CN-120050610-B - Group construction and access authentication method for satellite network high-speed terminal group

Abstract

The method comprises initializing a ground control center, and respectively configuring identity and shared secret key for the high-speed terminal group and access point; then respectively carrying out mutual authentication and group sharing secret keys between the group and the group members in the high-speed terminal group; finally, the group owner sends a verification request to the access point, and the access point forwards the access verification request to the ground control center; the ground control center then transmits a verification response to the access point, and the access point forwards the verification response to the group owner, and the group owner verification response is broadcast to the group members, so that the safe communication among the high-speed terminal group, the ground control center and the access point is realized; the method ensures the stability, the high efficiency and the continuity of the communication through the group construction and the access authentication mechanism; meanwhile, the information content of the transmission is effectively protected, the access and interference of illegal entities are resisted, the occupation of resources is effectively reduced, and the overall performance of the system is improved.

Inventors

• MA RUHUI
• LU YUCHEN
• HE SHIYANG
• FU HAN

Assignees

• 西安电子科技大学

Dates

Publication Date

20260508

Application Date

20250224

Claims (10)

1. 1. The group construction and access authentication method for the satellite network high-speed terminal group is characterized by comprising the following steps: ground control center Initializing and respectively grouping high-speed terminals Access point Configuring identity and shared key, the high-speed terminal group Comprising a plurality of group members And a group owner ; Based on the high-speed terminal group Configured identity and shared secret key, group owner And group members Respectively performing mutual authentication and group sharing key to complete high-speed terminal group Is constructed according to the following steps; Based on the high-speed terminal group Access point Configured identity and shared key and the high-speed terminal group Is a group owner To an access point Sending an authentication request, the access point Forwarding access authentication request to ground control center The ground control center And then to the access point Transmitting authentication response, access point Forwarding the validation response to the group owner Group owner Validating and broadcasting responses to group members To realize high-speed terminal group Ground control center Access point Secure communication between.
2. 2. The method for constructing and authenticating access to a group of high-speed terminals in a satellite network as set forth in claim 1, wherein said ground control center The initializing specifically comprises the following steps: the ground control center Selecting a ground control center Is the first identity of (1) Call up The algorithm is initialized, then the system parameters are disclosed and the first private key is used for the system parameters Confidentiality is kept; the ground control center The disclosed system parameters include a cyclic group Number of orders of Generator and method for generating a digital signal First public key First hash function Second hash function Third hash function Fourth hash function Fifth hash function 。
3. 3. The method for constructing and authenticating access to a group of high-speed terminals in a satellite network as set forth in claim 2, wherein said ground control center Disclosing system parameters and applying to a first private key The confidentiality comprises the following specific steps: the ground control center Selecting elliptic curves Selecting the order as Is a cyclic group of (a) A generator ; The ground control center Selecting a first random number As a first private key based on Generator and method for generating a digital signal Calculating a first public key The corresponding expression is: Based on elliptic curve Circulation group The ground control center Respectively selecting first hash functions Second hash function Third Hash function Fourth hash function Fifth hash function Wherein, the method comprises the steps of, A zero-bit string representing an arbitrary length; representing a non-zero set of elements and Is a multiplicative group of orders.
4. 4. The method for constructing and authenticating access to a satellite network high-speed terminal group according to claim 1 or 3, wherein said ground control center Respectively high-speed terminal groups Access point The configuration of the identity and the shared key specifically comprises the following steps: the ground control center Respectively, are members of a group Access point Group owner Selecting a second identity Third identity Fourth identity Wherein, the method comprises the steps of, ; ; The group members Selecting a second random number As a second private key, the access point Selecting a third random number As a third private key, the group owner Selecting a fourth random number As a fourth private key, the second random number Third random number Fourth random number And wherein: representing a non-zero set of elements and A multiplicative group that is a step; based on the second private key Ground control center Is a generator of (a) Computing group members Is a second public key of (2) Based on the third private key Ground control center Is a generator of (a) Computing access points Third public key of (2) Based on the fourth private key Ground control center Is a generator of (a) Computing group owner Fourth public key of (2) The corresponding calculation expressions are respectively: the group members Will group members Is the second identity of (2) A second public key Sent to the ground control center Ground control center Invoking an algorithm Generating group members Fifth private key of (2) And a fifth public key The ground control center Invoking an algorithm Generating group members Fifth private key of (2) And a fifth public key The method specifically comprises the following steps: the ground control center Selecting a fifth random number And calculates a fifth public key The ground control center Calculate a fifth private key The ground control center Returning the fifth public key Fifth private key Wherein, the method comprises the steps of, Representing a first hash function; Representing a ground control center Is a first public key of (a); The access point Access point Third identity of (2) Third public key Sent to the ground control center Ground control center Invoking an algorithm Generating access points Is a sixth private key of (2) And a sixth public key The ground control center Invoking an algorithm Generating access points Is a sixth private key of (2) And a sixth public key The method