avoided, all satellite nodes in a satellite network are used as miners' nodes, the identity and certificate information of the satellites are stored locally, rapid inter-satellite authentication is provided for the satellites, and the communication cost and the communication time required by broadcasting of the block chain network block in the same time are greatly reduced. The invention considers the communication security of the satellite network, and the satellite nodes need to pass authentication and negotiate a session key before communicating with each other. Aiming at the situations that the satellites are not communicated in real time and the satellites are met and communicated for a short time in the flight process of the satellites due to the fact that the planes and the tracks of the running orbits of the satellites are not communicated in real time, a block chain is deployed in a satellite network, an authentication mode of locally inquiring an integral certificate chain is adopted, and quick authentication among the satellites is achieved according to whether integral certificate trust transfer is formed or not.
The invention is based on the inter-satellite authentication of the block chain technology, records the authentication information of the satellite safely and reliably, perfects and dynamically updates the authentication information of the nodes in the satellite network according to the block chain account book information, checks whether a complete certificate chain is formed or not by checking the satellite certificate information, and can realize the trust transfer between the satellite nodes, thereby realizing the rapid identity authentication of the satellite. The authentication mode based on local account book inquiry can be better suitable for a satellite communication network, the related problems of PKI can be solved, and the time and the expense of encryption and identity authentication are reduced by means of a block chain technology.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained from the drawings without creative efforts.
Fig. 1 is a flowchart of an inter-satellite authentication method according to an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of an inter-satellite authentication system according to an embodiment of the present invention;
in fig. 2: 1. an authentication request initiating module; 2. a relevant satellite node information confirmation module; 3. a signaling interaction authentication module; 4. a chain of trust authentication module; 5. a complete certificate chain forming module; 6. a satellite node rapid authentication module; 7. and a satellite authentication integrity module.
Fig. 3 is a flowchart of an implementation of the inter-satellite authentication method according to the embodiment of the present invention.
Fig. 4 is a schematic diagram of an authentication information recording entity according to an embodiment of the present invention.
Fig. 5 is a flowchart of a block chain constructing process according to an embodiment of the present invention.
Fig. 6 is a schematic diagram of an inter-satellite authentication process according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In view of the problems in the prior art, the present invention provides an inter-satellite authentication method, system, medium, device, terminal and application, and the present invention is described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the inter-satellite authentication method provided by the present invention includes the following steps:
s101: the satellite node initiates an authentication request;
s102: inquiring whether a local account book has information of relevant satellite nodes;
s103: the satellite node authenticates based on signaling interaction without inquiring local account book information;
s104: local account book information is inquired, and the satellite node inquires a complete trust chain based on the block chain for authentication;
s105: verifying whether a complete certificate chain is formed between the satellite nodes according to the certificate information;
s106: forming a complete certificate chain among the satellite nodes to finish the rapid authentication of the satellite nodes;
s107: and a complete certificate chain is not formed among the satellite nodes, and the satellite nodes complete satellite authentication based on signaling interaction.
Those skilled in the art can also implement the inter-satellite authentication method provided by the present invention by using other steps, and the inter-satellite authentication method provided by the present invention shown in fig. 1 is only one specific embodiment.
As shown in fig. 2, the inter-satellite authentication system provided by the present invention includes:
the authentication request initiating module 1 is used for initiating an authentication request by a satellite node;
the relevant satellite node information confirmation module 2 is used for inquiring whether the local account book has information of relevant satellite nodes;
the signaling interaction authentication module 3 is used for authenticating the satellite node based on signaling interaction without inquiring local account book information;
the trust chain authentication module 4 is used for inquiring local account book information, and the satellite node inquires a complete trust chain based on the block chain for authentication;
a complete certificate chain forming module 5, configured to verify whether a complete certificate chain is formed between satellite nodes according to the certificate information;
the satellite node rapid authentication module 6 is used for forming a complete certificate chain among the satellite nodes to finish rapid authentication of the satellite nodes;
and the satellite authentication integrity module 7 is used for completing satellite authentication based on signaling interaction when an integral certificate chain is not formed between the satellite nodes.
The technical solution of the present invention is further described below with reference to the accompanying drawings.
