Study on Security of 5G and Satellite Converged Communication Network

YAN Xincheng, TENG Huiyun, PING Li, JIANG Zhihong, ZHOU Na

DOI： 10.12142/ZTECOM.202104009

http：//kns.cnki.net/kcms/detail/34.1294. TN.20211022.1252.002.html， published online October 22， 2021

Manuscript received： 2021-08-09

Abstract： The 5G and satellite converged communication network （5G SCCN） is an impor? tant component of the integration of satellite-terrestrial networks， the national science， and technology major projects towards 2030. Security is the key to ensuring its operation， but at present， the research in this area has just started in our country. Based on the network char? acteristics and security risks， we propose the security architecture of the 5G SCCN and sys? tematically sort out the key protection technologies and improvement directions. In particu? lar， unique thinking on the security of lightweight data communication and design reference for the 5G SCCN network architecture is presented. It is expected to provide a piece of refer? ence for the follow-up 5G SCCN security technology research， standard evolution， and indus? trialization.

Keywords： 5G SCCN; non-terrestrial networks; 5G security; satellite security; integration of satellite-terrestrial networks

Citation （IEEE Format）： X. C. Yan， H. Y. Teng， L. Ping， et al.， “Study on security of 5G and satellite converged communication network， ”ZTE Communications， vol. 19， no. 4， pp. 79 – 89， Dec. 2021. doi： 10. 12142/ZTECOM.202104009.

1 Introduction

The development of mobile communication technology has greatly improved the informatization level of all in ? dustries in the whole society.However， due to factors suchasspaceandquantity，5Gcommunicationnet? works are currently deployed in limited areas. Satellites are an ideal choice for wide coverage communications[ 1] ， especial? ly for areas where ground transmission towers cannot be de ? ployed （oceans， mountains， islands， etc. ） and for scenarios of disaster relief and emergency response.Building 5G and sat? ellite converged communication network（5G SCCN） has be? come an important direction for future network development， deeply combining the excellent access capabilities and mobili ? ty of 5G networks with the extensive coverage capabilities of satellite networks， and giving play to the respective advantag? es of the networks to achieve global wide-area full coverage and seamless high-speed interconnection.However， the satel? litenetworkhasthecharacteristicsofenvironmentalopen ? ness， time-varying topology， and limited computing resources， bringing5Gandsatellitenetworksmorecomplexsecurity challenges; meanwhile， 5G SCCN will carry more critical and urgent communication services for industries， individuals， and public affairs， which makes it particularly important to ensurethe security of 5G SCCN.

A wave of satellite Internet constellation construction is un ? derway around the world. At present， at least15 companies aroundtheworldhaveannouncedlow-orbitcommunication satellite plans， and many have carried out research and prac ? tice related to 5G and satellite converged networks[2]. In 2017， the European Union funded the Satellite and Terrestrial Net? work for 5G （SaT5G） alliance to promote solutions that inte ? grate satellite communications with 5G， software-defined net? working/network functions virtualization SDN/NFV， and other technologies[3 –4]. In 2018， the European Space Agency （ESA） launched the ALIX project to promote the standardization of 5Gsatellitecomponentsanditsinterfaceswithothernet? works[5]. In 2019， Telesat verified that low-orbit satellites pro? vided effective solutions to 5G base station relays[6]. In April 2021， the China Satellite Network Group was established. It planstoprovidesatellitecommunicationservicesincluding 5G satellite converged networks to ground and air terminals. In July 2021， Beijing University of Posts and Telecommunica? tions completed a low-orbit satellite and 5G private network integration test between two cities.

The academia has researched on early development of satel ? lite communications[7 –9]. In recent years， institutions and universities have gradually carried out technical research on satellite- terrestrial converged communications[10 – 15]and its security， such as dual access through satellite and ground base stations， 5G New Radio （NR） and satellite network convergence， and satellite networks and 5G core network heterogeneous convergence. In the security aspect， the National Digital Switching System Engi ? neering& Technological R&D Center has researched on satel ? lite communication security[16 – 17]. The Ph. D. thesis “Research on Security Protocol of Broadband Satellite Network”improves security protocols such as IP Security （IPSec） and Internet key exchange （IKE） for satellite communications[18].

Standard organizations such as International Telecommuni ?cation Union （ITU） and the 3rd Generation Partnership Proj?ect （3GPP） proposed that satellite networks can be used as ex?tensions of terrestrial networks[ 19 –24] ， and research in this areahas been carried out. Among them， ITU-R M. [NGAT_SAT][ 19] defines and discusses the key technical issues， service charac ?teristics， network structure， and deployment scenarios regard ?ing satellite networks integration into5G networks. 3GPPsresearch on 5G and satellite converged networks is mainly car?riedoutintwoprojects，TR38.811[20]andTR22.822[21]. Amongthem，“StudyonUsingSatelliteAccessin5G” （TR22.822） analyzes the functional requirement of 5G satel?lites and introduces 12 functional requirements and their cor?responding usage scenarios. While “Study on NR to SupportNon-Terrestrial Networks”（TR 38.811） proposes three func ?tions of satellite communications for 5G networks. It serves asasupplementarycoverageforterrestrial5Gnetworks，pro?vides continuous communications for high-speed mobile carri?ers，andusesnewservicessuchassatellitemulticastandbroadcast. The project also introduces service characteristics，networkstructures，deploymentscenarios，andnon-ground-based network channel models of 5G and satellite convergednetworks and proposes a variety of non-terrestrial network ar?chitecture options.

