Key Generation Method Based on Multi-Satellite Cooperation and Random Perturbation

Abstract

In low-earth-orbit (LEO) satellite-to-ground communication, the size of satellite antennae is limited and the satellite motion trajectory is predictable, which makes the channel state information (CSI) of the satellite-to-ground channel easy to leak and impossible to use to generate a physical layer key. To solve these problems, we propose a key generation method based on multi-satellite cooperation and random perturbation. On the one hand, we use multi-satellite cooperation to form a constellation that services users, in order to increase the equivalent aperture of satellite antennae and reduce the correlation between the legal channel and the wiretap channel. On the other hand, according to the endogenous characteristics of satellite motion, a random perturbation factor is proposed, which reflects the randomness of the actual channel and ensures that the CSI of the legal channel is not leaked due to the predictability of satellite motion trajectory. Simulation results show that the proposed method can effectively reduce the leakage of the legal channel’s CSI, which makes the method of physical layer key generation safe and feasible in the LEO satellite-to-ground communication scene.

1. Introduction

With the development of wireless communication technology, LEO satellite communication technology has become an important part of global wireless communication [1,2]. Compared with ground communication, LEO satellite communication has wider coverage and larger communication capacity. Compared with geostationary earth orbit (GEO) satellite communication, LEO satellite communication has lower delay and transmission loss [3,4]. Therefore, the study of LEO satellite communication is of far-reaching significance for building 6G Space-Air-Ground Integrated Networks (SAGINs) and meeting the seamless global coverage of future communication networks [5,6,7,8].

However, due to the wide coverage and broadcasting characteristics of wireless LEO satellite communications, the satellite-to-ground signals can be freely transmitted within hundreds of kilometers on the ground, which allows eavesdroppers, ultra-long distances away, to wiretap the CSI of the legal channel.

At present, there are two main methods to solve the security problems in LEO satellite communications:

• Traditional Cryptography: Traditional cryptography generates secret keys through a cryptographic algorithm, and then distributes them to legitimate users to encrypt the plaintext. This method uses the computational complexity of cryptographic algorithms to ensure the security of cipher text. Actually, encryption and decryption calculations in this method require a lot of computing resources. Additionally, key management and distribution rely on complex protocol architecture. So, it is not suitable for LEO satellite communication systems with limited computing resources, rapid changes in network topology, and massive access to users. Further, with the rapid development of advanced computing technology, this method based on computational complexity faces challenges in terms of reliability and robustness [9].
• Physical Layer Security (PLS): Physical layer security uses the endogenous characteristics of the wireless channel, such as time varying, randomness and uniqueness, to directly extract the secret key. This method has the advantages of simple cryptographic calculations and no additional overhead on key management and distribution [10,11], which is suitable for LEO satellite communication systems. Therefore, the use of PLS technology to solve the security problems in LEO satellite communication has attracted great attention from many scholars.

At present, research on physical layer security technology for satellite-to-ground communication is concentrated on physical layer security transmission, mainly including the following three aspects [9]:

• Security Performance Analysis: For example, ref. [12] analyzed the security performance of a satellite-to-ground communication network with a legitimate user and eavesdropper. This paper also proposed the closed expressions of confidential capacity probability, confidential interruption probability and average confidentiality probability.
• Transmission Power Optimization: For example, ref. [13] proposed a transmission power optimization method for multi-antenna satellite communication based on PLS, which can effectively prevent eavesdroppers from wiretapping communication signals.
• Security Rate Maximum: For example, ref. [14] used the PLS method to optimize the beamforming vector by combining the uplink and downlink time allocation according to the requirements of different target receivers for different speeds and data transmission rates, which can maximize the system security rate.

