logo

SCIENTIA SINICA Informationis, Volume 49, Issue 7: 799-818(2019) https://doi.org/10.1360/N112019-00002

Development status and applied research on mimic technologies for space-ground integration information network

More info
  • ReceivedJan 2, 2019
  • AcceptedApr 12, 2019
  • PublishedJul 16, 2019

Abstract

Space-ground integration information network is one of the national science and technology major projectstoward 2030, however, the existingnetwork architecture and technical systemsarestill faced with a series of challenges such as high-performance network node, efficient internetworking and integrated security architecture. The main research object of this study is the application of mimic technologies. Based on the analysis of the technical challenges and the existing protection technologies and the ideas of space-ground integrated information network, the application of mimic defense, mimic computing and software defined interconnection technology in the space-ground network architecture and key information system is proposed. Related technical ideas and the proposed design can be used to provide reference for building of space-ground integration informationnetwork with high-speed, efficiency, flexibility and security.


Funded by

国家自然科学基金创新研究群体(61521003)

国家重点研发计划(2016YFB0800100,2016YFB0800101)

国家自然科学基金(61602509)

河南省科技攻关计划(172102210615)

信息工程大学新兴方向培育基金(2016610708)


References

[1] McKeown N, Anderson T, Balakrishnan H. OpenFlow. ACM SIGCOMM Comput Commun Rev, 2008, 38: 69-74 CrossRef Google Scholar

[2] Hakiri A, Gokhale A, Berthou P. Software-Defined Networking: Challenges and research opportunities for Future Internet. Comput Networks, 2014, 75: 453-471 CrossRef Google Scholar

[3] Han B, Gopalakrishnan V, Ji L S, et al. Network function virtual-ization: challenges and opportunities for innovations. IEEE Commun Mag, 2015, 53: 90--97. Google Scholar

[4] Mijumbi R, Serrat J, Gorricho J L, et al. Management and orches-tration challenges in network functions virtualization. IEEE Commun Mag, 2016, 54: 98--105. Google Scholar

[5] Wu J. Thoughts on the development of novel network technology. Sci Sin-Inf, 2018, 48: 1102-1111 CrossRef Google Scholar

[6] Wu J X. Meaning and vision of mimic compu-ting and mimic security defense. Telecommunications Science, 2014, 30: 2--7. Google Scholar

[7] Wu J X. Introduction to Cyberspace Mimic Defense. Beijing: Science Press, 2017. Google Scholar

[8] Lv P, Liu Q, Wu J. New generation software-defined architecture. Sci Sin-Inf, 2018, 48: 315-328 CrossRef Google Scholar

[9] Zheng G, Ma H T, Cheng C. Design and logical analysis on the access authentication scheme for satellite mobile communication networks. IET Inf Secur, 2012, 6: 6-13 CrossRef Google Scholar

[10] Bayrakdar M E, Atmaca S, Karahan A. A slotted Aloha based random access cognitive radio network and its perfor-mance evaluation. In: Proceedings of the 20th International Conference on Software, Telecommunications and Computer Networks (Soft Com). New York: IEEE, 2012. 1--5. Google Scholar

[11] Xiao N, Liang J, Zhang H Y, et al. A channel access strategy based on cognitive radio for satellite communication network. J Astro-nautics, 2015, 36: 589--595. Google Scholar

[12] Hwang M S, Yang C C, Shiu C Y. An authentication scheme for mobile satellite communication systems. SIGOPS Oper Syst Rev, 2003, 37: 42-47 CrossRef Google Scholar

[13] Xu G Y, Chen X Y, Du X H, et al. New near space security handoff scheme based on content transfer. Comput Sci, 2013, 40: 160--163. Google Scholar

[14] He D, Chen C, Chan S. Secure and Efficient Handover Authentication Based on Bilinear Pairing Functions. IEEE Trans Wireless Commun, 2012, 11: 48-53 CrossRef Google Scholar

[15] Deng Z, Long B, Lin W, et al. GEO satellite communications system soft handover algorithm based on residence time. In: Proceedings of the 3rd International Conference on Computer Science and Network Technology (ICCSNT). New York: IEEE, 2013. 834--838. Google Scholar

[16] Rahman M, Walingo T, Takawira F. Adaptive handover scheme for LEO satellite communication system. In: Proceedings of AFRICON. New York: IEEE, 2015. 1--5. Google Scholar

[17] Zhaofeng W, Guyu H, Seyedi Y, et al. A simple real-time handover management in the mobile satellite communication networks. In: Proceedings of the 17th Asia-Pacific Network Operations and Management Symposium (APNOMS). New York: IEEE, 2015. 175--179. Google Scholar