However，although3GPPdefines thenetwork formof 5G SCCN， its security issues have not been considered. At pres? ent， there is also a lack of technical requirements in this area， and standards are also absent. This paper intends to analyze and discuss the security requirements and key security tech ? nologies of 5G SCCN. On the one hand， it is a reference for fu ? ture research on 5G and satellite converged network security technology， standard promotion， and industrialization; On the otherhand，basedontheconceptof “security-synchronized design”， it is hoped that the security design can provide a ref? erence for 5G SCCN design.

2 Security Challenges and Requirements

2.1 Security Challenges

5G SCCN has different network characteristics from terres? trial5Gnetworks.Thesecharacteristicsaremainlyderivedfromsatellitenetworks.Meanwhile，thecross-networkand cross-domain integration of 5G and satellite networks， and the introduction of 5G diversified services will jointly constitute new features of the converged network， making 5G SCCN face new security challenges.

1） Borderless security issues are caused by the open net? work environment.

Different from the terrestrial network， the satellite network nodesareexposedandchannelsareopen，and thesatellite node runs in the exposed space orbit for a long time. Thus， new threats emerge. For example， the inter-satellite and satel? lite-to-ground wireless communication links are more suscepti ? ble to the adverse natural environment and malicious users; network nodes are more susceptible to forgery and hijacking; communication links are more susceptible to human interfer? ence， eavesdropping， replay attack， and wireless resource oc ? cupation. Therefore， higher risks of confidentiality， integrity， availability and reliability of the network are posed.

2） Dynamic changes in network topology lead to changes in security policies.

The 5G SCCN includes satellite nodes and ground nodes. Satellitenodesarealwaysinhigh-speedoperationandmay frequently join or exit the network. This makes the network to? pologychangedynamically，andthecommunicationobjects changeasaconsequence，whichleadstonetworksecurity function switching and security strategy migration， such as the update and synchronization of the original authentication poli ? cy， or the renegotiation of the original IPSec/transport layer se ? curity （TLS） tunnel.

3） Heterogeneous interconnection causes security applica? bility issues.

5Gandsatelliteconvergedcommunicationsarebasedon different forms of physical resources and present a“chimney- like”development model. Different satellite systems are rela? tively independent and dedicated， lacking a unified network protocol specification. This may also make the mature security protocols applicable to terrestrial networks while inapplicable to satellite networks. In addition， the heterogeneous intercon? nectionandlong-distancecommunicationofthe5GSCCN make it more difficult to protect data in transmission， and the risk of user data being stolen， tampered with， and damaged in? creases.

4） Insufficient security computing power is caused by low on-board processing capability.

Satellitesusuallyuseaerospace-gradechipstocopewith the complexity and harshness of the space environment. In or? der to improve the reliability of the chip， it is necessary to re ? duce the density of computing units on the chip， and strictly control the amount of computing of the software carried by the satellite， which makes the computing power of the satellite far lower than that of the ground communication node. Therefore， satellitenodesaremoresusceptibletoavailabilityattacks from asymmetric computing power， such as distributed denialof service （DDoS） attacks. Meanwhile， some traditional compu ? tationally intensive encryption algorithms cannot run on satel ? lites. All these make the security of satellite nodes face great? er challenges， and therefore， it is necessary to research on a new type of 5G security architecture and security technology suitable for satellite networks.

2.2 Security Requirements

Based on the above analysis of the 5G SCCN characteristics andsecuritychallenges，foursecurityrequirementscanbe summarized： identityauthentication， lightweightcommunica? tionsecurity，enhancedavailabilityprotection，andfine- grained resource sharing and isolation.

1） Universal identity authenticity needs

Terrestrial communication networks usually adopt physical isolation or physical dedicated lines. Network nodes are usual? ly in the same physical or logical trust domain， and there is a default trust relationship among network nodes. However， the 5G SCCN conducts ultra-long distance communication in an open space environment， and the satellite network has a time- varyingtopology，whichmakesthecommunicationobjects highly dynamic. Therefore， ensuring the authenticity of com ? municationnodes，especiallytheauthenticityofnetwork equipment， is a key requirement for 5G SCCN. Through the accessauthenticationof the terminaland theauthentication between the network nodes， a communication system with an open external environment and trustworthy internal communi ? cation can be established.

2） Lightweight communication security requirements

In the 5G SCCN， the service link， inter-satellite link， and feeder link all use wireless links for communication， making it more vulnerable to eavesdropping， tampering， and replay at? tacks. Therefore， the confidentiality and integrity protection of thetransmitteddataisespeciallynecessary. Ontheotherhand， due to the limited processing resources on the satellite， it is necessary to avoid running computationally intensive en ? cryption algorithms on the satellite as much as possible. The 5G SCCN consequently needs to design and adopt lightweight communication security architecture and technology to ensure the security of communication data while avoiding excessive computational burden on the satellite network.

3） Enhanced availability protection requirements

Availability attacks on existing networks will still exist in 5G SCCN， such as DDoS attacks and signaling storms. Consid? ering the openness of the satellite network environment， lower processing capacity， and high value of the services， the securi? ty risks are severer. Therefore， more systematic and efficient technical measures need to be adopted to ensure the availabili ? ty of functions and services on satellite nodes.

4） Fine-grained resource sharing and isolation requirements

The 5G SCCN will provide differentiated network services for public users， industry users and special users on shared networkinfrastructure.Therefore，itisnecessarytoisolate shared resources securely and effectively to prevent side-chan? nel attacks and threats from spreading. Limited satellite net? work resources put forward higher requirements on the granu ? larity of resource sharing， and more refined network resource management technologies are required.