According to existing research, the physical layer key generation technology for LEO satellite communication scenarios has not been extensively studied. This is mainly due to the following two reasons:

• The Insecurity of Satellite Trajectory: Different from the electromagnetic wave propagation conditions of the ground scenario, satellite-to-ground communication includes two parts: the space segment and the telephone segment. The CSI of the satellite-to-earth channel is directly related to the position of satellites and ground receivers [3,15]. Due to the openness of satellite motion parameters, satellite orbits are predictable, which means eavesdroppers can directly obtain the position of satellites and ground receivers. This leads to the revelation of the legal channel’s CSI and insecurity of physical layer key sources.
• The Insecurity of Satellite Signals: Due to the limited size, satellite antennae always have a small equivalent aperture and a wide signal beam in long-distance satellite-to-ground communication. When satellite signals reach the ground, they can be regarded as far-field parallel lights [16]. Therefore, each satellite signal can cover numerous ground receivers within a range of hundreds of kilometers, and each satellite-to-ground channel is highly correlated with another. This means eavesdroppers can easily obtain the CSI of the legal channel by estimating relevant channels. In this case, the physical layer key generation method is impractical.

To solve the above problems, we proposed a model of multi-satellite cooperation and random perturbation in a satellite-to-ground communication system, and put forward a key generation method based on it. The main contributions are as follows:

• We proposed a multi-satellite coordination model to solve the problem that the channels between a single satellite and multiple ground receivers have strong correlations.
• We introduced a satellite perturbation factor into the channel model to restore the endogenous randomness of the satellite-to-ground channel, which can improve the randomness of the channel and prevent eavesdroppers from predicting the satellite position precisely.
• Based on the above model, we proposed a key generation method to generate secret keys from the satellite-to-ground channel, which includes four parts: channel estimation, quantify, information negotiation and privacy magnification.
• To verify the feasibility of the proposed method, we simulated and analyzed the randomness and safety of the generated key. The simulation results show that the proposed model has endogenous randomness and the proposed key generation method is feasible.

2. System Model

As shown in Figure 1, we consider a LEO satellite-to-ground communication network model, including $N$ LEO satellites, a legitimate user Bob and an eavesdropper Eve. Each node is equipped with a single antenna. Bob hopes to extract secret keys from satellite-to-ground channels, and Eve passively eavesdrops on the process without interfering with the key generation process.

When the satellites move along the orbits, define two complex random variables $h_k$ and $g_k$ as the channel from the $k$th satellite to Bob and Eve, respectively. Define the mean of $h_k$ and $g_k$ is 0, and the variance of them is ${\sigma }_{h_k}^2={\sigma }_h^2$ and ${\sigma }_{g_k}^2={\sigma }_g^2$, $k\in \left\{1,2,\dots ,N\right\}$. Define the position shifts of satellites on ideal orbits caused by the gravitational force of stars, sunlight pressure and other factors as the perturbation factor. Considering the impact of satellite perturbation in the actual satellite communication scenario, we introduce the perturbation offset phase $\mathsf{\Delta }\phi =\left\{\mathsf{\Delta }{\phi }_1,\dots ,\mathsf{\Delta }{\phi }_k\right\}$ and $\mathsf{\Delta }\theta =\left\{\mathsf{\Delta }{\theta }_1,\dots ,\mathsf{\Delta }{\theta }_k\right\}$. The actual channel from the $k$th satellite to Bob and Eve can be defined as $h_k{e}^{-\mathrm{j}\pi \sin \mathsf{\Delta }{\phi }_k}$ and ${\mathrm{g}}_k{e}^{-\mathrm{j}\pi \sin \mathsf{\Delta }{\theta }_k}$, respectively, where $\mathsf{\Delta }\phi \sim U\left(-\frac{\pi }{2},\frac{\pi }{2}\right)$ and $\mathsf{\Delta }\theta \sim U\left(-\frac{\pi }{2},\frac{\pi }{2}\right)$. The channel from $N$ satellites to Bob and Eve can be defined, respectively, as $\overrightarrow{h}=\left[h_1{e}^{-\mathrm{j}\pi \sin \mathsf{\Delta }{\phi }_1},h_2{e}^{-\mathrm{j}\pi \sin \mathsf{\Delta }{\phi }_2},\cdots ,h_N{e}^{-\mathrm{j}\pi \sin \mathsf{\Delta }{\phi }_N}\right]$ and $\overrightarrow{\mathrm{g}}=\left[g_1{e}^{-\mathrm{j}\pi \sin \mathsf{\Delta }{\theta }_1},g_2{e}^{-\mathrm{j}\pi \sin \mathsf{\Delta }{\theta }_2},\cdots ,g_N{e}^{-\mathrm{j}\pi \sin \mathsf{\Delta }{\theta }_N}\right]$. Obviously, the perturbation factor is a random and unpredictable factor, which indicates the unique endogenous attributes of satellites that differ from other communication entities.

