Two-Phase Access Authentication Method Integrating Spatial-Temporal Features in Space-Air-Ground Integrated Networks

Abstract

Disclosed is a two-phase access authentication method integrating spatial-temporal features in space-air-ground integrated networks. In the method, an access authentication is divided into two phases: a primary authentication phase and a continued authentication phase. In the primary authentication phase, a user equipment and a satellite are respectively initialized and registered through a ground network control center. In the authentication phase, a fast and secure access is achieved by using a user ID, facial features, and other authentication factors. In the continued authentication phase, data of a user flow and behavior features are acquired, and feature comparison is performed by using historical user data; and a security level and an authentication decision are output. According to the disclosure, the spatial-temporal features are integrated to perform access authentication on a satellite-ground communication network, the authentication not only achieves a fast access, but also continuously ensures the system security in a service phase.

Claims

1. A two-phase access authentication method integrating spatial-temporal features in space-air-ground integrated networks, comprising the following steps: S1, an initializing phase: selecting, by a ground network control center, a main key parameter, and selecting a matching hash function simultaneously; S2, a device registration phase: performing identity information registration and spatial-temporal feature data acquisition in the ground network control center by a satellite having a legal permission and a user equipment respectively; S3, a primary authentication phase: completing, by a user, local identity authentication, and achieving bidirectional authentication between the user equipment and the satellite under the assistance of the ground network control center simultaneously; S4, a continued authentication phase: initiating, by the satellite, a continued authentication request and a spatial-temporal feature data acquisition request to the user equipment; sending, by the user equipment, acquired data to a satellite; and performing, by the satellite, continued authentication on the user equipment under the assistance of the ground network control center to output a final authentication decision.

2. The two-phase access authentication method integrating the spatial-temporal features in the satellite-to-ground communication according to claim 1, wherein the step S2 specifically comprises the following substeps: S21, registration of the satellite: after receiving a registration request sent by the satellite through a secure channel, selecting, by the ground network control center, an identity identifier for the satellite, calculating, on the basis of the main key parameter, a key of the satellite, and using a hash function-based security protocol to complete the registration of the satellite in the ground network control center; S22, registration of the user equipment: acquiring, by the user equipment, biological feature information of the user, extracting a user face key, splicing the user face key with the identity identifier and a high entropy password, and using the hash function-based security protocol to complete the registration of the user equipment in the ground network control center; S23, acquisition of spatial-temporal feature data: acquiring, by the user equipment, behavior feature data of the user, and transmitting the behavior feature data to the ground network control center through the secure channel; after preprocessing the behavior feature data, performing, by the ground network control center, model training to obtain model parameters; and storing the model parameters to the ground network control center.

3. The two-phase access authentication method integrating the spatial-temporal features in the space-air-ground integrated networks according to claim 2, wherein in the step S22, a probabilistic key generation algorithm is used to extract the user face key by a fuzzy extractor.

4. The two-phase access authentication method integrating the spatial-temporal features in the space-air-ground integrated networks according to claim 2, wherein in the step S23, the behavior feature data comprises a traffic type, a traffic flow, a geographical position, and a turning angle, and the preprocessing comprises clipping and rotation.

5. The two-phase access authentication method integrating the spatial-temporal features in the space-air-ground integrated networks according to claim 2, wherein the step S22 further comprises the following operations: uploading the biological feature information of a successfully registered user equipment to the satellite after the biological feature information is calculated via a hash function.

