In recent years, there has been a tendency to expand the use of loworbit satellite communication systems (LOSCS). A special role belongs to the systems of remote monitoring, control and management of unattended objects of environmentally hazardous technologies. To ensure uninterrupted operation of the satellite communications system, a certain number of spacecrafts are combined into an orbital group. For a low-orbit CAS, the group consists of 48-60 satellites. However, due to the increase in the number of LOSCS, a situation may arise when a "foe" satellite gets in sight of a satellite communications receiver, which is located at the subscriber terminal of an unattended facility, attempts to impose a previously intercepted control command. This can lead to failure of the control object and provoke an environmental disaster. In order to prevent such a situation, it is necessary to increase the imitation resistance of the LOSCS. It is possible to solve this problem by using the identi cation of the Identi cation-Friend-orFoe system (IFF system) of a spacecraft. Obviously, the e ectiveness of such a system is primarily determined by the authentication protocol. Therefore, the goal of the research is to improve the imitability of the LOSCS by a satellite identi cation system using the developed authentication protocol, built on evidence with zero disclosure zeroknowledge proof knowledge (ZKPK).
Providing the communication services for global projects like the development of the Northern Sea Route, the creation of information and telemetric systems for air and land transport in high latitudes is impossible without the use of low-orbit satellite communication systems (LOSCS). Satellite communication systems such as Iridium and Iridium NEXT are now widely used to solve these tasks [Iri18], [Iri18], [Wha18].
One of the most promising areas of application of the LOSCS is the exploitation of mineral resources in the regions of the Far North. In this case, LOSCS are an important part of automated management, remote monitoring and control systems, which are used to manage the maintenance-free hydrocarbon production and transportation facilities located beyond the Polar Circle. To organize uninterrupted communications, the NSSS group should contain 48 to 60 spacecraft. However, the increase in the number of countries participating in the development of the natural resources of the Arctic, as well as the large spatial extent of communication lines leads to an increase in the number of satellite constellations. Because of this, a situation may arise when a satellite of the intruder may be in the visibility zone of the receiver, which may disrupt the operation of the LOSCS. This can lead to the failure of maintenance-free control facility and provoke an environmental disaster.
It is possible to solve this problem by increasing the imitation resistance of the LOSCS. To counteract the imposition of an intercepted command, it is advisable to use a satellite identi cation system (SIS). For e cient work of the inquiry-response identi cation system friend-foe, it is necessary, foremost, to use an imitationresistant authentication protocol, and, secondly, encrypting algorithms should not be used when checking satellite status. This problem can be solved only with the help of request-response type protocols, built on evidence with zero disclosure of zero-knowledge proof knowledge (ZKPK) [Feg03], [Pas18], [Sta99], [Smi02]. Therefore, the development of an imitation-resistant authentication protocol with zero disclosure and the minimum time spent on checking the status of a satellite is a topical task. 1 1.1
Destructive e ects on the low-orbit satellite communication system An analysis of the following works was carried out to develop the most e ective method of countering the destructive e ects of the intruder satellite [Mcd17], [Poi12], [Spe02], which allowed to discern three groups of such e ects. The basis of the rst class of e ects on the communication system consists of various methods of electronic signal suppression. The main goal of the electronic signal suppression methods is blocking the transmitted signal from the spacecraft to the control object and back. Usually, active or passive interference is used for this, among which there are: { harmonic continuous interference, which is determined by equation:
UGNP (t) = Ummcos(!p2t + p2(t)); (1) where !p2 2 [!0 f2; !0+ f2] - angular interference frequency; Umm - amplitude of harmonic continuous interference; p2 - initial phase of harmonic continuous interference. { quasi-white noise-like interference determined by
USHP (t) = Ummcos(!p1t + p1(t)); where Umm(t) - alteration in enveloping noise-like interference; p1(t) - phase change in noise-like interference; !p1 - average interference frequency; !1 !0; !0 = 2 L; L - carrier wave frequency; - active amplitude modulated noise interference
U (t) = UP [1 + K
UMOD(t)]; where K - slope of modulation transmitter characteristic; the noise generator.