In the LEO satellite-to-ground communication system, the electromagnetic wave signals sent by satellites need to penetrate outer space and the atmosphere to reach the ground, which is affected by many factors during the propagation process, such as the atmospheric effect, large-scale fading, the multi-path effect, shadow fading, and Doppler Le frequency shift. According to [17], the satellite-to-ground channel can be divided into two parts: the space segment and the ground segment, which represents satellite-to-ground propagation and ground-to-environment propagation, respectively.

1.

Space Segment

The transmission of signals in the space segment is mainly affected by the atmospheric effect. The envelope and phase of the signal obey the normal distribution, which can be expressed by

$$P_a(r_a)=\frac{1}{\sqrt{2\pi {\sigma }_a^2}}\exp \left[-\frac{{(r_a-{\mu }_a)}^2}{2{\sigma }_a^2}\right]$$

(1)

$$P_a({\phi }_a)=\frac{1}{\sqrt{2\pi {\eta }_a^2}}\exp \left[-\frac{{({\phi }_a-u_a)}^2}{2{\eta }_a^2}\right]$$

(2)

where $r_a$ and ${\phi }_a$ represent the envelope and phase of the signal, and ${\mu }_a$ and $u_a$ represent the mean of the envelope and phase, and ${\sigma }_a^2$ and ${\eta }_a^2$ represent the variance of the envelope and phase.

2.

Ground Segment

Affected by the multi-path effect, the signal in the ground segment can be expressed as the sum of the LOS component and the multi-path component, which can be expressed as

$$r\exp (j\theta )=z\exp (j{\mathsf{\Phi }}_z)+s\exp (j{\mathsf{\Phi }}_s)$$

(3)

where $r$ and $\theta$ represent the amplitude and phase of received signals, $z$ and ${\mathsf{\Phi }}_z$ represent the amplitude and phase of the LOS component, $s$ and ${\mathsf{\Phi }}_s$ represent the amplitude and phase of the multi-path component.

According to the influence of shadow fading on the LOS component, the three states of (3) and their probability distributions are as follows:

When the LOS component is not blocked, the signal obeys the Rice distribution:

$$P_{Rice}(r)=\begin{array}{cc}\frac{r}{w_0}·\exp \left(-\frac{r^2+A^2}{w_0}\right)I_0\left(\frac{Ar}{w_0}\right)& (A\ge 0,r\ge 0)\end{array}$$

(4)

where $w_0=\epsilon [r^2]$ represents the average power of the multi-path component, $A$ represents the power of the LOS component, and $I_0(·)$ represents the zero-order Bessel function of the first kind.

When the LOS component is partially blocked, the signal obeys the Loo distribution:

$$P_{Loo}(r)={\displaystyle \underset{0}{\overset{\infty }{\int }}\frac{1}{z}\exp \left[-\frac{{(\ln z-\mu )}^2}{2{\sigma }_0}-\frac{r^2+z^2}{2{\sigma }_0}\right]}·I_0\left(\frac{rz}{w_0}\right)dz$$

(5)

where $\mu$ and ${\sigma }_0$ represent the mean and variance of log-normal distribution.

