Threat analysis for space information network based on network security attributes: a review | SpringerLink

To deal with threats mentioned in the previous section, this section summarizes the corresponding solutions. In the subsection on confidentiality, the confidential information-exchange presents techniques related to PLS and encryption algorithms. AKA covers strategies of identity authentication, key agreement and privacy protection. In the subsection on integrity, the information identification covers three aspects: modification detection, source authentication and physical feature identification. The information restoration introduces methods of anti-jamming and data backup. In the subsection on availability, the link establishment includes resource allocation for physical links, transmission mechanism for logical links and convergence of heterogeneous networks. The routing mechanism introduces methods of constellation design, routing strategy and routing paths monitoring. The mobility management presents research on location management and handover management. The main contents of this section are shown in Fig. 15.

Fig. 15

Methods to ensure the security of SIN

Full size image

Mục Lục

Methods to ensure confidentiality

Confidential information exchange

In SIN, threats to confidentiality mainly come from the nature of the transmission medium, the defect of the communication model and the vulnerability of the encryption mechanism. To ensure confidentiality, on the one hand, improving the encryption mechanism can prevent attackers from obtaining plaintext. At the same time, it is necessary to balance the security and the computational cost of algorithms. This protection is a higher-layer security method. On the other hand, eavesdropping under the open channel is common but dangerous. The confidentiality in information exchange can be strengthened according to PLS [20] proposed by Wyner. This protection is a lower-layer security method. According to the above description, this part will summarize countermeasures from data, message levels and code, signal levels. The research summary is briefly described in Table 9.

The countermeasure at data and message levels prevents the leakage of plaintext. Confidentiality is mainly guaranteed by encryption algorithm enhancement and encryption mechanism optimization. In general, encryption algorithms can be divided into asymmetric encryption and symmetric encryption algorithms. Shen et al. [109] used the asymmetric encryption algorithm to realize a secure transmission of messages. This algorithm encrypts the address and payload using different keys, and satellite nodes can only obtain address information. The scheme also introduces a block-design-based key agreement method [110]. This method reduces the communication complexity in group key distribution. However, considering the computational complexity of asymmetric encryption algorithms, they are rarely directly applied in the session encryption of SIN. The computational efficiency of the symmetric encryption algorithm is more suitable for the communication system with frequent sessions. For image data in the SIN, Naim et al. [111] proposed an encryption algorithm based on the hyperchaotic system and the Josephus problem. The hyperchaotic system is used for the diffusion operation and the Josephus problem is used for the scrambling operation. This encryption algorithm reduces the possibility of obtaining image information and key-related parameters. In addition to enhancing encryption algorithms, steganography in cryptography can hide secret information in carriers. Thakkar et al. [112] used steganography to hide the data into video. This mechanism reduces the possibility of attackers discovering the hidden data. In the meantime, the scheme also encrypts the transmission data. As a result, confidentiality can be protected at two levels.

The protection at code and signal levels directly prevent eavesdropping under the open channel. PLS was originally proposed by Wyner [20] and defined secrecy capacity based on information theory. In the follow-up study, artificial noise [113] and beamforming [114] have been used to improve the secrecy capacity [115]. For the security scheme at the code level, Geng et al. [116] used the channel coding to maximize the channel difference between eavesdroppers and legitimate nodes. This scheme requires legitimate node pairs to generate a scrambling matrix using the Channel State Information (CSI). The scrambling matrix is used in the Low Density Parity Check (LDPC) encoding. Without the scrambling matrix, the eavesdropper can only receive the information with interference. In the signal modulation and demodulation stage, Luo et al. [117] proposed a dual-polar modulation scheme based on Constellation Rotation and Weighted Fractional Fourier Transform (CR-WFRFT). First, the spectrum distribution of signals processed by WFRFT is close to Gaussian distribution. The processed signal is difficult to be detected by eavesdroppers. Second, the random rotation of constellation points makes eavesdroppers impossible to crack the WFRFT order by order scanning, so it is difficult for an eavesdropper to demodulate the signal accurately. At the signal level, the artificial noise can add noise to the signal captured by eavesdroppers. Liu et al. [118] proposed a secure method through non-confidential user assistance. In this method, the ground station superimposes the confidential and non-confidential signal with hybrid-power factors. Thus, eavesdroppers cannot extract the confidential signal from mixed signal. The non-confidential user needs to forward the non-confidential signal to the confidential user. Confidential users can reconstruct the confidential signal after receiving both the non-confidential and mixed signals. Furthermore, in order to reduce unnecessary energy consumption, the definition of Secrecy Energy Efficiency (SEE) is proposed to balance the transmit power and the secrecy rate [119]. Lin et al. [120] studied a communication scheme based on the Rate-Splitting Multiple Access (RSMA). Through the successive convex approximation combined with the Taylor expansion method, the optimization problem that satisfies the secrecy rate constraint of the ground station, the transmit rate requirement of the cellular user and the transmit power budget of satellite and base station can be efficiently calculated. This scheme achieves both interferences to eavesdropping channels and maximum SEE for the ground station. These PLS methods and encryption algorithms can be applied at different levels to make a complementary protection selectively.

