| The continuous development of space technology makes more demands on space communications technology. At the same time, the Internet has a huge development in the global.Space network combines with the Internet, and sets up into space and earth integrated network has become a trend for the space network.However, the characteristics of the space data link itself and the interconnection of the Internet and space network also bring new security problems. In this paper, against new issues arising in the space network security, we make the following studies with space network security technology:Firstly, in the data link layer, Space network has to face security threats such as eavesdropping, unauthorized access and traffic analysis;but the AOS protocol does not have any security features.To solve this problem, in this paper, we will presents a scheme of encryption and authentication in the AOS stack.The scheme implement the encryption and authentication operation in different locations of the AOS protocol stack and can optionally provide encryption to the data, to minimize the encryption and authentication overhead at the premise of the protection of security.In addition, we shall propose a new satellite data link key exchange scheme basing on ECC, this scheme firstly ensure the security of the network, what’s more it can reduce the computational complexity to meet the needs of the low overhead of the space network system.Secondly, in order to solve the contradictions between the space network transport layer performance enhancement technology and the IPSec technology, researchers have proposed multi-layer IPSec.The implementation of the multi-layer IPSec needs a key exchange protocol to provide a tri-party or quadri-party key exchange support. Traditional IKE protocol is clearly unable to meet this demand.In this paper, we make two IP over CCSDS gateways as the key exahange intermediate nodes to propose the LSQ-IKE, which is a lightweight quadri-party key exchange protocol in space network. LSQ-IKE is a improvement protocol of IKEv2, and the difference between LSQ-IKE and IKEv2is that in LSQ-IKE it is more important to protect the identity of key agreement initiator side of the identity information than the protection of response. In LSQ-IKE, exchange messages transmiting in the spacenetwork is less than the other quadri-party key exchange protocol, which makes low computational complexity and transmition time.Finally,this paper achieve an IP over CCSDS gateway system with security features based on the Linux operating system.The system not only implement the basic communication services of the AOS protocol, but also add the transport layer performance enhancements feature to increase the transmission rate of TCP. At the same time,the system shall add encryption and authentication module to AOS protocol stack to ensure the data link layer transmition security and provide quadri-party key exchange support for multi-layer IPSec,so that transport layer performance enhancement module can effectively transmit IPSec data. |
PDF Full Text Request