CCSDS空间通信系统中数据加密/解密策略研究
摘要
随着空间通信技术的发展,越来越多的用户开始使用空间通信系统来完成信息的交互。与地面通信系统相比,空间通信系统的覆盖范围更广,拓扑结构变化更加频繁,环境更加开放,数据在传输过程中更容易受到攻击;而且系统的计算资源和功率有限,链路带宽比较窄,缓存空间及处理能力都受到限制,传统的地面通信安全协议及加密算法并不适用于空间通信系统。为了保证空间数据在信道中安全、高效地传输,对空间通信数据的加解密策略进行研究是很有必要的。
本文对CCSDS空间通信系统中传输数据的加密与解密策略进行了研究,通过对CCSDS提出的空间通信安全协议SCPS-SP与密码学中的典型加密算法进行深入分析,设计了一种基于SCPS-SP的混合加密策略,在不过多地增加额外通信开销的情况下,为空间链路中传输的数据单元提供较好的保护。
本文分析了DES对称加密与RSA非对称加密两大类算法各自的优缺点,提出将两种算法混合使用于空间通信的方案,并通过分别测试DES、RSA与混合加密的加密结果与所耗费的时间来分析其安全性与运算效率,在理论上验证了混合加密算法在空间通信系统中的可行性;建立了基于SCPS-SP的空间通信数据安全传输模型,将SCPS-SP与混合加密算法融合在一起,对加解密策略的实施方案进行了详细的设计,其中包括安全关联SA的建立、RSA密钥的交换以及对传输数据单元的SCPS-SP加解密处理,该策略可以实现对空间链路中传输数据单元的机密性、完整性和认证三个方面的保护功能;对空间数据加解密策略进行了仿真实现,通过模拟非法用户对数据的截获、篡改与伪造攻击,验证了策略对数据的保护功能;测试了加密策略实施后空间信道的传输效率,并通过比较IPsec和SCPS-SP两种协议下混合加密的实施对系统性能造成的影响,验证了将基于SCPS-SP的混合加密策略应用于空间通信系统的优势。
With the development of space communication technology, more and more users begin to send and receive information through the space wireless communication system. Relative to the ground network, the scope of space communication systems is more extensive, the diversification of topology is more frequent, the environment of system is more open, the assailment of outward is easier. Besides,the computation resource and power of space communication system is restricted,the bandwidth is narrow,the roomage and disposal power of buffer is limied,so the traditional ground network security protocol and encryption algorithm do not adapt to the space communication system. In order to ensure the data transmit safe and efficiently through the space channel, it is necessary to do deeper research about encryption/decryption strategy which is used in space communication system.
This paper did deeper research about encryption and decryption strategy of the transmiting data on CCSDS space communication system,and designed a mixed encryption strategy based on SCPS-SP by deeply analysising SCPS-SP made by CCSDS and the typical encryption algorithm of cryptography. This strategy can provide better protection with much less additional communication overhead for the data units transmiting in the space link.
This paper analyzed the advantages and disadvantages of DES symmetric encryption and RSA asymmetric encryption, proposed the project that making the two types of algorithm mixed to use in space communication,and verified the feasibility in theory by testing the encrypting results and cost time to analyze the safety and operational efficiency; established the space communicating data transfer model based on SCPS-SP, and made the mixed encryption algorithm and SCPS-SP together,carried out a detailed design for the implementation of encryption strategy,which including the establishment of security association(SA),RSA key exchange and the SCPS-SP encryption processing of space data units.This strategy can achieve the protection of confidentiality,integrity and authentication in three areas for the data units transmiting in space link;implemented this strategy,and validate the protective function for space data by simulating the illegal interception,tamper and forgery attack;tested the transmission efficiency of space channel, validate the advantages after implementing the encryption strategy in space communication system by comparing the impact for system performance which used mixed encryption algorithm both in IPsec and SCPS-SP.
