ZTEI: Zero-Trust and Edge Intelligence Empowered Continuous Authentication for Satellite Networks

The integration of satellite communication technology and terrestrial infrastructure has resulted in an un-precedented increase in network services covering the world. The main effect of the rapid growth of satellite networks is a broader range of data exchange and business interaction between the internal and external systems, making the network boundaries blur or even disappear. As a result, traditional passive security mechanisms based on dividing network boundaries cannot provide sufficient protection. To address this issue, in this paper, we propose a zero-trust and edge intelligence (ZTEI) empowered continuous authentication for satellite networks. We build an improved zero-trust architecture (ZTA) for satellite networks, which expands the traditional zero-trust concept to the multi-dimensional zero-trust that focuses on subject, object, environment, behavior, and physical entity. Then we propose a continuous authentication scheme in the proposed zero-trust architecture, enabling proactive and continuous authentication by periodically monitoring and re-evaluating variable attributes throughout the request lifecycle. Besides, in this scheme, we also design a Neural-Backed Decision Trees (NBDTs) based edge intelligence algorithm to improve the authentication accuracy. Finally, we build a testbed to evaluate the performance of the proposed architecture. Compared with the attribute-based access control (ABAC) under the traditional zero-trust architecture, our proposed architecture can improve the authentication accuracy of dynamic illegal requests by about 27%. In addition, according to standard network performance evaluation criteria, the loss of processing performance caused by our solution is also within an acceptable range.