A Survey on Space-Air-Ground-Sea Integrated Network Security in 6G
6G空地海一体化网络安全研究综述

I. INTRODUCTION 一、引言

A. Existing Surveys A. 现有调查

B. Motivation B. 动机

C. Contributions C. 会费

1. We survey existing SAGSIN systems and their architecture, and then discuss the characteristics of SAGSIN and potential challenges in its development.
   我们调查了现有的SAGSIN系统及其架构，然后讨论了SAGSIN的特点及其开发中的潜在挑战。
2. The security requirements of SAGSIN are presented, with our emphasis on the differences among typical networks.
   本文介绍了SAGSIN的安全要求，并重点介绍了典型网络之间的差异。
3. We detail the security threats, attack methodologies, and defense countermeasures for SAGSIN, where new security issues, attack and defense methods brought by SAGSIN, i.e., a multi-tiered and diversified network, are highlighted.
   本文详细介绍了SAGSIN的安全威胁、攻击方法和防御对策，重点介绍了SAGSIN带来的新的安全问题、攻击和防御方法，即多层次、多样化的网络。
4. Based on our analysis of SAGSIN, some security challenges ahead and new research trends are presented.
   基于我们对SAGSIN的分析，提出了未来的一些安全挑战和新的研究趋势。

II. BACKGROUND 二、背景

A. Existing Systems A. 现有系统

1. GIG: GIG refers to the global information network connected by the classified and unclassified computing networks, which is provided by the U.S. Military for soldiers, sailors, pilots, marines and decision makers. In particular, GIG is mainly composed of four layers, i.e., ground layer, space layer, near-space layer, and satellite layer. It builds a grid of information networks by means of information transmission capability, which can be linked to any two or more points around the world. Moreover, after more than ten years of development, GIG has become the most representative model with the highest technical maturity in network information system construction.
   GIG：GIG是指由美国军方为士兵、水手、飞行员、海军陆战队员和决策者提供的机密和非机密计算网络连接的全球信息网络。特别是，GIG主要由地面层、空间层、近空间层和卫星层四层组成。它通过信息传输能力构建信息网络网格，可以链接到世界上任何两个或多个点。而且，经过十余年的发展，GIG已成为网络信息系统建设中最具代表性、技术成熟度最高的模型。
2. MSAT: MSAT is the first regional satellite mobile communication system of the world, known as the North American Satellite Mobile Communication System. MSAT was the first star operated in Canada, and the system can be used for both public and private communications.
   MSAT：MSAT是世界上第一个区域卫星移动通信系统，被称为北美卫星移动通信系统。MSAT是第一个在加拿大运营的明星，该系统可用于公共和私人通信。
3. Inmarsat: Inmarsat is an intergovernmental international cooperation that operates global Inmarsat communications, providing maritime salvage security communications and commercial communications to maritime users. The Inmarsat system consists of ship station, shore station, network coordination station, and satellite. With the development of the world network system, the Inmarsat-P terminal will eventually provide transocean global hand-held satellite voice communications.
   国际海事卫星组织（Inmarsat）：国际海事卫星组织（Inmarsat）是一个政府间国际合作组织，负责运营全球国际海事卫星组织（Inmarsat）通信，为海事用户提供海上救助安全通信和商业通信。Inmarsat系统由船舶站、岸站、网络协调站和卫星组成。随着世界网络系统的发展，Inmarsat-P终端最终将提供跨洋全球手持卫星语音通信。
4. Odyssey: Odyssey is a mid-orbit system launched by TRW company, which consists of three parts, i.e., space segment, ground segment and user unit. It can be used as complement and extension to land cellular mobile communication systems, supporting dynamic, reliable, automatic, and user transparent services.
   奥德赛：奥德赛是天合公司推出的中轨系统，由空间段、地面段和用户单元三部分组成。可作为陆上蜂窝移动通信系统的补充和延伸，支持动态、可靠、自动化、用户透明的服务。
5. Iridium: The Iridium system, which was developed by Motorola company, uses low-orbit satellites for global satellite mobile communications. It mainly consists of satellite constellations as well as ground control facilities, gateway stations and user terminals. Different from the ground mobile communication system, the cross-zone swap of the Iridium system is the movement of cells across users, rather than the movement of users across cells.
   铱星：由摩托罗拉公司开发的铱星系统使用低轨道卫星进行全球卫星移动通信。它主要由卫星星座以及地面控制设施、网关站和用户终端组成。与地面移动通信系统不同，铱星系统的跨区域交换是小区在用户之间的移动，而不是用户在小区之间的移动。
6. Globalstar: The Globalstar system, which was developed by LQSS company, is a mobile satellite communication system with continuous global coverage using LEO satellites. It differs from the Iridium system in both structural design and technology. The Globalstar system is
   Globalstar：由LQSS公司开发的Globalstar系统是一种使用LEO卫星连续覆盖全球的移动卫星通信系统。它在结构设计和技术上都与铱星系统不同。Globalstar系统是

