Controllable and Anonymous Authentication Scheme for Space Networks

This paper analyzed the existing anonymous authentication schemes which have the weakness of high calculation and communication cost and weak security. So we designed a secure and efficient anonymous authentication scheme to meet the need of the space network, which has the characteristic of resource limited, high exposure and intermittent connectivity. At first we proposed a signature algorithm based on certificateless public key cryptosystem and one-off public key, and then presented an anonymous authentication scheme according to the proposed signature algorithm, it needs two message interaction to complete the mutual authentication and key agreement. When the user has the illegal behavior, the service provider can reveal the illegal user’s real identity through cooperation with the trusted center. Compared with the similar literature, the proposed scheme achieves high security with low computation and communication cost. (Abstract)


Introduction
The space network structures with double plane of heaven and earth, which is based on the ground network and expanding with space-based network.The network consists of space-based backbone network, space-based access network, ground-based node network [1], so it has characteristics of heterogeneity, intermittent connectivity and high exposure.Compared with the traditional network, the space network is more easily attacked by eavesdropping, tampering and replay attack.The deployment of access authentication and privacy protection for the security of the space network is essential [2].The space network of highly exposure makes it necessary for user real identity authentication when it needs to use the space network service.At the same time, network authentication needs to achieve anonymity and traceability in order to prevent the disclosure of privacy.What's more, it is necessary to reduce the computational overhead of the user and service provider for the resource limited space networks [2].Last but not the least, the need to reduce the message length and minimize the number of interactions should also be considered for the characteristics of intermittent connectivity.Scholars at home and abroad have done a lot of research on anonymous authentication in the wireless networks.Liu et al. [3] proposed an anonymous authentication scheme using certificateless public key cryptosystem to achieve mutual authentication using MAC, and it used bilinear pairing to build the user index to achieve the connection between user identity and the index.Shim [4] presented a signature algorithm for vehicular sensor networks based on bilinear pairings, and a mutual authentication scheme was presented based on the algorithm, but it still required a large amount of calculation and had the key escrow problem.Hsieh et al. [5] proposed an anonymous protocol using self-certified public key technology and bilinear pairing for mobile user, the user and the service provider needed three message interaction to realize authentication and key agreement, but a lot of calculation was required.Amin et al. [6] pointed out the shortage of Hsieh's protocol that cannot resist the server spoofing attack and unable to hide the true identity of the user, but Amin's scheme needed a trusted third party in the authentication process.He et al. [7] used self-certified public key mechanism to realize the anonymity of user authentication, and mutual authentication was achieved by verifying the non-forged messages, but the scheme did not achieve malicious user identity tracking and recovery, and the three information interaction increased the communication pressure.Zhou et al. [8] proposed a controllable roaming authentication protocol for heterogeneous wireless network which achieved anonymity, authentication and user tracking using one-off public key and signature algorithm, but using bilinear to track the true identity of the user required a large amount of computational overhead.Wan et al. [9] proposed an anonymous authenticated key agreement protocol based on trusted computing, the user constructed dynamic identity using random number to realize the anonymity and untraceability every time, but it is essential to use smart card and biometric information to design the protocol.Zhou et al. [10] designed an anonymous authentication scheme that a server needs 1 rounds of message exchange to authenticate the user's real identity, the scheme can track the true identity of the illegal user with the help of home server, but there are complex certificate storage and calculation pressure using mobile trusted module technology to verify the trusted terminal.
Aimed at the problems of the existing anonymous authentication scheme, this paper proposes a secure and efficient anonymous authentication scheme which is suitable for the space network.It uses the certificateless public key cryptosystem to overcome the key escrow problem, and designs a one-off public key signature algorithm to realize efficient authentication, uses pseudonyms to achieve anonymous authentication, and tracks the true identity of the illegal user through the interaction with the trusted center.

Preliminaries 2.1 Bilinear Maps
Let l be a security parameter, q is a prime number of l bit , 1 G represents a cyclic additive group of order q , T G represents a cyclic multiplicative group of the same order, P is a generator of 1 G , Q is a generator of 1 G , we call map e :

System Model
In space networks, the system model is composed of space-based access network, space-based backbone networks, ground-based node network and base station (BS).As shown in Figure 1.The base station completes the work of system setup and key generation.Ground nodes makes an anonymous access request to the spacebased network nodes when it's in the space-based network node's coverage range.Then ground nodes and space-based network nodes can communicate safely with each other after mutual authentication and key establishment.