The inter-satellite authentication method comprises the steps that a satellite node obtains an identity and a certificate of authentication between required satellite nodes, certificate information is used as a transaction package generation block, the generation block is added to a block chain after consensus verification, a satellite initiates an authentication request, the satellite node inquires local account book information, if information of a relevant satellite is not inquired, satellite authentication is completed based on a signaling interaction authentication mode, an authentication result is packaged in a new block, if the information of the relevant satellite is inquired, an authentication mode of checking a trust chain based on the block chain is adopted, whether a complete certificate chain exists between the satellite nodes is checked, if the check is successful, the satellite node completes rapid authentication, and if the complete certificate chain is not formed, satellite authentication is completed based on the signaling interaction authentication mode between the satellites.
Based on the authentication method, the satellite node checks the relevant identity information of the nodes needing identity authentication according to the account book information on the block chain, checks whether a complete certificate chain is formed or not, and realizes the inter-satellite rapid identity authentication.
As shown in fig. 3, based on the block chain technology, the present invention provides an inter-satellite identity authentication method, which includes the following steps:
the method comprises the following steps: the satellite node initiates an authentication request;
wherein, the satellite initiates an authentication request, the method comprises:
before a first satellite node and a second satellite node communicate, mutual identity authentication needs to be completed firstly, and then a session key of the communication can be negotiated to complete subsequent satellite communication;
step two: inquiring whether the local account book has information or not;
the method for inquiring whether the local account book has satellite node related information includes the following steps:
the method comprises the steps that a first satellite node adopts an inter-satellite rapid authentication method based on local account book inquiry, firstly, the first satellite node inquires a block chain account book stored locally and searches whether the first satellite node has identity and certificate information of a second satellite node needing communication; if the first satellite node is successfully searched, the first satellite node adopts an authentication mode of checking a complete certificate chain based on a block chain, and if the first satellite node is unsuccessfully searched, the first satellite node adopts an authentication mode based on signaling interaction;
the satellite nodes adopt an authentication mode based on signaling interaction, signaling interaction for displaying the identity certificate is realized through communication between satellites, and the signaling of the two parties is interacted through multiple times of communication to finish the identity authentication between the satellite nodes;
step three: inquiring certificate information of the satellite nodes based on the block chain;
inquiring certificate information of the satellite node based on the block chain, wherein the method comprises the following steps;
the method comprises the steps that a first satellite node adopts an inter-satellite rapid authentication method based on local account book inquiry, firstly, the first satellite node inquires a block chain account book stored locally and searches whether the first satellite node has identity and certificate information of a second satellite node needing communication;
step four: verifying whether a complete certificate chain is formed between the satellites according to the certificate information;
wherein, whether a complete certificate chain is formed between satellites is verified according to the certificate information, the method comprises the following steps:
the first satellite node successfully inquires the identity and certificate information of a second satellite node needing communication currently in a local account book, and the first satellite node uses the acquired certificate information to complete the rapid satellite authentication by adopting an authentication mode of inquiring a complete trust chain based on a block chain;
step five: inquiring whether a complete certificate chain is formed;
wherein, inquiring whether to form a complete certificate chain, the method comprises:
the first satellite node verifies whether the certificate can form a complete certificate chain or not through the inquired certificate information of the second satellite node, and whether trust transfer between the first satellite node and the second satellite node can be realized or not;
step six: forming a complete certificate chain among the satellite nodes to finish the rapid authentication of the satellite nodes;
the method comprises the following steps that a complete certificate chain is formed among satellite nodes to finish rapid authentication of the satellite nodes, and the method comprises the following steps:
the first satellite node verifies whether a complete certificate chain is formed between the first satellite node and the second satellite node according to the identity information in the local account, the trust between the first satellite node and the second satellite node is successfully transmitted, and if the complete certificate chain is formed, the rapid authentication of the nodes is completed;
step seven: the satellite completes the rapid authentication;
the satellite completes rapid authentication, and the method comprises the following steps:
the method comprises the steps that a first satellite node verifies whether a complete certificate chain is formed between the first satellite node and a second satellite node by adopting an authentication mode based on local account book inquiry, if the complete certificate chain is successfully formed, trust transfer between satellites is achieved, and an authentication result is used as a transaction packaging generation block;
step eight: performing node authentication based on signaling interaction;
the method comprises the following steps of carrying out node authentication based on signaling interaction:
if the first satellite node cannot find the identity and the authentication information related to the second satellite node from the local account book, the rapid authentication between the satellites cannot be realized, if a certificate chain is not formed between the first satellite node and the second satellite node, the rapid inter-satellite authentication between the satellite nodes cannot be realized, the identity verification is completed by adopting an authentication mode based on signaling interaction, and new authentication information is packaged into blocks as transactions and stored in a block chain account book;
step nine: completing authentication;
wherein, the authentication is completed, the method comprises:
the first satellite node and the second satellite node adopt an authentication mode based on signaling interaction, signaling exchange is realized through communication between the satellite nodes, identity authentication between the satellite nodes is completed, and an authentication result is used as a transaction package generation block.