7. VSAT: VSAT is a new satellite communication system developed in the mid-1980s using modern technology. VSAT satellite communication network, which adopts a star structure, consists of VSAT small station, master station, and satellite repeater. With the help of VSAT, user data terminals can directly use satellite channel and remote computer network to complete data transmission, file exchange or remote processing, so as to get rid of the ground relay problem at local areas.
   VSAT：VSAT是1980年代中期使用现代技术开发的新型卫星通信系统。VSAT卫星通信网络采用星形结构，由VSAT小站、主站和卫星中继站组成。借助VSAT，用户数据终端可以直接使用卫星信道和远程计算机网络完成数据传输、文件交换或远程处理，从而摆脱局部的地面中继问题。
8. GMDSS: GMDSS is a global communications network designed to maximize the safety of life and property at sea. It is mainly shore-based as the core. Once there is a shipwreck, GMDSS can timely and effectively search and rescue ships in distress. In particular, GMDSS system is mainly composed of four parts, i.e., Inmarsat, Ground radio communication system, Maritime Safety Information (MSI) broadcasting system, and COSPAS-SARSAT.
   GMDSS：GMDSS是一个全球通信网络，旨在最大限度地提高海上生命和财产安全。它主要以岸基为核心。一旦发生海难，GMDSS可以及时有效地搜救遇险船舶。具体而言，GMDSS系统主要由国际海事卫星组织（Inmarsat）、地面无线电通信系统（Ground Radio Communication system）、海上安全信息（MSI）广播系统和COSPAS-SARSAT四部分组成。
9. Navtex: Navtex is a maritime communications system that provides seafarers with weather forecasts, navigation information, emergencies, safety and work area information at sea. Navies use the Navtex system to warn against entering these areas before conducting training and exercises at sea.
   Navtex：Navtex 是一种海上通信系统，为海员提供海上天气预报、导航信息、紧急情况、安全和工作区域信息。海军在进行海上训练和演习之前使用Navtex系统警告不要进入这些区域。

B. System Architecture B. 系统架构

1. Space Network: The space network consists of diverse types of satellites, constellations, and the corresponding ground infrastructures, including the ground stations and the control centers. According to their different altitudes, satellites can be divided into GEO, MEO, LEO [21], as well as very low earth orbit (VLEO) satellites [44]. GEO satellites are used for television broadcasts, overseas telegrams, and microwave communication, etc. MEO and LEO satellites are close to the ground, which remotely take pictures of objects with high resolution. They are usually applied to topographic reconnaissance, resource detection, and meteorological monitoring. Since VLEO is the lowest-orbiting satellite, it is expected to provide high-rate data services and precise positioning.
   空间网络：空间网络由不同类型的卫星、星座和相应的地面基础设施组成，包括地面站和控制中心。根据高度的不同，卫星可分为GEO、MEO、LEO[21]和甚低地球轨道（VLEO）卫星[44]。GEO卫星用于电视广播、海外电报、微波通信等，MEO和LEO卫星靠近地面，可以远程拍摄高分辨率的物体照片。它们通常应用于地形勘察、资源探测和气象监测。由于VLEO是轨道最低的卫星，因此有望提供高速数据服务和精确定位。

2. Air Network: The air network is made up of aircraft, UAVs, airships, and balloons [45]. It can provide automatic routing of data between aircraft and ground station, aircraft and sea network, and can exchange data information with satellite layer. Among them, the high-altitude platform (HAP) is a common air network located in the stratosphere 20 kilometers from the ground. Compared with satellite communication platforms, HAPs have advantages of good mobility, short communication response time and low cost, and they are commonly used for broadcast/multicast services, emergency communications, disaster relief activities, and large-scale temporary events.
   航空网络：航空网络由飞机、无人机、飞艇和气球组成[45]。可提供飞机与地面站、飞机与海网之间的数据自动路由，并可与卫星层交换数据信息。其中，高空平台（HAP）是位于距地面20公里的平流层的通用空中网络。与卫星通信平台相比，HAP具有移动性好、通信响应时间短、成本低等优点，常用于广播/组播业务、应急通信、救灾活动、大型临时活动等。

3. Ground Network: The ground network is composed of many sub-networks such as cellular network, ad hoc network, wireless local area network (WLAN) [47], worldwide interoperability for microwave access (WiMAX) [48], coastal base stations, and so on. In general, with the rapid development of the global mobile communication system, ground network technologies have been quite mature [49].
   地面网络：地面网络由蜂窝网络、自组织网络、无线局域网（WLAN）[47]、全球微波接入互操作性（WiMAX）[48]、沿海基站等许多子网组成。总的来说，随着全球移动通信系统的快速发展，地面网络技术已经相当成熟[49]。

