Improvement of the Cybersecurity of the Satellite Internet of Vehicles through the Application of an Authentication Protocol Based on a Modular Error-Correction Code

Abstract

The integration of the Internet of Vehicles (IoV) and low-orbit satellite Internet not only increases the efficiency of traffic management but also contributes to the emergence of new cyberattacks. Spoofing interference occupies a special place among them. To prevent a rogue satellite from imposing unauthorized content on vehicle owners, a zero-knowledge authentication protocol (ZKAP) based on a modular polyalphabetic polynomial code (MPPC) was developed. The use of MPPC allowed for increasing the authentication speed of the satellite performing the role of RSU. As a result, a reduction in the time needed to guess the prover’s signal also reduces the probability of granting a rogue satellite the communication session and increases the imitation resistance of the satellite IoV. At the same time, the MPPC allows for improving the noise resistance of the ZKAP. An algorithm for calculating the control residuals for a noise-resistant MPPC was developed for this purpose, as well as an algorithm for correcting errors arising in the communication channel due to interference. Thus, the developed authentication protocol based on a noise-resistant modular code allows for simultaneously reducing the probabilities of the first-order and second-order errors, which leads to the increased cybersecurity of satellite IoV.

1. Introduction

In recent years, there has been a tendency to increase the scope of the application of wireless information technologies. First of all, it concerns such areas as Intelligent Transportation Systems (ITS). ITS is a system integration of modern information and communication technologies and automation means with transportation infrastructure, transport facilities and users. It is focused on solving the following tasks:

• traffic management in cities and highways [1,2,3];
• road safety improvement [4];
• traffic management under emergency circumstances [5,6,7];
• improvement of comfort for drivers and transport users [8,9,10].

Considering the progress of ITS development, it is impossible not to note the expansion of the process of the implementation of vehicular self-organizing networks such as VANET (Vehicular Ad Hoc Network) in “smart cities” [11]. The main elements of VANET are

• OBU (On Board Unit) telecommunication modules placed on vehicles;
• RSU (Roadside Unit) base stations supporting communication interfaces.

All devices must have appropriate computing resources and a system to wirelessly communicate with each other. The architecture of a VANET implemented within a settlement is shown in Figure 1.

The RSU base station deployment infrastructure aims to ensure uninterrupted radio communication between the RSU and the OBU. This enables any vehicle to access applications and services quickly and with high fidelity.

However, as the distance from the settlements increases, deploying a network of RSU infrastructure base stations requires significant financial outlay. This problem can be solved in several ways. In [12], it is proposed to use unmanned aerial vehicles as RSUs. According to the authors, this approach will reduce the financial costs of deploying the infrastructure of stationary RSUs, providing a higher level of safety of road traffic due to the timely delivery of emergency messages to vehicles. Thanks to this, drivers have time to take appropriate actions to avoid accidents.

One of the promising directions of ITS development is the application of Internet of vehicle (IoV) technology, which is the integration of vehicular ad hoc networks (VANET) and satellite IoT technology based on a constellation of geostationary and low-orbit satellites [13]. The deployment of the Starlink low-orbit satellite communication system allows for expanding the scope of the application of the Internet of Vehicles. In this case, it is possible to organize data exchange between vehicles located in remote and sparsely populated areas and ITS control centers using satellite Internet channels. As a result, the satellite Internet of Vehicles appears, which is a new step in the evolution of VANET technology. This integration leads to qualitative changes in ITS, providing a reduction in the number of traffic accidents and crashes, increasing road capacity, expanding driving comfort services and regulating speed limits. The perspective of using a low-orbit constellation of satellites in IoV is especially evident in sparsely populated and hard-to-reach areas of the Far North. The increased interest in these areas is due to the fact that the Arctic Ocean shelf has more than 1.7 trillion cubic feet of hydrocarbon reserves in the subsurface [14]. This leads to the expansion of the geography of the location of enterprises engaged in the extraction and transportation of minerals. In this case, the development of extractive industries becomes a trigger for the creation of transportation routes beyond the Arctic Circle. It is possible to solve the problems of the development of the transportation infrastructure, increase the efficiency of its operation and reduce the number of road accidents and emergency situations in harsh climatic conditions only by using the integration of automotive self-organizing networks and satellite IoT technology. Such integration is presented in Figure 2. In this case, the functional duties performed by RSU base stations are assigned to a constellation of low-orbit satellites.

In expanding road safety capabilities, satellite Internet of Vehicles technology requires addressing a number of important challenges. One of them is ensuring the cybersecurity of satellite IoV. This is due to the fact that the communication channel is long, resulting in new vulnerabilities in the IoV system. This contributes to the emergence of new types of cyberattacks on the low-orbit satellite communication system, the execution of which leads to significant economic losses.

In [15,16], the vulnerabilities of modern satellite systems to cyberattacks are discussed. The authors described the main problems of the cybersecurity of space systems. They considered the main types of cyberattacks that have been executed on satellites by hackers, as well as methods aimed at reducing damage to the assets of satellite systems.

The analysis of these works allowed us to divide the multitude of executed cyberattacks into three main groups. The first group includes a direct attack on a satellite. It can be performed either through a ground-based transceiver or via a satellite. The second group includes attacks on the satellite system through a ground control point that can be compromised by hackers. The third group includes attacks that are built on delivering malicious code to a satellite via an officially provided access channel. These cyberattacks are not only capable of disabling satellite communication system assets but also of disrupting the data link.

To effectively counter such cyberattacks, it is necessary to develop and utilize a set of best practices and techniques that can ensure the cybersecurity of satellite IoV. It is known that cybersecurity includes identification and authentication methods, algorithms used for data traceability and authorization, the application of which is aimed at ensuring the integrity, availability and confidentiality of information. The paper proposes a new approach to improving the cybersecurity of the satellite IoV through the use of the developed authentication protocol that allows for granting access rights only to those elements of the satellite IoV structure that have confirmed their legitimacy. This approach is based on the integration of zero-knowledge authentication protocols (ZKAP) and methods of constructing noise-resistant modular codes.

One of the effective cyberattacks conducted on satellite IoV assets is the spoofing attack, which is presented in Figure 3. The satellite RSU transmits true content to the vehicle OBU (shown in yellow). A rogue satellite intercepts this message, delays the content, and then imposes it on the OBU (this process is shown in red). In this case, the received spoofing interference will be perceived by the OBU as correct information about the current traffic condition and will be accepted for execution. As a result, traffic safety will be impaired.

In addition, a rogue satellite can intercept the communication channel when the handoff (handover) procedure is being performed. Since the time when a low-orbit satellite is in the receiver’s line of sight is between 8 and 15 min, the handoff process must be performed from one satellite to another satellite during the handoff session to ensure uninterrupted data exchange between the OBU and the satellite RSU. A rogue satellite can intercept the communication channel and transmit unauthorized content containing false traffic information to the OBU exactly during the handoff procedure. As a result, road safety will also be compromised.

It is proposed to counter such a cyberattack by using a zero-knowledge authentication protocol based on a modular polyalphabetic polynomial code (MPPC). The integration of the theory of cryptography and the theory of the construction of parallel arithmetic RCPR allowed for developing an authentication protocol that takes minimal time to identify the satellite before starting a communication session with it. Due to this property, a rogue satellite will have less time to guess the correct prover’s signal, which will reduce the probability of the second-order error (the authorization of content from a rogue satellite). This will result in the improved cybersecurity of the satellite IoV.

The effectiveness of an authentication system is evaluated by the first-order errors along with the second-order errors. In cybersecurity, the first-order error is associated with the denial of access to the system to an authorized user. This can be caused by various destructive effects on the satellite IoV. A special place among the destructive impacts of a natural character on LOSI systems is occupied by interferences in the communication channel, which are caused by inhomogeneities of the ionosphere of northern latitudes [17]. As a result, when data are exchanged between the OBU and the satellite RSU, received messages will contain error bursts that distort the transmitted data.

The goal of the paper is to develop a ZKAP based on a noise-resistant modular code, the application of which will simultaneously improve the imitation resistance to spoofing and the noise resistance of IoV.

In order to achieve this goal, the paper considers a solution that allows for simultaneously counteracting such destructive effects of anthropogenic and natural characters. The basis of this solution is a zero-knowledge authentication protocol based on a modular polyalphabetic polynomial code. At the same time, the integration of the theory of noise resistance and the theory of construction of redundant modular codes allowed for developing an algorithm for the correction of error bursts arising from interference. The scientific novelty of the developed protocol consists in the fact that one redundant MPPC is used instead of using two codes (arithmetic and error-correction ones) in order to solve the problems of increasing the level of cybersecurity and noise resistance of satellite IoV. In this case, the use of a single algebraic system will simultaneously reduce the probabilities of first- and second-order errors. As a result, the cybersecurity of satellite IoV will be improved.

The new scientific results of this paper are

• ZKAP based on modular polyalphabetic polynomial codes. The use of MPPC codes allows for reducing the time needed for satellite authentication due to parallel computations. Thus, a rogue satellite has less time to guess the prover’s signal. As a result, the probability of a rogue satellite being granted a communication session is reduced and the imitation resistance of the satellite IoV is increased.
• A new algorithm for error correction in redundant MPPC that has less time to locate and correct errors that occur due to interference in the data exchange between the prover and the verifier.
• A new algorithm for computing redundant residues for the noise-resistant MPPC, which has minimal time overhead compared to previously known residue tuple expansion algorithms.

