CN113079016B - Identity-based authentication method facing space-based network - Google Patents

Abstract

The invention discloses an identity-based authentication method facing a space-based network, which aims to solve the problem of security authentication between a ground terminal and a satellite in the space-based network and improve the security of space-based network communication. The technical scheme is that an identity-based authentication system facing a space-based network, which consists of a ground terminal, a key generation center KGC and a low-orbit satellite, is constructed; the KGC initialization calculation module calculates a system master key and public parameters; the KGC private key calculation module calculates a corresponding private key and distributes the private key and the public parameters to the ground terminal and the satellite. Terminal TE_APerforming current over-the-top satellite LEO upon access_AAnd TE_AMutual authentication and session key agreement, then LEO_AAnd TE_ANormal communication, LEO_APredicting LEO at end of service if_AThe user is about to leave the current area, inter-satellite switching authentication is carried out, and if LEO is judged in advance_ANot leave, then LEO_AAnd TE_AThe communication is continued. The invention effectively reduces the size of the transmission message, and realizes the fast switching authentication and the session key negotiation while ensuring the safety.

Description

Identity-based authentication method facing space-based network

Technical Field

The invention relates to the field of space network security communication, in particular to an identity-based authentication method facing a space-based network.

Background

As a powerful supplement to the traditional ground network, the space-based network can provide access service to special areas such as desert, and real global interconnection is realized. However, due to the natural open environment of satellite communication, a malicious attacker can easily acquire communication data between satellites and the ground or pretend that a legitimate user issues malicious instructions, and these behaviors pose a great challenge to the security of the space-based network. Therefore, the space-based network needs an authentication scheme to ensure the self-operation safety; the main roles of authentication are two: firstly, the legality of the ground terminal is identified, and it is guaranteed that only a legal terminal can send acquired data to a satellite; and secondly, the terminal authenticates the legality of the satellite to ensure that the satellite sending the control command is legal. The space-based network is a concept which is created in recent years, research on security technologies in the space-based network is relatively few at home and abroad, in the existing research on the security technologies of the space-based network, authentication between a user and a network control center is mostly considered in an authentication method, however, in the space-based network, a satellite needs to send a control instruction to a ground terminal, and the ground terminal needs to upload collected data to the satellite, so that authentication between the satellite and the ground terminal in the space-based network is an extremely important link. Currently, the research on the authentication between the satellite and the ground terminal is poor, and therefore, a mutual authentication method between the satellite and the ground terminal in the space-based network needs to be designed to ensure the secure communication between the sky and the ground.

When designing the authentication method, the characteristics of the space-based network need to be considered:

(1) the network topology changes highly. Since the satellites move around the earth at a high speed with time, each satellite only has a few minutes of time to provide service for the ground terminal in a specific area, and therefore, the authentication method in the space-based network should enable the ground terminal to perform bidirectional authentication quickly when switching from the current service satellite to the next satellite.

(2) The network transmission delay is high. The link transmission rate in the space-based network is kbps level, which is limited by the development of the ground platform terminal, and the interaction times required by the authentication between the satellite and the ground terminal are as small as possible in order to reduce the total time consumed by the authentication.

(3) Network bandwidth resources are limited. The space-based network depends on a low-orbit narrow-band satellite constellation, and the network bandwidth is very limited, so the message size involved in the authentication process is as small as possible.

(4) Ground terminals and on-board computing storage capabilities are limited. Under the influence of satellite payload technology and terminal infrastructure, the computation storage capacities of both the satellite and the terminal are very limited, and the computation operations required to complete the authentication process cannot be very complex.

The traditional space-based network security authentication method comprises an authentication method based on a traditional digital certificate, a source authentication method based on an extended broadcast identity verification protocol certificate, a lightweight authentication method based on identity identification, a distributed authentication method based on an identity-based cryptography technology and a block chain technology, and a dynamic access method based on a token. However, the traditional space-based network security authentication method has the following technical problems:

(1) the authentication method based on the traditional digital certificate refers to bidirectional authentication and session key negotiation in a space-based network by using a public key encryption algorithm. In the method, both communication parties need to send own digital certificates to each other, the communication and calculation costs are high, and the method is not suitable for the space-based network environment with limited communication bandwidth.

(2) The source authentication method based on the extended broadcast identity authentication protocol certificate is characterized in that a satellite is used as an authentication center to generate the extended broadcast identity authentication protocol certificate and operate a source authentication protocol.

(3) The lightweight authentication method based on the identity identification refers to a symmetric encryption algorithm is used for transmitting a user ID and a session key between a user and a network control center. However, by adopting the method, once the attacker obtains the key once in the data transmission process, the key of the subsequent session can be obtained from the message, thereby causing serious potential safety hazard.

(4) A distributed authentication method based on an identity-based cryptography technology and a block chain technology is characterized in that the identity-based cryptography is used to avoid complex certificate management and reduce communication overhead caused by certificate transmission, and the block chain is used in the authentication process to prevent the authentication bottleneck problem caused by a centralized authentication protocol. However, the block chain technique adopted in the method has higher requirements on the calculation and storage capacities of the satellite loads, the space-based network is influenced by the satellite payload technique and the terminal infrastructure, and the calculation and storage capacities of the satellite and the terminal are very limited, so that the method is not suitable for the current space-based network environment.

(5) A dynamic access method based on a token is characterized in that a pre-authentication vector is constructed by utilizing the certainty of a satellite running track in a low-orbit satellite network and the high synchronism of clocks of all communication nodes, and a user does not need to interact with a network control center except an initial access process by utilizing the pre-authentication vector, so that the authentication delay is effectively reduced. However, with the method, an attacker can pass authentication as long as acquiring the true identity authentication value (ID value) of the user, and then access the space-based network to implement attacks such as impersonation, replay, tampering and the like.

In view of this, how to solve the problem of security authentication between the ground terminal and the satellite in the space-based network environment, and effectively improving the security of the space-based network communication become problems to be urgently solved by researchers in the field.

Generally, in order to ensure the resistance of a message (which means that some mechanisms are used so that two communication parties cannot deny the behavior of sending information and the content of the information by themselves), a sender of the message uses a private key to generate a signature for the message, and sends an original message and the signature together, and after a receiver receives the message (including the original message and the signature), the receiver verifies the validity of the signature according to a public key of the sender and the original message. The signature method with the message recovery function means that a sender can recover the corresponding original message by using the signature and the public key without sending the complete original message. Compared with the traditional signature scheme, the signature scheme with the message recovery function needs to transmit a smaller message size. Signature methods with message functions are currently generally used in environments where network transmission bandwidth is limited, such as mobile ad hoc networks; identity-based cryptography means that two communication parties can deduce a corresponding public key according to an Identity (ID) provided by the other party, thereby avoiding transmitting own digital certificates in the communication process and effectively reducing the size of transmitted messages. Identity-based cryptography is currently commonly used in secure email systems and mobile ad hoc networks. The identity-based signature method with the message recovery function (belonging to identity-based cryptography) effectively reduces the size of the transmitted message while ensuring the resistance to denial, so that the method is suitable for the communication environment with limited bandwidth resources. In the space-based network, the communication bandwidth is limited, and the identity-based signature method with the message recovery function is a good choice. But no prior publication relates to the use of an identity-based signature algorithm with message recovery for bidirectional authentication and session key agreement of satellite and terrestrial terminals in space-based networks.

Disclosure of Invention

The technical problem to be solved by the invention is to provide an authentication method which has the characteristics of fast switching authentication, less interaction times, small authentication message size, proper calculation operation difficulty, capability of resisting various network attacks and the like, is suitable for a space-based network environment, solves the safety authentication problem of a ground terminal and a satellite in a space-based network, and effectively improves the safety of space-based network communication.

The technical scheme of the invention is as follows: and realizing mutual authentication and session key negotiation between the satellite and the ground terminal by using the cryptography technologies such as an identity-based signature method with a message recovery function, a message verification code, an ECDH (explicit Curve Diffie-Hellman, which is translated into a Diffie-Hellman key exchange algorithm on an Elliptic Curve, and Diffie and Hellman are personal names) algorithm and the like. The identity-based signature method with the message recovery function does not require a sender to send a complete original message, a receiver can recover the corresponding message by using the signature and the public key, and compared with a general signature method, the method has the advantages that the size of the message to be transmitted is smaller; the identity-based cryptography can avoid complex certificate management, avoid the transmission of a digital certificate in the authentication process and effectively reduce the size of a message transmitted in the authentication; the message verification code technology is used for an inter-satellite switching authentication process to realize rapid switching authentication; the ECDH algorithm is used for completing the negotiation of the session key while the authentication is performed, and compared with the method for performing the negotiation of the session key after the authentication is completed, the method can reduce the interaction between the satellite and the ground once.

Aiming at the identity authentication problem in the space-based network, the invention designs an identity-based security authentication scheme facing the space-based network. The scheme effectively reduces the size of the transmission message and the interaction turns between the satellite and the ground in the authentication process by using the identity-based signature method with the message recovery function. In addition, in order to reduce the influence caused by inter-satellite switching, a corresponding inter-satellite switching authentication message is designed by particularly utilizing a message verification code technology, and inter-satellite switching authentication is efficiently realized. The security analysis shows that the invention has the security characteristics of bidirectional authentication, replay attack resistance, session key agreement and the like.

The specific technical scheme of the invention is as follows:

firstly, an identity-based authentication system facing a space-based network is constructed. The identity-based authentication system facing the space-based network consists of three network entities, namely a ground terminal (recorded as TE), a key generation center (recorded as KGC) and a low-earth orbit satellite (recorded as LEO). The KGC is connected to a plurality of TEs and LEOs via wireless links.

Before mutual Authentication between TE and LEO, KGC calculates a system main key x and public parameter params by using an initialization parameter generation algorithm in an identity-based signature scheme with a message recovery function (see Shim K-A. foundation: a Practical Wireless Sensor network Multi-User Broadcast Authentication scheme [ J ]. IEEE Information Forensics and secure transaction 2017, PP:1-1. English literature index is Shim K-A.BASIS: A Practical Multi-User Broadcast Authentication scheme [ J ]. IEEE transaction scheme Wireless Sensor Networks [ J ]. IEEE Transactions on Information dynamics and security 2017, PP: 1-1.); KGC receives identity identification, a request for applying public parameters and a request for applying a private key from TE and LEO, KGC uses a private key generation algorithm in an identity-based signature scheme with a message recovery function provided by Kyung-Ah Shim, calculates the private keys of TE and LEO by using public parameters params and a master key x, distributes satellite private keys and public parameters to satellites in a safe environment (for example, two communication parties establish safe session connection by adopting a secure socket protocol), and distributes private keys and public parameters of ground terminals to ground terminals.

TE and LEO are connected with each other and connected with KGC, before communication, registration is carried out on KGC, ID selected by TE or LEO, request for applying public parameter and request for applying private key are submitted to KGC, and satellite is over-pushed (order is LEO) currently_A) After receiving the satellite's private key from the KGC, the LEO_AGenerating satellite authentication message (denoted as L)_A) Sending to the current ground terminal (order is TE)_A)，TE_ATo L_AAfter the authentication is passed, a ground terminal authentication message (marked as T) is generated_A) Is sent to LEO_A。LEO_AFor T_AAnd performing authentication to complete mutual authentication of the satellite and the ground terminal. Due to the high speed of satellite motion around the earth over time. Each satellite only has a few minutes of providing service for ground terminals in a specific area, and the LEO of the current over-the-top satellite_AWhen leaving, it will switch authentication security parameter k over the secure channel_s(LEO_AAn integer k selected randomly_s∈N^*，N^*Is a positive integer set) to the current ground terminal TE_AWill k is_sAnd TE_AID of_ASent to the next over-the-top satellite (noted LEO)_B)，TE_AGenerating terminal rapid authentication message (marked as TF)_A) Is sent to LEO_B，LEO_BFor TF_APerforming authentication, and generating satellite after the authentication is passedFast authentication message (marked as LF)_A) Is sent to TE_A，TE_AFor LF_AAnd performing authentication to finish the rapid switching authentication process.

The KGC is provided with an initialization calculation module and a private key calculation module, and the ground terminal and the satellite are provided with a private key and public parameter management module, an authentication calculation module, a verification module and a switching authentication module.

