CN114828005A

CN114828005A - Enhanced inter-satellite networking authentication method based on location key

Info

Publication number: CN114828005A
Application number: CN202210571907.8A
Authority: CN
Inventors: 曹进; 杨元元; 李晖; 任雄鹏; 马如慧
Original assignee: Xidian University
Current assignee: Xidian University
Priority date: 2022-05-24
Filing date: 2022-05-24
Publication date: 2022-07-29

Abstract

The invention relates to an enhanced inter-satellite networking authentication method based on a location key. ID and long-term shared key between satellites, and obtain the orbit parameters of each satellite; each satellite calculates the first position key of the first satellite, and calculates the first position key of the first satellite according to the first position key calculated by each satellite. A message verification code to authenticate the first satellite by the second satellite; each satellite calculates the second location key of the second satellite according to the orbital parameters of the second satellite, and calculates the The second message verification code of the second satellite is used to realize the authentication of the first satellite to the second satellite. The inter-satellite networking authentication method realizes a safe and efficient inter-satellite authentication mechanism and realizes fast inter-satellite networking.

Description

Enhanced inter-satellite networking authentication method based on location key

Technical Field

The invention belongs to the technical field of satellite communication, and particularly relates to an enhanced inter-satellite networking authentication method based on a position key.

Background

With the continuous development of technology and the popularization of intelligent terminals, the mobile communication technology has been developed to the fifth generation (5G) to meet the increasing communication demand of people. However, in many places, such as oceans, deserts, polar regions, mountainous areas, and valleys, coverage of ground networks cannot be achieved due to expensive construction costs. Recent reports have shown that global mobile subscribers have reached 52.7 billion and the population coverage of mobile services is approximately 67%. Subject to technical limitations and huge economic costs, only 20% of the land area is covered by mobile services, which is less than 6% of the earth's surface area. In this situation, the satellite network has attracted much attention due to its advantages of fast deployment, abundant radio frequency resources, long communication distance, good communication quality, wide coverage, and small interference from the ground network. In addition, the satellite network has a good prospect in the aspect of providing communication services under extreme conditions of aviation, navigation, disaster areas and the like. Thus, the satellite network can supplement the terrestrial network to provide large area coverage and network connectivity in a flexible manner.

Clark published a rich article in 1945, which first proposed the idea of satellite communications and indicated that three satellite stations could provide complete global coverage. The third generation partnership project (3GPP) standards group has been working on standardization of integrated communication networks between space and the ground to support the development of 5G networks. In order to better integrate the satellite and the ground network and fully exert the advantages of the satellite communication technology, researchers have proposed several architectures, which provide possible prospects for the design of satellite systems. The construction of a heaven-earth integrated information network and the realization of a satellite network system with global coverage, on-demand access, on-demand service, safety and credibility become a new climax.

With the increase of data communication service requirements, the working mode of a single satellite is difficult to meet the increasingly vigorous communication service requirements, and the trend of providing services for ground users by networking a plurality of satellites becomes the future communication development. The reasonable satellite networking can realize the continuous coverage of global communication, improve the defense capacity of national defense and realize the visualization of spatial communication. And satellite networking can realize satellite communication and coverage in areas where no portal is deployed. The satellite realizes that the inter-satellite networking can decouple the user side and the feed side of the satellite, optimizes the deployment of the gateway station, and can realize the satellite service facing the whole world only by building ground stations in partial areas.

Unlike conventional networks, however, the topology of a satellite network changes as the satellites move. Satellite networks present more security risks than traditional networks. On the one hand, the links of the satellite network are highly exposed, and therefore the information in the satellite network is susceptible to illegal eavesdropping and malicious tampering. On the other hand, the satellite network topology is complex and dynamically changing, and it is difficult to maintain a stable satellite link.

Therefore, researchers have proposed a variety of authentication methods in satellite communication networks, however, in most authentication schemes, the satellite serves as a relay node to forward and process messages for ground users, base stations or servers, and networking authentication between satellites is not achieved. Besides these solutions, the existing inter-satellite networking authentication methods mainly have the following problems: the end-to-end authentication between the satellites is realized by adopting a digital signature, a public key cryptosystem or a symmetric key technology, the number of interaction rounds is large, the calculation is complex, the signaling overhead and the calculation overhead are large, and the method is not suitable for the satellites with limited calculation capacity; in the low-orbit satellite networking method, the authentication of the low-orbit satellite depends on a ground gateway station, the communication time delay between the satellite and the ground is long, the protocol efficiency is low, and the authentication time is too long; the security is not high, the inter-satellite networking authentication method depends on a shared authentication key, if the key is leaked, the security of the inter-satellite session key cannot be ensured, and the forward security cannot be realized; the privacy protection is not carried out on the identity information of the satellite, and the identity information of the satellite can be leaked in the inter-satellite networking authentication process, so that the attack on the identity information of the satellite is caused.

In summary, how to design a safe and efficient inter-satellite authentication mechanism to realize inter-satellite fast networking becomes a problem to be solved urgently at present.

Disclosure of Invention

In order to solve the above problems in the prior art, the present invention provides an enhanced inter-satellite networking authentication method based on a location key. The technical problem to be solved by the invention is realized by the following technical method:

the embodiment of the invention provides an enhanced inter-satellite networking authentication method based on a position key, which comprises the following steps:

s1, the ground control center respectively generates a real identity and an inter-satellite long-term shared key for each satellite;

s2, the ground control center generates a temporary identity of each satellite by using the real identity of each satellite and the long-term shared key between the satellite and the ground according to networking authentication request information sent by any satellite, generates the long-term shared key between the satellites by combining random numbers, and acquires the orbit parameters of each satellite;

s3, each satellite calculates a first position key of the first satellite according to the orbit parameters of the first satellite, and calculates a first message verification code of the first satellite according to the inter-satellite long-term shared key, the first satellite temporary identity and the respectively calculated first position key; when the second satellite judges that the first message verification code calculated by the second satellite is consistent with the first message verification code calculated by the first satellite, the second satellite completes authentication on the first satellite;

s4, each satellite calculates a second position key of the second satellite according to the orbit parameters of the second satellite, and calculates a second message verification code of the second satellite according to the second satellite temporary identity and the respectively calculated second position key; and when the first satellite judges that the second message verification code calculated by the first satellite is consistent with the second message verification code calculated by the second satellite, the first satellite completes the authentication of the second satellite.