specifically comprises the following steps: the ground control center Selecting a sixth random number And calculates a sixth public key The ground control center Calculate a sixth private key The ground control center Returning the sixth public key Sixth private key ; The group owner Will group the owner Fourth identity of (2) Fourth public key Sent to the ground control center Ground control center Invoking an algorithm Generating group owner Seventh private key of (2) And a seventh public key The ground control center Invoking an algorithm Generating group owner Seventh private key of (2) And a seventh public key The method specifically comprises the following steps: the ground control center Selecting a seventh random number And calculates a seventh public key The ground control center Calculate a seventh private key The ground control center Returning the seventh public key Seventh private key ; Based on group members Is a second public key of (2) Fifth public key Obtaining group members Is the first complete public key of (1) Based on group members Is the second private key of (2) Fifth private key Obtaining group members Is a first complete private key of (1) Access point based Third public key of (2) Sixth public key Obtaining an access point Second full public key of (a) Access point based Third private key of (2) Sixth private key Obtaining an access point Second full private key of (a) Based on group owner Fourth public key of (2) Seventh public key Obtaining group owner Third full public key of (a) Based on group owner Fourth private key of (2) Seventh private key Obtaining group owner Third full private key of (2) 。
5. 5. The method for constructing and authenticating access to a group of high-speed terminals in a satellite network as set forth in claim 4, wherein said group owner And group members The mutual authentication between the two parts specifically comprises: The group owner Generating an eighth random number And call the algorithm Generating a first signature The group owner Invoking an algorithm Generating a first signature The method specifically comprises the following steps: Group owner Calculation of , Group owner Calculation of And then (b) then ; Wherein, the Representing group members Is a first full public key of (a); representing group members Is the second identity of (2) ; Representing a ground control center Is a first public key of (a); Representing a ground control center Is a generator of (a) ; Respectively represent the first signatures Part of the signature in (a); representing an intermediate quantity; representing an intermediate quantity; Representing a second hash function; representing first information including group owner Fourth identity of (2) Third full public key ; Representing group owners A fourth private key of (2), Representing group owners A seventh private key of (2); representing a non-zero set of elements and A multiplicative group that is a step; Group owner To group members Broadcasting a first signature And first information ; The group members Receiving a first signature And first information After that, the algorithm is invoked Verifying group owner Identity of the group member Invoking an algorithm Verifying group owner The identity of (a) specifically includes: Group member Calculation of Group member Parsing first information To obtain a group owner Third full public key of (a) And fourth identity Group member Calculation of Group member Inspection of Verifying the signature if equal, wherein: representing an intermediate quantity; representing an intermediate quantity; if verification is successful, group members To the group owner Sending an access authentication request and invoking an algorithm To the group owner Outputting the second signature And first ciphertext And the group member Invoking an algorithm To the group owner Outputting the second signature And first ciphertext The method specifically comprises the following steps: Group member Selecting a ninth random number And calculate , Group member Calculation of , Group member Separately calculate And then (b) then ; Wherein, the Representing the second information, including group members The generated pair of random numbers Group member Is the second identity of (2) And a first full public key ; An abscissa representing a randomly selected point; an ordinate representing a randomly selected point; 、 respectively represent the second signatures Part of the signature in (a); representing an intermediate quantity; representing an intermediate quantity; representing an intermediate quantity; representing an intermediate quantity; Representing group owners Is a fourth public key of (2); Representing group owners Is a seventh public key of (2); representing group members Is a second private key of (a); representing group members Is a fifth private key of (a); if verification fails, group member Will lead to group owner Sending a verification failure response message; The group owner Receiving the second signature And first ciphertext After that, the algorithm is invoked For the first ciphertext Decrypting to obtain the second information And verifies the second signature Whether or not it is correct, the group owner Invoking an algorithm For the first ciphertext Decrypting to obtain the second information And verifies the second signature Whether or not it is correct specifically includes: Group owner Calculation of Group owner Resolving group members Second information of (2) Obtaining group members Is the first complete public key of (1) Group member Is the second identity of (2) Group member The generated pair of random numbers Group owner Calculation of And by checking Verifying if the signatures are equal; Wherein, the Representing group owners A third full private key of (a); representing an intermediate quantity; representing an intermediate quantity; Representing an exclusive or operation; if the second signature Correct, group owner Will store group members The generated pair of random numbers If the second signature Error, group owner Will be directed to group members And sending a verification failure response message.
6. 6. The method for constructing and authenticating access to a group of high-speed terminals in a satellite network as set forth in claim 5, wherein said group owner And group members The group sharing key comprises the following specific steps: The group owner Selecting a tenth random number And construct an order of Is a polynomial of interpolation of (a) Through the following steps of Points, i.e And Wherein, the method comprises the steps of, An abscissa representing a randomly selected point; an ordinate representing a randomly selected point; The group owner At the position of Alternative to the above Individual points Generating a time stamp And group shared key identifier Calculating a message authentication code And share the group key identifier Message authentication code Group owner Fourth identity of (2) 、 Individual points Time stamp Broadcast to group members Wherein, the method comprises the steps of, An abscissa representing the selected point; Representing the ordinate of the selected point; the group members Received group shared key identifier Message authentication code Group owner Fourth identity of (2) 、 Individual points Time stamp Thereafter, the random number stored in the random number storage unit is used Recovery Calculate the tenth random number And verifies the message verification code If the validity of the message verification code Effective, group members Will tenth random number Stored as group members If the message authentication code Invalidation, group owner Will be directed to group members And sending a verification failure response message.
