In this paper we firstly introduce the network structure and security mechanism of DVB-RCS satellite communication system. Particularly we introduce the three key exchange protocols of DVB-RCS satellite communication system, which are main key exchange(MKE), quick key exchange(QKE) and explicit key exchange(EKE) protocols. Then we give a man-in-the-middle attack on MKE which means that an illegal third partner cheats both the two parties Network Control Centre(NCC) and Return Channel Satellite Terminal(RCST) by blocking their communication and sharing a key with each party respectively. Finally we propose two methods to resist the man-in-the-middle attack.%首先介绍DVB-RCS卫星通信系统的网络结构和安全机制,主要是主密钥协商(MKE)、快速密钥协商(QKE)、显式密钥协商(EKE)三种密钥协商协议.重点分析DVB-RCS卫星通信系统中主密钥协商协议的安全性,指出该协议存在中间人攻击的隐患.中间人攻击导致通信双方——回传链路卫星用户终端和网络控制中心,均认为只有自己和对方掌握了密钥,但实际上掌握密钥的是攻击者,而攻击者可以在通信双方不知情的情况下,完全控制通信过程.最后,针对存在中间人攻击的安全隐患给出两种解决方案.
展开▼