In one embodiment of the present invention, step S2 includes:

s21, the first satellite acquires a first current timestamp, and the real identity of the first satellite and the real identity of the second satellite are encrypted by using the inter-satellite and inter-ground long-term shared key of the first satellite to obtain and send networking authentication request information;

s22, the ground control center decrypts the networking authentication request information, and when the first current timestamp is judged to be fresh, a first satellite temporary identity is generated by using the real identity of the first satellite and the long-term satellite-ground shared key under a second current timestamp, a second satellite temporary identity is generated by using the real identity of the second satellite and the long-term satellite-ground shared key, the long-term satellite shared key is generated by combining a random number, and a first satellite orbit parameter and a second satellite orbit parameter are obtained;

s23, the ground control center encrypts the second current timestamp, the first satellite temporary identity, the second satellite temporary identity, the inter-satellite long-term shared key and the first satellite orbit parameter by using the inter-satellite long-term shared key of the second satellite to obtain a first encrypted message; encrypting the first encryption message, the second current timestamp, the first satellite temporary identity, the second satellite temporary identity, the inter-satellite long-term shared key and the second satellite orbit parameter by using the inter-satellite long-term shared key of the first satellite to obtain a second encryption message;

s24, the first satellite decrypts the second encrypted message, stores the first satellite temporary identity, the second satellite temporary identity, the inter-satellite long-term shared key and the second satellite orbit parameter when the second current timestamp is judged to be fresh, and sends the first encrypted message to the second satellite;

and S25, the second satellite decrypts the first encrypted message, and stores the first satellite temporary identity, the second satellite temporary identity, the inter-satellite long-term shared key and the first satellite orbit parameter when the second current timestamp is judged to be fresh.

In one embodiment of the present invention, step S3 includes:

s31, calculating a first position key by the first satellite according to the orbit parameters of the first satellite under a third current time stamp; calculating an encryption key and an integrity protection key of a session according to the inter-satellite long-term shared key and the first location key, calculating a first message verification code by using the first satellite temporary identity, the first location key and the integrity protection key, and generating a first authentication vector of the first satellite temporary identity, the third current timestamp and the first message verification code;

s32, when the second satellite judges that the first satellite temporary identity in the first authentication vector is consistent with the first satellite temporary identity sent by the ground control center and the third current timestamp is fresh, calculating a new first position key by using the first satellite orbit parameter; calculating a new encryption key and a new integrity protection key of a session according to the long-term shared key among the satellites and the new first position key, and calculating a new first message verification code by using the first satellite temporary identity, the first position key and the new integrity protection key;

and S33, when the second satellite judges that the new first message verification code is consistent with the first message verification code, the second satellite completes the authentication of the first satellite.

In one embodiment of the present invention, step S4 includes:

s41, the second satellite calculates a second position key by using a second satellite orbit parameter under a fourth current timestamp, calculates a second message verification code according to the second satellite temporary identity, the second position key and the new integrity protection key, and generates a second authentication vector of the second satellite temporary identity, the second message verification code and the fourth current timestamp;

s42, when the first satellite judges that the second satellite temporary identity in the second authentication vector is consistent with the second satellite temporary identity sent by the ground control center and the fourth current timestamp is fresh, calculating a new second location key by using the second satellite orbit parameter, and calculating a new second message verification code according to the second satellite temporary identity, the new second location key and the integrity protection key;

and S43, when the first satellite judges that the new second message verification code is consistent with the second message verification code, the first satellite completes the authentication of the second satellite.

In an embodiment of the present invention, step S4 is followed by:

s5, each satellite calculates a third position key of the first satellite according to the original orbit parameters of the first satellite, and calculates a third message verification code of the first satellite according to the integrity protection key calculated by the last authentication and the respectively calculated third position key; when the second satellite judges that the third message verification code calculated by the second satellite is consistent with the third message verification code calculated by the first satellite, the second satellite completes authentication updating of the first satellite;

s6, each satellite calculates a fourth position key of the second satellite according to the original orbit parameters of the second satellite, and calculates a fourth message verification code of the second satellite according to the integrity protection key calculated by the last authentication and the fourth position key calculated by each satellite; and when the first satellite judges that the fourth message verification code calculated by the first satellite is consistent with the fourth message verification code calculated by the second satellite, the first satellite completes authentication updating of the second satellite.

In one embodiment of the present invention, step S5 includes:

s51, the first satellite calculates a third position key by using the original orbit parameters of the first satellite under a fifth current timestamp, calculates a third message verification code according to the first satellite temporary identity, the integrity protection key calculated by the last authentication and the third position key, and generates a third authentication vector of the first satellite temporary identity, the fifth current timestamp and the third message verification code;

s52, when the second satellite judges that the first satellite temporary identity in the third authentication vector is consistent with the first satellite temporary identity sent by the ground control center and the fifth current timestamp is fresh, calculating a new third location key by using the original orbit parameters of the first satellite, and calculating a new third message verification code according to the first satellite temporary identity, the integrity protection key calculated by the last authentication and the new third location key;

and S53, when the second satellite judges that the new third message verification code is consistent with the third message verification code, the second satellite completes the authentication update of the first satellite.

In one embodiment of the present invention, step S6 includes:

s61, the second satellite calculates a fourth position key under a sixth current time stamp by using the original orbit parameters of the second satellite, calculates a fourth message verification code according to the integrity protection key calculated by the last authentication, the second satellite temporary identity and the fourth position key, generates a fourth authentication vector of the second satellite temporary identity, the fourth message verification code and the sixth current time stamp, and calculates a new encryption key and an integrity protection key by using the inter-satellite long-term shared key, the fourth position key and the new third position key;

s62, when the first satellite judges that the second satellite temporary identity in the fourth authentication vector is consistent with the second satellite temporary identity sent by the ground control center and the sixth current timestamp is fresh, calculating a new fourth position key by using the original orbit parameters of the second satellite, and calculating a new fourth message verification code according to the integrity protection key calculated by the last authentication, the second satellite temporary identity and the new fourth position key;

s63, when the first satellite judges that the new fourth message verification code is consistent with the fourth message verification code, the first satellite completes authentication update of the second satellite; and the first satellite calculates a new encryption key and an integrity protection key by using the inter-satellite long-term shared key, the new fourth position key and the third position key.

In an embodiment of the present invention, step S4 is followed by:

s5, each satellite calculates a fifth position key of the first satellite according to the changed orbit parameters of the first satellite, and calculates a fifth message verification code of the first satellite according to the integrity protection key calculated by the last authentication and the fifth position key calculated by each satellite; when the second satellite judges that the fifth message verification code calculated by the second satellite is consistent with the fifth message verification code calculated by the first satellite, the second satellite completes authentication updating of the first satellite;

s6, each satellite calculates a sixth position key of the second satellite according to the changed orbit parameters of the second satellite, and calculates a sixth message verification code of the second satellite according to the integrity protection key calculated by the last authentication and the sixth position key calculated by each satellite; and when the first satellite judges that the sixth message verification code calculated by the first satellite is consistent with the sixth message verification code calculated by the second satellite, the first satellite completes authentication updating of the second satellite.

In one embodiment of the present invention, step S5 includes:

s51, the first satellite calculates a fifth position key by using the changed orbit parameter of the first satellite under a seventh current timestamp, calculates a fifth message verification code according to the integrity protection key calculated by the last authentication, the first satellite temporary identity and the fifth position key, encrypts the changed orbit parameter of the first satellite by using the encryption key calculated by the last authentication, and generates a fifth authentication vector of the first satellite temporary identity, the seventh current timestamp, the fifth message verification code and the encrypted changed orbit parameter of the first satellite;

s52, when the second satellite judges that the first satellite temporary identity in the fifth authentication vector is consistent with the first satellite temporary identity sent by the ground control center and the seventh current timestamp is fresh, decrypting the fifth authentication vector by using the encryption key calculated by the last authentication to obtain the changed orbit parameter of the first satellite, calculating a new fifth position key by using the changed orbit parameter of the first satellite, and calculating a new fifth message verification code according to the integrity protection key calculated by the last authentication, the first satellite temporary identity and the new fifth position key;

and S53, when the second satellite judges that the new fifth message verification code is consistent with the fifth message verification code, the second satellite completes the authentication update of the first satellite.