7. 7. The method for constructing and authenticating access to a group of high-speed terminals in a satellite network as set forth in claim 1, wherein said group owner And group members Respectively performing mutual authentication and group sharing key to complete high-speed terminal group In the construction of (2), the method also comprises the step of dynamically updating group members, specifically: when a new member is added, the new member first executes the group owner And group members Mutual authentication phase between them, then execute group owner And group members A group shared key phase in between; When the old member leaves, the old member first goes to the group owner Send out leave notification and then execute group owner And group members A group shared key phase in between.
8. 8. The method for constructing and authenticating access to a group of high-speed terminals in a satellite network according to claim 1 or 6, wherein said group owner To an access point The sending of the verification request specifically includes: Through an access point Access ground control center Is a group owner of (a) Generating an eleventh random number And call the algorithm Generating a third signature The group owner Invoking an algorithm Generating a third signature The method specifically comprises the following steps: Group owner Calculation of , Group owner Calculation of And then (b) then ; Wherein: Representing a ground control center Is a first public key of (a); Representing a ground control center A generator of (2); representing access points Is a third identity of (2); representing an intermediate quantity; representing an intermediate quantity; Representing group owners Access point Third information required; representing access points Is a third private key of (a); representing access points Is a sixth private key of (a); 、 Respectively represent the third signatures Part of the signature in (a); Based on a fourth hash function Tenth random number Group shared key identifier Ground control center Is the first identity of (1) Computing group owner Ground control center First key in between Based on a fifth hash function Eleventh random number Group owner Ground control center First key in between Calculate the second ciphertext The corresponding calculation expressions are respectively: Wherein, the Representing an exclusive or operation; Representing group owners A third full private key of (a); representing access points Is a second full public key of (a); The group owner To an access point Transmitting a third signature Group owner Access point Third information required Second ciphertext 。
9. 9. The method for constructing and authenticating a group of high-speed terminals in a satellite network as set forth in claim 8, wherein said access point is configured to Forwarding access authentication request to ground control center The method specifically comprises the following steps: The access point Receiving a third signature Group owner Access point Third information required Second ciphertext After that, the algorithm is invoked Verifying the third signature The access point Invoking an algorithm Verifying the third signature The method specifically comprises the following steps: Access point Receiving third information as an access request message And calculate Access Point (AP) Calculation of Access Point (AP) Inspection of Verifying if the signatures are equal; Wherein: representing an intermediate quantity; 、 Respectively represent the third signatures Part of the signature in (a); representing access points Is a third private key of (a); Representing a second hash function; representing access points Is a third identity of (2); representing an intermediate quantity; representing a first hash function; Representing group owners Fourth identity of (2) ; Representing group owners Is a fourth public key of (2); Representing group owners Is a seventh public key of (2); Representing a ground control center Is a first public key of (a); Representing a ground control center Is a generator of (a) ; Representing access points Is a second full private key of (a); if the authentication is successful, the access point Second ciphertext And a third signature Forwarded to ground control center If the authentication fails, the access point Will be directed to the ground control center And sending a verification failure response message.
10. 10. The method for constructing and authenticating access to a group of high-speed terminals in a satellite network as set forth in claim 9, wherein said ground control center And then to the access point Transmitting authentication response, access point Forwarding the validation response to the group owner Group owner Validating and broadcasting responses to group members To realize high-speed terminal group Ground control center Access point The secure communication between the two devices specifically comprises: the ground control center Receiving the second ciphertext And a third signature After that, for the second ciphertext Decrypt and based on the second ciphertext Fifth hash function Third signature Partial signature in (a) First private key Computing group owner L and ground control center First key in between Based on a fourth hash function Group owner L and ground control center First key in between Group shared key identifier Access point Third identity of (2) Computing group owner L and access point Second key therebetween The corresponding calculation expressions are as follows: Wherein, the Representing an exclusive or operation; the ground control center Based on a fourth hash function Group owner L and ground control center First key in between Ground control center Is the first identity of (1) Third signature Partial signature in (a) Calculating a response value The corresponding calculation expression is as follows: The access point Response value is to be given Forwarding to group owner Group owner Validating the response value And will respond to the value Broadcast to group members Ground control center Through group owner L and ground control center First key in between And high-speed terminal group Secure communication, access point By group owner L and access point Second key therebetween And high-speed terminal group Secure communications are conducted.