Fig. 4 is a schematic structural diagram of an example of an entity composition of an account book information record of the present invention, and as shown in fig. 4, the entity composition of the account book information record of the embodiment of the present invention includes: the first certificate, the second certificate, the third certificate and the fourth certificate; a fifth certificate; a sixth certificate; wherein:
the first certificate: the first satellite node and the second satellite node both use unique identity marks which are possessed before transmission, use private key signature to obtain a self-issued certificate, and identify self identities in a satellite network as transaction records in the block;
the second certificate: the first satellite node and the adjacent second satellite node perform trust transfer with each other, perform authentication based on signaling interaction with the adjacent second satellite node, and use a private key signature certificate to represent the trust relationship between the satellites and the authentication result as a transaction record in a block, wherein the authentication is successful;
a third certificate: the first satellite node and other second satellite nodes within the communication distance adopt an authentication mode based on signaling interaction, if the authentication is successful, the authentication request and the authentication result are all broadcasted in the satellite network and are recorded in the block as transactions;
a fourth certificate: the first satellite node and other second satellite nodes within the communication distance are authenticated again, due to the driving of the running track of the satellite node and related tasks, after a plurality of complete satellite running periods, the first satellite node meets again and needs to be authenticated again, and an authentication mode based on signaling interaction is adopted to record an authentication request and an authentication result as transactions in a block;
a fifth certificate: the first satellite node and other second satellite nodes which are never authenticated adopt an authentication mode based on signaling interaction to realize the identity authentication of the two satellite nodes, and an authentication request and an authentication result are taken as transaction records in a block;
a sixth certificate: and for the certificate, acquiring the time for issuing the certificate, and ensuring the timeliness of the certificate.
As shown in fig. 5, the satellite network deploys a block chain, and the block chain constructing process includes the following steps:
(1) acquiring a satellite identity and an authentication certificate;
the method comprises the following steps of obtaining satellite identity and authentication certificate:
each satellite uses unique identity information as an identity certificate, issues an identity certificate for the identity of the satellite and signs, each satellite node and a neighbor node of the satellite, each satellite node and other satellite nodes within communication distance from the satellite node issue an identity-approved authentication certificate mutually through authentication based on signaling interaction, and a blockchain acquires the certificate information of each satellite node;
(2) according to the authentication result and the certificate information, the satellite nodes are used as transactions to package and generate blocks;
wherein, according to the authentication result and the certificate information, the block is generated by packaging the transaction by the satellite node, and the method comprises the following steps:
and the identity and the authentication information of each satellite node are used as transaction information, a block is generated by packaging, and the block records the related identity information in the time period. Waiting for the blocks to be added to the block chain, so that other satellite nodes in the whole network also obtain the identity and certificate information of the satellite nodes in the whole network;
(3) the satellite node broadcast block is subjected to consensus verification;
wherein the satellite node broadcast block is consensus verified, the method comprising:
after the satellite node newly generates the block, the block is broadcasted to the satellite network, other satellite nodes verify the authentication certificate and the identity certificate recorded in the block, and after the verification is completed, the block is approved by the block chain through a consensus mechanism;
(4) adding the new block to the chain of blocks;
wherein a new tile is added to a chain of tiles, the method comprising:
the block passing through the consensus mechanism is approved by the block chain, the whole network satellite nodes add the current block into a local account book, the identity and the authentication certificate information of each satellite node are written into the local account book and stored in a local memory of each satellite node, and then the inter-satellite rapid authentication is realized by means of local query.