The initialization calculation module on the KGC generates a public parameter params and a system master key x, and sends the params and x to the private key calculation module of the KGC. The private key calculation module is connected with the private key and public parameter management module of the ground terminal and the satellite. The private key calculation module receives the identity of the ground terminal, a request for applying for the public parameters and a request for applying the private key from the private key and public parameter management module of the ground terminal, calculates the private key of the ground terminal according to the identity of the ground terminal and sends the private key and the public parameters to the private key and public parameter management module of the ground terminal. The private key calculation module receives the identity identification of the satellite, the request for applying the public parameter and the request for applying the private key from the private key and public parameter management module of the satellite, calculates the private key of the satellite according to the identity identification of the satellite and sends the private key and the public parameter to the private key and public parameter management module of the satellite.

The private key and public parameter management module is connected with the private key calculation module and the authentication calculation module (belonging to the same network entity with the private key and public parameter management module) of the KGC, and is responsible for receiving the private key and the public parameter sent by the private key calculation module and sending the private key and the public parameter to the authentication calculation module.

The authentication calculation module is connected with the private key and public parameter management module (belonging to the same network entity with the authentication calculation module), the verification module (belonging to the same network entity with the authentication calculation module), and the authentication calculation module of another network entity (such as the authentication calculation module of a satellite (a class of network entity) is connected with the authentication calculation module of a ground terminal (another class of network entity), but the authentication calculation module of the satellite A (a class of network entity) is connected with the authentication calculation module of another satellite B (the same class of network entity)), the authentication calculation module receives the public parameters and the private key from the private key and public parameter management module, generates an authentication message by using the private key and the public parameters, and sends the authentication message to the authentication calculation module of the other network entity; and after receiving the authentication message sent by the authentication calculation module of another network entity, the authentication calculation module sends the received authentication message to the verification module.

The verification module is connected with the authentication calculation module (belongs to the same network entity with the verification module), the verification module receives the authentication message from the authentication calculation module and then verifies the authentication message, a session key is calculated after the authentication is passed, the session key and any symmetric encryption algorithm (such as AES, DES and the like) are used for encrypting and decrypting the message in the subsequent communication process with another network entity (for example, the satellite calculates the session key and then encrypts the message by using the session key of the satellite and then sends the message to the ground terminal, the ground terminal decrypts the received message by using the session key of the ground terminal after receiving the message, the ground terminal also encrypts the message by using the session key of the ground terminal before sending the message and then sends the message to the satellite, and the satellite decrypts the message by using the session key of the satellite) so as to complete the safe communication between the satellite and the ground terminal.

Current ground terminal TE_ACurrent overhead satellite LEO_ANext satellite LEO over the top_BThe switching authentication modules of the three are connected with each other. The overhead satellites of any ground terminal at any time are fixed throughout the system (the satellites move around the earth at high speed over time, the time that each satellite services a ground terminal in a particular area is fixed for only a few minutes, and therefore the overhead satellites of a ground terminal are fixed for any period of time throughout the system.) at the LEO_AAt the end of the service, the LEO_ADetermine imminent handover, LEO_ATo the TE_AThe switching authentication module sends a switching authentication security parameter k_sTo LEO_BThe switching authentication module of (1) sends the TE_AID of_AAnd handover authentication security parameter k_s. Then TE_AThe switching authentication module generates a terminal rapid authentication message TF_AIs sent to LEO_BThe handover authentication module of (a) is,LEO_Bis switched to TF_APerforming authentication, and after the authentication is passed, LEO_BSwitching authentication module generates satellite fast authentication message LF_AIs sent to TE_AOf the handover authentication module, TE_AHandover authentication module pair LF_AAnd verifying to finish the fast switching authentication.

Secondly, an initialization calculation module on the KGC calculates a main key and public parameters of the system by using an initialization parameter generation algorithm in an identity-based signature scheme with a message recovery function (see Shim K-A. foundation: a Practical Wireless Sensor network Multi-User Broadcast Authentication scheme [ J ]. IEEE Information Forensics and secure transaction 2017, PP:1-1. English literature index is Shim K-A.BASIS: A Practical Multi-User Broadcast Authentication scheme [ J ]. IEEE transaction on Information Forensics and security 2017, PP: 1-1.) provided by Kyung-Ah Shim, and the specific flow is as follows:

2.1 initializing calculation Module selecting finite field F_qAfter determining E, the initialization calculation module randomly selects a prime number P (P can divide the number of points on E) and a point P (the order of the point P is P) according to the current Secp256k1 standard, the number of points on the elliptic curve is fixed and is not a random variable, and the number of points on E is not a prime number in general.

2.2 from the prime integer space (denoted by

) Select a number

As the master key of the identity-based authentication system facing the space-based network, the global public key P is calculated_pub＝xP。

2.3 selection of four Hash Functions H₁，H₂，F₁，F₂Wherein H₁,H₂:{0,1}^*→Z_P(H₁,H₂The function of (1) is to map a 01 binary sequence code with an arbitrary length into a 01 binary sequence code with a length of a, and a belongs to Z_p，Z_pIs a prime integer space containing p),

(F₁the function of the method is to map 01 binary sequence codes with arbitrary length into a length k₂The 01 binary sequence code of),

(F₂has the effect of reducing the length to k₁Mapping 01 binary sequence code to length k₂01 binary sequence code), k₁And k₂Is two positive integers and satisfies p ═ k₁+k₂。

2.4 mixing F_q,E,p,P,P_pub,H₁,H₂,F₁,F₂,k₁,k₂The identity-based authentication system public parameters params and params which are combined to form the space-based network<F_q,E,p,P,P_pub,H₁,H₂,F₁,F₂,k₁,k₂>Params is published.

And thirdly, the private key calculation module on the KGC calculates a corresponding private key according to the identity submitted by the ground terminal and the satellite, and distributes the private key and the public parameter params to the private key and public parameter management module of the ground terminal and the satellite. The method comprises the following steps:

3.1 ground terminal TE_AThe private key and public parameter management module submits an identity ID to a private key calculation module of the KGC_AA request for applying the public parameter params and a request for applying the private key.

3.2 private Key computation Module from ground terminal TE_AThe private key and public parameter management module receives the ID_AAnd request for public parameter params, request for private key, calculation and ID_ACorresponding private key sk_A(ii) a The method for calculating the private key adopts a private key generation algorithm in an identity-based signature scheme with a message recovery function, which is provided by Kyung-Ah Shim, and comprises the following steps:

3.2.1 private Key computation Module from

Randomly selecting any number from the middle random selection list as a ground terminal registration random number, and recording the random number as r_A，

3.2.2 private Key computation Module compute private Key sk_A，sk_A＝(R_A,v_A)，R_A＝r_AP,v_A＝r_A+c_Axmod p, wherein c_A＝H₁(ID_A,R_A)，R_AIs the front part of the private key of the ground terminal, c_AIs a ground terminal private key hash intermediate value, v_AIs the back part of the private key of the ground terminal, and x is the system master key.

3.3 private Key computation Module will sk_AAnd params to TE_AThe private key and public parameter management module.

3.4 TE_AThe private key and public parameter management module will sk_AAnd params are stored locally.

3.5 satellite LEO_AThe private key and public parameter management module submits the identity selected by the private key and public parameter management module to the private key calculation module of the KGC

The application discloses a request of parameter params and a request of applying a private key.

3.6 private Key computation Module Slave satellite LEO_APrivate key and public parameter management module receiving

And request for public parameter params, request for private key, calculation and

corresponding private key

The calculation method of the private key is the same as that of 3.2, and a private key generation algorithm in an identity-based signature scheme with a message recovery function proposed by Kyung-Ah Shim is also adopted, and the method comprises the following steps:

3.6.1 private Key computation Module from

Randomly selecting any number as satellite registration random number, and recording as

3.6.2 private Key computation Module computation

Corresponding private key

Wherein

Is the front part of the satellite private key,

is the hash intermediate value of the satellite private key,

behind the satellite private key.

3.7 private Key computation Module

And params to LEO_AThe private key and public parameter management module.

3.8 LEO_AThe private key and public parameter management module of

And params are stored locally.

Fourth, ground terminal TE_APerforming current satellite LEO over the top when accessing an identity-based authentication system facing a space-based network for the first time_AAnd TE_AAnd computing the session key: TE_AComplete the LEO pair first_AThe authentication of (1); then to ensure that the ground terminals accessing the space based network are authorized, the LEO_AFor TE_ACarrying out authentication; finally according to LEO in the authentication process_AAnd TE_AReceived message, LEO_AAnd TE_AA corresponding session key is calculated. The specific process is as follows:

4.1 LEO_Athe authentication computing module generates a satellite authentication message L_AAnd broadcasts L to the ground_A(the efficiency of authentication is improved by using the broadcasting characteristic of the satellite, and the calculation expense of the satellite is reduced), the method comprises the following specific steps:

4.1.1 LEO_Aauthentication computing module of

Randomly selecting an integer as the random number of the satellite authentication message (noted as

) And computes the plaintext of the satellite authentication message

Is a binary sequence code consisting of 0 and 1.

4.1.2 LEO_AUsing private key

Using signature algorithm (signature algorithm in identity-based signature scheme with message recovery function proposed by Kyung-Ah Shim) pair

Signing to generate LEO_ASatellite authentication message L_AThe method comprises the following steps:

4.1.2.1 LEO_Aauthentication computing module of

Randomly selects an integer as a satellite signature random number (recorded as

)。

4.1.2.2 LEO_AAuthentication computing module of

Divided into two parts

And

wherein

Has a sequence code length of k₂(i.e. the

Has a number of bits of k₂)。

4.1.2.3 LEO_AThe authentication calculation module calculates the intermediate quantity (recorded as the signature intermediate quantity) of the satellite verification message

)，

(| | is a binary operator, and 01 binary sequence codes of two elements participating in operation are spliced together in sequence;

is binaryThe operator is used for carrying out XOR operation on the 01 binary sequence codes of the two elements participating in the operation;

higher priority than |); computing elliptic curve components (denoted as

),

Representing points on the elliptic curve E

X-axis coordinates of); computing the Hash intermediate value of the satellite signature message (note as

),

Compute satellite signature message trailer (note

)

Behind the satellite private key.

4.1.2.4 will

Generating a plaintext

Signed encrypted message of

Is that

Constituent quadruplets, i.e.

Wherein

Are all 01 binary sequence codes and are provided with a code,

is according to

Sequentially arranged 01 binary sequence codes.

4.1.2.5 will

Spliced into satellite authentication message L_A(

Is LEO_ATime stamp of (3), record LEO_AThe current time),

wherein

Are all 01 binary sequence codes, L_AIs according to

Sequentially arranged 01 binary sequence codes.

4.1.3 LEO_AWill authenticate message L_ABroadcasting to ground while recording satellite broadcast L_AAt time t₁。

4.1.4 LEO_AObtaining LEO_ACurrent time t₂Let time interval T equal to T₂-t₁(ii) a Setting a first time threshold T₁(T₁According to the system requirement, if the system is required to consume less communication resources, the broadcast period is as long as possible but cannot exceed the minimum residence time, T, of the satellite above the node₁Typically set at 200 seconds; if the system is required to operate efficiently, the broadcast period should be as short as possible, but the proportion of broadcast messages to communication resources should not be too high, T₁Typically set at 50 seconds), if T<T₁Turning to step 4.2, if T is more than or equal to T₁Then 4.1.3 steps are taken.

4.2 ground terminal TE_ATo satellite LEO_AAnd (3) performing authentication, which specifically comprises the following steps:

4.2.1 TE_Areceiving LEO by the authentication calculation module_ABroadcasted message L_AIs prepared by mixing L_AIs sent to TE_AThe verification module of (1).

4.2.2 TE_AThe verification module receives L_ALook over L_ATime stamp on

And TE_AIs at a second time threshold T₂(T₂According to the actual condition of the system to set T₂Can not be longer than the time for transmitting the message from the satellite to the ground terminal, generally set to 1 second-10 seconds), if T ≦ T₂Turning to step 4.2.3; if t is>T₂Then TE_ARecognizes the issue L_ALEO (R) of_AIs illegal, TE_ARefusing to access the space-based network, and turning to the step 4.1;

4.2.3 TE_Athe verification module of (2) pairs the message L_AIn (1)

Performing verification, if the verification passes, TE_ADetermine satellite LEO_AIs legitimate and can obtain satellite authentication message plaintext

Turning to step 4.2.4; if the verification fails, TE_ARecognizes the issue L_ALEO (R) of_AIs illegal, TE_ARefusing to access the space-based network, and turning to the step 4.1; the verification algorithm adopts a verification algorithm in an identity-based signature scheme with a message recovery function, which is provided by Kyung-Ah Shim, and is specificallyComprises the following steps:

4.2.3.1 TE_Athe verification module calculates the hash intermediate values of the satellite signature messages in turn

Satellite private key hash intermediate value

Satellite authentication message signature intermediate volume

And satellite authentication message plaintext back

To represent

Rightmost k of₂A binary sequence code of bit 01 is set,

to represent

Leftmost k₁Bit 01 binary sequence code).

