Distributed Capability Based Dynamic Path Authorization Scheme for SDSIN

Integrating the Software-Defined Network to Space Information Network will enhance the management capability and improve the service quality of the classical satellite networks, whereas the researches on authorization for the promising Software-Defined Space Information Network (SDSIN) are still in its infancy. In this paper, we propose distributed capability-based dynamic path authorization scheme for SDSIN, including the time-sensitive path capability list design and the mutual proxy signature-based authorization algorithm design. Owing to the time-sensitive path capability list, the path permission for legitimate Satellite Terminals (STs) can be dynamically granted and revoked consistent with the highly dynamic topology in SDSIN. And due to the mutual proxy signature-based authorization algorithm, legitimate STs spatial access path to services can be strictly restricted on the specific satellite nodes in SDSIN. By using the security analysis, we prove that proposed scheme can meet all the security requirements of authorization, especially endowing STs with the capability to refuse the malicious satellite's path permission and ensuring the verification to be executed seamless. Moreover, through numerically analysis, we demonstrate that the proposed scheme has little impact on users’ experience, as limiting the computation overhead and interactive overhead to milliseconds.