In one embodiment of the present invention, step S6 includes:

s61, the second satellite calculates a sixth location key at an eighth current timestamp using the changed orbit parameter of the second satellite, calculates a sixth message authentication code according to the integrity protection key calculated by the last authentication, the second satellite temporary identity, and the sixth location key, encrypts the changed orbit parameter of the second satellite using the encryption key calculated by the last authentication, generates the second satellite temporary identity, the eighth current timestamp, the sixth message authentication code, and a sixth authentication vector of the changed orbit parameter of the encrypted second satellite, and calculates a new encryption key and an integrity protection key using the inter-satellite long-term shared key, the sixth location key, and the new fifth location key;

s62, when the first satellite judges that the second satellite temporary identity in the sixth authentication vector is consistent with the second satellite temporary identity sent by the ground control center and the eighth current timestamp is fresh, decrypting the sixth authentication vector by using the encryption key calculated by the last authentication to obtain the changed orbit parameter of the second satellite, calculating a new sixth position key by using the changed orbit parameter of the second satellite, and calculating a new sixth message verification code according to the integrity protection key calculated by the last authentication, the second satellite temporary identity and the new sixth position key;

s63, when the first satellite judges that the new sixth message verification code is consistent with the sixth message verification code, the first satellite completes authentication update of the second satellite; the first satellite calculates a new ciphering key and an integrity protection key using the inter-satellite long term shared key, the new sixth location key and the fifth location key.

Compared with the prior art, the invention has the beneficial effects that:

in the method for authenticating the inter-satellite networking, the ground control center generates a temporary identity identifier and an inter-satellite long-term shared key for each satellite authenticated by networking so as to protect the real identity of the satellite; meanwhile, by combining the characteristic of satellite track fixation, a long-term shared key between satellites is generated for each satellite, the orbit parameters of each satellite are obtained and distributed to the satellites, each satellite calculates a position key based on the orbit parameters, then the position key and the long-term shared key between the satellites are utilized to complete identity authentication, and a session key between the satellites is negotiated, so that the risk caused by the leakage of a main key is avoided; in addition, the participation of a ground control center is reduced in the authentication process, and unnecessary communication delay is reduced, so that a safe and efficient inter-satellite authentication mechanism is realized, and inter-satellite rapid networking is realized.

Drawings

Fig. 1 is a schematic flowchart of an enhanced inter-satellite networking authentication method based on a location key according to an embodiment of the present invention;

fig. 2 is an architecture diagram of an enhanced satellite security networking authentication method based on a location key in a space-ground integrated network according to an embodiment of the present invention;

fig. 3 is a flowchart of an inter-satellite shared key configuration phase according to an embodiment of the present invention;

fig. 4 is a flowchart of an inter-satellite initial networking authentication phase according to an embodiment of the present invention;

fig. 5 is a flowchart of a satellite location key updating phase when the orbit parameters of the satellite are not changed according to an embodiment of the present invention;

fig. 6 is a flowchart of a satellite location key updating phase when the orbital parameters of the satellite are not changed according to an embodiment of the present invention.

Detailed Description

The present invention will be described in further detail with reference to specific examples, but the embodiments of the present invention are not limited thereto.

Example one

Referring to fig. 1 and fig. 2, fig. 1 is a schematic flowchart of an enhanced inter-satellite networking authentication method based on a location key according to an embodiment of the present invention, and fig. 2 is an architecture diagram of an enhanced satellite security networking authentication method based on a location key in a space-ground integrated network according to an embodiment of the present invention.

The method of the embodiment is based on the position key to realize identity authentication and key agreement, and almost all satellites can meet the requirement of the inter-satellite networking method. Specifically, the method of this embodiment may be applied to various types of satellites, including any two satellites among the low-orbit satellite LEO, the medium-orbit satellite MEO, and the high-orbit satellite GEO, as shown in fig. 2, and satellites launched by different organizations; the method of the present embodiment is also applicable to the case where two networked satellites do not have a shared secret key.

Specifically, the enhanced inter-satellite networking authentication method based on the location key comprises the following steps:

s1, system initialization stage: the ground control center generates a real identity and an inter-satellite-ground long-term shared key for each satellite respectively.

Specifically, in the satellite launch preparation phase, the ground control center triggers system initialization to generate a unique real identity and an inter-satellite-ground long-term shared key for each satellite. The ground control center generates a permanent real identity ID for the first satellite A according to the production batch, the orbit parameters, the system initialization time and other information of the first satellite A _A And generating a satellite-to-ground length based on the permanent real identityTerm shared secret key K _A . Similarly, the ground control center generates a permanent true identity ID for the second satellite B according to the production batch, orbit parameters, system initialization time and other information of the second satellite B _B And generating a long-term shared secret key K between the satellite and the ground based on the permanent real identity _B . The second satellite B does not know K _A The first satellite A does not know K _B . Further, assume K _A And K _B Stored in a trusted environment and cannot be leaked.

S2, configuring an inter-satellite shared key: the ground control center generates a temporary identity mark of each satellite by using the real identity of each satellite and the long-term shared key between the satellite and the ground according to networking authentication request information sent by any satellite, generates the long-term shared key between the satellites by combining random numbers, and acquires the orbit parameters of each satellite.

Referring to fig. 3, fig. 3 is a flowchart of an inter-satellite shared key configuration phase according to an embodiment of the present invention. Step S2 specifically includes the steps of:

s21, the first satellite acquires the first current timestamp, and the real identity of the first satellite and the real identity of the second satellite are encrypted by using the inter-satellite long-term shared key of the first satellite to obtain and send networking authentication request information.

Specifically, the first satellite a acquires a first current timestamp T _A1 And using the long-term shared secret key K between the satellite and the ground of the first satellite _A Encrypting the true identities of the first satellite A and the second satellite B to obtain and send networking authentication request information

The satellite A then transmits to the ground control center

Requesting networking authentication with satellite B.

S22, the ground control center decrypts the networking authentication request information, and when the first current timestamp is judged to be fresh, a first satellite temporary identity is generated by using the real identity of the first satellite and the long-term satellite-ground shared key under the second current timestamp, a second satellite temporary identity is generated by using the real identity of the second satellite and the long-term satellite-ground shared key, the long-term satellite shared key is generated by combining a random number, and the first satellite orbit parameter and the second satellite orbit parameter are obtained.

Specifically, when the ground control center receives the networking authentication request information, the same secret key K is used _A Decrypting to obtain ID _A 、ID _B 、T _A1 . The ground control center checks whether the identity information in the networking authentication request message is legal or not and verifies the timestamp T _A1 Whether or not it is fresh, i.e. T _A1 -T _t1 <Δ T, wherein T _t1 At is the time when the first satellite a message is received by the ground control center, and is a preset validity time interval. If the time passes the check, the ground control center obtains a second current time stamp T _TCC And using the true identity information and T of satellite A, B _TCC Calculating temporary identity TID of satellite _A And TID _B . The ground control center then generates a random number, RAND, for the satellite A, B to generate an inter-satellite long term shared secret key, K _AB . The above calculation process is shown in formula (1):

wherein f is ₁ :{0,1} ^* →{0,1} ^k The generation function of the satellite temporary identity is a one-way hash function, h is a hash function, and K _A For long-term key sharing between the first satellite A and the ground control center, K _B For inter-satellite long-term shared secret key, ID, between the second satellite B and the ground control center _A Is the true identity, ID, of the first satellite A _B The RAND is a random number, which is the true identity of the second satellite B.