3 Network Security Architecture

3.1 Service Architecture

3GPP TR 38.811 defines two typical 5G and satellite con? vergednetworkmodes（excludingrelaynodes），asshownin Fig.1. In mode1， 5G RAN is still deployed on the ground， and the satellite network is used as a transparent forwarding channel for the 5G access network; In mode 2， 5G radio ac? cess network （RAN） is deployed on the satellite and connectedtothegroundcorenetworkthroughnon-terrestrialnetworks （NTN） gateway.

Fig. 2（a） shows NTN featuring access network serving user equipment （UE）， based on a satellite/aerial with bent pipe pay? load and gNB on the ground （satellite hub or gateway level）. Fig. 2（b） shows NTN featuring an access network serving UE， based on a satellite/aerial with gNB on board.

In contrast， Mode 2 is easier to inherit the existing 5G ac? cess technologies， including air interface scheduling technolo ? gy， mobile handover technology， terminal secure access tech ? nology， etc.， and it is also easier to achieve the goal of mobile terminal access everywhere with one device， which has better industrializationfoundationandbetterserviceability. There? fore， the follow-up technical researchhereinmainly focuses on the second service model， which is about the gNB on board the satellite network.

Fig. 3 shows the service architecture in Mode 2 of 3GPP TR 38.811. Amobile phone terminalaccessesInternetservices through a 5G SCCN. From left to right， the terminal UE locat? ed on the ground or in the air communicates with the base sta? tionNR on the low-orbitsatellite. The inter-satellite link is routed to the ground satellite gateway station， then reaches the core network， and finally accesses Internet services.

In the vertical dimension， the entire service model can be abstracted into four levels， from bottom to top including the networkinfrastructure layer， thenetwork transmission layer，the network function layer， and the network application layer. The network transmission layer and the network function layer realize respectively the forwarding of IP packets and the com ? munication of the mobile network. At the network transmis ? sion layer， assuming that satellites and satellite gateways have basic routing functions and follow the basic IP routing proto ? col to realize the transmission and forwarding of messages on inter-satellitelinksandthesatellite-to-groundlinks，andat the network function layer， assuming that the base station is onthesatellite，a5Gcommunicationnetworkistherefore formed consisting of network functions such as the terminal， theon-boardbasestationandtheterrestrialcorenetwork， which has the basic features and capabilities of a 5G network.

Through the service architecture， we can decompose the ca? pabilities of each communication facility， and thus map more clearly the requirements and capabilities of the traditional 5G network and bearer network to the NTN network. For example， the NGc&NGu port in the 5G network is composed of inter-sat? ellitelinks， feeder links，andthegroundbearernetworkbe ? tween satellite gateways and the core network in the NTN net? work. As another example， because the satellite has the capabil? ity of a base station at the network functional layer， the UEs access guarantee can be enhanced with the help of existing 5G access technologies to a large extent.

3.2 Security Architecture

Due to the openness， mobility， and low power consumption of satellite links， the offensive and defensive situations of 5G SCCNandterrestrial5Gnetworksarequitedifferent.But manysimilartechnologiescanbeusedandreferenced. As shown in Fig. 4， based on the service architecture， the security of the 5G SCCN is analyzed layer by layer， focusing on the three types of security attributes of availability， authenticity， andcommunicationsecurity（confidentiality，integrity，and communication isolation） for key communication nodes and in? terfaces.

In the 5G SCCN， in addition to the general security attri ? butes and technologies of the 5G network， it is important to consider the security issues caused by the characteristics of the satellite network and its integration with the 5G network. Given the different service characteristics and security attri ? butes of each layer， the required security technologies are alsodifferent.

Attheinfrastructurelayer，considering the difficulty of upgrading and maintaining the equipment on the satellite， it is neces ? sary to establish an active immune mecha? nism for the satellite node through the trust? edboottoresistattacksfromunknown threats to ensure the authenticity of a single node. The infrastructure protection method for other nodes is similar to that of the 5G network. In the radio frequency part， considering thepowerasymmetrybetweenthesatelliteandthe ground attacker， the availability of satellite nodes needs to be paid more attention.

At thenetwork transmission layer， inorder toensure the confidentiality and integrity of the information transmission of the inter-satellite link and the back-haul network， the bearer network communication security technology is needed to be in place. Considering the limited resources of satellite networks， lightweightattackdetectionmethodscanbeused todefend against DDoS attacks on satellite networks. In addition， with the slice isolation technology of the bearer network， the satel? lite network-related traffic is isolated from other 5G network traffic to avoid mutual influence.

At the network function layer， to reduce the burden on the on-board base station， on-demand air interface signaling en? cryption and decryption and user plane confidentiality and in ? tegrity protection functions are considered. To ensure that the satelliteaccessnetworkandrelatedcorenetworkresources are not affected by other 5G services， end-to-end slice isola? tion from the RAN to the core network should be adopted. Re ? garding the malicious directed call attack that may exist in the case of the asymmetry of space and ground resources， the anti- UE random access technology should be adopted to ensure the regular access of legitimate users. In addition， in order to en? surethelegitimateaccessofmassterminalsanddynamic nodes，itisnecessarytoperformtwo-wayauthenticationon the terminals and the network nodes.

