A mutual authentication and key update protocol in satellite communication network

Satellite communication networks have been widely used to provide essential communication services, including voice communication, global positioning, message communication, etc. However, sorts of network attacks are easy to be launched in these networks due to the limited computation capability and communication width, long communication delay, and intermittent link connection. In this paper, we first propose a new [E]ncryption-based [M]utual [A]uthentication and [K]ey [U]pdate (EMAKU) protocol in satellite communication networks. Next we analyze the security of the EMAKU protocol under two classic network attacks which are replay attack and man-in-the-middle attack. Finally, experiments show that the EMAKU protocol is 21.5% faster than the traditional encryption-based authentication protocols, and the average time of key update of the EMAKU protocol is about 450.01 ms.


Introduction
With the increasing development of communication technology, satellite communication systems are becoming more and more prevalent [1][2][3][4][5][6][7]. They can provide a variety of essential communication services, including voice communication, global positioning, and message communication [8][9][10][11]. These systems usually have to face serious network attacks, such as replay attack or man-in-the-middle attack, because the computation capability and communication width are limited [12], the communication delay is long [13], and the link connection is intermittent [14]. Therefore, a secure satellite communication network is difficult to be built for satellite communication systems.
The essential method to guarantee the security of satellite communication networks is to authenticate each new satellite when it launches into the network and exchange a key among the satellites and the on-ground base stations. Several authentication and key agreement schemes have been proposed to provide security assurance in satellite communication networks. For instances, Wullems et al. [15] proposed a public key cryptosystem-based authentication protocol to improve the security of satellite systems. However, the protocol was unidirectional, so it cannot meet the requirement of mutual authentication. Cruickshank et al. [16] designed a mutual authentication protocol between endpoints and satellites. But the designed protocol had a high maintenance cost and a high failure risk. Sasaki et al. [17] put forward a double-layered inclined orbit constellation to improve the robustness of satellite communication network. But they did not consider the security for the network. Zhang et al. [18] proposed a low-earth orbit satellite and group key agreement protocol based 3GPP authentication and key agreement protocol. But they did not consider key update cases. Zhu et al. [19] proposed an entity authentication and access control scheme in satellite communication networks, but the protocol is not suitable for authentication among satellites.
The main contributions of this paper are summarized as follows: The rest of the paper is organized as follows. In Section 2, we mainly discuss the related works of authentication protocols and architectures in satellite communication networks. In Section 3, we describe the preliminaries. In Section 4, we discuss the models and goals of this paper. In Section 5, we describe the mutual authentication and key update protocol. In Section 6, we analyse the security and performance of the proposed protocol. In the last section, we summarize the paper.

Related works
There are various of authentication and key exchange protocols designed for authenticating entities in wireless communication networks. For instance, Lu et al. [20] proposed an authentication and key agreement protocol based on 3GPP authentication and key agreement protocol. But it is not suitable to use in satellite networks due to its huge resources requirement. Zeng et al. [21] also proposed an efficient anonymous user authentication protocol for mobile Internet of things. However, it took too much computation cost if it was directly used in satellite communication networks. Lin et al. [22] proposed an efficient dynamic authentication protocol. It reduced space storage and key management complexity without using verification table. But the computation cost of the protocol is too heavy to be deployed in satellites with limited computation resources.
There are also several authentication protocols designed for authenticating entities in satellite communication networks. For example, Chang et al. [23] proposed an authentication and key agreement protocol in the satellite communication networks. This protocol aimed to authenticate between endpoints and satellites. Unfortunately, it is difficult to be practical for mutual authentication among satellites. Lee et al. [24] presented an entity authentication protocol which made use of static and dynamic identities in a verification table to lower computation cost. However, the proposed protocol was not secure when the verification table is leaked. Zhibo et al. [25] put forward an end-to-end authentication protocol in the satellite communication networks. This protocol was proposed on the Internet key exchange (IKE) protocol. However, the computation cost of the proposed protocol was heavier than that of the authentication protocols based on private key cryptography, since the fundamental IKE protocol applied public key cryptography.
In summary, the existing works cannot meet all the requirements of security, efficiency, and limited computation and storage cost for mutual authentication and key update for satellites communication and satellite-endpoint communication, simultaneously.

