天地网络安全保障技术研究

李凤华; 张林杰; 陆月明; 耿魁; 郭云川

doi:10.11959/j.issn.2096-8930.20200102

您当前的位置：

首页 >

文章列表页 >

天地网络安全保障技术研究

综述 | 更新时间：2024-06-03

- 天地网络安全保障技术研究
- Research on Space-Ground Network Security Guarantee Technology
- 天地一体化信息网络 2020年1卷第1期页码：17-25
- 作者机构：
  
  1. 中国科学院信息工程研究所，北京 100195
  2. 中国科学院大学网络空间安全学院，北京 100049
  3. 中国电子科技集团公司第五十四研究所，河北石家庄 050081
  4. 北京邮电大学，北京 100876
- 作者简介：
  
  [ "李凤华，男，博士，中国科学院信息工程研究所研究员，博士生导师，主要研究方向为网络与系统安全、隐私计算、密码应用" ]
  [ "张林杰，女，中国电子科技集团公司第五十四研究所研究员，主要研究方向为网络安全、通信网络与系统" ]
  [ "陆月明，男，博士，北京邮电大学教授、博士生导师，主要研究方向为分布式计算、区块链技术、网络空间安全" ]
  [ "耿魁，男，博士，中国科学院信息工程研究所高级工程师，主要研究方向为网络安全" ]
  [ "郭云川，男，博士，中国科学院信息工程研究所正高级工程师、博士生导师，主要研究方向为访问控制" ]
- 基金信息：
  
  国家重点研发计划基金资助项目;The National Key Research Project and Development Program of China(2016YFB0801001);国家自然科学基金资助项目;the National Natural Science Foundation of China(U1836203)
- DOI：10.11959/j.issn.2096-8930.20200102
  中图分类号： TN929
- 网络出版日期：2020-09-20，
  
  纸质出版日期：2020-09-20
- 稿件说明：
移动端阅览
李凤华, 张林杰, 陆月明, 等. 天地网络安全保障技术研究[J]. 天地一体化信息网络, 2020,1(1):17-25.

Fenghua LI, Linjie ZHANG, Yueming LU, et al. Research on Space-Ground Network Security Guarantee Technology[J]. Space-integrated-ground information networks, 2020, 1(1): 17-25.
李凤华, 张林杰, 陆月明, 等. 天地网络安全保障技术研究[J]. 天地一体化信息网络, 2020,1(1):17-25. DOI： 10.11959/j.issn.2096-8930.20200102.

Fenghua LI, Linjie ZHANG, Yueming LU, et al. Research on Space-Ground Network Security Guarantee Technology[J]. Space-integrated-ground information networks, 2020, 1(1): 17-25. DOI： 10.11959/j.issn.2096-8930.20200102.

摘要

梳理天地网络的特征，针对天地网络中的安全威胁，系统地梳理测控/运控信息、终端接入、无线信道、传输、业务信息系统、运维管理等方面的安全风险，提出融合安全支撑层、接入安全层、网络安全层、安全服务层及安全态势预警、统一安全管理等的天地网络安全保障架构，设计统一安全管理与安全态势预警、实体认证与接入防护、多域网络互联安全控制、密码按需服务、安全服务动态重构等的实现机制，为天地网络安全提供有效支撑。

Abstract

The characteristics of space-ground network was combed.Against security threats in space-ground network

the security risks faced by measurement control

operation control

terminal access

wireless transmission

transmission

business information system

maintenance management were analyzed.Further

by dividing space-ground network security into four layers:foundation layer

access layer

network layer and application layer

a security architecture to protect space-ground network was proposed.An implement mechanism (including unifi ed security management and security situation aware

entity authentication and access protection

interconnection control

cipher on-demand service

dynamic reconstruction of security service ) was designed to guarantee the security of space-ground network.

关键词

Keywords

references

XUE K , MENG W , LI S , et al . A secure and efficient access and handover authentication protocol for internet of things in space information networks [J ] . IEEE Internet of Things Journal , 2019 : 1 - 1 .

LIU Y N , LV S Z , XIE M , et al . Dynamic anonymous identity authentication (DAIA) scheme for VANET [J ] . International Journal of Communication Systems , 2019 , 32 ( 5 ):e3892.

YOON E J , YOO K Y , HONG J W , et al . An efficient and secure anonymous authentication scheme for mobile satellite communication systems [J ] . EURASIP Journal on Wireless Communications and Networking , 2011 ( 1 ):86.

朱辉 , 武衡 , 赵海强 , 等 . 适用于双层卫星网络的星间组网认证方案 [J ] . 通信学报 , 2019 , 40 ( 3 ): 1 - 9 .

ZHU H , WU H , ZHAO H Q , et al . Efficient authentication scheme for double-layer satellite network [J ] . Journal on Communications , 2019 , 40 ( 3 ): 1 - 9 .

张子剑 , 周琪 , 张川 , 等 . 新的低轨星座组网认证与群组密钥协商协议 [J ] . 通信学报 , 2018 , 39 ( 6 ): 150 - 158 .

ZHANG Z J , ZHOU Q , ZHANG C , et al . New low-earth orbit satellites authentication and group key agreement protocol [J ] . Journal on Communications , 2018 , 39 ( 6 ): 150 - 158 .

薛开平 , 周焕城 , 孟薇 , 等 . 天地一体化网络无缝切换和跨域漫游场景下的安全认证增强方案 [J ] . 通信学报 , 2019 , 40 ( 6 ):138147.

