Research On Key Security Technologies In Space Networks

Integrated space-ground network system, or space network for short, is composed of multiplicate satellites and near space aircrafts which are deployed in different orbits for various tasks and connected together with the corresponding user terminals and infrastructures, and is also interconnected with traditional terrestrial wired and wireless networks. Space network can realize fast and intelligent information acquisition, transfer, processing, distribution and application, and will become a basic technology foundation for future information warfare, and is a primary and huge impetus to the modernization of national defense. However, space network and its security face new and significant challenges originating from the complexity, heterogeneous, ubiquitous, and other characteristics of the network. It is a fundamental problem and a focus in the research fields to design security solutions that meet the needs and features of space network applications.The thesis focuses on several key security technologies of space networks. The major work and contributions can be summarized as following:(1) After analyzing the demand for space network architecture of future military applications, the state-of-the-art and tendency of space integrated information network is studied. A space backbone network model that consists of satellites, near space platforms, terrestrial fix and mobile networks is presented, and the topology and the protocol stack are also discussed. The paper then fully analyzes the security threat and necessity of space network, and designs security architecture framework to safeguard the security. The security protocol series are summarized, and the implementation principles and methods of major security mechanisms are demonstrated according to the security services that each protocol layer can provide.(2) According to the characteristic and security requirement of routing in satellite network and near space network, the deficiencies and shortcomings of the existing typical security mechanisms are analyzed. A secure multipath on-demand routing protocol for LEO satellite network is presented, and a mechanism called delayed verification with adaptive probability is designed for decreasing route discovery time. Simulation experiments show that the proposed protocol can guarantee steady packet delivery ratio and reliability. On the basis of the idea of cross-layer design, a secure routing protocol for near space network is also proposed. The protocol makes routing decisions by synthetically considering network delay, available bandwidth, frame delivery ratio and security metric. The high efficiency of the final route is verified by the results of performance emulation.(3) The features and design criterions of mobility management, handoff, and secure handoff in space network are summarized. A secure access and communication scheme is designed, and its security and speedability is verified by security and performance analysis. According to the topology of space network, a fast handoff scheme based on pre-authentication is presented. Secure vertical handoff schemes are also proposed on the basis of satellite and near space network model. The results of performace emulation shows that the scheme can ensure the security of handoff signaling, also reduce the handoff delay resulted from security mechanisms, and keep stable network throughput.(4) On the basis of security protocol framework and tunnel mechanism in the netwok layer and transport layer of space networks, a series of TLS handshake protocols are presented that applies identity-based cryptography. The protocols overcome the disadvantages of the certificate-based transport layer security protocols. Experiment results show that the schemes have commensurate cryptographic computation overheads comparing with traditional schemes, but achieve less communication traffic and shorter handshake latency, thus enhance run-time efficiency. A secure information transport system is designed and implemented. The system successfully runs in the testbed environment, as verifies that its functionality and performance can meet the requirement of space network applications.(5) The cryptography for space network are summarized, and also the detailed schemes for asymmetric and symmetric key management are presented, which can implement the whole life cycle management of different keys for varied purposes. According to the features and security problems of space network multicast, the design and security requisite of group key management scheme are analyzed. On the basis of the logical key tree, a novel hierarchical and centralized group key management scheme is proposed using the identity-based multi-receiver signcryption mechanism. The key distribution and refreshment processes are also designed. Security analysis shows that the scheme can not only fulfill the basic security requirements, but also guarantee the forward/backward security. Performance analysis shows that although the scheme has more computation overhead, it reduces the communication traffic for key refreshment.