| 引用本文: |
-
张艳硕,周幸妤,孔佳音,杨亚涛,徐津.星地链路场景下双阶段匿名跨域认证方案[J].信息安全学报,已采用 [点击复制]
- Zhang Yanshuo,Zhou Xingyu,Kong Jiaying,Yang Yatao,Xu Jin.A Two-stage Anonymous Cross-domain Authentication Scheme for Star-ground Links[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 为解决卫星网络中星地链路频繁切换所导致的用户身份认证效率低下以及可能出现的身份泄露、中间人攻击等安全隐患,本文提出了一种双阶段匿名跨域认证方案。在跨域认证阶段,用户通过变色龙签名技术进行匿名认证。该签名方案能够在保证身份隐私的前提下,实现用户与卫星网络的快速且安全的身份认证,有效规避了因链路切换导致的认证中断问题。此外,线性加密公钥保证了数据交换过程中的安全性和有效性。在凭证认证阶段,利用匿名凭证的多属性聚合功能,进一步满足用户对多样化服务需求的要求。通过该功能,用户能够在不泄露敏感信息的情况下获得请求的数据或服务,实现数据访问的高效与安全。该阶段认证不仅保证了用户身份的隐私性,还提高了用户请求处理的效率,减少了因重复认证导致的资源浪费。通过安全性与性能分析,本文提出的双阶段认证体系具有明显的优势。一方面,相较于传统的单阶段认证,在不同通信状态下双阶段认证方案能够显著减少了认证过程中的重复计算和资源占用,从而提升了整体的系统性能。另一方面,方案能够有效满足卫星网络中双向认证的需求,并防止身份泄露、中间人攻击等常见安全威胁。性能测试结果表明,与现有方案相比,本文方案在保证安全性的基础上,能够显著降低计算和通信开销,具有更好的综合性能。 |
| 关键词: 星地链路 匿名凭证 身份认证 区块链 |
| DOI: |
| 投稿时间:2024-12-28修订日期:2025-02-21 |
| 基金项目:中央高校基本科研业务费资金资助项目;北京市自然科学基金 |
|
| A Two-stage Anonymous Cross-domain Authentication Scheme for Star-ground Links |
|
Zhang Yanshuo, Zhou Xingyu, Kong Jiaying, Yang Yatao, Xu Jin
|
| (Beijing Electronic Science and Technology Institute) |
| Abstract: |
| In order to solve the inefficiency of user authentication caused by frequent switching of star-ground links in satellite networks as well as possible security risks such as identity leakage and man-in-the-middle attacks, this paper proposes a two-stage anonymous cross-domain authentication scheme. In the cross-domain authentication phase, the user is anonymously authenticated by chameleon signature technology. The signature scheme can realize fast and secure authentication between the user and the satellite network under the premise of guaranteeing identity privacy, and effectively circumvents the authentication interruption problem caused by link switching. In addition, the linear encryption public key ensures the security and validity of the data exchange process. In the credential authentication stage, the multi-attribute aggregation function of anonymous credentials is utilized to further satisfy the user's requirements for diversified service needs. Through this function, users are able to obtain the requested data or services without disclosing sensitive information, realizing efficient and secure data access. This stage of authentication not only ensures the privacy of user identity, but also improves the efficiency of user request processing and reduces the waste of resources due to repeated authentication. Through the security and performance analysis, the two-stage authentication system proposed in this paper has obvious advantages. On the one hand, compared with the traditional single-stage authentication, the two-stage authentication scheme in different communication states can significantly reduce the duplicate computation and resource occupation in the authentication process, thus improving the overall system performance. On the other hand, the scheme can effectively meet the demand for two-way authentication in satellite networks and prevent common security threats such as identity leakage and man-in-the-middle attacks. The performance test results show that compared with the existing schemes, this paper's scheme can significantly reduce the computation and communication overhead on the basis of ensuring security, and has better overall performance. |
| Key words: star-ground link anonymous credentials authentication blockchain |