Table 9 Research in the confidential information-exchange

Full size table

Table 10 Research in the authentication and key agreement

Full size table

Authentication and key agreement

AKA provides functions such as identity authentication, key agreement and privacy protection for devices in SIN. It can prevent unauthorized network access and ensure that legitimate users can use network resources fairly. Since threats to AKA are mostly caused by system vulnerabilities, this part will summarize measures from three directions: authentication strategy, key management strategy and privacy protection strategy. The research summary is described in Table 10.

When a device establishes a primary connection with an access point, the system should authenticate the device to ensure that only legitimate users can use network resources. In order to improve the efficiency of roaming authentication, Yang et al. [121] proposed a scheme in which foreign satellites can authenticate roaming users through a group signature. Since the intermediate node can verify the signature of the roaming user, this scheme reduces the number of interactions for roaming authentication, and makes user’s real identity only available to the home agent. In addition to the mutual authentication between the user equipment and the ground agent, verifying the access point’s identity is also important for preventing deception attacks. Jedermann et al. [122] proposed an orbit characteristics-based satellite authentication scheme. The scheme uses the Time Difference of Arrival (TDOA) of satellite downlink signal and orbit state vector to verify satellites’ identity and prevent mobile nodes from accessing the disguised satellite.

Authenticated devices need the key assigned to ensure the confidentiality and the integrity of the subsequent sessions. The key agreement is another important task of the access authentication. Huang et al. [123] proposed an encryption-based mutual authentication and key update (EMAKU) protocol for constellation nodes. This protocol can establish a secure inter-satellite channel through mutual authentication. Owing to the secure channel, even if satellites are not within the communication range of the ground station, they can still accomplish the key update under the ground station’s control. With the development of the quantum computing, the cryptography based on the classical number theory assumption is no longer secure enough. Therefore, new cryptography schemes should be considered. The lattice-based cryptosystem cannot be cracked by quantum computing in polynomial time. It is an important encryption system in post-quantum cryptography. Guo et al. [124] designed a key exchange and authentication protocol based on RLWE. On the one hand, the key exchange protocol uses lattice-based cryptography to reduce the threat from quantum computing. On the other hand, this authentication protocol considers the latency caused by multiparty interaction among mobile nodes, satellite nodes and ground stations [125] and designs a two-part mutual authentication between the mobile node and the satellite node.

Users in SIN pay more attention to their privacy issues. In order to prevent the revelation of privacy, the authentication scheme needs to meet requirements of anonymity and unlinkability. Chen et al. [126] proposed a robust three-element authentication protocol. It uses fuzzy extraction to obtain slightly different biological features, and resolves the contradiction between feature differences and the avalanche effect of the hash function. It can effectively prevent attackers from tracking information. Since biometrics cannot perfectly guarantee anonymity, two-factor authentication using passwords and smart cards becomes another viable option. Nitish et al. [127] proposed an enhanced anonymous authentication scheme based on smart card and dynamic identity. The scheme will change user’s identity for each login to enhance anonymity. It can also overcome stolen smart-card attack and other problems caused by such attack. Liu et al. [128] provided a distributed anonymous authentication scheme, which uses the zero-knowledge-proof to ensure anonymity and unlinkability. At the same time, the scheme introduces Shamir’s secret sharing to prevent collusion attacks launched by ground stations. To ensure the scheme’s fairness, it uses blockchain to record the service status. In Internet of Drones, Nitish et al. [129] proposed a lightweight blockchain model for distributed authentication. No trusted ground station is needed for transaction validation. To ensure the anonymity of the user, a ring signature-based scheme is used to hide the sender’s identity. And they provided four schemes for different scenarios.