At the network application layer， in order to protect the con? fidentiality and integrity of application layer data， end-to-end encryption technology is used between the terminal and the applicationservice. To reduce the processingburdenof the satellite， the satellite nodes can implement transparent trans ? mission.

The specific security technologies are referred to in Table 1.

4 Key Protection Technology

Combining the analysis result in Table 1， this section analyzes the key technologies involved in aspects of identity authentica? tion， data communication security， network availability， and network resource sharing. Due to space limitations， we only put for? ward directional suggestions for each tech ? nical requirement， and elaborate the key technical features needed to meet the re ? quirements， the current technologies that can be inherited or learned from， and the improvement suggestions when applying this technology to 5G SCCN. The technical details will not be discussed.

4.1 Identity Authentication

Due to the openness and the time-varying topology of the 5G SCCN， it is neces ? sary to verify the authenticity of the communication node. In addition to the terminal access authorization in the traditional 5G network， the 5G SCCN also needs to authenticate the net? worknodes.Communicationsamongnetworknodesshould take identity authentication as a prerequisite， and ensure the securityandindependenceof the5GSCCNsystembyen? abling the identity authentication process. Meanwhile， technol? ogies such as trusted boot and trusted environment can also be usedtofurtherensuretheauthenticityof hardwaredevices and their running software.

4. 1. 1 Terminal Access Authentication

In the 5G SCCN， due to the openness of the service link and the diversity of access terminals， the trusted communica? tion of the service link has received much attention. 3GPP de? fines a complete user access system for 5G networks. Based onthe5Gunifiedauthenticationarchitecture（5G-AKAor EAP-AKA）， the terminal and the service network are mutual? ly authenticated to ensure mutual trust between users and the network. The 5G SCCN can follow this set of access authenti? cation frameworks to ensure the trusted access of wireless ter? minals and solve the problem of pseudo base stations， pseudo terminals，andpseudonetworks.Meanwhile，5GSCCNalso needs to enhance 5G access authentication for new network features. For example， for the weak processing capabilities of satellite nodes and new multicast services， group authentica? tion and lightweight authentication methods[25]need to be con? sidered; The topology of the satellite network is time-varying， and it is necessary to enhance the switching capability of the Xn ports between the base stations.

4. 1.2 Authentication of Network Nodes

Authentication of network nodes is a key feature that distin ? guishes 5G SCCN from terrestrial 5G networks. In the communication of each layer of the 5G SCCN， whether the communi? cation is between network functions （such as between NR and 5Gcorenetworkelements）orbetweentransmissionnodes （such as on-board routing and forwarding）， the authentication of the network node is required as a precondition to prevent at? tackers from impersonating legitimate network functions to ac ? cess the 5G network， or impersonating legitimate transmission nodes toestablishroutingadjacencies withlegitimatesatel ? lites， thereby stealing or tampering with user data and routing information in the network.

There are two typical authentication methods. One is to use SDN-liketechnology.Thecommunicationforwardingnode uniformly authenticates the management node， and the token for networkcommunicationisobtainedafter theauthentica? tion is passed. Since there may be blind spots in communica? tion， this method has higher requirements on the topology of the management network. The other way is to carry out mutual authentication between communication nodes. This way has a relatively high technical maturity. For example， two-way au? thenticationbetweennetworkfunctionnodescanbeper? formedbasedontheIKEprotocol，andtheauthentication function in the dynamic routing protocol can be enabled to im ? plementidentity authentication between routing and transmis ? sion nodes. However， in this way， the overhead brought to the satellite node and the system complexity introduced by the dy ? namic switching of communication objects need to be consid ? ered.

4. 1.3 Trusted Boot of Satellite Nodes

Satellite nodes run in the space orbit for a long time， mak? ingupgradesandmaintenancedifficult.Softwareandhard? warevulnerabilitiesaredifficulttoupdateintime，andthe nodes are more vulnerable to attacks from unknown threats. Therefore， the satellite nodes need stronger self-immunity. Sat? ellite nodes need to be reinforced under the principle of theleast privilege， such as shutting down unnecessary processes andports.Meanwhile，withtrustedcomputingtechnology， there forms a trusted chain of level-by-level verification to en? sure the operation of satellite nodes through digital signature and integrity verification technology. Based on trusted execu ? tionenvironment（TEE）storagedeviceidentityfingerprints， combined with technologies such as authentication and remote certification， the authenticity of the 5G SCCN communication system can be further assured.

4.2 Data Communication Security

Due to the openness of the5GSCCN， theconfidentiality andintegrityprotectionof thetransmitteddatahasbecome particularly important. However， the cryptographic computing used for data confidentiality and integrity protection requires a large amount of computing power， which contradicts the low processing capabilities of satellites. Therefore， the confidenti? ality and integrity protection of the 5G SCCN needs to be con? sidered systematically， especially to avoid enhancing the over? head of satellite nodes greatly. This section discusses the com ? munication security protection technology of critical data such as 5G signaling， IP routing， and user data in the 5G SCCN， and proposes a framework solution that can effectively avoid the impact on satellite computing resources caused by confi ? dentiality and integrity requirements.

