国家自然科学基金创新研究群体(61521003)
国家重点研发计划(2016YFB0800100,2016YFB0800101)
国家自然科学基金(61602509)
河南省科技攻关计划(172102210615)
信息工程大学新兴方向培育基金(2016610708)
[1] McKeown N, Anderson T, Balakrishnan H. OpenFlow. ACM SIGCOMM Comput Commun Rev, 2008, 38: 69-74 CrossRef Google Scholar
[2] Hakiri A, Gokhale A, Berthou P. Software-Defined Networking: Challenges and research opportunities for Future Internet. Comput Networks, 2014, 75: 453-471 CrossRef Google Scholar
[3] Han B, Gopalakrishnan V, Ji L S, et al. Network function virtual-ization: challenges and opportunities for innovations. IEEE Commun Mag, 2015, 53: 90--97. Google Scholar
[4] Mijumbi R, Serrat J, Gorricho J L, et al. Management and orches-tration challenges in network functions virtualization. IEEE Commun Mag, 2016, 54: 98--105. Google Scholar
[5] Wu J. Thoughts on the development of novel network technology. Sci Sin-Inf, 2018, 48: 1102-1111 CrossRef Google Scholar
[6] Wu J X. Meaning and vision of mimic compu-ting and mimic security defense. Telecommunications Science, 2014, 30: 2--7. Google Scholar
[7] Wu J X. Introduction to Cyberspace Mimic Defense. Beijing: Science Press, 2017. Google Scholar
[8] Lv P, Liu Q, Wu J. New generation software-defined architecture. Sci Sin-Inf, 2018, 48: 315-328 CrossRef Google Scholar
[9] Zheng G, Ma H T, Cheng C. Design and logical analysis on the access authentication scheme for satellite mobile communication networks. IET Inf Secur, 2012, 6: 6-13 CrossRef Google Scholar
[10] Bayrakdar M E, Atmaca S, Karahan A. A slotted Aloha based random access cognitive radio network and its perfor-mance evaluation. In: Proceedings of the 20th International Conference on Software, Telecommunications and Computer Networks (Soft Com). New York: IEEE, 2012. 1--5. Google Scholar
[11] Xiao N, Liang J, Zhang H Y, et al. A channel access strategy based on cognitive radio for satellite communication network. J Astro-nautics, 2015, 36: 589--595. Google Scholar
[12] Hwang M S, Yang C C, Shiu C Y. An authentication scheme for mobile satellite communication systems. SIGOPS Oper Syst Rev, 2003, 37: 42-47 CrossRef Google Scholar
[13] Xu G Y, Chen X Y, Du X H, et al. New near space security handoff scheme based on content transfer. Comput Sci, 2013, 40: 160--163. Google Scholar
[14] He D, Chen C, Chan S. Secure and Efficient Handover Authentication Based on Bilinear Pairing Functions. IEEE Trans Wireless Commun, 2012, 11: 48-53 CrossRef Google Scholar
[15] Deng Z, Long B, Lin W, et al. GEO satellite communications system soft handover algorithm based on residence time. In: Proceedings of the 3rd International Conference on Computer Science and Network Technology (ICCSNT). New York: IEEE, 2013. 834--838. Google Scholar
[16] Rahman M, Walingo T, Takawira F. Adaptive handover scheme for LEO satellite communication system. In: Proceedings of AFRICON. New York: IEEE, 2015. 1--5. Google Scholar
[17] Zhaofeng W, Guyu H, Seyedi Y, et al. A simple real-time handover management in the mobile satellite communication networks. In: Proceedings of the 17th Asia-Pacific Network Operations and Management Symposium (APNOMS). New York: IEEE, 2015. 175--179. Google Scholar
[18] Sun Y, Ji Z, Wang H. TFRC-Satellite: A TFRC Variant with a Loss Differentiation Algorithm for Satellite Networks. IEEE Trans Aerosp Electron Syst, 2013, 49: 716-725 CrossRef ADS Google Scholar
[19] Hou W, Xian B, Guo L, Et al. Novel routing algorithms in space information networks based on timeliness-aware data mining and time-space graph. In: Proceedings of International Conference on Wireless Communications & Signal Pro-cessing (WCSP). New York: IEEE, 2015. 1--5. Google Scholar
[20] Yavuz A A, Alagz F, Anarim E. SAT05-6: NAMEPS: n-tier satellite multicast security protocol based on signcryption schemes. In: Proceedings of IEEE Globecom, 2006. 1--6. Google Scholar
[21] Sun Y, Ma H. Satellite multi-group key management. In: Proceedings of IEEE 3rd International Conference on Information Science and Technology (ICIST). New York: IEEE, 2013. 894--899. Google Scholar
[22] Elmasri M H, Megahed M H, Elazeem M H A. Design and software implementation of new high performance group key management algorithm for tactical satellite. In: Proceedings of the 33rd Na-tional Radio Science Conference (NRSC). New York: IEEE, 2016. 149--158. Google Scholar
[23] Hu S M X. Classification and key management approaches for space networks security. In: Proceedings of International Conference on An-ti-counterfeiting, Security and Identification, Guiyang, 2008. 127. Google Scholar
[24] Li B, Liu C Y, Zhang Y B, et al. Space-based Information Port and its Mul-ti-information Fusion Application.Journal of CAEIT, 2017, 12: 251--256. Google Scholar
[25] Tian X, Ni M, Shi H J, et al. Hardware implementation of space-based network universal service platform. Comput Syst Appl, 2018, 27: 45--51. Google Scholar
[26] Wang R, Han X D, Wang C, et al.Resources scheduling and cooperative management of space-based information networks. J Commun, 2017, 38: 104--109. Google Scholar
[27] Hu J P, Xu H Z, Li T, et al. Discussion on networked and integrated space-ground in-formation system. J Spacecr TT&C Tech, 2016, 35: 241--252. Google Scholar
[28] Wang C, Han X D, Wang R, et al. Study of key technology for reconfigurable satellite plat-form supporting network interconnection. J Commun, 2017, 38: 83--87. Google Scholar
[29] Space communications protocol standards (SCPS). [2017-08-08]. http://www.scps.org. Google Scholar
[30] Cerf V, Burleigh S, Hooke A, et al. Delay-tolerant network-ing architecture: IETFRFC 4838, informational. [S.l.]: Network Working Group, 2007. Google Scholar
[31] Eggert L. Moving the undeployed TCP extensions RFC 1072, RFC 1106, RFC 1110, RFC 1145, RFC 1146, RFC 1379, RFC 1644, and RFC 1693 to historic status. HeiseZeitschriften-Verlag, 2011. Google Scholar
[32] Akyildiz I F, Morabito G, Palazzo S. TCP-Peach: a new congestion control scheme for satellite IP networks. IEEE/ACM Trans Networking, 2001, 9: 307-321 CrossRef Google Scholar
[33] Akan O B, Fang J, Akyildiz I F. TP-Planet: A Reliable Transport Protocol for Interplanetary Internet. IEEE J Sel Areas Commun, 2004, 22: 348-361 CrossRef Google Scholar
[34] Jiong L, Zhigang C, Junaid K M. LIU J, CAO Z G, Kahan M J. TP-Satellite. Google Scholar
[35] Luglio M, Sanadidi M Y, Gerla M. On-Board Satellite "Split TCP" Proxy. IEEE J Sel Areas Commun, 2004, 22: 362-370 CrossRef Google Scholar
[36] Sundararajan J K, Shah D, Médard M. ARQ for network coding. 2008,. arXiv Google Scholar
[37] Barros J, Costa R A, Munaretto D, et al. Effective delay control in online network coding. In: Proceedings of INFOCOM 2009. New York: IEEE, 2009. 208--216. Google Scholar
[38] Chen H, Zhou N, Tong X J, et al. The research on security technology of CCSDS-TC Protocol. J Nanjing Univ (Nat Sci), 2018, 54: 548--554. Google Scholar
[39] Hu Z Y, Du X H, Cao L F. One access authentication architecture and method for software defined space-ground integration net-work. 2019, 36(3). Google Scholar
[40] Ding K, Chen S, Zhu K, et al. Spacecraft IP network design used in integrated space-ground network. Spacecr Eng, 2017, 26: 67--73. Google Scholar
[41] Liu L X. Analysis of architecture and protocol of space-ground integrated information network. J Chongqing Univ Posts Telecommun (Nat Sci Ed), 2018, 30: 9--21. Google Scholar
[42] Liu Z F, Sun Z M, Jia Y P. Research and design of near-space access network protocol based on the space-ground integration information network. J Nanjing Univ (Nat Sci), 2018, 54: 562--570. Google Scholar
[43] Zhang Y S, Sun C H, Gu J J. Research on protocols of space-ground integrated network. Radio Eng, 2018, 48: 178--182. Google Scholar
[44] An J P, Jin S, Xu J, et al. Development and outlook of deep space communication network protocol. J Commun, 2016, 37: 50--61. Google Scholar