(2) (3)
The basis of the second group is simulated interference. Such interference is called intelligent interference, as it is able to adapt to the transmitted signal, thereby disrupting the e ective operation of the radio communication system. The most widespread are: { targeted simulating disturbance, which is determined by the equation:
UP IP (t) = KUmQ (t td )sin[2 (L f )(t td where K - coe cient accounting the targeted simulating disturbance; { tracking imitation interference, where (t) = r(t)=c - distance from satellite to the station.
USIM (t) = KUmQ(t td (t))sin[2 (L f )(t td (t)) + ];
A special place among the destructive e ects on the satellite communication system is occupied by the relay interference. In this case, the intruder satellite intercepts the control command, delays it, and then sends it. Then the receiver located on the control object perceives the received signal as its own and transmits a command to the control system of a maintenance-free object, which can lead to disruption and breakdown.
Studies have shown that in the conditions of the Far North, the method of setting relay interference is the most e ective method, while the use of active, passive and imitating interference is a di cult task. Therefore, this paper will propose methods for countering relay interference.
In order to forbid the intruder satellite imposing an intercepted and delayed command on the subscriber station, it is necessary to prevent data exchange between such a spacecraft and the receiver located at the control object. To do this, it is advisable to determine the satellite status before starting a communication session. Because of the use of the friend or foe identi cation, a satellite that fails authentication will not be able to communicate with the receiver of the subscriber terminal of the remote control object. Currently, there are many "friend or foe" identi cation systems, which are widely used in many countries. The analysis of the basic principles of building data of the friend or foe identi cation showed that they are unable to authenticate the satellite and cannot be used in the LOSCS. 1.2
This problem can be solved by developing a new method for constructing the friend-foe identi cation system, which would allow to authenticate the LOSCS satellite using a strong cryptographic protocol. Currently, cryptographic authentication protocols can be divided into three groups. The rst group is based on password authentication protocols [Sta99], [Shr96], [Feg10], [Smi02].
Authentication protocols that make up the second group have higher cryptographic security. Such protocols use a request-response method. As these works show, [Sta99], [Feg10], [Smi02] it is proposed to use both symmetric and asymmetric cryptographic systems to increase the strength of such protocols. It should be noted that the following this condition for a group of spacecrafts LOSCS is rather di cult. This is because not only satellites, but the unattended control objects must have the secret keys.
Authentication protocols with zero knowledge proof lack this aw. They make up the third group. These works [Sha03], [Feg10] examine the Fiat-Shamir protocol.
In order to ensure the required level of probability of noticing an intruder, the authentication procedure is performed repeatedly, where W = 20-40 rounds.
The Schnorr protocol, which is presented in these works, allows to reduce the time spent on authentication, [Sch96], [Fer03]. Although this protocol allows one round authentication, it nevertheless has drawbacks: { three data exchanges are required between applicant P and veri er V for authentication; { periodically changing session keys Sj, j = 1, 2, ... are not used.
The developed authentication protocol built on evidence with zero knowledge disclosure and minimum number of identi cation steps allows to eliminate these drawbacks [Gos15]. This protocol consists of the following steps:
At the preliminary stage of the protocol, the irreducible polynomial p(x) and the value of the secret key and the random number S are chosen. The value of the secret key and S are used to calculate the session keys Sj , where j = 1; 2; :::, which satisfy the condition
Ksek 2degp(x)
1: (4) (5) (6) 2degp(x) 1: where degp(x) - is the degree of p(x) polynomial.
The operation of the authentication protocol involves the transponder, which resides on board the satellite and the interrogator that resides at the control site. First, the transponder, upon receiving the value Sj Ksek of the session key, calculates the true status of the satellite
Mj (x) = XSj XKsek modp(x) where Sj (x) = x(Sj 1+Ksek) 1 modp(x)- value of the j-th session key.
If during the calculation of the session key Sj the following condition is true,
Sj 1 + Ksek = 0mod2degp(x) 1; then this value is replaced by 2degp(x) 1 1.