When the LOS component is completely blocked, the signal obeys the Rayleigh distribution:

$$P_{Ray1}(r)=\begin{array}{cc}\frac{r}{w_0}·\exp \left(-\frac{r^2}{2w_0}\right)& (r\ge 0)\end{array}$$

(6)

In order to describe the long-term dynamic characteristic of the channel, the above three states can be described by a Markov process, which can be given by

$$P(r)={\omega }_1{P}_{Ray1}(r)+{\omega }_2{P}_{Loo}(r)+{\omega }_3{P}_{Ricn}(r)$$

(7)

where ${\omega }_i$ represents the probability that the system is in state $i$. Considering the channel characteristics of the space segment and the ground segment, the phase and envelope of the LEO satellite-to-ground channel can be expressed as

$$P_{all}(r)=P_a(r_a)·P(r)$$

(8)

$$P_{all}(\phi )=P_a({\phi }_a)·P(\phi )$$

(9)

It can be seen from (3) that the existence of the LOS path means the satellite-to-ground communication scenario cannot meet the channel uniqueness principle. Even if the distance between Eve and Bob is much longer than half of the wavelength, there is still a strong correlation between the legal channel and the wiretap channel.

3. Secret Key Generation Method

Based on the above system model and typical point-to-point physical layer key generation method, we proposed a key generation method for LEO satellite-to-ground communication scenarios, which includes four parts: channel estimation, quantify, information negotiation and privacy magnification [18,19,20].

3.1. Channel Estimation

3.1.1. Channel Estimation of Bob

Define $x$ as the pilot transmitted from satellites to Bob. The signal received by Bob and Eve can be given by [21,22]

$$\begin{array}{ll}{y}_b& =\left[\begin{array}{ccc}{h}_1{e}^{-\mathrm{j}\pi \sin \mathsf{\Delta }{\phi }_1}& \cdots & h_N{e}^{-\mathrm{j}\pi \sin \mathsf{\Delta }{\phi }_N}\end{array}\right]\left[\begin{array}{c}x\\ ⋮\\ x\end{array}\right]+n_b\\ & ={\displaystyle \sum _{k=1}^N{h}_k{e}^{-j\pi \sin \mathsf{\Delta }{\phi }_k}x}+n_b\end{array}$$

(10)

$$\begin{array}{ll}{y}_e& =\left[\begin{array}{ccc}{g}_1{e}^{-\mathrm{j}\pi \sin \mathsf{\Delta }{\theta }_1}& \cdots & g_N{e}^{-\mathrm{j}\pi \sin \mathsf{\Delta }{\theta }_N}\end{array}\right]\left[\begin{array}{c}x\\ ⋮\\ x\end{array}\right]+n_e\\ & ={\displaystyle \sum _{k=1}^N{g}_k{e}^{-\mathrm{j}\pi \sin \mathsf{\Delta }{\theta }_k}x}+n_e\end{array}$$

(11)

where $n_b$ and $n_e$ denote the additive white Gaussian noise of Bob and Eve with mean 0 and variance ${\sigma }_n^2$, respectively. According to the reciprocity of the wireless channel, Bob and Eve can use pilot signals sent by satellites to estimate the channel [23]. The channel estimation results of Bob and Eve can be expressed as

$$\tilde{h}=\frac{x^{*}}{{‖x‖}^2}{y}_b={\displaystyle \sum _{k=1}^N{h}_k{e}^{-j\pi \sin \mathsf{\Delta }{\phi }_k}}+\frac{x^{*}}{{‖x‖}^2}{n}_b$$

(12)

$$\tilde{g}=\frac{x^{*}}{{‖x‖}^2}{y}_e={\displaystyle \sum _{k=1}^N{g}_k{e}^{-j\pi \sin \mathsf{\Delta }{\theta }_k}}+\frac{x^{*}}{{‖x‖}^2}{n}_e$$

(13)

where $x^{*}$ is the conjugation of $x$ and $‖m+ni‖=\sqrt{m^2+n^2}\left(m,n\in R\right)$.

