CN114828005A - Enhanced inter-satellite networking authentication method based on location key - Google Patents

Abstract

The invention relates to an enhanced inter-satellite networking authentication method based on a position key, which comprises the steps that a ground control center respectively generates a real identity and an inter-satellite long-term shared key for each satellite; the ground control center generates a temporary identity mark of each satellite and a long-term shared key between the satellites, and acquires orbit parameters of each satellite; each satellite calculates a first position key of the first satellite, and calculates a first message verification code of the first satellite according to the calculated first position key so as to realize the authentication of the second satellite to the first satellite; and each satellite calculates a second position key of the second satellite according to the orbit parameters of the second satellite, and calculates a second message verification code of the second satellite according to the calculated second position key so as to realize the authentication of the first satellite on the second satellite. The inter-satellite networking authentication method realizes a safe and efficient inter-satellite authentication mechanism and realizes inter-satellite rapid networking.

Description

An enhanced inter-satellite networking authentication method based on location key

technical field

The invention belongs to the technical field of satellite communication, in particular to an enhanced inter-satellite networking authentication method based on a location key.

Background technique

With the continuous development of science and technology and the popularization of intelligent terminals, mobile communication technology has developed to the fifth generation (5G) to meet people's increasing communication needs. However, in many places, such as oceans, deserts, polar regions, mountains and valleys, terrestrial network coverage cannot be achieved due to expensive construction costs. Recent reports show that global mobile subscribers have reached 5.27 billion, with mobile services covering approximately 67% of the population. Subject to technical limitations and huge economic costs, only 20% of the land area is covered by mobile services, which is less than 6% of the earth's surface area. In this case, satellite networks have attracted extensive attention due to their advantages of rapid deployment, abundant radio frequency resources, long communication distances, good communication quality, wide coverage, and little interference from terrestrial networks. In addition, satellite networks hold great promise in providing communication services in extreme conditions such as aviation, navigation or disaster areas. Thus, satellite networks can complement terrestrial networks to provide coverage and network connectivity over large areas in a flexible manner.

Clark published a visionary article in 1945 that first proposed the idea of satellite communications, noting that just three satellite stations could provide complete global coverage. The 3rd Generation Partnership Project (3GPP) standards group has been working on the standardization of integrated communication networks between space and ground to support the development of 5G networks. In order to better integrate satellite and terrestrial networks and take full advantage of satellite communication technology, researchers have proposed several architectures that offer possible prospects for the design of satellite systems. The construction of an "integrated information network of space and earth" and the realization of a satellite network system with "global coverage, on-demand access, on-demand service, and safety and reliability" have become a new climax.

With the increasing demand for data communication services, the working mode of a single satellite is difficult to meet the growing demand for communication services. It has become the trend of future communication development to provide services for terrestrial users through a network of multiple satellites. Reasonable satellite networking can achieve continuous coverage of global communications, improve national defense and defense capabilities, and realize the visualization of space communications. And satellite networking can realize satellite communication and coverage in areas where there is no port station deployment. The realization of inter-satellite networking of satellites can decouple the user side and feeder side of satellites, optimize the deployment of gateway stations, and only build ground stations in some areas to achieve global satellite services.

However, unlike traditional networks, the topology of satellite networks changes with the constant motion of the satellites. Satellite networks present more security risks than traditional networks. On the one hand, the links of the satellite network are highly exposed, so the information in the satellite network is vulnerable to illegal eavesdropping and malicious tampering. On the other hand, the satellite network topology is complex and dynamic, making it difficult to maintain a stable satellite link.

Therefore, researchers have proposed a variety of authentication methods in satellite communication networks. However, in most of the authentication schemes, satellites act as relay nodes to forward and process messages for ground users, base stations or servers, and no grouping between satellites is realized. network authentication. In addition to these solutions, the existing inter-satellite networking authentication methods mainly have the following problems: using digital signature, public key cryptography or symmetric key technology to achieve end-to-end authentication between satellites, the number of interaction rounds is large and the calculation is complex, signaling overhead It is not suitable for satellites with limited computing power; in the low-orbit satellite networking method, the certification of low-orbit satellites relies on the gateway station on the ground, while the communication delay between satellite and ground is long, the protocol efficiency is low, and the certification takes time. Too long; the security is not high, the inter-satellite networking authentication method relies on the shared authentication key, if the key is leaked, the security of the inter-satellite session key cannot be guaranteed, and forward security cannot be achieved; The identity information of the satellite is protected for privacy, and the identity information of the satellite may be leaked during the inter-satellite networking authentication process, which will lead to attacks on the identity information of the satellite.

To sum up, how to design a safe and efficient inter-satellite authentication mechanism and realize fast inter-satellite networking has become an urgent problem to be solved.

SUMMARY OF THE INVENTION

In order to solve the above problems existing in the prior art, the present invention provides an enhanced inter-satellite networking authentication method based on a location key. The technical problem to be solved by the present invention is realized by the following technical methods:

An embodiment of the present invention provides an enhanced inter-satellite networking authentication method based on a location key, comprising the steps of:

S1. The ground control center generates a real identity and a long-term shared key between the satellite and the ground for each satellite;

S2. The ground control center generates the temporary identity of each satellite by using the real identity of each satellite and the long-term shared key between the satellite and the ground according to the networking authentication request information sent by any satellite, combined with the random number Generate long-term shared keys between satellites and obtain orbital parameters of each satellite;

S3, each satellite calculates the first position key of the first satellite according to the orbit parameters of the first satellite, and calculates the first position key according to the long-term shared key between the satellites, the first satellite temporary identity and the respective calculated first position keys Calculate the first message verification code of the first satellite; when the second satellite determines that the first message verification code calculated by the second satellite is consistent with the first message verification code calculated by the first satellite, the second satellite completes certification of said first satellite;

S4, each satellite calculates the second position key of the second satellite according to the orbit parameters of the second satellite, and calculates the second message verification of the second satellite according to the second satellite temporary identity and the second position key calculated respectively When the first satellite determines that the second message verification code calculated by the first satellite is consistent with the second message verification code calculated by the second satellite, the first satellite completes the verification of the second satellite. Certification.

In one embodiment of the present invention, step S2 includes:

S21. The first satellite obtains a first current timestamp, encrypts the real identity of the first satellite and the real identity of the second satellite using the long-term shared key between the satellite and the ground of the first satellite, and obtains and sends it the networking authentication request information;

S22. The ground control center decrypts the networking authentication request information, and when judging that the first current time stamp is fresh, uses the real identity and satellite ground of the first satellite under the second current time stamp The long-term shared key is used to generate the first satellite temporary identity, the real identity of the second satellite and the long-term shared key between satellites are used to generate the second satellite temporary identity, and the long-term shared key between satellites is generated in combination with random numbers. , and obtain the first satellite orbit parameter and the second satellite orbit parameter;

S23. The ground control center uses the satellite-ground long-term shared key of the second satellite to pair the second current timestamp, the first satellite temporary identity, the second satellite temporary identity, the encrypting the inter-satellite long-term shared key and the first satellite orbit parameters to obtain a first encrypted message; and using the inter-satellite long-term shared key of the first satellite to encrypt the first encrypted message, the second encrypted message The current timestamp, the first satellite temporary identity, the second satellite temporary identity, the inter-satellite long-term shared key, and the second satellite orbit parameter are encrypted to obtain a second encrypted message;

S24. The first satellite decrypts the second encrypted message, and when the second current timestamp is determined to be fresh, stores the first satellite temporary identity, the second satellite temporary identity, the satellite long-term shared secret key and orbital parameters of the second satellite, and send the first encrypted message to the second satellite;

S25. The second satellite decrypts the first encrypted message, and when the second current timestamp is determined to be fresh, stores the first satellite temporary identity, the second satellite temporary identity, the satellite long-term shared key and the first satellite orbit parameters.

In one embodiment of the present invention, step S3 includes:

S31. The first satellite calculates a first location key by using the orbital parameters of the first satellite under a third current timestamp; and calculates a session according to the long-term shared key between satellites and the first location key The encryption key and integrity protection key of the first satellite are used to calculate the first message verification code using the first satellite temporary identity, the first location key and the integrity protection key, and the first satellite temporary identity is generated. an identity identifier, the third current timestamp and the first authentication vector of the first message verification code;

S32. When the second satellite determines that the first satellite temporary identity in the first authentication vector is consistent with the first satellite temporary identity sent by the ground control center and the third current timestamp is fresh, use the The first satellite orbit parameter calculates a new first position key; and calculates a new encryption key and a new integrity protection key for the session according to the long-term shared key between the satellites and the new first position key, Calculate a new first message verification code using the first satellite temporary identity, the first location key and the new integrity protection key;

S33. When the second satellite determines that the new first message verification code is consistent with the first message verification code, the second satellite completes the authentication of the first satellite.

