| The space-ground integration network is a large-scale network system based on the ground network and integrated with the aerospace network.It plays an important role in the military field and has important strategic significance because of its strong ground network capability and wide coverage of the aerospace network.As a key component of the space-ground integration network,the aerospace network must be provided with a corresponding security guarantee mechanism to maintain the normal operation because of its characteristics such as satellite node exposure,strong dynamics,intermittent link connectivity,and limited on-board computing and storage resources.However,the security strategy applied to the traditional ground network cannot be fully applicable to the aerospace network in the dynamic scenario,which poses a challenge to the security of the space-ground integration network.Especially for the problem of frequent handover of access user nodes caused by high-speed movement of satellite nodes.In order to ensure the service continuity of the user node during the handover process and avoid repeated authentication,it is necessary to study an efficient secure handover mechanism.Based on the analysis of the classification,process,security handover strategy and security handover protocol of the space-ground integration network,this thesis conducts indepth research on security handover management architecture,handover decision mechanism and security handover protocol.The main work includes:1.This thesis analyzes the current research situation of the security handover of the spaceground integration network,and points out the challenges faced by the current security handover strategies and security handover protocols.On this basis,according to the security handover process,this thesis expounds the problems that need to be solved urgently in the security handover of the space-ground integration network from three aspects: the security handover architecture,the handover decision-making mechanism and the security handover protocol.2.In order to solve the problem of difficult and inefficient security handover management in the space-ground integration network,a security handover management architecture based on software defined space-ground integration network is proposed.The architecture combines the software defined network with the security handover process,divides the architecture into three layers: application layer,control layer and data layer,and expounds the functions of the functional modules of each layer around the security handover resource management,security handover policy management and security handover authentication management in the security handover process.At the same time,in order to clarify the rationality and feasibility of the architecture,a GEO/LEO two-layer orbital constellation is designed to facilitate the deployment of the architecture,and the control layer and data layer are optimized.Then,based on the architecture,the security handover process of the space-ground integration network is described.In this way,the security handover strategy and protocol can be customized and the security handover process can be controlled,so as to provide effective architecture support for efficient security handover.3.In order to meet the requirements of efficient and security handover for various user nodes in different scenarios,a handover decision mechanism based on multi-attribute weight optimization is proposed.From the perspective of satellite node’s service capability,considering the relative position of satellite node and user node,the received signal strength is predicted by predicting the user node’s trajectory,and the candidate satellites are identified accordingly.Then,make full use of the historical data information of each network node,adopt subjective and objective weight comprehensive optimization method and adaptive weight adjustment method to evaluate the candidate handover target satellite,and decide the best handover target satellite to ensure efficient and security handover.4.In order to meet the best network requirements for safe handover of user nodes in different business periods and improve the network service quality in the process of security handover,a handover decision mechanism based on users’ dynamic preferences is proposed.From the perspective of the actual network needs of user nodes,the candidate handover satellites are selected by constructing a user dynamic preference model,and then the optimal handover target satellite is selected by using the attribute classification matrix and single objective decision-making method to achieve efficient and secure handover while ensuring the network quality of service.5.In order to meet the requirements of efficient security handover of different user nodes in diverse scenarios and improve the security and adaptation of the protocol,a satellite ground cooperative security handover protocol based on event synchronization is proposed.On the basis of the architecture proposed in this thesis,from the perspective of the overall process of security handover,the related protocol processes of user registration,initial access and intersatellite handover are described.The Token synchronization based on handover events is used to remove the high dependence on time synchronization,and the handover authentication vector group is generated in advance to guide the orderly transmission of security context,so as to the protocol can be applied to multiple scenarios and different user nodes for efficient and security handover. |