The structure of the paper is as follows. Section 2 presents an analysis of the works on the cybersecurity of VANET. Section 3 shows the principles of organization of computations in a modular polyalphabetic polynomial code and presents the implementation of the ZKAP based on MPPC. Section 4 describes the developed algorithms of error bursts correction and bases expansion in a modular polyalphabetic polynomial code. Section 5 summarizes the results of the evaluation of the effectiveness of the cybersecurity of satellite IoV due to the developed noise-resistant ZKAP based on MPPC.

2. Related Works

However, although IoV networks are becoming an important component of traffic safety in smart cities, the problem of cybersecurity is far from being solved. This is due to the fact that VANET uses an open broadband radio channel for data exchange. This contributes to the presence of a large number of cyberattacks, which can be categorized into several groups. The first group includes attacks on availability. The description of Denial-of-Service (DOS) attacks as well as methods for counteracting them are presented in [18]. One of the effective ways to disrupt data exchange between OBUs and RSUs is jamming. The paper [19] provides descriptions of jammers and also presents methods for counteracting them.

To effectively utilize IoV technologies, the problem of privacy breaches must also be addressed. In [20], a rather detailed analysis of the main attacks on vehicle privacy as well as solutions to this problem is presented. Thus, both cryptographic methods [21] and noise techniques [22] are used against eavesdropping and traffic analysis.

Nowadays, there has been an increase in the number of privacy attacks related to revealing the current location of a vehicle or tracking its trajectory. The main approach to ensuring the privacy of vehicle owners when using local-based services (LBSs) is based on the concept of k-anonymity. In order to implement k-anonymity, ref. [23] proposes creating groups in which all users have similar profile attributes. The use of clustering techniques can also improve the resilience to privacy attacks. In this case, vehicles are grouped into clusters according to some set of rules. In each cluster, a clusterhead (CH) is selected to communicate between clusters. In [2], in order to provide stable confidential communication with clusters, the locations of the CH must be precisely determined. To solve this problem effectively, the authors propose using a Back Propagation Neural Network (BPNN) combined with the distributed gradient incidence method. Also, to ensure privacy, pseudonyms are proposed in [24].

In order to ensure privacy in vehicle-to-vehicle communication in VANET, a number of works propose the use of reputation management schemes. Reputation schemes allow the information source to provide more efficient confidential data transmission. In [25], the application of a reputation management scheme in cloud-based vehicular networks is discussed. Currently, reputation updates are performed by a trusted authority (TA) after collecting, transcribing and verifying a large number of reputation feedbacks, which results in high computational and communication overhead on the part of the TA. To reduce the computational complexity, the authors propose pre-processing the data by a cloud service provider (CSP). Elliptic curves and a homomorphic Paye encryption algorithm are proposed to increase the privacy level. The developed privacy-preserving reputation updating scheme provides the secure privacy preservation of a unique identifier, reputation and vehicle feedback score using cryptographic techniques only.

The problem of privacy assurance in the transmission of emergency messages in VANET through the use of a trust management scheme is considered in [26]. In this paper, a novel cascaded trust cascading-based emergency message dissemination (TCEMD) model is proposed, which effectively combines object-oriented trust values with data-oriented trust evaluation (annotation). According to the TCEMD model, emergency messages are propagated through vehicles that need to trust each other. To fulfill this condition, trust certificates are currently applied, which are issued to each vehicle by a centralized authority (CA). A PKI scheme is used to obtain the certificate of trust, and each emergency message is signed with the electronic digital signature of the legal vehicle.

The Space-Air-Ground Integrated Network (SAGIN) allows for extending the application of IoV and improving the performance of transportation networks. Several trust management schemes have been developed for SAGIN [27,28]. However, they did not ensure privacy preservation, as an intruder could easily tie the reputation score of each vehicle to reveal the confidentiality of its location. The privacy-preserving trust management (PPTM) scheme presented in [29] addresses this drawback. The proposed scheme preserves the privacy of vehicles in emergency signaling by utilizing reputation certificates. For this purpose, the reputation certificate is periodically issued by the trust center and signed with the secret key of the electronic digital signature of the legal vehicle.

The development of solutions of counterattacks on integrity threats in VANET is also an urgent task. As a rule, digital signatures are used to solve this problem. Thus, counteraction to masquerading attacks, in which the intruder uses the ID and password of a legitimate user, is considered in [30]. Message tampering attacks are used by the intruder to force the owners to change the traffic route. These attacks and countermeasures against them are discussed in [31,32].

Among cyberattacks on IoV, attacks on authentication occupy a special place. Therefore, the issues of OBU and RSU authentication are given great attention. Let us consider the main methods of authentication, the use of which in VANET can reduce the effectiveness of such attacks. It is known that authentication protocols can be conducted using symmetric or asymmetric encryption systems [33]. Interest in the use of symmetric ciphers in authentication protocols is justified by the fact that the procedure of the prover’s authentication (OBU or RSU) is required to have minimal time costs. It is this parameter that plays an essential role in ensuring traffic safety in conditions of high traffic flow intensity. In [34,35], it is proposed to use the lightweight symmetric cryptography algorithm TESLA. Since this protocol uses a keyed hash function, the authentication process does not require significant computational resources. In [36], a lightweight and efficient authentication scheme (LESPP) was developed for authentication in VANET. The symmetric encryption of the message authentication code (MAC) is proposed for recognizing OBUs and RSUs. In [37], the work of a decentralized and scalable privacy-preserving authentication scheme (DSPA) is described. The operation of this scheme is based on symmetric hash-based message authentication code (HMAC) authentication. In [38], it is proposed to use an LIAP (Lightweight Identity Authentication Protocol) for transport authentication. In this protocol, the secret key is generated based on the concatenation of the vehicle account identifier and the owner’s password. Despite the relatively low computational and time costs, these authentication methods have the disadvantage that each vehicle must have its own secret key. The main disadvantage of authentication protocols using symmetric encryption systems is the problem of delivering secret keys to OBUs and RSUs and preventing unauthorized access to them by intruders.

In addition to symmetric ciphers, asymmetric encryption methods are also used in VANET authentication methods. Most of these methods use public key encryption systems (PKI) [39,40]. The main disadvantage of these methods is the significant time cost of authenticating an OBU or RSU. This has a negative impact on traffic safety in conditions of high traffic flow intensity. Authentication methods based on an identity-based batch authentication scheme [41,42] allow for reducing the time cost of authentication in VANET compared to PKI. The works [43,44,45] consider the use of digital signatures for authentication in VANET. In [44,45], the authors propose using a group signature. The advantage of this solution is that any group of vehicle owners, using their secret keys, can quite easily generate a collective public key.

Let us consider the authentication methods that are currently used in the systems of “friend-or-foe” identification. The paper [46] describes the operation of a portable identification system on the battlefield, which contains standard VHF radio communications for signal transmission, interfaced via portable computers with laser rangefinders and receivers of the Navstar space radio-navigation system. The identification process lasts no more than two seconds, and information can be requested about a specific target or all of its forces and means located within a given area with a radius of up to 5000 m. The range of the system is up to 35 km, and the probability of correct identification is at least 0.95.

The paper [47] describes the operation of a civil aircraft identification system that uses the frequency-time coding method. To recognize the identity of an airplane, a requestor transmits three radio pulses of a predetermined shape at a predetermined time interval τ1. A responder located on the airplane receives the signal and determines the time interval τ1. Then, the responder, depending on the value of τ1, generates three radio signals with time interval τ2. At the same time, the first signal is modulated by the FAM frequency. Depending on the value of τ1, the responder can generate 36 different signals. As a result, this recognition system has low imitation resistance. The probability of the correct imitation of the responder’s signal is 0.028.

The identification system described in [48] has a higher imitation resistance. This system uses a table containing N = 911 variants of the responder’s signals. Each day, the codes of the request signal are selected. Each of these codes is matched with one of the 16 possible response signal codes. This mode of operation reduces the probability of an intruder imitating the “friend” signal to 0.005.

Summarizing the conducted analysis of works, we can draw the following conclusions. First, the methods currently used for aircraft authentication cannot be applied because they have low imitation resistance against guessing the responder’s signal. Second, the main constraint that prevents the use of the above methods for the authentication of the satellite RSU is the need for the periodic replacement of secret keys. One solution to this problem is to create a sufficiently large database of secret keys to be placed on the satellite. However, in the event of a fall or the removal of the satellite from orbit, an intruder can capture the secret keys. This will negatively affect the imitation resistance of the satellite IoV. The second solution to the problem is the daily transmission of secret keys of OBUs and RSUs over a closed communication channel, but it requires the additional use of encryption hardware. This, in turn, also requires the use of periodically changed secret keys.