Preliminaries
In this paper, we modify a reliable maintenance protocol proposed in [26] to update secret encryption and integrity keys between Ground Control Center (GCC) and satellites. Here the specification of the reliable maintenance protocol is shown in Figure 1, where the Enc is an encryption algorithm that can resist against chosen plain text attack, and MAC is a message authentication code algorithm that is secure under chosen message attack.
The reliable maintenance protocol mainly contained two steps. In the first step, mutual authentication between GCC and a satellite that neighbours to the targeted satellite required to update an encryption key CK and an integrity key IK. In the second step, the GCC passes new keys to the targeted satellite via two secure communication channels which are (1) between GCC and the neighbouring satellite, and (2) between the neighbouring satellite and the targeted satellite. Our key update protocol is based on the reliable maintenance protocol. Figure 2 depicts the system model of satellite communication networks. It consists of User Terminals(UT), GCC, GEO satellites and LEO satellites. Since LEO satellite networks cannot keep connection with GCC all the time, and parts of GEO satellites are out of the communication range with GCC, it is of great importance to build a secure satellites-satellites communication channel by which GCC can communicate with every GEO and LEO satellite. Here, each pair of neighbouring GEO/LEO satellites is assumed to have a communication channel. Specifically, each GEO satellite can communicate with LEO satellites when the LEO satellites run into the communication range.

System model
• GEO satellites. A GEO satellite GV is regarded as a 3tuple < n GV , s GV , c GV >, where n GV is the number of GEO satellites, s GV stands for the security parameter, and c GV represents the control information for GEO satellites. • LEO satellites. LV represents a LEO satellite, which can be denoted by a 3-tuple < n LV , s LV , c LV >. Here n LV is the number of LEO satellites, s LV stands for the security parameter, and c LV represents the control information for LEO satellites. • GCC. GCC mainly contain an identity management module, a control module and a security module.  and LE denotes an LEO-LEO satellite communication channel as an edge in the graph. • Communication. Send denotes message that is delivered from an entity to other one. • Authentication. Auth denotes the authentication protocol between two entities in satellite communication networks. That is, an authentication protocol between two GV-GV, or two LV-LV, or GV-LV, or GCC-GV.
In this paper, the proposed protocol can be divided into two parts: mutual authentication and key update. The mutual authentication is among satellites, and between satellite and GCC. The key update is accomplished by three components of the GCC, GEO satellite and LEO satellite. The procedure is start with the GCC. More concretely, the GCC Send messages to the GEO satellite, and then the GEO satellite Send messages to the LEO satellite.

Threat model
The threat is presumed to have the ability of launching active attacks such as replay attack or man-in-themiddle attack, etc. Specifically, since the communication channels of the satellite communication networks are wireless, all the messages received can be regarded as generating or forwarding by adversaries theoretically. In other words, messages occur on any satellite communication channels can be assumed to be intercepted or replaced by adversary.

Goal and challenge
Our goal is to build three secure satellite communication channels (1) between UT and GCC, (2) between two GEO/LEO satellites, and (3) update CK and IK between GCC and a GEO/LEO satellite, in the satellite communication networks defined in the system model under various attacks defined in the threat model.
There are three challenges to attain our goal in satellite communication networks. First, the computational and bandwidth resources of satellite communication networks are limited. Second, each satellite communication channel is public and vulnerable to be attacked. Third, the topology of LSN is not stable from the viewpoint of GCC.

An encryption-based mutual authentication and key update protocol in satellite communication networks
In this section, we first propose two mutual authentication sub-protocols to establish secure communication channels (1) among satellites and (2) between satellite and GCC. Next, we propose a key update sub-protocol for updating the CK and IK for LEO satellites.