Algorithm Design
Our algorithm contains 5 polynomial time algorithms including system setup, partial private key generation, user key generation, sign and verification.

System Setup
System setup key generation G and cyclic multiplicative group using security parameter k , and bilinear mapping

Partial Private Key Generation
The user A has the real identity of

User Key Generation
The user A generates the whole private key ( , ) A A x D when it received the massage transmitted from the KGC.And then A check the equation ( ) x D P R P PID to verify the correctness of the private key.After verification user A randomly chooses * q z Z and sets 1 ( ) A P zR and 3 P z PID P .User A transmits 1 2 3 ( , , ) P P P to other side B.

Sign
The user A randomly picks * q a Z and computes N aP )

Anonymity
At first, the public key and signature contain user's pseudonym other than the real identity of user at the interactive process of algorithm to ensure the anonymity of the algorithm.Secondly, in the process of the one-off public key, the user uses random selection of data to build the public key, so the attacker cannot connect the public key with the user.The algorithm achieves complete anonymity.

Traceability of Anonymous User
Assuming that the user is compromised by the adversary into a malicious user, the other party B can communicate with the trusted center KGC to achieve the tracking of malicious users A. B transmits the pseudonym of user A PID to the KGC, KGC can recover the real identity of malicious through 0 ( , )

O
. The algorithm can achieve efficient revocation of the real identity of malicious users.

Key Escrow
The algorithm is based on certificateless public key cryptosystem, the user's full private key consists of ( , ) is equivalent of solving discrete logarithm problem on elliptic curve group, so the KGC cannot get the full private key of user achieving the security of no key escrow.

Unforgeability
At first, the legal user can not forge the public key and signature.After the public key verification, the public key is proved to contain the system master key.After the signature verification, it is proved that the signature contains the system master key, so the signature is legal and cannot be forged.Secondly, the one-off public key cannot be forged.The signature cannot pass the verification if 1 P is forged, it cannot pass the public key verification if 2 3 , P P are forged.
The illegal user can not forge the public key and signature.The illegal user randomly picks P bP , ' 3 3 P bP .Obviously it can pass the public key verification, but it cannot get legal private key ( , ) A A x D to compute the signature.As a result of getting ( ) x D through ' 1 ( ) P aP , obviously it can pass the public key verification, but it cannot construct valid signature through the forged private key.We can draw the conclusion that whether legal users or illegal users can not forge valid public key and signature.

Certificateless Anonymous Authentication Scheme
We propose an anonymous authentication scheme for space networks based on certificateless cryptosystem and one-off public key, as shown in Figure 2. The trusted base station completes system initialization and key generation in advance, then the user completes mutual anonymous authentication process with the access service satellite.
ITA 2017 v Z as the private key and sets AS P vP as the public key.

Access Authentication
The first step, the user A in the space network randomly picks * q z Z , and computes the one-off public The third step, the user A verifies the freshness of the timestamp.After verification it decrypts the message EM using k .By comparing AS T to prevent the message from being tampered, by comparing A P to verify the identity of AS.After that the session key is A AS K aM abP .

Repeated Authentication and Key Update
When the same user makes the access request to the same access service satellite, they realize fast and efficient authentication and update the session key according to the following steps.
The first step, the user A in the space network randomly picks ( ) , and then sends ( , , ) The second step, the AS computes 3 ( ) k H vN when it receives the message, and decrypts the message to verify the freshness of the timestamp.If the timestamp is invalid, rejects, otherwise it can get The third step, the user A verifies the freshness of the timestamp at first.After that it decrypts the message EM using k .By comparing AS T and A P to verify the AS.If it passes, updates the session key ' ' ' A AS K aM abP .