4.2. 1 Bearer Network Communication Security

On the ground network， if a section of the bearer network is in an insecure or untrustworthy environment， it is usually rec ? ommended to protect its confidentiality and integrity. On the satellite network， although the inter-satellite and satellite-to- groundlinksusewirelesscommunications，consideringthe limitedprocessingcapabilitiesof thesatellitenodes， wedo not recommend this kind of protection. Confidentiality and in? tegrity protection in 5G SCCN communication requires refineddesign. For the data transmitted in the network， including 5G signaling and user data， it is recommended that the network function layer and application layer be resolved. This part will bediscussedinsubsequentsections. The network transmis ? sion layer should focus on ensuring the confidentiality and in ? tegrity of the routing information exchanged in the network. If each network node in the 5G SCCN has undergone strict au? thentication， whether it is necessary to protect the confidential ? ityandintegrityof routinginformationrequiresfurtherre ? search. If considering the bit error rate of wireless transmis ? sion， cyclic redundancy check （CRC） may be more suitable forsatellite communications than MD5.

4.2.2 Network Function Communication Security

This section focuses on the security of signaling communi ? cations between 5G network functions， and the security of us ? er data communication carried by the 5G network is discussed in the next section. In order to ensure the security of 5G air in? terfacecommunicationandUEaccesssignaling，3GPPhas standardized the confidentiality and integrity protection of ra? dioresourcecontrol（RRC）signalingbetweenUEandNR， andnon-accessstratum（NAS）signalingbetweenUEand 5GC. In order to enhance the communication security of the 5G SCCN， it is recommended to enable transmission protec ? tion for RRC and NAS signaling. However， the opening of the confidentiality and integrity of RRC signaling means that the load on the on-board base station will increase significantly.

In view of the limited computing resources of satellites， con?fidentiality and integrity computing on the satellite should be avoided. As shown in Fig. 5， we recommend the Control and User Plane Separation technology， to adopt the deployment method of distributed unit-centralized unit （DU-CU） separa?tion. Among them， the DU is deployed on the satellite， and the CU is deployed on the ground. The phys?ical layer， media access control （MAC） layer， and radio link control （RLC） layer with high real-time requirements are placed in the DU for processing， while the packet data convergence protocol （PDCP） and RRC layers with relatively low real-time requirements are placed in the CU for processing. Since the con?fidentiality and integrity of the RRC sig?naling are completed at the PDCP layer by the DU located on the ground， it is possible to effectively avoid heavy-duty cryptographic computing on the satellite nodes.

4.2.3 User Data Communication Security

In Fig. 6， there are requirements for communication security assurance at the network transmission layer， networkfunction layer， and network application layer. In traditional network protection， the idea of in-depth multi-level protection is usually adopted， that is， each system and each protocol lay? er is protected independently. When the internal system is protected， the assumption that the external system has been protected cannot be made. This may result in the network transmission layer， network function layer， and network appli? cation layer protecting the confidentiality and integrity of user data on their own. However， in satellite communications， this idea cannot be fully applied， instead， the principles of mini?malism and optimality should be adopted.

To solve the contradiction between the security protection of data communication and the weak processing capability of satellite nodes， we can use the idea of“transmitting on-satel? lite， processing off-satellite”and place the encryption， decryp?tion and integrity check of high computing costs on the ground node for processing. The satellite is mainly responsible for the forwarding of encrypted user plane data to achieve a balance between performance and security. The higher layer the en?cryption is applied to， the closer to the end-to-end encryption and the higher level of the security is achieved. Based on this idea， we propose two security solutions to data communica?tion， which are discussed below.

1） Solution 1： UE-DNs end-to-end security

Users and providers of 5G SCCN usually belong to different trust subjects， especially for some high security level services. Network users do not fully trust the protection mechanism of the network provider， and tend to provide end-to-end data en?cryption by themselves. Performing user data confidentiality and integrity protection between the UE and the Internet can effectively prevent user data from being eavesdropped and tampered with. At the same time， security functions such asencryption， decryption， and integrity verification are per? formed on the terminal and the ground network. The satellite node does not participate in cryptographic computing but only performs transparent forwarding， which greatly saves the computing power of the satellite node.

However， end-to-end encryption also introduces additional problems， such as illegal interception， and the inability of the IP Multimedia Subsystem （IMS） net? work to recognize voice over Long-Term Evolution （VoLTE） or guarantee the voice quality. The trusted third-party key management server （KMS） or the de?ployment of encryption and decryption agents in the core network can help solve the problem of legal interception of encrypted communications and the problem of VoLTE voice recognition af?ter multiple encryptions.

2） Solution 2： UE- NR CU security

TheseparatedeploymentofCU-DU can also effectivelysolve the contradic ? tion between the protection of user data transmission and the weak processing ca? pabilityof satellitenodes.Asshownin Fig.7，usingthesegmentedencryption transmission scheme， the air interface en? ables PDCP-based confidentiality and in? tegrity protection， and the N1/2/3 ports of the backhaul network and the N6 port of thedatanetworkcanenableIPSecor DTLS protection as needed. The advan? tage of this solution is that the confidenti ? ality and integrity of user data are pro ? cessed on the UE and CU on the ground and the DU on the satellite does not par? ticipate in the process， so the transmis ? sion security of user data can be protect? edwithoutincreasingthecryptographic computing overhead of satellite nodes.

3） Solution comparison

ThecomparisonbetweenSolutions1 and 2 is shown in Table 2.

The above two solutions can help 5G SCCNsolvethecontradictionbetweenuser data transmission protection and the weak processing ca?pability of satellite nodes， so that the satellite nodes can avoid heavy cryptographic computing. Solution 1 realizes end-to-endencryption and integrity protection from terminal to service. Although it achieves higher security and privacy， it has a cer?tain impact on legal monitoring and VoLTE services. While Solution 2 uses segmented encryption and decryption and in?tegrity protection， posing requirements for network deploy?ment.