3.1.2. Channel Estimation of Satellites

Define $a$ as the pilot transmitted from Bob to satellites. Due to the reciprocity of uplink and downlink channels, the signal of $k$th satellite received can be given by

$$y_k=h_k{e}^{-\mathrm{j}\pi \sin \mathsf{\Delta }{\phi }_k}a+n_{bk}$$

(14)

where $n_{bk}$ represents the additive white Gaussian noise from $k$th satellite to Bob. The channel estimation results of $k$th satellite can be expressed as

$${\tilde{h}}_k=h_k{e}^{-j\pi \sin \mathsf{\Delta }{\phi }_k}+\frac{a^{*}}{{‖a‖}^2}{n}_{bk}$$

(15)

In order to obtain the same key source for both the sending and receiving ends, each satellite needs to share the channel estimation results obtained by itself to all satellites through the inter-satellite communication link. When information sharing between the satellites is completed, the key source obtained by each satellite can be expressed as

$$\tilde{z}={\displaystyle \sum _{n=1}^k\left({\tilde{h}}_k{e}^{-j\pi \sin \mathsf{\Delta }{\phi }_k}+\frac{a^{*}}{{‖a‖}^2}{n}_{bk}\right)}$$

(16)

Since this process transmits signals through the inter-satellite link, Eve cannot eavesdrop on relevant information.

From (12) and (16), it can be seen that both satellites and Bob have obtained the sum of CSI of $N$ satellite-to-ground channels, which has intrinsic security attributes of time varying and randomness. In the proposed method, we used the sum of CSI as key source for physical layer key generation.

3.2. Quantify

After channel estimation, a continuous signal can be quantized into discrete signals by determining the quantization threshold. In order to maximize the information entropy after quantization, we adopted the method of equal probability quantization, so that the probability of samples falling into each quantization interval is equal.

Moreover, the amplitude and phase information are quantized separately, considering the distribution that they obey. Since Eve cannot obtain key source with the same distribution as Bob, she cannot obtain a quantitative result consistent with Bob.

3.3. Information Negotiation

In order to ensure that legitimate communication parties obtain a consistent key, information negotiation techniques based on protocol are usually used [24]; or an error-correcting code. In order to reduce the time of information exchange, we select a Low-Density Parity Check code (LDPC) with a code length of 2000 for information negotiation, which uses the error correction capability of LDPC to correct the inconsistent bits between the quantization results.

3.4. Privacy Magnification

To enhance the bit mismatch ratio (BMR) between the key generated by legal users and Eve, we use the hash function of the SHA256 algorithm for privacy amplification [25]. Although this procedure cannot increase the randomness of the original key, it avoids the possibility of weak keys causing loopholes in the encryption algorithm.

4. Theoretical Analysis

4.1. Equivalent Near-Field Model Analysis

Due to the limited size of satellite antennae and the long distance from the satellite to the ground, satellite signals are far-field parallel light when they reach Bob and Eve. Taking the $k$th satellite signal as an example, the far-field parallel light modeling of Bob and Eve is shown in Figure 2, where $d$ denotes the distance between Bob and Eve, and ${\theta }_k$ denotes the angle between the direction of the $k$th satellite signal and the normal. As shown in Figure 2, the channel between the $k$th satellite and Eve can be given by

$$g_k=h_k{e}^{-j\frac{2\pi d\sin {\theta }_k}{\lambda }}$$

(17)

where $\lambda$ denotes the wavelength. In the far-field model, define $d=\lambda /2$, then

$$g_k=h_k{e}^{-j\pi \sin {\theta }_k}$$

(18)

Theorem 1.

In the far-field model, the larger the number and spacing of satellites, the larger the equivalent aperture of satellite antennae, the narrower the signal beam, and the lower the correlation between the channel from satellite to Bob and Eve. In this case, the far-field model can be equivalent to the near-field model for analysis.

Proof of Theorem 1.

