CCSDS-TC协议安全技术分析研究

南京大学学报(自然科学版) ›› 2018, Vol. 54 ›› Issue (3): 548–554.

CCSDS-TC协议安全技术分析研究

陈红1，周钠2，佟晓筠1*，刘杰1*

出版日期:2018-05-23 发布日期:2018-05-23
作者简介:1. 哈尔滨工业大学（威海），威海，264209； 2. 中国空间技术研究院通信卫星事业部，北京，100081
基金资助:
2017威海市大学共建项目, 国家军口863项目子课题(J863JY011)

The Research on Security Technology of CCSDS-TC Protocol

Chen Hong1, Zhou Na2, Tong Xiaojun1, Liu Jie1*

Online:2018-05-23 Published:2018-05-23
About author:1. Harbin Institute of Technology, Weihai, 264209, China; 2. China Academy of Space Technology, Beijing, 100081, China

摘要/Abstract

摘要： 由于空间链路固有的开放性，国际空间数据系统咨询委员会（Consultative Committee for Space Data Systems，CCSDS）建立的空间数据系统面临着窃听、篡改、伪装等安全威胁，因此研究CCSDS空间数据系统链路层的安全协议和安全技术具有十分重要的意义。本文研究了基于CCSDS空间通信系统链路层遥控（Telecommand , TC）协议采用的加密，认证及认证加密等安全技术，分析了TC协议为用户提供的服务，TC使用的协议数据单元和协议执行规程，研究了空间数据链路安全（Space Data Link Security，SDLS）协议为CCSDS链路协议提供的加密、认证和认证加密等安全服务的原理和协议执行规程，并利用OPNET网络仿真平台对使用SDLS协议的TC协议的协议规程进行了实现与仿真，验证了通过SDLS协议将安全技术应用于TC协议的正确性和可行性。结果表明，SDLS协议采用的加密，认证及认证加密等安全技术可以为CCSDS链路层的协议提供安全防护，为真实的空间通信网络的通信安全提供技术支持和重要保障。

Abstract: Owing to the inherent openness of the spatial links, Consultative Committee for Space Data Systems (CCSDS) space communication system is faced with security threats such as eavesdropping, tampering and camouflage. It is significant to study the security protocol and security technology of link layer in CCSDS. Firstly, this paper studies the security technology such as encryption technology, authentication technology and authentication encryption technology based on Telecommand（TC） space data link protocol of CCSDS space communication system. This paper also analyzes the services for users provided by TC protocol, the protocol data unit of TC protocol and the protocol implementation procedures. Then, this paper researches the security services such as encryption service, authentication service and authentication encryption service provided by Space Data Link Security (SDLS) protocol for the CCSDS link layer and protocol execution procedures of SDLS. The implementation and simulation of the TC protocol with SDLS protocol are carried out and TC services such as virtual channel packet extraction and virtual channel multiplexing are conducted by using OPNET network simulation platform, which supports object-oriented modeling and provides finite state machines to model protocols and other processes. The correctness and feasibility of applying security technology such as AES encryption technology, SHA-256 authentication technology and GCM authentication encryption technology to TC protocol through SDLS protocol are verified. The results show that the security technology such as encryption, authentication and authentication encryption used in the SDLS protocol can provide security protection for the CCSDS link layer protocol. The encryption technology, authentication technology and authentication encryption technology provide security technical support and indispensable security guarantee for real space communication network.

陈红1，周钠2，佟晓筠1*，刘杰1*. CCSDS-TC协议安全技术分析研究[J]. 南京大学学报(自然科学版), 2018, 54(3): 548–554.

Chen Hong1, Zhou Na2, Tong Xiaojun1, Liu Jie1*. The Research on Security Technology of CCSDS-TC Protocol[J]. Journal of Nanjing University(Natural Sciences), 2018, 54(3): 548–554.

参考文献

[1] CCSDS. Security threats against space missions. CCSDS 350.1-G-2. Washington, DC, USA: CCSDS Secretariat, National Aeronautics and Space Administration, 2015. [2] CCSDS. The application of CCSDS protocols to secure systems. CCSDS 350.0-G-2. Washington, DC, USA: CCSDS Secretariat, National Aeronautics and Space Administration, 2006. [3] CCSDS. Space data link security protocol. CCSDS 355.0-B-1. Washington, DC, USA: CCSDS Secretariat, National Aeronautics and Space Administration, 2015. [4] CCSDS. TC space data link protocol. CCSDS 232.0-B-3. Washington, DC, USA: CCSDS Secretariat, National Aeronautics and Space Administration, 2015. [5] CCSDS. TM space data link protocol. CCSDS 132.0-B-2. Washington, DC, USA: CCSDS Secretariat, National Aeronautics and Space Administration, 2015. [6] CCSDS. AOS space data link protocol. CCSDS 732.0-B-3. Washington, DC, USA: CCSDS Secretariat, National Aeronautics and Space Administration, 2015. [7] Daemen J, Rijmen V. The design of rijndael: AES—the advanced encryption standard. Berlin, Heidelberg: Springer-Verlag, 2002, 48-54. [8] Coppersmith D. The Data Encryption Standard (DES) and its strength against attacks. IBM Journal of Research and Development, 1994, 38(3): 243-250. [9] CCSDS. CCSDS cryptographic algorithms. CCSDS 352.0-B-1. Washington, DC, USA: CCSDS Secretariat, Space Communications and Navigation Office, Space Operations Mission Directorate, NASA Headquarters, 2012. [10] Secure Hash Standard. Federal Information Processing Standards. FIPS PUB 180-4, 2012. [11] Rogaway P, Bellare M, Black J, et al. OCB: A block-cipher mode of operation for efficient authenticated encryption. In: Proceedings of the 8th ACM conference on Computer and Communications Security. Philadelphia, PA, USA: ACM, 2001: 196-205. [12] Guo X, Karri R. Low-Cost Concurrent Error Detection for GCM and CCM. Journal of Electronic Testing, 2014, 30(6):725-737. [13] Bellare M, Rogaway P, Wagner D. The EAX mode of operation. In: Roy B, Meier W. Fast Software Encryption. Springer Berlin Heidelberg, 2004: 389-407. [14] Dworkin M. Recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) and GMAC. NIST special publication 800-38D. Gaithersburg, Maryland, USA: NIST, 2007. [15] Alomair B, Poovendran R. Efficient Authentication for Mobile and Pervasive Computing. IEEE Transactions on Mobile Computing, 2015, 13(3):469-481. [16] Gong C Q, Yang Y H. Research on the authenticated encryption technology in CCSDS. In: International Conference on Applied Informatics and Communication. Xi’an, China: Springer, 2001: 322-324.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed