1. Introduction
Low-Earth-Orbit (LEO) satellite networks have attracted considerable attention in recent years. LEO satellite networks are useful in a variety of scenarios. In some remote areas with small populations and the ocean, it is difficult to provide internet services from the ground due to the high construction cost of the network. In addition, when traveling in fast-moving vehicles, such as airplanes, communication frequently switches between different ground base stations, resulting in high packet loss rates and poor service quality [
1,
2,
3]. At this point, LEO satellite networks can provide broadband communication where there is no ground equipment, and provide high-quality services to anyone, anytime and anywhere [
4,
5,
6].
The LEO satellite networks have a low delay, high bandwidth, high transmission rate, and low link loss, and bring global coverage and efficient frequency reuse [
7,
8,
9,
10]. As 5G communication standards mature, satellite communications play an important role in expanding and completing ground networks [
11,
12]. With the increasing demand for seamless broadband communication, the global LEO satellite communication system has become an important part of connecting space and ground. The goal is to provide high-quality access for all users at any time and in any space [
13,
14,
15].
In LEO satellite networks, traditional access authentication needs satellites to send authentication information back to the ground control center to confirm user identity. There are so many hops of transmission that the overhead of the certificate management using a public key infrastructure is not negligible. In addition, due to the high-speed movement of LEO satellites in space, users on the ground can only be served by one satellite within approximately ten minutes in the Iridium system. Communication requires frequent switching of authentication, and traditional authentication protocols are greatly affected by onboard routing protocols. Because the authentication process is greatly affected by the centralized certificate authority. In the authentication process, satellites need to obtain the certificate revocation list which is used to notify the satellite that the certificate has been cancelled by the certificate authority. Such communication is implemented by transmitting control data through the inter-satellite links. The inter-satellite links may be congested or disconnected, so it is particularly important to choose a proper routing protocol. Improper routing will not only increase the delay, but also lead to data loss. Researchers have proposed using an identity-based encryption algorithm to replace certificate authority institutions [
16]. However, the system stores a large number of user parameters, making the efficiency low. Concerning switching authentication, researchers transmitted data through broadcast according to the distributed characteristics of blockchain, which reduced the dependence on routing protocols [
17]. However, these studies limit the prerequisite conditions of authentication. Not all types of switched authentication can achieve high efficiency.
To tackle these challenges, this paper proposes a blockchain-based authentication protocol using cryptocurrency technology (BAPC) that not only solves the problem of difficult certificate management by using blockchain and cryptocurrency technology, but also enables the satellite to independently access authentication without being affected by routing protocols. It is suitable for various types of switching authentication.
The main contribution of this paper is summarized as follows.
The registration stage, initial authentication stage and switching authentication stage of access authentication are designed, and the cryptocurrency technology is introduced. It not only improves the security of authentication, but also improves the efficiency of switching authentication. Therefore, cryptocurrency plays an important role in these three stages. Currency transactions, as certificates that cannot be tampered with, ensure the reliability of authentication information.
According to the network topology, multiple areas are divided, and nodes in the area collaborate to generate blocks. After a node receives a transaction, the transaction is temporarily stored in the local cache pool, and the node independently verifies the local transactions. This scheme not only reduces the network load of intersatellite transmission but also reduces the computational overhead of a single node in verifying transactions.
Computational overhead of BAPC is compared with other protocols, and the security of BAPC is analyzed. The asymmetric encryption operation, signature operation and verification operation adopted in BAPC are at the average computation level, and there are fewer communication times. In addition, in terms of security, it not only ensures the security of the key but also effectively resists replay attacks, denial of service attacks and impersonation attacks.
BAPC is simulated on the NS2 network simulation platform. Simulation results show that BAPC greatly reduces switching authentication time compared with other protocols. In addition, compared with no regional partitioning, regional partitioning significantly reduces the block generation time and the network throughput. Moreover, the computation time of the signature and validation operations are tested on Python.
The remainder of this paper is organized as follows.
Section 2 reviews the relevant work in satellite access authentication.
Section 3 introduces the blockchain and cryptocurrency technology and describes the system model. In
Section 4, the three stages of the proposed authentication protocol are introduced.
Section 5 describes the method and analysis of area division.
Section 6 compares the computational overhead with other protocols and analyzes the security. In
Section 7, the simulation results on the NS2 platform are presented.