The next step is to conduct the noise interference of the secret key values and Sj. To do this, the values that
change during each session are used. As a result, we get the following expressions
(7)
(8)
(9)
(
Then the noise-modi ed satellite image will be determined based on the expression M~ j (x) = xS~j xK~ sek modp(x)
True and noise-modi ed satellite images will be used to verify its authenticity. To perform such authentication, the interrogator sends a question, which is a random number.
Upon receiving the dj query, the transponder must answer the question rj (1) = (K~jsek dj Ksek)mod2degp(x)
1; rj (2) = (S~j dj Sj )mod2degp(x) 1; The transponder sends (Mj (sek); M~ j (sek); rj (1); rj (2)) to the interrogator.
To verify the correctness of the received answers, the veri er V uses an expression in which the true Mj (sek), noise-modi ed M~ j (sek) images of the satellite, two answers rj (1) and rj (2), and the question dj must be included. The following expression is used to check the received answers:
Bj (x) = Mj (x)dj Xrj(1)Xrj(2)modp(x):
If the Bj (x) = Mj (x) condidtion is true, then the satellite is assigned the status of "friend". Otherwise, satellite status is foe.
Analysis of the developed authentication protocol indicated that it can conduct satellite identi cation at a higher speed, since the authentication process consists of two stages. To assess the e ectiveness of the developed authentication protocol, a comparative analysis was conducted with the Fiat-Shamir and Schnorr protocols. The analysis showed that the developed protocol allows the authentication procedure to be performed in two stages, which is 30 times faster than the Fiat-Shamir protocol and 1.5 times faster than the Schnorr protocol.
It is obvious that the imitability of this authentication protocol will be determined by the session keys Sj , where j = 1; 2; ... If during the operation of the transponder the value of the session key does not change, it will result in the signals transmitted to the interrogator during the j thand(j + 1) th session to overlap, since Cj (x) = Cj+1(x). In this case, the length of the L-bit response transmitted to the interrogator was reduced by the degree of the selected polynomial p(x). This will lead to an increase in the probability of the answer being guessed by the foe satellite, since
this suggests that the values of Sj and the corresponding parameter Tj are generated correctly. However, this algorithm does not allow to determine the reuse of Sj . The developed algorithm for the dual session key reuse check allows to eliminate this drawback.
The satellite and the operation support center (OSC), which controls the operation of the automated facility monitoring system, are involved in the veri cation. In the developed protocol, an additional parameter Tj is introduced, with which it would be possible to verify if the session key was reused
A =
Sj Tj = g2rmodq:
Sj Tj
A` = (gr)2modq = A;
Sj (x) = x(Sj 1+Ksek) 1 modp(x):
Tj (x) = x(Sj 1+Ksek+T ) 1 modp(x): (Sj 1 + Ksek + Tj 1) = 0mod2degp(x) 1;
1 P = 2L < P
1
= 2L degp(x)
(16)
(
This means that double use of the session key reduces the protocol's imitation resistance. In [Lap18] an algorithm that allows to check the correctness of the generation of Sj and the additional parameter Tj is presented. To do this, the verifying party sends the satellite a random query number r. After receiving the question r, the spacecraft calculates the answers.
aj (S) = (aj (S) r)modq; aj (T ) = (aj (T ) r)modq; where aj (T ) = m=1 Tj+1Kj modq; aj (S) =
The blurred values are then calculated.
m=1 S +1K modq:
Sj = gaj (S)modq; Tj gaj (T )modq:
The spacecraft nds the product of the true values of Sj and Tj, as well as the blurred parameters. The results are sent to the verifying party V, which checks the obtained values.
where S0 = S; j = 1; 2; ::: If during the calculation of the session key Sj the condition is true, (23) then this value is replaced by 2degp(x) 1:
In the developed algorithm, Tj is used to calculate the test parameter Ej , with which the satellites public key will be obtained when the condition Sj = Sj + 1 is true. In the course of the research, an equation was chosen to determine
Ej = KpubTjYj modp(x): where Yj - query number, that is set by OSC on j-th session; Yj < 2degp(x) 1:
The developed algorithm for checking the reuse of the session key in the satellite identi cation system consists of the following steps.