6. The two-phase access authentication method integrating the spatial-temporal features in the space-air-ground integrated networks according to claim 1, wherein the step S3 specifically comprises the following substeps: S31, inputting, by the user, the identity identifier, a password, and facial feature information to the user equipment; locally using a deterministic key reconstruction algorithm to calculate a biometric key, and verifying whether the identity of the user is legal; if the identity is illegal, terminating the access; if the identity is legal, generating, by the user equipment, a current timestamp, acquiring a current position of the user, calculating an authentication message, and sending the timestamp, the current position of the user, and the authentication message to the satellite through the secure channel; S32, receiving, by the satellite, the timestamp, the current position of the user, and the authentication message which are sent by the user equipment, and first verifying whether an absolute value of a difference value between current time of the satellite and the timestamp is within a range of a time threshold; if no, denying the user access; otherwise, acquiring, by the satellite, identifier information in the authentication message, and searching, according to the identifier information, a local database of the satellite; if a successful matching is achieved, acquiring a position and time of the user equipment at the end of the latest access through the identifier information, and verifying, in combination with the current position of the user, whether an absolute value of a displacement difference value is within a displacement threshold range; if no, denying the user access; otherwise, searching, according to the identifier information, a hash value of the biological feature information stored in the local database of the satellite, and comparing the hash value with a hash value sent by the user equipment; if the two hash values are not equal, indicating that the user equipment is illegal, denying an access request of the user equipment, and returning authentication failure response information to the user equipment; if the two hash values are equal, generating a temporary session key and a temporary session key timestamp, calculating the temporary session key by using the hash function to obtain a new authentication message, and sending the new authentication message and the temporary session key timestamp to the user equipment together; S33, after receiving the new authentication message and the temporary session key timestamp, first checking, by the user equipment, whether an absolute value of a difference value between current time of the user equipment and the temporary session key timestamp is within the range of the time threshold; if no, terminating the access; otherwise, calculating a sharing key between the user equipment and the satellite, and comparing the sharing key with the new authentication message sent by the satellite; if the sharing key does not match the new authentication message, terminating the access; otherwise, completing the authentication, and indicating that the identity of the user is legal and an access may be allowed to a network of the satellite for services.

7. The two-phase access authentication method integrating the spatial-temporal features in the space-air-ground integrated networks according to claim 6, wherein the time threshold is 50 ms.

8. The two-phase access authentication method integrating the spatial-temporal features in the space-air-ground integrated networks according to claim 1, wherein the step S4 specifically comprises the following substeps: S41, initiating, by the satellite, a continued authentication request and spatial-temporal data acquisition cycle to the user equipment; S42 after receiving the continued authentication request, sending, by the user equipment, the spatial-temporal feature data to the satellite in the spatial-temporal data acquisition cycle, and sending, by the satellite, the spatial-temporal feature data to the ground network control center; S43, after receiving the real-time spatial-temporal feature data of the user equipment, comparing, by the ground network control center, the real-time spatial-temporal feature data with historical spatial-temporal feature data, thus providing a security trust level of the user equipment during data transmission, and feeding back the same to the satellite; and continuing or terminating, by the satellite according to security trust registration, the data transmission of the user equipment, and blacklisting the user equipment of which the data transmission is terminated.

Description

BRIEF DESCRIPTION OF FIGURES

[0034] FIG. 1 is a schematic diagram of a two-phase access authentication method integrating spatial-temporal features in the SAGIN.

[0035] FIG. 2 is a schematic diagram of a signaling flow of a two-phase access authentication method integrating spatial-temporal features in the SAGIN.

DETAILED DESCRIPTION

[0036] In order to make the objectives, technical solutions and advantages of the present disclosure clearer, the present disclosure is further described below in detail with reference to accompanying drawings and embodiments. It should be understood that the specific embodiments described here are merely to explain the present invention, and not intended to limit the scope of the present invention. In addition, in the following context, the descriptions of knowable structures and techniques are omitted to avoid unnecessary confusion with the concept of the disclosure.

[0037] The present invention claims a two-phase access authentication method integrating spatial-temporal features in the SAGIN, as shown in FIG. 1 and FIG. 2, including the following steps:

[0038] step I: an initializing phase: a ground network control center selects a parameter ω as a main key, and selects a suitable hash function ƒ.sub.h(⋅) simultaneously; [0039] step II: a device registration phase: a satellite having a legal permission and a user equipment perform identity information registration, user spatial-temporal feature information acquisition and spatial-temporal feature extraction in the ground network control center respectively;

[0040] step III: a primary authentication phase: the user completes local identity authentication, and achieves bidirectional authentication between the user and the satellite under the assistance of the NCC (network control center) simultaneously to ensure the security of a communication channel;

[0041] step IV: a continued authentication phase: the satellite initiates a continued authentication request and a spatial-temporal feature data acquisition request to the user; the user sends acquired data to the satellite; and the satellite performs continued authentication on the user under the assistance of the NCC to output a final authentication decision.

[0042] Specifically, the step II is achieved by the following substeps.