C. Communication Technology of SAGSIN
C. SAGSIN的通信技术

1. Mm-Wave Communication: Generally, millimeter-wave (mm-wave) refers to the frequency band between 30 and 300 GHz. Compared with traditional RF technology, it significantly widens the available bandwidth. Mm-wave is used to achieve data rates up to several hundred meters in gigabits per second levels at a bandwidth of several gigahertzes. At the same time, the shortest wavelength in mm-wave leads to smaller antenna size, which can improve the portability and integration of equipment, and it is conducive to specific applications such as detection radar and physical layer security. In addition, the wide band and high transmission power of mm-wave will lead to serious nonlinear signal distortion, which may bring more security issues. At the same time, due to the effective transmission range of mm-wave, it is usually dominated by line of sight (LoS) path. At present, the standardization of mm-wave field mainly focuses on the band for indoor use.
   毫米波通信：通常毫米波（mm-wave）是指30至300GHz之间的频段，与传统射频技术相比，它大大拓宽了可用带宽。毫米波用于在几千兆赫兹的带宽下实现高达几百米的数据速率，以千兆比特/秒为单位。同时，毫米波波中最短的波长导致天线尺寸更小，可以提高设备的便携性和集成度，有利于探测雷达和物理层安全等特定应用。此外，毫米波的宽带和高传输功率将导致严重的非线性信号失真，这可能会带来更多的安全问题。同时，由于毫米波的有效传输范围，通常以视距（LoS）路径为主。目前，毫米波场的标准化主要集中在室内使用的 频段上。
2. Terahertz Communication: Terahertz communication is envisioned as a driving technology for the 6G Internet of Things, requiring a data rate of Gbps and a delay less than . It is expected to meet the future needs of 6G IoT applications. Compared with mm-wave, the terahertz spectrum can address the spectrum shortage in wireless communications and significantly enhance the capability of wireless systems. Moreover, terahertz communication can also provide high broadband and throughput, supporting ultra-broadband applications like virtual reality. However, how to effectively use integrated circuits to modulate baseband signals to high frequency carriers remains the most critical challenge in the practical implementation of terahertz technology.
   太赫兹通信：太赫兹通信被设想为6G物联网的驱动技术，需要Gbps的数据 速率和小于 的延迟。有望满足未来6G物联网应用需求。与毫米波相比，太赫兹频谱可以解决无线通信频谱不足的问题，显著增强无线系统的能力。此外，太赫兹通信还可以提供高宽带和吞吐量，支持虚拟现实等超宽带应用。然而，如何有效地利用集成电路对高频载波的基带信号进行调制，仍然是太赫兹技术实际实施中最关键的挑战。
3. Visible Light Communication: Visible light communication (VLC) is an optical wireless technology that operates in the frequency ranging from 400 terahertz to 800 terahertz. Compared with radio frequency system, VLC has the advantages of high data rate, large available spectrum, strong anti-interference ability, inherent safety line, etc., which has been widely concerned by people. Compared to other wireless communication technologies, VLC systems can provide a higher level of security. However, due to their broadcast nature and LoS propagation, VLC systems are also vulnerable to eavesdropping by unauthorized nodes located in the transmitter coverage area, which means higher security risks.
   可见光通信：可见光通信 （VLC） 是一种光学无线技术，工作频率范围为 400 太赫兹至 800 太赫兹。与射频系统相比，VLC具有数据速率高、可用频谱大、抗干扰能力强、固有安全线等优点，受到人们的广泛关注。与其他无线通信技术相比，VLC系统可以提供更高级别的安全性。然而，由于其广播性质和LoS传播，VLC系统也容易受到位于发射机覆盖区域内的未经授权的节点的窃听，这意味着更高的安全风险。
4. Optical Wireless Communication: Optical wireless band refers to the electromagnetic spectrum with the carrier frequency of infrared, visible and ultraviolet light, and the wavelength range is and , respectively. They can be used for wireless communications in indoor, outdoor, underground and underwater scenarios. Optical wireless communication is a promising complementary technology to traditional wireless communications in RF band. The main difference between it and traditional frequency band is that there is no multipath fading, Doppler Effect and bandwidth adjustment. Moreover, optical bands can provide almost unlimited bandwidth without permission from regulators around the world. Due to the availability of optical emitters and detectors, it can be used to achieve low-cost high-speed access, and can provide high capacity intersatellite links for satellite constellations. Recently, research interest in ultraviolet communication has been gradually increasing.
   光无线通信：光无线频段是指与红外光、可见光和紫外光的载波频率相符的电磁频谱，波长范围分别为 和 。它们可用于室内、室外、地下和水下场景的无线通信。光无线通信是射频频段传统无线通信的一种很有前途的补充技术。它与传统频段的主要区别在于没有多径衰落、多普勒效应和带宽调整。此外，光频段可以提供几乎无限的带宽，而无需获得世界各地监管机构的许可。由于光发射器和探测器的可用性，可用于实现低成本的高速接入，并可为卫星星座提供高容量的星间链路。近年来，人们对紫外线通信的研究兴趣逐渐增加。
5. Underwater Acoustic Communication: Acoustic wave is the main carrier of underwater information, which has been widely used in underwater communication, sensing, detection, navigation, positioning and other fields. Acoustic wave belongs to mechanical wave (longitudinal wave). The signal attenuation in underwater transmission is small (i.e., its attenuation rate is of electromagnetic wave.), and the transmission distance is long. Its communication range can extend from several hundred meters to dozens of kilometers, and thus acoustic wave is very suitable for deep-water communication with stable temperature. Moreover, underwater acoustic channel is a very complex multi-path transmission channel with high ambient noise, narrow band width, low applicable carrier frequency and large transmission delay. In order to overcome these disadvantages and to improve its bandwidth utilization efficiency as much as possible, further research on new technical solutions is needed, including multi-carrier modulation, multi-input multi-output technology, etc.
   水声通信：声波是水下信息的主要载体，已广泛应用于水下通信、传感、探测、导航、定位等领域。声波属于机械波（纵波）。水下传输中的信号衰减小（即其衰减率为 电磁波），传输距离长。它的通信范围可以从几百米延伸到几十公里，因此声波非常适合温度稳定的深水通信。此外，水声信道是一种非常复杂的多径传输信道，具有环境噪声高、带宽窄、适用载波频率低、传输时延大等特点。为了克服这些缺点，尽可能提高其带宽利用效率，需要进一步研究新的技术方案，包括多载波调制、多输入多输出技术等。