The technical solution of the present invention is further described with reference to the following specific examples.
Example 1:
as shown in fig. 3, the satellite network deploys a block chain, and the block chain constructing process includes the following steps:
(1) acquiring a satellite identity and an authentication certificate;
each satellite uses unique identity information as an identity certificate, issues an identity certificate for the identity of the satellite and signs, each satellite node and a neighbor node of the satellite, each satellite node and other satellite nodes within communication distance from the satellite node issue an identity-approved authentication certificate mutually through authentication based on signaling interaction, and a blockchain acquires the certificate information of each satellite node;
(2) according to the authentication result and the certificate information, the satellite nodes are used as transactions to package and generate blocks;
and the identity and the authentication information of each satellite node are used as transaction information, a block is generated by packaging, and the block records the related identity information in the time period. Waiting for the blocks to be added to the block chain, so that other satellite nodes in the whole network also obtain the identity and certificate information of the satellite nodes in the whole network;
(3) the satellite node broadcast block is subjected to consensus verification;
after the satellite node newly generates the block, the block is broadcasted to the satellite network, other satellite nodes verify the authentication certificate and the identity certificate recorded in the block, and after the verification is completed, the block is approved by the block chain through a consensus mechanism;
(4) adding the new block to the chain of blocks;
the block passing through the consensus mechanism is approved by the block chain, the whole network satellite nodes add the current block into a local account book, the identity and the authentication certificate information of each satellite node are written into the local account book and stored in a local memory of each satellite node, and then the inter-satellite rapid authentication is realized by means of local query.
As shown in fig. 6, in the schematic diagram of the inter-satellite authentication process provided in the embodiment of the present invention, the satellite nodes 601, 602, and 603 are each a neighboring node, the satellite nodes 604, 605, and 606 are each a neighboring node, each satellite node in the satellite network, for example, the satellite node 601 issues an identity certificate for itself by using its own identity, performs two-way communication with its own neighbor nodes 602 and 603, completes the identity authentication based on signaling interaction, and after the authentication is completed, issues an authentication certificate for the neighbor nodes 602 and 603, other satellite nodes perform the same operation as the satellite node 601, the issuance of the identity certificate and the authentication certificate of the satellite node in the inter-satellite authentication system is completed, the relevant identity and the authentication information of the satellite network are used as transaction packaging generation blocks, after consensus, the block is written into a block chain, and each satellite node completes the updating consistency of the account book in a local memory. The inter-satellite authentication of the subsequent satellite is completed according to the block chain technology.
Example 2:
as shown in fig. 1, the inter-satellite authentication method provided by the present invention includes the following steps:
s101: the satellite node initiates an authentication request;
s102: inquiring whether a local account book has information of relevant satellite nodes;
s103: the satellite node authenticates based on signaling interaction without inquiring local account book information;
s104: local account book information is inquired, and the satellite node inquires a complete trust chain based on the block chain for authentication;
s105: verifying whether a complete certificate chain is formed between the satellite nodes according to the certificate information;
s106: forming a complete certificate chain among the satellite nodes to finish the rapid authentication of the satellite nodes;
s107: and a complete certificate chain is not formed among the satellite nodes, and the satellite nodes complete satellite authentication based on signaling interaction.