In an embodiment of the present invention, step S4 includes:

S41. The second satellite uses the second satellite orbit parameter to calculate the second location key under the fourth current timestamp, and calculates the second location key according to the second satellite temporary identity, the second location key and the new The integrity protection key calculates the second message verification code, and generates the second satellite temporary identity identifier, the second message verification code and the second verification vector of the fourth current timestamp;

S42. When the first satellite determines that the second satellite temporary identity in the second authentication vector is consistent with the second satellite temporary identity sent by the ground control center and the fourth current timestamp is fresh, use the The second satellite orbit parameter calculates a new second position key, and calculates a new second message verification code according to the second satellite temporary identity, the new second position key and the integrity protection key ;

S43. When the first satellite determines that the new second message verification code is consistent with the second message verification code, the first satellite completes the authentication of the second satellite.

In an embodiment of the present invention, after step S4, it further includes:

S5, each satellite calculates the third position key of the first satellite according to the original orbit parameters of the first satellite, and calculates the third position key according to the integrity protection key calculated by the last authentication and the third position key calculated respectively. the third message verification code of the first satellite; when the second satellite determines that the third message verification code calculated by the second satellite is consistent with the third message verification code calculated by the first satellite, the second The satellite completes the certification update for the first satellite;

S6, each satellite calculates the fourth position key of the second satellite according to the original orbit parameters of the second satellite, and calculates the integrity protection key according to the last authentication and the calculated fourth position key. Calculate the fourth message verification code of the second satellite; when the first satellite determines that the fourth message verification code calculated by the first satellite is consistent with the fourth message verification code calculated by the second satellite, the The first satellite completes the authentication update for the second satellite.

In one embodiment of the present invention, step S5 includes:

S51. The first satellite uses the original orbit parameters of the first satellite to calculate a third location key under the fifth current timestamp, and calculates a third location key according to the temporary identity of the first satellite and the complete data of the last authentication calculation. calculates a third message verification code using the security protection key and the third location key, and generates a third verification vector of the first satellite temporary identity, the fifth current timestamp, and the third message verification code ;

S52. When the second satellite determines that the first satellite temporary identity in the third authentication vector is consistent with the first satellite temporary identity sent by the ground control center and the fifth current timestamp is fresh, use the Calculate a new third position key based on the original orbit parameters of the first satellite, and calculate the new third position key according to the temporary identity of the first satellite, the integrity protection key calculated by the last authentication and the new third position key New third message verification code;

S53. When the second satellite determines that the new third message verification code is consistent with the third message verification code, the second satellite completes the authentication update for the first satellite.

In an embodiment of the present invention, step S6 includes:

S61. The second satellite calculates a fourth location key by using the original orbit parameters of the second satellite under the sixth current time stamp, and calculates the integrity protection key according to the The satellite temporary identification and the fourth location key calculate a fourth message verification code, and generate a fourth authentication vector of the second satellite temporary identification, the fourth message verification code and the sixth current timestamp , and use the long-term shared key between satellites, the fourth location key and the new third location key to calculate a new encryption key and an integrity protection key;

S62. When the first satellite determines that the second satellite temporary identity in the fourth authentication vector is consistent with the second satellite temporary identity sent by the ground control center and the sixth current timestamp is fresh, use the A new fourth position key is calculated from the original orbital parameters of the second satellite, and is calculated according to the integrity protection key calculated in the last authentication, the temporary identity of the second satellite and the new fourth position key New fourth message verification code;

S63. When the first satellite determines that the new fourth message verification code is consistent with the fourth message verification code, the first satellite completes the authentication update for the second satellite; the first satellite A new encryption key and an integrity protection key are calculated using the inter-satellite long-term shared key, the new fourth position key and the third position key.

In an embodiment of the present invention, after step S4, it further includes:

S5. Each satellite calculates the fifth position key of the first satellite according to the changed orbit parameters of the first satellite, and calculates the integrity protection key according to the last authentication and the calculated fifth position key. key to calculate the fifth message verification code of the first satellite; when the second satellite determines that the fifth message verification code calculated by the second satellite is consistent with the fifth message verification code calculated by the first satellite, the the second satellite completes the authentication update for the first satellite;

S6. Each satellite calculates the sixth position key of the second satellite according to the changed orbit parameters of the second satellite, and calculates the integrity protection key according to the last authentication calculation and the respectively calculated sixth position key. The location key calculates the sixth message verification code of the second satellite; when the first satellite determines that the sixth message verification code calculated by the first satellite is consistent with the sixth message verification code calculated by the second satellite , the first satellite completes the authentication update for the second satellite.

In one embodiment of the present invention, step S5 includes:

S51. The first satellite uses the changed orbit parameters of the first satellite to calculate a fifth position key under the seventh current timestamp, and calculates the integrity protection key according to the A satellite temporary identity identifier and the fifth position key are used to calculate the fifth message verification code, and the changed orbit parameters of the first satellite are encrypted using the encryption key calculated in the last authentication, and the first satellite temporary identity is generated. identification, the seventh current time stamp, the fifth message verification code, and the encrypted fifth authentication vector of the changed orbit parameters of the first satellite;

S52. When the second satellite determines that the first satellite temporary identity in the fifth authentication vector is consistent with the first satellite temporary identity sent by the ground control center and the seventh current timestamp is fresh, use the The encryption key of the last authentication calculation decrypts the fifth authentication vector to obtain the changed orbit parameters of the first satellite, and uses the changed orbit parameters of the first satellite to calculate a new fifth position key, and according to the Calculate the new fifth message verification code using the integrity protection key of the last authentication calculation, the first satellite temporary identity identifier and the new fifth position key;

S53. When the second satellite determines that the new fifth message verification code is consistent with the fifth message verification code, the second satellite completes the authentication update for the first satellite.

In one embodiment of the present invention, step S6 includes:

S61. The second satellite calculates a sixth position key by using the changed orbit parameters of the second satellite under the eighth current timestamp, and calculates a sixth position key according to the The second satellite temporary identity identifier and the sixth position key are used to calculate a sixth message verification code, and the changed orbit parameters of the second satellite are encrypted using the encryption key calculated in the last authentication, and the second satellite is generated. The temporary identity identifier, the eighth current time stamp, the sixth message verification code, and the encrypted sixth authentication vector of the orbital parameters of the second satellite after changing, and using the long-term shared key between satellites, the The sixth location key and the new fifth location key calculate a new encryption key and an integrity protection key;

S62. When the first satellite determines that the second satellite temporary identity in the sixth authentication vector is consistent with the second satellite temporary identity sent by the ground control center and the eighth current time stamp is fresh, use the The encryption key calculated by the last authentication decrypts the sixth authentication vector to obtain the changed orbit parameters of the second satellite, calculates a new sixth position key by using the changed orbit parameters of the second satellite, and Calculate the new sixth message verification code by calculating the integrity protection key of the last authentication calculation, the second satellite temporary identity identifier and the new sixth position key;

S63. When the first satellite determines that the new sixth message verification code is consistent with the sixth message verification code, the first satellite completes the authentication update for the second satellite; the first satellite A new encryption key and an integrity protection key are calculated using the inter-satellite long-term shared key, the new sixth position key and the fifth position key.

Compared with the prior art, the beneficial effects of the present invention:

In the inter-satellite networking authentication method of the present invention, the ground control center generates a temporary identity identifier and a long-term shared key between the satellite and the ground for each satellite authenticated by the networking, so as to protect the true identity of the satellite; Each satellite generates an inter-satellite long-term shared key and obtains the orbital parameters of each satellite and distributes it to the satellites. Each satellite calculates each other's position key based on the orbital parameters, and then uses the position key and the inter-satellite long-term shared key to complete identity authentication. , and negotiate the inter-satellite session key, avoiding the risk of master key leakage; in addition, the participation of the ground control center in the authentication process is reduced, and unnecessary communication delays are reduced, thus realizing a safe and efficient inter-satellite The authentication mechanism realizes fast inter-satellite networking.

Description of drawings

1 is a schematic flowchart of a location key-based enhanced inter-satellite networking authentication method provided by an embodiment of the present invention;

2 is an architecture diagram of an enhanced satellite security networking authentication method based on a location key under a space-ground integrated network provided by an embodiment of the present invention;

FIG. 3 is a flowchart of an inter-satellite shared key configuration stage provided by an embodiment of the present invention;

FIG. 4 is a flowchart of an initial inter-satellite networking authentication stage provided by an embodiment of the present invention;

5 is a flowchart of a satellite location key update phase when the orbital parameters of a satellite do not change according to an embodiment of the present invention;

FIG. 6 is a flowchart of a phase of updating a satellite location key when the orbital parameters of a satellite do not change according to an embodiment of the present invention.