Methods to ensure integrity

Information identification

The information identification is a basic requirement of SIN. It includes the identification of freshness, source and feature. If attackers want to break the integrity by intercepting, reassembling and forging, they need to exploit the vulnerability of the information identification. To discover the information replay, the detection of freshness is very effective. This method is also the most common method in the information identification mechanism. However, reassembly and forgery of information is usually premised on breaking confidentiality. It is not easy to find an effective and universal protection method. For different scenarios, the information identification can strengthen the protection of integrity through modification detection, source authentication, and physical feature identification. The research summary is described in Table 11.

The digital signature is a common mean to strengthen modification detection. It can not only prevent the reassembly of signed messages, but also make messages non-repudiation. Maurich et al. [130] designed a data relay security protocol for the federated satellite system. The protocol uses a hop-by-hop validation and signature mechanism. When an intermediate node modifies a message, other nodes can discover the modification promptly. At the same time, the routing algorithm is a section of the message. Each node needs to select the next-hop node according to the routing algorithm chosen by the source node. In this case, the security of the routing path can also be guaranteed. To cope with man-in-the-middle attack, key generation center compromised attack, and distributed denial of service attack in Industrial IoT devices, Wang et al. [131] proposed a pairing-free certificateless signature scheme based on blockchain and smart contract. The scheme can consume less computation and communication resources. However, the digital signature is based on the asymmetric cryptographic algorithm which has a high computational complexity. In SIN, the protocol cannot be widely deployed due to the frequent message transmission and the limited computing capacity. Similar to digital signatures, Message Authentication Code can also assure integrity. With the symmetric cryptographic algorithm, its computational complexity is relatively low. Hash-based Message Authentication Code (HMAC) and Cipher-based Message Authentication Code (CMAC) are recommended by CCSDS [132]. Timed Efficient Stream Loss-tolerant Authentication (TESLA) is a message authentication method based on Message Authentication Code [133]. Fernández-Hernández et al. [134] used it to improve the Navigation Message Authentication (NMA) mechanism of the Galileo system. It adds NMA to the I/NAV message frame. In the structure of message, the ‘MAC-K section’ is the field of authentication code and associated delayed key [135]. This scheme also designs a mechanism for cross-authentication between adjacent satellites and allows navigation messages to be verified without being connected to the ground station.

In addition, the modification detection can also integrate different cryptosystems depending on the scenario. By combining the symmetric and asymmetric cryptographic algorithms, Wu et al. [136] proposed an integrity protection scheme for the D2 navigation message in the BeiDou-II navigation system. It encrypts the group time authentication and Generator Polynomial of Spectrum Spreading Sequence (GPSSS) through the SM4 algorithm and inserts the ciphertext into consecutive subframes. The group time is used to compare with the Second Of Week (SOW) to verify messages’ continuity. GPSSS is used to demodulate the Spread Spectrum Information (SSI) to obtain the authentication of the page time and the signature of the position. This scheme makes attacker difficult to obtain and modify information. At a higher level, users also face the attack from malicious Uniform Resource Locator (URL). Chiramdasu et al. [137] proposed a random forest-based malicious URL detection system. This system extracts lexical feature, URL feature and malicious keyword as the input attributes. And it uses information gain, gain ratio and Gini index to choose and streamline features. The system is able to quickly adapt to new attacks and eliminate the possibility of over-fitting experienced with traditional decision trees.

In face of integrity breaches caused by confidentiality compromise, the modification detection is difficult to achieve the desired effect. The information source authentication can circumvent the limitation of the modification detection. This kind of scheme is mainly based on PLS. For signaling information, the access point sends it to the node ready for access. Because the data format of signaling is public, the attacker has the opportunity to forge message. Fu et al. [58] proposed a scheme based on the signal’s Doppler frequency shift and satellite orbit’s information. It uses prior ephemeris and observed channel state to establish a binary hypothesis test to authenticate the source of SIS. Wang et al. [138] proposed a spread-spectrum code authentication based on binary phase hopping. The scheme adds pseudo-random phase hopping in signal modulation to improve signal security. Since the demodulation is associated with a pseudo-random code in the receiver, the receiver can authenticate the signal source. Moreover, this scheme does not change the signal structure, so there is no need to change the transmitter and receiver’s hardware devices.