4.2.3.2 if

The verification passes (i.e. the 01 binary sequence codes at both ends of the equation are equal), go to step 4.2.4, otherwise the verification fails, TE_ARecognizes the issue L_ALEO (R) of_AIs illegal, TE_AAnd refusing to access the space-based network, and turning to the step 4.1.

4.2.4 at this time, TE_AThe verification module of (2) determines satellite LEO_AIs legitimate, TE_AFrom the verification module L_AExtracting to obtain

Will be provided with

And 4.2.3.1 calculated in step

Splicing to obtain satellite verification message

And to TE_AThe authentication computing module of (2) sends a confirmation instruction (the content of the confirmation instruction is to inform the authentication computing module that the satellite is legal and can start to generate a ground terminal authentication message).

4.2.5TE_AThe authentication computing module generates a ground terminal authentication message T_AAnd generating T_AMeanwhile, ECDH (The elliptic curve is translated into Diffie-Hellman key exchange algorithm on elliptic curve, Diffie and Hellman are names of people, which is specifically referred to Haakegaard R, Lang J]The method comprises the following steps of calculating a session key by using an Online at https:// koclab. cs. ucsb. edu/teaching/ecc/project/2015 project/Haakegaard + Lang. pdf.2015.) key exchange algorithm:

4.2.5.1 TE_Aauthentication computing module of

Randomly selecting an integer as a random number (marked as k) of the ground terminal verification message_A，

) And calculating the plaintext m of the ground terminal verification message_A，m_A＝k_AP(m_AIs a binary sequence code composed of 0 and 1, in the elliptic curve encryption theory, a plaintext message is generally encoded to a certain point on an elliptic curve, and the point and the plaintext message are in a one-to-one correspondence relationship).

4.2.5.2 TE_AThe authentication calculation module uses the private key sk_AUsing signature algorithm to pair m_ASigning is carried out to generate a pair of plaintext m_ASigned encrypted message sigma (m)_A) The method comprises：

4.2.5.2.1 TE_AAuthentication computing module of

Randomly selecting an integer as a ground terminal signature random number (denoted as t)_A，

)。

4.2.5.2.2 TE_AM is calculated by the authentication calculation module_ADivided into two parts m_A1And m_A2Wherein m is_A2Has a sequence code length of k₂(i.e., m)_A2Has a number of bits of k₂)。

4.2.5.2.3 TE_AThe authentication calculation module calculates a ground terminal verification message signature intermediate quantity (denoted as m'_A)，

Calculating elliptic curve component (marked as y) of signature message of ground terminal_A),

((t_AP)_XRepresenting a point t on the elliptic curve E_ACoordinates on the X-axis of P); calculating the hash intermediate value (marked as h) of the signature message of the ground terminal_A),h_A＝H₂(ID_A||R_A||y_A)，h_A＝H₂(ID_A||R_A||y_A) Indicates the ID_A,R_A,y_AConcatenating into a binary sequence, and then using the binary sequence as function H₂Calculating the hash value of the binary sequence; computing ground terminal signature message tail element (noted as z)_A)z_A＝t_A+h_Av_A modp，v_AIs the back part of the private key of the ground terminal.

4.2.5.2.4 mixing m_A1,R_A,y_A,z_AGenerating a plaintext m_ASigned encrypted message sigma (m)_A)，σ(m_A) Is m_A1,R_A,y_A,z_AConstituent quadruples, σ (m)_A)＝(m_A1||R_A||y_Az_A) (ii) a Wherein m is_A1,R_A,y_A,z_AAre all 01 binary sequence codes, σ (m)_A) Is according to m_A1,R_A,y_A,z_ASequentially arranged 01 binary sequence codes.

4.2.5.3 TE_AAuthentication computation module of (2) select TE_ATime stamp tt_AWill ID_A、tt_A、σ(m_A) Spliced ground terminal authentication message T_A，T_A＝ID_A||tt_A||σ(m_A) (ii) a Wherein the ID_A、tt_A、σ(m_A) Are all 01 binary sequence codes, T_AIs in accordance with ID_A、tt_A、σ(m_A) Sequentially arranged 01 binary sequence codes. TE_AThe authentication calculation module of (A) is to be_AIs sent to LEO_AThe authentication calculation module of (1).

4.2.5.4 TE_AThe authentication calculation module calculates the session key

In TE_AAnd LEO_AAfter the mutual authentication is finished, the two parties encrypt the session information by using a symmetric encryption algorithm (such as AES, DES and the like), K₁I.e. the key used in the symmetric encryption algorithm.

4.3 LEO_AThe authentication computing module receives the message T_AWill T_AIs sent to LEO_AThe verification module of (1).

4.4 LEO_AThe verification module of (2) receives T_ATo ground terminal TE_AThe authentication is carried out by the following method:

4.4.1 LEO_Athe verification module of (1) checks T_ATime stamp tt on_AAnd LEO_AIs at a third time threshold T₃(T₃According to the actual conditions of the systemCondition to set, T₃Not more than the time of transmission of the message from the ground terminal to the satellite, generally set to 1-10 seconds), if T ≦ T₃Turning to step 4.4.2; if t is>T₃Then LEO_ARecognizing the issue of T_ATE of_AIs illegal, LEO_ARejection of TE_AAccess to space-based network, stop and TE_AGo to step 4.2.5.

4.4.2 LEO_AVerification module pair T_Aσ (m) of (1)_A) Performing verification, if the verification is passed, LEO_ATE can be determined_AIs legal and gets the corresponding plaintext m_ATurning to step 4.4.3; if the verification fails, LEO_ARecognizing the issue of T_ATE of_AIs illegal, LEO_ARejection of TE_AAccess to space-based network, stop and TE_AStep 4.2.5; the verification algorithm is the same as sigma (m) in step 4.2.3_l) The verification algorithm of (1) is specifically as follows:

4.4.2.1 LEO_Athe verification module calculates the hash intermediate value h of the ground terminal signature message in turn_A＝H₂(ID_A||R_A||y_A) The intermediate value c of the private key hash of the ground terminal_A＝H₁(ID_A||R_A) Ground terminal verifying message signature intermediate quantity

And the ground terminal verifies the back part of the message plaintext

Is m'_ARightmost k of₂A binary sequence code of bit 01 is set,_k1[m′_A]is m'_ALeftmost k₁Bit 01 binary sequence code).

4.4.2.2 if_k1[m′_A]＝F₁(m_A1||m_A2) The verification is passed, go to step 4.4.3, otherwise the verification fails, LEO_ARecognizing the issue of T_ATE of_AIs illegal, LEO_ARejection of TE_AAccess to the space-based network, stop andTE_Astep 4.2.5;

4.4.3 LEO_Athe verification module of (2) determines the TE_AIs legitimate, LEO_AFrom the verification module of T_AExtract m_A1M is_A1And m_A2The two are spliced to obtain a ground terminal verification message m_AThen LEO_ATo the LEO_AThe authentication computation module of (1) sends a confirmation instruction.

4.4.4 LEO_AThe authentication calculation module adopts an ECDH key exchange algorithm to calculate a session key

And the negotiation of the session key is completed by using an ECDH algorithm in the authentication process. The algorithm is based on a discrete logarithm problem on an elliptic curve. At this stage, the discrete logarithm problem on elliptic curves is considered to be difficult to solve, and therefore the key exchange algorithm can be considered to be secure. The correctness of the above procedure is demonstrated as follows:

fifthly, after completing the mutual authentication, LEO_AAnd TE_ANormal communication, LEO_APredicting LEO at the end of service_AAnd when the user is about to leave the current area, the step six is carried out. LEO_APredicting LEO at the end of service_AAnd turning to the fifth step without leaving the current area.

Sixthly, the currently leaving overhead satellite LEO_AGround terminal TE_ANext satellite LEO over the top_BThe authentication is carried out by switching among planets by LEO_AGenerates an authentication security parameter k_sWill k is_sIs sent to TE_ASwitching authentication module of (2) to switch the TE_AID of_AAnd k_sIs sent to LEO_BSwitch authentication module (assuming LEO is present at this time)_AAnd TE_A、LEO_BThe two-way authentication is completed, and as long as the two-way authentication is passed, a secure channel exists between the two communication parties); then TE_AThe switching authentication module generates a terminal rapid authentication message (marked as TF)_A) Is sent to LEO_BOf the switching authentication module, LEO_BThe handover authentication module of (1) receives the TF_AThereafter, the TE is verified_AAfter the verification is passed, LEO_BThe switching authentication module generates a satellite fast authentication message (marked as LF)_B) And will LF_BIs sent to TE_AAfter the verification is passed, the switching authentication stage is ended, and TE_AAnd LEO_BAnd (4) normal communication. The method comprises the following specific steps:

6.1 LEO_Afrom a positive integer set N^*Randomly selecting an integer as an authentication security parameter (denoted as k)_s，k_s∈N^*) Will k is_sIs sent to TE_ASwitching authentication module of (2) to switch the TE_AID of_AAnd authenticating a security parameter k_sIs sent to LEO_BThe handover authentication module of (1). TE_AAnd LEO_BAfter receiving the message, the switching authentication module stores the relevant parameters locally.

6.2 TE_AThe switching authentication module generates a terminal rapid authentication message TF_AThe method comprises the following steps:

6.2.1 TE_Aswitch authentication module of

Randomly selecting an integer as a terminal switching authentication parameter (marked as k)_t2，

) Computing terminal switching authentication message plaintext m_t2，m_t2＝k_t2P。

6.2.2 TE_AThe switching authentication module generates a terminal rapid authentication message TF_A，TF_A＝ID_A||m_t2||tt_A′||H₁(k_s||m_t2)(TF_AIs composed of an ID_A、m_t2、tt_A、H₁(k_s||m_t2) 01 binary sequence code tt formed by splicing four 01 binary sequence codes in sequence_AIs' is TF_ATime stamp of (2) indicating TE_AThe current time; h₁(k_s||m_t2) Means that k is_s,m_t2Spliced 01 binary sequence code as Hash function H₁The calculated 01 binary sequence) and converting the TF_AIs sent to LEO_BThe handover authentication module of (1).

6.3 LEO_BIs switched to TE_AThe method for authenticating and calculating the session key comprises the following steps:

6.3.1 LEO_Bfrom TE to the handover authentication module_AThe handover authentication module of (1) receives the TF_AAfter that, TF is checked_ATime stamp tt on_A' and LEO_BIs at a fourth time threshold T₄(T₄According to the actual condition of the system to set T₄Cannot be greater than the time for the message to travel from the ground terminal to the satellite, and is typically set to 1 second-10 seconds), if tt ≦ T₄Turning to step 6.3.2; if tt>T₄Then LEO_BIdentify TE_AIs illegal, refused to be TE_AAnd (6) providing the service, and turning to step 6.2.

6.3.2 LEO_BAccording to TF_AIdentity ID of_ARetrieving authentication security parameter k corresponding thereto_sAnd use k_sAnd m_t2Computing satellite handover hash authentication values

If it is not

And slave message TF_ALifting the extracted H₁(k_s||m_t2) If the values are equal, the authentication is passed, and the step 6.3.3 is carried out; otherwise LEO_BIdentify TE_AIs illegal, refused to be TE_AAnd (6) providing the service, and turning to step 6.2.

