| 引用本文: |
-
赖仁炜,王小峰,邢倩倩.一种基于身份的卫星互联网区域自组织认证接入机制[J].信息安全学报,已采用 [点击复制]
- LAIRENWEI,Wang Xiaofeng,Xing Qianqian.An Identity-Based Authentication and Access Mechanism for Regional Self-Organizing Satellite Internet[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 传统卫星互联网主要采用集中认证体制,难以抵御认证链路阻塞攻击且存在预置对称密钥无法支持动态自组织组网、认证链路长交互次数多的问题。对此,本文提出一种卫星互联网区域自组织认证与密钥协商接入机制,通过用户与区域认证核心网的自组织构建和匿名认证,实现用户和区域核心网的匿名双向认证,避免单认证通道的单点故障弊端以及对预置可信公钥的依赖;提出基于身份标识的区域认证密钥协商技术,通过one-pass标识可认证密钥协商实现端到端认证密钥自组织构建,避免对预置对称认证密钥的依赖;设计轻量级区域认证与密钥协商iAKA协议,保证双向认证安全性,减少星间认证交互次数。理论分析表明,iAKA协议支持终端和区域网络的双向认证、用户匿名以及抗重放攻击等安全属性。实验表明,iAKA协议有效减少了预置密钥数量和交互次数,认证带宽开销下降21.1%。 |
| 关键词: 卫星互联网 区域自组织认证 密钥协商 iAKA协议 |
| DOI: |
| 投稿时间:2025-06-26修订日期:2026-01-09 |
| 基金项目: |
|
| An Identity-Based Authentication and Access Mechanism for Regional Self-Organizing Satellite Internet |
|
LAIRENWEI, Wang Xiaofeng, Xing Qianqian
|
| (National University of Defense Technology) |
| Abstract: |
| Traditional satellite internet predominantly relies on a centralized authentication architecture, which is susceptible to authentication link blocking attacks and presents other limitations. These include the inability of pre-shared symmetric keys to support dynamic self-organizing network formation, elongated authentication paths, and excessive interaction rounds. To address these challenges, this paper proposes a regional self-organizing authentication and key agreement access mechanism for satellite internet. By enabling self-organized establishment and anonymous authentication between users and the regional authentication core network, it achieves mutual anonymous authentication between users and the regional core. This approach mitigates the single point of failure inherent in a singular authentication channel and eliminates dependence on pre-distributed trusted public keys. Furthermore, an identity-based regional authenticated key agreement technique is introduced. It facilitates end-to-end authenticated key establishment through a one-pass identity-based authenticated key agreement process, thereby removing the reliance on pre-shared symmetric authentication keys. A lightweight regional authentication and key agreement protocol, named iAKA, is designed to ensure mutual authentication security while reducing the number of inter-satellite authentication interactions. Theoretical analysis demonstrates that the iAKA protocol provides security properties including mutual authentication between terminals and the regional network, user anonymity, and resistance to replay attacks. Experimental results indicate that the iAKA protocol effectively reduces the quantity of pre-shared keys and the number of interactions, leading to a 21.1% decrease in authentication bandwidth overhead. |
| Key words: Satellite Internet Regional Self-Organizing Authentication Key Agreement iAKA Protocol |