This issue can be solved by using zero-knowledge authentication protocols (ZKAP). These protocols have high cryptographic strength, which is achieved even without the use of symmetric and asymmetric encryption methods [33]. However, these protocols have drawbacks. First, to provide high cryptographic strength to the process of guessing the correct prover’s signal, these protocols use large prime numbers Q, which increases the verification time. As a result, the attacker has additional time to guess the correct prover’s signal. This leads to a decrease in the imitation resistance of the satellite system. Second, the issues of noise resistance in such protocols have not been considered. These problems can be solved by implementing the zero-knowledge authentication protocol on the basis of modular codes. Parallel computations performed in the residues of modular codes will reduce the time needed to authenticate the prover without reducing the cryptographic strength. This will address the first drawback of ZKAP. The independent processing of data on the bases of the code is the basis for detecting and correcting errors that occur during transmission over the communication channel due to interference. This property of codes will allow for eliminating the second disadvantage of ZKAP.

Therefore, the development of a noise-resistant authentication protocol that utilizes polynomial modular coding and improves the cybersecurity of satellite IoV is an urgent task.

The aim of the work is to increase the cybersecurity of satellite IoV by using the authentication protocol MPPC. The application of a modular polyalphabetic polynomial code allows for reducing the first-order error due to the correction of signal distortions caused by interference, as well as reducing the second-order error by increasing the speed of the authentication of the satellite RSU.

3. Development of an Imitation-Resistant Zero-Knowledge Authentication Protocol Based on an MPPC

Modular codes that are used for computations are of two kinds. These are modular polyalphabetic codes of the reside number system (RNS) [49,50] and modular polyalphabetic polynomial codes [50,51,52]. To organize calculations in the modular polyalphabetic polynomial code, it is necessary to take a set of k irreducible polynomials $m_1(x),\hspace{0.17em}\hspace{0.17em}{m}_2(x),\hspace{0.17em}\hspace{0.17em}\dots ,\hspace{0.17em}\hspace{0.17em}{m}_k(x)$, whose degrees satisfy (1):

$$\mathrm{deg}{m}_1(x)\le \mathrm{deg}{m}_2(x)\le \hspace{0.17em}\dots \hspace{0.17em}\le \mathrm{deg}{m}_k(x).$$

(1)

These polynomials form a set of informational bases. To obtain the MPPC combination, it is necessary to represent the binary code $U=u_{n-1}{2}^{n-1}+u_{n-2}{2}^{n-2}+\dots +u_1{2}^1+u_0{2}^0$ of a number in polynomial form. In this case, the degrees of two are replaced by the corresponding degrees of the variable x. As a result, we obtain the polynomial $U(x)=u_{n-1}{x}^{n-1}+u_{n-2}{x}^{n-2}+\dots +u_1{x}^1+u_0{x}^0$. For example, a binary code U = 110101₂ is $U(x)=x^5+x^4+x^2+1$ in the polynomial form. In this case, the polynomial $U(x)$ can be represented with k residues:

$$U(x)=(U_1(x),\hspace{0.17em}\dots ,\hspace{0.17em}{U}_k(x)),$$

(2)

where $U(x)\equiv U_i(x)\mathrm{mod}{m}_i(x)$; and $i=1,\dots ,k$.

It is clear from (2) that each residue of the modular code has its own alphabet, which is given by the corresponding base. Therefore, this code is referred to as the polyalphabetic code. The chosen set of bases determines the operating range of MPPC:

$$M_k(x)={\displaystyle \prod _{i=1}^k{m}_i(x)}.$$

(3)

The following condition must be satisfied in order for the combination $U(x)=(U_1(x),\hspace{0.17em}\dots ,\hspace{0.17em}{U}_k(x))$ to be considered allowed:

$$\mathrm{deg}{M}_k(x)>\mathrm{deg}U(x),$$

(4)

where $\mathrm{deg}U(x)$ is a degree of $U(x)$.

Since the irreducible polynomials $m_1(x),\hspace{0.17em}\hspace{0.17em}{m}_2(x),\hspace{0.17em}\hspace{0.17em}\dots ,\hspace{0.17em}\hspace{0.17em}{m}_k(x)$ are defined in GF(2), the modular operations of addition (subtraction) modulo two and multiplication [51,52] are performed in parallel using MPPC. Then, the following equality holds:

$$C(x)=U(x)\circ Y(x)=(C_1(x),\hspace{0.17em}\dots ,\hspace{0.17em}{C}_k(x))=({\left|U_1(x)\circ Y_1(x)\right|}_{m_1(x)},\dots ,{\left|U_k(x)\circ Y_k(x)\right|}_{m_k(x)})$$

(5)

where $\circ$ is one of modular operations; $Y(x)\equiv Y_i(x)\mathrm{mod}{m}_i(x)$; $C(x)\equiv C_i(x)\mathrm{mod}{m}_i(x)$; $\mathrm{deg}{M}_k(x)>\mathrm{deg}C(x)$; and $i=1,\dots ,k$.

Expression (5) clearly shows all the advantages of modular codes:

• the ability to perform parallel computations, which can improve the performance of computing devices;
• the independence of the execution of modular operations over bases, which can be used to correct errors occurring in the process of calculations.

The ability to perform parallel computations with low-bit residues has been used to create specialized real-time computing devices, such as special processors for digital signal processing [53,54], digital filters [55,56,57], encryption systems [58], neural networks [59,60,61] and cloud data storage [62].

One of the promising directions of the application of modular codes is zero-knowledge authentication protocols. The analysis of the most known protocols such as Fiat–Shamir (FS), Feige–Fiat–Shamir (FFS), Schnorr, Guillou–Quisquater and Okamoto showed that they are based on modular operations. This property of the protocols was the beginning of their implementation based on modular polyalphabetic codes of the residual number system [63,64]. Obviously, the transition to parallel computing allowed for reducing the time cost of the authentication of the prover, but it could not completely eliminate the disadvantages of these protocols. Thus, FS and FFS protocols require large time expenditures for the prover’s authentication. This is due to the fact that they have several rounds of authentication [33]. The Schnorr, Guillou–Quisquater and Okamoto protocols, which perform authentication in one round, are devoid of this drawback. However, they also have a significant disadvantage that does not allow for their application in satellite IoV. This is the use of public and secret keys for authentication in ZKAP. In this case, the public keys must be stored in the OBU’s memory of the vehicles. Secret keys should be delivered on board the satellite RSUs. In this case, under an effective attack on the key exchange (interception of the secret key during its delivery on board the spacecraft), ZKAP will lose its cryptographic strength. As a result, destructive actions on the part of a rogue satellite will have a sufficiently high success rate and lead to a decrease in the cybersecurity of the entire IoV system.

The keyless ZKAP, which is given in [65], is devoid of this drawback. Its advantages include one round of authentication without using secret and public keys. However, this protocol has another drawback. To ensure the high imitation resistance of the protocol, all computations are performed on a large modulus S. This leads to an increase in the time cost of the authentication procedure. So, when a rogue satellite authenticates, it has a longer time interval during which it can guess the correct response to the request from the verifier. As a result, the probability that this rogue satellite will be allowed to access the communication channel increases. This leads to a decrease in IoV’s cybersecurity.

This disadvantage can be eliminated if we implement computations using modular polyalphabetic polynomial codes. The choice of MPPC for the implementation of ZKAP is caused by the fact that codes of the residue number system have a redundancy which negatively affects the hardware and corrective abilities of the code. Thus, when using the number p = 17 as the base, the largest residue is 16. This is the only five-bit residue. The remaining 15 options from 10001₂ = 17 to 11111₂ = 31 are not involved. This disadvantage is not present in MPPC. To provide cryptographic strength not lower than in [65], it is necessary to represent a prime number S as a polynomial $S(x)$. Then, a tuple of irreducible polynomials $m_1(x),\hspace{0.17em}\hspace{0.17em}{m}_2(x),\hspace{0.17em}\hspace{0.17em}\dots ,\hspace{0.17em}\hspace{0.17em}{m}_k(x)$ is chosen. Then, the operating range is defined using (3). Moreover, the following condition should be satisfied:

$$\mathrm{deg}{M}_k(x)>\mathrm{deg}S(x).$$

(6)

The developed ZKAP based on MPPC consists of two stages. The preliminary stage of the protocol is required to obtain secret parameters from the Certificate Authority (CA). Such parameters are a set of k irreducible polynomials, K (the secret key of the satellite RSU), the number D used to generate the session key $D(n)$ and the number L used to generate the verification argument $L(n)$ of the session key reuse, where n is the authentication session number:

$$\begin{array}{l}CA\to SRSU:\hspace{0.17em}\left\{m_1(x),\dots ,\hspace{0.17em}{m}_k(x),\hspace{0.17em}x,\hspace{0.17em}K,\hspace{0.17em}D,\hspace{0.17em}L\right\}\\ CA\to OBU:\hspace{0.17em}\left\{m_1(x),\dots ,\hspace{0.17em}{m}_k(x),\hspace{0.17em}x\right\}\end{array}$$

(7)

where x is a generator for the multiplicative group.

The first part of the operational stage of the authentication protocol contains the following steps.

Step 1.1 of the developed authentication protocol is devoted to the computation of $D(n)$ and $L(n)$. For this purpose, a pseudorandom function generator is used, which is based on the method presented in [66]:

$$D_i(n)={\left|x^{\frac{1}{D(n-1)+K}}\right|}_{M_k(x)}, L_i(n)={\left|x^{\frac{1}{L(n-1)+K}}\right|}_{M_k(x)},$$

(8)

where $M_k(x)$ is the operating range of the code.