[45] Xu M W, Xia A Q, Yang Y, et al. Intra-domain routing protocol OSPF+ for inte-grated terrestrial and space networks. J Tsinghua Univ (Sci Tech), 2017, 57: 12--17. Google Scholar
[46] Lu Y, Zhao Y J, Sun F C, et al. Routing techniques on satellite networks. J Softw, 2014, 25: 1085--1100. Google Scholar
[47] Liu L X. Space-Ground Integrated Network. Beijing: Science Press, 2015. Google Scholar
[48] Spyropoulos T, Psounis K, Raghavendra C S. Spray and wait: an efficient routing scheme for intermittently connected mobile networks. In: Proceedings of ACM SIGCOMM Workshop on De-lay-Tolerant Networking. New York: ACM, 2005. 252--259. Google Scholar
[49] Khouzani M, Eshghi S, Sarkar S. Optimal Energy-Aware Epidemic Routing in DTNs. IEEE Trans Automat Contr, 2015, 60: 1554-1569 CrossRef Google Scholar
[50] Iyengar S, Cruickshank H, Pillai P, et al. Security requirements for IP over satellite DVB networks. In: Proceedings of the 16th IST Mobile and Wireless Communications Summit, 2007. 1--6. Google Scholar
[51] Cruickshank H, Iyengar S, Fan L, et al. Secure composite satel-lite IP multicast architecture for heterogeneous groups. In: Proceedings of the 16th IST Mobile and Wireless Communications Summit, 2007. 1--5. Google Scholar
[52] Liang L, Cruickshank H, Sun Z. TESLA with FLUTE over Satel-lite Networks. In: Proceedings of IEEE International Conference on Communications, 2008. 1919--1915. Google Scholar
[53] Li H, Fan X X, Bi J N, et al. Analysis of security technologies in integrated space-air-ground networks. J China Acad Electron Inform Tech, 2014, 9: 592--597. Google Scholar
[54] Qin Z C, Zhang P, Fan X X, et al. Design of security verification platform for the integrated space-ground network. Chin J Netw Inform Secur, 2016, 2: 39--47. Google Scholar
[55] Li F H, Yin L H, Wu W, et al. Research status and development trends of se-curity assurance for space-ground integration information net-work. J Commun, 2016, 37: 156--168. Google Scholar
[56] Ma Z, Ma J F, Li X H. Provable security model for trusted network connect protocol. Chin J Comput, 2011, 34: 1669-1678 CrossRef Google Scholar
[57] Ji X S, Liang H, Hu H C. New thoughts on security technologies for space-ground inte-gration information network. Telecommun Sci, 2017, 37: 24--35. Google Scholar
[58] Anggorojati B, Mahalle P, Prasao N R, et al. Capabil-ity-based access control delegation model on the federated IoT net-work. In: Proceedings of Symposium on Wireless Personal Multimedia Communications, 2012. 604--608. Google Scholar
[59] Gusmeroli S, Piccione S, Rotondi D. IoT access control issues: a capability based approach. In: Proceedings of the IEEE International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, 2012. 787--792. Google Scholar
[60] Gusmeroli S, Piccione S, Rotondi D. A capability-based security approach to manage access control in the Internet of Things. Math Comput Model, 2013, 58: 1189-1205 CrossRef Google Scholar
[61] Bernabe J B, Ramos J L H, Gomez A F S. TACIoT: multidimensional trust-aware access control system for the Internet of Things. Soft Comput, 2016, 20: 1763-1779 CrossRef Google Scholar
[62] Feng X S, Liu D S, Yue J, et al. Exploration on access control tonear space in-formation resources. Appl Res Comput, 2008, 25: 3702--3704. Google Scholar
[63] Qi H, Ma H, Li J, et al. Access control model based on role and attribute and its applications on space-ground integration networks. In: Proceedings of the IEEE International Conference on Computer Science and Network Technology, 2015. 1118--1122. Google Scholar
[64] Li F H, Wang Y C, Yin L H, et al. Novel cyberspace-oriented access control model. J Commun, 2016, 37: 9--20. Google Scholar
[65] Li F H, Chen T Z, Wang Z, et al. Cross-network access control mechanism for complex network environment. J Commun, 2018, 39: 1--10. Google Scholar
[66] Jha S, Sural S, Vaidya J. Security analysis of temporal RBAC under an administrative model. Comput Security, 2014, 46: 154-172 CrossRef Google Scholar
