Research On Differentiated Terminal Access And Handover Authentication Mechanism For Space-ground Integrated Information Network

With the explosive growth of the number of communication users and the further extension of the service scope,it is necessary to build a Space-Integrated-Ground Information Network(SGIN)by integrating satellite network and ground communication network in order to ensure that users can enjoy safe and reliable access to communication services in remote areas such as deserts,oceans and deep space.The SGIN has become a national strategic infrastructure,and thus the security of the SGIN is related to national security.The third generation partnership project(3GPP)has taken satellite Non-Terrestrial Network(NTN)as one of the communication methods for fifth Generation Mobile Networks(5G)to provide the support for the future sixth Generation Mobile Networks(6G)communication.Access authentication,as the first line of defense of network system,plays a crucial role in protecting user security and privacy.Due to its highly variable dynamic topology,limited satellite resources,easy exposure of communication channels,too large satellite-ground delay,intermittent channel connectivity,etc,most of access authentication mechanisms for traditional ground networks are no longer suitable for satellite network scenarios.In particular,when a large number of Internet of Things(Io T)terminals deployed in areas without base station coverage want to access satellite networks at the same time,the traditional access authentication mechanisms may lead to serious signaling storms and other problems.In addition,on the SGIN scenarios,high-speed mobile terminal needs to hand over frequently between ground and satellite networks,such as users on board need to be constantly from the city,to the cave,remote areas,etc.There is no research on the handover security between satellite network and ground network.In order to handle the above problems,the contributions of this paper are described as follows.Firstly,this paper firstly investigates the existing 3GPP standard for non-terrestrial network access aspects,and designs a secure and efficient group access and handover authentication scheme with identity privacy protection for the scenario in which terminals with limited resources and no satellite communication function connect to the satellite network through a relay node with satellite communication function proposed by the standard.By the proposed scheme,a large number of terminals with limited resources form a group,and the relay node is selected to the group owner.The access authentication and handover request information of all group members are aggregated into one message and sent to the terrestrial 5G network,and thereby this scheme can achieve the authentication of a group of terminals at the same time at one time,and solve the problems of overloaded signaling overhead caused by massive terminal communication and excessive computational overhead of some nodes.Taking into account the flexibility of the group,the proposed scheme also designs a security group member update mechanism.The proposed scheme is simulated and evaluated by Burrows-Abadi-Needham(BAN)logic and formal verification tool Scyther.The results show that the proposed scheme can achieve the required security functions,and the performance analysis results show that the proposed scheme has good efficiency.Secondly,aiming at the security problem of frequent handover of high-speed mobile terminals between terrestrial networks and satellite networks,this paper first analyzes the different handover modes of terminals in mobile scenarios between heterogeneous networks.Then,based on the predictable characteristics of high-speed mobile terminals and satellite trajectories,we propose a fast handover authentication mechanism for highspeed mobile terminals between terrestrial networks and satellite networks.The proposed mechanism can reduce the number of information exchanges and the authentication delay in the communication process,and realize fast authentication and key negotiation of highspeed mobile terminals,and thus effectively maintain the credibility of the terminal during the handover process.The proposed scheme is simulated and verified by BAN logic proof method and formal verification tool Scyther.Finally,the performance of the scheme is analyzed by MATLAB.The analysis results show that the proposed scheme can achieve lower computational and communication costs while ensuring security.