K, $D(n)$ and $L(n)$ are then split into blocks:

$$K=(K_1||\hspace{0.17em}\dots ||\hspace{0.17em}{K}_k), D(n)=(D_1(n),\hspace{0.17em}\dots ,\hspace{0.17em}{D}_k(n)), L(n)=(L_1(n),\hspace{0.17em}\dots ,\hspace{0.17em}{L}_k(n)),$$

(9)

where ${\log }_2{K}_i<\mathrm{deg}{m}_i(x)$; and $i=1,\dots ,k$.

At Step 1.2 of the protocol, the true digest of the satellite RSU is computed. The computations are performed in parallel on the MPPC bases. x is chosen as the generator.

$$SRSU:\hspace{0.17em}\hspace{0.17em}{U}_i^n(x)=x^{K_i}{x}^{D_i(n)}{x}^{L_i(n)}\mathrm{mod}{m}_i(x),$$

(10)

where $i=1,\dots ,k$.

The result is written to the memory as a combination $U^n(x)=(U_1^n(x),\hspace{0.17em}{U}_2^n(x),\hspace{0.17em}\dots ,\hspace{0.17em}{U}_k^n(x))$.

At Steps 1.3–1.4 of the protocol, K, $D(n)$ and $L(n)$ are distorted. For this purpose, a set of random residues is generated. They satisfy the following condition:

$$SRSU:\hspace{0.17em}\left\{\Delta K_i(n),\hspace{0.17em}\Delta D_i(n),\hspace{0.17em}\Delta L_i(n)\right\}<W_i,$$

(11)

where $W_i=2^{\mathrm{deg}{m}_i(x)}-1$; $i=1,\dots ,k$.

Then, a distortion of the secret parameters is performed:

$$SRSU:\left\{\begin{array}{l}{\widehat{K}}_i(n)=(K_i+\Delta K_i(n))\mathrm{mod}{W}_i\\ {\widehat{D}}_i(n)=(D_i(n)+\Delta D_i(n))\mathrm{mod}{W}_i\\ {\widehat{L}}_i(n)=(L_i(n)+\Delta L_i(n))\mathrm{mod}{W}_i\end{array}\right.$$

(12)

where $i=1,\dots ,k$.

At Step 1.5 of the protocol, the distorted digest of the satellite RSU is computed. The calculations are performed in parallel on bases of MPPC using the distorted parameters.

$$SRSU:{\widehat{U}}_i^n(x)=x^{{\widehat{K}}_i(n)}{x}^{{\widehat{D}}_i(n)}{x}^{{\widehat{L}}_i(n)}\mathrm{mod}{m}_i(x).$$

(13)

The result in a form of ${\widehat{U}}^n(x)=({\widehat{U}}_1^n(x),{\widehat{U}}_2^n(x),\dots ,{\widehat{U}}_k^n(x))$ is written to the memory.

Let us consider the second part of the operational stage of the developed authentication protocol. At Step 2.1 of the protocol, when the satellite RSU appears in the line of sight of the receiving device located on the vehicle, the OBU generates a set of random residues $V(n)=(V_1(n),\hspace{0.17em}\dots ,\hspace{0.17em}{V}_k(n))$. This combination is a request that is transmitted to the satellite RSU.

At Steps 2.2–2.3 of the protocol, the satellite RSU starts to compute the responses. The RSU’s secret parameters and the request are involved in the calculation of responses.

$$\begin{array}{l}{Y}_i^1(n)=({\widehat{K}}_i(n)-V_i(n)K_i)\mathrm{mod}{W}_i,\\ Y_i^2(n)=({\widehat{D}}_i(n)-V_i(n)D_i(n))\mathrm{mod}{W}_i,\\ Y_i^3(n)=({\widehat{L}}_i(n)-V_i(n)L_i(n))\mathrm{mod}{W}_i.\end{array}$$

(14)

The obtained results $\left\{(Y_1^1(n),\hspace{0.17em}\dots ,\hspace{0.17em}{Y}_k^1(n)),\hspace{0.17em}(Y_1^2(n),\hspace{0.17em}\dots ,\hspace{0.17em}{Y}_k^2(n)),\hspace{0.17em}(Y_1^3(n),\hspace{0.17em}\dots ,\hspace{0.17em}{Y}_k^3(n))\right\}$ are used to generate the response signal of the satellite RSU. This signal contains two digests and three responses represented in the MPPC. The signal is transmitted to the OBU.

$$RSU\to OBU: \hspace{0.17em}(U_i^n(x)||{\widehat{U}}_i^n(x)||Y_i^1(n)||Y_i^2(n)||Y_i^3(n)).$$

(15)

At Step 2.4 of the protocol, the OBU located on the vehicle performs a check of the received signal from the satellite RSU. The computation involves the true digest, three responses, and the request.

$$OBU:\hspace{0.17em}\hspace{0.17em}{A}_i^n(x)=\left(U_i^n{(x)}^{V_i(n)}{x}^{Y_i^1(n)}{x}^{Y_i^2(n)}{x}^{Y_i^3(n)}\right)\mathrm{mod}{m}_i(x).$$

(16)

If the calculation results match the distorted digest ($A_i^n(x)={\widehat{U}}_i^n(x)$), the OBU decides that the satellite RSU is legitimate. Then, the data exchange between the OBU and RSU starts.

4. Development of an Algorithm for Error Burst Correction and Bases Expansion in a Modular Polyalphabetic Polynomial Code

The independence of the execution of modular operations on a code’s bases became a trigger for using modular codes when creating fault-tolerant computing devices. For this purpose, redundant bases are introduced. In [51], a proof is presented, showing that the introduction of a single redundant base $m_{k+1}(x)$ in the MPPC allows for detecting the presence of a one-time error. In modular codes, a one-time error means the distortion of one residue in a combination. The introduction of a second redundant base $m_{k+2}(x)$ allows for correcting a one-time error [50,51]. For this purpose, the redundant bases are chosen from the following condition:

$$\mathrm{deg}(m_{k+1}(x)m_{k+2}(x))\ge \mathrm{deg}(m_{k-1}(x)m_k(x)).$$

(17)

In this case, there is an increase in the length of the combination:

$$U(x)=(U_1(x),\hspace{0.17em}\dots ,\hspace{0.17em}{U}_k(x),\hspace{0.17em}{U}_{k+1}(x),\hspace{0.17em}{U}_{k+2}(x)).$$

(18)

There is also an expansion of the code range:

$$M_{k+2}(x)={\displaystyle \prod _{i=1}^{k+2}{m}_i(x)}=M_k(x)m_{k+1}(x)m_{k+2}(x).$$

(19)

For a redundant combination $U(x)=(U_1(x),\hspace{0.17em}\dots ,\hspace{0.17em}\hspace{0.17em}{U}_{k+2}(x)).$ to be considered allowed, the following condition must be satisfied:

$$\mathrm{deg}U(x)<\mathrm{deg}{M}_k(x).$$

(20)

If condition (20) is violated, it means that the combination of MPPC has an erroneous residue. This is proved by the Chinese Remainder Theorem for polynomials (CRTP). This theorem is used to perform conversion from a modular code to a positional code:

$$U(x)={\left|{\displaystyle \sum _{i=1}^{k+2}{U}_i(x)B_i(x)}\right|}_{M_{k+2}(x)}={\left|U_1(x)B_1(x)+\dots +U_{k+2}(x)B_{k+2}(x)\right|}_{M_{k+2}(x)},$$

(21)

where $B_i(x)={\left|P_i^{-1}(x)\right|}_{m_i(x)}{P}_i(x)$ is the i-th orthogonal basis; $P_i(x)=\frac{M_{k+2}(x)}{m_i(x)}$.

Let us suppose an error occurred in the first residue. Its value is equal to $\Delta U_1(x)$, where $\mathrm{deg}\Delta U_1(x)<\mathrm{deg}{m}_1(x)$. Then, the distorted residue will take the following form:

$${\tilde{U}}_1(x)={\left|U_1(x)+\Delta U_1(x)\right|}_{m_1(x)}.$$

(22)

In this case, the distorted combination is of the following form:

$$U(x)=({\tilde{U}}_1(x),\hspace{0.17em}{U}_2(x),\dots ,\hspace{0.17em}\hspace{0.17em}{U}_{k+2}(x)).$$

(23)

Let us use (22):

$$\begin{array}{l}\tilde{U}(x)={\left|{\tilde{U}}_1(x)B_1(x)+U_2(x)B_2(x)+\dots +\hspace{0.17em}{U}_{k+2}(x)B_{k+2}(x)\right|}_{M_{k+2}(x)}\\ ={\left|(U_1(x)+\Delta U_1(x))B_1(x)+U_2(x)B_2(x)+\dots +\hspace{0.17em}{U}_{k+2}(x)B_{k+2}(x)\right|}_{M_{k+2}(x)}\\ ={\left|U_1(x)B_1(x)+U_2(x)B_2(x)+\dots +\hspace{0.17em}{U}_{k+2}(x)B_{k+2}(x)+\Delta U_1(x)B_1(x)\right|}_{M_{k+2}(x)}\\ =U(x)+{\left|\Delta U_1(x)B_1(x)\right|}_{M_{k+2}(x)}.\end{array}$$

(24)

The second summand has a greater degree than the range of allowed combinations $M_k(x)$ since $\mathrm{deg}{M}_k(x)<\mathrm{deg}{B}_1(x)$. This means that condition (20) is violated for the polynomial $\tilde{U}(x)$. All error detection and correction algorithms in modular codes are based on this property.

