摘要
卫星物联网利用卫星通信网络、星载及地面多种类型终端设备,能够实现空天地一体化的人、物连接和信息交互,具有空中无界、地面无障的优势,也有大尺度覆盖、链路高度开放、拓扑动态变化、终端资源受限、通信时延长等特点。为了实现卫星物联网资源的安全高效利用,提出了基于信任评估的卫星物联网终端认证方法,通过对终端设备进行信任评估来优化认证策略。针对曾经强认证的终端短时间内再次认证,和经由强认证节点授信两种情形,提出了卫星物联网终端信任评估机制,按照直接信任和间接信任刻画了动态调整的信任度量和评估模型,设计了基于信任评估的卫星物联网接入认证协议,根据设备信任度采用相匹配的认证机制,使高信任度设备的后续认证流程得以简化,实现了在同一认证策略框架下为不同终端设备提供差异化的认证服务。使用非形式化方法和Tamarin形式化工具对协议安全性进行全面分析,通过实验验证协议的有效性,可降低总体认证开销,且可利用信任简化认证流程。
Satellite internet of things(satellite IoT)has been utilized to achieve the integration of space-ground,human-thing connection,and information interaction through the satellite communication network and various types of spaceborne and ground terminal devices.It possesses advantages that are boundless in air and unobstructed on ground,as well as characteristics such as large-scale coverage,highly open links,dynamically changing topologies,limited terminal resources,and long communication latency.In order to achieve the safe and efficient utilization of satellite IoT resources,a trust evaluation-based terminal authentication method for satellite IoT was proposed,which could optimize the authentication strategy by evaluating the trust of terminal devices.A trust evaluation mechanism for satellite IoT terminals was proposed for two scenarios:terminals that had recently undergone strong authentication and had been granted credit by strongly authenticated nodes.A dynamically adjusted trust measurement and evaluation model was characterized based on direct trust and indirect trust.Secondly,a trust evaluation-based access authentication protocol for satellite IoT was designed,which adopted a matching authentication mechanism according to the trust degree of the device.This allowed for the simplification of the subsequent authentication process for high-trust devices and provided differential authentication services for different terminal devices under the same authentication strategy framework.The security of the protocol was comprehensively analyzed using non-formal methods and Tamarin formal tools,and the effectiveness of the protocol was verified by experiments.The protocol was shown to be capable of reducing the overall authentication overhead and simplifying the authentication process with trust.
作者
田敏求
李凤华
李子孚
郭超
TIAN Minqiu;LI Fenghua;LI Zifu;GUO Chao(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100085,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China;Key Laboratory of Cyberspace Security Defense,Beijing 100085,China;Department of Electronics and Communication Engineering,Beijing Electronic Science and Technology Institute,Beijing 100070,China)
出处
《网络与信息安全学报》
2024年第4期37-48,共12页
Chinese Journal of Network and Information Security
基金
国家自然科学基金(U23B2024,62202463)。
关键词
卫星物联网
接入认证
信任评估
形式化验证
satellite IoT
access authentication
trust evaluation
formal verification
