An authentication framework for a hybrid satellite network with resource-constrained nodes

摘要

The new phase of space exploration involves a growing number of human and robotic space missions to remote planets with varying communication and service requirements. Due to the critical nature of the missions, security is a very important requirement that needs to be addressed. Among primary security requirements are user authentication and message integrity that are needed to ensure that the data in the network is transmitted without unauthorized modifications between the source and destinations, and that data from only authorized network nodes are accepted by other nodes. In this paper we focus on the issue of user authentication and data integrity for a specific space network architecture supporting lunar exploration. We consider a hybrid network consisting of a terrestrial network on Earth, a network on the lunar surface, and a satellite constellation that connects the two surface networks. The lunar network comprises sensor nodes serviced by stationary gateways and mobile robotic vehicles with sensing capability, while the network on Earth is envisioned as a combination of private and public networks. The problem of authentication in this network is complex due to the presence of nodes with varying capabilities in terms of computation strength, storage and energy. The nodes on Earth and the gateways on the lunar surface would have higher computation and energy capabilities compared to the satellites and the sensor nodes. In this situation, an authentication protocol that is optimized to the strengths and limitations of the different classes of nodes would be most suited. We focus on a solution that will operate under the constraints of the space environment (delay, limited energy, limited processing capability at remote nodes). We present a framework for user authentication and data integrity based on an authentication algorithm that makes use of symmetric certificates and hash chains of keys used to compute Message Authentication Codes, to provide asymmetric authentication capabilities to the network nodes, nodes with more resources. We give a detailed description of the authentication protocol we develop for this network and provide an analysis of the security of the protocol by considering various types of passive and active attacks. We also highlight the savings incurred in terms of processing, storage and network bandwidth, which we get in using the proposed protocol in comparison to standard public-key authentication protocols.