6.3.3 LEO_BSwitching authentication module generates satellite fast authentication message LF_BAnd calculating a session key, the method comprising:

6.3.3.1 LEO_Bswitch authentication module of

Randomly selecting an integer as a satellite switching authentication parameter (marked as k)_l2，

) And calculating the satellite switching authentication message plaintext m_l2，m_l2＝k_l2P。

6.3.3.2 LEO_BSwitching authentication module generates satellite fast authentication message LF_B,LF_B＝m_l2||tt_LEO′||H₁(k_s||m_l2)(LF_BIs formed by m_l2、tt_LEO′、H₁(k_s||m_l2) A 01 binary sequence code tt formed by sequentially splicing three 01 binary sequence codes_LEOIs LF_BTime stamp of (3), representing LEO_BThe current time; h₁(k_s||m_l2) Means that k is_s,m_l2Spliced 01 binary sequence code as Hash function H₁The calculated 01 binary sequence) and apply the LF_BIs sent to TE_AThe handover authentication module of (1).

6.3.3.3 LEO_BThe switching authentication module calculates the session key

The meaning of the formula is tt_A,tt_LEO′,k_l2×m_t2,k_sSplicing four 01 binary sequence codes in sequence to form a 01 binary sequence code, and taking the 01 binary sequence code as a hash function H₁Is input. At the LEO_BAnd TE_AIs switching over toAfter the completion of the certificate, the two are like LEO_AAnd TE_AThe communication uses a symmetric encryption algorithm (such as AES, DES and the like) for secure communication,

is the session key used in the symmetric encryption algorithm.

6.4 TE_ATo LEO_BThe method for authenticating and calculating the session key comprises the following steps:

6.4.1 TE_Aswitch authentication module slave LEO_BReceiving LF by the switching authentication module_BChecking LF_BTime stamp tt on_LEO' with TE_AIs at a fifth time threshold T₅(T₅According to the actual condition of the system to set T₅Can not be greater than the time for the message to travel from the ground terminal to the satellite, generally set to 1 second-10 seconds), if ttt ≦ T₅Turning to step 6.4.2; if ttt>T₅Then TE_AIdentify LEO_BIs illegal, TE_AAnd refusing to access the space-based network, and turning to step 6.3.3.

6.4.2 TE_AAccording to the authentication security parameter k stored locally_sAnd message LF_BM of (a)_l2Calculating the Hash authentication value h of the ground terminal_A′＝H₁(k_s||m_l2) If h is calculated_AAND message LF_BExtracted H₁(k_s||m_l2) If the values are equal, the authentication is passed, and the step 6.4.3 is carried out; otherwise TE_AIdentify LEO_BIs illegal, TE_ADenying access to space-based network, stopping with LEO_BGo to step 6.3.3.

6.4.3TE_AComputing a session key K_A＝H₁(tt_A||tt_L′_EO||k_t2×m_l2||k_s). At the LEO_BAnd TE_AAfter the switching authentication is finished, the two are like LEO_AAnd TE_AThe communication uses a symmetric encryption algorithm (such as AES, DES and the like) for safe communication, K_AIs thatA session key used in a symmetric encryption algorithm.

And step seven, finishing.

Compared with the prior art, the invention can achieve the following technical effects:

1. in the fourth step of the invention, the ground terminal and the satellite both adopt a signature method with a message recovery function to sign the original message (plaintext) and generate respective authentication messages, a sender does not need to send the complete original message, a receiver can recover corresponding information by using the signature and the public key, and compared with a general signature method (the sender generates a signature for a specific message by using a private key of the sender and then sends the original message together with the signature, a receiver verifies the validity of the signature according to the public key of the sender and the original message after receiving the message, and the original message needs to be sent together with the corresponding signature in the process), the size of the message transmitted by the method is smaller.

2. In the fourth step of the invention, an identity-based cryptography method is introduced in the authentication process of the ground terminal and the satellite, and both communication parties can deduce the corresponding public key according to the ID provided by the other party, thereby avoiding transmitting the own digital certificate in the communication process and effectively reducing the size of the transmitted message.

3. In the fourth step of the invention, the ground terminal and the satellite use the ECDH algorithm to complete the negotiation of the session key while carrying out authentication, and compared with the method for carrying out the negotiation of the session key after completing the authentication, the method can reduce the interaction between the satellite and the ground once.

4. In the sixth step of the invention, the satellite and the ground terminal use the message verification code technology to carry out switching authentication, thereby realizing fast switching authentication and session key agreement while ensuring the security.

Drawings

FIG. 1 is a general flow diagram of the present invention;

FIG. 2 is a logic structure diagram of the identity-based authentication system facing the sky-based network in the first step of the present invention;

Detailed Description

FIG. 1 is a general flow diagram of the present invention; the invention comprises the following steps:

firstly, an identity-based authentication system facing a space-based network is constructed. As shown in fig. 2, the identity-based authentication system for the space-based network is composed of three types of network entities, namely, a ground terminal (denoted as TE), a key generation center (denoted as KGC), and a low-earth satellite (denoted as LEO). The KGC is connected to a plurality of TEs and LEOs via wireless links.

Before mutual Authentication between TE and LEO, KGC calculates a system main key x and public parameter params by using an initialization parameter generation algorithm in an identity-based signature scheme with a message recovery function (see Shim K-A. foundation: a Practical Wireless Sensor network Multi-User Broadcast Authentication scheme [ J ]. IEEE Information Forensics and secure transaction 2017, PP:1-1. English literature index is Shim K-A.BASIS: A Practical Multi-User Broadcast Authentication scheme [ J ]. IEEE transaction scheme Wireless Sensor Networks [ J ]. IEEE Transactions on Information dynamics and security 2017, PP: 1-1.); KGC receives identity identification, a request for applying public parameters and a request for applying a private key from TE and LEO, KGC uses a private key generation algorithm in an identity-based signature scheme with a message recovery function provided by Kyung-Ah Shim, calculates the private keys of TE and LEO by using public parameters params and a master key x, distributes satellite private keys and public parameters to satellites in a safe environment (for example, two communication parties establish safe session connection by adopting a secure socket protocol), and distributes private keys and public parameters of ground terminals to ground terminals.

TE and LEO are connected with each other and connected with KGC, before communication, they are registered with KGC, and submit the ID selected by TE or LEO, request and application for public parameter, and current satellite over-the-top (order is LEO)_A) After receiving the satellite's private key from the KGC, the LEO_AGenerating satellite authentication message (denoted as L)_A) Sending to the current ground terminal (order is TE)_A)，TE_ATo L_AAfter the authentication is passed, a ground terminal authentication message (marked as T) is generated_A) Is sent to LEO_A。LEO_AFor T_AAnd performing authentication to complete mutual authentication of the satellite and the ground terminal. Due to the high speed of satellite motion around the earth over time. Time of each satellite providing service for ground terminal in specific areaOnly a few minutes, the current satellite LEO over-the-top_AWhen leaving, it will switch authentication security parameter k over the secure channel_s(LEO_AAn integer k selected randomly_s∈N^*，N^*Is a positive integer set) to the current ground terminal TE_AWill k is_sAnd TE_AID of_ASent to the next over-the-top satellite (noted LEO)_B)，TE_AGenerating terminal rapid authentication message (marked as TF)_A) Is sent to LEO_B，LEO_BFor TF_ACarrying out authentication, and generating a satellite rapid authentication message (marked as LF) after the authentication is passed_A) Is sent to TE_A，TE_AFor LF_AAnd performing authentication to finish the rapid switching authentication process.

The KGC is provided with an initialization calculation module and a private key calculation module, and the ground terminal and the satellite are provided with a private key and public parameter management module, an authentication calculation module, a verification module and a switching authentication module.

The initialization calculation module on the KGC generates a public parameter params and a system master key x, and sends the params and x to the private key calculation module of the KGC. The private key calculation module is connected with the private key and public parameter management module of the ground terminal and the satellite. The private key calculation module receives the identity of the ground terminal, a request for applying for the public parameters and a request for applying the private key from the private key and public parameter management module of the ground terminal, calculates the private key of the ground terminal according to the identity of the ground terminal and sends the private key and the public parameters to the private key and public parameter management module of the ground terminal. The private key calculation module receives the identity identification of the satellite, the request for applying the public parameter and the request for applying the private key from the private key and public parameter management module of the satellite, calculates the private key of the satellite according to the identity identification of the satellite and sends the private key and the public parameter to the private key and public parameter management module of the satellite.

The private key and public parameter management module is connected with the private key calculation module and the authentication calculation module (belonging to the same network entity with the private key and public parameter management module) of the KGC, and is responsible for receiving the private key and the public parameter sent by the private key calculation module and sending the private key and the public parameter to the authentication calculation module.

The authentication calculation module is connected with the private key and public parameter management module (belonging to the same network entity with the authentication calculation module), the verification module (belonging to the same network entity with the authentication calculation module), and the authentication calculation module of another network entity (such as the authentication calculation module of a satellite (a class of network entity) is connected with the authentication calculation module of a ground terminal (another class of network entity), but the authentication calculation module of the satellite A (a class of network entity) is connected with the authentication calculation module of another satellite B (the same class of network entity)), the authentication calculation module receives the public parameters and the private key from the private key and public parameter management module, generates an authentication message by using the private key and the public parameters, and sends the authentication message to the authentication calculation module of the other network entity; and after receiving the authentication message sent by the authentication calculation module of another network entity, the authentication calculation module sends the received authentication message to the verification module.

The verification module is connected with the authentication calculation module (belongs to the same network entity with the verification module), the verification module receives the authentication message from the authentication calculation module and then verifies the authentication message, a session key is calculated after the authentication is passed, the session key and any symmetric encryption algorithm (such as AES, DES and the like) are used for encrypting and decrypting the message in the subsequent communication process with another network entity (for example, the satellite calculates the session key and then encrypts the message by using the session key of the satellite and then sends the message to the ground terminal, the ground terminal decrypts the received message by using the session key of the ground terminal after receiving the message, the ground terminal also encrypts the message by using the session key of the ground terminal before sending the message and then sends the message to the satellite, and the satellite decrypts the message by using the session key of the satellite) so as to complete the safe communication between the satellite and the ground terminal.

Current ground terminal TE_ACurrent overhead satellite LEO_ANext satellite LEO over the top_BThe switching authentication modules of the three are connected with each other. The overhead satellites of any ground terminal are fixed at any time throughout the system (the satellites move around the earth at high speed over time, the time each satellite serves a ground terminal in a particular area is fixed for only a few minutes, and thus the time throughout the system is fixedIn the system, the overhead satellites of a ground terminal are fixed for any period of time. ) At the LEO_AAt the end of the service, the LEO_ADetermine imminent handover, LEO_ATo the TE_AThe switching authentication module sends a switching authentication security parameter k_sTo LEO_BThe switching authentication module of (1) sends the TE_AID of_AAnd handover authentication security parameter k_s. Then TE_AThe switching authentication module generates a terminal rapid authentication message TF_AIs sent to LEO_BOf the switching authentication module, LEO_BIs switched to TF_APerforming authentication, and after the authentication is passed, LEO_BSwitching authentication module generates satellite fast authentication message LF_AIs sent to TE_AOf the handover authentication module, TE_AHandover authentication module pair LF_AAnd verifying to finish the fast switching authentication.

Secondly, an initialization calculation module on the KGC calculates a main key and public parameters of the system by using an initialization parameter generation algorithm in an identity-based signature scheme with a message recovery function (see Shim K-A. foundation: a Practical Wireless Sensor network Multi-User Broadcast Authentication scheme [ J ]. IEEE Information Forensics and secure transaction 2017, PP:1-1. English literature index is Shim K-A.BASIS: A Practical Multi-User Broadcast Authentication scheme [ J ]. IEEE transaction on Information Forensics and security 2017, PP: 1-1.) provided by Kyung-Ah Shim, and the specific flow is as follows:

2.1 initializing calculation Module selecting finite field F_qAfter determining E, the initialization calculation module randomly selects a prime number P (P can divide the number of points on E) and a point P (the order of the point P is P) according to the current Secp256k1 standard, the number of points on the elliptic curve is fixed and is not a random variable, and the number of points on E is not a prime number in general.

2.2 from the prime integer space (denoted by

) Select a number

As the master key of the identity-based authentication system facing the space-based network, the global public key P is calculated_pub＝xP。

2.3 selection of four Hash Functions H₁，H₂，F₁，F₂Wherein H₁,H₂:{0,1}^*→Z_P(H₁,H₂The function of (1) is to map a 01 binary sequence code with an arbitrary length into a 01 binary sequence code with a length of a, and a belongs to Z_p，Z_pIs a prime integer space containing p),

(F₁the function of the method is to map 01 binary sequence codes with arbitrary length into a length k₂The 01 binary sequence code of),

(F₂has the effect of reducing the length to k₁Mapping 01 binary sequence code to length k₂01 binary sequence code), k₁And k₂Is two positive integers and satisfies p ═ k₁+k₂。

2.4 mixing F_q,E,p,P,P_pub,H₁,H₂,F₁,F₂,k₁,k₂The identity-based authentication system public parameters params and params which are combined to form the space-based network<F_q,E,p,P,P_pub,H₁,H₂,F₁,F₂,k₁,k₂>Params is published.