Detailed ways

The present invention will be described in further detail below with reference to specific embodiments, but the embodiments of the present invention are not limited thereto.

Example 1

Please refer to FIG. 1 and FIG. 2. FIG. 1 is a schematic flowchart of an enhanced inter-satellite networking authentication method based on a location key provided by an embodiment of the present invention, and FIG. 2 is a heaven-earth integration provided by an embodiment of the present invention. The architecture diagram of the enhanced satellite security networking authentication method based on the location key under the network.

The method of this embodiment implements identity authentication and key negotiation based on the location key, and almost all satellites can meet the needs of the inter-satellite networking method. Specifically, the method in this embodiment can be applied to various types of satellites, including any two satellites among the low-orbit satellite LEO, the medium-orbit satellite MEO, and the high-orbit satellite GEO, as shown in FIG. Satellite: In the case where the two networked satellites do not have a shared key, the method in this embodiment is also applicable.

Specifically, the enhanced inter-satellite networking authentication method based on the location key includes the steps:

S1. System initialization stage: The ground control center generates a real identity and a long-term shared key between the satellite and the ground for each satellite.

Specifically, in the satellite launch preparation stage, the ground control center triggers the initialization of the system to generate a unique real identity and a long-term shared key between the satellite and the ground for each satellite. The ground control center generates a permanent real identity ID _A for the first satellite A according to the production batch, orbital parameters, system initialization time and other information of the first satellite A, and generates a long-term shared key between the satellite and the ground based on the permanent real identity K _A . Similarly, the ground control center generates a permanent real identity ID _B for the second satellite B according to the production batch, orbital parameters, system initialization time and other information of the second satellite B, and generates a long-term inter-satellite ID based on the permanent real identity. Shared key _KB . The second satellite _B does not know KA and the first satellite _A does not know KB. Furthermore, it is assumed that KA and _KB are stored in _a trusted environment and cannot be compromised.

S2. Inter-satellite shared key configuration stage: the ground control center generates the temporary identity of each satellite according to the networking authentication request information sent by any satellite, using the real identity of each satellite and the long-term shared key between the satellite and the ground, combined with A random number generates a long-term shared key between satellites and obtains orbital parameters for each satellite.

Referring to FIG. 3, FIG. 3 is a flowchart of an inter-satellite shared key configuration stage provided by an embodiment of the present invention. Step S2 specifically includes steps:

S21. The first satellite acquires the first current timestamp, encrypts the real identity of the first satellite and the real identity of the second satellite by using the long-term shared key between the satellite and the ground of the first satellite, and obtains and sends the networking authentication request information.

然后卫星A向地面控制中心发送

请求与卫星B进行组网认证。Specifically, the first satellite A obtains the first current timestamp T _A1 , and encrypts the real identities of the first satellite A and the second satellite B by using the satellite-ground long-term shared key K _A of the first satellite, and obtains and sends the network Authentication request information

Then satellite A sends to the ground control center

Request network authentication with satellite B.

S22. The ground control center decrypts the networking authentication request information, and when judging that the first current timestamp is fresh, uses the real identity of the first satellite and the long-term shared key between the satellite and the ground to generate the first Satellite temporary identification, using the real identity of the second satellite and the long-term shared key between satellites to generate the second satellite temporary identification, combined with random numbers to generate the long-term shared key between satellites, and obtain the first satellite orbit parameters and the second satellite track parameters.

Specifically, when the ground control center receives the networking authentication request information, it uses the same key KA to decrypt to obtain ID _A , ID _B , and _{T A1} . The ground control center checks whether the identity information in the networking authentication request message is legal, and verifies whether the timestamp T _A1 is fresh, that is, T _A1 -T _t1 <ΔT, where T _t1 is the time when the ground control center receives the first satellite A message , ΔT is the preset effective time interval. If it passes the inspection, the ground control center obtains the second current time stamp T _TCC , and uses the real identity information of satellites A and B and T _TCC to calculate the temporary identifications TID _A and TID _B of the satellites. Then the ground control center generates a random number RAND, and generates a long-term shared key K _AB between satellites A and B for satellites A and B . The above calculation process is shown in formula (1):

Among them, f ₁ :{0,1} ^* →{0,1} ^k is the generation function of the satellite temporary identity, which is a one-way hash function, h is the hash function, KA is the first satellite _A and ground control The long-term shared key between the satellite and the ground between the centers, KB is the long-term shared key between the second satellite _B and the ground control center, ID _A is the real identity of the first satellite A, and ID _B is the second satellite A. The real identity of satellite B, RAND is a random number.

Next, the ground control center retrieves the orbit parameter information of the satellite to obtain the orbit parameter P A of the first satellite A and the orbit parameter P _B of the second satellite _B at this time.

S23. The ground control center uses the satellite-ground long-term shared key of the second satellite to pair the second current timestamp, the first satellite temporary identity, the second satellite temporary identity, the inter-satellite long-term shared key, and the first satellite orbit parameters Encryption is performed to obtain the first encrypted message; and the first encrypted message, the second current time stamp, the first satellite temporary identity, the second satellite temporary identity, the The long-term shared key and the second satellite orbit parameters are encrypted to obtain a second encrypted message.

地面控制中心使用K_A对K_AB、TID_A、TID_B、T_TCC、P_B，以及

进行加密得到第二加密消息

并发送给卫星A。假设卫星知道自己的轨道参数，所以地面控制中心不需要将卫星A的轨道参数发送给卫星A，也不需要将卫星B的轨道参数发送给卫星B。Specifically, the ground control center uses K _B to encrypt K _AB , TIDA , _TIDB , _{T TCC} and PA to obtain the first encrypted message to be sent to the second satellite _B , that is,

The ground control center uses K _A for K _AB , TID _A , TID _B , T _TCC , P _B , and

Encrypt to get the second encrypted message

and sent to satellite A. Assuming that the satellite knows its own orbital parameters, the ground control center does not need to send the orbital parameters of satellite A to satellite A, nor does it need to send the orbital parameters of satellite B to satellite B.

S24, the first satellite decrypts the second encrypted message, and when judging that the second current time stamp is fresh, the first satellite temporary identification, the second satellite temporary identification, the long-term shared key between satellites and the second satellite orbit parameter are stored, and send the first encrypted message to the second satellite.

然后卫星A验证时间戳T_TCC的新鲜性，如果满足新鲜性要求，那么卫星A存储K_AB、TID_A、TID_B、T_TCC、P_B，并将第一加密消息

转发给卫星B；否则将终止认证。Specifically, after receiving the second encrypted message from the ground control center, satellite _A decrypts it using the shared key KA to obtain K _AB , _TIDA , _TIDB , _TTCC , _PB and

Satellite A then verifies the freshness of the timestamp T _TCC , and if the freshness requirement is met, then satellite A stores K _AB , TID _A , TID _B , T _TCC , P _B , and encrypts the first encrypted message

Forwarded to Satellite B; otherwise, the certification will be terminated.

S25. The second satellite decrypts the first encrypted message, and stores the first satellite temporary ID, the second satellite temporary ID, the long-term shared key between satellites, and the first satellite orbit parameter when the second current timestamp is determined to be fresh.

Specifically, satellite _B receives the information sent by satellite _A , and uses the shared key KB to decrypt to obtain K _AB , _TIDA , _TIDB , _TTCC , and PA . Satellite B verifies the freshness of the timestamp T _TCC . If the freshness requirement is met, then satellite B stores K _AB , TID _A , TID _B , T _TCC and P _A , so as to perform networking authentication with satellite A.

S3, the initial networking authentication stage between satellites: each satellite calculates the first location key of the first satellite according to the orbital parameters of the first satellite, and calculates the first position key of the first satellite according to the long-term shared key between satellites, the temporary identity of the first satellite and their respective calculation The first location key of the first satellite calculates the first message verification code of the first satellite; when the second satellite determines that the first message verification code calculated by the second satellite is consistent with the first message verification code calculated by the first satellite, the second satellite completes the Certification of the first satellite.

Referring to FIG. 4 , FIG. 4 is a flowchart of an initial inter-satellite networking authentication stage provided by an embodiment of the present invention. Step S3 specifically includes:

S31, the first satellite calculates the first location key using the orbital parameters of the first satellite under the third current timestamp; and calculates the encryption key and integrity protection of the session according to the long-term shared key between satellites and the first location key The key is to calculate the first message verification code by using the first satellite temporary identity identifier, the first location key and the integrity protection key, and generate a combination of the first satellite temporary identity identifier, the third current time stamp and the first message verification code. The first authentication vector.