D. Characteristics of SAGSIN
D. SAGSIN的特性

1. Heterogeneity: Heterogeneity refers to that the network comprises multiple wireless communications systems using different access techniques [51]. SAGSIN covers a wide range, spanning space, air, ground, and sea. Each layer consists of several subnets, and each subnet has diverse communication modes and devices, which will inevitably affect network delay,
   异构性：异构性是指网络由使用不同接入技术的多个无线通信系统组成[51]。SAGSIN覆盖范围广，跨越太空、空中、地面和海洋。每一层由多个子网组成，每个子网都有不同的通信模式和设备，这不可避免地会影响网络时延，
   transmission data rate, and so on. In order to satisfy the needs of communication services, it is an effective method to fully exploit the advantages of existing wireless communications systems utilizing system integration. Normally, diverse protocols of each segment supports different functions or applications, resulting that the four-layer heterogeneous network can provide various packet transfers. Furthermore, according to users' requirements, SAGSIN can select the appropriate network access technique for them and provide better QoS [52].
   传输数据速率等。为了满足通信业务的需求，充分利用现有无线通信系统利用系统集成的优势，是一种有效的方法。通常，每个网段的不同协议支持不同的功能或应用，导致四层异构网络可以提供各种数据包传输。此外，根据用户的需求，SAGSIN可以为他们选择合适的网络接入技术，并提供更好的QoS[52]。
2. Self-Organization: The self-organization of SAGSIN enables it to use the routing and forwarding function to communicate in an infrastructure environment [53]. It integrates multi-layer networks and accesses various types of mobile devices. These devices are always in high-speed motion and frequently switch between multiple subnets. In SAGSIN, the nodes can join or leave the network at anytime, and the failure of any node may not affect the operation of the whole network, which has a strong destruction resistance. Based on this characteristic, the network can be used for military communications, emergency services, and disaster recovery [54], [55]. Specifically, various military equipments carry out information exchange coordinately to complete combat tasks, and it can establish temporary networks quickly, thereby reducing the rescue time and the harm caused by the disaster.
   自组织：SAGSIN的自组织使其能够使用路由和转发功能在基础设施环境中进行通信[53]。它集成了多层网络并访问各种类型的移动设备。这些设备始终处于高速运动状态，并经常在多个子网之间切换。在SAGSIN中，节点可以随时加入或离开网络，任何节点的故障都可能不影响整个网络的运行，具有很强的抗破坏能力。基于这一特性，该网络可用于军事通信、应急服务和灾难恢复[54]，[55]。具体来说，各种军事装备协调进行信息交换，完成作战任务，可以快速建立临时网络，从而减少救援时间和灾难造成的伤害。
3. Time-Variability: The space network is organized by constellation and established by inter-satellite links. The design of the constellation determines the particularity of satellite network topology. The establishment of an inter-satellite link not only reduces the dependence of the satellite network on the ground network, but also increases the design difficulty and manufacturing cost of the system. The high mobility of nodes and dynamic change of topology structure further lead to the time-varying feature of SAGSIN. The time-varying network can be divided into two cases. The first is the change of relative distance between nodes, which mainly affects the transmission delay. This change is slow and can be ignored under certain conditions. The second is the links handover between nodes, which can change the network structure and affect the routing of local nodes, thus having an impact on the performance of all aspects of the network.
   时变性：空间网络按星座组织，并由卫星间链路建立。星座的设计决定了卫星网络拓扑的特殊性。星间链路的建立不仅降低了卫星网络对地面网络的依赖，而且增加了系统的设计难度和制造成本。节点的高迁移率和拓扑结构的动态变化进一步导致了SAGSIN的时变特性。时变网络可以分为两种情况。首先是节点之间相对距离的变化，主要影响传输时延。此更改很慢，在某些情况下可以忽略。二是节点之间的链路切换，可以改变网络结构，影响本地节点的路由，从而对网络各个方面的性能产生影响。

E. Challenges E. 挑战

1. Network Management: Network Management is the premise to ensure the normal operation of the network,
   网络管理：网络管理是保证网络正常运行的前提，

2. QoS Guarantee: With the rapid development of highspeed data transmission and interactive communication, SAGSIN needs to provide a strict end-to-end QoS guarantee. First of all, since the satellites are distributed in a wide space, the transmission latency between these nodes is much larger than that between the nodes in the ground network. Therefore, the node transmission between satellites becomes the main component of SAGSIN communication delay. This kind of high latency increases the TCP end-to-end delay, resulting in slow feeding back of the confirmation information to the sending nodes. Moreover, it reduces network throughput and brings about a large number of packets staying on the satellite communication channel, increasing the probability of packet loss, which may cause network congestion and unavailability.
   QoS保障：随着高速数据传输和交互通信的快速发展，SAGSIN需要提供严格的端到端QoS保障。首先，由于卫星分布在广阔的空间中，这些节点之间的传输时延远大于地面网络中节点之间的传输时延。因此，卫星之间的节点传输成为SAGSIN通信时延的主要组成部分。这种高延迟增加了 TCP 端到端的延迟，导致确认信息反馈到发送节点的速度变慢。此外，降低网络吞吐量，导致大量报文滞留在卫星通信信道上，增加了丢包概率，可能导致网络拥塞和不可用。

3. Gateway Placement and Selection: In SAGSIN, satellite gateways play an important role in transmitting traffic from the ground network to the space network. Different satellite gateway locations have an impact on network performance. Many factors like poor weather conditions, can lead network nodes and links to fail. Therefore, on the premise of meeting the limitation of satellite link capacity, how to select the appropriate gateways and place them in the optimal position is worth further analysis. Generally speaking, the gateway selection must take inter-segment influences into account in SAGSIN. Especially for the air network segment, as the relay of ground and satellite communication, how to choose the appropriate number of routing nodes is a challenging problem. Selecting the gateway not only the traffic distribution within the segments, but also the total traffic from the ground segment and the capacity of the air link should be considered [57]. Regarding determining the locations of satellite gateways, we should pay more attention to the geographical location and the network topology, as well as the overall traffic distribution [58].
   网关布局和选择：在SAGSIN中，卫星网关在将流量从地面网络传输到空间网络方面发挥着重要作用。不同的卫星网关位置会影响网络性能。许多因素（如恶劣的天气条件）都可能导致网络节点和链路出现故障。因此，在满足卫星链路容量限制的前提下，如何选择合适的网关并将其放置在最佳位置值得进一步分析。一般来说，网关选择必须考虑SAGSIN中的网段间影响。特别是对于空中网络段，作为地面和卫星通信的中继，如何选择适当数量的路由节点是一个具有挑战性的问题。选择网关时，不仅要考虑网段内的流量分布，还要考虑地面网段的总流量和空中链路的容量[57]。在确定卫星网关的位置时，应更加关注地理位置和网络拓扑结构，以及整体流量分布[58]。