[67] Yang L, Tang Z, Li R F, et al. Roles query algorithm in cloud computing environ-ment based on user require. J Commun, 2011, 32: 169--175. Google Scholar
[68] Luo J, Wang H, Gong X. A Novel Role-based Access Control Model in Cloud Environments. Int J Comput Intelligence Syst, 2016, 9: 1-9 CrossRef Google Scholar
[69] Li J W, Squicciarini A, Lin D J, et al. SecLoc: securing loca-tion-sensitive storage in the cloud. In: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies, 2015. 51--61. Google Scholar
[70] Zhou L, Varadharajan V, Hitchens M. Trust Enhanced Cryptographic Role-Based Access Control for Secure Cloud Data Storage. IEEE TransInformForensic Secur, 2015, 10: 2381-2395 CrossRef Google Scholar
[71] Zhou L, Varadharajan V, Gopinath K. A Secure Role-Based Cloud Storage System For Encrypted Patient-Centric Health Records. Comput J, 2016, 59: 1593-1611 CrossRef Google Scholar
[72] Xu P, Jiao T, Wu Q. Conditional Identity-Based Broadcast Proxy Re-Encryption and Its Application to Cloud Email. IEEE Trans Comput, 2016, 65: 66-79 CrossRef Google Scholar
[73] Zhang Y, Li J, Chen X. Anonymous attribute-based proxy re-encryption for access control in cloud computing. Security Comm Networks, 2016, 9: 2397-2411 CrossRef Google Scholar
[74] Li J G, Zhao X X, Zhang Y C, et al. Provably secure certificate-based conditional proxy re-encryption. J Inf Sci Eng, 2016, 32: 813--830. Google Scholar
[75] Yang Y, Lu H, Weng J, et al. Fine-grained conditional proxy re-encryption and application. In: Proceedings of International Conference on Provable Security, 2014. 206--222. Google Scholar
[76] Su M, Shi G Z, Xie R N, et al. Multi-element based on proxyre-encryption scheme for mobile cloud computing. J Commun, 2015, 36: 73--79. Google Scholar
[77] Su M, Li F, Shi G. A User-Centric Data Secure Creation Scheme in Cloud Computing. Chin J Electron, 2016, 25: 753-760 CrossRef Google Scholar
[78] Su M, Shi G Z, Fu A M, et al. Proxy re-encryption based multi-factor access control scheme in cloud. J Commun, 2018, 39: 96--104. Google Scholar
Security threats | Protection mechanisms | Goal | Existing problems | |
Physical layer | Physical damage, decep- tion interference and suppression interference caused by attacks such as congestion, tampering and eavesdropping | Anti-destructive technolo- gy, anti-deception jamm- ing, anti-suppression jamm- ing, artificial noise, multi-beam communication, etc. | Improve the survivability of network | Difficult to resist attacks within the system, and have complex synchronization and poor scalability |
Link layer | Data leakage caused by attacks such as collision, denial of service, etc. | Security mechanisms such as error detection, transm- ission rate restriction, etc. | Improve the robustness of link communication | Without providing end-to-end network security |
Network layer | Network attack such as sybil, replay, wormhole and so on; malicious behavior such as communication analysis, routing information manipulation, etc. | Security protocols such as IPSec, SatIPSec, SCPS-SP and security mechanisms such as digital signature, signcryption and decryption, congestion control, etc. | Improve the security of network access, connection and switching | Only suitable for IP-based networks and incompatible with satellitełinebreak TCP performance enhancement technology |
Transport layer | Data tampering and leaking threats caused by SYN attacks, man-in-middle attacks, forgery attacks, etc. | TLS, SSL, SCOKS and mechanisms to limit the number of links, customer problems, etc. | Improve the ability of network security transmission | Lack of support for UDP and multicast security methods |
Application layer | Cloning attack, malici- ous code execution, pr- ivilege escalation and malicious use of privacy information, etc. | Security protocols such as SFTP, HTTPS, S/MIME, PGP, SSH and key management mechanisms | Provide the service security for different application requirements | Support user specific applications only |