【作者】 钟焰涛；

【导师】 马建峰；

【作者基本信息】 西安电子科技大学 ， 计算机系统结构， 2011， 博士

【摘要】 随着卫星通信技术的快速发展,由具有空间通信能力的卫星及其他航天器和地面站组成的空间信息网络逐渐成为网络技术研究的一个热点。各类安全协议是保证空间信息网中通信安全的基石,是空间信息网络通信系统的核心技术,安全协议的正确性和安全性对整个空间信息网的安全起着至关重要的作用。本文主要对空间信息网中的认证密钥交换协议、群组密钥交换协议、群组密钥管理方案、身份认证协议、基于身份加密的密钥分发和安全路由模型进行了研究,主要成果有:1.设计了一个适合在空间信息网中使用的基于身份的认证密钥交换协议,进一步证明了协议的ECK安全性,并通过比较分析说明了协议的安全性高、计算量较小。2.提出了两个群组密钥交换协议。在通用可组合模型下,提出了基于属性群组密钥交换理想函数,并构造了一个实现该理想函数的基于身份群组密钥交换协议,为空间信息网中基于属性的群组应用提供了安全群组通信功能。同时,根据空间信息网中卫星结点运行在特定轨道的特点,提出了一个安全的按照轨道分簇的群组密钥交换协议,仿真实验表明协议在空间信息网中具有较高的通信效率。3.提出了一个LEO/MEO双层空间信息网中基于身份的群组密钥管理方案。安全性分析和仿真实验表明,方案具有认证安全性、前向保密性、后向保密性以及高通信效率。4.为在空间信息网中使用Boneh-Boyen1基于身份加密,提出了一种针对Boneh-Boyen1基于身份加密体制的安全密钥分发方案,有效避免了密钥生成中心获取用户的私钥,并在标准模型中证明了密钥分发方案的安全性。5.提出了一个新的基于ID的身份认证协议。分析表明协议具有标准模型下抗仿冒攻击的安全性,并且和经典认证协议相比具有计算量小的优点,是一个切实可行的适用于空间信息网的基于ID身份认证协议。6.为了解决空间信息网中路由协议的安全性问题,针对空间信息网中卫星骨干网的特点,详细分析了卫星网络路由协议可能遭受的攻击,使用快照序列描述了卫星网络的动态拓扑模型,并在此基础上提出了卫星网络路由安全模型。更多还原

【Abstract】 With the rapid growth of satellite communications, space information networks which are composed of spacecrafts, including satellites, with the ability of space communication and ground stations have become an important issue. Various security protocols works as a kind of the kernel technology for the security of space information networks,thus their correctness and security are very crucial to space information networks. Correctness and security of these protocols play important roles in space information networks.The authenticated key exchange protocols, group key exchange protocols, group key management schemes, identification protocols, secure key issuing in identity based encryption, and security model for routing protocols are studied in this thesis.Firstly, an identity based authenticated key exchange protocol for space information network is proposed. The protocol takes the advantage of highly security and computation efficiency according to the analysis of security and efficiency.Secondly, two group key exchange protocols are given. The first one is proven to be universally composable secure by achives the ideal functionality of attribute-based group key exchange after the ideal functionality in universally composable framework is presented. This protocol helps attribute based applications in space information networks achieve secure group communication. The second one is characterized by dividing satellites in a space information network into clusters according to their orbits. Simulations show that this protocol has the advantage of high efficiency.Thirdly, based on the analysis of features of LEO/MEO double-layer space information network, a novel identity based group key management scheme is proposed in which all nodes in a space information network are divided into clusters and MEO satellites are cluster heads. Security analysis shows that the proposed scheme achieves forward security, backward security, and security against outside attackers. Simulations show that the proposed scheme takes advantage of high communication efficiency.Fourthly, a secure key issuing scheme for Boneh-Boyen1 identity based encryption is proposed for space information networks, in which multiple key privacy authorities are set in addition to the key generation center to protect the privacy of users’private keys. A rigorous security proof in standard model of our secure key issuing protocol is also given.Fifthly, an identity based identification protocol is proposed which uses ElGamal signature of a network node’s identity as the node’s private key. The node proves its identity through zero-knowledge proof of its private key. Security proof of the protocol and efficiency analysis is also given which indicates that our protocol is efficient in computation and communication. Thus the protocol is suitable for space information networks.Sixthly, based on the features of satellite backbone network in space information network, common types of vulnerabilities are analysed, and a new security model for routing protocols in satellite networks is presented.更多还原