Since the failure flow is the simplest, redundant modular codes containing two control bases have been mainly used to improve the fault tolerance of computing devices [63,67,68,69,70]. However, modular codes have the ability to correct errors of a higher multiplicity as well. If we introduce 2r bases into the tuple of bases, where r is the multiplicity of the error, $r=1,2,\dots$, then a redundant modular code can correct up to r distorted residues in the combination. This property can be used as a basis for noise-resistant MPPC.

Obviously, the speed of the satellite RSU authentication process depends on the choice of the algorithm for detecting and correcting error bursts. At the same time, this algorithm should provide a simple enough procedure for calculating additional control residues of the modular code. In [50], it is proposed to use the method of projections to find an erroneous residue. Thus, the projection $U^1(x)=(\hspace{0.17em}{U}_2(x),\hspace{0.17em}\dots ,\hspace{0.17em}{U}_{k+r}(x))$ on the first base is obtained from the original combination as a result of removing the first residue. Then, all projections are converted into a positional code to check condition (20). The disadvantage of this method is significant hardware and time costs, since k + r CRTP-based reverse conversion operations must be performed to find and correct the error. In [70], an algorithm for calculating the senior coefficients of the mixed radix system (MRS) is presented. If these coefficients are equal to zero, then the MPPC combination is error-free. However, it is rather difficult to compute additional redundant residues using MRS. In [71], it is suggested to use the interval-index characteristic for error correction. The Chinese Remainder Theorem (CRT) is proposed to compute this positional characteristic, which requires k + r multiplication operations, k + r − 1 addition operations modulo two and one comparison operation. In [72], it is proposed to use the interval estimation of modular code combinations. However, this algorithm has a disadvantage. To obtain the interval estimation of the modular code combination, it is necessary to additionally calculate the rank of a number in the set of informational bases. In this case, when implementing the algorithm [72], it is necessary to perform k + r modular multiplication operations and k + r addition operations modulo two. The paper [73] describes a method of comparing two combinations in a modular code without performing a reverse conversion to a positional code. However, this method only allows for detecting an error in the combination.

In the developed algorithm, orthogonal bases with broken orthogonality on redundant bases are used to detect and correct errors in MPPC. Let k informational bases be defined. Let us perform a CRTP-based reverse conversion of the combination $U(x)=(U_1(x),\hspace{0.17em}\dots ,\hspace{0.17em}{U}_k(x))$ without redundant residues. For this purpose, we use k orthogonal bases, which are defined as

$$B_i(x)={\left|P_i^{-1}(x)\right|}_{m_i(x)}{P}_i(x),$$

(25)

where $P_i(x)=\frac{M_k(x)}{m_i(x)}$; ${\left|P_i^{-1}(x)\right|}_{m_i(x)}$ is the weight of the i-th orthogonal basis; and $i=1,\hspace{0.17em}\dots ,\hspace{0.17em}k$.

The result is a polynomial $U(x)$, for which $\mathrm{deg}U(x)<\mathrm{deg}{M}_k(x)$. Let us represent the orthogonal bases using additional r redundant bases. Then, we have

$$\begin{array}{l}{B}_1^{″}(x)=(1,\hspace{0.17em}0,\hspace{0.17em}0,\hspace{0.17em}\dots ,\hspace{0.17em}0,\hspace{0.17em}{\psi }_{k+1}^1(x),\hspace{0.17em}{\psi }_{k+2}^1(x),\hspace{0.17em}\dots ,\hspace{0.17em}{\psi }_{k+r}^1(x)),\\ B_2^{″}(x)=(0,\hspace{0.17em}1,\hspace{0.17em}0,\hspace{0.17em}\dots ,\hspace{0.17em}0,\hspace{0.17em}{\psi }_{k+1}^2(x),\hspace{0.17em}{\psi }_{k+2}^2(x),\hspace{0.17em}\dots ,\hspace{0.17em}{\psi }_{k+r}^2(x)),\\ ⋮\\ B_k^{″}(x)=(0,\hspace{0.17em}0,\hspace{0.17em}0,\hspace{0.17em}\dots ,\hspace{0.17em}1,\hspace{0.17em}{\psi }_{k+1}^k(x),\hspace{0.17em}{\psi }_{k+2}^k(x),\hspace{0.17em}\dots ,\hspace{0.17em}{\psi }_{k+r}^k(x)),\end{array}$$

(26)

where ${\psi }_j^i(x)\equiv B_i(x)\mathrm{mod}{m}_j(x)$; and $j=k+1,\hspace{0.17em}\dots ,\hspace{0.17em}k+r$.

Let us use the orthogonal bases (26) and implement CRTP-based reverse conversion using informational bases $m_1(x),\hspace{0.17em}\dots ,\hspace{0.17em}{m}_k(x)$. Then, we obtain

$$U(x)={\displaystyle \sum _{i=1}^k{U}_i(x)B_i^{″}(x)\mathrm{mod}{M}_k(x)}.$$

(27)

Then, pairwise products can be represented as

$$\left\{\begin{array}{l}{U}_1(x)B_1^{″}(x)\mathrm{mod}{M}_k(x)=(U_1(x),0,0,\dots ,0,{\gamma }_{k+1}^1(x),\dots ,{\gamma }_{k+r}^1(x)),\\ U_2(x)B_2^{″}(x)\mathrm{mod}{M}_k(x)=(0,\hspace{0.17em}{U}_2(x),0,\dots ,0,{\gamma }_{k+1}^2(x),\dots ,{\gamma }_{k+r}^2(x)),\\ ⋮\\ U_k(x)B_k^{″}(x)\mathrm{mod}{M}_k(x)=(0,\hspace{0.17em}0,\hspace{0.17em}0,\hspace{0.17em}\dots ,\hspace{0.17em}{U}_k(x),{\gamma }_{k+1}^k(x),\dots ,{\gamma }_{k+r}^k(x)),\end{array}\right.$$

(28)

where ${\gamma }_j^i(x)=U_i(x){\psi }_i^i(x)\mathrm{mod}{m}_j(x)$; and $i=1,\hspace{0.17em}\dots ,\hspace{0.17em}k$; $j=k+1,\hspace{0.17em}\dots ,k+\hspace{0.17em}r$.

Let us substitute expressions (28) into equality (27). We obtain

$$\begin{array}{l}U(x)=(U_1(x),\hspace{0.17em}0,\hspace{0.17em}0,\dots ,0,{\gamma }_{k+1}^1(x),\dots ,{\gamma }_{k+r}^1(x))\\ +(0,U_2(x),\hspace{0.17em}0,\dots ,0,{\gamma }_{k+1}^2(x),\dots ,{\gamma }_{k+r}^2(x))+\dots \\ +(0,\hspace{0.17em}0,\hspace{0.17em}0,\dots ,U_k(x),{\gamma }_{k+1}^k(x),\dots ,{\gamma }_{k+r}^k(x)).\end{array}$$

(29)

Since the equality

$$U(x)=(U_1(x),\hspace{0.17em}{U}_2(x),\hspace{0.17em}\dots ,\hspace{0.17em}{U}_k(x))=(U_1(x),\hspace{0.17em}{U}_2(x),\hspace{0.17em}\dots ,\hspace{0.17em}{U}_{k+r}(x))$$

(30)

is true, we can obtain the positional characteristic called the error syndrome from expression (29). In this case, the error syndrome for the redundant combination $U(x)$ can be represented in the form of the following equations:

$$\left\{\begin{array}{l}{\lambda }_1(x)=U_{k+1}(x)+{\left|{\displaystyle \sum _{j=1}^k{\gamma }_{k+1}^j(x)}\right|}_{m_{k+1}(x)},\\ ⋮\\ {\lambda }_r(x)=U_{k+r}(x)+{\left|{\displaystyle \sum _{j=1}^k{\gamma }_{k+r}^j(x)}\right|}_{m_{k+r}(x)}.\end{array}\right.$$

(31)

The analysis of the expression shows that it is sufficient to use only modulo-two multiple-input adders to calculate the error syndrome. We will perform a comparative performance analysis of the developed algorithm for error search and correction with previously known algorithms using Kintex UltraScale FPGA (xcku3p-ffva676-1-e) and Xilinx Vivado-HLS 2018 CAD Xilinx Vivado-HLS. The number of informational bases is k = 4. The number of control bases is r = 2. The irreducible polynomials are represented in an octal number system. In this case, $m_1(x)={103}_8=1000011=x^6+x+1$.

The analysis of

Table 1. Time cost of error correction.