1 The transponder calculates the values of the session key Sj and Tj. 2 At the j-th session, the center makes a request for which a random number is used. 3 The trasponder, upon receiving this request, calculates the answer (24)
6 At the j + 1-st session, the center makes a request for which a random number is used. 7 The trasponder, upon receiving this request, calculates the answer
Ej+1 = KpubTjY+j+11 modp(x):
9 The center performs a session key reuse check in the spacecraft identi cation system
W = (Ej )Y(j+1) (Ej+1)Y(j) (Y(j+1) Y(j)) 1 + 2degp(x) 1 If the public key of the Kpub spacecraft is obtained, this indicates that the satellite reused the session key Sj .
Consider the situation when the operation of the pseudo-random function generator that calculates session keys Sj was disrupted. In this case, the values of the neighboring session keys Sj and Sj+1 will match
Sj (x) = x(Sj 1+Ksek) 1 modp(x) = x(Sj+Ksek) 1 modp(x) = Sj+1(x):
Suppose we have the following equation Sj = Sj+1 = S. Parameters Tj andTj+1 are used in the algorithm for checking the reuse of the session key
Tj (x) = x(Sj 1+Ksek+T ) 1 modp(x) = x(Sj+Ksek+T ) 1 modp(x) = Tj+1(x): Then on receiving Yj+1 < 2degp(x)
1 query, the transponder sends to the center And on receiving Yj+1 < sdegp(x)
1 query, center gets the response: Then the center gets the equation, where q = 2degp(x) 1.
Ej = KpubTjYj mod2degp(x)
1: Ej+1 = KpubTjYj+1 mod2degp(x)
1: W = (Ej+1)Yj (Yj Yj+1) 1 + (Ej )Yj+1 q = (KpubT Yj+1 )Yj !(Yj Yj+1) 1 +
j (KpubTjYj )Yj+1 q = Kpub
The calculated value of the Kpub satellite public key allows to determine the corresponding satellite and restart the session key generator.
It is obvious that the use of the developed algorithm to verify the reuse of the session key will improve the imitation resistance of the satellite communication system. Therefore, a modi cation of the developed protocol was carried out. As a result, it consists of the following steps. 2
For the operation of the satellite identi cation system built on the basis of the authentication protocol with zero disclosure, an irreducible polynomial p(x) with a large degree degp(x) is chosen. The secret key To obtain the j-th session key Sj , where j = 1; 2; :::; a random number S that satis es In order to verify the dual use of the session key, a random number T is chosen from the equation Ksek < degp(x)
1: S < degp(x)
1: (25) (26) (27) (28) (29) (30) (31) (32) (33) The selected parameters are stored in the satellite memory..
The working stage of the authentication protocol.
Stage 1. The transponder on the satellite board calculates the session key Sj(x) and the parameter Tj(x). Stage 2. The transponder calculates the true status of the satellite Stage 3. The transponder produces noise-modi ed parameters using random variables K~jsek; S~j; T~j.
Stage 4. The transponder calculates the noise-modi ed satellite status
Stage 1. The transponder chooses a question number dj < 2degp(x) 1, which it sends to the transponder. Stage 2. The transponder calculates the answers to the query after receiving the number dj:
Mj(x) = xSj xKsek xTj modp(x): rj(1) = (K~jsek + djKsek)mod2degp(x)
1; rj(2) = (S~j + djSj)mod2degp(x) rj(3) = (T~j + djTj)mod2degp(x) 1; 1; Bj(x) = Mj(x)dj xrj(1)xrj(2)xrj(3)modp(x): (34) (35) (36) (37) (38) (39) (40) (41) (42) (43) Transponder sends (Mj(x); M~ j(x); rj(1); rj(2); rj(3)). to transponder.