Next, the ground control center searches the orbit parameter information of the satellite to obtain the orbit parameter P of the first satellite a at the moment _A The orbital parameter P of the second satellite B at this time _B 。

S23, the ground control center encrypts a second current timestamp, a first satellite temporary identity, a second satellite temporary identity, an inter-satellite long-term shared key and a first satellite orbit parameter by using the inter-satellite long-term shared key of a second satellite to obtain a first encrypted message; and encrypting the first encryption message, the second current timestamp, the first satellite temporary identity, the second satellite temporary identity, the inter-satellite long-term shared key and the second satellite orbit parameter by using the inter-satellite long-term shared key of the first satellite to obtain a second encryption message.

In particular, the ground control centre uses K _B To K _AB 、TID _A 、TID _B 、T _TCC And P _A The encryption is carried out to obtain a first encrypted message to be sent to the second satellite B, i.e.

Ground control center using K _A To K _AB 、TID _A 、TID _B 、T _TCC 、P _B And an

Encrypting to obtain a second encrypted message

And sent to satellite a. Assuming that the satellite knows its orbit parameters, the ground control center does not need to transmit the orbit parameters of the satellite a to the satellite a, nor the orbit parameters of the satellite B to the satellite B.

S24, the first satellite decrypts the second encrypted message, stores the first satellite temporary identity mark, the second satellite temporary identity mark, the inter-satellite long-term shared key and the second satellite orbit parameter when the second current timestamp is judged to be fresh, and sends the first encrypted message to the second satellite.

In particular, the satellite a uses the shared secret key K after receiving the second encrypted message from the ground control center _A Decrypt it to obtain K _AB 、TID _A 、TID _B 、T _TCC 、P _B And

satellite A then verifies the timestamp T _TCC If the freshness requirement is met, satellite a stores K _AB 、TID _A 、TID _B 、T _TCC 、P _B And encrypt the first encrypted message

Forwarding to the satellite B; otherwise, the authentication will be terminated.

Specifically, satellite B receives the information from satellite A and uses the shared secret key K _B Decrypting to obtain K _AB 、TID _A 、TID _B 、T _TCC 、P _A . Satellite B validation timestamp T _TCC If the freshness requirement is met, the satellite B stores K _AB 、TID _A 、TID _B 、T _TCC And P _A So as to perform networking authentication with the satellite A.

S3, an inter-satellite initial networking authentication stage: each satellite calculates a first position key of the first satellite according to the orbit parameters of the first satellite, and calculates a first message verification code of the first satellite according to the long-term shared key among the satellites, the temporary identity of the first satellite and the calculated first position key; and when the second satellite judges that the first message verification code calculated by the second satellite is consistent with the first message verification code calculated by the first satellite, the second satellite completes the authentication of the first satellite.

Referring to fig. 4, fig. 4 is a flowchart of an inter-satellite initial networking authentication phase according to an embodiment of the present invention. Step S3 specifically includes:

s31, calculating a first position key by the first satellite according to the orbit parameters of the first satellite under the third current time stamp; and calculating an encryption key and an integrity protection key of the session according to the long-term shared key and the first position key among the satellites, calculating a first message verification code by using the first satellite temporary identity, the first position key and the integrity protection key, and generating a first authentication vector of the first satellite temporary identity, the third current timestamp and the first message verification code.

In particular, satellite A acquires a third current timestamp T _A2 (ii) a Utilizing an orbital parameter P of a first satellite according to a satellite positioning algorithm of a Global Positioning System (GPS) _A Calculating a third current timestamp T _A2 First satellite coordinates (x) of time of day _A ,y _A ,z _A ) And a first location key K for the first satellite _L-A Then satellite A shares secret key K according to long term between satellites _AB And K _L-A An encryption key CK and an integrity protection key IK for the session are calculated, and then satellite A bases on the integrity protection key IK and a first location key K _L-A Calculating a first message authentication code MAC _A Finally, a first authentication vector AV is generated _A . The above calculation process is shown in formula (2):

wherein f is _P As a function of the generation of the spatial coordinates of the satellite, P _A Is an orbital parameter of the first satellite A, f ₂ :{0,1} ^* →{0,1} ^k Is a one-way hash function, f ₃ :{0,1} ^* →{0,1} ^k The generating function for the message authentication code is a one-way hash function, K _L-A Is the first location key, K, of the first satellite A _AB A secret key is long-term shared between satellites between satellite a and satellite B.

S32, when the second satellite judges that the first satellite temporary identity in the first authentication vector is consistent with the first satellite temporary identity sent by the ground control center and the third current timestamp is fresh, calculating a new first position key by using the first satellite orbit parameter; and calculating a new encryption key and a new integrity protection key of the session according to the long-term shared key among the satellites and the new first position key, and calculating a new first message verification code by using the first satellite temporary identity, the first position key and the new integrity protection key.

In particular, satellite B will AV _A In TID _A TID sent by ground control center _A Make a comparison and verify the timestamp T _A2 The freshness of (1). If both TIDs _A Coincidence and T _A2 Meet the freshness requirement, then satellite B is according to T _A2 And a first satellite orbit parameter P sent by the ground control center _A Calculating satellite A at T using the same method as satellite A _A2 New GPS coordinates (x ') of time of day' _A ,y' _A ,y' _A ) And a new first location key K' _L-A . Satellite B then utilizes the new first location key K 'of satellite A' _L-A And long-term shared secret key K between satellites _AB Calculating a new encryption key CK 'and an integrity protection key IK', and further calculating a new first message authentication code XMAC _A 。

In particular, satellite B will XMAC _A MAC with satellite A transmission _A Comparing, if the two are consistent, completing the identity authentication of the satellite A, and saving CK 'and IK' for subsequent inter-satellite conversation; otherwise, the authentication fails, and the authentication is finished.

The calculation procedures of step S32 and step S33 are as shown in formula (3):

s4, each satellite calculates a second position key of the second satellite according to the orbit parameters of the second satellite, and calculates a second message verification code of the second satellite according to the second satellite temporary identity and the respectively calculated second position key; and when the first satellite judges that the second message verification code calculated by the first satellite is consistent with the second message verification code calculated by the second satellite, the first satellite completes the authentication of the second satellite. The method specifically comprises the following steps:

and S41, the second satellite calculates a second position key by using the second satellite orbit parameter under the fourth current timestamp, calculates a second message verification code according to the second satellite temporary identity, the second position key and the new integrity protection key, and generates a second authentication vector of the second satellite temporary identity, the second message verification code and the fourth current timestamp.