Mutual authentication between a GEO/LEO satellite and the GCC
GEO/LEO satellites utilize the symmetric keys, which are used for authenticating Auth. Specifically, the former satellite executes the symmetry K G i for itself, and the symmetric key K G ij utilized for authentication between satellites is presented by the GCC. The symmetric key is sent by the original satellite first, when the satellite in orbit received the key, it executes the authentication process through the key K G ij . The protocol specification is shown in Figure 3, and the process is depicted in algorithm 1. A detailed description is shown as follows. Send AuthMessage to ID G i 10: generates sk||CK||IK 11: else 12: return fail 13: ID G i Compute XMAC 14: if MAC == XMAC then 15: generates sk||CK||IK 16: return pass 17: else 18: return fail (1) Firstly, ID G generates authentication message which contain MSG. Then Send the message to ID G i , ID is the identity of entity of the satellite communication network. (2) When ID G i receives the message, ID G i computes r A , and then saves the value of r G . Next, ID G i generates its own authentication message which contains MSG 1 ||MSG 2 , and sends the message to ID G . (3) Once ID G receives the response, ID G computes rG i .
And then it checks whether XID G is correct. If the message content is correct, then generates the second message which contains MSG. At the same time, ID G generates sk||CK||IK. If the message is not correct, the protocol aborts. (4) Once ID G i receives the response, ID G i computes XMAC, and the protocol will continue to check XMAC. If its content is correct, ID G i generates a message sk||CK||IK that is used in the future communication.

Mutual authentication between two GEO/LEO satellites
All the satellites are assumed to be launched one by one and gradually build a satellite communication network. Thus, the authentication of different satellites is not exact the same. When the first satellite is launched, the network has not been built yet. The authentication for the first satellite is authenticated through the proposed mutual authentication protocol between a GEO/LEO Satellite and the GCC. Upon completing the authentication of the first satellite, the second satellite can be deployed in a similar way. Besides mutual authentication between a GEO/LEO Satellite and the GCC, it is also vital to build a secure communication channel for neighbouring satellites, since there must exists GEO/LEO satellites that cannot directly communicate with the GCC. So these satellites can only authenticate with the GCC, when there are secure communication channel among neighbouring satellites. The steps of the mutual authentication protocol between two GEO/LEO satellites (called A and B for short) are defined as below: (1) A first calculates the authentication massage MSG based on its own key K AB to initiate a challenge, where the authentication message is made up of the following three elements which are the identity ID A , the encrypted ciphertext of random number r A and the MAC of random number r A . The generation process of the message MSG is constructed as MSG = Enc K AB (r A ) . A then sends the message MSG to B.

Key update for LEO satellites
The key update is designed for LEO satellites. In the GEO/LEO satellite communication networks, GEO satellites can be used to control some LEO satellites when those satellites are compromised by an adversary. The key update protocol contains two steps. First, mutual authentication between GEO and LEO satellites. Second, using the GEO satellites to update the key of the compromised LEO satellites. After establishing GSN and LSN, the key update for LEO satellites can be implemented with the help of GSN. Specifically, if the GCC wants to update key for a LEO satellite which is out of the communication range, it can use some GEO satellites as bridge. The protocol specification is shown in Figure 4.
The following example illustrates the failure of a high-orbiting satellite to describe the process to update keys and re-build a secure communication channel is shown in Figure 5 and the next two procedures. return Success 8: else 9: return Fail Algorithm 3 Key Update Procedure 2 Require: ID A , ID B Ensure: 1 Otherwise, the authentication fails and access is denied.
The completion of the above steps will enable the satellites A and B to update their keys.

Security analysis
The Encryption-based Mutual Authentication and Key Update (EMAKU) protocol can accomplish mutual authentication and key update. Specifically, the EMA KU protocol is used a symmetric key encryption scheme to ensure the confidentiality of the protocol. Message authentication code is used to ensure the integrity of the protocol. Thus, attacks such as counterfeiting and forgery can be resisted. We use the random number instead of timestamps to protect against replay attacks. In the process of satellite communication, key update is run in the secure communication channel, which can effectively resist against man-in-the-middle attacks.
Moreover, the two entities in the communication channel perform mutual authentication and key update to obtain the encryption key and the integrity key, respectively. GCC will update both keys between the compromised neighbouring LEO satellites. Specifically, the EMAKU protocol uses a symmetric key generation function to derive an encryption key and an integrity key for providing the confidentiality and integrity. Through the proposed protocol above, the traditional attacks such as counterfeiting and forgery in the satellite communication networks can be resisted. Also, the EMAKU protocol uses the SQN to defend against replay attacks.

