Modified AKMA for Decentralized Authentication in LEO Satellite-Based IoT Networks

Device authentication in Low Earth Orbit (LEO) satellite-based Internet of Things (IoT) networks is critical for enabling secure and reliable communication between remote IoT devices and satellites. It prevents unauthorized access and security breaches. State-of-the-art authentication methods for terrestrial networks, such as Authentication and Key Management for Applications (AKMA), are inadequate when directly applied to such networks because IoT devices have constrained communication and computational capabilities. Further, the satellite environment is highly dynamic, with frequent handovers and variable latency, leading to vulnerabilities like man-in-the-middle (MITM) and spoofing attacks. To address these challenges, we propose a modified AKMA framework for decentralized and continuous authentication in LEO satellite-based IoT networks. Our proposed modification utilizes local key refreshment for seed generation, seed update, and seed refreshment in a decentralized manner, enabling tailored transmission patterns for IoT devices. This reduces the need for repeated authentication attempts with satellites and effectively mitigates handoff-associated threats. We examine the authentication performance of the system in the presence of an illegitimate Unmanned Aerial Vehicle (UAV) above the legitimate IoT devices. Our results through simulations and emulation show improvement in the authentication rate of legitimate IoT devices and a reduction in the misdetection rate of illegitimate UAVs compared to state-of-the-art physical channel-based authentication schemes. Our proposed modified AKMA enables its application in LEO satellite-based IoT networks.