Description

Group construction and access authentication method for satellite network high-speed terminal group Technical Field The invention relates to the technical field of satellite communication, in particular to a group construction and access authentication method for a satellite network high-speed terminal group. Background In the current technological development process, high-speed terminal groupIs becoming a key application form in a plurality of fields. For example, in the intelligent transportation field, high-speed terminal groupsThe system can be used for traffic flow monitoring, intelligent navigation assistance and other tasks, and can realize real-time environmental data acquisition and transmission of a large area in the aspect of environmental monitoring. Information interaction between its members and collaboration with external communications are critical to the smooth execution of tasks. However, high speed terminal groupA serious set of challenges are faced. In terms of security, the security of its communication link is extremely fragile. An attacker can use the openness of the link and adopts various attack means. Attempting to obtain valuable information from traffic patterns, e.g., through traffic analysis attacks, utilizing man-in-the-middle attacks, in high-speed terminal groupsCan steal or tamper with data when members of the group communicate with the outside, and can also launch denial of service attacks to group high-speed terminalsIs involved in paralysis. Meanwhile, high-speed terminal groupDuring dynamic operation, the joining and exiting of group members occurs frequently, which puts extremely high demands on group key management. Once the key management is not good, not only the communication efficiency is affected, but also the risk of communication content leakage is greatly increased. High speed terminal group in terms of performanceThe high-speed mobility characteristics of (2) make it a great dilemma in the access authentication process. Conventional authentication methods often cannot adapt to the rapidly changing network environment, resulting in low authentication efficiency. In the group construction and maintenance process, the problems of communication delay, overlarge signaling overhead and the like are easy to occur due to the lack of an efficient mechanism. These problems severely restrict the high-speed terminal groupThe effectiveness in practical application plays an urgent role in ensuring safe and efficient operation of the system. X. Wang（X. Wang and S. Xu,"A secure access control scheme based on group for peer to peer network", 2012 International Conference on Systems and Informatics (ICSAI2012), pp. 1507-1511, 2012.） A system is presented for managing a peer-to-peer network in a group structure, divided into a plurality of groups. Each group contains a unique trusted group headerThe method is in charge of establishing and organizing, the group head can be directly communicated with communication and relay data, members in the group can be directly connected with the group head and members, and members in different groups can be communicated with each other through the group head. Disclosure of Invention In order to overcome the above-mentioned drawbacks of the prior art, an object of the present invention is to provide a method for group construction and access authentication of a satellite network high-speed terminal group, which comprises the steps of first providing a ground control centerInitializing and respectively grouping high-speed terminalsAccess pointConfiguring identity and shared key, and then high-speed terminal groupGroup owner of (a)And group membersRespectively making mutual authentication and group sharing key, and finally, group ownerTo an access pointSending an authentication request, the access pointForwarding access authentication request to ground control centerThe ground control centerAnd then to the access pointTransmitting authentication response, access pointForwarding the validation response to the group ownerGroup ownerValidating and broadcasting responses to group membersThereby realizing high-speed terminal groupGround control centerAccess pointThe method ensures the stability, the high efficiency and the continuity of the communication through the group construction and the access authentication mechanism, effectively protects the transmitted information content, resists the access and the communication interference of illegal entities, effectively reduces the occupation of resources and improves the overall performance of the system. In order to achieve the above purpose, the invention adopts the following technical scheme: A group construction and access authentication method for a satellite network high-speed terminal group comprises the following steps: ground control center Initializing and respectively grouping high-speed terminalsAccess pointConfiguring identity and shared key, the high-speed terminal groupComprising a pl