Performance analysis
We simulate the EMAKU protocol under a computer which have an Intel (R) Core i7-7700HQ CPU@2.80 GHz processor to test its performance. We uses openssl open source library security algorithm in the simulation. In the experiments, we use virtual machines to simulate satellites and use Satellite Tool Kit 9.0(STK for short) [27] to calculate satellite network delay. The simulation in STK is shown in Figure 6.
In order to test the performance of the EMAKU protocol, we carried out three experiments. The first experiment is to compare the performance of our protocol with that of the traditional mutual authentication protocol. In the first experiment, we put the protocols into the satellite simulation environment to measure the communication delay and computation delay of the protocol. The second experiment is to test the performance of authentication protocols under different key lengths in the simulation network. The last experiment is to show the performance of key update in the simulation environment.
One hundred tests of network authentication were compared with the traditional mutual authentication protocol which is based on 3GPP AKA protocol [20]. The total delay results are shown in Figure 7. The total communication and computation time of the EMAKU protocol is less than the traditional mutual authentication protocol. Because the communication delay is too large and there is little difference between them, we mainly compare the computational delay between the two protocols ( Figure 8).
In the first experiment, the maximum computation time of the EMAKU protocol is approximately 0.328 ms, the minimum time is about 0.053 ms, and the average computation time is about 0.073 ms. The maximum computation time of the traditional authentication scheme is approximately 0.345 ms, the minimum computation time is about 0.071 ms, and the average computation time is about 0.093 ms. The experiment shows that the average efficiency of the EMAKU protocol is 21.5% higher than that of the traditional authentication protocol.
In the second experiment, we conduct comparison between 128 bits, 192 bits, 256 bits key symmetric encryption, as shown in Figure 9. The average encryption time for 128-bits is 378.48 ms, the average time for 192-bits is 380.55 ms, the average time for 256-bits is 380.61 ms, and the fluctuation range is within 10 ms. The mutual authentication protocol is stable in the simulation environment. Because the mutual authentication protocol in this paper requires less environment, it has little impact on different key length.
In a word, the EMAKU protocol works stably in satellite communication networks.   Finally, we tests the performance of key update. Since the router for key update will pass through 1-4 GEO satellites, the experiments in this paper have done 10 experiments for different paths. The test results are shown in Figure 10. As is shown in the experiments, when key update gets though 1 GEO satellite, the maximum computation time of the EMAKU protocol is 255.60 ms, the minimum time is 269.57 ms, the average time is 262.47 ms. When it turns to 2 GEO satellites, the maximum computation time of the EMAKU protocol is 392.73 ms, the minimum time is 382.10 ms, the average time is 386.03 ms. When it needs to pass 3 GEO satellites, the maximum computation time of the EMAKU protocol for key update is 519.03 ms, the minimum time is 506.77 ms, the average time is 512.32 ms. When it needs to pass 4 GEO satellites, the maximum computation time of the EMAKU protocol is 644.21 ms, the minimum time is 630.48 ms, the average time is 639.21 ms. The total average time is 450.01 ms.
The delay of key update protocol varies slightly in different paths. The large delay between different paths is due to the fact that every additional satellite passes through will have an additional time delay between high orbit satellites.

Conclusion
A new encryption-based mutual authentication and key update protocol in satellite communication networks is proposed in this paper. The security of the EMAKU protocol is proved by security analysis and the performance of the EMAKU protocol is also compared with the traditional authentication protocols. In the future, the computing power of satellite is probably more powerful, and the difficulty based on computation power will eventually be solved. As a result, the use of public key cryptography system on satellite communication networks will be a potential research direction.

Disclosure statement
No potential conflict of interest was reported by the author(s).