And thirdly, the private key calculation module on the KGC calculates a corresponding private key according to the identity submitted by the ground terminal and the satellite, and distributes the private key and the public parameter params to the private key and public parameter management module of the ground terminal and the satellite. The method comprises the following steps:

3.1 ground terminal TE_AThe private key and public parameter management module submits an identity ID to a private key calculation module of the KGC_AApplication disclosureA request for parameter params, a request for application for a private key.

3.2 private Key computation Module from ground terminal TE_AThe private key and public parameter management module receives the ID_AAnd request for public parameter params, request for private key, calculation and ID_ACorresponding private key sk_A(ii) a The method for calculating the private key adopts a private key generation algorithm in an identity-based signature scheme with a message recovery function, which is provided by Kyung-Ah Shim, and comprises the following steps:

3.2.1 private Key computation Module from

Randomly selecting any number from the middle random selection list as a ground terminal registration random number, and recording the random number as r_A，

3.2.2 private Key computation Module compute private Key sk_A，sk_A＝(R_A,v_A)，R_A＝r_AP,v_A＝r_A+c_Axmod p, wherein c_A＝H₁(ID_A,R_A)，R_AIs the front part of the private key of the ground terminal, c_AIs a ground terminal private key hash intermediate value, v_AIs the back part of the private key of the ground terminal, and x is the system master key.

3.3 private Key computation Module will sk_AAnd params to TE_AThe private key and public parameter management module.

3.4 TE_AThe private key and public parameter management module will sk_AAnd params are stored locally.

3.5 satellite LEO_AThe private key and public parameter management module submits the identity selected by the private key and public parameter management module to the private key calculation module of the KGC

The application discloses a request of parameter params and a request of applying a private key.

3.6 private Key computation Module Slave satellite LEO_AOfKey and public parameter management module reception

And request for public parameter params, request for private key, calculation and

corresponding private key

The calculation method of the private key is the same as that of 3.2, and a private key generation algorithm in an identity-based signature scheme with a message recovery function proposed by Kyung-Ah Shim is also adopted, and the method comprises the following steps:

3.6.1 private Key computation Module from

Randomly selecting any number as satellite registration random number, and recording as

3.6.2 private Key computation Module computation

Corresponding private key

Wherein

Is the front part of the satellite private key,

is the hash intermediate value of the satellite private key,

behind the satellite private key.

3.7 private Key computation Module

And params to LEO_AThe private key and public parameter management module.

3.8 LEO_AThe private key and public parameter management module of

And params are stored locally.

Fourth, ground terminal TE_APerforming current satellite LEO over the top when accessing an identity-based authentication system facing a space-based network for the first time_AAnd TE_AAnd computing the session key: TE_AComplete the LEO pair first_AThe authentication of (1); then to ensure that the ground terminals accessing the space based network are authorized, the LEO_AFor TE_ACarrying out authentication; finally according to LEO in the authentication process_AAnd TE_AReceived message, LEO_AAnd TE_AA corresponding session key is calculated. The specific process is as follows:

4.1 LEO_Athe authentication computing module generates a satellite authentication message L_AAnd broadcasts L to the ground_A(the efficiency of authentication is improved by using the broadcasting characteristic of the satellite, and the calculation expense of the satellite is reduced), the method comprises the following specific steps:

4.1.1 LEO_Aauthentication computing module of

Randomly selecting an integer as the random number of the satellite authentication message (noted as

) And computes the plaintext of the satellite authentication message

Is a binary sequence code consisting of 0 and 1.

4.1.2 LEO_AUsing private key

Using signature algorithm (signature algorithm in identity-based signature scheme with message recovery function proposed by Kyung-Ah Shim) pair

Signing to generate LEO_ASatellite authentication message L_AThe method comprises the following steps:

4.1.2.1 LEO_Aauthentication computing module of

Randomly selects an integer as a satellite signature random number (recorded as

)。

4.1.2.2 LEO_AAuthentication computing module of

Divided into two parts

And

wherein

Has a sequence code length of k₂(i.e. the

Has a number of bits of k₂)。

4.1.2.3 LEO_AAuthentication computing module computing deviceStar authentication message signature intermediate quantity (noted as

)，

(| | is a binary operator, and 01 binary sequence codes of two elements participating in operation are spliced together in sequence;

the operator is a binary operator, and the 01 binary sequence codes of the two elements participating in the operation are subjected to exclusive OR operation;

higher priority than |); computing elliptic curve components (denoted as

),

Representing points on the elliptic curve E

X-axis coordinates of); computing the Hash intermediate value of the satellite signature message (note as

),

Compute satellite signature message trailer (note

)

Behind the satellite private key.

4.1.2.4 will

Generating a plaintext

Signed encrypted message of

Is that

Constituent quadruplets, i.e.

Wherein

Are all 01 binary sequence codes and are provided with a code,

is according to

Sequentially arranged 01 binary sequence codes.

4.1.2.5 will

Spliced into satellite authentication message L_A(

Is LEO_ATime stamp of (3), record LEO_AThe current time),

wherein

Are all 01 binary sequence codes, L_AIs according to

Sequentially arranged 01 binary sequence codes.

4.1.3 LEO_AWill authenticate message L_ABroadcasting to ground while recording satellite broadcast L_AAt time t₁。

4.1.4 LEO_AObtaining LEO_ACurrent time t₂Let time interval T equal to T₂-t₁(ii) a Setting a first time threshold T₁(T₁According to the system requirement, if the system is required to consume less communication resources, the broadcast period is as long as possible but cannot exceed the minimum residence time, T, of the satellite above the node₁Typically set at 200 seconds; if the system is required to operate efficiently, the broadcast period should be as short as possible, but the proportion of broadcast messages to communication resources should not be too high, T₁Typically set at 50 seconds), if T<T₁Turning to step 4.2, if T is more than or equal to T₁Then 4.1.3 steps are taken.

4.2 ground terminal TE_ATo satellite LEO_AAnd (3) performing authentication, which specifically comprises the following steps:

4.2.1 TE_Areceiving LEO by the authentication calculation module_ABroadcasted message L_AIs prepared by mixing L_AIs sent to TE_AThe verification module of (1).

4.2.2 TE_AThe verification module receives L_ALook over L_ATime stamp on

And TE_AIs at a second time threshold T₂(T₂According to the actual condition of the system to set T₂Can not be longer than the time for transmitting the message from the satellite to the ground terminal, generally set to 1 second-10 seconds), if T ≦ T₂Turning to step 4.2.3; if t is>T₂Then TE_ARecognizes the issue L_ALEO (R) of_AIs illegal, TE_ARefusing to access the space-based network, and turning to the step 4.1;

4.2.3 TE_Athe verification module of (2) pairs the message L_AIn (1)

Performing verification, if the verification passes, TE_ADetermine satellite LEO_AIs legitimate and can obtain satellite authentication message plaintext

Turning to step 4.2.4; if the verification fails, TE_ARecognizes the issue L_ALEO (R) of_AIs illegal, TE_ARefusing to access the space-based network, and turning to the step 4.1; the verification algorithm adopts a verification algorithm in an identity-based signature scheme with a message recovery function, which is provided by Kyung-Ah Shim, and specifically comprises the following steps:

4.2.3.1 TE_Athe verification module calculates the hash intermediate values of the satellite signature messages in turn

Satellite private key hash intermediate value

Satellite authentication message signature intermediate volume

And satellite authentication message plaintext back

To represent

Rightmost k of₂A binary sequence code of bit 01 is set,

to represent

Leftmost k₁Bit 01 binary sequence code).

4.2.3.2 if

Then the verification passes (i.e. 01 binary sequence codes at both ends of the equation are equal)Go to step 4.2.4, otherwise, verify fail, TE_ARecognizes the issue L_ALEO (R) of_AIs illegal, TE_AAnd refusing to access the space-based network, and turning to the step 4.1.

4.2.4 at this time, TE_AThe verification module of (2) determines satellite LEO_AIs legitimate, TE_AFrom the verification module L_AExtracting to obtain

Will be provided with

And 4.2.3.1 calculated in step

Splicing to obtain satellite verification message

And to TE_AThe authentication computation module of (1) sends a confirmation instruction.

4.2.5 TE_AThe authentication computing module generates a ground terminal authentication message T_AAnd generating T_AMeanwhile, ECDH (The elliptic curve is translated into Diffie-Hellman key exchange algorithm on elliptic curve, Diffie and Hellman are names of people, which is specifically referred to Haakegaard R, Lang J]The method comprises the following steps of calculating a session key by using an Online at https:// koclab. cs. ucsb. edu/teaching/ecc/project/2015 project/Haakegaard + Lang. pdf.2015.) key exchange algorithm:

4.2.5.1 TE_Aauthentication computing module of

Randomly selecting an integer as a random number (marked as k) of the ground terminal verification message_A，

) And calculating the plaintext m of the ground terminal verification message_A，m_A＝k_AP(m_AIs a binary sequence code composed of 0 and 1, in the elliptic curve encryption theory, a plaintext message is generally encoded to a certain point on an elliptic curve, and the point and the plaintext message are in a one-to-one correspondence relationship).

4.2.5.2 TE_AThe authentication calculation module uses the private key sk_AUsing signature algorithm to pair m_ASigning is carried out to generate a pair of plaintext m_ASigned encrypted message sigma (m)_A) The method comprises the following steps:

4.2.5.2.1 TE_Aauthentication computing module of

Randomly selecting an integer as a ground terminal signature random number (denoted as t)_A，

)。

4.2.5.2.2 TE_AM is calculated by the authentication calculation module_ADivided into two parts m_A1And m_A2Wherein m is_A2Has a sequence code length of k₂(i.e., m)_A2Has a number of bits of k₂)。

4.2.5.2.3 TE_AThe authentication calculation module calculates a ground terminal verification message signature intermediate quantity (denoted as m'_A)，

Calculating elliptic curve component (marked as y) of signature message of ground terminal_A),

((t_AP)_XRepresenting a point t on the elliptic curve E_ACoordinates on the X-axis of P); calculating the hash intermediate value (marked as h) of the signature message of the ground terminal_A),h_A＝H₂(ID_A||R_A||y_A)，h_A＝H₂(ID_A||R_A||y||_A) Indicates the ID_A,R_A,y_ASplicing into a binary sequence, and then using the binary sequence as the binary sequenceFunction H₂Calculating the hash value of the binary sequence; computing ground terminal signature message tail element (noted as z)_A)z_A＝t_A+h_Av_A modp，v_AIs the back part of the private key of the ground terminal.

4.2.5.2.4 mixing m_A1,R_A,y_A,z_AGenerating a plaintext m_ASigned encrypted message sigma (m)_A)，σ(m_A) Is m_A1,R_A,y_A,z_AConstituent quadruples, σ (m)_A)＝(m_A1||R_A||y_A||z_A) (ii) a Wherein m is_A1,R_A,y_A,z_AAre all 01 binary sequence codes, σ (m)_A) Is according to m_A1,R_A,y_A,z_ASequentially arranged 01 binary sequence codes.

4.2.5.3 TE_AAuthentication computation module of (2) select TE_ATime stamp tt_AWill ID_A、tt_A、σ(m_A) Spliced ground terminal authentication message T_A，T_A＝ID_A||tt_A||σ(m_A) (ii) a Wherein the ID_A、tt_A、σ(m_A) Are all 01 binary sequence codes, T_AIs in accordance with ID_A、tt_A、σ(m_A) Sequentially arranged 01 binary sequence codes. TE_AThe authentication calculation module of (A) is to be_AIs sent to LEO_AThe authentication calculation module of (1).

4.2.5.4 TE_AThe authentication calculation module calculates the session key

In TE_AAnd LEO_AAfter the mutual authentication is finished, the two parties encrypt the session information by using a symmetric encryption algorithm (such as AES, DES and the like), K₁I.e. the key used in the symmetric encryption algorithm.