The transponder veri es the correctness of the response:
If the equation Bj(x) = M~ j(x) is true, then the satellite gets the friend status. 3
Consider the work of the developed authentication protocol. Let an irreducible polynomial be given:p(x) = x5 + x2 + 1. Then the parameters are chosen: Ksek = 14; S = 14; T = 18. Let us assume j = 1.
Step 1. The transponder calculates the session key S1(x) and T1(x), where S0 = S; j = 1.
S1(x) = x(S1 1+Ksek) 1 +
P (x) = x S0+K1sek + Step 2. The transponder calculates the true satellite status according to (8).
M~ j(x) = xS~j xK~ sek modp(x) = x17x14x9modx5 + x2 + 1 = x4 + x3 + x = 11010
Step 3. The transponder calculates the encrypted secret parameters. K~1sek; S~1; T~1. If f K~1sek = 4; S~1 = 10; T~1 = 2g < 25 1. Then,
K~1sek = (Ksek + Satellite status is checked. Transponder calculates the following:
B1(x) = M1(x)d1 xr1(1)xr1(2)xr1(3) + p(x)
= (x4 + x3 + x)11x19x26x5 x5+x2+1 = x4 + x3 + 1:
Since the B1(x) = M~ 1(x) condition is met, then the satellite is assigned the status of "friend". To evaluate the imitation resistance of the developed authentication protocol, the Matlab R2017b application software package was used. As a criterion for assessing the level of imitation resistance, the probability of a satellites omission by the identi cation system was chosen. The probability of missing is determined according to the equation: N ( )
Nmax PP C =
PP O( ); (44) where PP O( ) = 1=2L - probability of selecting the answer; N ( ), - the number of identi cation steps in the th protocol; N (max) = 60 - the maximum number of steps in the protocol; L - the number of bits in the answer to the question.
Figure 1 shows the dependence of the probability of a satellites omission by the identi cation system on the bit depth of the answer to the question posed.
Analysis of the graph shows that with a bit depth of L = 72 bits, the probability of a satellite passing by an
identi cation system based on the Fiat-Shamir protocol will be PP S(1) = 2:1 10 22. Whereas, when using the
developed protocol, de ned by expressions (6) - (
Consider an example of applying a session key reuse check algorithm. We use the data given in the previous example. Then the public key will be equal to Kpub = xKsek p+(x) = x14 x+5+x2+1 = x4 + x3 + x2 + 1 = 11101. During the rst communication session, the following parameters were obtained. S1(x) = x4 +1 = 10001; T1(x) = x3 + 1 = 01001.
Let the satellite receive a Y1 = 5 question from the OSC. Then, using expressions (
The calculated value of E1 is transmitted to the OSC. During the second communication session, T2(x) = x(S1+Ksek+T ) 1 +
P (x)
= x(17+14+18) 1 +
x5+x2+1
= x(
E2 = kpubT2Y2 modp(x) = (x4 + x3 + x2 + 1)(x2 + x)17 x3+x+1 = x4 = 01011: The calculated value of E2 is transmitted to the OSC, which checks the answers according to (21) W = (E1)Y2 (Y2 Y1) 1 + (E1)Y1 p(x) =
(x4)17 (x3 + x + 1)5 (Y2 Y1) 1 + The article presents an imitation-resistant authentication protocol based on proof with zero knowledge disclosure, which allows to determine the status of a spacecraft with minimal time costs. A comparative analysis showed that with a response depth of L = 72 bits, the probability of a satellite passing by an identi cation system based on the Fiat-Shamir protocol will be PP S (1) = 2:1 10 22, and using the developed protocol, the probability of a satellite passing by an identi cation system will be PP S (2) = 6:7 10 24. Thus, the use of the developed protocol makes it possible to increase the simulated resistance of a satellite communication system in comparison with the Fiat-Shamir protocol. 6
This work was supported by the Russian Foundation for Basic Research, project No. 18-07-01020. [Feg03]
Iridium Satellite Communication https://www.iridium.com/services/iridium-certus [Wha18] What Is Iridium NEXT. http://www.argo.ucsd.edu/sat comm AST13.pdf