In particular, satellite B acquires the fourth current timestamp T _B1 Using the orbital parameter P of the second satellite according to a satellite positioning algorithm of the Global Positioning System (GPS) _B Calculates its own GPS coordinate (x) _B ,y _B ,z _B ) And a second location key K _L-B And further using the second position key K _L-B The new integrity protection key IK' and TID calculated in step S32 _B Calculating a second message authentication code MAC _B . Finally, the satellite B generates a second authentication vector AV _B And sent to satellite a. The above calculation process is shown in formula (4):

and S42, when the first satellite judges that the second satellite temporary identity in the second authentication vector is consistent with the second satellite temporary identity sent by the ground control center and the fourth current timestamp is fresh, calculating a new second position key by using the second satellite orbit parameters, and calculating a new second message verification code according to the second satellite temporary identity, the new second position key and the integrity protection key.

In particular, satellite A will use a second authentication vector AV _B In TID _B TID sent by ground control center _B Makes a comparison and verifies the fourth timestamp T _B1 The freshness of (1). If both send TID _B Coincidence and T _B1 Meet the freshness requirement, then satellite A is according to T _B1 And a second satellite orbit parameter P sent by the ground control center _B Calculating satellite B at T _B1 New GPS coordinates (x ') for the second satellite at time' _B ,y' _B ,z' _B ) And a new second location key K' _L-B (ii) a And IK and K 'calculated in step S31' _L-B Computing a new second message authentication code XMAC _B 。

In particular, if the new second message authentication code XMAC _B . Second message authentication code MAC transmitted with satellite B _B If the identity authentication of the satellite B is consistent, the satellite A completes the identity authentication of the satellite B, and the satellite A stores the CK and the IK calculated in the step S31 for subsequent inter-satellite conversation; otherwise, the authentication fails, and the authentication is finished. The above calculation process is shown in equation (5):

the method of this example was analyzed for safety as follows:

(1) mutual authentication and key agreement: in the above method, satellite A and satellite B are based on a location key K _L-A 、K _L-B And long-term shared secret key K between satellites _AB Mutual authentication and key agreement are realized. Specifically, the ground control center first generates an inter-satellite long-term shared secret key K for the satellite _AB And securely distributed to satellite a and satellite B during an inter-satellite shared key provisioning phase. Secondly, the satellite A obtains the orbit parameter P of the satellite B from the ground control center _B The satellite B obtains the orbit parameters P of the satellite A from the ground control center _A . Satellite a and satellite B then compute the session encryption key CK and the integrity protection key IK in the same manner. Satellite A utilizes IK and a location key K _L-A Calculate MAC _A Satellite B computes XMAC in the same manner _A And verifying the identity of the satellite A. In turn, satellite a verifies the identity of satellite B in the same manner. The same is true for the location key update phase. Thus, satellite A and satellite B may implement mutual authentication and encryption keysAnd (6) negotiating.

(2) Identity anonymity. In the initial satellite authentication stage, the satellite A sends an inter-satellite networking authentication request to the ground control center, and the ground control center sends the authentication request according to the real identity ID of the satellite A _A And a preset shared secret key K _A Generating temporary identity TID _A . Likewise, the ground control center is based on the true identity ID of the satellite B _B And a preset shared secret key K _B Generating temporary identity TID _B . The satellite uses the anonymous identity identifier in the networking authentication process, and an attacker cannot acquire the real identity information of the satellite.

(3) And (3) key confirmation: in the initial networking authentication stage between satellites, the satellite A calculates a position secret key K according to the orbit parameters of the satellite A _L-A Thereby utilizing the shared secret key K _AB And K _L-A The session keys CK and IK are calculated. Satellite A sends a networking authentication request to satellite B and uses IK and K _L-A The integrity of the message is protected. Satellite B calculates K in the same manner _L-A And session key, satellite B then verifies the authentication request sent by satellite a using IK. Satellite a, in turn, verifies the authentication message sent by satellite B using IK, confirming that the session keys computed by both parties are the same. Thus, the method enables key validation.

(4) And (3) data integrity protection: the links of the satellite network are highly open and vulnerable to eavesdropping, tampering, and counterfeiting. To protect the integrity of information transmitted between satellites, satellite a and satellite B generate an integrity protection key IK to achieve integrity protection of data.

(5) Resisting counterfeit attacks: the satellite participating in the networking authentication calculates a position key K according to specific orbit parameters _L-A 、K _L-B Then, an integrity protection key IK for the session is generated, and then information such as a location key sent between the satellites is protected by the IK. This prevents an attacker from tampering or forging the information, and even if the attacker tampers or forges some data, the satellite can immediately find the data.

(6) Resisting man-in-the-middle attack. When an attacker starts a man-in-the-middle attack, the satellite B mistakenly regards the opposite satellite as the satellite A, and the satellite A mistakenly regards the opposite satellite as the satellite AIs satellite B, resulting in satellite B and satellite a sending a large amount of private information to the attacker. For the inter-satellite authentication method, satellite A and satellite B are based on a location key and a shared key K _AB And obtaining a session key to protect the integrity of the transmission data. Even if an attacker eavesdrops on the transmitted information, he cannot obtain the information related to the location key and cannot calculate the correct session key. Thus, the method can resist man-in-the-middle attacks.

(7) Replay attack resistance: in each inter-satellite networking authentication process, a satellite A requesting networking authentication obtains a timestamp, calculates a position key corresponding to the moment, and finally adds the timestamp into an authentication request vector to be sent to an opposite satellite B. Satellite B verifies that the received timestamp is fresh and if the freshness requirement is not met, satellite B considers the authentication request vector to have expired and discards it. Satellite a, in turn, performs the same validation of satellite's timestamp B. An attacker cannot replay expired authentication vectors to spoof a satellite. In this way, the method can resist replay attacks.

(8) Resistance to insider attacks: in this method, mutual authentication and key agreement are based on two factors: satellite position keys and long-term shared keys between satellites. Assuming that the satellite A performs networking authentication with the satellite B and the satellite C respectively, two safe channels are established. Satellite a obtains orbit parameters for satellite B and satellite C from a ground control center. Satellite a can compute the position key of satellite B or satellite C at any moment during their validity period of the orbital parameters, but satellite a cannot compute the session key between satellite B and satellite C because it cannot obtain the shared key K from the ground control center _BC . Thus, satellite a cannot eavesdrop on the session between satellites B and C. The method is resistant to insider attacks.

(9) Perfect Forward Secrecy (PFS): in the method, a session key between satellite A and satellite B is based on a location key and a shared key K _AB And (4) calculating. Even if the secret key K is shared _AB Is compromised and the attacker cannot calculate the correct session key. Even if the location key is exposed during a certain networking authentication process, if an attackerWithout knowledge of the orbital parameters of the satellite, the previous session key cannot be derived. Thus, the method can achieve PFS.