4.3 LEO_AThe authentication computing module receives the message T_AWill T_AIs sent to LEO_AThe verification module of (1).

4.4 LEO_AThe verification module of (2) receives T_ATo ground terminal TE_AThe authentication is carried out by the following method:

4.4.1 LEO_Athe verification module of (1) checks T_ATime stamp tt on_AAnd LEO_AIs at a third time threshold T₃(T₃According to the actual condition of the system to set T₃Not more than the time of transmission of the message from the ground terminal to the satellite, generally set to 1-10 seconds), if T ≦ T₃Turning to step 4.4.2; if t is>T₃Then LEO_ARecognizing the issue of T_ATE of_AIs illegal, LEO_ARejection of TE_AAccess to space-based network, stop and TE_AGo to step 4.2.5.

4.4.2 LEO_AVerification module pair T_Aσ (m) of (1)_A) Performing verification, if the verification is passed, LEO_ATE can be determined_AIs legal and gets the corresponding plaintext m_ATurning to step 4.4.3; if the verification fails, LEO_ARecognizing the issue of T_ATE of_AIs illegal, LEO_ARejection of TE_AAccess to space-based network, stop and TE_AStep 4.2.5; the verification algorithm is the same as sigma (m) in step 4.2.3_l) The verification algorithm of (1) is specifically as follows:

4.4.2.1 LEO_Athe verification module calculates the hash intermediate value h of the ground terminal signature message in turn_A＝H₂(ID_A||R_A||y_A) The intermediate value c of the private key hash of the ground terminal_A＝H₁(ID_A||R_A) Ground terminal verifying message signature intermediate quantity

And the ground terminal verifies the back part of the message plaintext

Is m'_ARightmost k of₂Bit 01A binary sequence code is set for each of the plurality of codes,_k1[m′_A]is m'_ALeftmost k₁Bit 01 binary sequence code).

4.4.2.2 if_k1[m′_A]＝F₁(m_A1||m_A2) The verification is passed, go to step 4.4.3, otherwise the verification fails, LEO_ARecognizing the issue of T_ATE of_AIs illegal, LEO_ARejection of TE_AAccess to space-based network, stop and TE_AStep 4.2.5;

4.4.3 LEO_Athe verification module of (2) determines the TE_AIs legitimate, LEO_AFrom the verification module of T_AExtract m_A1M is_A1And m_A2The two are spliced to obtain a ground terminal verification message m_AThen LEO_ATo the LEO_AThe authentication computation module of (1) sends a confirmation instruction.

4.4.4 LEO_AThe authentication calculation module adopts an ECDH key exchange algorithm to calculate a session key

And the negotiation of the session key is completed by using an ECDH algorithm in the authentication process. The algorithm is based on a discrete logarithm problem on an elliptic curve. At this stage, the discrete logarithm problem on elliptic curves is considered to be difficult to solve, and therefore the key exchange algorithm can be considered to be secure. The correctness of the above procedure is demonstrated as follows:

fifthly, after completing the mutual authentication, LEO_AAnd TE_ANormal communication, LEO_APredicting LEO at the end of service_AAnd when the user is about to leave the current area, the step six is carried out. LEO_APredicting LEO at the end of service_AAnd turning to the fifth step without leaving the current area.

Sixthly, the currently leaving overhead satellite LEO_AAnd the groundFace terminal TE_ANext satellite LEO over the top_BThe authentication is carried out by switching among planets by LEO_AGenerates an authentication security parameter k_sWill k is_sIs sent to TE_ASwitching authentication module of (2) to switch the TE_AID of_AAnd k_sIs sent to LEO_BSwitch authentication module (assuming LEO is present at this time)_AAnd TE_A、LEO_BThe two-way authentication is completed, and as long as the two-way authentication is passed, a secure channel exists between the two communication parties); then TE_AThe switching authentication module generates a terminal rapid authentication message (marked as TF)_A) Is sent to LEO_BOf the switching authentication module, LEO_BThe handover authentication module of (1) receives the TF_AThereafter, the TE is verified_AAfter the verification is passed, LEO_BThe switching authentication module generates a satellite fast authentication message (marked as LF)_B) And will LF_BIs sent to TE_AAfter the verification is passed, the switching authentication stage is ended, and TE_AAnd LEO_BAnd (4) normal communication. The method comprises the following specific steps:

6.1 LEO_Afrom a positive integer set N^*Randomly selecting an integer as an authentication security parameter (denoted as k)_s，k_s∈N^*) Will k is_sIs sent to TE_ASwitching authentication module of (2) to switch the TE_AID of_AAnd authenticating a security parameter k_sIs sent to LEO_BThe handover authentication module of (1). TE_AAnd LEO_BAfter receiving the message, the switching authentication module stores the relevant parameters locally.

6.2 TE_AThe switching authentication module generates a terminal rapid authentication message TF_AThe method comprises the following steps:

6.2.1 TE_Aswitch authentication module of

Randomly selecting an integer as a terminal switching authentication parameter (marked as k)_t2，

) Computing terminal switching authentication message plaintext m_t2，m_t2＝k_t2P。

6.2.2 TE_AThe switching authentication module generates a terminal rapid authentication message TF_A，TF_A＝ID_A||m_t2||tt_A′||H₁(k_s||m_t2)(TF_AIs composed of an ID_A、m_t2、tt_A、H₁(k_s||m_t2) 01 binary sequence code tt formed by splicing four 01 binary sequence codes in sequence_AIs' is TF_ATime stamp of (2) indicating TE_AThe current time; h₁(k_s||m_t2) Means that k is_s,m_t2Spliced 01 binary sequence code as Hash function H₁The calculated 01 binary sequence) and converting the TF_AIs sent to LEO_BThe handover authentication module of (1).

6.3 LEO_BIs switched to TE_AThe method for authenticating and calculating the session key comprises the following steps:

6.3.1 LEO_Bfrom TE to the handover authentication module_AThe handover authentication module of (1) receives the TF_AAfter that, TF is checked_ATime stamp tt on_A' and LEO_BIs at a fourth time threshold T₄(T₄According to the actual condition of the system to set T₄Cannot be greater than the time for the message to travel from the ground terminal to the satellite, and is typically set to 1 second-10 seconds), if tt ≦ T₄Turning to step 6.3.2; if tt>T₄Then LEO_BIdentify TE_AIs illegal, refused to be TE_AAnd (6) providing the service, and turning to step 6.2.

6.3.2 LEO_BAccording to TF_AIdentity ID of_ARetrieving authentication security parameter k corresponding thereto_sAnd use k_sAnd m_t2Computing satellite handover hash authentication values

If it is not

And slave message TF_ALifting the extracted H₁(k_s||m_t2) If the values are equal, the authentication is passed, and the step 6.3.3 is carried out; otherwise LEO_BIdentify TE_AIs illegal, refused to be TE_AAnd (6) providing the service, and turning to step 6.2.

6.3.3 LEO_BSwitching authentication module generates satellite fast authentication message LF_BAnd calculating a session key, the method comprising:

6.3.3.1 LEO_Bswitch authentication module of

Randomly selecting an integer as a satellite switching authentication parameter (marked as k)_l2，

) And calculating the satellite switching authentication message plaintext m_l2，m_l2＝k_l2P。

6.3.3.2 LEO_BSwitching authentication module generates satellite fast authentication message LF_B,LF_B＝m_l2||tt_LEO′||H₁(k_s||m_l2)(LF_BIs formed by m_l2、tt_LEO′、H₁(k_s||m_l2) A 01 binary sequence code tt formed by sequentially splicing three 01 binary sequence codes_LEOIs LF_BTime stamp of (3), representing LEO_BThe current time; h₁(k_s||m_l2) Means that k is_s,m_l2Spliced 01 binary sequence code as Hash function H₁The calculated 01 binary sequence) and apply the LF_BIs sent to TE_AThe handover authentication module of (1).

6.3.3.3 LEO_BThe switching authentication module calculates a session key K_LEOB＝H₁(tt_A||tt_LEO′||k_l2×m_t2||k_s). The formulaMeans will tt_A,tt_LEO′,k_l2×m_t2,k_sSplicing four 01 binary sequence codes in sequence to form a 01 binary sequence code, and taking the 01 binary sequence code as a hash function H₁Is input. At the LEO_BAnd TE_AAfter the switching authentication is finished, the two are like LEO_AAnd TE_AThe communication uses a symmetric encryption algorithm (such as AES, DES and the like) for secure communication,

is the session key used in the symmetric encryption algorithm.

6.4 TE_ATo LEO_BThe method for authenticating and calculating the session key comprises the following steps:

6.4.1 TE_Aswitch authentication module slave LEO_BReceiving LF by the switching authentication module_BChecking LF_BTime stamp tt on_LEO' with TE_AIs at a fifth time threshold T₅(T₅According to the actual condition of the system to set T₅Can not be greater than the time for the message to travel from the ground terminal to the satellite, generally set to 1 second-10 seconds), if ttt ≦ T₅Turning to step 6.4.2; if ttt>T₅Then TE_AIdentify LEO_BIs illegal, TE_AAnd refusing to access the space-based network, and turning to step 6.3.3.

6.4.2 TE_AAccording to the authentication security parameter k stored locally_sAnd message LF_BM of (a)_l2Calculating the Hash authentication value h of the ground terminal_A′＝H₁(k_s||m_l2) If h is calculated_AAND message LF_BExtracted H₁(k_s||m_l2) If the values are equal, the authentication is passed, and the step 6.4.3 is carried out; otherwise TE_AIdentify LEO_BIs illegal, TE_ADenying access to space-based network, stopping with LEO_BGo to step 6.3.3.

6.4.3 TE_AComputing a session key K_A＝H₁(tt_A||tt_L′_EO||k_t2×m_l2||k_s) (ii) a At the LEO_BAnd TE_AAfter the switching authentication is finished, the two are like LEO_AAnd TE_AThe communication uses a symmetric encryption algorithm (such as AES, DES and the like) for safe communication, K_AIs the session key used in the symmetric encryption algorithm.

And step seven, finishing.

Claims (9)

1. An identity-based authentication method facing a space-based network is characterized by comprising the following steps:

firstly, constructing an identity-based authentication system facing a space-based network; the identity-based authentication system facing the space-based network consists of three network entities, namely a ground terminal TE, a key generation center KGC and a low earth orbit satellite LEO; the KGC is connected with a plurality of TEs and LEOs through wireless links;

before mutual authentication of TE and LEO, KGC calculates a system master key x and a public parameter params; KGC receives the identity identification, the request for applying the public parameters and the request for applying the private key from TE and LEO, the KGC calculates the private keys of the TE and LEO by using the public parameters params and the master key x, distributes the satellite private key and the public parameters to the satellite in a safe environment, and distributes the private key and the public parameters of the ground terminal to the ground terminal;