Specifically, satellite A obtains the third current time stamp T _A2 ; according to the satellite positioning algorithm of the Global Positioning System (GPS), the orbit parameter P _A of the first satellite is used to calculate the first satellite coordinates at the moment of the third current time stamp T _A2 (x _A , y _A , z _A ) and the first position key K _LA of the first satellite, then satellite A calculates the encryption key CK and the integrity protection key of the session according to the long-term shared keys K _AB and K _LA between satellites Then the satellite A calculates the first message verification code MAC _A based on the integrity protection key IK and the first location key K _LA , and finally generates the first authentication vector AV _A . The above calculation process is shown in formula (2):

Among them, f _P is the generation function of satellite space coordinates, P _A is the orbit parameter of the first satellite A, f ₂ :{0,1} ^* →{0,1} ^k is the generation function of the session key, which is a single Hash function, f ₃ :{0,1} ^* →{0,1} ^k is the generation function of the message verification code, which is a one-way hash function, K _LA is the first location key of the first satellite A , K _AB is the inter-satellite long-term shared key between satellite A and satellite B.

S32, when the second satellite determines that the first satellite temporary identity in the first authentication vector is consistent with the first satellite temporary identity sent by the ground control center and the third current timestamp is fresh, use the first satellite orbit parameter to calculate a new The first location key; and calculate a new encryption key and a new integrity protection key for the session according to the long-term shared key between satellites and the new first location key, using the first satellite temporary identity, the first location encryption key and the new integrity protection key to calculate a new first message authentication code.

Specifically, the satellite B compares the TID _A in the AV _A with the TID _A sent by the ground control center, and verifies the freshness of the timestamp T _A2 . If the two TID _A are consistent and T _A2 meets the freshness requirement, then satellite B uses the same method as satellite A to calculate the new satellite A at time T _A2 according to the first satellite orbit parameter P _A sent by T _A2 and the ground control center. the GPS coordinates (x' _A , y' _A , y' _A ) and the new first location key K' _LA . Next, satellite B uses the new first location key K' _LA of satellite A and the long-term shared key K _AB between satellites to calculate a new encryption key CK' and an integrity protection key IK', and further calculates a new first Message Authentication Code XMAC _A .

S33. When the second satellite determines that the new first message verification code is consistent with the first message verification code, the second satellite completes the authentication of the first satellite.

Specifically, satellite B compares XMAC _A with the MAC _A sent by satellite A, and if the two are consistent, completes the identity authentication of satellite A, and saves CK' and IK' for subsequent inter-satellite sessions; otherwise, the authentication fails, End authentication.

The calculation process of step S32 and step S33 is shown as formula (3):

S4, each satellite calculates the second position key of the second satellite according to the orbit parameters of the second satellite, and calculates the second message verification of the second satellite according to the second satellite temporary identity and the second position key calculated respectively When the first satellite determines that the second message verification code calculated by the first satellite is consistent with the second message verification code calculated by the second satellite, the first satellite completes the authentication of the second satellite. Specifically include:

S41. The second satellite uses the second satellite orbit parameter to calculate the second position key under the fourth current timestamp, and calculates the second position key according to the second satellite temporary identity, the second position key and the new integrity protection key. message verification code, and generate the second satellite temporary identity identifier, the second message verification code and the second verification vector of the fourth current timestamp.

Specifically, satellite B obtains the fourth current time stamp T _B1 , and uses the orbit parameter P _B of the second satellite to calculate its own GPS coordinates (x _B , y _B , z _B according to the global positioning system (GPS) satellite positioning algorithm) ) and the second location key K _LB , and then use the second location key K _LB , the new integrity protection key IK' and _{TIDB calculated in step S32 to calculate the second message verification code MAC B .} Finally, satellite B generates a second authentication vector AV _B and sends it to satellite A. The above calculation process is shown in formula (4):

S42, when the first satellite determines that the second satellite temporary identity in the second authentication vector is consistent with the second satellite temporary identity sent by the ground control center and the fourth current timestamp is fresh, use the second satellite orbit parameter to calculate a new The second location key, and a new second message verification code is calculated according to the second satellite temporary identity identifier, the new second location key and the integrity protection key.

Specifically, the satellite A compares the TID _B in the second authentication vector AV _B with the TID _B sent by the ground control center, and verifies the freshness of the fourth timestamp T _B1 . If the TID _B sent by the two are consistent and T _B1 meets the freshness requirement, then satellite A calculates the new GPS of the second satellite of satellite B at time T _B1 according to the second satellite orbit parameter P _B sent by T _B1 and the ground control center coordinates (x' _B , y' _B , z' _B ) and a new second location key K'_LB; and then calculate a new second message verification code XMAC _B according to the IK and K' _LB calculated in step S31.

S43. When the first satellite determines that the new second message verification code is consistent with the second message verification code, the first satellite completes the authentication of the second satellite.

Specifically, if the new second message verification code XMAC _B . Consistent with the second message verification code MAC _B sent by satellite B, satellite A completes the identity authentication of satellite B, and satellite A saves the CK and IK calculated in step S31 for subsequent inter-satellite sessions; otherwise, the authentication fails, and the authentication ends. The above calculation process is shown in formula (5):

The method security analysis of this embodiment is as follows:

(1) Mutual authentication and key agreement: In the above method, satellite A and satellite B realize mutual authentication and key agreement based on location keys K _LA , K _LB and long-term shared key K _AB between satellites. Specifically, the ground control center first generates the inter-satellite long-term shared key K _AB for the satellites, and distributes it securely to satellite A and satellite B in the inter-satellite shared key configuration stage. Secondly, satellite A obtains the orbit parameter P _B of satellite B from the ground control center, and satellite B obtains the orbit parameter P _A of satellite A from the ground control center. Then satellite A and satellite B calculate the session encryption key CK and the integrity protection key IK in the same way. Satellite A uses IK and the location key K _LA to calculate MAC _A , and satellite B calculates XMAC _A in the same way to verify the identity of satellite A. In turn, Satellite A verifies the identity of Satellite B in the same way. For the location key update phase, the idea is the same. Therefore, satellite A and satellite B can achieve mutual authentication and key agreement.

(2) Identity anonymity. In the initial satellite authentication stage, satellite A sends an inter-satellite networking authentication request to the ground control center, and the ground control center generates a temporary identity TID _A according to satellite _A 's real identity ID _A and the preset shared key KA. Similarly, the ground control center generates a temporary identity TID _B according to the real identity ID _B of the satellite _B and the preset shared key KB. Satellites use anonymous identity identifiers in the network authentication process, and attackers cannot obtain the real identity information of satellites.

(3) Key confirmation: in the initial inter-satellite networking authentication stage, satellite A calculates the location key K _LA according to its own orbital parameters, and then uses the shared keys K _AB and K _LA to calculate the session keys CK and IK. Satellite A sends a networking authentication request to satellite B, and uses IK and K _LA to protect the integrity of the message. Satellite B calculates K _LA and session key in the same way, then Satellite B uses IK to verify the authentication request sent by Satellite A. In turn, satellite A uses the IK to verify the authentication message sent by satellite B, confirming that the session keys calculated by both parties are the same. Therefore, this method enables key confirmation.

(4) Data integrity protection: The link of the satellite network is highly open and vulnerable to eavesdropping, tampering and forgery attacks. In order to protect the integrity of information transmitted between satellites, satellite A and satellite B generate an integrity protection key IK to achieve data integrity protection.

(5) Anti-counterfeiting attack: The satellites participating in the network authentication calculate the position keys K _LA and K _LB according to the specific orbit parameters, and then generate the integrity protection key IK of the session, and then send the information such as the position key between the satellites. will be protected by IK. This prevents attackers from tampering or falsifying information, and even if an attacker tampers or falsifies some data, the satellites can spot it immediately.

(6) Anti-man-in-the-middle attack. When an attacker launches a man-in-the-middle attack, satellite B mistakenly thinks the opposite satellite is satellite A, and satellite A mistakenly thinks the opposite satellite is satellite B, which causes satellite B and satellite A to send a large amount of private information to the attacker. For this inter-satellite authentication method, satellite A and satellite B obtain the session key according to the location key and the shared key K _AB to protect the integrity of the transmitted data. Even if an attacker eavesdrops on the information being sent, he cannot obtain information about the location key and cannot calculate the correct session key. Therefore, this method is resistant to man-in-the-middle attacks.

(7) Anti-replay attack: During each inter-satellite networking authentication process, the satellite A requesting networking authentication obtains a timestamp, calculates the location key corresponding to the moment, and finally adds the timestamp to the authentication The request vector is sent to the opposite satellite B. Satellite B verifies that the received timestamp is fresh, and if it does not meet the freshness requirements, then Satellite B considers the authentication request vector to be expired and discards it. In turn, satellite A performs the same verification on satellite B's timestamp. An attacker cannot replay an expired authentication vector to spoof the satellite. In this way, the method is resistant to replay attacks.

