Study On Key Technology Of The Security Enhancement In Software Defined Satellite Networks

Software defined satellite networks can support network service customization and application innovation by supporting the decoupling of data and control plane through the design of an open and standard data plane interface,which can achieve the centralized logic of network posture and control.In recent years,it has received much attention from countries all over the world,scholars at home and abroad have carried out a great deal of research on the protocols and handling mechanisms.However,the security of software defined satellite networks has not been given much attention and the security threats it faces have become increasingly prominent.Based on the security enhancement of software defined satellite networks,this paper analyzes in depth the main security threats facing software defined satellite networks and the main security methods in existing satellite networks,and focuses on the security issues of user interface and southbound interface research,the main work includes:First of all,aiming at the problem of fast and secure user interface handover in software defined satellite networks,an IDFast fast identity-based secure handover strategy is proposed.This strategy cleverly utilizes the topological time-varying characteristics of software defined satellite networks and designs an identity-based signcryption mechanism that supports efficient handover.It makes full use of an integrated network of inter-satellite links and satellite-ground links to achieve multi-user terminals and multi-switch multi-hop network real-time high efficiency authentication and session key agreement.Theoretical proof shows that IDFast has the correctness,confidentiality,integrity,publicly verifiable,non-repudiation and forward security.Experiments show that IDFast efficiency is 77.5% more efficient than the TLS protocol.Secondly,aiming at the security problem of southbound interface of software defined satellite networks,a secure communication method QKDFlow based on quantum key distribution is designed.QKDFlow fully exploits emerging satellite-ground quantum key distribution technology.By deploying the corresponding quantum key distribution system on the controller side and on-board switch side respectively,the OpenFlow control protocol data is encrypted using the security key generated by the quantum key distribution system,ensuring unconditional security of control path data transmission.In order to make up for the lack of computational simulation capability of existing quantum key distribution system,based on the physical components model of quantum key distribution system,a new quantum key distribution physical components simulation system SSPC was designed and evaluated.The evaluation shows that the simulation system is real high degree,can be effectively used in the satellite-ground free space and other scenarios under the key distribution simulation.The QKDFlow mechanism is implemented on Floodlight and OpenvSwitch platforms based on SSPC and quantum key distribution information processing platform CLIP.Experimental results show that QKDFlow mechanism can effectively provide software defined satellite networks security control based on information theory.Finally,the paper summarizes the contents of the full text and looks forward to the next step.