Research On Public Key Security In Space Information Networks

With the rapid growth of communication technology and the increasing userdemand, many new types of network have been emerging, in which space informationnetworks has become a research hotspot in recent years. The space informationnetworks, as a heterogeneous type of network system, which take satellite network asthe backbone network, include various types of space equipment, aerospace equipmentand associated ground equipment. The nodes in the space information networks arevulnerable to various types of attacks because of the open space communication, sothere is a need to establish suitable security mechanisms to ensure the communicationsafety in space information networks.As there is no proven public key security architecture in space informationnetworks currently, this paper focus on the most important public key securitytechnology such as the management system of public key certificate, organization ofcertificate authority, certificate revocation mechanism and access control mechanism.The main contributions of this thesis are as follows:Firstly, the architecture of the space information networks is considered. Accordingto the features of different nodes in it, we propose a layered architecture for spaceinformation networks in which the satellite network performs main tasks of dataprocessing and communication and other equipments in space and the users on theground have been taken as the access nodes.Secondly, the public key security architecture based on certificate is given. Wepropose a hierarchical hybrid certificate management solution in accordance with thelayered architecture of space information networks. In this solution, the core satellitelayer uses distributed CA model in order to improve the security of the core network,but the access node layer uses centralized CA model so as to achieve reliable andefficient access. The solution which divides the security of the space informationnetworks into different levels, effectively improves the network survivability.Furthermore, the solution has a good scalability because it will include more accessnodes conveniently with the expansion of network size.Thirdly, a more secure distributed CA model is proposed. We propose an adaptivedistributed CA model in order to avoid security risks in the existing distributed CAmodel. In our model, the nodes which keep shares of CA private key are no longer beselected statically as in traditional model, but selected dynamically by all the nodes inthe networks. We introduce the credit value which changes with effective accusations for the nodes in networks, and the credit values of share-keepers are always the top n.The model can effectively prevent an attacker from obtaining a certificate managementauthority, and can improve the security of the entire network when used in the coresatellite layer of the space information networks.Fourthly, distributed certificate revocation mechanisms are studied. An efficientdistributed certificate revocation mechanism based on node monitoring and charges inadaptive distributed CA model is proposed. Share of revocation is labeled in every nodewhich identify whether the node’s certificate is revoked. This mechanism whichrequires less data communication between nodes effectively reduces the traffic load, soit is more suitable for space information network. Theoretical analysis and simulationexperiments indicate that the mechanism presented in this paper are more in line withreal-time requirements and can resist the collusion attacks between malicious nodes, ahigher security.Fifthly, the access control mechanisms in space information networks areconsidered. The access control mechanisms based on user’s attributes are constructed intwo different service scenarios. In our schemes, satellite node encrypts data with theattributes encryption keys and sends the cipher to user, while the user decrypts thecipher text with the attributes decryption keys according to the principle of threshold.These schemes can achieve fine-grained access control and reach a minimum number ofinformation exchanges between satellite node and user. Furthermore, the satellite nodebears a smaller burden of computation and the user can easily achieve anonymity fornetwork data access.