If the source of information cannot be certified accurately, nodes in the network can also identify malicious signals through statistical feature of signals. A sophisticated induced spoofing attack can adjust the fake signal parameters gradually to avoid the detection. To solve this threat, Wang et al. [62] described dynamic characteristics of the attack signal with the S-Curve-Bias (SCB) of the signal. This method can determine the deception signal according to the first derivative of SCB.

Table 11 Research in the information identification

Full size table

Information restoration

The information transmitted and stored in SIN is vulnerable to destruction and modification. At different information levels, solutions to this kind of threat are very different. Signal-level information restoration aims at reducing the impact of interference. For the data-level information, methods to resolve threats mainly restore the destroyed information through redundant backup. The following will introduce information restoration methods from aspects of anti-jamming and data backup. The research summary is described in Table 12.

In an open channel, the signal is easily affected by unintentional and intentional interferences. According to their modes, anti-jamming methods can be divided into interference avoidance and post-interference recovery. For interference avoidance, the device needs to estimate interference frequency band and direction by monitoring channel states. With the knowledge from the monitoring, the device adjusts signal transmission parameters to avoid the interference frequency band or stay away from the interference area. In order to detect interference promptly, Liu et al. [139] proposed a Long Short-Term Memory (LSTM) based jamming detection method for satellite communication. First, the model uses fixed-point search Myriad filtering to suppress the alpha-stable noise. Then, it predicts the signal with LSTM network and compares the predicted result with the received signal to detect the malicious signal. In addition, Chen et al. [140] studied the anti-jamming capability of the Satellite-enabled army Internet of Things (SaIoT) network. They used a Q-learning algorithm to improve the coalition formation game and proposed a distributed dynamic anti-jamming network. With the improved coalition formation game, the network can select the node least affected by the interference as the gateway to communicate with satellites. Therefore, the device can avoid the interference area.

The interference avoidance requires continuous channel detection and wider device distribution. This kind of method needs a high cost to deploy. In comparison, the post-interference recovery is more direct. It focuses on eliminating interference superimposed on the desired signal. If the prior information, such as the source signal’s frequency band and channel state, is known, the interference can be removed by filtering. If there is no prior information, blind source separation [141] can be used to recover the original signal through the statistical information of mixed signal. To address the Continuous Wave Interference (CWI) problem of the Indian Regional Navigation Satellite System (IRNSS), Silva et al. [142] proposed a new method based on Variational Mode Decomposition (VMD) and Wavelet Packet Transform (WPT) hybrid anti-jamming algorithm. VMD is used to decompose Intrinsic Mode Functions (IMFs) from the mixed signal. The dominant mode of the desired and interference signals can be distinguished using IMFs mutual information. Then, the remaining interference in dominant modes is eliminated using WPT. Finally, the desired signal can be recovered by the filtered and retained modes.

In addition, the interference at the signal level can also be mitigated by higher-level methods. These methods can reduce the number of retransmission in the network [143]. Peters et al. [72] proposed a cross-layer method that combined the physical and data-link layers to alleviate the Doppler frequency offset. The method compensates for the frequency offset by adding frequency and phase synchronization markers to packets. It can estimate and correct the Doppler frequency shift in real-time on the satellite. Liu et al. [144] proposed a joint encryption and error correction scheme based on chaos and LDPC code. The scheme scrambles the plaintext according to the pseudo-random sequence generated by a hyperchaotic system. The scrambled message is encoded with LDPC encoder, which ensures the confidentiality and error correction capability of the message. This scheme also has high computational efficiency.

The destruction at the data level often needs data backup to recover. In the scheme proposed by Mohammad et al. [145], the database in the space and multiple databases on the ground are securely connected through AES algorithm. When some ground databases fail to synchronize with the space database, the missing data can be supplemented by data exchange with other ground databases. This scheme can reduce the number of retransmission in the satellite-ground link. Furthermore, the data evacuation is also important when network infrastructures are damaged. Lourenço et al. [146] focused their work on the evacuation of the data affected by disaster. When the network topology is seriously damaged, the SDN controller will use the information such as device location, buffer capacity and satellite system transmission rate to establish a larger bandwidth evacuation link.