Therefore, the method has the following advantages: (1) aiming at the characteristics of link height exposure, complex and changeable topological structure, limited satellite computing capacity and storage resources and the like of a satellite network in a space-ground integrated network, the embodiment provides a lightweight enhanced inter-satellite networking authentication scheme based on a position key and a symmetric key, specifically, after a satellite is launched and lifted off, the satellite operates according to a set orbit, the embodiment realizes inter-satellite networking authentication and key negotiation by verifying the position of the satellite, only hash and XOR operation and a small amount of shared key encryption and decryption are needed, the computing overhead and the storage overhead of the satellite are reduced on the premise of ensuring safety, and the efficiency of inter-satellite networking authentication is improved. (2) Aiming at the safety risk of main key leakage in the traditional inter-satellite networking authentication process, the embodiment simultaneously uses the position key and the shared key to realize the inter-satellite authentication and key agreement of the satellite, and solves the potential safety hazard caused by the main key leakage. (3) Aiming at the requirement of satellite identity privacy, in the networking authentication process, the embodiment uses a hash function to generate anonymous identity information, namely a temporary identity identifier of the satellite, for the satellite, so that the satellite identity privacy is effectively protected. (4) Aiming at the networking authentication process among different satellites, different shared keys are distributed to the satellites in the embodiment, and even if a certain satellite is captured, the session keys among other satellites cannot be calculated, so that the shared keys among other satellites are not available, and the attack of insiders is avoided. (5) The method of this embodiment is also applicable to the case where two networked satellites do not have a shared secret key distributed by a ground control center, for example, the two satellites to be authenticated come from different organizations or countries. Specifically, identity authentication and key agreement can be performed between satellites based on a location key only, so as to realize rapid inter-satellite networking authentication. Although there may be some security risks, such as an insider attack, authentication of the location key satisfies the security requirement of a certain scenario, which is an alternative scheme. (6) The method of the embodiment has no requirement on the emission batches of the satellites, namely the satellites emitted in different batches can also adopt the scheme to realize inter-satellite networking authentication and key agreement. Specifically, when the satellite needs networking authentication, a shared key can be generated under the help of a ground control center in an initial networking stage, and authentication is realized based on the shared key and a position key; or in the case where a shared key cannot be generated, authentication may be achieved based on only the location key.

In summary, in the inter-satellite networking authentication method of the present invention, the ground control center generates a temporary identity and an inter-satellite long-term shared key for each satellite for networking authentication, so as to protect the true identity of the satellite; meanwhile, by combining the characteristic of satellite track fixation, a long-term shared key between satellites is generated for each satellite, the first orbit parameter of each satellite is obtained and distributed to the satellites, each satellite calculates a position key based on the orbit parameters, then identity authentication is completed by using the position key and the shared key between the satellites, and a session key between the satellites is negotiated, so that the risk caused by the leakage of a main key is avoided; in addition, the participation of a ground control center is reduced in the authentication process, and unnecessary communication delay is reduced, so that a safe and efficient inter-satellite authentication mechanism is realized, and inter-satellite rapid networking is realized.

Example two

On the basis of the first embodiment, the present embodiment provides an inter-satellite networking authentication method in which, after an inter-satellite initial networking authentication stage, an orbit parameter of a satellite does not change, and inter-satellite networking is disconnected and reconnected. In this embodiment, that the orbit parameter of the satellite is not changed means that the orbit parameters of the first satellite and the second satellite are not changed.

Specifically, the method comprises the following steps:

and S1, the ground control center generates a real identity and an inter-satellite long-term shared key for each satellite respectively.

S2, the ground control center generates a temporary identity of each satellite by using the real identity of each satellite and the long-term shared key between the satellite and the ground according to networking authentication request information sent by any satellite, generates the long-term shared key between the satellites by combining random numbers, and acquires the orbit parameters of each satellite.

S3, each satellite calculates a first position key of the first satellite according to the orbit parameters of the first satellite, and calculates a first message verification code of the first satellite according to the long-term shared key among the satellites, the temporary identity of the first satellite and the calculated first position key; and when the second satellite judges that the first message verification code calculated by the second satellite is consistent with the first message verification code calculated by the first satellite, the second satellite completes the authentication of the first satellite.

Please refer to embodiment one for a specific implementation method of steps S1-S4, which is not described in detail herein.

S5, when the orbit parameter of the satellite is not changed, the satellite position key is updated: each satellite calculates a third position key of the first satellite according to the original orbit parameters of the first satellite, and calculates a third message verification code of the first satellite according to the integrity protection key calculated by the last authentication and the respectively calculated third position key; and when the second satellite judges that the third message verification code calculated by the second satellite is consistent with the third message verification code calculated by the first satellite, the second satellite completes the authentication update of the first satellite.

Referring to fig. 5, fig. 5 is a flowchart of a satellite location key updating phase when the orbit parameters of the satellite are not changed according to an embodiment of the present invention.

Step S5 includes:

s51, the first satellite calculates a third position key by using the original orbit parameter of the first satellite under the fifth current timestamp, calculates a third message verification code according to the first satellite temporary identity, the integrity protection key calculated by last authentication and the third position key, and generates a third authentication vector of the first satellite temporary identity, the fifth current timestamp and the third message verification code.

Specifically, satellite a acquires the fifth current timestamp T _A3 Utilizing the original orbit parameters P of the first satellite according to a satellite positioning algorithm of a Global Positioning System (GPS) _A Calculating its third GPS coordinate (x) _A2 ,y _A2 ,z _A2 ) And a third position key K _L-A2 . Satellite A then uses the integrity protection key IK calculated by the last authentication and the current third location key K _L-A2 Calculating a third message authentication code MAC _A2 Finally, the satellite A creates a first satellite temporary identity TID _A Fifth current timestamp T _A3 And a third message authentication code MAC _A2 Third authentication vector AV _A2 And sent to satellite B.

The above calculation process is shown in equation (6):

and S52, when the second satellite judges that the first satellite temporary identity in the third authentication vector is consistent with the first satellite temporary identity sent by the ground control center and the fifth current timestamp is fresh, calculating a new third position key by using the original orbit parameters of the first satellite, and calculating a new third information verification code according to the first satellite temporary identity, the integrity protection key calculated by the last authentication and the new third position key.

In particular, satellite B verifies the third authentication vector AV _A2 Temporary identification TID of medium first satellite _A And the fifth current timestamp T _A3 If the requirement is met, satellite B is according to T _A3 And saved original orbit parameters P of the first satellite _A Calculating satellite A at T _A3 New third GPS coordinate of time (x' _A2 ,y' _A2 ,z' _A2 ) And a new third location key K' _L-A2 . Satellite B then utilizes the last authenticated computed integrity protection key IK and the current satellite A new third location key K' _L-A2 Calculating a new third message authentication code XMAC _A2 。

In particular, if the new third message authentication code XMAC _A2 Third message verification code MAC transmitted with satellite A _A2 If the satellite A is consistent with the satellite A, the identity authentication of the satellite A is completed; otherwise, the authentication fails, and the authentication is finished.

The calculation procedures of steps S52 and S53 are shown in equation (7):

s6, each satellite calculates a fourth position key of the second satellite according to the original orbit parameters of the second satellite, and calculates a fourth message verification code of the second satellite according to the integrity protection key calculated by the last authentication and the fourth position key calculated by each satellite; and when the first satellite judges that the fourth message verification code calculated by the first satellite is consistent with the fourth message verification code calculated by the second satellite, the first satellite completes the authentication update of the second satellite.