4. Security: As a four-layer heterogeneous network with open links and dynamic topologies, SAGSIN faces many new security challenges. Like other communication networks, it is vulnerable to denial of service (DoS) attacks, jamming attacks, spoofing attacks, unauthorized access, malware, etc [60]. Specifically, SAGSIN chronically in a severe natural environment results that the inter-satellite and satellite-ground links suffer from the electromagnetic signal interference, and these links may be eavesdropped by malicious users. The satellite nodes directly exposed to space orbit are easily subjected to illegal interception. Moreover, the integration of various heterogeneous networks leads to the higher security requirements on traditional routing, network access, and handover strategies, and thus, it is urgent to implement the interconnection control and to ensure multi-level security. Besides, considering that the scattering and refraction path is small while the signal is transmitted at sea, if the antenna height of the buoy is low, the curvature of the earth and the obstruction of the waves may cause the signal transmission to be interrupted. Overall, SAGSIN has been being widely used in military and civilian communications, and how to ensure the reliability and security of the private data should be well accounted for.
   安全性：作为具有开放链路和动态拓扑结构的四层异构网络，SAGSIN面临着许多新的安全挑战。与其他通信网络一样，它容易受到拒绝服务（DoS）攻击、干扰攻击、欺骗攻击、未经授权的访问、恶意软件等[60]。具体而言，SAGSIN长期处于恶劣的自然环境中，导致星间和卫星-地面链路受到电磁信号干扰，这些链路可能被恶意用户窃听。直接暴露在空间轨道上的卫星节点很容易受到非法拦截。此外，各种异构网络的融合导致对传统路由、网络接入和切换策略的安全要求更高，因此，实施互联控制并确保多级安全迫在眉睫。此外，考虑到信号在海上传输时散射和折射路径较小，如果浮标的天线高度较低，地球的曲率和波浪的阻碍可能会导致信号传输中断。总体而言，SAGSIN在军民通信中得到了广泛的应用，如何确保私人数据的可靠性和安全性应该得到很好的考虑。

III. Security Requirements
三、安全要求

A. Confidentiality A. 保密

B. Integrity B. 诚信

C. Availability C. 可用性

IV. Security Threats in SAGSIN
四、SAGSIN的安全威胁

A. Physical Threats A. 人身威胁

1. Natural Occurrences and Environment Factors: Even without the threats posed by human activities, irresistible environmental factors and natural events may destroy the communication links in SAGSIN. Natural disasters, such as earthquakes, floods, sandstorms, tornadoes, heavy rain or snow, thunder, and lightning, etc., may damage ground stations and cause service interruptions. Satellite links are susceptible to hostile space-based environments, such as solar and cosmic radiation, atmospheric disturbances, meteoroids, asteroids, etc [66]. In the "satellite eclipse" season, the sun is blocked by the earth and the satellite solar cannot get sunlight, and the onboard battery only maintains the satellite rotation, but cannot support the transponder to work properly. During the period of "sun outage", the sun, the satellite, and the ground station happen to be in a straight line. Strong electromagnetic radiation from the sun will be looked upon as interference to the downlinks signal in satellite, inevitably causing communication interruption. Moreover, satellites will also face the threat of space junk floating in orbit, which come from disused spacecraft and invalid satellites, thus increasing the possibility of collisions.
   自然事件和环境因素：即使没有人类活动带来的威胁，不可抗拒的环境因素和自然事件也可能破坏SAGSIN的通信链路。地震、洪水、沙尘暴、龙卷风、大雨或大雪、雷电等自然灾害可能会损坏地面站并导致业务中断。卫星链路容易受到恶劣的天基环境的影响，如太阳和宇宙辐射、大气扰动、流星体、小行星等[66]。在“卫星日食”季节，太阳被地球挡住，卫星太阳无法获得阳光，机载电池只能维持卫星自转，但无法支持应答器正常工作。在“停电”期间，太阳、卫星和地面站恰好在一条直线上。来自太阳的强电磁辐射将被视为对卫星下行链路信号的干扰，不可避免地导致通信中断。此外，卫星还将面临漂浮在轨道上的太空垃圾的威胁，这些垃圾来自废弃的航天器和无效的卫星，从而增加了碰撞的可能性。