According to the actual communication scenario, we model the $N$ satellites with an overall line model. $l$ is the satellite spacing distance (100–120 km), $L$ is the linear array length, $\lambda$ is the wavelength, and $H$ is the distance between the line array and Bob (1000–2000 km). The LEO satellite-to-ground communication frequency is in the ka band (29.1–29.3 GHz). The equivalent antenna aperture of the uniform linear array can be expressed by [26]:

$${\rho }_0=\frac{L}{\lambda }=\frac{(N-1)\cdot l}{\lambda }$$

(19)

□

According to the definition of the electromagnetic near-field model and the far-field model, when $H\ge 2{\rho }_0^2/{\lambda }_{\min }$, this system can be considered as a far-field model. Conversely, when $H<2{\rho }_0^2/{\lambda }_{\min }$, this system can be considered as a near-field model [26]. Substituting the relevant parameters above into (19), it can be seen that $H<<2{\rho }_0^2/{\lambda }_{\min }$, in which case the terminal distance can be degenerated from the far-field model to the near-field model. Therefore, a constellation composed of multiple satellites can be equivalent to an antenna with a super-large aperture, and the equivalent aperture increases as the number of satellites and the distance between adjacent satellites increase. In the near-field model, due to the spatial uniqueness of the wireless channel, Eve cannot obtain the relevant information of the legal channel. In this case, Bob can use the sum of $N$ satellite-to-earth channels to generate the physical layer key.

4.2. Security Analysis

In the physical layer key generation method, the security of the key source comes from the legal channel cannot be eavesdropped on. In order to prove that the proposed method can guarantee the security of the legal channel and further study the influence of number of satellites and the perturbation factor on it, we analyzed the security of the legal channel in this section.

According to the definition of the correlation coefficient, define $A$ and $B$ as two complex random variables, and $\rho (A,B)$ as the correlation coefficient between $A$ and $B$ [27,28]. When $‖\rho \left(A,B\right)‖\le 0.3$, two variables can be considered as uncorrelated. $\rho (A,B)$can be given by

$$\rho (A,B)=\frac{Cov\left(A,B\right)}{\sqrt{Var\left[A\right]}\sqrt{Var\left[B\right]}}$$

(20)

where $Cov\left(A,B\right)$ indicates the covariance of $A$ and $B$, and $Var\left[\cdot \right]$ indicates the variance of a random variable.

4.2.1. Influence of Satellite Number

The correlation coefficient between the legal channel $\tilde{h}$ and the wiretap channel $\tilde{g}$ can be given by

$$\begin{array}{l}\rho (\tilde{h},\tilde{g})=\frac{Cov\left(\tilde{h},\tilde{g}\right)}{\sqrt{Var\left[\tilde{h}\right]}\sqrt{Var\left[\tilde{g}\right]}}\\ =\frac{N{\sigma }_h^2\left[\left({\mu }_c^3+{\mu }_c{\mu }_s^2\right)+j\left({\mu }_s^3+{\mu }_c^2{\mu }_s\right)\right]}{\sqrt{N\left[{\sigma }_h^2\left({\sigma }_c^2+{\mu }_c^2+{\sigma }_s^2+{\mu }_s^2\right)\right]+\frac{1}{{‖x‖}^2}{\sigma }_n^2}\sqrt{N\left[{\sigma }_g^2\left({\sigma }_c^2+{\mu }_c^2+{\sigma }_s^2+{\mu }_s^2\right)\right]+\frac{1}{{‖x‖}^2}{\sigma }_n^2}}\end{array}$$

(21)

${\mu }_c$ and ${\sigma }_c^2$ are the mean and variance of $\cos (\pi \sin {\alpha }_k)$ and ${\mu }_s$ and ${\sigma }_s^2$ are the mean and variance of $\sin (\pi \sin {\alpha }_k)$, where $k\in \left\{1,2,\dots ,N\right\}$ and ${\alpha }_k\in \left\{\mathsf{\Delta }{\phi }_k,\mathsf{\Delta }{\theta }_k,{\theta }_k\right\}$. The derivation process of (21) is provided in Appendix A.

When $N=1$, this indicates that in the case of a single satellite, Eve can infer the CSI of the legal channel through the wiretap channel. At this time, since the electrical size of the satellite antennae when it is normalized to the wavelength is very small, the satellite-to-ground communication model is a far-field parallel light model, and Bob cannot use the satellite-to-ground channel between herself and the LEO satellite to generate secret keys.