本文对CCSDS空间通信系统中传输数据的加密与解密策略进行了研究,通过对CCSDS提出的空间通信安全协议SCPS-SP与密码学中的典型加密算法进行深入分析,设计了一种基于SCPS-SP的混合加密策略,在不过多地增加额外通信开销的情况下,为空间链路中传输的数据单元提供较好的保护。
本文分析了DES对称加密与RSA非对称加密两大类算法各自的优缺点,提出将两种算法混合使用于空间通信的方案,并通过分别测试DES、RSA与混合加密的加密结果与所耗费的时间来分析其安全性与运算效率,在理论上验证了混合加密算法在空间通信系统中的可行性;建立了基于SCPS-SP的空间通信数据安全传输模型,将SCPS-SP与混合加密算法融合在一起,对加解密策略的实施方案进行了详细的设计,其中包括安全关联SA的建立、RSA密钥的交换以及对传输数据单元的SCPS-SP加解密处理,该策略可以实现对空间链路中传输数据单元的机密性、完整性和认证三个方面的保护功能;对空间数据加解密策略进行了仿真实现,通过模拟非法用户对数据的截获、篡改与伪造攻击,验证了策略对数据的保护功能;测试了加密策略实施后空间信道的传输效率,并通过比较IPsec和SCPS-SP两种协议下混合加密的实施对系统性能造成的影响,验证了将基于SCPS-SP的混合加密策略应用于空间通信系统的优势。
With the development of space communication technology, more and more users begin to send and receive information through the space wireless communication system. Relative to the ground network, the scope of space communication systems is more extensive, the diversification of topology is more frequent, the environment of system is more open, the assailment of outward is easier. Besides,the computation resource and power of space communication system is restricted,the bandwidth is narrow,the roomage and disposal power of buffer is limied,so the traditional ground network security protocol and encryption algorithm do not adapt to the space communication system. In order to ensure the data transmit safe and efficiently through the space channel, it is necessary to do deeper research about encryption/decryption strategy which is used in space communication system.
This paper did deeper research about encryption and decryption strategy of the transmiting data on CCSDS space communication system,and designed a mixed encryption strategy based on SCPS-SP by deeply analysising SCPS-SP made by CCSDS and the typical encryption algorithm of cryptography. This strategy can provide better protection with much less additional communication overhead for the data units transmiting in the space link.
This paper analyzed the advantages and disadvantages of DES symmetric encryption and RSA asymmetric encryption, proposed the project that making the two types of algorithm mixed to use in space communication,and verified the feasibility in theory by testing the encrypting results and cost time to analyze the safety and operational efficiency; established the space communicating data transfer model based on SCPS-SP, and made the mixed encryption algorithm and SCPS-SP together,carried out a detailed design for the implementation of encryption strategy,which including the establishment of security association(SA),RSA key exchange and the SCPS-SP encryption processing of space data units.This strategy can achieve the protection of confidentiality,integrity and authentication in three areas for the data units transmiting in space link;implemented this strategy,and validate the protective function for space data by simulating the illegal interception,tamper and forgery attack;tested the transmission efficiency of space channel, validate the advantages after implementing the encryption strategy in space communication system by comparing the impact for system performance which used mixed encryption algorithm both in IPsec and SCPS-SP.
