网络与信息安全学报 (Aug 2024)

Satellite IoT terminal authentication method based on trust evaluation

  • Minqiu TIAN, Fenghua LI, Zifu LI, Chao GUO

DOI
https://doi.org/10.11959/j.issn.2096-109x.2024051
Journal volume & issue
Vol. 10, no. 4
pp. 37 – 48

Abstract

Read online

Satellite internet of things (satellite IoT) has been utilized to achieve the integration of space-ground, human-thing connection, and information interaction through the satellite communication network and various types of spaceborne and ground terminal devices. It possesses advantages that are boundless in air and unobstructed on ground, as well as characteristics such as large-scale coverage, highly open links, dynamically changing topologies, limited terminal resources, and long communication latency. In order to achieve the safe and efficient utilization of satellite IoT resources, a trust evaluation-based terminal authentication method for satellite IoT was proposed, which could optimize the authentication strategy by evaluating the trust of terminal devices. A trust evaluation mechanism for satellite IoT terminals was proposed for two scenarios: terminals that had recently undergone strong authentication and had been granted credit by strongly authenticated nodes. A dynamically adjusted trust measurement and evaluation model was characterized based on direct trust and indirect trust. Secondly, a trust evaluation-based access authentication protocol for satellite IoT was designed, which adopted a matching authentication mechanism according to the trust degree of the device. This allowed for the simplification of the subsequent authentication process for high-trust devices and provided differential authentication services for different terminal devices under the same authentication strategy framework. The security of the protocol was comprehensively analyzed using non-formal methods and Tamarin formal tools, and the effectiveness of the protocol was verified by experiments. The protocol was shown to be capable of reducing the overall authentication overhead and simplifying the authentication process with trust.

Keywords