When $N>1$, $‖\rho (\tilde{h},\tilde{g})‖$ decreases as $N$ increases. When the number of satellites $N$ is large enough, the legal channel and the wiretap channel are regarded as uncorrelated, and Eve cannot infer the CSI of the legal channel through the wiretap channel. Bob can use the satellite-to-ground channel between herself and the LEO satellite to generate secret keys.

4.2.2. Influence of the Perturbation Factor

Due to the openness of satellite motion parameters, eavesdroppers can predict the current theoretical position of the satellite when it moves along the orbit, thereby obtaining the CSI of the legal channel. To ensure that Eve cannot obtain the CSI of the legal channel in this way, we consider the channel phase shift caused by the random perturbation of the satellite, and introduce a random perturbation factor to express the endogenous randomness of the satellite-to-ground channel, which can also ensure the security of the key source. We analyze the impact of the perturbation factor on the security of the key source in this section.

Define $h^{\prime }$ as the legal channel information obtained by Eve by calculating the satellite trajectory, which can be expressed as

$$h^{\prime }={\displaystyle \sum _{k=1}^N{h}_k}$$

(22)

The correlation coefficient between the legal channel $\tilde{h}$ and the channel calculated by Eve $h^{\prime }$ can be expressed as

$$\begin{array}{ll}\rho (\tilde{h},h^{\prime })& =\frac{Cov\left(\tilde{h},h^{\prime }\right)}{\sqrt{Var\left[\tilde{h}\right]}\sqrt{Var\left[h^{\prime }\right]}}\\ & =\frac{N{\sigma }_h^2\left({\mu }_c-j{\mu }_s\right)}{\sqrt{N\left[{\sigma }_h^2\left({\sigma }_c^2+{\mu }_c^2+{\sigma }_s^2+{\mu }_s^2\right)\right]+\frac{1}{{‖x‖}^2}{\sigma }_n^2}\sqrt{N{\sigma }_h^2}}\end{array}$$

(23)

The derivation process of (23) is provided in Appendix B. When $N=1$, since the satellite-to-ground channel is not affected by the multi-path effect when there is only a single satellite, the random perturbation of the satellite only changes the phase of one main path. At this time, the predicted channel and the actual channel only differ by one phase, and the security of the key source cannot be guaranteed.

When $N>1$, $‖\rho \left(\tilde{h},h^{\prime }\right)‖$ decreases as $N$ increases. If $‖\rho \left(\tilde{h},h^{\prime }\right)‖\le 0.3$, Eve cannot obtain the CSI of the legal channel by calculating satellite trajectory. The above analysis indicates that one phase shift caused by a single perturbation factor is meaningless, and only the superposition of different phase shifts caused by multiple perturbation factors is reliable. Therefore, by introducing the perturbation factor method, the security of the key source in the multi-satellite cooperative communication system can be guaranteed. In this case, the superposition of multiple perturbation factors causes drastic changes in the channel phase, which greatly increases the randomness and time-varying nature of the satellite-to-ground channel.

5. Simulation Analysis

In order to verify the effectiveness and feasibility of the proposed method, we conducted a series of simulation experiments in MATLAB R2016a environment to analysis the randomness and security of the generated key. We use the Monte Carlo method to conduct 10,000 experiments, and each experiment randomly generates channel and noise data to ensure the accuracy of the experiment. The simulation conditions are as follows:

• The number of LEO satellites is $N=4$.
• Signal-to-noise ratio is $SNR=20 dB$.
• ${\sigma }_h^2=1$, ${\sigma }_n^2=0.01$.
• The satellites are evenly distributed on a circular arc centered on Bob with a radius of 2000 km, the distance between adjacent satellites is 110 km.
• The satellite-to-ground communication frequency is 29.3 GHz (ka band).

5.1. Randomness Analysis

We use the NIST [29] suite of statistical tests to test the randomness of the key. There are 15 items in NIST test totally, and all items return a p-value to summarize the strength of the evidence against the null hypothesis. When the p-value is larger than the chosen significance level ($\alpha \in \left[0.001,0.01\right]$), the sequence is accepted as random.