TE and LEO are connected with each other and connected with KGC, registration is carried out on KGC before communication, ID selected by TE or LEO, request for applying public parameters and request for applying private key are submitted to KGC, and the current satellite LEO is used_AAfter receiving the satellite's private key from the KGC, the LEO_AGenerating satellite authentication message L_ASending to the current ground terminal TE_A，TE_ATo L_ACarrying out authentication, and generating a ground terminal authentication message T after the authentication is passed_AIs sent to LEO_A；LEO_AFor T_APerforming authentication to complete mutual authentication of the satellite and the ground terminal; current over-the-top satellite LEO_AAbout to leave, LEO_AAuthenticating a handover authentication security parameter k over a secure channel_sSending to the current ground terminal TE_AWill k is_sAnd TE_AID of_ASend to the next over-the-top satellite LEO_B，TE_AGenerating a terminal fast authentication message TF_AIs sent to LEO_B，LEO_BFor TF_ACarrying out authentication, and generating a satellite rapid authentication message LF after the authentication is passed_AIs sent to TE_A，TE_AFor LF_APerforming authentication to complete a rapid switching authentication process;

the KGC is provided with an initialization calculation module and a private key calculation module, and the ground terminal and the satellite are provided with a private key and public parameter management module, an authentication calculation module, a verification module and a switching authentication module;

an initialization calculation module on the KGC generates a public parameter params and a system master key x, and sends the params and the x to a private key calculation module of the KGC; the private key calculation module is connected with the private key and public parameter management modules of the ground terminal and the satellite; the private key calculation module receives the identity of the ground terminal, a request for applying for public parameters and a request for applying for the private key from the private key and public parameter management module of the ground terminal, calculates the private key of the ground terminal according to the identity of the ground terminal and sends the private key and the public parameters to the private key and public parameter management module of the ground terminal; the private key calculation module receives the identity identification of the satellite, a request for applying the public parameter and a request for applying the private key from the private key and public parameter management module of the satellite, calculates the private key of the satellite according to the identity identification of the satellite and sends the private key and the public parameter to the private key and public parameter management module of the satellite;

the private key and public parameter management module is connected with the private key calculation module of the KGC, is connected with the authentication calculation module of which the private key and public parameter management module belongs to the same network entity, and is responsible for receiving the private key and the public parameter sent by the private key calculation module and sending the private key and the public parameter to the authentication calculation module;

the authentication calculation module is connected with a private key and public parameter management module, a verification module and an authentication calculation module of another network entity, wherein the private key and public parameter management module and the authentication calculation module belong to the same network entity; after receiving the authentication message sent by the authentication calculation module of another network entity, the authentication calculation module sends the received authentication message to the verification module;

the verification module is connected with an authentication calculation module which belongs to the same network entity with the verification module, receives the authentication message from the authentication calculation module, verifies the authentication message, calculates a session key after the verification is passed, and then completes the safe communication between the satellite and the ground terminal with another network entity; current ground terminal TE_ACurrent overhead satellite LEO_AAnd the next over-the-top satellite LEO_BThe switching authentication modules of the three modules are connected with each other; at the LEO_AAt the end of the service, the LEO_ADetermine imminent handover, LEO_ATo the TE_AThe switching authentication module sends a switching authentication security parameter k_sTo LEO_BThe switching authentication module of (1) sends the TE_AID of_AAnd handover authentication security parameter k_s(ii) a Then TE_AThe switching authentication module generates a terminal rapid authentication message TF_AIs sent to LEO_BOf the switching authentication module, LEO_BIs switched to TF_APerforming authentication, and after the authentication is passed, LEO_BSwitching authentication module generates satellite fast authentication message LF_AIs sent to TE_AOf the handover authentication module, TE_AHandover authentication module pair LF_AVerifying to complete the fast switching authentication;

secondly, an initialization calculation module on the KGC calculates a system master key and public parameters by using an initialization parameter generation algorithm in an identity-based signature scheme with a message recovery function, and the specific process is as follows:

2.1 initializing calculation Module selecting finite field F_qAfter the elliptic curve E is determined, initializing a calculation module to randomly select a prime number P and a point P, wherein the order of the point P is P, and the P requires that the number of points on the E can be divided completely;

2.2 removal of the prime integer space from p

One number x is selected from the group,

as the master key of the identity-based authentication system facing the space-based network, the global public key P is calculated_pub＝xP；

2.3 selection of four Hash Functions H₁，H₂，F₁，F₂In which H is₁,H₂:{0,1}^*→Z_P，

H₁,H₂The function of (1) is to map a 01 binary sequence code with an arbitrary length into a 01 binary sequence code with a length of a, and a belongs to Z_p，Z_pIs a prime integer space containing p, F₁The function of the method is to map 01 binary sequence codes with arbitrary length into a length k₂01 binary sequence code, F₂Has the effect of reducing the length to k₁Mapping 01 binary sequence code to length k₂01 binary sequence code, k₁And k₂Is two positive integers and satisfies p ═ k₁+k₂；

2.4 mixing F_q,E,p,P,P_pub,H₁,H₂,F₁,F₂,k₁,k₂The identity-based authentication system public parameters params and params which are combined to form the space-based network<F_q,E,p,P,P_pub,H₁,H₂,F₁,F₂,k₁,k₂>Params, published;

thirdly, a private key calculation module on the KGC calculates a corresponding private key according to the identity submitted by the ground terminal and the satellite, and distributes the private key and the public parameter params to a private key and public parameter management module of the ground terminal and the satellite; the method comprises the following steps:

3.1 ground terminal TE_AThe private key and public parameter management module provides the KGC private key calculation module with the public parameter management moduleTraffic identification ID_AThe request for applying the public parameter params and the request for applying the private key;

3.2 private Key computation Module from ground terminal TE_AThe private key and public parameter management module receives the ID_AAnd request for public parameter params and request for private key, computing and ID_ACorresponding private key sk_A；

3.3 private Key computation Module will sk_AAnd params to TE_AThe private key and public parameter management module;

3.4 TE_Athe private key and public parameter management module will sk_AAnd params stored locally;

3.5 satellite LEO_AThe private key and public parameter management module submits the identity selected by the private key and public parameter management module to the private key calculation module of the KGC

A request for applying a public parameter params and a request for applying a private key;

3.6 private Key computation Module Slave satellite LEO_APrivate key and public parameter management module receiving

And request for public parameter params and request for private key, calculation and

corresponding private key

3.7 private Key computation Module

And params to LEO_AThe private key and public parameter management module;

3.8 LEO_Athe private key and public parameter management module of

And params stored locally;

fourth, ground terminal TE_APerforming current satellite LEO over the top when accessing an identity-based authentication system facing a space-based network for the first time_AAnd TE_AMutual authentication and session key agreement: TE_AComplete the LEO pair first_AThe authentication of (1); then LEO_AFor TE_ACarrying out authentication; finally according to LEO in the authentication process_AAnd TE_AReceived message, LEO_AAnd TE_ACalculating a corresponding session key, wherein the specific process is as follows:

4.1 LEO_Athe authentication computing module generates a satellite authentication message L_AAnd broadcasts L to the ground_AThe method comprises the following specific steps:

4.1.1 LEO_Aauthentication computing module of

Randomly selecting an integer as the random number of the satellite authentication message

And computes the plaintext of the satellite authentication message

Is a binary sequence code consisting of 0 and 1;

4.1.2 LEO_Ausing private key

Using signature algorithm pair

Signing to generate LEO_ASatellite authentication message L_AThe method comprises：

4.1.2.1 LEO_AAuthentication computing module of

Randomly selecting an integer as a satellite signature random number

4.1.2.2 LEO_AAuthentication computing module of

Divided into two parts

And

wherein

Has a sequence code length of k₂I.e. by

Has a number of bits of k₂；

4.1.2.3 LEO_AThe authentication calculation module calculates the intermediate quantity of the satellite verification message signature

Is a binary fortuneThe operator splices the 01 binary sequence codes of the two elements participating in the operation in sequence;

the operator is a binary operator, and the 01 binary sequence codes of the two elements participating in the operation are subjected to exclusive OR operation;

is higher than |; computing elliptic curve components of satellite signature messages

Representing points on the elliptic curve E

X-axis coordinates of (a); computing a hash intermediate value for a satellite signature message

Computing satellite signature message tail elements

Is the back of the satellite private key;

is satellite LEO_AA private key front;

4.1.2.4 will

Generating a plaintext

Signed encrypted message of

Is that

Constituent quadruplets, i.e.

Wherein

Are all 01 binary sequence codes and are provided with a code,

is according to

Sequentially arranged 01 binary sequence codes;

4.1.2.5 will

Spliced into satellite authentication message L_A，

Is LEO_ATime stamp of (3), record LEO_AThe current time of day is the time of day,

wherein

Are all 01 binary sequence codes, L_AIs according to

Sequentially arranged 01 binary sequence codes;

4.1.3 LEO_Awill authenticate message L_ABroadcasting to ground while recording satellite broadcast L_AAt time t₁；

4.1.4 LEO_AObtaining LEO_ACurrent time t₂Let time interval T equal to T₂-t₁If T is<T₁，T₁Turning to 4.2 steps for the first time threshold value, if T is more than or equal to T₁4.1.3 steps are carried out;

4.2 ground terminal TE_ATo satellite LEO_AAnd (3) performing authentication, which specifically comprises the following steps:

4.2.1 TE_Areceiving LEO by the authentication calculation module_ABroadcasted message L_AIs prepared by mixing L_AIs sent to TE_AThe verification module of (1);

4.2.2 TE_Athe verification module receives L_ALook over L_ATime stamp on

And TE_AIs at a second time threshold T₂If T is less than or equal to T₂Turning to step 4.2.3; if t is>T₂Then TE_ARecognizes the issue L_ALEO (R) of_AIs illegal, TE_ARefusing to access the space-based network, and turning to the step 4.1;

4.2.3 TE_Athe verification module of (2) pairs the message L_AIn (1)

Performing verification, if the verification passes, TE_ADetermine satellite LEO_AIs legitimate and a satellite can be obtainedVerifying a message plaintext

Turning to step 4.2.4; if the verification fails, TE_ARecognizes the issue L_ALEO (R) of_AIs illegal, TE_ARefusing to access the space-based network, and turning to the step 4.1; TE_AThe verification module adopts a verification algorithm in an identity-based signature scheme with a message recovery function to carry out verification on the message L_AIn (1)

The verification is carried out by the following method:

4.2.3.1 TE_Athe verification module calculates the hash intermediate values of the satellite signature messages in turn

Satellite private key hash intermediate value

Satellite authentication message signature intermediate volume

And satellite authentication message plaintext back

To represent

Rightmost k of₂A binary sequence code of bit 01 is set,

to represent

Leftmost k₁Bit 01 binary sequence code;

4.2.3.2 if

Then authentication is passed, TE_ADetermining satellite LEO_AIs legitimate and can obtain satellite authentication message plaintext

Go to step 4.2.4, otherwise, verify fail, TE_ARecognizes the issue L_ALEO (R) of_AIs illegal, TE_ARefusing to access the space-based network, and turning to the step 4.1;

4.2.4 TE_Afrom the verification module L_AExtracting to obtain

Will be provided with

And 4.2.3.1 calculated in step

Splicing to obtain satellite verification message

And to TE_AThe authentication calculation module sends a confirmation instruction indicating that the satellite is legal;

4.2.5 TE_Athe authentication computing module generates a ground terminal authentication message T_AAnd generating T_AMeanwhile, an ECDH key exchange algorithm is adopted to calculate the session key, and the specific steps are as follows:

4.2.5.1 TE_Aauthentication computing module of

Randomly selecting an integer as a random number k of the ground terminal verification message_A，

And calculating the plaintext m of the ground terminal verification message_A，m_A＝k_AP，m_AIs a binary sequence code consisting of 0 and 1;

4.2.5.2 TE_Athe authentication calculation module uses the private key sk_AUsing signature algorithm to pair m_ASigning is carried out to generate a pair of plaintext m_ASigned encrypted message sigma (m)_A)，σ(m_A) Is m_A1,R_A,y_A,z_AConstituent quadruples, σ (m)_A)＝(m_A1,R_A,y_A,z_A)；m_A1Is m_AA moiety of (A), R_AIs the ground terminal private key sk_AFront part, y_ASigning the elliptic curve component of the message, z, for the ground terminal_ASigning the message tail element, m, for the ground terminal_A1,R_A,y_A,z_AAre all 01 binary sequence codes, σ (m)_A) Is according to m_A1,R_A,y_A,z_ASequentially arranged 01 binary sequence codes;

4.2.5.3 TE_Aauthentication computation module of (2) select TE_ATime stamp tt_AWill ID_A、tt_A、σ(m_A) Spliced ground terminal authentication message T_A，T_A＝ID_A||tt_A||σ(m_A) (ii) a Wherein the ID_A、tt_A、σ(m_A) Are all 01 binary sequence codes, T_AIs in accordance with ID_A、tt_A、σ(m_A) Sequentially arranged 01 binary sequence codes; TE_AThe authentication calculation module of (A) is to be_AIs sent to LEO_AThe authentication calculation module of (1);

4.2.5.4 TE_Athe authentication calculation module calculates the session key

In TE_AAnd LEO_AAfter the mutual authentication is finished, the two parties encrypt the session letter by using a symmetric encryption algorithmThen, K₁Namely a secret key used in a symmetric encryption algorithm;

4.3 LEO_Athe authentication computing module receives the message T_AWill T_AIs sent to LEO_AThe verification module of (1);

4.4 LEO_Athe verification module of (2) receives T_ATo ground terminal TE_AThe authentication is carried out by the following method:

4.4.1 LEO_Athe verification module of (1) checks T_ATime stamp tt on_AAnd LEO_AIs at a third time threshold T₃If T' is less than or equal to T₃Turning to step 4.4.2; if t'>T₃Then LEO_ARecognizing the issue of T_ATE of_AIs illegal, LEO_ARejection of TE_AAccess to space-based network, stop and TE_AStep 4.2.5;