引文
[1]徐冠华.全社会要高度关注“数字地球”.《科学新闻》周刊第一期.Available at: http://www.digitalearth.net.cn/readingroom/xgh.htm
[2] Marco Caceres.Space Mission Model:2001-2010.Aerospace America.2001.6. Available at:http://www.aiaa.org/aerospace/Article.cfm?iss- uetocid=97&Archive-IssueID=15
[3]石卫平等.聚焦2001:世界航天系统发展综述.装备参考.2002.38.(6):1-7
[4]陈富生.美军C3I系统发展现状与趋势.装备参考.2002.61(29):1-8
[5]焦艳.空天信息网络与网络管理系统安全策略研究.沈阳理工大学硕士学位论文,2008.5-15
[6]马永奎,张中兆,张乃通.一种基于CCSDS AOS的星上数据系统仿真分析.遥测遥控.2002.3
[7]段小芳,安红章,谢上明.空间通信安全协议研究.通信技术.2009.12(42)
[8]戚文静,刘学主编.网络安全原理与应用.北京:中国水利水电出版社,2005.1-3
[9]刘泳,董勇,李泽慧.空间通信协议分析与一体化网络安全问题探讨.中国空间科学技术.2004.2(1)
[10] Coppersmith.D.DataEncryption Standard(DES) and its strength against attacks. IBM Journal of Research and Development,v38,n3,May,1994:243-250
[11] Foss,Christopher F.DSA 2004:Introduction.Jane’s Defence Weekly, nAPR,APril,2004:1-4
[12]张雁,林英,郝林.椭圆曲线公钥密码体制的研究热点综述.计算机工程. 2004.30(3):127-129
[13] The Application of CCSDS Protocols to Secure Systems. Informational report.CCSDS.350.0-G-2,Green Book, January 2006
[14] CCSDS. Space Communications Protocol Specification (SCPS)-Security Protocol (SCPS-SP). CCSDS 713·5-B-1,Blue Book, Issue 1, May 1999
[15] CCSDS. Next Generation Space Internet (NGSI)-End-to-End Security for Space Mission Communications.CCSDS 733·5-O-1, Experimental Specification, April, 2003
[16]叶晓国,肖甫,孙力娟,王汝传.SCPS/CCSDS协议研究与性能分析.计算机工程与应用.2009,45(4)
[17]史立,鲁士文.空间数据通信协议发展研究.微电子学与计算机.2004.21(2)
[18]王恒,续欣,刘爱军.SCPS协议在卫星通信中的应用.计算机与网络:科技信息.2009
[19]梁义.CCSDS中SCPS协议研究.沈阳航空工业学院硕士学位论文.2020,1
[20] Gavin Kenny, Nicholas Achilleos, Ewan Carr, Gary Lay. A Testbed for Simulating and Exploring Secure Communications between Terrestrial and Space Environments. Logica UK Ltd
[21]潘瑜.密码体制及加密传输方式比较研究.常州信息职业技术学院学报.2004.12(4)
[22]卢开澄编著.计算机密码学.北京:清华大学出版社,2000
[23]刘泳,董勇,李泽慧.关于CCSDS体制数据安全保护实施位置的探讨.中国空间科学技术.2002,4(2)
[24]曹静.移动IPsec研究和NS-2仿真实现.西安电子科技大学硕士学位论文,2010.1
[25]杨明,胥光辉,齐望东等译.密码编码学与网络安全:原理与实践(第二版).北京:电子工业出版社,2001(4):321
[26]吴世忠,祝世雄,张文政译.应用密码学(协议、算法与C源程序).北京:机械工业出版社,2001.3
[27]王永刚.一种基于DES和RSA算法的混合密码系统.北京大学计算机科学技术系.2006,8
[28] Coppersmith.D.Data EneyrPtion Stnadard(DES)and its strength against attacks.IBM Jounral of Researeh and Development,v38,n3,M,ya1994:243-250
[29]孙琦.关于一类陷门单向函数.四川大学学报:自然科学版,1985(4):33-35
[30]唐学琴.增强IPsecVPN数据安全性的混合加密算法研究.武汉理工大学硕士学位论文.2006,4
[31]刘晓真,王瑗.几种加密算法安全性的概率分析.河南教育学院学报:自然科学版,2004.12(13)
[32]冯登国,吴文玲.分组密码的设计与分析.北京:清华大学出版社,2000
[33]刘秀莲.一种混合加密算法的研究.太原理工大学硕士学位论文,2007.5
[34]刘俊辉.MD5消息摘要算法实现及改进.福建电脑,2007(4)
[35]洪志国,王永滨,石民勇.LEO卫星网络中安全协议的建模与性能分析.计算机工程.2009,4(7)
[36]王剑,张权,唐朝京.空间Internet的安全体系结构.中国空间科学计术.2006.2(1)
[37]刘波,黄文学.用IPsec提高网络安全性.应用技术.2001,8
[38]段小芳,安红章,谢上明.空间通信安全协议研究.通信技术,2009.12(42)