Unlike the traditional centralized database maintenance scheme, blockchain demonstrates the benefits of distributed storage. It has a tremendous advantage in protecting integrity. Blockchain comprises distributed data storage, peer-to-peer transmission, encryption algorithms and consensus mechanisms [147, 148]. Essentially, it is a decentralized database. With the maturity of blockchain, some projects have begun to focus on the deployment of blockchain in satellite networks [149]. Clark et al. [150] designed a blockchain-based node reputation system for satellite relay networks. The scheme modifies the applicability of the standard consensus and consistency mechanisms to make them more suitable for the space scenario. Considering the unstable delay of the space link can lead to consensus failure, the consensus mechanism is realized by returning the confirmation of the reputation information. The node’s response to the consensus mechanism is also a part of the reputation evaluation. Due to the time-varying nature of the network topology, the blockchain faces the problem of shared parent blocks [151]. The consensus principle of this scheme replaces the chain with a directed acyclic graph.

Table 12 Research in the information restoration

Full size table

Methods to ensure availability

Link establishment

The link establishment in SIN is the basis of on-board switching and routing. In the past, satellite nodes were transparent repeaters in the space. They are used to implement the one-hop forwarding of satellite-ground communications. With the enhancement of on-board processing capability, multiple satellite nodes can establish interstellar links, changing from one-hop forwarding to on-satellite switching [15]. Satellites equipped with multi-beam antennas can meet the communication requirements of the large capacity and range. According to the corresponding relation with threats, this part will introduce recent countermeasures from resource allocation in physical links, optimization of logical link transmission mechanisms and integration of heterogeneous networks. The research summary is described in Table 13.

The resource allocation in physical links mainly consists of beam management strategies and MAC protocols which relate to channel capacity and transmission efficiency. The beam management strategy, which allocates signal resources to mobile nodes, is an important function for network access. When a mobile node is moving out of a beam coverage, the access point will prepare to establish a new physical link with the node. To find an appropriate beam switching scheme in SIN, Li et al. [152] compared the performance of beam hopping and multi-color frequency reuse with the assistance of the aerial network which can enhance network coverage. In the case of uneven user and traffic distribution, the channel capacity and the transmission performance of the proposed scheme are superior to that of multi-color frequency reuse. The channel resource is allocated by MAC protocols which can be divided into satellite–ground strategy and inter-satellite strategy. For the satellite–ground access, Liu et al. [153] designed a coherent Contention Resolution Diversity Slotted ALOHA (CRDSA) protocol for the massive Machine Type of Communication (mMTC) in satellite communications. This method performs a coherent accumulation operation on received frames. When a conflict-free replica misses, the sliding coherent accumulation operation will be applied to virtual subframes to counteract the overlap of conflict frames. This protocol effectively improves throughput under high load. For the inter-satellite access, Chen et al. [154] studied the MAC protocol for satellite formations. The inter-satellite token ring protocol is proposed to control the access sequence to ensure the flexibility of the network structure. Through this protocol, fifteen satellites in the experiment can complete the networking within ten seconds, but the end-to-end communication delay still needs to be reduced.

In order to ensure the availability of logical links in SIN, some researches focus on improving the applicability of TCP-type protocols. Guan et al. [155] improved TCP Vegas protocol for the asymmetric bandwidth and proposed the Vegas Forward Direction Delay (Vegas_FDD) protocol. The protocol divides the congestion judgment into forward link and backward link, respectively. This method avoids the reduction of forward link transmission rate caused by backward link congestion. In addition, PEP mechanisms with TCP-type protocols are susceptible to confidentiality requirements. Besides partially encrypting the data packet [156] or assigning a secret key to the PEP [157], Pavur et al. [158] designed a new PEP structure. In this method, the packet encryption and decryption functions are handed over to the PEP client and server, which can prevent eavesdroppers and service providers from obtaining plaintext. At the same time, it avoids the problem of TCP meltdown in the mechanism of TCP-over-TCP [159]. Another part of the logical link research involves non-TCP type protocols. For the e-mail service in the deep space, Lee et al. [160] proposed the DTN-SMTP protocol to ensure the reliability of end-to-end communication. This protocol uses BP and LTP to implement a one-way transmission of mail data and reduces the interaction between client and server.