Bases	Algorithm [50]	Algorithm [71]	Algorithm [72]	Developed Protocol
Informational: 103, 127, 133, 141 Redundant: 141, 143	2172 ns	212 ns	222 ns	60 ns

shows that the developed algorithm allows fo 3.5 times faster error correction than algorithm [71], 3.7 times faster error correction than algorithm [72] and 36.2 times faster error correction than algorithm [50]. Thus, the simulation results showed that the developed algorithm requires less time to locate and correct errors in MPPC.

In order to implement a noise-resistant authentication protocol, it is necessary to introduce redundancy into the code combination by expanding the residue tuple before transmitting the signal. This result is obtained by expanding the set of bases. In this case, it is necessary to calculate the residue $U_{k+1}(x)$ on the redundant base $m_{k+1}(x)$ such that

$$U_{k+1}(x)\equiv U(x)\mathrm{mod}{m}_{k+1}(x)$$

(32)

In this case, it is necessary to use the values of informational residues $U(x)=(\hspace{0.17em}{U}_1(x),\hspace{0.17em}{U}_2(x),\hspace{0.17em}\dots ,\hspace{0.17em}{U}_k(x))$ without conversion into a positional code. Obviously, the algorithm for expanding the set of bases in the MPPC should coincide with the algorithm used for error detection and correction. Let us use the developed algorithm, which uses orthogonal bases with broken orthogonality on redundant bases. We will use expressions (29) and (30) to extend the set of bases. Then, the values of the redundant residues are

$$\left\{\begin{array}{l}{U}_{k+1}(x)={\displaystyle \sum _{i=1}^k{\gamma }_{k+1}^i(x)}\mathrm{mod}{m}_{k+1}(x),\hfill \\ ⋮\hfill \\ U_{k+r}(x)={\displaystyle \sum _{i=1}^k{\gamma }_{k+r}^i(x)}\mathrm{mod}{m}_{k+r}(x).\hfill \end{array}\right.$$

(33)

The analysis of expression (33) shows that control residues can be computed in parallel for r redundant bases, using only multiple output adders modulo two for this purpose. The error burst correction (31) and residues expansion (33) algorithms will be used in the developed authentication protocol based on MPPC.

5. Analysis of the Effectiveness of Ensuring Cybersecurity of Satellite IoV with the Developed Noise-Resistant ZKAP

Let two informational bases $m_1(x)=x^5+x^3+1$, $\hspace{0.17em}{m}_2(x)=x^5+x^2+1$ be chosen to implement the developed noise-resistant ZKAP for a satellite VANET system. The range of allowed combinations in MPPC is $M_2(x)=x^{10}+x^8+x^7+x^5+x^3+x^2+1$, so the secret parameters should be less than $2^{10}$. The polynomials $m_3(x)=x^5+x^3+x^2+x+1$, $m_4(x)=x^5+x^4+x^2+x+1$, $m_5(x)=x^5+x^4+x^3+x+1$ and $m_6(x)=x^5+x^4+x^3+x^2+1$ are chosen as redundant bases. The resulting code (30, 10) can correct errors that can occur simultaneously in two residues of the combination. Let us consider the implementation of ZKAP under the influence of interference in the communication channel. The developed algorithms for the error bursts correction and expansion of the set of bases in the MPPC will be used during the execution of the authentication process for the satellite RSU.

Let us consider an execution of the developed ZKAP.

The preliminary stage of the protocol is as follows:

$$CA\to SRSU:\hspace{0.17em}{m}_1(x)=x^5+x^3+1,\hspace{0.17em}\hspace{0.17em}{m}_2(x)=\hspace{0.17em}{x}^5+x^2+1,\hspace{0.17em}\hspace{0.17em}K=325,\hspace{0.17em}\hspace{0.17em}D(0)=408,\hspace{0.17em}\hspace{0.17em}L(0)=878.$$

(34)

$$CA\to SRSU:\hspace{0.17em}{m}_1(x)=x^5+x^3+1,\hspace{0.17em}\hspace{0.17em}{m}_2(x)=\hspace{0.17em}{x}^5+x^2+1.$$

(35)

The generation of the session key $D(n)$ and the parameter $L(n)$, where n = 1, is as follows:

$$D_1(1)={\left|x^{\frac{1}{D(0)+K}}\right|}_{m_1(x)}={\left|x^{\frac{1}{408+325}}\right|}_{m_1(x)}={\left|x^{\frac{1}{20}}\right|}_{m_1(x)}={\left|x^{11}\right|}_{x^5+x^3+1}=01111=15.$$

(36)

$$D_2(1)={\left|x^{\frac{1}{D(0)+K}}\right|}_{m_2(x)}={\left|x^{\frac{1}{408+325}}\right|}_{m_2(x)}={\left|x^{\frac{1}{20}}\right|}_{m_2(x)}={\left|x^{11}\right|}_{x^5+x^2+1}=00111=7.$$

(37)

$$L_1(1)={\left|x^{\frac{1}{L(0)+K}}\right|}_{m_1(x)}={\left|x^{\frac{1}{878+325}}\right|}_{m_1(x)}={\left|x^{\frac{1}{25}}\right|}_{m_1(x)}={\left|x^6\right|}_{x^5+x^3+1}=10010=18.$$

(38)

$$L_2(1)={\left|x^{\frac{1}{L(0)+K}}\right|}_{m_2(x)}={\left|x^{\frac{1}{878+325}}\right|}_{m_2(x)}={\left|x^{\frac{1}{25}}\right|}_{m_2(x)}={\left|x^6\right|}_{x^5+x^2+1}=01010=8.$$

(39)

The representation as a modular code is as follows:

$$SRSU:\hspace{0.17em}\hspace{0.17em}\hspace{0.17em}K=325=0101000101=(10,\hspace{0.17em}5),\hspace{0.17em}D(1)=(15,\hspace{0.17em}7),\hspace{0.17em}L(1)=(18,\hspace{0.17em}10).$$

(40)

The computation of the SRSU’s true digest in the MPPC is as follows:

$$SRSU:U_1^1(x)={\left|x^{K_1}{x}^{D_1(1)}{x}^{L_1(1)}\right|}_{m_1(x)}={\left|x^{10}{x}^{15}{x}^{18}\right|}_{m_1(x)}=x^4+x^3+x^2+x=11110=30.$$

(41)

$$SRSU:U_2^1(x)={\left|x^{K_2}{x}^{D_2(1)}{x}^{L_2(1)}\right|}_{m_2(x)}={\left|x^5{x}^7{x}^{10}\right|}_{m_2(x)}=x^4+x^2+1=10101=25.$$

(42)

The selection of numbers for the distortion of secret parameters is as follows:

$$SRSU:\left\{\Delta K(1)=(3,\hspace{0.17em}7),\hspace{0.17em}\Delta D(1)=(10,\hspace{0.17em}8),\hspace{0.17em}\Delta L(1)=(15,\hspace{0.17em}11)\right\}<W,\hspace{0.17em}\hspace{0.17em}W=2^5-1=31.$$

(43)

The distortion of secret parameters of the protocol is as follows:

$$\begin{array}{l}SRSU:{\widehat{K}}_1(1)={\left|K_1+\Delta K_1(1)\right|}_W={\left|10+3\right|}_{31}=13,{\widehat{K}}_2(1)={\left|K_2+\Delta K_2(1)\right|}_W=12.\\ SRSU:{\widehat{D}}_1(1)={\left|D_1(1)+\Delta D_1(1)\right|}_W={\left|15+10\right|}_{31}=25,{\widehat{D}}_2(1)={\left|D_2(1)+\Delta D_2(1)\right|}_W=15.\\ SRSU:{\widehat{L}}_1(1)={\left|L_1(1)+\Delta L_1(1)\right|}_W={\left|18+15\right|}_{31}=2,{\widehat{L}}_2(1)={\left|L_2(1)+\Delta L_2(1)\right|}_W=21.\end{array}$$

(44)

The computation of the SRSU’s distorted digest in the MPPC is as follows:

$$\begin{array}{l}SRSU:{\widehat{U}}_1^1(x)={\left|x^{{\widehat{K}}_1(n)}{x}^{{\widehat{D}}_1(n)}{x}^{{\widehat{L}}_1(n)}\right|}_{m_1(x)}={\left|x^{13}{x}^{25}{x}^2\right|}_{m_1(x)}=x^4+x^3+x^2+1=11101=29.\\ SRSU:{\widehat{U}}_2^1(x)={\left|x^{{\widehat{K}}_2(n)}{x}^{{\widehat{D}}_2(n)}{x}^{{\widehat{L}}_2(n)}\right|}_{m_2(x)}={\left|x^{12}{x}^{15}{x}^{21}\right|}_{m_2(x)}=x^4+x+1=10001=19.\end{array}$$

(45)

The selection of the request and its transmission to the SRSU are as follows:

$$\begin{array}{l}OBU:V(1)=107=1101011=\left(x^3,\hspace{0.17em}{x}^2,\hspace{0.17em}{x}^4+x^3+x,\hspace{0.17em}{x}^2+1,\hspace{0.17em}{x}^4+x^3+x^2+1,\hspace{0.17em}{x}^4+1\right)\\ =\left(01000,\hspace{0.17em}00100,\hspace{0.17em}11010,\hspace{0.17em}00101,\hspace{0.17em}11101,\hspace{0.17em}10001\right)=(8,\hspace{0.17em}4,\hspace{0.17em}27,\hspace{0.17em}5,\hspace{0.17em}29,\hspace{0.17em}17).\\ OBU\to SRSU:V(1)=(8,\hspace{0.17em}4,\hspace{0.17em}27,\hspace{0.17em}5,\hspace{0.17em}29,\hspace{0.17em}17).\end{array}$$

(46)

The translation is performed using a PC-MPPC converter.