As shown in fig. 6, in the schematic diagram of the inter-satellite authentication process provided in the embodiment of the present invention, the satellite nodes 601, 602, and 603 are neighboring nodes, and the satellite nodes 604, 605, and 606 are neighboring nodes. When the satellite node 601 needs to communicate with the satellite node 604 in the satellite network due to the driving of the operation track and the task, the satellite node 601 and the satellite node 604 need to perform identity authentication first before the session key can be negotiated. The satellite node 601 firstly initiates an authentication request with the satellite node 604 to the satellite network, then the satellite node 601 checks whether the local account book has the related information of the satellite node 604, if the stored related information exists in the account book, the satellite node 601 checks whether an authentication certificate exists between the satellite node 604 and the own neighbor node according to the account book information, and if the certificate information exists between the satellite node 604 and the neighbor node 603 of the satellite node 601, the satellite node 603 completes the identity authentication with the satellite node 604 and completely trusts the satellite node 604. Because a trust relationship exists between the satellite node 603 and the satellite node 601, the satellite node 601 and the satellite node 604 form a complete certificate chain by means of the neighbor node 603, and the rapid authentication between the satellite node 601 and the satellite node 604 is completed. If the account book does not store related information, it is indicated that the satellite node 604 is not authenticated by the nodes in the satellite network, at this time, the satellite node 601 and the satellite node 604 perform an authentication mode based on signaling interaction to complete identity authentication between the two nodes, and a new authentication result is packaged as a transaction into a block and written into a block chain, so that the supplement of the satellite network identity and authentication certificate information recorded in the account book is completed, and the subsequent satellite nodes can conveniently complete rapid authentication between satellites by adopting an authentication mode based on local query.
It should be noted that the embodiments of the present invention can be realized by hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided on a carrier medium such as a disk, CD-or DVD-ROM, programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier, for example. The apparatus and its modules of the present invention may be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of hardware circuits and software, e.g., firmware.
The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.
Claims (8)
1. A method for authenticating between satellites is characterized in that a satellite node of the method for authenticating between satellites obtains identity and a certificate for authenticating between the required satellite nodes, certificate information is used as a transaction packaging generation block, the generation block is added into a block chain after being verified by consensus, a satellite initiates an authentication request, and the satellite node inquires local account book information; if the information of the relevant satellite is not inquired, satellite authentication is completed by adopting a signaling-based interactive authentication mode and the authentication result is packaged in a new block; if the information of the relevant satellite is inquired, verifying whether a complete certificate chain exists between the satellite nodes by adopting an authentication mode based on a block chain verification trust chain; if the verification is successful, the satellite nodes finish rapid authentication, and if a complete certificate chain is not formed, the satellite authentication is finished by adopting a signaling-based interactive authentication mode among satellites.
2. The inter-satellite authentication method according to claim 1, wherein the inter-satellite authentication method specifically comprises:
firstly, a satellite node initiates an authentication request;
secondly, inquiring whether a local account book has information of relevant satellite nodes;
step three, local account book information is not inquired, and the satellite node performs authentication based on signaling interaction;
fourthly, local account book information is inquired, and the satellite node inquires a complete trust chain based on the block chain for authentication;
fifthly, verifying whether a complete certificate chain is formed between the satellite nodes according to the certificate information;
sixthly, forming a complete certificate chain among the satellite nodes to finish the rapid authentication of the satellite nodes;
and seventhly, forming a complete certificate chain between the satellite nodes, and finishing satellite authentication by the satellite nodes based on signaling interaction.
3. The inter-satellite authentication method of claim 2, wherein the satellite initiating the authentication request comprises: before the first satellite node communicates with the second satellite node, the first satellite node needs to complete mutual identity authentication, and then can negotiate a session key of the communication to complete subsequent satellite communication;
the method for inquiring whether the local account book has the satellite node related information comprises the following steps: the method comprises the steps that a first satellite node adopts an inter-satellite rapid authentication method based on local account book inquiry, firstly, the first satellite node inquires a block chain account book stored locally and searches whether the first satellite node has identity and certificate information of a second satellite node needing communication;
the satellite node authentication method based on signaling interaction comprises the steps that local account book information is not inquired; if the certificate and the identity information of the second satellite node are not found in the local account book by the first satellite node, the fact that rapid authentication cannot be conducted between the first satellite node and the second satellite node is shown, and the first satellite node completes authentication on the second satellite node in an authentication mode based on signaling interaction;
the first satellite node and the second satellite node communicate to realize signaling interaction, respectively authenticate the identity of the other party, pack new authentication information as a transaction into blocks and store the blocks in a block chain account book;
the method for inquiring the local account book information and the satellite node to inquire the complete trust chain for authentication based on the block chain comprises the following steps: the first satellite node successfully inquires the identity and certificate information of the second satellite node in a local account book, and the first satellite node uses the acquired certificate information to complete the rapid satellite authentication in an authentication mode of inquiring a complete trust chain based on a block chain;
verifying whether a complete certificate chain is formed between two of the satellite nodes based on the certificate information, the method comprising: the first satellite node verifies whether the certificate can form a complete certificate chain or not through the inquired certificate information of the second satellite node, and whether trust transfer between the first satellite node and the second satellite node can be realized or not;
a complete certificate chain is formed among the satellite nodes, and the method for completing the rapid authentication of the satellite nodes comprises the following steps: if a complete certificate chain is formed, the rapid authentication of the satellite node is completed, and the authentication result is packaged into a block as a transaction;
the method for completing satellite authentication by the satellite nodes based on signaling interaction comprises the following steps: if the certificate chain is not formed between the first satellite node and the second satellite node, the first satellite node and the second satellite node cannot realize rapid inter-satellite authentication, the first satellite node completes identity verification of the second satellite node by adopting an authentication mode based on signaling interaction, and new authentication information is packaged into blocks as transactions and stored in a block chain account book.
