Research On Secure Access Technology For Construction Phase Of Satellite Networks

With the continuous extension of social,travel,trade and other activities,people are increasingly demanding wide-area communications.Due to the influence of geographical environment and other factors,it is extremely expensive to deploy cellular networks in remote areas to achieve large-scale signal coverage.At the same time,traditional communication networks cannot provide stable communication services when emergencies such as natural disasters occur.Satellite network has the advantages of all-weather work and global coverage.It can be used as a supplement to traditional communication systems,providing support for stable communication in national aerospace,ocean voyage,border surveillance and other scenarios,and meeting the requirements of instant messaging in personal field travel,cross-border communication and other processes.It has become a new trend to set up communication network by satellite,and then provide all-day,all-weather and global seamless coverage of network services.However,due to the open satellite channel,large transmission delay and simple on-board equipment,the security of satellite network access is facing severe challenges.Specifically,firstly,due to the opening of satellite channels,data security cannot be guaranteed in the authentication process,and there is a risk of leakage of privacy information such as user's identity and location;secondly,the high-speed movement of LEO satellites causes the continuous change of network structure;in order to use network services constantly,terminals need to switch frequently between satellites;thirdly,due to the large delay between satellite communication and satellite communication,complex authentication processes can lead to increased authentication time and reduced user experience;fourthly,the number of satellite network users is huge and the on-board device performance is limited,which makes it difficult to deal with a large number of concurrent user access requests.fifthly,since the satellite network does not have corresponding registration information,when the registered users of traditional operators and other operators roam into satellite network,the anonymity of the users is difficult to guarantee.To solve the above problems,this thesis designs a set of security authentication scheme for satellite network,which realizes the security access of satellite network for various types of terminals and efficient user switching between satellites.Specifically,this thesis mainly does the following aspects.(1)For the security access problem of satellite user terminals,this thesis designs a secure and efficient access authentication protocol based on EPS-AKA authentication framework.The protocol uses the shared secret between the terminal and the home domain to symmetrically encrypt the user identity,which makes the access domain unable to know the real identity of the user,and avoids the Do S attack on the network after the attacker illegally acquires the real identity of the user.Meanwhile,by introducing a one-time temporary identity TID,cross-domain authentication with user anonymity is realized.(2)To solve the problem of frequent inter-satellite handover of user terminals,based on the above-mentioned access authentication protocols,this thesis uses the predictability of LEO satellite trajectory,and combines the terminal balance,location and speed attributes to dynamically generate authentication vectors from the home domain in advance.At the same time,based on satellite signal strength,signal duration and load,we can get the priority of the user accessing the satellite.And through the pre-distribution of the authentication vector,the interaction between the satellite network and the home domain and the satellites involved in the handover is eliminated,and coarse-grained billing,authentication,and seamless handover between satellites are realized.(3)Formal proof and security analysis of the proposed protocol are carried out using SVO logic.It proves that the protocol can achieve the design goal of mutual authentication,as well as security features such as anti-replay attack,anti-man-in-the-middle attack,anticamouflage attack and user anonymity.By comparing with similar protocols,the advantages of this protocol in terms of communication overhead and computational complexity are demonstrated.(4)According to the proposed authentication protocol,this thesis designs and implements a security authentication system for satellite networks.The overall framework of the system,the specific structure of each part and the system implementation process are introduced in detail,and the functions and performance tests of the system are carried out in a specific development environment.The test results show that the system is safe and efficient,and has low computing and communication costs,which is suitable for resource-constrained satellite networks.