[39] Encryption Algorithm Trade Survey.Informational Report.CCSDS 350.2-G-1,Green Book,March 2008
[40]黄攀峰.基于CCSDS的高级在轨系统及信息交互技术研究.西北工业大学硕士学位论文.2001,3
[41]肖明君.空天网络接入与切换技术实现的研究.沈阳理工大学硕士学位论文.2009,6
[2] Marco Caceres.Space Mission Model:2001-2010.Aerospace America.2001.6. Available at:http://www.aiaa.org/aerospace/Article.cfm?iss- uetocid=97&Archive-IssueID=15
[3]石卫平等.聚焦2001:世界航天系统发展综述.装备参考.2002.38.(6):1-7
[4]陈富生.美军C3I系统发展现状与趋势.装备参考.2002.61(29):1-8
[5]焦艳.空天信息网络与网络管理系统安全策略研究.沈阳理工大学硕士学位论文,2008.5-15
[6]马永奎,张中兆,张乃通.一种基于CCSDS AOS的星上数据系统仿真分析.遥测遥控.2002.3
[7]段小芳,安红章,谢上明.空间通信安全协议研究.通信技术.2009.12(42)
[8]戚文静,刘学主编.网络安全原理与应用.北京:中国水利水电出版社,2005.1-3
[9]刘泳,董勇,李泽慧.空间通信协议分析与一体化网络安全问题探讨.中国空间科学技术.2004.2(1)
[10] Coppersmith.D.DataEncryption Standard(DES) and its strength against attacks. IBM Journal of Research and Development,v38,n3,May,1994:243-250
[11] Foss,Christopher F.DSA 2004:Introduction.Jane’s Defence Weekly, nAPR,APril,2004:1-4
[12]张雁,林英,郝林.椭圆曲线公钥密码体制的研究热点综述.计算机工程. 2004.30(3):127-129
[13] The Application of CCSDS Protocols to Secure Systems. Informational report.CCSDS.350.0-G-2,Green Book, January 2006
[14] CCSDS. Space Communications Protocol Specification (SCPS)-Security Protocol (SCPS-SP). CCSDS 713·5-B-1,Blue Book, Issue 1, May 1999
[15] CCSDS. Next Generation Space Internet (NGSI)-End-to-End Security for Space Mission Communications.CCSDS 733·5-O-1, Experimental Specification, April, 2003
[16]叶晓国,肖甫,孙力娟,王汝传.SCPS/CCSDS协议研究与性能分析.计算机工程与应用.2009,45(4)
[17]史立,鲁士文.空间数据通信协议发展研究.微电子学与计算机.2004.21(2)
[18]王恒,续欣,刘爱军.SCPS协议在卫星通信中的应用.计算机与网络:科技信息.2009
[19]梁义.CCSDS中SCPS协议研究.沈阳航空工业学院硕士学位论文.2020,1
[20] Gavin Kenny, Nicholas Achilleos, Ewan Carr, Gary Lay. A Testbed for Simulating and Exploring Secure Communications between Terrestrial and Space Environments. Logica UK Ltd
[21]潘瑜.密码体制及加密传输方式比较研究.常州信息职业技术学院学报.2004.12(4)
[22]卢开澄编著.计算机密码学.北京:清华大学出版社,2000
[23]刘泳,董勇,李泽慧.关于CCSDS体制数据安全保护实施位置的探讨.中国空间科学技术.2002,4(2)
[24]曹静.移动IPsec研究和NS-2仿真实现.西安电子科技大学硕士学位论文,2010.1
[25]杨明,胥光辉,齐望东等译.密码编码学与网络安全:原理与实践(第二版).北京:电子工业出版社,2001(4):321
[26]吴世忠,祝世雄,张文政译.应用密码学(协议、算法与C源程序).北京:机械工业出版社,2001.3
[27]王永刚.一种基于DES和RSA算法的混合密码系统.北京大学计算机科学技术系.2006,8
[28] Coppersmith.D.Data EneyrPtion Stnadard(DES)and its strength against attacks.IBM Jounral of Researeh and Development,v38,n3,M,ya1994:243-250
[29]孙琦.关于一类陷门单向函数.四川大学学报:自然科学版,1985(4):33-35
[30]唐学琴.增强IPsecVPN数据安全性的混合加密算法研究.武汉理工大学硕士学位论文.2006,4
[31]刘晓真,王瑗.几种加密算法安全性的概率分析.河南教育学院学报:自然科学版,2004.12(13)
[32]冯登国,吴文玲.分组密码的设计与分析.北京:清华大学出版社,2000
[33]刘秀莲.一种混合加密算法的研究.太原理工大学硕士学位论文,2007.5
[34]刘俊辉.MD5消息摘要算法实现及改进.福建电脑,2007(4)
[35]洪志国,王永滨,石民勇.LEO卫星网络中安全协议的建模与性能分析.计算机工程.2009,4(7)
[36]王剑,张权,唐朝京.空间Internet的安全体系结构.中国空间科学计术.2006.2(1)
[37]刘波,黄文学.用IPsec提高网络安全性.应用技术.2001,8
[38]段小芳,安红章,谢上明.空间通信安全协议研究.通信技术,2009.12(42)
[39] Encryption Algorithm Trade Survey.Informational Report.CCSDS 350.2-G-1,Green Book,March 2008
[40]黄攀峰.基于CCSDS的高级在轨系统及信息交互技术研究.西北工业大学硕士学位论文.2001,3
[41]肖明君.空天网络接入与切换技术实现的研究.沈阳理工大学硕士学位论文.2009,6