XUE K P , ZHOU H C , MENG W , et al . Secure authentication enhancement scheme for seamless handover and roaming in space information network [J ] . Journal on Communications , 2019 , 40 ( 6 ): 138 - 147 .

BASS T , GRUBER D . A glimpse into the future of ID [J ] . login::the magazine of USENIX＆SAGE , 1999 , 24 ( 4 ): 40 - 45 .

SIATERLIS C , MAGLARIS V . One step ahead to multisensor data fusion for DDoS detection [J ] . Journal of Computer Security , 2005 13 : 779 - 806 .

LU J , YANG X , ZHANG G . Support vector machine based multi source multi attribute information integration for situation assessment [J ] . Expert Systems with Applications , 2008 , 34 ( 2 ): 1333 - 1340 .

POOLSAPPASIT N , DEWRI R , RAY I . Dynamic security risk management using bayesian attack graphs [J ] . IEEE Transactions on Dependable and Secure Computing , 2012 , 9 ( 1 ): 61 - 74 .

HU G Y , ZHOU Z J , ZHANG B C , et al . A method for predicting the network security situation based on hidden BRB modeland revised CMA-ES algorithm [J ] . Applied Soft Computing , 2016 , 48 : 404 - 418 .

陈秀真 , 郑庆华 , 管晓宏 , 等 . 层次化网络安全威胁态势量化评估方法 [J ] . 软件学报 , 2006 , 17 ( 4 ): 885 - 897 .

CHEN X Z , ZHENG Q H , GUAN X H , et al . Quantitative hierarchical threat evaluation model for network security [J ] . Journal of Software , 2006 , 17 ( 4 ): 885 - 897 .

张勇 , 谭小彬 , 崔孝林 , 等 . 基于 Markov 博弈模型的网络安全态势感知方法 [J ] . 软件学报 , 2011 , 22 ( 3 ): 495 - 508 .

ZHANG Y , TAN X T , CUI X L , et al . Network security situation awareness approach based on Markov game model [J ] . Journal of Software , 2011 , 22 ( 3 ): 495 - 508 .

HU J , TIAN M , WANG Y . Risk assessment and comparative analysis for technical standards alliance based on fuzzy ahp method and bp neural network method [C ] // 2016 Portland International Conference on Management of Engineering and Technology,Honolulu , 2016 597 - 605 .

MELEK O , REFIK M . Denial of service prevention in satellite networks [C ] // IEEE International Conference on Communications , 2004 : 4387 - 4391 .

MA T , LEE Y H , MA M D . Protecting satellite systems from disassociation DoS attacks [J ] . Wireless Personal Communications , 2013 , 69 ( 2 ): 623 - 638 .

MUHAMMAD U , MARWA Q . Mitigating distributed denial of service attacks in satellite networks [J ] . Transactions on Emerging Telecommunications Technologies , 2020 , 31 ( 6 ).

关汉男 . 基于LEO的空间网络安全体系及关键技术研究 [D ] . 上海：上海交通大学 , 2014 .

GUAN H N . Research on key security technologies in LEO-based space network [D ] . Shanghai:Shanghai Jiao Tong University , 2014 .

LI G , ZHOU H , FENG B , et al . Horizontal-based orchestration for multi-domain SFC in SDN/NFV-enabled satellite/terrestrial networks [J ] . China Communications , 2018 , 15 ( 5 ): 77 - 91 .

FENG B , LI G , LI G , et al . Effcient mappings of service function chains at terrestrial-satellite hybrid cloud networks [C ] // 2018 IEEE Global Communications Conference (GLOBECOM) . IEEE , 2018 : 1 - 6 .

开彩红 , 肖瑶 , 方青 . 基于人工蜂群算法的中继卫星任务调度研究 [J ] . 电子与信息学报 , 2015 , 37 ( 10 ): 2466 - 2474 .

KAI C H , XIAO Y , FANG Q . Relay satellite scheduling based on artificial bee colony algorithm [J ] . Journal of Electronics ＆Information Technology , 2015 , 37 ( 10 ): 2466 - 2474 .

潘成胜 , 梁芷铭 , 石怀峰 , 等 . 面向并发业务的卫星网络服务功能链编排优化算法 [J ] . 计算机工程 , 2020

PAN C S , LIANG Z M , SHI H F , et al . Concurrent spatial information network service function chain quick scheduling method [J ] . Computer Engineering , 2020

易卓 , 孙慕明 , 杜学绘 . 基于服务映射与分块调度的天基接入点密码资源调度算法 [J ] . 信息安全研究 , 2019 , 5 ( 9 ): 805 - 811 .

YI Z , SUN M M , DU X H . A cryptography resources scheduling algorithm for space-based access points based on service mapping and blocks scheduling [J ] . Journal of Information Security Research , 2019 , 5 ( 9 ): 805 - 811 .

许英鑫 . 云密码资源池调度关键技术研究 [D ] . 郑州：战略支援部队信息工程大学 , 2019 .

XU Y X . Research on key technique of cloud cryptographic resource pool scheduling [D ] . Zhengzhou:Information Engineering University , 2019 .

王泽武 , 孙磊 , 郭松辉 , 等 . 密码云中基于熵权评价的虚拟密码机调度方法 [J ] . 计算机应用 , 2018 , 38 ( 5 ): 1353 - 1359 .

WANG Z W , SUN L , GUO S H , et al . Scheduling method of virtual cipher machine based on entropy weight evaluation in cryptography cloud [J ] . Journal of Computer Applications , 2018 , 38 ( 5 ): 1353 - 1359 .

浏览量

1579

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据