Traceability of Malicious User
In the process of access authentication, the access service satellite can recover the real identity of the malicious user through the communication with the trusted base station when it finds the malicious behavior of the user, so our scheme realizes the traceability of the malicious user.The AS sends the identity PID to the

Anonymity
In the entire process of authentication, the user's pseudonym is transmitted other than the real identity, so our scheme realizes user identity privacy protection.

Mutual Authentication
In the first access authentication process, the AS can verify the user A through the one-off public key verification and signature verification to avoid forgery attack.( ) L that can pass the repeated authentication list.

Session Key Security
In this scheme, the intermediate parameters have strong timeliness and the session key is independent and unique which determined by both sides of communication using random number, the attacker cannot obtain session key information from the previous message, so our scheme achieves forward security, known session key security and key control security, and this scheme realizes no key escrow based on certificateless cryptosystem.

Performance Comparison
This paper compares the first authentication scheme, the repeated authentication scheme and some existing authentication schemes in authentication efficiency (as shown in Table 1) and security (as shown in Table 2).
Compared with [5] [6], our scheme has lower computational overhead, the interaction time is less, and the communication cost is relatively lower.In terms of security, the [5] scheme cannot resist identity guessing attack, and a trusted center is not able to achieve recovery of the real identity of the user in the two schemes.Compared with the literature [7], although our authentication scheme has more multiplication in group, there is no exponentiation operation, so the total computational cost is relatively low, and the message interaction time is less leading to low communication overhead.In terms of security, our scheme realizes traceability.There is a large number of hash operations in the [8], and the scheme needs to consume 2n bilinear pairing operation to realize the recovery of the malicious user in the worst case (n is the number of registered users in the trusted center).Although our scheme's computational overhead is relatively large in the first authentication, there is no need to construct one-off public key and signature algorithm in the repeated authentication, and requires only one hash operation in the realization of a malicious user identity tracking which greatly reduces the computational overhead, and computational overhead of user is less than the server.All these properties meet the characteristics of resource limited for the space network.
In terms of communication cost, our scheme only needs two interactive messages, and the message length is short which suitable for the characteristics of intermittent connectivity.In terms of security, our scheme achieves user anonymity, key escrow security and mutual authentication which can protect the communication security in the space network of highly exposure.

Conclusion
Most of the existing anonymous authentication schemes are aimed at heterogeneous wireless networks and vehicular ad hoc networks which cannot meet the requirements of high security and low power consumption.In this paper, we design a one-off public key and signature algorithm based on certificateless cryptography, and propose an efficient secure anonymous authentication scheme according to the proposed algorithm.It needs two message interaction between the user and the access satellite and one signature algorithm to complete the first authentication, and uses repeated authentication list to achieve efficiently repeated authentication.What's more, our scheme can realize anonymity revocation of malicious user through interaction with the trusted center.
Comparative results show that our scheme achieves high efficiency while ensuring anonymity, mutual authentication, no key escrow, traceability and session key security which is more suitable for deployment in highly exposed and resource limited space networks.

Figure 1 .
Figure 1.Anonymous authentication model for space networksThe trusted center KGC generates cyclic additive group 1 e P P H H public and keeps the master key O secret.
pseudonym.The KGC builds the connection between PID and RID , and then computes the partial private key A A D y PID O .In the end, theKGC transmits ( , , )A A R D PID to the user A through the secure channel.
represents the message.The user A transmits ( , ) N S V and M to the other side B.
e P P e P P to verify the validity of one-off public key, as a result of 1 2 e z x D P P e z x P y P PID P P e zR z PID P P e P P e P P .The user A is a legal user verified buy the trusted center who has the system master key after the verification.And then it computes 1 ( , ) h H N M and verifies the validity of signature through 1 ( ) S P h N P , if the equation holds, outputs true, otherwise false.

T
second step, the AS verifies the validity of timestamp when it receives the message.If the timestamp is fresh, then AS verifies the validity of the public key according to section 3.1.After verification the AS computes 3 ( ) k H vN , and gets 0 and Num represents authentication times, die T represents expiration time.In the end, and EM to the user A.

T
i PID and i L to check the repeated authentication list RA L whether exists the corresponding item, if there is one item in the list, the AS checks the die T .If all these verification pass, the user A passes the and EM to the user A.