The method specifically comprises the following steps:

s61, the second satellite calculates a fourth position key by using the original orbit parameters of the second satellite under a sixth current timestamp, calculates a fourth message verification code according to the integrity protection key calculated by the last authentication, the second satellite temporary identity and the fourth position key, and generates a fourth authentication vector of the second satellite temporary identity, the fourth message verification code and the sixth current timestamp; and calculating a new encryption key and an integrity protection key by using the inter-satellite long-term shared key, the fourth location key and the new third location key.

Specifically, satellite B acquires the sixth current timestamp T _B2 Using the orbital parameter P of the second satellite according to a satellite positioning algorithm of the Global Positioning System (GPS) _B Calculating its fourth GPS coordinate (x) _B2 ,y _B2 ,z _B2 ) And a fourth position key K _L-B2 Satellite B then calculates integrity using the last authenticationProtection key IK and current fourth position key K _L-B2 Calculating a fourth message authentication code MAC _B2 Creating a second satellite temporary identity TID _B Sixth current timestamp T _B2 And a fourth message authentication code MAC _B2 Fourth authentication vector AV _B2 And sent to satellite a. Finally, satellite B utilizes the long-term shared secret key K between satellites _AB New third location key K' _L-A2 And a fourth position key K _L-B2 Calculating a new session ciphering key, CK ₂ And integrity protection key IK ₂ For subsequent inter-satellite sessions. The above calculation process is shown in equation (8):

and S62, when the first satellite judges that the second satellite temporary identity in the fourth authentication vector is consistent with the second satellite temporary identity sent by the ground control center and the sixth current timestamp is fresh, calculating a new fourth position key by using the original orbit parameters of the second satellite, and calculating a new fourth message verification code according to the integrity protection key calculated by the last authentication, the second satellite temporary identity and the new fourth position key.

In particular, satellite A verifies the fourth authentication vector AV _B2 Second satellite temporary identity TID _B And the sixth current timestamp T _B2 If the fourth authentication vector AV _B2 Second satellite temporary identity TID _B Second satellite temporary identity TID sent by ground control center _B Consistent and sixth current timestamp T _B2 Fresh, satellite A according to the sixth current timestamp T _B2 And saved original orbit parameters P of the second satellite _B Calculating a new fourth GPS coordinate (x ') of satellite B' _B2 ,y' _B2 ,z' _B2 ) And a new fourth location key K' _L-B2 . Satellite A then utilizes the IK calculated from the last authentication and the new fourth location key K' _L-B2 Calculating a new fourth message authentication code XMAC _B2 。

S63, when the first satellite judges that the new fourth message verification code is consistent with the fourth message verification code, the first satellite completes the authentication update of the second satellite; the first satellite calculates a new encryption key and an integrity protection key using the inter-satellite long-term shared key, the new fourth location key, and the third location key.

In particular, if the new fourth message authentication code XMAC _B2 Fourth message authentication code MAC transmitted with satellite B _B2 The satellite A completes the identity authentication of the satellite B; otherwise, the authentication fails, and the authentication is finished. Finally, satellite A utilizes the long-term shared secret key K between satellites _AB A third position key K _L-A2 And a new fourth location key K' _L-B2 Calculating a new session ciphering key, CK ₂ And integrity protection key IK ₂ For subsequent inter-satellite sessions.

The calculation procedures of step S62 and step S63 are as shown in formula (9):

in the present embodiment, the new session encryption key CK calculated in steps S61 and S63 ₂ And integrity protection key IK ₂ Are identical, except for the encryption key CK calculated by the satellite A ₂ And integrity protection key IK ₂ Encryption key CK stored in satellite A and calculated by satellite B ₂ And integrity protection key IK ₂ Stored in satellite B.

In the embodiment, when the inter-satellite link is disconnected and reconnected, and when the orbit parameters of the satellite are not changed, the satellite calculates a new position key based on the stored orbit parameters, and updates the session key, and in the position key updating stage, key confirmation is not performed any more, so that the signaling overhead of the satellite is reduced.

EXAMPLE III

On the basis of the first embodiment and the second embodiment, the present embodiment provides an inter-satellite networking authentication method in which, after an inter-satellite initial networking authentication phase, an orbit parameter of a satellite changes, and inter-satellite networking is disconnected and reconnected. In this embodiment, the change of the orbit parameter of the satellite means that the orbit parameter of any one of the first satellite and the second satellite changes.

Specifically, the method comprises the following steps:

S5, each satellite calculates a fifth position key of the first satellite according to the changed orbit parameters of the first satellite, and calculates a fifth message verification code of the first satellite according to the integrity protection key calculated by the last authentication and the fifth position key calculated by each satellite; and when the second satellite judges that the fifth message verification code calculated by the second satellite is consistent with the fifth message verification code calculated by the first satellite, the second satellite completes the authentication update of the first satellite.

Referring to fig. 6, fig. 6 is a flowchart of a satellite location key updating phase when the orbit parameters of the satellite are not changed according to an embodiment of the present invention.

Step S5 includes:

s51, the first satellite calculates a fifth position key by using the changed orbit parameter of the first satellite under a seventh current timestamp, calculates a fifth message verification code according to the integrity protection key calculated by the last authentication, the first satellite temporary identity and the fifth position key, encrypts the changed orbit parameter of the first satellite by using the encryption key calculated by the last authentication, and generates a fifth authentication vector of the first satellite temporary identity, the seventh current timestamp, the fifth message verification code and the encrypted changed orbit parameter of the first satellite.

Specifically, satellite A acquires the seventh current timestamp T _A3 And according to the changed orbit parameter P of the first satellite _A2 Calculate its fifth GPS coordinate (x) _A2 ,y _A2 ,z _A2 ) And a fifth position key K _L-A2 . Satellite a then uses the integrity protection key IK calculated by the last authentication and the current fifth location key K _L-A2 Calculating a fifth message authentication code MAC _A2 And encrypting the changed orbit parameters P of the satellite A by using the session encryption key CK calculated by the last authentication _A2 . Finally, the satellite A creates a first satellite temporary identity TID _A Seventh current timestamp T _A3 A fifth message authentication code MAC _A2 And the encrypted first satellite orbit parameter Enc _CK (P _A2 ) Fifth authentication vector AV _A2 And sent to satellite B.

The above calculation process is shown in equation (10):

and S52, when the second satellite judges that the first satellite temporary identity in the fifth authentication vector is consistent with the first satellite temporary identity sent by the ground control center and the seventh current timestamp is fresh, decrypting the fifth authentication vector by using the encryption key calculated by the last authentication to obtain the changed orbit parameter of the first satellite, calculating a new fifth position key by using the changed orbit parameter of the first satellite, and calculating a new fifth message verification code according to the integrity protection key calculated by the last authentication, the first satellite temporary identity and the new fifth position key.