4. A computer device, characterized in that the computer device comprises a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of: the satellite node acquires an identity and a certificate for authentication between the required satellite nodes, certificate information is used as a transaction packaging generation block, the generation block is added into a block chain after consensus verification, the satellite initiates an authentication request, and the satellite node inquires local account book information; if the information of the relevant satellite is not inquired, satellite authentication is completed by adopting a signaling-based interactive authentication mode and the authentication result is packaged in a new block; if the information of the relevant satellite is inquired, verifying whether a complete certificate chain exists between the satellite nodes by adopting an authentication mode based on a block chain verification trust chain; if the verification is successful, the satellite nodes finish rapid authentication, and if a complete certificate chain is not formed, the satellite authentication is finished by adopting a signaling-based interactive authentication mode among satellites.
5. A computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of: the satellite node acquires an identity and a certificate for authentication between the required satellite nodes, certificate information is used as a transaction packaging generation block, the generation block is added into a block chain after consensus verification, the satellite initiates an authentication request, and the satellite node inquires local account book information; if the information of the relevant satellite is not inquired, satellite authentication is completed by adopting a signaling-based interactive authentication mode and the authentication result is packaged in a new block; if the information of the relevant satellite is inquired, verifying whether a complete certificate chain exists between the satellite nodes by adopting an authentication mode based on a block chain verification trust chain; if the verification is successful, the satellite nodes finish rapid authentication, and if a complete certificate chain is not formed, the satellite authentication is finished by adopting a signaling-based interactive authentication mode among satellites.
6. An inter-satellite authentication system for implementing the inter-satellite authentication method according to any one of claims 1 to 3, the inter-satellite authentication system comprising:
the authentication request initiating module is used for initiating an authentication request by the satellite node;
the relevant satellite node information confirmation module is used for inquiring whether the local account book has information of relevant satellite nodes;
the signaling interaction authentication module is used for authenticating the satellite node based on signaling interaction without inquiring local account book information;
the trust chain authentication module is used for inquiring local account book information, and the satellite node inquires a complete trust chain based on the block chain to authenticate;
the complete certificate chain forming module is used for verifying whether a complete certificate chain is formed between the satellite nodes according to the certificate information;
the satellite node rapid authentication module is used for forming a complete certificate chain among the satellite nodes to finish rapid authentication of the satellite nodes;
and the satellite authentication complete module is used for completing satellite authentication on the basis of signaling interaction by the satellite nodes without forming a complete certificate chain between the satellite nodes.
7. The inter-satellite authentication system of claim 6, further comprising:
the first certificate: self-certificate information representing the acquired first satellite node and second satellite node;
the second certificate: representing the acquired authentication request and authentication result of the first satellite node and the adjacent second satellite node;
a third certificate: the authentication request and the authentication result of other second satellite nodes within the communication distance from the acquired first satellite node are represented;
a fourth certificate: representing the re-authentication request and the authentication result of the acquired first satellite node and other second satellite nodes within the communication distance;
a fifth certificate: the authentication request and the authentication result of the acquired first satellite node and other second satellite nodes which are not subjected to identity authentication are represented;
a sixth certificate: and the issuing time of the first certificate, the second certificate, the third certificate, the fourth certificate and the fifth certificate of each acquired satellite node is represented.