(8) Resist insider attack: In this method, mutual authentication and key agreement are based on two factors: the satellite location key and the long-term shared key between satellites. Assume that satellite A has performed networking authentication with satellite B and satellite C respectively, and established two secure channels. Satellite A obtains the orbital parameters of satellite B and satellite C from the ground control center. During the validity period of their orbital parameters, satellite A can calculate the position key of satellite B or satellite C at any time, but satellite A cannot calculate the session key between satellite B and satellite C because it cannot be obtained from the ground control center Obtain the shared key K _BC . Therefore, satellite A cannot eavesdrop on the conversation between satellites B and C. So this method can resist insider attack.

(9) Perfect Forward Secrecy (PFS): In this method, the session key between satellite A and satellite B is calculated based on the location key and the shared key K _AB . Even if the shared key _KAB is compromised, the attacker cannot compute the correct session key. Even if the location key is exposed during a certain networking authentication process, if the attacker does not know the orbital parameters of the satellite, the previous session key cannot be obtained. Therefore, this method can achieve PFS.

Therefore, this method has the following advantages: (1) In view of the characteristics of the satellite network in the space-ground integrated network, the links are highly exposed, the topology is complex and changeable, and the satellite computing capability and storage resources are limited. A high-level enhanced inter-satellite networking authentication scheme based on location keys and symmetric keys. Specifically, after the satellite is launched, it runs according to a predetermined orbit. In this embodiment, the inter-satellite networking is realized by verifying the position of the satellite. Authentication and key negotiation only require hashing, XOR operations, and a small amount of shared key encryption and decryption, which reduces satellite computing overhead and storage overhead while ensuring security, and improves the efficiency of inter-satellite networking authentication . (2) Aiming at the security risk of master key leakage in the traditional inter-satellite networking authentication process, this embodiment uses both the location key and the shared key to implement satellite inter-satellite authentication and key negotiation, which solves the problem of master key leakage security risks. (3) In response to the requirement of satellite identity privacy, this embodiment uses a hash function to generate an anonymous identity information for the satellite, that is, a temporary identity identifier of the satellite, during the network authentication process, which effectively protects the privacy of the satellite identity. (4) For the networking authentication process between different satellites, this embodiment assigns different shared keys to satellites. Even if a certain satellite is captured, it cannot calculate the session keys between other satellites, so it does not have other satellites. The shared key between them avoids insider attacks. (5) In the case where the two networked satellites do not have the shared key distributed by the ground control center, for example, the two satellites to be authenticated are from different institutions or countries, the method of this embodiment is also applicable. Specifically, identity authentication and key negotiation between satellites can be performed only based on the location key to achieve fast inter-satellite networking authentication. Although there may be some security risks, such as insider attacks, the authentication of the location key meets the security requirements of certain scenarios and is an optional solution. (6) The method of this embodiment does not require the launch batches of satellites, that is, satellites launched in different batches can also use this solution to implement inter-satellite networking authentication and key negotiation. Specifically, when the satellite needs networking authentication, a shared key can be generated with the help of the ground control center in the initial networking stage, and authentication can be achieved based on the shared key and the location key; or if the shared key cannot be generated. In this case, authentication can be achieved based only on the location key.

To sum up, in the inter-satellite networking authentication method of the present invention, the ground control center generates a temporary identity identifier and a long-term shared key between the satellite and the ground for each satellite authenticated by the networking, so as to protect the true identity of the satellite; Features: Generate a long-term shared key between satellites for each satellite and obtain the orbital parameters of each satellite and distribute them to the satellites. Each satellite calculates each other's location keys based on the orbital parameters, and then uses the location key and the inter-satellite shared key to complete Identity authentication and negotiation of the inter-satellite session key, avoiding the risk of master key leakage; in addition, the participation of the ground control center in the authentication process is reduced, and unnecessary communication delays are reduced, thus realizing a safe and efficient The inter-satellite authentication mechanism realizes fast inter-satellite networking.

Embodiment 2

On the basis of Embodiment 1, this embodiment provides an inter-satellite networking authentication method in which the orbital parameters of the satellites do not change after the initial inter-satellite networking authentication stage, and the inter-satellite networking is disconnected and reconnected. In this embodiment, the fact that the orbital parameters of the satellites have not changed means that the orbital parameters of the first satellite and the second satellite have not changed.

Specifically, the method includes the steps:

S1. The ground control center generates a real identity and a long-term shared key between the satellite and the ground for each satellite.

S2. According to the networking authentication request information sent by any satellite, the ground control center uses the real identity of each satellite and the long-term shared key between satellites to generate the temporary identity of each satellite, and generates the long-term shared secret between satellites in combination with random numbers. key, and obtain the orbital parameters of each satellite.

S3, each satellite calculates the first position key of the first satellite according to the orbital parameters of the first satellite, and calculates the first position key according to the long-term shared key between satellites, the first satellite temporary identity and the respectively calculated first position key The first message verification code of a satellite; when the second satellite determines that the first message verification code calculated by the second satellite is consistent with the first message verification code calculated by the first satellite, the second satellite completes the authentication of the first satellite.

S4, each satellite calculates the second position key of the second satellite according to the orbit parameters of the second satellite, and calculates the second message verification of the second satellite according to the second satellite temporary identity and the second position key calculated respectively When the first satellite determines that the second message verification code calculated by the first satellite is consistent with the second message verification code calculated by the second satellite, the first satellite completes the authentication of the second satellite.

For the specific implementation method of steps S1 to S4, please refer to Embodiment 1, which will not be repeated in this embodiment.

S5. The satellite location key update phase when the orbital parameters of the satellites have not changed: each satellite calculates the third location key of the first satellite according to the original orbital parameters of the first satellite, and calculates the integrity protection according to the last authentication calculation. The key and the third position key calculated respectively are used to calculate the third message verification code of the first satellite; when the second satellite determines that the third message verification code calculated by the second satellite is consistent with the third message verification code calculated by the first satellite , the second satellite completes the authentication update to the first satellite.

Please refer to FIG. 5. FIG. 5 is a flowchart of a phase of updating a satellite location key when the orbital parameters of a satellite do not change according to an embodiment of the present invention.

Step S5 includes:

S51, the first satellite uses the original orbit parameters of the first satellite to calculate the third position key under the fifth current time stamp, and calculates the third position key according to the temporary identity of the first satellite, the integrity protection key calculated in the last authentication and the third position The key calculates the third message verification code, and generates a third authentication vector of the first satellite temporary identity, the fifth current timestamp and the third message verification code.

Specifically, satellite A obtains the fifth current timestamp T _A3 , and uses the original orbit parameter P _A of the first satellite to calculate its own third GPS coordinates (x _A2 , y _A2 , z _A2 ) and the third position key K _L-A2 . Then satellite A calculates the third message verification code MAC A2 by using the integrity protection key IK and the current third location key K _L-A2 calculated by the last authentication, and finally satellite A creates the first satellite temporary identity identifier TID _A , the third message verification code MAC _A2 5. The current timestamp T _A3 and the third authentication vector AV _A2 of the third message verification code MAC _A2 are sent to satellite B.

The above calculation process is shown in formula (6):

S52, when the second satellite determines that the first satellite temporary identity in the third authentication vector is consistent with the first satellite temporary identity sent by the ground control center and the fifth current timestamp is fresh, use the original orbit parameters of the first satellite to calculate A new third location key, and a new third message verification code is calculated according to the first satellite temporary identity, the integrity protection key calculated in the last authentication and the new third location key.

Specifically, satellite B verifies the validity of the first satellite temporary identity identifier TID _A in the third authentication vector AV _A2 and the freshness of the fifth current timestamp T _A3 . If the requirements are met, the satellite B _verifies the The original orbit parameter P _A of the satellite is used to calculate the new third GPS coordinates (x' _A2 , y' _A2 , z' _A2 ) and the new third position key K' _L-A2 of the satellite A at time T _A3 . Next, satellite B calculates a new third message verification code XMAC _A2 by using the integrity protection key IK calculated in the last authentication and the current new third location key K' _L-A2 of satellite A.

S53. When the second satellite determines that the new third message verification code is consistent with the third message verification code, the second satellite completes the authentication update for the first satellite.

Specifically, if the new third message verification code XMAC _A2 is consistent with the third message verification code MAC _A2 sent by satellite A, the identity authentication of satellite A is completed; otherwise, the authentication fails, and the authentication is ended.

The calculation process of steps S52 and S53 is shown in formula (7):

S6, each satellite calculates the fourth position key of the second satellite according to the original orbit parameters of the second satellite, and calculates the second satellite according to the integrity protection key calculated by the last authentication and the fourth position key calculated respectively When the first satellite determines that the fourth message verification code calculated by the first satellite is consistent with the fourth message verification code calculated by the second satellite, the first satellite completes the authentication update for the second satellite.