The error-checking for the request is as follows:

$$\begin{array}{l}{\left|V_1(1)B_1(x)\right|}_{M_2(x)}+{\left|V_2(1)B_2(x)\right|}_{M_2(x)}=\left(x^3,\hspace{0.17em}0,\hspace{0.17em}{x}^3+x^2,\hspace{0.17em}{x}^3+1,\hspace{0.17em}{x}^2+x,\hspace{0.17em}{x}^3+x^2+x\right)\\ +\left(0,\hspace{0.17em}{x}^2,\hspace{0.17em}{x}^4+x^2+x,\hspace{0.17em}{x}^3+x^2,\hspace{0.17em}{x}^4+x^3+x+1,\hspace{0.17em}{x}^4+x^3+x^2+x+1\right)=\\ =\left(x^3,\hspace{0.17em}{x}^2,\hspace{0.17em}{x}^4+x^3+x,\hspace{0.17em}{x}^2+1,\hspace{0.17em}{x}^4+x^3+x^2+1,\hspace{0.17em}{x}^4+1\right)=(8,\hspace{0.17em}4,\hspace{0.17em}26,\hspace{0.17em}5,\hspace{0.17em}29,\hspace{0.17em}17).\end{array}$$

(47)

$${\lambda }_1(x)=U_3(x)+{\left|{\displaystyle \sum _{j=1}^2{\gamma }_3^j(x)}\right|}_{m_3(x)}=(x^4+x^3+x)+(x^4+x^3+x)=0.$$

(48)

$${\lambda }_2(x)=U_4(x)+{\left|{\displaystyle \sum _{j=1}^2{\gamma }_4^j(x)}\right|}_{m_4(x)}=(x^2+1)+(x^2+1)=0.$$

(49)

$${\lambda }_3(x)=U_5(x)+{\left|{\displaystyle \sum _{j=1}^2{\gamma }_5^j(x)}\right|}_{m_5(x)}=(x^4+x^3+x^2+1)+(x^4+x^3+x^2+1)=0.$$

(50)

$${\lambda }_4(x)=U_6(x)+{\left|{\displaystyle \sum _{j=1}^2{\gamma }_6^j(x)}\right|}_{m_6(x)}=(x^4+1)+(x^4+1)=0.$$

(51)

The error syndrome is zero. So, the request does not contain an error.

The calculation of the SRSU’s responses to the request is as follows:

$$Y_1^1(1)=({\widehat{K}}_1(1)-V_1(1)K_1(1))\mathrm{mod}(2^5-1)={\left|13-8\times 10\right|}_{31}={\left|-5\right|}_{31}=26.$$

(52)

$$Y_2^1(1)=({\widehat{K}}_2(1)-V_2(1)K_2(1))\mathrm{mod}(2^5-1)={\left|12-4\times 5\right|}_{31}={\left|-8\right|}_{31}=23.$$

(53)

$$Y_1^2(1)=({\widehat{D}}_1(1)-V_1(1)D_1(1))\mathrm{mod}(2^5-1)={\left|25-8\times 15\right|}_{31}={\left|-2\right|}_{31}=29.$$

(54)

$$Y_2^2(1)=({\widehat{D}}_2(1)-V_2(1)D_2(1))\mathrm{mod}(2^5-1)={\left|15-4\times 7\right|}_{31}={\left|-13\right|}_{31}=18.$$

(55)

$$Y_1^3(1)=({\widehat{L}}_1(1)-V_1(1)L_1(1))\mathrm{mod}(2^5-1)={\left|2-8\times 18\right|}_{31}={\left|-18\right|}_{31}=13.$$

(56)

$$Y_2^3(1)=({\widehat{L}}_2(1)-V_2(1)L_2(1))\mathrm{mod}(2^5-1)={\left|21-4\times 10\right|}_{31}={\left|-19\right|}_{31}=12.$$

(57)

The calculation of redundant residues for the response signal generation is as follows:

$$\begin{array}{l}{\left|U_1^1(x)B_1(x)\right|}_{M_2(x)}=\left(11110,\hspace{0.17em}0\hspace{0.17em},\hspace{0.17em}01111,\hspace{0.17em}11111,\hspace{0.17em}01010,\hspace{0.17em}00101\right).\\ {\left|U_2^1(x)B_2(x)\right|}_{M_2(x)}=\left(0,\hspace{0.17em}10101,\hspace{0.17em}11000,\hspace{0.17em}10110,\hspace{0.17em}00101,\hspace{0.17em}10111\right).\end{array}$$

(58)

The application the algorithm for the expansion of the set of bases (33) is as follows:

$$U_3^1(x)=01111+11000=10111={23}_{10}.$$

(59)

$$U_4^1(x)=11111+10110=01001=9_{10}.$$

(60)

$$U_5^1(x)=01010+00101=01111={15}_{10}.$$

(61)

$$U_6^1(x)=00101+10111=10010={18}_{10}.$$

(62)

Then, the SRSU’s true digest is of the form $U^1(x)=(30,\hspace{0.17em}21,\hspace{0.17em}23,\hspace{0.17em}9,\hspace{0.17em}15,\hspace{0.17em}18)$.

The SRSU’s distorted digest is ${\widehat{U}}^1(x)=(29,\hspace{0.17em}19,\hspace{0.17em}16,\hspace{0.17em}5,\hspace{0.17em}31,\hspace{0.17em}24)$.

The responses are

$$Y^1(1)=(26,\hspace{0.17em}23,\hspace{0.17em}14,\hspace{0.17em}7,\hspace{0.17em}0,\hspace{0.17em}24).$$

(63)

$$Y^2(1)=(29,\hspace{0.17em}18,\hspace{0.17em}2,\hspace{0.17em}6,\hspace{0.17em}23,\hspace{0.17em}14).$$

(64)

$$Y^3(1)=(13,\hspace{0.17em}12,\hspace{0.17em}31,\hspace{0.17em}14,\hspace{0.17em}5,\hspace{0.17em}27).$$

(65)

The response signal is transmitted to the OBU.

Let us suppose that the error distorts the first residue of the SRSU’s true digest. ${\tilde{U}}_1(x)=111\tilde{0}0=28$ is obtained instead of a residue $U_1(x)=11110$. Then, the combination is ${\tilde{U}}^1(x)=(28,\hspace{0.17em}21,\hspace{0.17em}23,\hspace{0.17em}9,\hspace{0.17em}15,\hspace{0.17em}18)$. Let us find the pairwise products (28).

$$\begin{array}{l}{\left|{\tilde{U}}_1^1(x)B_1(x)\right|}_{M_2(x)}=\left(11100,\hspace{0.17em}0,\hspace{0.17em}00110,\hspace{0.17em}11011,\hspace{0.17em}11000,\hspace{0.17em}10110\right)\\ =\left(x^4+x^3+x^2,\hspace{0.17em}0,\hspace{0.17em}{x}^2+x,\hspace{0.17em}{x}^4+x^3+x+1,\hspace{0.17em}{x}^4+x^3,\hspace{0.17em}{x}^4+x^2+x\right).\end{array}$$

(66)

$$\begin{array}{l}{\left|U_2^1(x)B_2(x)\right|}_{M_2(x)}=\left(0,\hspace{0.17em}10101,\hspace{0.17em}11000,\hspace{0.17em}10110,\hspace{0.17em}00101,\hspace{0.17em}10111\right)=\\ =\left(0,\hspace{0.17em}{x}^4+x^2+1,\hspace{0.17em}{x}^4+x^3,\hspace{0.17em}{x}^4+x^2+x,\hspace{0.17em}{x}^2+1,\hspace{0.17em}{x}^4+x^2+x+1\right).\end{array}$$

(67)

Let us compute the error syndrome using (31):

$${\lambda }_1(x)=U_3(x)+{\left|{\displaystyle \sum _{j=1}^2{\gamma }_3^j(x)}\right|}_{m_3(x)}=10111+11110=01001.$$

(68)

$${\lambda }_2(x)=U_4(x)+{\left|{\displaystyle \sum _{j=1}^2{\gamma }_4^j(x)}\right|}_{m_4(x)}=01001+01101=00101.$$

(69)

$${\lambda }_3(x)=U_5(x)+{\left|{\displaystyle \sum _{j=1}^2{\gamma }_5^j(x)}\right|}_{m_5(x)}=11101+01111=10010.$$

(70)

$${\lambda }_4(x)=U_6(x)+{\left|{\displaystyle \sum _{j=1}^2{\gamma }_6^j(x)}\right|}_{m_6(x)}=10010+00001=10011.$$

(71)

The error syndrome is not zero. This means that the MPPC combination contains an error. The error syndrome is fed to the input of the memory block, where the error vectors for two informational residues are stored. Since only the informational residues are involved in checking the response signal, we will correct only them. In our example, the error vector is equal to $\overline{e}=(00010,\hspace{0.17em}00000)$. To correct the error, we need to add the informational residues of the distorted combination modulo two with the error vector. We obtain $U^1(x)={\tilde{U}}^1(x)+\overline{e}(x)=(111\tilde{0}0,\hspace{0.17em}10101)+(00010,\hspace{0.17em}00000)=(11110,\hspace{0.17em}10101)$.

The error in the first informational residue has been corrected.

The verification of the SRSU’s signal is as follows:

$$\begin{array}{l}OBU:A_1(1)={\left|{\left(x^4+x^3+x^2+x\right)}^8{x}^{26}{x}^{29}{x}^{13}\right|}_{m_1(x)}=x^4+x^3+x^2+1=11101={29}_{10}.\\ OBU:A_2(1)={\left|{\left(x^4+x^2+1\right)}^4{x}^{18}{x}^{12}{x}^{23}\right|}_{m_2(x)}=x^4+x+1=10011={19}_{10}.\end{array}$$

(72)

Since $(A_1(1),A_2(1))=({\widehat{U}}_1(1),{\widehat{U}}_2(1))=(29,19)$, the SRSU’s status is “friend” and it is granted a communication session with the OBU.

In the above example, the ability of the authentication protocol to effectively resist interference has been demonstrated. As a result of the developed noise-resistant protocol, the probability of the first-order error, when a legitimate SRSU is not allowed to start the communication session, will be reduced. To evaluate the effective impact of the redundant MPPC on the noise resistance of the SRSU authentication system, the modeling of the response signal passing through a channel with additive white Gaussian noise (AWGN) for different values of the signal-to-noise ($E_b/N_0$) ratio was conducted. A total of 1000 experiments were performed. A total of 10,000 response signals were transmitted in each experiment. The confidence interval is 95%. The results of noise resistance studies of authentication systems are shown in Figure 4. The developed noise-resistant MPPC was compared with a system that does not use a noise-resistant code, as well as with a burst error-correction BCH code.

The developed error-correction MPPC (30, 10) was compared with the BCH code (31, 11). These codes allow for correcting an error burst containing up to four bits. In the error-correction MPPC code, k = 2 information bases are used. These are the polynomials $p_1(x)=x^5+x^4+x^3+x^2+1$ and $p_2(x)=x^5+x^4+x^3+x+1$. The redundant bases are $p_3(x)=x^5+x^4+x^2+x+1$, $p_4(x)=x^5+x^3+x^2+x+1$, $p_5(x)=x^5+x^3+1$ and $p_6(x)=x^5+x^2+1$. This code can correct twofold errors, i.e., the distortion of two residues in the code combination. The MPPC decoder presented in the paper uses a hard decoding scheme. The analysis of Figure 4 shows that the use of an error-correction MPPC can improve the noise resistance of the SRSU authentication system. So, at the signal-to-noise ratio equal to 8 dB, the authentication system without the use of an error-correction code provides a bit error rate (BER) equal to $BE{R}_1=2\times {10}^{-4}$. The use of the BCH code provides a BER equal to $BE{R}_2=2\times {10}^{-5}$. The application of the developed error correction algorithm for the MPPC allows for reducing the BER down to $BE{R}_3=2\times {10}^{-6}$. In order to provide $BER={10}^{-5}$, it is necessary that the signal-to-noise ratio is equal to $E_b/N_0=9.8$ dB in the authentication system without the use of an error-correction code. When the BCH code is used, the signal-to-noise ratio is reduced to $E_b/N_0=8.6$ dB. It is sufficient to have the signal-to-noise ratio be equal to $E_b/N_0=7.6$ dB for an authentication system using an error-correction MPPC. Thus, it is obvious that the use of the developed algorithms of expansion and error correction in the MPPC allows for increasing the noise resistance of the authentication system using ZKAP based on the modular code. As a result of the MPPC application, there was a decrease in the probability of the first-order error, which contributes to improving the cybersecurity of the satellite IoV.

To evaluate the effectiveness of the developed noise-resistant authentication protocol in countering spoofing-based cyberattacks, a prototype of the satellite authentication system was developed. Kintex UltraScale FPGA (xcku3p-ffva676-1-e) was used to implement the prototype. The Xilinx Vivado-HLS 2018 CAD Xilinx Vivado-HLS was used to estimate the time cost required for authentication without considering the signal propagation time.

The bit depth of the response signal coming from the SRSU is 120 bits. This signal has five parts: two digests and three responses. So, they are 24 bits each. Therefore, we will carry out a comparative analysis with the protocol [65], with the number S = 20,407,339 chosen as a module. 6-bit, 8-bit and 12-bit polynomials can be used to implement the MPPC. When implementing the protocol, only informational bases tuples will be selected for the MPPC. The possible choices are summarized in

Table 2. MPPC bases tuple options for ZKAP.

Option	${\mathit{m}}_1(\mathit{x})$	${\mathit{m}}_2(\mathit{x})$	${\mathit{m}}_3(\mathit{x})$	${\mathit{m}}_4(\mathit{x})$
1	103	111	127	133
2	435	453	455
3	15,647	16,533

. The irreducible polynomials were taken from [74], which uses base-8 numbers for compact notation.

Table 3. Time cost for computing digests of the satellite RSU.

Bases Tuple Option	Number of Bases	DSP	FF	LUT	Computation Time, ns
1	4	12	495	1585	260
2	3	15	521	1462	450
3	2	21	586	1407	520
S = 20,407,339	1	29	618	1302	780

shows the time cost required to compute the SRSU’s true and distorted digests.

Table 4. Time cost for generating the responses.

Bases Tuple Option	Number of Bases	DSP	FF	LUT	Computation Time, ns
1	4	9	92	698	43
2	3	9	117	663	57
3	2	9	185	623	64
S = 20,407,339	1	10	202	583	107

summarizes the time the SRSU spends on generating the responses.

Table 5. Time cost for verifying the SRSU’s response signal.

Bases Tuple Option	Number of Bases	DSP	FF	LUT	Computation Time, ns
1	4	23	2128	3935	1002
2	3	35	2179	3257	1130
3	2	43	2352	3294	1250
S = 20,407,339	1	68	2446	3366	1980

summarizes the time spent by the OBU to verify the response signal received from the SRSU.

Analyzing the simulation data, we can conclude that the use of the MPPC allowed for reducing the time required for SRSU authentication. So, when using a single-module ZKAP [65], the authentication time amounted to 3647 ns (without taking into account the transmission over the channel). Obviously, the smaller the size of the MPPC’s bases, the less time is needed to perform modular operations. This is confirmed by the results presented in Table 3, Table 4 and Table 5. If the implementation of the ZKAP uses two bases (the third option), the authentication time will be equal to 2354 ns. Reducing the bases’ bit depth to 8 (the second option) provided a reduction in the authentication time to 2087 ns. Applying the first option, which uses six-bit polynomials, provided authentication times up to 1565 ns, which is 2.33 times shorter than when performing single-module ZKAP [65]. Obviously, the reduction in the SRSU authentication time will result in the intruder also having a 2.33 times shorter response guessing time interval. As a result, the probability of the second-order error will be reduced, which will also have a positive impact on the cybersecurity of the satellite IoV.

Summarizing the results, we can conclude the following. The simultaneous use of the theory of ZKAP construction, methods of noise-resistant coding and principles of computation in an MPPC allowed for reducing the probability of the authentication of a rogue SRSU (in other words, the probability of the second-order error decreased). At the same time, it also increased the noise resistance to interference (in other words, the probability of a first-order error decreased), which reduced the number of false failures in communication sessions with legitimate SRUS. Thus, the solution proposed in the paper provides a higher level of cybersecurity for satellite IoV.

6. Conclusions

The use of low-orbit satellite Internet has enabled the use of VANET even in sparsely populated and hard-to-reach areas of the Far North. However, the use of satellite data links has led to an increase in the number of cyberattacks on satellite IoV. To solve this problem, it has been proposed to use a zero-knowledge authentication protocol based on a redundant MPPC. The conducted research has shown that the use of a parallel modular code, on the one hand, reduces the time cost of authentication and, on the other hand, provides the effective operation of the authentication system of a satellite RSU. To evaluate the effectiveness of the ZKAP based on an MPPC, a prototype of the satellite authentication system using FPGA was developed. The results showed that by using an MPPC with six-bit bases, the authentication time was 1565 ns, which is 2.33 times shorter than that of the single-module ZKAP [65]. Also, comparative analysis showed that at a signal-to-noise ratio of 8 dB, an authentication system without the use of a noise-resistant code provides a bit error rate equal to $BE{R}_1=2\times {10}^{-4}$. The use of BCH codes provides a bit error rate (BER) equal to $BE{R}_2=2\times {10}^{-5}$. The application of the developed algorithm of error correction in an MPPC allows for reducing the BER down to $BE{R}_3=2\times {10}^{-6}$. Thus, the application of the developed authentication protocol based on a redundant MPPC allows for increasing the level of cybersecurity of satellite IoV.