【作者】 黄展；

【导师】 顾学迈；

【作者基本信息】 哈尔滨工业大学 ， 信息与通信工程， 2009， 博士

【摘要】 近年来,利用卫星接入互联网的宽带卫星网络已经成为卫星通信发展的主要方向,也是未来空天地一体化网络的重要组成部分。卫星通信与互联网的结合具有更强大的通信功能,提供更广泛的网络服务。设计与实现宽带卫星网络,对卫星系统与现有地面互联网基础设施结构之间的互操作性提出了一些新的技术挑战。其中,TCP/IP协议应用于宽带卫星网络的传输效率恶化问题得到了广泛深入的研究,已有多种增强TCP性能的有效方法。然而,在将与TCP/IP配套提供互联网安全服务的IPSec和认证密钥交换协议IKE移植到宽带卫星网络方面,存在与TCP性能增强技术不兼容等适用性问题。因此,分析宽带卫星网络的安全性问题并设计适用于宽带卫星网络的安全协议是重要的研究课题。在分析国内外文献的基础上,本文对宽带卫星网络安全协议进行了深入研究。这些研究工作丰富了宽带卫星网络的安全体系,对宽带卫星网络TCP性能增强技术的实施提供了安全保障,对未来空天地一体化网络安全理论的发展具有积极意义与参考价值。本文针对宽带卫星网络安全协议,主要研究了以下几个问题:第一,分析了TCP性能增强技术与IPSec网络层安全协议之间的矛盾,提出了一种可变区域IPSec方法CZ-IPSec。通过对动态映射分区的封装安全载荷、划分分区公用参数与私有参数的复合型安全关联以及处理流程的设计,使得CZ-IPSec兼容TCP性能增强技术,实现了宽带卫星网络安全性与TCP性能增强之间合理的折中。通过带宽开销分析以及处理时间开销测试得出,为CZ-IPSec支持TCP性能增强技术所付出的代价是收、发两端和TCP性能增强代理可接受的带宽、处理时间开销和经认证授权的TCP性能增强代理对TCP/IP报头、HTTP报头和链接目标地址内容的可访问操作权限。第二,针对IKEv2应用于宽带卫星网络存在的客户端身份暴露问题以及Cookie交换抵御拒绝服务攻击失效问题,提出了宽带卫星网络Internet两方认证密钥交换协议SIKE。SIKE能够为协议发起者提供主动身份保护。通过引入服务器端难度调节功能值与范围值,为SIKE设计了基于Hash单向函数可精细调节难度的客户端谜题解答交换方法。测试实验证明了此方法可精细调节难度的有效性。同时,给出了SIKE嵌入谜题解答交换的协议形式,分析证明其具有抵御拒绝服务攻击的能力。第三,对设计的SIKE的会话密钥安全性进行了可证明安全形式化分析。在总结已有文献的基础上,提出了适应SIKE密钥交换抽取算法的HMAC-DH基础假设。研究指出HMAC-DH假设弱于DDH假设,HMAC-DH假设成立只要求DH群包含一个足够大并支持DDH的子群,因而归约到HMAC-DH假设难题的安全协议相对DDH假设具有更强的安全性。证明得到SIKE会话密钥具有一致性,并得到协议攻击者对会话密钥与随机选择密钥无法区分。会话密钥一致性和会话密钥与随机选择密钥的不可区分性表明SIKE协议具有会话密钥安全属性。第四,设计宽带卫星网络支持CZ-IPSec可证明安全的三方认证密钥交换协议STIKE与四方认证密钥交换协议SQIKE。与现有文献研究不同,根据CZ-IPSec要求,协议设计具有三方、四方密钥交换融合两端参与成员的两方密钥交换的特殊性。因此,对于这种特殊认证密钥交换协议的可证明安全形式化设计分析具有开创性。为达到减少消息传输数量,尤其是卫星链路消息传输数量的目的,协议设计利用了TCP性能增强代理的消息窥探功能。STIKE与SQIKE的设计与形式化分析验证分别基于扩展CK模型和扩展BCP模型。证明得到STIKE与SQIKE满足会话密钥安全要求,并满足其它各项安全属性要求。本文对STIKE、SQIKE、IKEv2和SIKE协议的消息传输量与计算量进行了比较与讨论。更多还原