Specifically include:

S61, the second satellite uses the original orbit parameters of the second satellite to calculate the fourth position key under the sixth current time stamp, and calculates the integrity protection key according to the last authentication, the temporary identity of the second satellite and the fourth position key key to calculate the fourth message verification code, to generate the second satellite temporary identity, the fourth message verification code and the fourth verification vector of the sixth current timestamp; and use the long-term shared key between satellites, the fourth position key and the new The third location key computes the new encryption key and integrity protection key.

Specifically, satellite B obtains the sixth current time stamp T _B2 , and uses the orbit parameter P _B of the second satellite to calculate its own fourth GPS coordinates (x _B2 , y _B2 , z according to the global positioning system (GPS) satellite positioning algorithm) _B2 ) and the fourth location key KL _-B2 , and then the satellite B calculates the fourth message verification code MAC _B2 using the integrity protection key IK calculated in the last authentication and the current fourth location key KL _- B2, and creates The second satellite temporary ID _B , the sixth current time stamp T _B2 and the fourth authentication vector AV _B2 of the fourth message verification code MAC _B2 are sent to the satellite A. Finally, satellite B uses the inter-satellite long-term shared key K _AB , the new third position key K' _L-A2 and the fourth position key K _L-B2 to calculate a new session encryption key CK ₂ and an integrity protection key The key IK ₂ is used for subsequent inter-satellite sessions. The above calculation process is shown in formula (8):

S62, when the first satellite determines that the second satellite temporary identity in the fourth authentication vector is consistent with the second satellite temporary identity sent by the ground control center and the sixth current timestamp is fresh, use the original orbit parameters of the second satellite to calculate A new fourth location key, and a new fourth message verification code is calculated according to the integrity protection key calculated in the last authentication, the second satellite temporary identity identifier, and the new fourth location key.

Specifically, the satellite A verifies the validity of the second satellite temporary identity identifier TID _B in the fourth authentication vector AV _B2 and the freshness of the sixth current timestamp T _B2 , if the second satellite temporary identity identifier in the fourth authentication vector AV _B2 is TID _B is consistent with the second satellite temporary identity identifier TID _B sent by the ground control center and the sixth current time stamp T _B2 is fresh. Satellite A calculates according to the sixth current time stamp T _B2 and the saved original orbit parameter P _B of the second satellite The new fourth GPS coordinates (x' _B2 , y' _B2 , z' _B2 ) of satellite B and the new fourth position key K' _L-B2 . Next, satellite A calculates a new fourth message verification code XMAC _B2 by using the IK calculated in the last authentication and the new fourth location key K' _L- B2.

S63, when the first satellite determines that the new fourth message verification code is consistent with the fourth message verification code, the first satellite completes the authentication update for the second satellite; the first satellite uses the long-term shared key between satellites, the new fourth The location key and the third location key compute new encryption keys and integrity protection keys.

Specifically, if the new fourth message verification code XMAC _B2 is consistent with the fourth message verification code MAC _B2 sent by the satellite B, the satellite A completes the identity authentication of the satellite B; otherwise, the authentication fails, and the authentication ends. Finally, satellite A uses the inter-satellite long-term shared key K _AB , the third position key K _L-A2 and the new fourth position key K' _L-B2 to calculate a new session encryption key CK ₂ and an integrity protection key The key IK ₂ is used for subsequent inter-satellite sessions.

The calculation process of step S62 and step S63 is shown as formula (9):

In this embodiment, the new session encryption key CK ₂ and the integrity protection key IK ₂ calculated in steps S61 and S63 are the same, and the difference lies in the encryption key CK ₂ and the integrity protection key IK ₂ calculated by satellite A It is stored in satellite A, and the encryption key CK ₂ and the integrity protection key IK ₂ calculated by satellite B are stored in satellite B.

In this embodiment, in the face of the disconnection and reconnection of the inter-satellite link, when the orbital parameters of the satellite do not change, the satellite calculates a new location key based on the saved orbital parameters, and realizes the update of the session key. In the update phase, key confirmation is no longer performed, which reduces the signaling overhead of the satellite.

Embodiment 3

On the basis of Embodiment 1 and Embodiment 2, this embodiment provides an inter-satellite networking authentication method in which the orbital parameters of the satellites change after the initial inter-satellite networking authentication stage, and the inter-satellite networking is disconnected and reconnected . In this embodiment, the change in the orbit parameter of the satellite means that the orbit parameter of any one of the first satellite and the second satellite changes.

Specifically, the method includes the steps:

S1. The ground control center generates a real identity and a long-term shared key between the satellite and the ground for each satellite.

S2. According to the networking authentication request information sent by any satellite, the ground control center uses the real identity of each satellite and the long-term shared key between satellites to generate the temporary identity of each satellite, and generates the long-term shared secret between satellites in combination with random numbers. key, and obtain the orbital parameters of each satellite.

S3, each satellite calculates the first position key of the first satellite according to the orbital parameters of the first satellite, and calculates the first position key according to the long-term shared key between satellites, the first satellite temporary identity and the respectively calculated first position key The first message verification code of a satellite; when the second satellite determines that the first message verification code calculated by the second satellite is consistent with the first message verification code calculated by the first satellite, the second satellite completes the authentication of the first satellite.

S4, each satellite calculates the second position key of the second satellite according to the orbit parameters of the second satellite, and calculates the second message verification of the second satellite according to the second satellite temporary identity and the second position key calculated respectively When the first satellite determines that the second message verification code calculated by the first satellite is consistent with the second message verification code calculated by the second satellite, the first satellite completes the authentication of the second satellite.

For the specific implementation method of steps S1 to S4, please refer to Embodiment 1, which will not be repeated in this embodiment.

S5, each satellite calculates the fifth position key of the first satellite according to the changed orbit parameters of the first satellite, and calculates the first position key according to the integrity protection key calculated by the last authentication and the fifth position key calculated respectively The fifth message verification code of the satellite; when the second satellite determines that the fifth message verification code calculated by the second satellite is consistent with the fifth message verification code calculated by the first satellite, the second satellite completes the authentication update for the first satellite.

Please refer to FIG. 6. FIG. 6 is a flowchart of a phase of updating a satellite position key when the orbital parameters of a satellite do not change according to an embodiment of the present invention.

Step S5 includes:

S51, the first satellite calculates the fifth position key by using the changed orbit parameters of the first satellite under the seventh current time stamp, and calculates the integrity protection key according to the last authentication, the temporary identity of the first satellite and the fifth position key. The location key calculates the fifth message verification code, encrypts the changed orbit parameters of the first satellite using the encryption key calculated in the last certification, and generates the first satellite temporary identity, the seventh current time stamp, the fifth message verification code and The encrypted fifth authentication vector of the orbital parameters of the first satellite after changing.

Specifically, satellite A obtains the seventh current timestamp T _A3 , and calculates its own fifth GPS coordinates (x _A2 , y _A2 , z _A2 ) and fifth position key K according to the changed orbit parameter P _A2 of the first satellite _L-A2 . Then satellite A calculates the fifth message verification code MAC _A2 using the integrity protection key IK calculated in the last authentication and the current fifth location key K _L- A2, and encrypts the satellite using the session encryption key CK calculated in the last authentication A's changed orbital parameter P _A2 . Finally, satellite A creates the first satellite temporary identity identifier TID _A , the seventh current timestamp T _A3 , the fifth message verification code MAC _A2 and the fifth authentication vector AV _A2 of the encrypted first satellite orbit parameter Enc _CK (P _A2 ) , and send it to satellite B.

The above calculation process is shown in formula (10):

S52, when the second satellite determines that the first satellite temporary identity in the fifth authentication vector is consistent with the first satellite temporary identity sent by the ground control center and the seventh current timestamp is fresh, use the encryption key calculated by the last authentication Decrypt the fifth authentication vector to obtain the changed orbit parameters of the first satellite, use the changed orbit parameters of the first satellite to calculate a new fifth position key, and calculate the integrity protection key according to the last authentication calculation, the first satellite temporary key The identity identifier and the new fifth location key calculate a new fifth message verification code.

Specifically, satellite B verifies the validity of the first satellite temporary identity identifier TID _A in AV _A2 and the freshness of the seventh current timestamp T _A3 in the fifth authentication vector. If both meet the requirements, satellite B uses the last authentication The calculated encryption key CK decrypts the fifth authentication vector message to obtain the current changed orbit parameter P _A2 of satellite A, and then satellite B calculates satellite A at the seventh current time stamp T _A3 according to the current changed orbit parameter P _A2 of satellite A The new fifth GPS coordinates (x' _A2 , y' _A2 , z' _A2 ) and the new fifth position key K' _L-A2 . Next, satellite B calculates a new fifth message authentication code XMAC _A2 by using the integrity protection key IK calculated in the last authentication and the new fifth location key K' _L- A2.