2. Artificial Destruction: Network infrastructure is often threatened by human errors or a lack of security awareness, which inadvertently creates opportunities for criminals to steal or sabotage equipment. In particular, satellites are potential targets for interceptors such as space mines and anti-satellite orbiting missiles. The use of directed energy weapons, e.g., high-power laser beams, laser weapons, can destroy satellite systems and services. Moreover, stations, links, and communication networks are all vulnerable to cyberattacks similar to those used in computer networks and the Internet. Potential cyber-attacks include DoS, eavesdropping, and data interception. An attacker can inject false information to gain unauthorized access to the database. Faulty commands in telemetry, which controls spacecraft can cause satellites to deviate from designated orbits and even self-destruct. Viruses can also be injected into the ground computer networks associated with space systems, leading to the loss of spacecraft. Furthermore, collisions between ships and the destruction of coastal base stations may affect the secure communication of the underwater acoustic network. If the attacker's channel is linked to a special node, such as a base station, access point, or gateway, a successful interference attack may destroy the entire network.
   人为破坏：网络基础设施经常受到人为错误或缺乏安全意识的威胁，这无意中为犯罪分子窃取或破坏设备创造了机会。特别是，卫星是太空地雷和反卫星轨道导弹等拦截器的潜在目标。使用定向能武器，例如高功率激光束、激光武器，可以摧毁卫星系统和服务。此外，电台、链路和通信网络都容易受到类似于计算机网络和互联网中使用的网络攻击。潜在的网络攻击包括 DoS、窃听和数据拦截。攻击者可以注入虚假信息，以获得对数据库的未经授权的访问。控制航天器的遥测错误命令可能导致卫星偏离指定轨道甚至自毁。病毒也可以注入与空间系统相关的地面计算机网络，导致航天器丢失。此外，船舶之间的碰撞和沿海基站的破坏可能会影响水声网络的安全通信。如果攻击者的信道链接到一个特殊的节点，如基站、接入点、网关，成功的干扰攻击可能会破坏整个网络。
3. Interference: Nowadays, an increasing number of satellites put forward higher requirements on certain frequencies and orbits, resulting in orbital or spectral crowding. This congestion may cause unintended disruption to satellite services. Even when operating in the optimal geographical areas where satellite links are successfully achieved, natural phenomena or human interference can disrupt satellite communications systems and seriously disable civilian or military satellite communications systems. The interference of satellite communication systems is mainly posed by uplink and downlink interferences [21], among which uplink interference includes ground-based interference that requires large antennas to achieve power matching with the blocked original link signals. Downlink, which is usually easier to block than uplink, can be disrupted by low-orbit satellites and aircraft, and they can inject signals directly into terminal receivers on the ground with more serious and dangerous consequences directly.
   干扰：如今，越来越多的卫星对某些频率和轨道提出了更高的要求，导致轨道或频谱拥挤。这种拥塞可能会对卫星服务造成意外中断。即使在成功实现卫星链路的最佳地理区域运行，自然现象或人为干扰也会破坏卫星通信系统，并严重瘫痪民用或军用卫星通信系统。卫星通信系统的干扰主要由上行链路和下行链路干扰构成[21]，其中上行链路干扰包括需要大型天线才能与被阻塞的原始链路信号进行功率匹配的地基干扰。下行链路通常比上行链路更容易被阻塞，可以被低轨道卫星和飞机破坏，它们可以将信号直接注入地面终端接收器，直接造成更严重和危险的后果。

B. Operation Threats B. 行动威胁

1. Malware: Malware is malicious, intrusive program code, which is designed to take control of the devices by destroying processes without the knowledge of user. It is often distributed as spam in malicious attachments or links to an infected network, which can evade feature detection by dynamically changing the attack codes. Specifically, malware can be classified into the following major categories.
   恶意软件：恶意软件是恶意的侵入性程序代码，旨在通过在用户不知情的情况下破坏进程来控制设备。它通常以垃圾邮件的形式分发到指向受感染网络的恶意附件或链接中，这些网络可以通过动态更改攻击代码来逃避功能检测。具体来说，恶意软件可分为以下几大类。

• Trojan horse: A Trojan horse is a remote unauthorized control program hidden in the system using client/server structure. It provides a backdoor for unauthorized access to privileged functions of the system [67]. Since Trojan horse program can open system permissions, leak user information, or even filch entire management access without the noticing of the administrator, it has become one of the most commonly used tools by hackers. In SAGSIN, once a terminal node is perceived to be compromised, an attacker can gain unauthorized access by simply analyzing the confidential information stored in the terminal or network node via the connection of a communication link. This leads to non-terrestrial network nodes to receive false information, resulting in serious security threats. In consideration of the complexity of the signals, Trojans are very difficult to detect through visual or other forms of manual inspection [68].
  特洛伊木马：特洛伊木马是使用客户端/服务器结构隐藏在系统中的远程未经授权的控制程序。它为未经授权访问系统的特权功能提供了后门[67]。由于特洛伊木马程序可以在管理员不注意的情况下打开系统权限、泄露用户信息，甚至破坏整个管理访问权限，因此它已成为黑客最常用的工具之一。在SAGSIN中，一旦感知到终端节点遭到入侵，攻击者只需通过连接通信链路分析终端或网络节点中存储的机密信息，即可获得未经授权的访问。这会导致非地面网络节点接收虚假信息，从而造成严重的安全威胁。考虑到信号的复杂性，特洛伊木马很难通过目视或其他形式的人工检查来检测[68]。
• Worms: Worms are malicious programs that can spread without human intervention. They replicate themselves and run independently out of user control. The worm mainly includes three modules, namely the transmission module, the hidden module, and the function module. In particular, the transmission module is only used for rapid spread, and the hidden module is to hide the worm programs just copied to the network in case they are spotted. The function module mainly realizes the control, monitoring, and destruction of the network. By making use of some vulnerabilities existing in the computer network, worms continuously obtain access rights from the network to spread widely. When worms invade and take full control of one system, they continue to infect other systems exponentially using the recursive method.
  蠕虫：蠕虫是恶意程序，无需人工干预即可传播。它们自我复制并在用户控制之外独立运行。蠕虫主要包括三个模块，即传输模块、隐藏模块和功能模块。特别是传输模块仅用于快速传播，隐藏模块是隐藏刚刚复制到网络上的蠕虫程序，以防被发现。功能模块主要实现网络的控制、监控、破坏。蠕虫利用计算机网络中存在的一些漏洞，不断从网络获取访问权限，广泛传播。当蠕虫入侵并完全控制一个系统时，它们会继续使用递归方法以指数方式感染其他系统。
• Virus: Computer viruses are a set of instructions or code inserted into programs or files, which can replicate itself, and has the characteristics of concealment, parasitism, transmissibility, and destructiveness. They can destroy the system data and affect the normal operation of software and hardware, leading to data loss and system crashes in severe cases, and system efficiency reduction. Generally, viruses are parasitic in other executable programs and will be activated once conditions are met. After a virus determines the target, it replicates itself to infect other programs. For instance, when files attached with viruses are copied or transferred from one user to another, viruses rapidly diffuse along with the files.
  病毒：计算机病毒是插入程序或文件中的一组指令或代码，可以自我复制，具有隐蔽性、寄生性、传播性和破坏性等特点。它们会破坏系统数据，影响软硬件的正常运行，严重时会导致数据丢失和系统崩溃，系统效率降低。通常，病毒寄生在其他可执行程序中，一旦满足条件就会被激活。病毒确定目标后，它会自我复制以感染其他程序。例如，当带有病毒的文件从一个用户复制或传输到另一个用户时，病毒会随着文件迅速扩散。
• Backdoor programs: Backdoor programs generally means that bypass security mechanisms to gain access to different systems. In the phase of software development, programmers often create backdoors in case of defects in the design, which are convenient to test and enhance module functions. However, if the backdoor programs are acquired by someone with ulterior motives, or the backdoor is not removed before the software is released, there may be potential risks, and it is easy for an attacker to use it.
  后门程序：后门程序通常意味着绕过安全机制来访问不同的系统。在软件开发阶段，程序员经常在设计出现缺陷的情况下创建后门，方便测试和增强模块功能。但是，如果后门程序被别有用心的人获取，或者后门在软件发布前没有被移除，则可能存在潜在风险，并且很容易被攻击者使用。