In the integration of heterogeneous networks, data exchange between different protocol networks is an important research direction. Koo et al. [161] designed a tunneling mechanism under heterogeneous space networks. The gateway node finds the CFDP Protocol Data Unit (PDU) with a specific marker and converts it into the data format of the corresponding network. This protocol implements the PDU forwarding service between the DTN and non-DTN networks. Another key research direction focuses on optimizing the edge link between different function heterogeneous networks. This research aims to avoid boundary links becoming network bottlenecks. Considering the transmission optimization between Vehicular Ad-Hoc Network (VANET) and satellite network, Zong et al. [162] optimized the transmission mechanism. As the amount of data increases during the slow start, satellite network’s high latency bandwidth product can be filled. And in the congestion avoidance period, lost data packets under different protocols are distinguished, and the type of the lost data is a reference to adjust the window size more accurately. Therefore, this framework can improve the transmission efficiency between VANET and satellite network.

Table 13 Research in the link establishment

Full size table

Routing mechanism

The function of routing mechanism is to establish a reliable transmission path between the source and the destination. The routing path quality is affected by the physical topology and routing decision algorithm. The physical topology of SIN is the basis for routing decision algorithms. The redundancy and survivability of the physical topology ensure that the network can maintain basic connectivity when some nodes fail. Routing decision algorithm selects the best routing path and ensures timeliness and reliability for data delivery. The following part introduces the solutions from the following three aspects: constellation design, routing decision and routing paths monitoring. The summary is briefly described in Table 14.

The satellite constellation design is vital for routing decisions [163]. On the one hand, satellite networks should ensure ground coverage and improve QoS for mobile devices [164]. On the other hand, the connectivity and redundancy of satellite constellation should also be enhanced to ensure data forwarding in the space. In order to improve the survivability of the constellation, Jakob et al. [165] designed a multi-echelon inventory control strategy for spare satellites in the large-scale constellation. The strategy introduces the concept of the parking orbit to store the spare satellite, and its altitude is lower than the constellation orbit. The design of the parking orbit can save the rocket launch cost and reduce the time of satellite dispatch. In addition, the constellation model can also be optimized. For Ultra-dense LEO satellite networks, constellation design focuses more on minimizing the number of nodes in the initial model. Deng [166] et al. designed a three-dimensional constellation optimization algorithm. It takes the satellite-ground link’s coverage and backhaul time as the optimization goal to minimize the number of satellites in the initial constellation. The non-essential satellites in the constellation can increase network capacity or enhance network function. Furthermore, in the complex orbital environment, the risk of collisions between satellites also increases with the expansion of the constellation scale. Fan et al. [167] proposed a formation trajectory reconstruction strategy based on the Bezier shape-based method. The strategy can complete the formation reconfiguration with high efficiency and less fuel consumption. With the exploration of deep space, Wan et al. [168] designed a solar system interplanetary relay network for communication between Mars and Earth. The scheme takes the shortest path and the minimum number of hops and nodes as the optimization goal and meets the end-to-end communication requirements.

When establishing, updating and maintaining routing paths, the stability of the logical topology provides a reliable guarantee for transmission. In satellite networks, a reasonable routing decision algorithm can make the routing path have a longer life cycle and converge faster. In order to solve the intermittent interruption caused by inter-satellite link changes, Dai et al. [169] studied the prediction of logical topology and proposed a multi-attribute dynamic graph (MADG) scheme to find the optimal routing path. This scheme ensures that the selected path has a longer life cycle. In addition, due to the reverse flight of satellites in polar orbit constellations, a seam barrier will appear between two logical planes of the network. To solve this problem, Markovitz et al. [170] proposed the seam-aware location-based random walk routing algorithm which spliced two planes vertically and implemented the cross-plane transmission through north-south links. This strategy resolves the split of network logical topology caused by seams.

The routing paths monitoring aims to identify malicious nodes or fake routing information. The malicious behavior detection can be divided into distributed and centralized methods. The characteristic of the distributed routing monitoring strategy needs each node collects the behavior information of nearby nodes and selects routing nodes according to behavioral characteristics. Ding et al. [171] designed a distributed monitoring strategy based on a trust mechanism for the micro-nano satellite network. Considering micro-nano satellite network’s characteristics, the strategy divides the reputation value into the direct type generated by node behaviors, the indirect type scored by surrounding nodes, and the energy state. When selecting routing nodes, the trust value and the number of hops are considered comprehensively. The centralized routing monitoring strategy needs the server to collect and process the behavior information of all nodes in the network. Guo et al. [172] proposed a centralized routing monitoring strategy based on Trusted Resource Matrix (TRM) for the Integrated Space-Terrestrial Network (ISTN). In this strategy, the SDN controller monitors network nodes’ states and compares the real-time traffic’s characteristics. According to the traffic characteristics, the controller establishes TRM which can help nodes select a secure routing path.