The two solutions are not contradictory and can be used in combination. For general services， Solution 2 is recommend? ed; for high confidential services， Solutions1 and 2 can be activated simultaneously， so that critical data can be double protected.

4.3 Network Availability

Availability attacks on existing networks will still exist in 5G SCCN， such as electromagnetic interference， DDoS attacks and signaling storms. Considering the openness of the satellite network environment， lower processing capacity， and high val? ue of the services carried， the security situation is severer.

In addition to the impact of unconscious group behavior on key resources， it is also necessary to combine the characteris ? tics of 5G SCCN global coverage， focusing on the possibility of satellites suffering from availability attacks over the sea or in the air and enhancing the protection of signaling resources at each protocol layer. At present， the industrys protection mea? sures for the availability of satellite networks are not yet sys ? tematic or effective， and research needs to be strengthened.

4.3. 1 Anti-DDoS Attack

Although identity authentication can make the network re ? jecta large number of unauthorized communications， there are still a certain number of protocol interactions without authenti ? cation， or authentication itself can also cause DDoS attacks.

DDoS attacks on the user plane can be effectively prevent? edbystrengtheningaccessauthenticationandsingle-ses? sion traffic rate limit. DDoS attacks on the control plane can use conventional security defense mechanisms ， such as pro? hibitingInternetcontrolmessageprotocol（ICMP）packets and broadcast packets， adding access control list （ACL） fil? tering， and adding black and white lists. At the same time， therearestillDDoSfirst-packetattacksonthecontrol plane. A single-packet authorization mechanism can be con ? sidered.Meanwhile，specialmodulesandcryptographic chips can be used on the user plane to reduce the consumption of CPU resources.

Consideringthelimitationsofsatellitenetworkresources andcomplexdefensestrategies，newchallengeshavebeen posedtosatelliteresources.Wecanconsiderlightweight DDoS attack detection methods， such as self-organizing map （SOM）[26]and support vector machine （SVM） -SOM[27]technolo? gies，buildinganunsupervisedartificialneuralnetwork trainedbytrafficcharacteristicstodetectDDoSattacks，or combiningLSTMdeeplearningmodelsandSVMtechnolo ? gies[28 –29]to perform DDoS detection in spatial networks.

4.3.2 Anti-UE Random Access Attacks

Random competitive access of 5G NR may cause a signal? ingstorm.Forexample，abasestationmalfunctionsdueto mass activities or large-area calls caused by disasters， which can usually be avoided by speed limiting. However， misuse of randomaccessresourcesormaliciouscompetitionaccess， such as using a UE simulator to make a directional analog call to a specific satellite， will also make the satellite fail to access real and effective calls. Due to the asymmetry of space-ground computing resources， the possibility of such problems erupt? ing in insecure areas also exists.

In order to avoid the aforementioned UE random access at? tack， the response message can be scrambled. For example， the satellite base station response message can be scrambled， so that the attacker cannot decode it correctly and no longer sends the radio resource request message to avoid occupying resources.

4.3.3 Anti-Wireless Communication Interference

In the sea and sky environment， frequency band suppres ? sion attacks may occur. Since the ground transmission power canbeseveraltimesthatof thesatellite，theattackercan track and aim the communication satellite and launch strong interference signals to the satellite， including blocking inter? ference and noise interference， which greatly deteriorates the signal-to-noise ratio of the wireless channel. Meanwhile， the 5G frequency band is public， and it is easier for attackers to implement targeted frequency band suppression instead of full frequency band suppression， which will further increase the ef? fectiveness of the attack. Using spot beam and line beam an? tenna technology to dynamically allocate wireless channels， in? creasing frequency band guard bands， improving filtering ac ? curacy， and adopting frequency shift can cope with wireless communication interference to a certain extent.

4.4 Network Resource Sharing

Satellite resources are costly and space is limited， so limit? ed satellite resources must be shared among multiple services. 5GSCCNresourcesharingcanreferto5Gnetworkslicing technology. On the one hand， through the exploration of 5G in the field of Industrial Internet， 5G end-to-end network slicing technology has gradually matured， which provides a good foun? dation for the feasibility of 5G SCCN resource sharing. On the other hand， the existing 5G network slicing technology shares too large a granularity of resources and is not suitable for di ? rect application on the 5G SCCN. 5G SCCN slicing requires more refined network resource management technology. Mean ? while， the network slicing technology of 5G SCCN also needs to be adaptively designed for other features such as the time- varying topology of satellite communication and network het? erogeneity.

Theend-to-endsecurityisolationmechanismfornetwork slicing includes RAN slice security isolation， bearer networkslicesecurityisolation，andcorenet? work slice security isolation. Fig. 8 com? paresthe5GSCCNwiththeslicing technology. It can be seen that even in themannerofseparatedeploymentof CU-DU，thetwocanbeproperly mapped.Thisshowsthatthe5Gnet? workslicingtechnologyhasreference significanceforthe5GSCCNslicing technology.

4.4. 1 RAN Slice Isolation

The core technology of RAN slice iso?lation is the isolation of wireless spec?trum resources， which divides the wireless spectrum into dif?ferent resource blocks from the time domain， frequency do? main， and space domain dimensions for air interface communi? cation. This technology can still be applied in 5G SCCN. Ac? cording to the requirements of different application scenarios， the use of resource pool reservation and allocation can realize the isolation of the wireless channel for the terminal to access the satellite. Limited by satellite resources， 5G SCCN slicing is likely to be service-oriented rather than industry-oriented.

