ATIN-AKA:Access Authentication And Key Agreement Schemes For Air And Terrestrial Integrated Network

With the continuous deepening of human exploration of space,space resources have become the focus of development and research in various countries.The stratosphere is also receiving increasing attention due to its stable physical characteristic.As a typical application of the stratosphere,stratospheric airships have long-term stagnation time,wide coverage,and low cost.Therefore,they have broad application prospects in location navigation,environmental monitoring,and traffic management.The air and terrestrial integrated network is an integrated information system,which uses single or multiple stratospheric airships placed in the stratosphere space to provide wireless broadband point-to-multipoint service to ground high-speed rail users and sensor devices along the trackside,by using LTE communication technology.In the air and terrestrial integrated network,the data transmission among the network element nodes is highly contingent on the wireless channel.As a result,the transmission data is easily intercepted and tampered by the attacker,which poses a challenge to the integrity,availability and confidentiality of the data and directly threatens the system security.Additionally,compared with the traditional LTE user access authentication,the authentication data communication transmission delay in the integrated network is longer,the transmission data security level is higher,and the terminal device computing capability is more limited.It is critical to design a secure access authentication protocol which is lightweight,efficient,and suitable for application scenarios.In this paper,we study the system model of the integrated network combined with the LTE communication architecture.Partiality,we constructed the attack system model according to the attack model in the current LTE access authentication protocol and the non-secure transmission factor of the access port caused by the network architecture change.On the basis of those models,we proposed an access authentication scheme for the integrated network,including user initial access authentication and user handover authentication scheme,with the combination of the existing LTE access authentication protocol improvement scheme and the characteristics of this information system.The outline of the contributions of this paper can be summarized as follows:1)For the problem of user initial access authentication,this paper divides the user initial access authentication into two subsystems: core network access authentication and user access authentication,which is according to the device replacement and access authentication frequency and security requirements.The core network access authentication subsystem uses the trusted third-party key management mechanism to perform mutual authentication through the public key cryptography algorithm,and generates a secure communication link between the core network devices.In the user access authentication,the preset password is added to the user terminal,and the existing LTE user access authentication protocol is improved by using the SRP(Secure Remote Password)protocol to construct a two-factor authentication to complete mutual authentication and key negotiation between the user and the airship.2)For the problem of user handover authentication,this paper proposes a handover authentication scheme based on trajectory prediction,due to the characteristics of high-speed rail equipment with fixed operation lines.The scheme uses the handover ticket and message verification code technology to realize the handover under different scenarios of the highspeed rail equipment.The scheme avoids the participation of the source base station and the source mobility management entity in the handover process,which reduces the number of information interactions and the communication delay in the handover process,and improves the authentication efficiency.While ensuring system integrity and confidentiality,it is integrated with the integrated system to achieve fast handover authentication and key negotiation for ground high-speed rail3)Finally,this paper analyzes the security of the proposed scheme,and uses the formal analysis tool Pro Verif to verify the proposed scheme,which proves the security of the scheme in the process of authentication data transmission,and can resist the attack proposed in the system attack model.All those analyses prove our scheme meet the security requirements of the air and terrestrial integrated network.In addition,the paper analyzes the efficiency of the proposed scheme from the aspects of computational complexity and communication cost,and proves that we make the access authentication scheme more reasonable,by constructing different subsystems according to different security requirements.