[0043] (2.1) completing registration of the satellite, and performing initialization, which include the following specific steps:

[0044] (2.1.1) After receiving a registration request sent by the satellite through a secure channel, the ground network control center generates a unique identity identifier ID.sub.S for the satellite, and calculates a sharing key K.sub.S=ƒ.sub.h(ID.sub.S∥ID.sub.NCC∥ω) of the satellite, where ID.sub.NCC represents an identity identifier of the ground network control center; in addition, the ground network control center generates a temporary identity identifier TID.sub.S=K.sub.S⊕ƒ.sub.h(ω) for the satellite, writes data {ID.sub.S, K.sub.S, TID.sub.S} to a memory of the satellite, and stores the same locally.

[0045] (2.1.2) The satellite generates a timestamp T.sub.1 and calculates V.sub.S=ID.sub.S⊕ƒ.sub.h(K.sub.S∥T.sub.1), and transmits {V.sub.S, T.sub.1, TID.sub.S} to the ground network control center through the secure channel.

[0046] (2.1.3) After receiving a message, the ground network control center verifies whether the timestamp meets a requirement, that is, |T.sub.NCC−T.sub.1|≤ΔT, where T.sub.NCC represents a timestamp when the ground network control center receives the message, and ΔT represents a threshold that the message freshness should satisfy. If the condition is not satisfied, the ground network control center denies the registration request of the satellite; if the condition is satisfied, the ground network control center respectively calculates K.sub.1=TID.sub.S⊕ƒ.sub.h(ω), K.sub.T=V.sub.S⊕ƒ.sub.h(K.sub.1∥T.sub.1), and K.sub.2=ƒ.sub.h(K.sub.T∥ID.sub.NCC∥ω), and verifies whether K.sub.1 is equal to K.sub.2; if no, the ground network control center denies the access of the satellite; and if yes, the ground network control center locally stores {ID.sub.S, K.sub.S}, generates a timestamp T.sub.2, calculates V′.sub.S=ƒ.sub.h(K.sub.S∥T.sub.2), and sends information {V′.sub.S, T.sub.2} to the satellite through the secure channel.

[0047] (2.1.4) After receiving a message sent by the ground network control center, the satellite verifies whether the timestamp meets a requirement, that is, |T.sub.S−T.sub.2|≤ΔT; if no, the satellite denies the access; otherwise, the satellite calculates V″.sub.S=ƒ.sub.h(K.sub.S∥T.sub.2), and verifies V′.sub.S=V″.sub.S; if no, the satellite denies the access, or stores information TID′.sub.S=ƒ.sub.h(ID.sub.S∥K.sub.S) and completes the flow.

[0048] (2.2) completing the user equipment registration and performing initialization, which include the following specific steps:

[0049] (2.2.1) The user equipment needs to have capabilities of acquiring biological feature and behavior feature data acquisition. First, the user selects one identity identifier ID.sub.MU and a high-entropy password PW, and acquires biological feature information (face information is taken as an example, and the recorded face information is denoted as ƒ) through the device. The user extracts a user face key {σ, ξ}=Gen(ƒ) by use of a probabilistic key generation algorithm by a fuzzy extractor, where Gen(⋅) represents a fuzzy extraction function; σ represents a facial feature key; and ξ represents a public parameter corresponding to the feature key and can be used for recovery and regeneration of a key. The user selects one random number r.sub.1, calculates a parameter F=ƒ.sub.h(ID.sub.MU∥σ∥r.sub.1), and sends {ID.sub.MU, F} to the ground network control center through the secure channel.

[0050] (2.2.2) After receiving information sent by the user, the ground network control center searches all registered user database lists in a server of the ground network control center. If it is found that there is a user identifier ID.sub.MU in the database lists, the ground network control center denies the user. Otherwise, the ground network control center selects one random number r.sub.2, and generates a temporary identity identifier ID′.sub.MU=ƒ.sub.h(ID.sub.MU∥r.sub.2) for the user. The ground network control center then calculates a user key K.sub.MU=ƒ.sub.h(ID′.sub.MU∥ω), calculates parameters W.sub.1=K.sub.MU⊕F and W.sub.2=ƒ.sub.h(ID′.sub.MU∥F∥K.sub.MU) respectively, and transmits information {ID′.sub.MU, W.sub.1, W.sub.2} to the user through the secure channel.