8. The inter-satellite authentication system of claim 7, wherein the first certificate: the first satellite node and the second satellite node use the unique identity marks which are possessed before transmission, use a private key to sign to obtain a self-issued certificate, and identify the identities in the satellite network as transaction records in the block;
the second certificate: the first satellite node and the adjacent second satellite node perform trust transfer with each other, perform authentication based on signaling interaction with the adjacent second satellite node, and use a private key signature certificate to represent the trust relationship between the satellites and the authentication result as a transaction record in a block, wherein the authentication is successful;
a third certificate: the first satellite node and other second satellite nodes within the communication distance adopt an authentication mode based on signaling interaction, if the authentication is successful, the authentication request and the authentication result are all broadcasted in the satellite network and are recorded in the block as transactions;
a fourth certificate: the first satellite node authenticates other second satellite nodes within the communication distance again, due to the driving of the running track of the satellite node and related tasks, after a plurality of complete satellite running periods, the satellite nodes meet again and need to authenticate again, and an authentication mode based on signaling interaction is adopted to record an authentication request and an authentication result as transactions in a block;
a fifth certificate: the first satellite node and other second satellite nodes which never perform identity authentication adopt an authentication mode based on signaling interaction to realize the identity authentication of the two satellite nodes, and an authentication request and an authentication result are taken as transaction records in a block;
a sixth certificate: and for the certificate, acquiring the time for issuing the certificate, and ensuring the timeliness of the certificate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011496129.8A CN112688728B (en) | 2020-12-17 | 2020-12-17 | Inter-satellite authentication method, system, medium, equipment, terminal and application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011496129.8A CN112688728B (en) | 2020-12-17 | 2020-12-17 | Inter-satellite authentication method, system, medium, equipment, terminal and application |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112688728A CN112688728A (en) | 2021-04-20 |
| CN112688728B true CN112688728B (en) | 2022-02-08 |
Family
ID=75448780
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011496129.8A Active CN112688728B (en) | 2020-12-17 | 2020-12-17 | Inter-satellite authentication method, system, medium, equipment, terminal and application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112688728B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113258986B (en) * | 2021-05-12 | 2022-03-25 | 电子科技大学 | Block chain technology-based satellite self-organizing network OLSR (on-line analytical system) secure routing system |
| CN113901144B (en) * | 2021-10-15 | 2024-02-06 | 北京智融云河科技有限公司 | Query method, device and storage medium under non-whole network consensus block chain |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105827410A (en) * | 2016-03-11 | 2016-08-03 | 邓迪 | Block chain transmission method and system with trusted node/satellite node construction |
| CN107147489A (en) * | 2017-05-02 | 2017-09-08 | 南京理工大学 | Distributed access authentication management method in a kind of LEO satellite network |
| WO2018170462A1 (en) * | 2017-03-16 | 2018-09-20 | Vector Launch Inc. | Distributed blockchain data management in a satellite environment |
| CN108833081A (en) * | 2018-06-22 | 2018-11-16 | 中国人民解放军国防科技大学 | Block chain-based equipment networking authentication method |
| WO2019125439A1 (en) * | 2017-12-20 | 2019-06-27 | Moog Inc. | Outer space digital logistics system |
| CN111147227A (en) * | 2019-12-27 | 2020-05-12 | 杭州中科先进技术研究院有限公司 | Communication method and communication platform based on block chain |
| CN111200500A (en) * | 2019-12-19 | 2020-05-26 | 广西大学 | Satellite management method based on block chain and physical unclonable function |
| CN112073222A (en) * | 2020-08-18 | 2020-12-11 | 西北工业大学 | Air-ground network mobile management architecture based on block chain cross-chain technology |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105678151A (en) * | 2016-03-04 | 2016-06-15 | 邓迪 | Block chain transmitting method and system for constructing trustable nodes/satellite nodes |
| US10567393B2 (en) * | 2018-03-16 | 2020-02-18 | Vector Launch Inc. | Distributed blockchain data management in a satellite environment |