【Abstract】 In recent years, accessing to Internet via satellite, as an essential component of air-space-ground integrated information networks in the future, has become a trend of satellite communication development. The integration of satellite communication and Internet expands Internet utilization districts and enriches functions and attributes of satellite communication. There are some technical chanllenges existing in interoperations between satellite communication system and terrestrial Internet infrastructure. The performance deterioration of TCP/IP applying to satellite networks has been researched in detail, and different kinds of effective TCP performance enhancing techniques have been proposed. However, IPSec and IKE matching TCP/IP and supplying security service in terrestrial Internet have still some applicable problems when transplanting to broadband satellite networks, such as incompatibility with TCP performance enhancing techniques. So, designing and analysing applicable security protocol are key points of broadband satellite network researches.The dissertation researches security methods of broadband satellite networks with supporting TCP performance enhancing technique in depth by referring to the latest researches. It enriches security framework of broadband satellite networks which implements TCP performance enhancing techniques and makes positive achievement and reference value for air-space-ground integrated information network’s theory. Aiming at network-layer security protocol and authenticated key exchange protocol designs, the dissertation concentrates on the following aspects:Firstly, the confliction between transportation performance enhancing technique and IPSec is analysed, and a flexible changeable zone IPSec (CZ-IPSec) protocol is proposed. By converting traditional static zone mapping to changeable dynamic mapping and designing corresponding composite security association and processing flows, CZ-IPSec is enabled to support TCP performance enhancing techniques, and fulfill TCP effencicy improvement. CZ-IPSec is proved by analysis and test results that its bandwidth overheads and processing time delay are not unacceptable. Thus, reasonable tradeoff is achieved by designing CZ-IPSec at the cost of unacceptable overheads and authorith permission of TCP performance enhancing proxy gaining accessing to TCP/IP header, HTTP header and link address contents.Secondly, satellite Internet authenticated key exchange protocol (SIKE) is proposed on account of solving initiator identity exposure and cookie exchange invalidation against denial of service (DoS) attacks in broadband satellite networks. SIKE provides active identity protection for protocol initiator. By designing difficulty adjusting value and range value at server terminal, fine-grained difficulty client puzzle based on one-way hash function is embedded in SIKE. Validity of the fine-grained difficulty client puzzle is proved by test. The form of SIKE embedding puzzle-solution exchange is given as well as capability analysis against DoS attacks.Thirdly, session key security of SIKE is formally analysed. On basis of existing references, HMAC-DDH assumption is proposed for adapting to SIKE’s key extraction calculation. HMAC-DDH assumption is weaker than DDH, and it would hold if the DH group contains a large enough DDH subgroup. So, protocol reducing to HMAC-DDH assumption is more secure than the protocol reducing to DDH assumption. It is proved that SIKE has session key consistency, and the session key and random chosen key are indistinguishable. Session key consistency and indistinguishability between session key and random chosed key bring about session key security of SIKE.Finally, provable secure tri-party and qradri-party authenticated key exchange protocols (STIKE and SQIKE) are proposed for supporting CZ-IPSec in broadband satellite networks. Unlike existing researches, the design integrates 2-party key exchange into tri-party or quadric-party key exchange according to particular requirements of CZ-IPSec. Therefore, research in the dissertation brings forth new ideas to analyzing formally this particular kind of protocols. Considering reducing message transportation quantity, especially messages via satellite links, snooping function of performance enhancing proxy is utilized. Based on extensions of CK model and BCP model respectively, STIKE and SQIKE are proposed and proven session key secure. STIKE and SQIKE satify various terms of security attribute requirement, and their message transportation quatity and calculation are discussed in addition.更多还原