[18] Sun Y, Ji Z, Wang H. TFRC-Satellite: A TFRC Variant with a Loss Differentiation Algorithm for Satellite Networks. IEEE Trans Aerosp Electron Syst, 2013, 49: 716-725 CrossRef ADS Google Scholar

[19] Hou W, Xian B, Guo L, Et al. Novel routing algorithms in space information networks based on timeliness-aware data mining and time-space graph. In: Proceedings of International Conference on Wireless Communications & Signal Pro-cessing (WCSP). New York: IEEE, 2015. 1--5. Google Scholar

[20] Yavuz A A, Alagz F, Anarim E. SAT05-6: NAMEPS: n-tier satellite multicast security protocol based on signcryption schemes. In: Proceedings of IEEE Globecom, 2006. 1--6. Google Scholar

[21] Sun Y, Ma H. Satellite multi-group key management. In: Proceedings of IEEE 3rd International Conference on Information Science and Technology (ICIST). New York: IEEE, 2013. 894--899. Google Scholar

[22] Elmasri M H, Megahed M H, Elazeem M H A. Design and software implementation of new high performance group key management algorithm for tactical satellite. In: Proceedings of the 33rd Na-tional Radio Science Conference (NRSC). New York: IEEE, 2016. 149--158. Google Scholar

[23] Hu S M X. Classification and key management approaches for space networks security. In: Proceedings of International Conference on An-ti-counterfeiting, Security and Identification, Guiyang, 2008. 127. Google Scholar

[24] Li B, Liu C Y, Zhang Y B, et al. Space-based Information Port and its Mul-ti-information Fusion Application.Journal of CAEIT, 2017, 12: 251--256. Google Scholar

[25] Tian X, Ni M, Shi H J, et al. Hardware implementation of space-based network universal service platform. Comput Syst Appl, 2018, 27: 45--51. Google Scholar

[26] Wang R, Han X D, Wang C, et al.Resources scheduling and cooperative management of space-based information networks. J Commun, 2017, 38: 104--109. Google Scholar

[27] Hu J P, Xu H Z, Li T, et al. Discussion on networked and integrated space-ground in-formation system. J Spacecr TT&C Tech, 2016, 35: 241--252. Google Scholar

[28] Wang C, Han X D, Wang R, et al. Study of key technology for reconfigurable satellite plat-form supporting network interconnection. J Commun, 2017, 38: 83--87. Google Scholar

[29] Space communications protocol standards (SCPS). [2017-08-08]. http://www.scps.org. Google Scholar

[30] Cerf V, Burleigh S, Hooke A, et al. Delay-tolerant network-ing architecture: IETFRFC 4838, informational. [S.l.]: Network Working Group, 2007. Google Scholar

[31] Eggert L. Moving the undeployed TCP extensions RFC 1072, RFC 1106, RFC 1110, RFC 1145, RFC 1146, RFC 1379, RFC 1644, and RFC 1693 to historic status. HeiseZeitschriften-Verlag, 2011. Google Scholar

[32] Akyildiz I F, Morabito G, Palazzo S. TCP-Peach: a new congestion control scheme for satellite IP networks. IEEE/ACM Trans Networking, 2001, 9: 307-321 CrossRef Google Scholar

[33] Akan O B, Fang J, Akyildiz I F. TP-Planet: A Reliable Transport Protocol for Interplanetary Internet. IEEE J Sel Areas Commun, 2004, 22: 348-361 CrossRef Google Scholar

[34] Jiong L, Zhigang C, Junaid K M. LIU J, CAO Z G, Kahan M J. TP-Satellite. Google Scholar

[35] Luglio M, Sanadidi M Y, Gerla M. On-Board Satellite "Split TCP" Proxy. IEEE J Sel Areas Commun, 2004, 22: 362-370 CrossRef Google Scholar

[36] Sundararajan J K, Shah D, Médard M. ARQ for network coding. 2008,. arXiv Google Scholar

[37] Barros J, Costa R A, Munaretto D, et al. Effective delay control in online network coding. In: Proceedings of INFOCOM 2009. New York: IEEE, 2009. 208--216. Google Scholar

[38] Chen H, Zhou N, Tong X J, et al. The research on security technology of CCSDS-TC Protocol. J Nanjing Univ (Nat Sci), 2018, 54: 548--554. Google Scholar

[39] Hu Z Y, Du X H, Cao L F. One access authentication architecture and method for software defined space-ground integration net-work. 2019, 36(3). Google Scholar

[40] Ding K, Chen S, Zhu K, et al. Spacecraft IP network design used in integrated space-ground network. Spacecr Eng, 2017, 26: 67--73. Google Scholar