4.4.2 Bearer Network Slice Isolation

The bearer network in the 5G SCCN includes the backhaul network and the middle-haul network， which will cover both the on-board link and the ground link. Currently， bearer net? work isolation mechanisms include logical virtual local area network（VLAN）isolation，andtheEthernetfragmentation technology （such as FlexE） to achieve physical isolation at the time slot level. Although FlexE has better security， the granu? larity of 5 Gbit/s is obviously not suitable for applications on satellite links.

Considering that the movement of satellites causes the net? work topology to dynamically change， the corresponding net? work slicing also needs to be dynamically adjusted. Although the satellite behavior can be predicted based on the ephemeris information， and the resources of the 5G SCCN bearer network can be planned and deployed in advance， this is still a compli ? cated technical problem. In addition， issues such as the granu? larity of scheduling between on-board bearer network slicing and terrestrial bearer network slicing， protocol compatibility， and resource docking are also to be studied.

4.4.3 Core Network Slice Isolation

The core network in 5G SCCN is located on the ground， so it caninherittheexisting5Gcorenetworkslicingtechnology. This part is relatively mature. Physical isolation can be used to allocate relatively independent physical resources to the slices with higher security requirements. A logical isolation solution can also be used to manage and orchestrate networks and net? work functions with the help of the virtualization technology.

5 Conclusions

The 5G network is expected to achieve wide-area coverage andintegratedspace-groundcommunicationsbyconverging with satellite networks. However， due to the characteristics of openness， dynamics， and low power consumption of satellite networks，5GSCCNisfacedwithnewsecuritychallenges. Based on the network mode proposed by 3GPP TR38.811， this paper conducts a comprehensive analysis from the three di ? mensions of network structure， network layering and security attributes， and constructs the security architecture of the 5G SCCN， so that readers can get an overall and specific under? standing of the 5G SCCN from a security perspective.

By analyzing the security attributes of each layer and seg? ment of the 5G SCCN， four key security technologies can be summarized， namely， strict identity authentication， lightweight datacommunicationsecurity，enhancednetworkavailability， and fine-grained resource sharing and isolation. Based on strict identityauthentication， buildinga relativelyindependentand trustworthy communication system in an open environment is a key feature that distinguishes the 5G SCCN from the traditional 5G network. Based on the principle of “forwarding on-satellite， processingoff-satellite”andNRsCU-DUseparatedeploy? ment， a lightweight communicationsecurity assurance for5G SCCN can be provided. This is also a reference for the network design that this paper put forward from a security perspective. Based on new radio and signaling protection technologies， the availability of 5G SCCN services over the sea and in the air is enhanced; Based on the refined network resource management technology， fine-grained resource sharing and isolation for 5G SCCN applications is provided.

Allinall，the5GSCCNcaninherittheexistingsecurity mechanisms and technologies of 5G networks and IP bearer net? works to a large extent. There is no need to start anew for its se ? curity or design a completely different set of security architec ? ture and protocol， but it should also be seen that the new net? work after integrating is faced with huge challenges. It is neces ? sary to systematically design the network security architecture. Meanwhile， it is also necessary to fully consider the network se ? curity requirements at the architecture design phase.

References

[ 1] 3GPP.Studyonnewservicesandmarketstechnologyenablers：3GPPTR 22.891 V14.2.0 [S]. 2016

[2] XU B Y， HAN M. Study on international standards of satellite communications [J]. Information and communications technology and policy， 2019， （ 17）： 41 –44

[3] WANG C T， LI N， ZHAI L J， et al. Preliminary study on the integration of satel? lite communications and terrestrial 5G network [J]. Satellite & network， 2018， （9）： 14 –21

[4] KONSTANTINOS L， ALEXANDER G， RAY S， et al. Use cases and scenarios of 5G integrated satellite?terrestrial networks for enhanced mobile broadband： the SaT5G approach [J]. International journal of satellite communications and networking， 2019， 37 （ 2 ） ： 91 – 112

[5] LIU S J， HU Y M， WANG D P. Overview of studies on the satellite?5G integra? tion [J]. Information and communications technology and policy， 2019， （5）

[6] SHENYY.TheDevelopmenttrendof satellitecommunicationsin5Gera. Space international [J]. 2020， （ 1）： 48 –52

[7] CRUICKSHANK H， IYENGAR S， SUN Z L. Securing IP multicast over GEO satellites [C]//IEEE Seminar on Broadband Satellite： The Critical Success Fac ? torsTechnology，ServicesandMarkets.London，UK：IEEE，2000.DOI： 10. 1049/ic： 20000534

[8] NOUBIR G， ALLMEN LVON. Security issues in Internet protocols over satel? lite links [C]//50th Vehicular Technology Conference. Amsterdam， Netherlands： IEEE， 1999： 2726 –2730. DOI： 10. 1109/VETECF. 1999.800282

[9] ROY ?CHOWDHURY A， BARAS J S， HADJITHEODOSIOU M， et al. Security issues in hybrid networks with a satellite component [J]. IEEE wireless commu ? nications， 2005， 12（6）： 50 –61. DOI： 10. 1109/MWC.2005. 1561945

[ 10] JIANG Y W， ZHANG G X， ZHAO L D， et al. Summary of satellite communica? tion and 5G convergence system development[C]//The15th Annual Confer? ence of satellite Communication. Beijing， China： CIC， 2019： 56 –65