Table 14 Research in the routing mechanism

Full size table

Mobility management

The high-speed movement between nodes is a major feature of SIN. This feature gives SIN the ability to provide communication services globally, but it also increases instability. When the mobile node switches the access point, massive request data, inefficient handover strategy and inflexible forwarding strategy bring challenges to the location management and the handover management, which are two critical functions of mobility management [173]. This part introduces methods to enhance the flexibility and scalability of mobility management from the control node, mobile node and access point perspectives. The summary is briefly described in Table 15.

The location management is the primary functions of control center. It is responsible for global location synchronization and requests information processing. In face of constrained network resources, the location management of control center can be improved by enhancing mechanism’s scalability and optimizing handover strategy. In order to improve the scalability of the mechanism, Ji et al. [174] designed a flexible and distributed mobility management architecture for integrated terrestrial-satellite networks. In this architecture, non-LEO satellites and ground stations together as a management center to achieve efficient mobile management. To solve the heterogeneous protocol problem, non-LEO satellites can be reconfigured in function level. Therefore, the scalability of network is greatly enhanced. To optimize the handover strategy, Dai et al. [175] proposed a flexible agent strategy, which migrates the function of the home agent to another agent closer to the mobile node. It reduces the delay of communication with the home agent. At the same time, to reduce the occupation of network resources, they designed an aggregated handover strategy which can help members of the group implement the pre-handover together.

For access points, their function related to location management are simpler than the control center. Access points mainly focus on the query and cache of the location information to assist message forwarding. Still, the resource-constrained access point needs to optimize the related function. Li et al. [102] proposed a multi-strategy flow table management method for the Software-Defined Satellite Network (SDSN). The method consists of Dynamic Classified Timeout (DCT) algorithm and Timeout Strategy-based Mobility Management (TSMM) algorithm. In the scenario of frequent handover, this method effectively controls the growth of the flow table, and it can be applied with small memory space.

Another function of mobility management is handover management. When switching an access point, the control center takes on less work than it does in location management. It generally provides the destination’s location information to the forwarding node. In a centralized network, it can help routing nodes with path prediction. To reduce delay variation during handover, Yang et al. [176] proposed a dynamic routing strategy based on path-quality aided and lifetime-aware. It handles the link intermittently through cache-forwarding scheme and hop-by-hop acknowledgments. In addition, the control center can also assist the mobile node in selecting an access point. In order to find the best forwarding node in the small satellite network, Zhou et al. [177] formulated the stochastic data scheduling problem into an infinite-horizon discrete Markov Decision Process (MDP), and proposed a Joint Forward and Backward Induction (JFBI) framework to calculate the optimal forwarding decision and achieve more accurate use of network resources.

For access points, the handover management is an essential function. Firstly, the mobile node will not have a network address until it finishes the handover, so the data cannot be forwarded to the node unaccomplished handover. The access node needs to solve intermittent link and service interruption caused by inefficient handover strategy. At the protocol level, the handover strategy needs to simplify the interaction operation and reduce the handover frequency. The scheme proposed by Zhang et al. [178] presents the handover as a weighted bipartite graph model consisting of mobile nodes and satellites. The connection weight between them is generated from channel quality, remaining time of service, number of users and power budget. According to this model, a multi-objective optimization problem is constructed to match the best access point and reduce the handover frequency. In addition, the handover management also involves beam switching at the physical level. These contents have been involved in “Link establishment”. Second, the access point needs to ensure real-time transmission through flexible forwarding strategies. Deng et al. [179] proposed a data delivery scheme based on location prediction for named data networking. They considered the data forwarding between old and new access points. When the mobile node acts as a consumer, the old access point forwards the Pending Interest Table (PIT) to the new one through the predicted path. This strategy can reduces the RTT during the handover. When the mobile node acts as a producer, if the old access point receives previous interest packages, it will send an interest redirect to the new access point to reduce the transmission delay after updating the address.

Table 15 Research in the mobility management

Full size table