|
Space situation awareness (SSA) includes tracking of active and inactive resident space objects and assessing the space environment through sensor data collection and processing. To enhance SSA, the dynamic data-driven application systems framework couples online data with offline models to enhance performance by using feedback control, sensor management, and communications reliability. For information management, there is a need for identity authentication and access control (AC) to ensure the integrity of exchanged data as well as to grant authorized entities access right to data and services. Due to decentralization and heterogeneity of SSA systems, it is challenging to build an efficient centralized AC system, which can either be a performance bottleneck or the single point of failure. Inspired by the blockchain and smart contract technology, we introduce blockchain-enabled, decentralized, capability-based access control (BlendCAC), a decentralized authentication, and capability-based AC mechanism to enable effective protection for devices, services, and information in SSA networks. To achieve secure identity authentication, the BlendCAC leverages the blockchain to create virtual trust zones, in which distributed components can identify and update each other in a trustless network environment. A robust identity-based capability token management strategy is proposed, which takes advantage of the smart contract for registration, propagation, and revocation of the access authorization. A proof-of-concept prototype has been implemented on both resources-constrained devices (i.e., Raspberry Pi nodes emulating satellites with sensor observations) and more powerful computing devices (i.e., laptops emulating a ground network) and is tested on a private Ethereum blockchain network. The experimental results demonstrate the feasibility of the BlendCAC scheme to offer a decentralized, scalable, lightweight, and fine-grained AC solution for space system toward SSA.
|