In this paper, due to the extremely long sequence (larger than 10⁶) required in some test items which are not available in the current simulation, we run 8 items (over half of all the 15 test) to evaluate the randomness of the key sequence, which still satisfies NIST’s requirements [29,30]. Moreover, we choose $\alpha$ as 0.01 and perform 8 NIST tests for 100,000 trials, where each key has a length of 256 bits. The test results are shown in

Table 1. p-values of the NIST statistical test.

Environment	Pass Ratio	p-Value
Frequency	1.00000	0.911413
Block Frequency	0.96972	0.719747
Cumulative Sums(Fwd)	1.00000	0.419021
Cumulative Sums(Rev)	1.00000	0.595549
Runs	0.97731	0.289667
Longest Run	0.99651	0.798139
FFT	0.99892	0.213309
Serial	1.00000	0.616305, 0.41902

. It can be seen that the key generated by the proposed method has passed the NIST test, which indicates that the key has high randomness.

5.2. Security Analysis

Figure 3 simulates the relationship between the distance from Bob to Eve and $‖\rho \left(\tilde{h},\tilde{g}\right)‖$ in the case of different satellite numbers. It can be seen from Figure 3 that in the case of a single satellite communication scene, when Eve is within 97 km from Bob, the correlation coefficient of the two channel estimation results is close to 1, and the correlation information of the legal channel can be obtained at any position within 110 km.

Define $d_{\min }$ as the minimum distance between Eve and Bob when $‖\rho \left(\tilde{h},\tilde{g}\right)‖\le 0.3$ is satisfied. $d_{\min }$ keeps decreasing with the number of satellites. When $N=1$, $d_{\min }=110 \mathrm{km}$. When $N=4$, $d_{\min }$.decreases to 83 m. The results show that Bob’s safety distance can be effectively reduced by increasing the number of satellites, making it feasible for Bob to use satellite-to-ground channels to generate physical layer keys.

In order to prove that the proposed model in this paper can guarantee the security of the legal channel, we analyze the amplitude and phase of the ground receiving signal in the satellite-to-ground communication models with a single satellite or four satellites when Bob and Eve are 83 m away. Figure 4 and Figure 5 show the change curve of the received signal’s amplitude/phase in the time domain and the frequency domain, respectively. It can be seen from Figure 4a,b and Figure 5a,b that when $N=1$ and $d=83$, the amplitude and phase of the signals received by Bob and Eve have a strong correlation in time and frequency. Figure 4c,d and Figure 5c,d indicate that when the distance between Bob and Eve is constant, while the number of satellites increases, the amplitude and phase of the received signals of Bob and Eve are both uncorrelated in time and frequency.

The simulation results show that the proposed method can effectively reduce the correlation between the signals received by Bob and Eve, and ensure that the CSI of the legal channel cannot be eavesdropped on. At the same time, due to the random perturbation factor introduced, the changes in channel amplitude and phase caused by satellite perturbation can be expressed precisely, which ensures that the proposed method has practical feasibility.

6. Conclusions

This paper mainly studies the physical layer key generation method in LEO satellite-to-ground scenarios. Aiming at the problem that the legal channel information is easy to leak in LEO satellite-to-ground communication scenarios, a physical layer key generation method based on multi-satellite cooperation random perturbation is proposed. In this method, the method of multi-satellite cooperation is used to increase the equivalent aperture of satellite antennae and reduce the safety distance of legal users. At the same time, the perturbation factor is introduced in channel modeling to increase the randomness of the actual channel and prevent eavesdroppers from obtaining legal channel information by predicting the position of satellite movement. The simulation results show that the method proposed in this paper can realize physical layer key generation in LEO satellite-to-ground communication scenarios, and as the number of satellites increases, the security distance of legal users can be reduced from hundreds of kilometers to tens of meters. The proposed method provides a good solution to generation of a physical layer key in the LEO satellite-to-ground communication scenario, and provides a new idea for the application of PLS in 6G SAGINs.