2. Unauthorized Access: Unauthorized access refers to the unauthorized use of network resources or using network resources in an unauthorized manner. It mainly includes unauthorized users accessing the network to perform illegal operations, and legitimate users conducting unauthorized operations. The openness of SAGSIN provides illegal intruders with more opportunities for unauthorized access. Unauthorized intruders can bypass the access control mechanism, abnormally make use of network equipment and resources, and arbitrarily extend their access rights. One concrete example is hijacking channel information of commercial drones by illegally accessing the network and launching anonymous attacks. This kind of threat will lead to the users' important information being stolen and the system security being destroyed, resulting in seriously breaking the security order of the network. To avoid it, we should strengthen the access control mechanism, flexibly set the types and quantities of access control according to the different security levels and network environment.
   未经授权的访问：未经授权的访问是指未经授权使用网络资源或以未经授权的方式使用网络资源。主要包括未经授权用户访问网络进行非法操作，以及合法用户进行未经授权操作。SAGSIN的开放性为非法入侵者提供了更多未经授权的访问机会。未经授权的入侵者可以绕过访问控制机制，异常使用网络设备和资源，任意扩展其访问权限。一个具体的例子就是通过非法访问网络和发起匿名攻击来劫持商用无人机的频道信息。这种威胁会导致用户的重要信息被盗用，系统安全被破坏，导致网络安全秩序严重中断。为了避免这种情况，我们应该加强访问控制机制，根据不同的安全级别和网络环境灵活设置访问控制的类型和数量。

C. Network Threats C. 网络威胁

1. Insecure Routing: The router automatically selects and forwards packets according to the actual operation situations of adjacent nodes, and tries to deliver packets in the optimal path and at the minimum cost. However, the routing node lacks physical protection in SAGSIN, and the node with flexibility and mobility inevitably limits its resources and computing power to apply complex cryptographic algorithms. The vulnerability of each node makes it easy to be controlled or captured by the enemy.
   不安全路由：路由器根据相邻节点的实际运行情况自动选择转发报文，尝试以最优路径、最低成本投递报文。然而，路由节点在SAGSIN中缺乏物理保护，具有灵活性和移动性的节点不可避免地限制了其应用复杂密码算法的资源和计算能力。每个节点的脆弱性使其很容易被敌人控制或俘虏。

2. Insecure Protocol: TCP is originally designed for terrestrial wired network. However, different from terrestrial wired network, satellite network has long link propagation and bandwidth delay, high bit error rate, and asymmetric link, resulting that the performance of standard TCP may reduce in satellite network. Moreover, frequent handover in the network organization process will significantly affect the transmission performance of the network. Furthermore, traditional IP networking technology based on fixed topology structure cannot be directly applied to satellite networks, so that it is necessary and important to design new network protocol suitable for SAGSIN's topological dynamic environment.
   不安全协议：TCP 最初是为地面有线网络设计的。然而，与地面有线网络不同，卫星网络具有链路传播长、带宽延延长、误码率高、链路不对称等特点，导致标准TCP在卫星网络中的性能可能会降低。此外，网络组织过程中频繁的交接会显著影响网络的传输性能。此外，传统的基于固定拓扑结构的IP组网技术无法直接应用于卫星网络，因此设计适合SAGSIN拓扑动态环境的新型网络协议是必要且重要的。