[ 11] CHEN S Z， SUN S H， KANG S L. System integration of terrestrial mobile com ? munication and satellite communication-the trends， challenges and key tech? nologies in B5G and 6G [J]. China communications. 2020， 17（ 12）： 16

[ 12] KODHELI O， GUIDOTTI A， VANELLICORALLI A. Integration of Satellites in 5G through LEO Constellaions [C]//IEEE Global Communications Confer? ence.Singapore，Singapore：IEEE，2017：1–6.DOI：10. 1109/GLO?COM.2017.8255103

[ 13] CHEN T T， WANG W J， DING R， et al. Location?based timing advance estima? tion for 5G integrated LEO satellite communications [C]//IEEE global commu? nications conference. Taipei， China： IEEE. 2020：1 – 6. DOI：10. 1109/GLO?BECOM42002.2020.9322428

[ 14] TANG Q Q， XIE R C， LIU X， et al. MEC enabled satellite?terrestrial network： architecture，keytechniqueandchallenge[J].Journaloncommunications， 2020， 41（4）： 162 – 182

[15] ZHANG Z， ZHANG W， TSENG F H. Satellite mobile edge computing： improv? ing QoS of high?speedsatellite?terrestrial networks using edge computing tech? niques [J]. IEEE Network， 2019， 33（ 1）： 70 –76

[ 16] LI F H， YIN L H， WU W. Research status and development trends of security assuranceforspace ? groundintegrationinformationnetwork[J].Journalon communications. 2016， （ 11）： 160 – 172

[ 17] JI X S， LIANG H， HU H C. New thoughts on security technologies for space ? groundintegrationinformationnetwork[J].Telecommunicationsscience. 2017， （ 12）： 30 –41

[ 18] Huang Zhan. Research on security protocol of broadband satellite network [D]. Harbin Institute of Technology， 2012

[ 19] ITU ?R M. Key elements for integration of satellite systems into next generation access technologies [EB/OL]. （2019?07 ? 02） [2021 ? 04 ? 06]. https：//www.itu.int/ md/r15?wp5d?c?1263/en

[20] 3GPP.Studyonnewradio（NR）tosupportnon-terrestrialnetworks：TR 38.811 V15.4.0 [S]. 2020

[21] 3GPP. Study on using satellite access in 5G： 3GPP TR 22.822 V16.0.0 [S].2018

[22] 3GPP. Study on scenarios and requirements for next generation access technol ? ogies： 3GPP TR 38.913 V16.0.0 [S]. 2020

[23] 3GPP.Studyonarchitecturefornextgenerationsystem：3GPPTR23.799 V14.0.0 [S]. 2016

[24] 3GPP. Service requirements for the 5G system： 3GPP TS 22.261 V17.2.0 [S].2020

[25] ZHANG Z J， ZHOU Q， ZHANG C. New low ?earth orbit satellites authentica? tion and group key agreement protocol [J]. Journal on communications. 2018， （6）：150 – 158. DOI： 10. 11959/j.issn. 1000 –436x.2018102

[26] BRAGA R， MOTA E， PASSITO A. Lightweight DDoS flooding attack detection usingNOX/OpenFlow[C]//IEEELocalComputer NetworkConference. Den? ver， USA： IEEE， 2010： 408 –415. DOI： 10. 1109/LCN.2010.5735752

[27] DEEPA V， SUDAR K M， DEEPALAKSHMI P. Detection of DDoS attack on SDN control plane using hybrid machine learning techniques [C]//Internation? al Conference on Smart Systems and Inventive Technology. Tirunelveli， India： IEEE， 2018： 299 –303. DOI： 10. 1109/ICSSIT.2018.8748836

[28] JIA M， SHU Y J， GUO Q， et al. DDoS attack detection method for space– based network based on SDN architecture [J]. ZTE communications， 2020， 18 （4）： 18 –25. DOI： 10. 12142/ZTECOM.202004004

[29] YANGLF，ZHAOH.DDoSattackidentificationanddefenseusingSDN based on machine learning method [C]//The 15th International Symposium on PervasiveSystems，AlgorithmsandNetworks（I ? SPAN）.Yichang，China： IEEE， 2018： 174 – 178. DOI： 10. 1109/I –SPAN.2018.00036

Biographies

YAN Xincheng （yan.xincheng@zte.com.cn） received his M.S. degree from South? east University， China in 2004. He is currently the chief system architect and di ? rector of the Security Technology Committee of ZTE Corporation， responsible for network security technology planning. He was the leader of the network security sub-project of the“New Generation Broadband Wireless Network Communication Network”and National Science and Technology Major Project“5G Security Over? all Architecture Research and Standardization”. He has been awarded a numberof scientific and technological awards of Jiangsu Province and Shenzhen.

TENGHuiyunreceivedherM. S.degreefromHohaiUniversity，Chinain 2011. She is currently the senior technical research engineer in ZTE Corporation and has 10 years of professional experience in communication and security.

PING Li received her M. S. degree from Southeast University， China in 2005 SheiscurrentlytheseniorcybersecurityanalystinZTECorporationwith8 yearsofprofessionalexperienceincybersecuritypolicyandtechnologyresearch and analysis. She got the CISSP in 2018.

JIANG Zhihong received his M. S. degree fromNanjing University of Posts and Telecommunications， China in 2003. He is currently the senior technical re search expert in ZTE Corporation.

ZHOU Na received her Ph. D. degree from Nanjing University of Aeronautics and Astronautics University， China in 2004. She is currently the senior techni? cal research expert in ZTE Corporation. She has won Shenzhen Scientific and Technological Award.