Research On Trusted Identity Authentication Mechanism In Space-Earth Integrated Network

The Space-Earth Integrated Network(SEIN)takes the space-based network as the backbone and the ground-based network as the basis.It also extends to the air-based network,the sea-based network,and the deep-space network,which realizes seamless coverage and information exchange in open space.SEIN is widely used in communication,navigation,remote sensing and other fields.It has important civil,commercial and military value.Through satellites in different orbits,constellations and ground facilities,SEIN realizes wireless convergence of heterogeneous networks,and has the advantage of continuous mobile communication.Meanwhile,the topology of SEIN is dynamically changeable,and the wireless link exposed to open space is liable to be disturbed.There exist a series of identity security issues,such as counterfeiting,deception,and tracking,etc.A trusted identity authentication mechanism is urgently needed in SEIN,which guarantees the two-way authentication of trusted identity between any two network access entities.This research takes the trusted identity of network access entity and lightweight identity-based cryptography as the breakthrough point and deeply studies peer-to-peer authentication and cross-domain authentication.On the premise of ensuring the security of authentication,the proposed mechanism aims to reduce the overhead of computation and communication.Trusted identity authentication is the first gateway to securely access network resources,and it is the cornerstone of ensuring network security and service credibility from the source.The main work of this dissertation is summarized in four aspects:Firstly,aiming at the problems of wireless links being hij acked,tracked,counterfeited and deceived in SEIN,a reliable identity anonymity authentication mechanism against tracing is designed,which realizes identity anonymity,forward secrecy,mutual authentication,and secure link negotiation.The identity is redesigned and extended to the trusted identity of the network access entity.The Trusted Identity Authority(TIA)is constructed,which is responsible for the lifecycle management of identity.As a trust third party,TIA guarantees the trustworthiness of trusted identity.A private chain-based trusted identity construction and storage method is proposed.The unique trusted identity is constructed by the hash function and the previous block of the private chain,which is tamper-proof and easy to prove.Without maintaining the giant identity mapping relational,the storage is lightweight and the query is efficient.The descent status of trusted identity and corresponding transition method are proposed,which guarantee one-to-one correspondence between identity and status,and ensure the safety of the whole life cycle.Using trusted identity as the public key,the secret key based on trusted identity is designed.To further reduce the time consumption of cryptographic operations,the key security module is designed,which contains parallel execution of redundant calculators,realizes private key escrow,host checking,and so on.Secondly,satellite-to-ground communication and inter-satellite communication must be adapted to secure cryptographic algorithms,otherwise,messages are easily tampered with.Aiming at this problem,a lightweight identity-based cryptographic algorithm is proposed,which is suitable for limited communication resources.The proposed algorithm guarantees the confidentiality and credibility of authentication message,reduce space and time overhead.By using trusted identity directly as the public key,the lightweight identity-based cryptographic algorithm realizes private key generation,offline/online encryption and decryption,offline/online signature and verification,offline/online signcryption and unsigncryption.In the offline stage,the complex cryptographic computation is pre-computed,so the online stage only executes light computation.Under the k-BCAA2 assumption,the proposed algorithm realizes the IND-flD-CCA2 secure and the EUF-fID-CMA unforgeability.Compared with similar methods,the proposed method improves the speed in both offline and online phase,reduces the storage and resource overhead.Thirdly,the wireless channel is susceptible to interference in the open environment,which can not guarantee the complete execution of authentication schemes using multi-round interactive.Aiming at this problem,a peer-to-peer authentication method based on non-interactive identity trust verification is proposed,which enhances the identity credibility of participants in authentication,and reduces the communication delay.A bilinear-pairing-based non-interactive identity trust verification method is proposed.On the premise of not revealing the private key,which is corresponded to the trusted identity,the state of private key holding can be proved by the aforementioned method,and then proved the authenticity of the identity.In order to reduce the interaction traffic on the premise of ensuring security intensity,a non-interactive trust verification-based peer-to-peer authentication method is proposed.Authentication does not require a trusted third party,and the timestamp is used to assist message freshness screening.The proposed authentication method can resist replay,forgery,denial of service and other attacks.The authentication delay and communication overhead are better than other methods.Fourthly,pointing at the additional overhead of re-authentication caused by dynamic topology and domain switching in SEIN,an identity trust transfer-based dynamic cross-domain authentication method is proposed.The proposed method improves the interoperability and interoperability of authentication,reduces the frequent authentication process.A multi-party trust model is proposed,through three-party identity trust transfer,a trust network can be constructed between entities in the domain.Based on identity trust transfer,the proposed method realizes cross-domain two-way authentication.To achieve fast cross-domain authentication,entities can dynamically switch between broadcasting-based identity trust transfer and active identity trust transfer,which simplifies the frequent re-authentication process.Experiments show that the proposed method effectively reduces the communication overhead,and has a better overall delay than similar methods.