S53. When the second satellite determines that the new fifth message verification code is consistent with the fifth message verification code, the second satellite completes the authentication update for the first satellite.

Specifically, if the new fifth message verification code XMAC _A2 is consistent with the fifth message verification code MAC _A2 sent by satellite A, satellite B completes the identity authentication of satellite A; otherwise, the authentication fails, and the authentication ends.

The calculation process of steps S52 and S53 is shown in formula (11):

S6, each satellite calculates the sixth position key of the second satellite according to the orbit parameters of the second satellite after the change, and calculates the second satellite according to the integrity protection key calculated by the last authentication and the sixth position key calculated respectively The sixth message verification code of the satellite; when the first satellite determines that the sixth message verification code calculated by the first satellite is consistent with the sixth message verification code calculated by the second satellite, the first satellite completes the authentication update for the second satellite. Specifically include steps:

S61, the second satellite calculates the sixth position key by using the orbital parameters of the second satellite after the change under the eighth current time stamp, and calculates the integrity protection key according to the last authentication, the temporary identity of the second satellite and the sixth position key. The location key calculates the sixth message verification code, encrypts the changed orbit parameters of the second satellite using the encryption key calculated in the previous certification, and generates the second satellite temporary identity, the eighth current time stamp, the sixth message verification code and The encrypted sixth authentication vector of the second satellite orbit parameter. And use the inter-satellite long-term shared key, the sixth position key and the new fifth position key to calculate a new encryption key and an integrity protection key.

Specifically, satellite B obtains the eighth current timestamp T _B2 , and calculates its own sixth GPS coordinates (x _B2 , y _B2 , z _B2 ) and sixth position key according to the changed orbit parameter P _B2 of the current second satellite K _L-B2 , and then satellite B calculates the sixth message verification code MAC _B2 using the integrity protection key IK and the sixth position key K _L-B2 calculated in the last authentication, and uses the encryption key CK calculated in the last authentication The changed orbit parameter P _B2 of the second satellite is encrypted, so that the second satellite temporary ID _B , the eighth current time stamp T _B2 and the sixth message verification code MAC _B2 create an authentication vector AV _B2 and send it to satellite A. Finally, satellite B uses the inter-satellite long-term shared key K _AB , the new fifth position key K' _L-A2 and the sixth position key K _L-B2 to calculate a new session encryption key CK ₂ and an integrity protection key The key IK ₂ is used for subsequent inter-satellite sessions. The above calculation process is shown in formula (12):

S62, when the first satellite determines that the second satellite temporary identity in the sixth authentication vector is consistent with the second satellite temporary identity sent by the ground control center and the eighth current timestamp is fresh, use the encryption key calculated by the last authentication Decrypt the sixth authentication vector to obtain the changed orbit parameters of the second satellite, use the changed orbit parameters of the second satellite to calculate a new sixth position key, and calculate the integrity protection key according to the last authentication calculation, the second satellite temporary key The identity identifier and the new sixth location key calculate a new sixth message verification code.

Specifically, satellite A verifies the legitimacy of the second satellite temporary identity identifier TID _B in the sixth authentication vector AV _B2 and the freshness of the eighth current timestamp T _B2 . If both meet the requirements, satellite A uses the last authentication calculation The encryption key CK decrypts the sixth authentication vector information, and obtains the orbit parameter P _B2 of the satellite B after the current change. Then satellite A uses the changed orbit parameter P _B2 to calculate the new sixth GPS coordinates (x' _A2 , y' _A2 , z' _A2 ) and the new sixth position key of satellite B at the eighth current time stamp T _B2 K'L _-A2 . Next, satellite A calculates a new sixth message verification code XMAC _B2 by using the integrity protection key IK calculated in the last authentication and the new sixth position key K' _L-B2 of satellite B.

S63. When the first satellite determines that the new sixth message verification code is consistent with the sixth message verification code, the first satellite completes the authentication update for the second satellite. The first satellite calculates a new encryption key and an integrity protection key using the inter-satellite long-term shared key, the new sixth position key and the fifth position key.

Specifically, if the new sixth message verification code XMAC _B2 is consistent with the sixth message verification code MAC _B2 sent by satellite B, satellite A completes the identity authentication of satellite B; otherwise, the authentication fails, and the authentication ends. Finally, satellite A uses the inter-satellite long-term shared key K _AB , the fifth position key K _L-A2 and the new sixth position key K' _L-B2 to calculate a new session encryption key CK ₂ and an integrity protection key The key IK ₂ is used for subsequent inter-satellite sessions.

The calculation process of step S62 and step S63 is shown as formula (13):

In this embodiment, the new session encryption key CK ₂ and the integrity protection key IK ₂ calculated in steps S61 and S63 are the same, and the difference lies in the encryption key CK ₂ and the integrity protection key IK ₂ calculated by satellite A It is stored in satellite A, and the encryption key CK ₂ and the integrity protection key IK ₂ calculated by satellite B are stored in satellite B.

In this embodiment, when the inter-satellite link is disconnected and reconnected, when the orbit parameter of the satellite changes, the satellite encrypts the new orbit parameter using the session key calculated by the last authentication and sends it to the other party, and then the two parties use the new orbit parameter based on the new The orbit parameter calculates the new location key, and implements the process of updating the session key. In the location key updating stage, key confirmation is no longer performed, which reduces the signaling overhead of the satellite.

Due to the high-speed operation of satellites, the topology structure is complex and changeable. Therefore, in Embodiments 2 and 3, for the situation of disconnection and reconnection of inter-satellite networking, two schemes for updating the location key are designed, which are based on satellite orbit parameters respectively. When there is no change and the satellite orbit parameters have changed, it can fully cope with the situation that the satellite link is disconnected and reconnected under the complex changing topology.

The above content is a further detailed description of the present invention in combination with specific preferred embodiments, and it cannot be considered that the specific implementation of the present invention is limited to these descriptions. For those of ordinary skill in the technical field of the present invention, without departing from the concept of the present invention, some simple deductions or substitutions can be made, which should be regarded as belonging to the protection scope of the present invention.

Claims (10)

1. An enhanced inter-satellite networking authentication method based on a location key is characterized by comprising the following steps:

s1, the ground control center respectively generates a real identity and an inter-satellite long-term shared key for each satellite;

s2, the ground control center generates a temporary identity of each satellite by using the real identity of each satellite and the long-term shared key between the satellite and the ground according to networking authentication request information sent by any satellite, generates the long-term shared key between the satellites by combining random numbers, and acquires the orbit parameters of each satellite;

s3, each satellite calculates a first position key of the first satellite according to the orbit parameters of the first satellite, and calculates a first message verification code of the first satellite according to the inter-satellite long-term shared key, the first satellite temporary identity and the respectively calculated first position key; when the second satellite judges that the first message verification code calculated by the second satellite is consistent with the first message verification code calculated by the first satellite, the second satellite completes authentication on the first satellite;

s4, each satellite calculates a second position key of the second satellite according to the orbit parameters of the second satellite, and calculates a second message verification code of the second satellite according to the second satellite temporary identity and the respectively calculated second position key; and when the first satellite judges that the second message verification code calculated by the first satellite is consistent with the second message verification code calculated by the second satellite, the first satellite completes the authentication of the second satellite.

2. The enhanced location key-based inter-satellite networking authentication method according to claim 1, wherein step S2 comprises:

s21, the first satellite acquires a first current timestamp, and the real identity of the first satellite and the real identity of the second satellite are encrypted by using the inter-satellite and inter-ground long-term shared key of the first satellite to obtain and send networking authentication request information;

s22, the ground control center decrypts the networking authentication request information, and when the first current timestamp is judged to be fresh, a first satellite temporary identity is generated by using the real identity of the first satellite and the long-term satellite-ground shared key under a second current timestamp, a second satellite temporary identity is generated by using the real identity of the second satellite and the long-term satellite-ground shared key, the long-term satellite shared key is generated by combining a random number, and a first satellite orbit parameter and a second satellite orbit parameter are obtained;

s23, the ground control center encrypts the second current timestamp, the first satellite temporary identity, the second satellite temporary identity, the inter-satellite long-term shared key and the first satellite orbit parameter by using the inter-satellite long-term shared key of the second satellite to obtain a first encrypted message; encrypting the first encryption message, the second current timestamp, the first satellite temporary identity, the second satellite temporary identity, the inter-satellite long-term shared key and the second satellite orbit parameter by using the inter-satellite long-term shared key of the first satellite to obtain a second encryption message;

s24, the first satellite decrypts the second encrypted message, stores the first satellite temporary identity, the second satellite temporary identity, the inter-satellite long-term shared key and the second satellite orbit parameter when the second current timestamp is judged to be fresh, and sends the first encrypted message to the second satellite;

and S25, the second satellite decrypts the first encrypted message, and stores the first satellite temporary identity, the second satellite temporary identity, the inter-satellite long-term shared key and the first satellite orbit parameter when the second current timestamp is judged to be fresh.