[41] Liu L X. Analysis of architecture and protocol of space-ground integrated information network. J Chongqing Univ Posts Telecommun (Nat Sci Ed), 2018, 30: 9--21. Google Scholar

[42] Liu Z F, Sun Z M, Jia Y P. Research and design of near-space access network protocol based on the space-ground integration information network. J Nanjing Univ (Nat Sci), 2018, 54: 562--570. Google Scholar

[43] Zhang Y S, Sun C H, Gu J J. Research on protocols of space-ground integrated network. Radio Eng, 2018, 48: 178--182. Google Scholar

[44] An J P, Jin S, Xu J, et al. Development and outlook of deep space communication network protocol. J Commun, 2016, 37: 50--61. Google Scholar

[45] Xu M W, Xia A Q, Yang Y, et al. Intra-domain routing protocol OSPF+ for inte-grated terrestrial and space networks. J Tsinghua Univ (Sci Tech), 2017, 57: 12--17. Google Scholar

[46] Lu Y, Zhao Y J, Sun F C, et al. Routing techniques on satellite networks. J Softw, 2014, 25: 1085--1100. Google Scholar

[47] Liu L X. Space-Ground Integrated Network. Beijing: Science Press, 2015. Google Scholar

[48] Spyropoulos T, Psounis K, Raghavendra C S. Spray and wait: an efficient routing scheme for intermittently connected mobile networks. In: Proceedings of ACM SIGCOMM Workshop on De-lay-Tolerant Networking. New York: ACM, 2005. 252--259. Google Scholar

[49] Khouzani M, Eshghi S, Sarkar S. Optimal Energy-Aware Epidemic Routing in DTNs. IEEE Trans Automat Contr, 2015, 60: 1554-1569 CrossRef Google Scholar

[50] Iyengar S, Cruickshank H, Pillai P, et al. Security requirements for IP over satellite DVB networks. In: Proceedings of the 16th IST Mobile and Wireless Communications Summit, 2007. 1--6. Google Scholar

[51] Cruickshank H, Iyengar S, Fan L, et al. Secure composite satel-lite IP multicast architecture for heterogeneous groups. In: Proceedings of the 16th IST Mobile and Wireless Communications Summit, 2007. 1--5. Google Scholar

[52] Liang L, Cruickshank H, Sun Z. TESLA with FLUTE over Satel-lite Networks. In: Proceedings of IEEE International Conference on Communications, 2008. 1919--1915. Google Scholar

[53] Li H, Fan X X, Bi J N, et al. Analysis of security technologies in integrated space-air-ground networks. J China Acad Electron Inform Tech, 2014, 9: 592--597. Google Scholar

[54] Qin Z C, Zhang P, Fan X X, et al. Design of security verification platform for the integrated space-ground network. Chin J Netw Inform Secur, 2016, 2: 39--47. Google Scholar

[55] Li F H, Yin L H, Wu W, et al. Research status and development trends of se-curity assurance for space-ground integration information net-work. J Commun, 2016, 37: 156--168. Google Scholar

[56] Ma Z, Ma J F, Li X H. Provable security model for trusted network connect protocol. Chin J Comput, 2011, 34: 1669-1678 CrossRef Google Scholar

[57] Ji X S, Liang H, Hu H C. New thoughts on security technologies for space-ground inte-gration information network. Telecommun Sci, 2017, 37: 24--35. Google Scholar

[58] Anggorojati B, Mahalle P, Prasao N R, et al. Capabil-ity-based access control delegation model on the federated IoT net-work. In: Proceedings of Symposium on Wireless Personal Multimedia Communications, 2012. 604--608. Google Scholar

[59] Gusmeroli S, Piccione S, Rotondi D. IoT access control issues: a capability based approach. In: Proceedings of the IEEE International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, 2012. 787--792. Google Scholar

[60] Gusmeroli S, Piccione S, Rotondi D. A capability-based security approach to manage access control in the Internet of Things. Math Comput Model, 2013, 58: 1189-1205 CrossRef Google Scholar

[61] Bernabe J B, Ramos J L H, Gomez A F S. TACIoT: multidimensional trust-aware access control system for the Internet of Things. Soft Comput, 2016, 20: 1763-1779 CrossRef Google Scholar

[62] Feng X S, Liu D S, Yue J, et al. Exploration on access control tonear space in-formation resources. Appl Res Comput, 2008, 25: 3702--3704. Google Scholar

[63] Qi H, Ma H, Li J, et al. Access control model based on role and attribute and its applications on space-ground integration networks. In: Proceedings of the IEEE International Conference on Computer Science and Network Technology, 2015. 1118--1122. Google Scholar