4.4.2 LEO_Averification module pair T_Aσ (m) of (1)_A) Performing verification, if the verification is passed, LEO_ATE can be determined_AIs legal and gets the corresponding plaintext m_ATurning to step 4.4.3; if the verification fails, LEO_ARecognizing the issue of T_ATE of_AIs illegal, LEO_ARejection of TE_AAccess to space-based network, stop and TE_AStep 4.2.5;

4.4.3 LEO_Afrom the verification module of T_AExtract m_A1M is_A1And m_A2The two are spliced to obtain a ground terminal verification message m_AThen LEO_ATo the LEO_AThe authentication calculation module sends a confirmation instruction;

4.4.4 LEO_Athe authentication calculation module adopts an ECDH key exchange algorithm to calculate a session key

Fifth aspect of the inventionStep, LEO_AAnd TE_ANormal communication, LEO_APredicting LEO at the end of service_ATurning to the sixth step when the user leaves the current area; LEO_APredicting LEO at the end of service_ATurning to the fifth step without leaving the current area;

sixthly, the satellite LEO which is about to leave at present_AGround terminal TE_ANext satellite LEO over the top_BThe authentication is carried out by switching among planets by LEO_AGenerates an authentication security parameter k_sWill k is_sIs sent to TE_ASwitching authentication module of (2) to switch the TE_AID of_AAnd k_sIs sent to LEO_BRequesting the LEO at that time_AAnd TE_A、LEO_BBoth-way authentication is completed; then TE_AThe switching authentication module generates a terminal rapid authentication message TF_AIs sent to LEO_BOf the switching authentication module, LEO_BThe handover authentication module of (1) receives the TF_AThereafter, the TE is verified_AAfter the verification is passed, LEO_BSwitching authentication module generates satellite fast authentication message LF_BAnd will LF_BIs sent to TE_AAfter the verification is passed, the switching authentication stage is ended, and TE_AAnd LEO_BNormal communication; the method comprises the following specific steps:

6.1 LEO_Afrom a positive integer set N^*Randomly selecting an integer as the authentication security parameter k_s，k_s∈N^*Will k is_sIs sent to TE_ASwitching authentication module of (2) to switch the TE_AID of_AAnd authenticating a security parameter k_sIs sent to LEO_BThe switching authentication module of (1); TE_AAnd LEO_BAfter receiving the message, the switching authentication module stores the related parameters locally;

6.2 TE_Athe switching authentication module generates a terminal rapid authentication message TF_AThe method comprises the following steps:

6.2.1 TE_Aswitch authentication module of

Randomly selecting an integer as a terminal switching authentication parameter k_t2，

Computing terminal switching authentication message plaintext m_t2，m_t2＝k_t2P；

6.2.2 TE_AThe switching authentication module generates a terminal rapid authentication message TF_A，TF_A＝ID_A||m_t2||tt_A′||H₁(k_s||m_t2)，TF_ABy ID_A、m_t2、tt_A′、H₁(k_s||m_t2) 01 binary sequence code tt formed by splicing four 01 binary sequence codes in sequence_AIs' is TF_ATime stamp of (2) indicating TE_AThe current time; h₁(k_s||m_t2) Means that k is_s,m_t2Spliced 01 binary sequence code as Hash function H₁Is input, is operated on to obtain a 01 binary sequence, and is output to the TF_AIs sent to LEO_BThe switching authentication module of (1);

6.3 LEO_Bis switched to TE_AThe method for authenticating and calculating the session key comprises the following steps:

6.3.1 LEO_Bfrom TE to the handover authentication module_AThe handover authentication module of (1) receives the TF_AAfter that, TF is checked_ATime stamp tt on_A' and LEO_BIs at a fourth time threshold T₄If tt is less than or equal to T₄Turning to step 6.3.2; if tt>T₄Then LEO_BIdentify TE_AIs illegal, refused to be TE_AProviding service, and turning to step 6.2;

6.3.2 LEO_Baccording to TF_AIdentity ID of_ARetrieving authentication security parameter k corresponding thereto_sAnd use k_sAnd m_t2Computing satellite handover hash authentication values

If it is not

And slave message TF_ALifting the extracted H₁(k_s||m_t2) If the values are equal, the authentication is passed, and the step 6.3.3 is carried out; otherwise LEO_BIdentify TE_AIs illegal, refused to be TE_AProviding service, and turning to step 6.2;

6.3.3 LEO_Bswitching authentication module generates satellite fast authentication message LF_BAnd calculates a session key

The method comprises the following steps:

6.3.3.1 LEO_Bswitch authentication module of

Randomly selecting an integer as a satellite switching authentication parameter k_l2，

And calculating the plaintext m of the satellite switching authentication message_l2，m_l2＝k_l2P；

6.3.3.2 LEO_BSwitching authentication module generates satellite fast authentication message LF_B,LF_B＝m_l2||tt_LEO′||H₁(k_s||m_l2)，LF_BIs formed by m_l2、tt_LEO′、H₁(k_s||m_l2) A 01 binary sequence code tt formed by sequentially splicing three 01 binary sequence codes_LEOIs LF_BTime stamp of (3), representing LEO_BThe current time; h₁(k_s||m_l2) Means that k is_s,m_l2Spliced 01 binary sequence code as Hash function H₁Is input, is operated on to obtain a 01 binary sequence, and is outputF_BIs sent to TE_AThe switching authentication module of (1);

6.3.3.3 LEO_Bthe switching authentication module calculates the session key

The meaning of the formula is tt_A,tt_LEO′,k_l2×m_t2,k_sSplicing four 01 binary sequence codes in sequence to form a 01 binary sequence code, and taking the 01 binary sequence code as a hash function H₁The input of (1); at the LEO_BAnd TE_AAfter the handover authentication is finished, the LEO_BAnd TE_ASecure communications using a symmetric encryption algorithm in which the session key is used

6.4 TE_ATo LEO_BThe method for authenticating and calculating the session key comprises the following steps:

6.4.1 TE_Aswitch authentication module slave LEO_BReceiving LF by the switching authentication module_BChecking LF_BTime stamp tt on_LEO' with TE_AIs at a fifth time threshold T₅If ttt is less than or equal to T₅Turning to step 6.4.2; if ttt>T₅Then TE_AIdentify LEO_BIs illegal, TE_ARefusing to access the space-based network, and turning to the step 6.3.3;

6.4.2 TE_Aaccording to the authentication security parameter k stored locally_sAnd message LF_BM of (a)_l2Calculating the Hash authentication value h of the ground terminal_A′＝H₁(k_s||m_l2) If h is calculated_AAND message LF_BExtracted H₁(k_s||m_l2) If the values are equal, the authentication is passedTurning to step 6.4.3; otherwise TE_AIdentify LEO_BIs illegal, TE_ADenying access to space-based network, stopping with LEO_BStep 6.3.3;

6.4.3 TE_Acomputing a session key K_A＝H₁(tt_A||tt_LEO′||k_t2×m_l2||k_s) (ii) a At the LEO_BAnd TE_AAfter the handover authentication is finished, the LEO_BAnd TE_ASecure communication using a symmetric encryption algorithm, K_AIs the session key used in the symmetric encryption algorithm;

and step seven, finishing.

2. The identity-based authentication method for the space-based network according to claim 1, wherein in the first step, in the secure environment, the two communicating parties establish the secure session connection by using a secure socket protocol.

3. The identity-based authentication method for space-based network as claimed in claim 1, wherein 3.2 steps of said private key calculation module calculation and ID_ACorresponding private key sk_AThe computing method adopts a private key generation algorithm in an identity-based signature scheme with a message recovery function, and comprises the following specific steps:

3.2.1 private Key computation Module from

Randomly selecting any number from the middle random selection list as a ground terminal registration random number, and recording the random number as r_A，

3.2.2 private Key computation Module compute private Key sk_A，sk_A＝(R_A,v_A)，R_A＝r_AP,v_A＝r_A+c_Ax mod p, where c_A＝H₁(ID_A,R_A)，R_AIs a ground terminalFront part of end private key, c_AIs a ground terminal private key hash intermediate value, v_AIs the back of the ground terminal private key, and x is the master key.

4. The identity-based authentication method oriented to space-based network as claimed in claim 1, wherein 3.6 steps of said private key calculation module calculation and

corresponding private key

The method adopts a private key generation algorithm in an identity-based signature scheme with a message recovery function, and comprises the following specific steps:

3.6.1 private Key computation Module from

Randomly selecting any number as satellite registration random number, and recording as

3.6.2 private Key computation Module computation

Corresponding private key

Wherein

Is the front part of the satellite private key,

is the hash intermediate value of the satellite private key,

behind the satellite private key.

5. The identity-based authentication method for space-based networks according to claim 1, wherein the first time threshold T is₁According to the system requirement setting, when the system is required to consume less communication resources and the broadcasting period is long T₁Set to 200 seconds; when the system is required to operate efficiently and the broadcast period is short, T is set₁Set to 50 seconds.

6. The identity-based authentication method for space-based networks according to claim 1, wherein the second time threshold T is₂A third time threshold T₃A fourth time threshold T₄And a fifth time threshold T₅Are all set according to the actual condition of the system and require T₂Not greater than the time, T, of transmission of the message from the satellite to the ground terminal₃Not greater than the time, T, of transmission of the message from the ground terminal to the satellite₄And T₅No greater than the time of transmission of the message from the ground terminal to the satellite.

7. The identity-based authentication method for space-based networks according to claim 6, wherein the second time threshold T is₂A third time threshold T₃A fourth time threshold T₄And a fifth time threshold T₅Set to 1 second to 10 seconds.

8. A process as claimed in claim 1An identity-based authentication method facing to space-based network, characterized in that step 4.2.5.2 TE_AThe authentication calculation module generates a pair of plaintext m_ASigned encrypted message sigma (m)_A) The method comprises the following steps:

4.2.5.2.1 TE_Aauthentication computing module of

Randomly selecting an integer as a ground terminal signature random number t_A，

4.2.5.2.2 TE_AM is calculated by the authentication calculation module_ADivided into two parts m_A1And m_A2Wherein m is_A2Has a sequence code length of k₂I.e. m_A2Has a number of bits of k₂；

4.2.5.2.3 TE_AThe authentication calculation module calculates m 'as a medium quantity of the verification message signature of the ground terminal'_A，

Calculating elliptic curve component y of ground terminal signature message_A,

(t_AP)_XRepresenting a point t on the elliptic curve E_ACoordinates on the X-axis of P; calculating the hash intermediate value h of the ground terminal signature message_A,h_A＝H₂(ID_A,R_A,y_A)，h_A＝H₂(ID_A,R_A,y_A) Indicates the ID_A,R_A,y_AConcatenating into a binary sequence, and then using the binary sequence as function H₂Computing the hash value, R, of the binary sequence_AIs the front part of the private key of the ground terminal; calculating ground terminal signature message tail element z_A，z_A＝t_A+h_Av_Amod p，v_AIs the back part of the private key of the ground terminal;

4.2.5.2.4 mixing m_A1,R_A,y_A,z_AGenerating a plaintext m_ASigned encrypted message sigma (m)_A)，σ(m_A) Is m_A1,R_A,y_A,z_AConstituent quadruples, σ (m)_A)＝(m_A1,R_A,y_A,z_A) (ii) a Wherein m is_A1,R_A,y_A,z_AAre all 01 binary sequence codes, σ (m)_A) Is according to m_A1,R_A,y_A,z_ASequentially arranged 01 binary sequence codes.

9. The space-based network-oriented identity-based authentication method of claim 1, wherein the LEO in step 4.4.2_AVerification module pair T_Aσ (m) of (1)_A) The verification method comprises the following steps:

4.4.2.1 LEO_Athe verification module calculates the hash intermediate value h of the ground terminal signature message in turn_A＝H₂(ID_A||R_A||y_A) The intermediate value c of the private key hash of the ground terminal_A＝H₁(ID_A||R_A) Ground terminal verifying message signature intermediate quantity

And the ground terminal verifies the back part of the message plaintext

Is m'_ARightmost k of₂A binary sequence code of bit 01 is set,

is m'_ALeftmost k₁Bit 01 binary sequence code;

4.4.2.2 if

The verification passes, otherwise the verification fails.

Images