空间网络大时延间歇容忍的密钥交换与短标签认证

项目名称： 空间网络大时延间歇容忍的密钥交换与短标签认证

项目编号： No.61472308

项目类型： 面上项目

立项/批准年度： 2015

项目学科： 自动化技术、计算机技术

项目作者： 吕锡香

作者单位： 西安电子科技大学

项目金额： 81万元

中文摘要： 空间互联网是未来空间探索任务的信息承载体。大时延间歇容忍的密钥分发和传输单元的分片认证是空间互联网信息安全研究的公开难题。本项目研究空间互联网非交互的认证公钥交换和短标签分片认证问题。具体包括：从空间网络时空特性出发，探索空间互联网时空演化模型和非交互的认证公钥交换，研究大时延间歇空间链路环境下密钥分发与交换协议的构造与安全分析，从而为构建空间互联网初始信息安全上下文提供基础理论和关键技术；研究空间互联网协议数据单元的分片传输机理和行为模式，构造空间互联网短标签计算节约型分片认证机制，并研究认证机制对丢包和后验分片的适应性问题，从而获得空间互联网分片认证机制的一般性构造方法，完善空间互联网信息安全规范。项目完成后将获得空间互联网络密钥管理基础算法和协议，解决空间互联网短标签分片认证问题，为建立空间互联网信息安全基础环境提供理论和方法参考。成果应用于空间互联网安全通信，支持未来空间探测任务。

中文关键词： 空间信息网络；密钥管理；非交互认证密钥分发协议；Bundle分片认证

英文摘要： Space-based networks will serve as the information carrier of the future space exploration missions. How to establish an initial context for information security and how to authenticate a bundle when it is fragmented are the remaining open issues of the IRTF Bundle Security Protocol (BSP) specification. In this research, we concentrate on non-interactive authenticated public-key exchanging protocol and bundle fragment authentication issue, which are outlined as follows. Firstly, we explore the space-time evolving behavior of Space-based networks and utilize space-time graph to formally model the space internet. With the formal space-time model, we can design non-interactive authenticated public-key exchanging protocols and further construct delay/disruption tolerant key distribution protocols. The resulting contributions will help to establish an initial information security context for the future Space-based networks. Secondly, we model the fragment and transmission mechanism of BP-PDUs, and further construct BP-PDU fragment authentication mechanisms with short tags and low computation costs. In this construction, we consider the adaptation of the fragment authentication mechanisms to the reactive fragment during transmission. The resulting contributions will give a general construction way for BP-PDU fragment authentication and improve the BSP Specification. When this research is completed, we will achieve a suit of basic algorithms and protocols for key management of space internet information security, and address the BP-PDU fragment authentication issue in Space-based networks. The contributions of this research will provide a theoretic basis and a design reference for establishing an initial information security context for the future space internet, and can be applied to the future space exploration missions.

英文关键词： Space-based Networks;Key Establishment;Non-interactive Key Distribution;Bundle Fragment Authentication