[64] Li F H, Wang Y C, Yin L H, et al. Novel cyberspace-oriented access control model. J Commun, 2016, 37: 9--20. Google Scholar

[65] Li F H, Chen T Z, Wang Z, et al. Cross-network access control mechanism for complex network environment. J Commun, 2018, 39: 1--10. Google Scholar

[66] Jha S, Sural S, Vaidya J. Security analysis of temporal RBAC under an administrative model. Comput Security, 2014, 46: 154-172 CrossRef Google Scholar

[67] Yang L, Tang Z, Li R F, et al. Roles query algorithm in cloud computing environ-ment based on user require. J Commun, 2011, 32: 169--175. Google Scholar

[68] Luo J, Wang H, Gong X. A Novel Role-based Access Control Model in Cloud Environments. Int J Comput Intelligence Syst, 2016, 9: 1-9 CrossRef Google Scholar

[69] Li J W, Squicciarini A, Lin D J, et al. SecLoc: securing loca-tion-sensitive storage in the cloud. In: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies, 2015. 51--61. Google Scholar

[70] Zhou L, Varadharajan V, Hitchens M. Trust Enhanced Cryptographic Role-Based Access Control for Secure Cloud Data Storage. IEEE TransInformForensic Secur, 2015, 10: 2381-2395 CrossRef Google Scholar

[71] Zhou L, Varadharajan V, Gopinath K. A Secure Role-Based Cloud Storage System For Encrypted Patient-Centric Health Records. Comput J, 2016, 59: 1593-1611 CrossRef Google Scholar

[72] Xu P, Jiao T, Wu Q. Conditional Identity-Based Broadcast Proxy Re-Encryption and Its Application to Cloud Email. IEEE Trans Comput, 2016, 65: 66-79 CrossRef Google Scholar

[73] Zhang Y, Li J, Chen X. Anonymous attribute-based proxy re-encryption for access control in cloud computing. Security Comm Networks, 2016, 9: 2397-2411 CrossRef Google Scholar

[74] Li J G, Zhao X X, Zhang Y C, et al. Provably secure certificate-based conditional proxy re-encryption. J Inf Sci Eng, 2016, 32: 813--830. Google Scholar

[75] Yang Y, Lu H, Weng J, et al. Fine-grained conditional proxy re-encryption and application. In: Proceedings of International Conference on Provable Security, 2014. 206--222. Google Scholar

[76] Su M, Shi G Z, Xie R N, et al. Multi-element based on proxyre-encryption scheme for mobile cloud computing. J Commun, 2015, 36: 73--79. Google Scholar

[77] Su M, Li F, Shi G. A User-Centric Data Secure Creation Scheme in Cloud Computing. Chin J Electron, 2016, 25: 753-760 CrossRef Google Scholar

[78] Su M, Shi G Z, Fu A M, et al. Proxy re-encryption based multi-factor access control scheme in cloud. J Commun, 2018, 39: 96--104. Google Scholar

  • Table 1   Summary of security threats, protection mechanisms and existing problems
    Security threats Protection mechanisms Goal Existing problems
    Physical layer Physical damage, decep- tion interference and suppression interference caused by attacks such as congestion, tampering and eavesdropping Anti-destructive technolo- gy, anti-deception jamm- ing, anti-suppression jamm- ing, artificial noise, multi-beam communication, etc. Improve the survivability of network Difficult to resist attacks within the system, and have complex synchronization and poor scalability
    Link layer Data leakage caused by attacks such as collision, denial of service, etc. Security mechanisms such as error detection, transm- ission rate restriction, etc. Improve the robustness of link communication Without providing end-to-end network security
    Network layer Network attack such as sybil, replay, wormhole and so on; malicious behavior such as communication analysis, routing information manipulation, etc. Security protocols such as IPSec, SatIPSec, SCPS-SP and security mechanisms such as digital signature, signcryption and decryption, congestion control, etc. Improve the security of network access, connection and switching Only suitable for IP-based networks and incompatible with satellitełinebreak TCP performance enhancement technology
    Transport layer Data tampering and leaking threats caused by SYN attacks, man-in-middle attacks, forgery attacks, etc. TLS, SSL, SCOKS and mechanisms to limit the number of links, customer problems, etc. Improve the ability of network security transmission Lack of support for UDP and multicast security methods
    Application layer Cloning attack, malici- ous code execution, pr- ivilege escalation and malicious use of privacy information, etc. Security protocols such as SFTP, HTTPS, S/MIME, PGP, SSH and key management mechanisms Provide the service security for different application requirements Support user specific applications only

Copyright 2019 Science China Press Co., Ltd. 《中国科学》杂志社有限责任公司 版权所有

京ICP备18024590号-1