D. Data/Information Threats
D. 数据/信息威胁

1. Data Misuse: Data misuse occurs when privileged insiders use legitimate ability to access sensitive data for inappropriate purposes. Abuse by insiders is not necessarily malicious, and it is possible that some insiders accidentally misuse the system by mistake. In the open environment of SAGSIN, sharing confidential and sensitive information is inevitable. Therefore, organizations must make significant efforts to protect confidential information and detect incidents of data misuse, and effective security mechanisms are needed to monitor the usage of sensitive information. To avoid internal data misuse, it is necessary to properly organize and systematically analyze the identity and authorization data of legitimate users involved in the system. These approaches include collecting identity data that propagates between different applications, systematically cleaning up user account data, grouping privileges and access rights of users, etc [15].
   数据滥用：当特权内部人员使用合法能力出于不当目的访问敏感数据时，就会发生数据滥用。内部人员的滥用不一定是恶意的，也有可能是一些内部人员不小心误用了系统。在SAGSIN的开放环境中，共享机密和敏感信息是不可避免的。因此，组织必须做出重大努力来保护机密信息并检测数据滥用事件，并且需要有效的安全机制来监控敏感信息的使用情况。为避免内部数据滥用，有必要对系统中涉及的合法用户的身份和授权数据进行适当的组织和系统分析。这些方法包括收集在不同应用程序之间传播的身份数据，系统地清理用户帐户数据，对用户的权限和访问权限进行分组等[15]。
2. Data Leakage: Data leakage mainly include the damage caused by operation faults and the interception via network monitoring during transmission, and the attackers can obtain private data through application-level vulnerabilities or malware. Once they have access to the network nodes, they can bypass the monitor and steal data directly at the operating system layer. Facing with these severe situations in SAGSIN, traditional security measures are difficult to prevent data leakage independently, and strengthening the data security is imminent.
   数据泄露：数据泄露主要包括传输过程中操作故障和网络监控拦截造成的破坏，攻击者可以通过应用级漏洞或恶意软件获取私有数据。一旦他们能够访问网络节点，他们就可以绕过监视器并直接在操作系统层窃取数据。面对SAGSIN的这些严峻情况，传统的安全措施难以独立防止数据泄露，加强数据安全迫在眉睫。
3. Packet Interception: Packet interception means that a damaged node, which may be a router, intercepts the packets passing through it, and selectively discards them or takes other actions. For example, the attacker returns an acknowledgment to the source node if it is the target node, but discards the corresponding data packet. In this case, the target node cannot receive the content which was sent to it. The attacker or damaged node can even inject other data packets into the target node based on the behavior of the source node. In a man-in-the-middle attack, the attacker may secretly relay the communication between a pair of nodes and make them believe that they are directly communicating with each other. By monitoring the network and locating nodes, attackers can improve attack power by attacking key nodes (e.g., the root node of a tree topology network). Although multipath forwarding can be used to defend against packet interception, it requires more bandwidth and energy consumption, and new defense technologies against packet interception, especially combined with SAGSIN's characteristics, are needed.
   数据包拦截：数据包拦截是指损坏的节点（可能是路由器）拦截通过它的数据包，并有选择地丢弃它们或采取其他操作。例如，如果源节点是目标节点，攻击者会向源节点返回确认，但会丢弃相应的数据包。在这种情况下，目标节点无法接收发送给它的内容。攻击者或受损节点甚至可以根据源节点的行为将其他数据包注入目标节点。在中间人攻击中，攻击者可能会秘密中继一对节点之间的通信，并使它们相信它们正在直接相互通信。通过监控网络和定位节点，攻击者可以通过攻击关键节点（例如树形拓扑网络的根节点）来提高攻击能力。虽然多径转发可用于防御数据包拦截，但它需要更多的带宽和能耗，并且需要新的数据包拦截防御技术，特别是结合SAGSIN的特性。

V. Attack Methodologies in SAGSiN
五、SAGSiN的攻击方法

A. Jamming Attack A. 干扰攻击

B. Eavesdropping Attack B. 窃听攻击

C. Spoofing Attack C. 欺骗攻击

D. Denial of Service Attack
D. 拒绝服务攻击

VI. Security Countermeasures for SAGSIN
六、SAGSIN的安全对策

A. Anti-Jamming Techniques
A. 抗干扰技术

1. Spread Spectrum: To deal with jamming attacks, a variety of technologies and strategies have been proposed. Traditional physical layer techniques against jamming attacks rely on spread spectrum [118], including direct sequence spread spectrum and frequency-hopping sequence spread spectrum, and these techniques are widely used in the military field. Spread spectrum communication consumes more frequency resources, which adopts pseudo-random code with a high
   扩频：为了应对干扰攻击，已经提出了各种技术和策略。传统的物理层技术依赖于扩频[118]，包括直接序列扩频和跳频序列扩频，这些技术在军事领域得到广泛应用。扩频通信消耗较多的频率资源，采用伪随机码，高

2. Game Theory and Reinforcement Learning: Although the spread spectrum technology mentioned above can resist jamming attacks, considering the limitations of network bandwidth, energy consumption and computing capacity, traditional physical layer technology is not suitable for the practical application of SGASIN. In view of this, scholars have put forward various defense methods of jamming attacks, and it has been verified that game theory and reinforcement learning (RL) are effective methods to study jamming and anti-jamming in wireless networks.
   博弈论与强化学习：虽然上述扩频技术可以抵御干扰攻击，但考虑到网络带宽、能耗和计算能力的限制，传统的物理层技术并不适合SGASIN的实际应用。有鉴于此，学者们提出了多种干扰攻击防御方法，并验证了博弈论和强化学习（RL）是研究无线网络干扰和抗干扰的有效方法。

3. Directive Antenna: In satellite communication, directional antenna and signal processing technology can effectively prevent jamming attacks. Yin-Ting et al. [114] combined the digital beamforming technique and the space-time adaptive anti-jamming algorithm to minimize the deviation of the radiation pattern of the anti-jamming antenna array, and the jamming cancellation capability was improved. Wang et al. [115] established a space-time jamming suppression model, and adopted the linearly constrained minimum variance (LCMV)proportional-integral jamming suppression algorithm, which can form a deeper zero in the direction of the interference signal and increase the output system SINR.
   定向天线：在卫星通信中，定向天线和信号处理技术可以有效防止干扰攻击。Yin-Ting等[114]将数字波束成形技术和时空自适应抗干扰算法相结合，将抗干扰天线阵列辐射方向图的偏差降至最低，提高了干扰消除能力。Wang等[115]建立了时空干扰抑制模型，并采用了线性约束最小方差（LCMV）比例积分干扰抑制算法，该算法可以在干扰信号方向上形成更深的零点，提高输出系统的SINR。

B. Secure Routing B. 安全路由

C. Secure Handover Schemes
C. 安全移交方案