[0051] (2.2.3) After receiving the information, the user calculates ID″.sub.MU=ID.sub.MU⊕ID′.sub.MU and RPW=ƒ.sub.h(ID′.sub.MU⊕PW⊕W.sub.2)mod n.sub.0, where n.sub.0 represents a parameter for preventing a speculation attack. The user calculates parameters A=r.sub.1⊕ƒ.sub.h(ID′.sub.MU∥σ) and W.sub.3=W.sub.1⊕r.sub.1. In order to prevent user information leakage, data {ID″.sub.MU, T.sub.1, TID.sub.S} is locally stored on the user side, and the rest is deleted.

[0052] Specifically, the step III is achieved by the following substeps.

[0053] (3.1) When the user requests for accessing resources in a SAGIN, an identity authentication process will be performed. The user inputs identity identifier information, a password, and facial feature information to the device, locally uses a deterministic key reconstruction algorithm to calculate a biometric key, and verifies whether the identity of the user is legal; if the identity is illegal, the access is terminated; otherwise, the user equipment generates a current timestamp T.sub.M, acquires a current position L.sub.M of the user, calculates an authentication message, and sends the timestamp, the current position of the user, and the authentication message to the satellite through the secure channel.

[0054] (3.2) After receiving the message of the user, the satellite first verifies whether an absolute value |T.sub.S−T.sub.M| of a difference value between current time T.sub.S of the satellite and the timestamp T.sub.M is within a range of a threshold ΔT (low-orbiting satellite 50 ms); if no, the user access is denied; otherwise, the satellite acquires the identifier information ID in the authentication message sent by the user, and searches, according to the identifier information ID, a local database of the satellite. If a successful matching is achieved, a position L.sub.M of the user at the end of the latest access is acquired through the identifier information ID, and it is verified whether an absolute value |L.sub.M−L.sub.M| of a displacement difference value is within a range of a threshold |T.sub.M−T.sub.M|.Math.υ, where T.sub.M represents time at the end of the latest access of the user, and υ represents a user speed threshold (900 Km/h). If no, the user access is denied. Otherwise, a hash value of the biological feature information stored in the database of the satellite is searched according to the identifier information ID, and is then compared with a hash value sent by the user; if the two hash values are not equal, it indicates that the user is illegal, the access request of the user is denied, and authentication failure response information is returned to the user; if the two hash values are equal, a temporary session key ω′ and a timestamp T′.sub.S are generated; the hash function is used to calculate a new authentication message according to the key ω′; and the authentication message and the timestamp T′.sub.S are sent to the user together.

[0055] (3.3) After receiving the authentication message and the timestamp, the user first checks whether an absolute value |T′.sub.S−T′.sub.M| of a difference value between current time T′.sub.M of the user and the timestamp T′.sub.S is within the range of the threshold ΔT; if no, the access is terminated; otherwise, a sharing key between the user and the satellite is calculated, and is compared with the verification information sent by the satellite; if the sharing key does not match the verification information, the access is terminated; otherwise, the authentication in this phase is completed, and it indicates that the identity of the user is legal and an access may be allowed to a network of the satellite for data services.

[0056] Specifically, the step IV is achieved by the following substeps.

[0057] (4.1) If the user passes the primary authentication phase, and successfully accesses to the satellite for data transmission, the satellite initiates a continued authentication request and a spatial-temporal data acquisition cycle to the user; after the user receives the request, if the user agrees with the request, the user sends data to the satellite within the data acquisition cycle; and the satellite sends the data to the ground network control center. The ground network control center acquires data and trains models off line in the user registration phase. After receiving real-time data of the user, the ground NCC compares the data with features extracted from historical data, thus providing a security trust level of the user during traffic transmission, and feeding back the same to the satellite; and the satellite continues or terminates the transmission, according to security trust registration, the data transmission of the user, and blacklists the user of which the data transmission is terminated.

[0058] The above described embodiments are only the preferred embodiments of the present disclosure, and are not intended to limit the present invention. Any modifications, equivalent replacements or improvements, and the like that are made within the spirit and principle of the present invention shall fall within the protection scope of the present disclosure.