3. The enhanced location key-based inter-satellite networking authentication method according to claim 1, wherein step S3 comprises:

s31, calculating a first position key by the first satellite according to the orbit parameters of the first satellite under a third current time stamp; calculating an encryption key and an integrity protection key of a session according to the inter-satellite long-term shared key and the first location key, calculating a first message verification code by using the first satellite temporary identity, the first location key and the integrity protection key, and generating a first authentication vector of the first satellite temporary identity, the third current timestamp and the first message verification code;

s32, when the second satellite judges that the first satellite temporary identity in the first authentication vector is consistent with the first satellite temporary identity sent by the ground control center and the third current timestamp is fresh, calculating a new first position key by using the first satellite orbit parameter; calculating a new encryption key and a new integrity protection key of a session according to the long-term shared key among the satellites and the new first position key, and calculating a new first message verification code by using the first satellite temporary identity, the first position key and the new integrity protection key;

and S33, when the second satellite judges that the new first message verification code is consistent with the first message verification code, the second satellite completes the authentication of the first satellite.

4. The enhanced location key-based inter-satellite networking authentication method according to claim 3, wherein the step S4 comprises:

s41, the second satellite calculates a second position key by using a second satellite orbit parameter under a fourth current timestamp, calculates a second message verification code according to the second satellite temporary identity, the second position key and the new integrity protection key, and generates a second authentication vector of the second satellite temporary identity, the second message verification code and the fourth current timestamp;

s42, when the first satellite judges that the second satellite temporary identity in the second authentication vector is consistent with the second satellite temporary identity sent by the ground control center and the fourth current timestamp is fresh, calculating a new second location key by using the second satellite orbit parameter, and calculating a new second message verification code according to the second satellite temporary identity, the new second location key and the integrity protection key;

and S43, when the first satellite judges that the new second message verification code is consistent with the second message verification code, the first satellite completes the authentication of the second satellite.

5. The enhanced location key-based inter-satellite networking authentication method according to claim 1, further comprising, after step S4:

s5, each satellite calculates a third position key of the first satellite according to the original orbit parameters of the first satellite, and calculates a third message verification code of the first satellite according to the integrity protection key calculated by the last authentication and the respectively calculated third position key; when the second satellite judges that the third message verification code calculated by the second satellite is consistent with the third message verification code calculated by the first satellite, the second satellite completes authentication updating of the first satellite;

s6, each satellite calculates a fourth position key of the second satellite according to the original orbit parameters of the second satellite, and calculates a fourth message verification code of the second satellite according to the integrity protection key calculated by the last authentication and the fourth position key calculated by each satellite; and when the first satellite judges that the fourth message verification code calculated by the first satellite is consistent with the fourth message verification code calculated by the second satellite, the first satellite completes authentication updating of the second satellite.

6. The enhanced location key-based inter-satellite networking authentication method according to claim 5, wherein the step S5 comprises:

s51, the first satellite calculates a third position key by using the original orbit parameters of the first satellite under a fifth current timestamp, calculates a third message verification code according to the first satellite temporary identity, the integrity protection key calculated by the last authentication and the third position key, and generates a third authentication vector of the first satellite temporary identity, the fifth current timestamp and the third message verification code;

s52, when the second satellite judges that the first satellite temporary identity in the third authentication vector is consistent with the first satellite temporary identity sent by the ground control center and the fifth current timestamp is fresh, calculating a new third location key by using the original orbit parameters of the first satellite, and calculating a new third message verification code according to the first satellite temporary identity, the integrity protection key calculated by the last authentication and the new third location key;

and S53, when the second satellite judges that the new third message verification code is consistent with the third message verification code, the second satellite completes the authentication update of the first satellite.

7. The enhanced location key-based inter-satellite networking authentication method according to claim 6, wherein the step S6 comprises:

s61, the second satellite calculates a fourth position key under a sixth current time stamp by using the original orbit parameters of the second satellite, calculates a fourth message verification code according to the integrity protection key calculated by the last authentication, the second satellite temporary identity and the fourth position key, generates a fourth authentication vector of the second satellite temporary identity, the fourth message verification code and the sixth current time stamp, and calculates a new encryption key and an integrity protection key by using the inter-satellite long-term shared key, the fourth position key and the new third position key;

s62, when the first satellite judges that the second satellite temporary identity in the fourth authentication vector is consistent with the second satellite temporary identity sent by the ground control center and the sixth current timestamp is fresh, calculating a new fourth position key by using the original orbit parameters of the second satellite, and calculating a new fourth message verification code according to the integrity protection key calculated by the last authentication, the second satellite temporary identity and the new fourth position key;

s63, when the first satellite judges that the new fourth message verification code is consistent with the fourth message verification code, the first satellite completes authentication update of the second satellite; and the first satellite calculates a new encryption key and an integrity protection key by using the inter-satellite long-term shared key, the new fourth position key and the third position key.

8. The enhanced location key-based inter-satellite networking authentication method according to claim 1, further comprising, after step S4:

s5, each satellite calculates a fifth position key of the first satellite according to the changed orbit parameters of the first satellite, and calculates a fifth message verification code of the first satellite according to the integrity protection key calculated by the last authentication and the fifth position key calculated by each satellite; when the second satellite judges that the fifth message verification code calculated by the second satellite is consistent with the fifth message verification code calculated by the first satellite, the second satellite completes authentication updating of the first satellite;

s6, each satellite calculates a sixth position key of the second satellite according to the changed orbit parameters of the second satellite, and calculates a sixth message verification code of the second satellite according to the integrity protection key calculated by the last authentication and the sixth position key calculated by each satellite; and when the first satellite judges that the sixth message verification code calculated by the first satellite is consistent with the sixth message verification code calculated by the second satellite, the first satellite completes authentication updating of the second satellite.

9. The enhanced location key-based inter-satellite networking authentication method according to claim 8, wherein step S5 comprises:

s51, the first satellite calculates a fifth position key by using the changed orbit parameter of the first satellite under a seventh current timestamp, calculates a fifth message verification code according to the integrity protection key calculated by the last authentication, the first satellite temporary identity and the fifth position key, encrypts the changed orbit parameter of the first satellite by using the encryption key calculated by the last authentication, and generates a fifth authentication vector of the first satellite temporary identity, the seventh current timestamp, the fifth message verification code and the encrypted changed orbit parameter of the first satellite;

s52, when the second satellite judges that the first satellite temporary identity in the fifth authentication vector is consistent with the first satellite temporary identity sent by the ground control center and the seventh current timestamp is fresh, decrypting the fifth authentication vector by using the encryption key calculated by the last authentication to obtain the changed orbit parameter of the first satellite, calculating a new fifth position key by using the changed orbit parameter of the first satellite, and calculating a new fifth message verification code according to the integrity protection key calculated by the last authentication, the first satellite temporary identity and the new fifth position key;

and S53, when the second satellite judges that the new fifth message verification code is consistent with the fifth message verification code, the second satellite completes the authentication update of the first satellite.

10. The enhanced location key-based inter-satellite networking authentication method according to claim 9, wherein step S6 comprises:

s61, the second satellite calculates a sixth location key at an eighth current timestamp using the changed orbit parameter of the second satellite, calculates a sixth message authentication code according to the integrity protection key calculated by the last authentication, the second satellite temporary identity, and the sixth location key, encrypts the changed orbit parameter of the second satellite using the encryption key calculated by the last authentication, generates the second satellite temporary identity, the eighth current timestamp, the sixth message authentication code, and a sixth authentication vector of the changed orbit parameter of the encrypted second satellite, and calculates a new encryption key and an integrity protection key using the inter-satellite long-term shared key, the sixth location key, and the new fifth location key;

s62, when the first satellite judges that the second satellite temporary identity in the sixth authentication vector is consistent with the second satellite temporary identity sent by the ground control center and the eighth current timestamp is fresh, decrypting the sixth authentication vector by using the encryption key calculated by the last authentication to obtain the changed orbit parameter of the second satellite, calculating a new sixth position key by using the changed orbit parameter of the second satellite, and calculating a new sixth message verification code according to the integrity protection key calculated by the last authentication, the second satellite temporary identity and the new sixth position key;

s63, when the first satellite judges that the new sixth message verification code is consistent with the sixth message verification code, the first satellite completes the authentication update of the second satellite; the first satellite calculates a new ciphering key and an integrity protection key using the inter-satellite long term shared key, the new sixth location key and the fifth location key.

Images