Section 8 concludes this paper.
2. Related Work
In LEO satellite networks, the service area of the satellite is constantly moving; therefore, the connection between the user and satellites needs frequent switching. How to efficiently implement switching authentication is an important research problem.
Regarding identity authentication protocols in terrestrial networks, Ao et al. proposed a new secure identity authentication scheme based on blockchain and identity-based cryptography. The scheme implemented a decentralized private key generator in the Ethereum blockchain, and used the identity-based encryption signature algorithm and challenge-response protocol during the authentication process. This scheme used blockchain to solve the single point of failure and identity-based encryption to avoid the complex certificate management [
16], but bilinear pairs have high computational cost and system overhead. Zhang et al. proposed a certification public key cryptography. The key generation center gave part of the user’s private key. The user selected a secret value and combined part of the private key to generate a complete private key. This method avoided the problem of private key escrow in identity based public key cryptography [
18]. In the terrestrial network, the existing work uses identity-based encryption algorithm or blockchain technology to avoid complex certificate management.
For the satellite networks using key authentication protocols, Cruickshank et al. proposed mutual authentication between users and satellites using a public key encryption system, which uses a key algorithm to encrypt data, and a public key encryption system can ensure the security of data transmission [
19]. However, its operation is too complicated, and the reliability of authentication information is not involved. Wu et al. proposed a Beidou2 navigation information authentication scheme, which uses an elliptic curve digital signature algorithm to generate digital signatures to verify the integrity and authenticity of navigation data and avoid entity disguise and data tampering [
20]. However, information authentication during satellite switching is not involved. Altaf et al. proposed a robust key negotiation authentication scheme suitable for mobile satellite environments, providing mutual authentication, session key negotiation and correct user anonymity concepts [
21], but there are problems of protocol storage, high communication cost and complex calculation. In satellite networks, most work considered optimizing the calculation method of authentication, which involved the management of certificate authority and thus suffered from the single-point-of-failure problem. In addition, the distance between the satellite and the certificate authority is varying, and the data transmission between them may need to be forwarded through multiple satellite nodes. The data volume and transmission time of trusted certificate cannot be simply ignored, which increases the communication delay in the switch authentication process.
Regarding signature algorithms in the satellite networks, Meng et al. designed an authentication scheme based on a proxy signature, and the authentication interaction process was only realized between mobile users and satellite nodes, thus reducing the long delay of authentication implementation [
22]. Although proxy signature can avoid the problem of certificate management, each authentication needs to pass through the gateway to obtain permission, which causes a problem with too many transmission hops. In resource-constrained LEO satellite networks, the response latency of the above authentication protocols needs to be improved, and the distributed characteristics of LEO satellite networks needs attention. According to the distributed characteristics of LEO satellite networks, we adopt the blockchain technology. In the network, satellites can calculate independently, become peer nodes, and thus no longer rely on a control center. This effectively solves the problem of single point of failure of the public key infrastructure and provides support for users’ fast access authentication. According to latest research results in the field, compared with traditional authentication protocols, the additional overhead brought by blockchain is in an acceptable range, which makes the blockchain technology feasible for LEO satellite networks [
23,
24,
25,
26].
Regarding the satellite networks using blockchain technology, Pokhrel et al. proposed a federated learning framework based on blockchain. They quantified the forking probability of the blockchain and exploit double deep Q-network algorithm for efficacious resource allocation [
23]. In our protocol, the blockchain we use is consortium blockchain which is one type of the blockchains. Satellite nodes do not compete for bookkeeping rights, so we do not need to consider the bifurcation of blockchain. Ibrahim et al. reviewed some scenarios in which blockchain technology is applied to satellite communication, and discussed the contributions and challenges of deploying blockchain in satellite clusters and the solutions to the challenges [
24]. The contribution and challenge of applying blockchain technology to satellite communication have been discussed and its efficacy in satellite communication has been verified.
Wei et al. proposed abstracting the characteristics of LEO satellite dynamic topology by using regional division and establishing a consensus among satellites on user authentication by using the consensus mechanism in blockchain. The protocol also combines a distributed hash table and hash lock to reduce storage and computing overhead and to realize user switching authentication in LEO satellite networks [
25]. However, it transmits a large amount of data and has a longer communication time. Wei et al. proposed an access authentication protocol combining identity-based encryption and blockchain technology. The protocol can be quickly reconnected to satellites in the same orbit, and two different key management schemes of identity-based encryption and blockchain were studied [
26]. However, when users access authenticated satellites in different orbits, complete reauthentication is required. The above work mainly focused on using blockchain to ensure the security of handover authentication by combining the distributed characteristics of satellite networks, but in the initial authentication stage, the correctness of the information added to the blockchain cannot be ensured. Nodes in the same region trust other nodes excessively. Once a malicious node appears in the region, the normal nodes in the same region will not be able to recognize the wrong authentication information. In our protocol, based on the openness and transparency of cryptocurrency, all nodes in the network can verify the correctness of authentication information.
As discussed above, centralized secret-key based approaches suffer from single-point-of-failure problem, while blockchain is a distributed method that solves the problem. During the switching authentication process, the satellite can independently authenticate the user identity without communicating with the authentication center, while the traditional protocol cannot. In addition, the blockchain operation has been completed before user switch authentication, which will not affect the performance during the switch authentication process. Moreover, although cryptocurrency is a technology based on blockchain, there is still limited work on cryptocurrencies in LEO satellite networks. Therefore, in this paper, we apply cryptocurrencies to satellite access authentication. The authentication center verifies the user identity and stores a transaction in the blockchain. When a user switches from one satellite to another, the satellite finds the user address included in the transaction within the blockchain. At this time, the transaction becomes a trusted credential in the authentication process, and the user address in the transaction is generated by the user’s public key through the hash algorithm, which plays a key role in data authentication. We design a blockchain-based authentication protocol using cryptocurrency technology (BAPC), which not only improves the efficiency of switching authentication, but also improves the security of authentication. In addition, a regional division method is used to reduce the time of block generation and network throughput.
5. Regional Division and Analysis
In this section we introduce the regional division of satellite groups according to the network topology in LEO satellite networks. We describe our regional division method, and then discuss how to reduce the computing overhead and network load.
5.1. Regional Division
In LEO satellite networks, the existing regional division method is used to improve the efficiency of switching authentication within each region. Wei et al. proposed a division method, taking the satellite in the middle position as the main node and establishing links between two adjacent satellites in the same orbit and two adjacent satellites in the adjacent orbit so that the five satellites can be divided into a region [
25]. However, given the potential of reverse slits in the satellite network, as well as the instability or disconnection of links between different orbits as the satellite moves to high latitudes, the region will not work properly. In addition, it is more difficult to ensure that there are links between adjacent areas and the normal operation of areas in cross- regional switching authentication. In terms of storage mode, the method proposed by Wei et al. uses the distributed hash table technology, which reduces data redundancy. However, when switching authentication, user authentication information needs to be transmitted through intersatellite communication, resulting in an increased delay of switching authentication.
Aiming at the above problems, we propose a stable regional division method. This method can avoid the situation that a region fails to work properly due to the disconnection of links between satellites. At the same time, each node in the region has a complete blockchain ledger, which can avoid the response delay caused by excessive intersatellite communication when switching authentication. In addition, due to the limited onboard computing capacity, the regional partition method proposed in this paper can reduce the computing burden of the master node and reduce the network load. When dividing the region, considering that the adjacent satellite links in the same orbit are stable and the adjacent satellite links between orbits may change, the five satellites with a relatively close distance in the same orbit are divided into a region. In this region, satellites at both ends can send data to the main satellite in the middle of the region with only one or two hops. When weighing the size of the region, the number of blocks generated per unit time should be reduced as much as possible to reduce the number of broadcasts to reduce the load of inter-satellite links. Therefore, the region should be set larger. However, when generating blocks, the region should be set smaller to ensure the speed of transaction transmission within the region. Therefore, in the network topology of a satellite system, the above two factors are taken into account when dividing regions into appropriate sizes. For example, in the Iridium system, five satellites in the same orbit are divided into one region, as shown in
Figure 7. Since the Iridium satellite system has six orbits with 11 satellites in each orbit, it is divided into 12 regions with two regions in each orbit. The purpose of this division is to ensure a low transmission delay in the region as much as possible and to let all nodes in the region share the computing overhead of the entire region without requiring a single node to undertake all computing. At the same time, transactions are verified by each receiving node, avoiding repeated broadcast of transactions and reducing the load of the entire network.
5.2. Computational Overhead
In the traditional accounting process, all transactions in the network are verified by the node with the right of accounting alone, which will consume considerable computing power and time for a single node. In this paper, multiple satellite nodes are divided into the same region to share the total computing overhead in the region. When a satellite node receives a transaction, it does not broadcast it but stores it temporarily in the local cache pool. Each region takes turns in bookkeeping. When the region obtains the right of bookkeeping, the master node does not need to verify all transactions in the region alone. Instead, each node in the region first validates the transaction they receive independently. Then, the node forms the transaction tree that passes the verification and calculates the root hash. Finally, the node sends the transaction tree and root hash to the master node. After receiving all transaction trees in the region, the master node forms a larger transaction tree and calculates the final root hash. In this process, each subtree is calculated separately by each satellite node; thus, the calculation in the region is dispersed to each node. Therefore, the master node does not need much calculation, and the partition method reduces the calculation overhead and time of the master node when verifying transactions and calculating hashing.
5.3. Network Load
In a traditional blockchain, when a node in the network receives a transaction, it broadcast the transaction immediately, and wait for miners to compete for the right of bookkeeping and package the transaction, at which point a large number of transactions are constantly transmitting around the network. In this paper, after regional division, each node calculates the transaction received separately; therefore, when the satellite node receives the transaction, there is no need to broadcast. After each satellite node in the region completes the verification transaction and calculates the hash, it sends the valid transaction and hash results to the master node, and then the master node broadcasts after completing the packaging of the transaction and the generation of new blocks. In this way, the transaction need to broadcast only once in the network, which can avoid repeated broadcast of the transaction and reduce the amount of data transmitted in the network and significantly reducing the network load.
6. Protocol Comparison and Security Analysis
In this section, we compare our proposed protocol with two other authentication protocols in terms of computing overhead and key security against replay attacks, denial of service attacks and impersonation attacks.
6.1. Computational Overhead
The comparison results are shown in
Table 1. In the
X/Ys in the table,
X represents the calculation times of user operations, and
Y represents the calculation times of satellite operations. In
X/Y/Z,
X remains the same,
Y represents the calculation times of satellite operations before the switchover, and
Z is the times after the switchover. In communication times, users send messages to satellites, satellites to users or satellites to satellites as communication. We compare three protocols: Fast-access, Handover and our protocol BAPC. The Fast-access and the Handover algorithms are the protocols in [
26], and we adopt similar settings in our simulation. Compared with other related protocols, BAPC is better in computing overhead. According to the analysis, two comparison protocols require hash operation, but BAPC does not require hash operation. In addition, the operation of asymmetric encryption, signature and verification operation in BAPC is one times on both the client side and satellite side, which is at the average computation level compared with other protocols. In terms of communication times, the comparison protocols are 2 and 4 times, and BAPC is 2 times, which is less.
6.2. Key Safety
When the user needs to establish a new account, the user uses the key generator provided by the authentication center to directly generate the public key, private key and address locally. In this process, the private key is not transmitted through any channel, and neither the authentication center nor the satellite knows the user’s private key. In the cryptocurrency technology, the user address is generated by the user’s public key through a predetermined hash algorithm. The user address and the public key form a one-to-one correspondence and are stored in the blockchain. In the authentication process, the attacker attempts to intercept the information and tamper with the information using the attacker’s public key and private key, and send it to the satellite. When the attacker is not registered, it does not have a legal public key. Since the attacker’s address is not stored in the blockchain, the satellite will not believe such information. When the attacker has registered, since the transaction which is submitted in the registration stage is saved on the blockchain and the attacker’s legal public key corresponds to the transaction information, the attacker cannot interfere with other users. Therefore, the public key identity of legitimate users is guaranteed.
6.3. Replay Attacks
BAPC uses timestamp to defend against replay attacks. During the registration stage, users need to pay legal tender to obtain the corresponding amount of cryptocurrency, and attackers cannot benefit from replaying such messages. During the initial authentication stage and switching authentication stage, the user initiates a transaction to obtain the service, and the timestamp is stored in the transaction information. When an attacker replays such messages, it cannot sign them properly or change the timestamp. When the satellite node receives multiple transactions with the same timestamp, it will judge the later one as an invalid transaction and reject the request from the attacker. If the attacker intercepts the request by the user and then replays the request to obtain the service, the session key returned by the satellite is encrypted with the user’s public key, and only the user’s private key can be decrypted to obtain the session key. Without the private key, the attacker cannot obtain the service. As to resisting replay attacks, BAPC is similar to the method used by traditional encryption protocols and our protocol can also resist such attacks.
6.4. Denial-of-Service Attacks
BAPC adds to the cryptocurrency system, applying economic costs to defend against the Denial-of-Service attacks. In the registration stage, initiating payment requests requires a small amount of upfront capital. The attacker will therefore spend a large amount of upfront capital if continuously initiating payment requests. During the initial authentication phase, authentication costs cryptocurrencies, which are converted by the cost of capital. If an attacker repeatedly initiates initial authentication, the attacker incurs significant cryptocurrency costs. In the switching authentication phase, a deposit is required before authentication. When the transaction is not verified, a certain margin will be deducted. Because the authentication request initiated by the attacker cannot be authenticated, a large margin is consumed. If normal users continuously initiate requests, the satellite node can limit the number of requests from the same user address within a certain period of time.
6.5. Impersonation Attacks
An attacker may attempt to impersonate a user to send an authentication request to a satellite. However, without the user’s private key, the attacker cannot give the correct signature. When the attacker impersonates a user’s request to the satellite with his own public key, the request cannot pass the verification of the satellite. Since only the addresses of legitimate users are stored in the blockchain, there is no address corresponding to the attacker’s public key. At the same time, the attacker cannot obtain the correct session key from the message encrypted with the public key and cannot use the service. If an attacker impersonates a satellite by sending a message to the user, since the attacker does not have the private key of the satellite, the signature cannot be verified by the user, and the user will discard the message.
6.6. Man-in-the-Middle Attacks
Man-in-the-middle attack is a common means of network intrusion. Man-in-the-middle attack means that the attacker obtains the communication information of both sides through illegal eavesdropping, and then intercepts and tampers with the message to control the whole session. The fundamental reason that man-in-the-middle attack may succeed is that both parties cannot prove their identity through identity authentication. In BAPC, when an attacker intercepts a user’s message and tampers with the attacker’s public key, the satellite can easily identify the illegal public key. Because the attacker’s address cannot be found on the blockchain as legal users save the address on the blockchain through the registration stage. If the attacker uses his registered legal address, the satellite will know that it is communicating with the attacker, not a normal user.
7. Simulation and Evaluation
In this section, we adopt the Iridium LEO satellite network scenario and conduct a performance simulation of our BAPC protocol. The experimental environment is the NS2 platform, which uses the Ethereum key generation algorithm and signature verification algorithm.
7.1. Simulation Parameters
In the simulation, the altitude is set to 780 km, the inclination angle is 86.4°, the orbital period is 6027.14 s, the uplink and downlink bandwidth is 1.5 Mb/s, and the inter-satellite link bandwidth is 25 Mb/s. There are 6 orbits in total, with 11 satellites in each orbit.
In the simulation of the switching authentication stage, 60 ground terminals play the role of users, evenly distributed between 60° S and 60° N. The fields contained in BAPC are set using the actual algorithm, and the size of the related fields is shown in
Table 2: 64 bytes for the user public key, 20 bytes for the address, 65 bytes for the signature, 128 bytes for the session key, and 4 bytes for the service type, service duration, timestamp, and quantity of cryptocurrency. Two authentication protocols are used for comparison: In reference [
26], the Fast-access protocol is used for in-orbit switching authentication; and the Handover protocol is used for cross orbit handover authentication. In LEO satellite networks, there is still limited work considering blockchain-based authentication. We choose this protocol to compare because their work is closest to ours. They also apply the blockchain technology to the authentication process in LEO satellite networks to help satellites authenticate user identity more efficiently. However, the benchmark protocol uses the identity-based encryption key, while our protocol uses the cryptocurrency technology.
7.2. Switching Authentication Time
We set the maximum number of simultaneous online users of the Iridium satellite system to 150,000 [
25]. Assuming that users are evenly distributed, it takes approximately 2 h for a satellite to orbit the earth, and the available service time for a stationary ground user is approximately 10 min in Iridium. Therefore, ground users need to initiate a switching authentication request to the satellite every 10 min, and a single satellite needs to process four user authentication requests every second. The simulation experiment is set to run for 1 h, and the number of users that a single satellite needs to process per second is successively considered in four cases
λ: 4, 8, 16 and 32. The simulation results are shown in
Figure 8. When processing 4 user requests per second, the response time is 0.026 s for the BAPC protocol, 0.019 s for the Fast-access protocol and 0.044 s for the Handover protocol. As the number of users increases, the response time of each protocol increases linearly. BAPC reduces the response time by 39% to 43% compared with the Handover protocol in terms of the interval between 4 and 32 users.
In general, our BAPC authentication protocol shows a better comprehensive performance other protocols. Compared with the Fast-access authentication protocol, it transmits less data and has no intersatellite communication; therefore, it is slightly superior to BAPC. However, the restrictions are more stringent, requiring satellites in the same orbit. As the satellite moves, satellites in the same orbit do not keep circular coverage of the same location. In practice, users most likely need handover authentication between different orbits. BAPC is better than its Handover authentication protocol.
At the same time, compared with other satellite access authentication protocols, BAPC does not distinguish between intraregional authentication and cross-regional authentication, nor does it require that the satellite for access authentication be in the same orbit or adjacent satellite across orbit. BAPC can be used for different types of switching authentication, which is more suitable for LEO satellite networks with constantly changing links. In addition, user authentication information is basically stored on the blockchain, which has high scalability. Based on blockchain and cryptocurrency, BAPC securely stores user authentication information in a distributed ledger, reducing the cost of communication between users and satellites and bringing lower communication cost with tolerable storage cost. For an increasing amount of data, a certain mechanism can be used to clear the data and maintain sufficient storage space.
7.3. Block Generation Time
We then compare the generation time of blocks without partitioning and after partitioning, as shown in
Figure 9. When the number of users processed by a single satellite is 4 per second, the time of block generation is 0.122 s without regional division and 0.053 s after regional division, which reduces the time consumed by 56%. In the case of no regional division, the calculation amount of the primary node is 5 times that after regional division. As the number of users increases, the time of verifying transactions on the primary node keeps increasing. Meanwhile, the ratio of time shortening increases with the increase in the number of users. With 32 users, the time after partition shortens by 74%.
7.4. Network Throughput
In the process of block consensus, the broadcast of a large number of transactions will increase the network throughput. This section compares the throughput without regional division and after regional division, as shown in
Figure 10. When the number of users processed by a single satellite is 4 per second and no region is divided, the network throughput is 5.139 MB/s in the process of block consensus and 1.462 MB/s after regional division. From a range of 4 to 32 users, with an increase in the number of users, the growth rate of network throughput in divided regions and non-divided regions is similar, and the network throughput decreases by 71% after the region is divided.
7.5. Signature and Verification Time
Python is used to repeatedly test the computation speed of the signature and verification. This test uses Ethereum’s generation algorithm of public keys and private keys and address, and signature algorithm and verification algorithm. As shown in
Figure 11, it takes 0.003 s or 0.004 s to sign transactions, with similar frequency and an average time of approximately 0.0035 s. The time of signature verification is 0.005 s or 0.006 s with similar frequency, and the average time is approximately 0.0055 s. In the simulation of switching authentication, there is a satellite verification calculation and a satellite signature calculation.
8. Conclusions and Future Work
In LEO satellite networks, the satellite moves constantly, and so does the coverage area. Therefore, the satellite-ground link needs frequent switching and it is of great significance to study how to ensure reliable and fast switching authentication. This paper proposes an LEO satellite network authentication protocol based on blockchain and cryptocurrency. First, three stages of access authentication are designed. After the registration and initial authentication are completed, users can achieve fast switching authentication. Second, the regional division scheme is studied to improve the efficiency of generating blocks. Finally, we realize the authentication protocol on the NS2 network simulation platform. The experimental results show that compared with other authentication protocols, BAPC has better security. Additionally, it not only greatly reduces the response time of the switching authentication and improves the efficiency of the switching authentication, but also significantly reduces the block generation time and network throughput.
However, as satellites are with limited storage capacity, the ever-increasing volume of blockchain data becomes an urgent problem to be solved. In our follow-up work, how to better optimize the amount of data stored on the satellite side under the condition of ensuring the reliability of authentication information will be studied. Moreover, it is meaningful to conduct experiments on real LEO satellites or emulation platforms. In the future, if there are opportunities, we will make real measurements on LEO satellites.