Specifically, satellite B verifies AV in the fifth authentication vector _A2 Temporary identity TID of the first satellite _A And a seventh current timestamp T _A3 If both meet the requirements, the satellite B decrypts the fifth authentication vector message by using the encryption key CK calculated by the last authentication to obtain the orbit parameter P of the satellite A after the current change _A2 Then the satellite B changes the orbit parameter P according to the satellite A _A2 Calculate satellite A at the seventh current timestamp T _A3 New fifth GPS coordinate of time (x' _A2 ,y' _A2 ,z' _A2 ) And a new fifth location key K' _L-A2 . Satellite B then utilizes the last authenticated computed integrity protection key IK 'and a new fifth location key K' _L-A2 Calculating a new fifth message authentication code XMAC _A2 。

Specifically, if the new fifth message authentication code XMAC _A2 Fifth message authentication code MAC transmitted with satellite A _A2 The satellite B completes the identity authentication of the satellite A when the satellite A is consistent with the satellite B; otherwise, the authentication fails, and the authentication is finished.

The calculation procedures of steps S52 and S53 are as shown in equation (11):

s6, each satellite calculates a sixth position key of the second satellite according to the changed orbit parameters of the second satellite, and calculates a sixth message verification code of the second satellite according to the integrity protection key calculated by the last authentication and the sixth position key calculated by each satellite; and when the first satellite judges that the sixth message verification code calculated by the first satellite is consistent with the sixth message verification code calculated by the second satellite, the first satellite completes the authentication update of the second satellite. The method specifically comprises the following steps:

and S61, the second satellite calculates a sixth position key by using the changed orbit parameter of the second satellite under the eighth current timestamp, calculates a sixth message verification code according to the integrity protection key calculated by the last authentication, the second satellite temporary identity and the sixth position key, encrypts the changed orbit parameter of the second satellite by using the encryption key calculated by the last authentication, and generates a sixth authentication vector of the second satellite temporary identity, the eighth current timestamp, the sixth message verification code and the encrypted second satellite orbit parameter. And calculating a new encryption key and an integrity protection key by using the inter-satellite long-term shared key, the sixth location key and the new fifth location key.

Specifically, the satellite B acquires the eighth current timestamp T _B2 According to the changed orbit parameter P of the current second satellite _B2 Calculates its sixth GPS coordinate (x) _B2 ,y _B2 ,z _B2 ) And a sixth position key K _L-B2 Satellite B then uses the integrity protection key IK and the sixth location key K calculated from the last authentication _L-B2 Calculating a sixth message authentication code MAC _B2 And encrypting the changed orbit parameter P of the second satellite by using an encryption key CK calculated by the last authentication _B2 Whereby the second satellite temporary identity TID _B Eighth current timestamp T _B2 And a sixth message authentication code MAC _B2 Creating authentication vectors AV _B2 And sent to satellite a. Finally, satellite B utilizes the long-term shared secret key K between satellites _AB New fifth location key K' _L-A2 And a sixth position key K _L-B2 Calculating a new session ciphering key, CK ₂ And integrity protection key IK ₂ For subsequent inter-satellite sessions. The above calculation process is shown in equation (12):

and S62, when the first satellite judges that the second satellite temporary identity in the sixth authentication vector is consistent with the second satellite temporary identity sent by the ground control center and the eighth current timestamp is fresh, decrypting the sixth authentication vector by using the encryption key calculated by the last authentication to obtain the changed orbit parameter of the second satellite, calculating a new sixth position key by using the changed orbit parameter of the second satellite, and calculating a new sixth message verification code according to the integrity protection key calculated by the last authentication, the second satellite temporary identity and the new sixth position key.

In particular, satellite A verifies the sixth authentication vector AV _B2 Second satellite temporary identity TID _B And eighth current timestamp T _B2 If the two meet the requirements, the satellite A decrypts the sixth authentication vector information by using the encryption key CK calculated by the last authentication to obtain the current changed orbit parameter P of the satellite B _B2 . The satellite A then uses the changed orbital parameter P _B2 Computing the eighth current timestamp T of satellite B _B2 Sixth GPS coordinate (x ') of time new' _A2 ,y' _A2 ,z' _A2 ) And a new sixth location key K' _L-A2 . Satellite A then utilizes the integrity protection key IK calculated from the last authentication and the new sixth location key K 'for satellite B' _L-B2 Calculating a new sixth message authentication code XMAC _B2 。

And S63, when the first satellite judges that the new sixth message verification code is consistent with the sixth message verification code, the first satellite completes the authentication update of the second satellite. The first satellite calculates a new encryption key and an integrity protection key using the inter-satellite long-term shared key, the new sixth location key, and the fifth location key.

Specifically, if the new sixth message authentication code XMAC _B2 Sixth message authentication code MAC transmitted with satellite B _B2 The satellite A completes identity authentication of the satellite B; otherwise, the authentication fails, and the authentication is finished. Finally, satellite A utilizes the long-term shared secret key K between satellites _AB The fifth positionSecret key K _L-A2 And a new sixth location key K' _L-B2 Calculating a new session ciphering key, CK ₂ And integrity protection key IK ₂ For subsequent inter-satellite sessions.

The calculation procedures of step S62 and step S63 are as shown in formula (13):

in the present embodiment, the new session encryption key CK calculated in steps S61 and S63 ₂ And integrity protection key IK ₂ Are identical, except for the encryption key CK calculated by satellite a ₂ And integrity protection key IK ₂ Encryption key CK stored in satellite A and calculated by satellite B ₂ And integrity protection key IK ₂ Stored in satellite B.

In the embodiment, when the inter-satellite link is disconnected and reconnected, when the orbit parameter of the satellite changes, the satellite encrypts the new orbit parameter by using the session key calculated by the last authentication and sends the new orbit parameter to the other party, then the two parties calculate the new position key based on the new orbit parameter and realize the process of updating the session key, and in the stage of updating the position key, the key confirmation is not executed any more, so that the signaling overhead of the satellite is reduced.

Because the satellite runs at a high speed and the topological structure is complex and changeable, in the second embodiment and the third embodiment, two schemes for updating the position key are designed aiming at the situation of disconnection and reconnection of the inter-satellite networking, and the situation of disconnection and reconnection of the satellite link under the topological structure with complex change is fully dealt with based on the situation that the satellite orbit parameters are not changed and the satellite orbit parameters are changed.

The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.

Claims

1. An enhanced inter-satellite networking authentication method based on a location key is characterized by comprising the following steps:

2. The enhanced location key-based inter-satellite networking authentication method according to claim 1, wherein step S2 comprises:

3. The enhanced location key-based inter-satellite networking authentication method according to claim 1, wherein step S3 comprises:

4. The enhanced location key-based inter-satellite networking authentication method according to claim 3, wherein the step S4 comprises:

5. The enhanced location key-based inter-satellite networking authentication method according to claim 1, further comprising, after step S4:

6. The enhanced location key-based inter-satellite networking authentication method according to claim 5, wherein the step S5 comprises:

7. The enhanced location key-based inter-satellite networking authentication method according to claim 6, wherein the step S6 comprises:

8. The enhanced location key-based inter-satellite networking authentication method according to claim 1, further comprising, after step S4:

9. The enhanced location key-based inter-satellite networking authentication method according to claim 8, wherein step S5 comprises:

10. The enhanced location key-based inter-satellite networking authentication method according to claim 9, wherein step S6 comprises:

s63, when the first satellite judges that the new sixth message verification code is consistent with the sixth message verification code, the first satellite completes the authentication update of the second satellite; the first satellite calculates a new ciphering key and an integrity protection key using the inter-satellite long term shared key, the new sixth location key and the fifth location key.