| CN109547213B (en) * | 2018-12-14 | 2021-08-10 | 西安电子科技大学 | Inter-satellite networking authentication system and method suitable for low-earth-orbit satellite network |
| CN110460444B (en) * | 2019-06-28 | 2022-02-08 | 安徽四创电子股份有限公司 | Space-time credible block chain generation method and device |
| WO2019170177A2 (en) * | 2019-06-28 | 2019-09-12 | Alibaba Group Holding Limited | System and method for updating data in blockchain |
-
2020
- 2020-12-17 CN CN202011496129.8A patent/CN112688728B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105827410A (en) * | 2016-03-11 | 2016-08-03 | 邓迪 | Block chain transmission method and system with trusted node/satellite node construction |
| WO2018170462A1 (en) * | 2017-03-16 | 2018-09-20 | Vector Launch Inc. | Distributed blockchain data management in a satellite environment |
| CN107147489A (en) * | 2017-05-02 | 2017-09-08 | 南京理工大学 | Distributed access authentication management method in a kind of LEO satellite network |
| WO2019125439A1 (en) * | 2017-12-20 | 2019-06-27 | Moog Inc. | Outer space digital logistics system |
| CN108833081A (en) * | 2018-06-22 | 2018-11-16 | 中国人民解放军国防科技大学 | Block chain-based equipment networking authentication method |
| CN111200500A (en) * | 2019-12-19 | 2020-05-26 | 广西大学 | Satellite management method based on block chain and physical unclonable function |
| CN111147227A (en) * | 2019-12-27 | 2020-05-12 | 杭州中科先进技术研究院有限公司 | Communication method and communication platform based on block chain |
| CN112073222A (en) * | 2020-08-18 | 2020-12-11 | 西北工业大学 | Air-ground network mobile management architecture based on block chain cross-chain technology |
Non-Patent Citations (2)
| Title |
|---|
| A Blockchain-based Reputation System for Small Satellite Relay Networks;Lillian Clark,etc.;《2020 IEEE Aerospace Conference》;20200821;全篇 * |
| 基于共识机制的LEO低轨卫星网络区域合作认证协议;魏松杰,等;《计算机研究与发展》;20181015;全篇 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112688728A (en) | 2021-04-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109104415B (en) | System and method for constructing trusted node network | |
| CN112688728B (en) | Inter-satellite authentication method, system, medium, equipment, terminal and application | |
| EP3764308A1 (en) | Blockchain-based system, and electronic apparatus and method in the system | |
| CN109327528A (en) | A kind of node administration method and device based on block chain | |
| CN110535872A (en) | The method and apparatus of request of data are handled in block chain network | |
| CN103078741B (en) | A kind of RFID bidirectional identification protocol method | |
| CN107592293A (en) | The means of communication, digital certificate management method, device and electronic equipment between block chain node | |
| US20050114650A1 (en) | Method and Hybrid System for Authenticating Communications | |
| CN109547213A (en) | Suitable for networking Verification System and method between the star of low-track satellite network | |
| CN111683101A (en) | Autonomous cross-domain access control method based on block chain | |
| Liu et al. | Spectrum trading and sharing in unmanned aerial vehicles based on distributed blockchain consortium system | |
| CN112003691B (en) | Distributed key management system applied to urban rail transit | |
| WO2019142428A1 (en) | Information processing device and processing method for same | |
| CN110147666B (en) | Lightweight NFC identity authentication method in scene of Internet of things and Internet of things communication platform | |
| CN114867014B (en) | Internet of vehicles access control method, system, medium, equipment and terminal | |
| CN111200500B (en) | Satellite management method based on block chain and physical unclonable function | |
| CN112396421A (en) | Identity authentication system and method based on block chaining-through card | |
| CN113761497A (en) | Distributed electric power transaction credible identity management method, system and computer equipment | |
| CN109840769A (en) | Card method and device, system and storage medium are deposited based on block chain | |
| Zhang et al. | Cross-domain identity authentication scheme based on blockchain and PKI system | |
| CN113328854B (en) | Service processing method and system based on block chain | |
| CN112364387B (en) | Identity authentication method and device based on blockchain network, medium and equipment | |
| CN201976122U (en) | Internal/external network access authenticating system using USB KEY (universal serial bus key) as certificate medium | |
| CN113259350A (en) | Cryptographic user authorization and authentication system based on key generation algorithm | |
| CN113849851A (en) | Proxy method, device and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |