A Blockchain-Enabled Decentralized Zero-Trust Architecture for Anomaly Detection in Satellite Networks via Post-Quantum Cryptography and Federated Learning

Abstract

The rapid expansion of satellite networks for advanced communication and space exploration has ensured that robust cybersecurity for inter-satellite links has become a critical challenge. Traditional security models rely on centralized trust authorities, and node-specific protections are no longer sufficient, particularly when system failures or attacks affect groups of satellites or agent clusters. To address this problem, we propose a blockchain-enabled decentralized zero-trust model based on post-quantum cryptography (BEDZTM-PQC) to improve the security of satellite communications via continuous authentication and anomaly detection. This model introduces a group-based security framework, where satellite teams operate under a zero-trust architecture (ZTA) enforced by blockchain smart contracts and threshold cryptographic mechanisms. Each group shares the responsibility for local anomaly detection and policy enforcement while maintaining decentralized coordination through hierarchical federated learning, allowing for collaborative model training without centralizing sensitive telemetry data. A post-quantum cryptography (PQC) algorithm is employed for future-proof communication and authentication protocols against quantum computing threats. Furthermore, the system enhances network reliability by incorporating redundant communication channels, consensus-based anomaly validation, and group trust scoring, thus eliminating single points of failure at both the node and team levels. The proposed BEDZTM-PQC is implemented in MATLAB, and its performance is evaluated using key metrics, including accuracy, latency, security robustness, trust management, anomaly detection accuracy, performance scalability, and security rate with respect to different numbers of input satellite users.

1. Introduction

A satellite network is a communication system that uses artificial satellites to relay signals between different points on Earth. These networks are especially useful for covering large or remote areas where traditional infrastructure like cables or towers might be impractical. A decentralized zero-trust architecture in satellite networks is an advanced approach to securing space-based communication systems. The conventional security models designed for satellite networks do not achieve higher security. Therefore, there is a requirement for novel security models to improve the robustness and intelligence of a decentralized zero-trust architecture for anomaly detection in satellite networks.

An existing blockchain-enabled federated learning (BFL) framework was implemented in [1] for anomaly detection in a robust zero-trust architecture. However, secure communications against quantum attacks have remained an open issue. Variance-based genetic ensemble of neural networks was designed in [2] for increasing the efficiency of satellite anomaly detection, but the false-positive rate was higher. A deep learning-based anomaly detection framework was designed in [3] for satellite telemetry with false anomalies. However, the existing framework included a high computational cost, over-fitting, and data privacy and security concerns.

Long Short-Term Memory (LSTM) Networks were introduced in [4], aiming at achieving better anomaly detection accuracy in satellite communications systems, but there were more computational costs, training time, and memory consumption. A security method, created to notice malicious events, that depended on the examination of blockchain network traffic statistics, was presented in [5]. However, handling a greater number of transactions was not efficient in this work, which increased delays and costs. Zero-trust authentication concepts were utilized in [6] to secure communications with the application of hyperelliptic curve cryptography (HECC). But authentication accuracy was poor when considering a larger number of satellite users.

Convolution neural networks (CNNs) and zero-trust security policies were developed in [7] for the reliable and accurate identification of false data injection attacks. However, the transmission delay was higher. An orbital zero-trust architecture (oZTA) was implemented in [8] for securing the LEO satellite networks. However, different types of anomalies were not detected. A multi-factor authentication method was presented in [9] using the zero-trust network concept for LEO satellite communication systems. However, a higher level of security was not achieved.

An access authentication procedure was utilized in [10] with the goal of reducing the communication delay and signaling cost. However, data integrity was not considered. An identity-based quantum signature scheme was intended in [11] to boost security. However, authentication performance was insufficient. Zero-trust and edge intelligence (ZTEI)-empowered continuous authentication was performed in [12] to achieve improved accuracy for user authentication. However, the robustness of the zero-trust model still needed to be improved.

The dual-branch reconstruction model was implemented in [13] for satellite anomaly detection, but the time complexity during the anomaly identification process was higher. Two-stage anomaly detection was performed in [14] for the LEO satellite network. However, continuous authentication was not considered. A federated learning (FL) framework and conditional generative adversarial network (CGAN) representation were utilized in [15] for threat identification in satellite–terrestrial integrated networks. However, communication overhead and data privacy issues were not solved.

Recent studies emphasize the growing role of FL in enabling privacy-preserving and distributed intelligence across heterogeneous communication environments. For instance, the hierarchical SFL (HSFL) framework was presented in [16] for secure edge networks. Similarly, federated learning based on model repair (FedMR)was implemented in [17] to demonstrate the use of hierarchical FL to improve anomaly detection accuracy while preserving data privacy. A backdoor data-poisoning attack method was introduced in [18] to highlight FL’s potential in supporting decentralized trust management for 6G and space–air–ground networks. Additionally, a unified multi-domain face normalization network (UMFN) was utilized in [19] to provide robust FL-based security models resistant to adversarial manipulation. These recent advancements underline the suitability of federated learning as a foundation for intelligent, privacy-preserving anomaly detection in satellite networks, motivating its integration with blockchain and post-quantum cryptography in the proposed BEDZTM-PQC framework.

A deep learning-based smart framework was developed in [16] for cyber-physical and satellite system security risk identification. However, it was more computationally complex. A deep learning-based hybrid intrusion detection system was designed in [17] to safeguard satellite networks. But the ratio of the number of satellite users that was mistakenly detected as normal or the anomaly was higher. A literature review of different machine learning and deep learning-based satellite communication technologies and their applications, open challenges, and future research solutions was presented in [18].

A study of various machine learning algorithms developed for anomaly detection in satellite networks, with their merits and demerits, was analyzed in [19,20]. A PQC technique was designed in [21,22] to defend satellite communications against quantum computing threats. Single-user security [23,24] and robust zero-trust architecture [25]. But zero-trust models and blockchain technology were not utilized. In order to overcome the above issues, BEDZTM-PQC [23] is introduced in this paper. Zero trust [24] means “never trust, always verify.” Every device, user, or satellite must prove its identity and authorization before gaining access; there is no assumption, not even within the network. Traditional satellite networks often rely on centralized control, which can be a single point of failure [25]. A decentralized ZTA distributes trust decisions across multiple nodes (satellites, ground stations, etc.), improving resilience and reducing vulnerability to attacks or outages. Combining decentralized ZTA with blockchain technology in satellite networks creates a powerful framework for secure, resilient, and autonomous space communication systems. The integration of a decentralized ZTA and blockchain in satellite networks provides strong security, but scalability was unsatisfactory, i.e., as satellite constellations grew, maintaining a synchronized blockchain ledger across hundreds of fast-moving nodes becomes increasingly complex. Another problem is resource constraints, where satellites have limited processing power, memory, and energy. Running blockchain nodes or continuous ZTA authentication can strain these resources.

In addition to that, blockchain operations (like consensus and smart contract execution) can establish delays. In space, where communication already suffers from latency and limited bandwidth, this can be a serious bottleneck. Also, implementing strong cryptographic protocols and continuous verification (as required by ZTA) can slow down mission-critical operations if not optimized properly. Integrating blockchain and ZTA across satellites from different vendors or nations requires standardized protocols. In order to overcome the previously mentioned problems, a novel BEDZTM-PQC is proposed in this paper by combining decentralized ZTA, blockchain technology, post-quantum cryptography, and FL algorithms in a satellite network for reliable data communication.

The key contributions of BEDZTM-PQC are described as follows:

(1)

Decentralized Group-Based Zero-trust Security: Proposes an innovative zero-trust framework that performs authentication and access control at the group level, thereby mitigating risks associated with single points of failure in satellite communication networks.

(2)

Integration of PQC: Employs quantum-resistant cryptographic primitives to secure communication and identity management, ensuring long-term resilience against quantum computing threats in space-based systems. To ensure a higher level of security when combining decentralized ZTA and blockchain technology in satellite networks and to reduce the latency and resource usage, the PQC concept is introduced in this paper. Thus, the proposed BEDZTM-PQC increases the authentication performance as the blockchain enforces continuous verification, ensuring that only authenticated entities can interact with satellite networks.

(3)

Hierarchical FL for Anomaly Detection: Introduces a multi-layer FL strategy that facilitates collaborative anomaly detection across satellite clusters while preserving local data privacy and minimizing power consumption. By applying FL, the proposed BEDZTM-PQC protects privacy and reduces overhead communication in satellite networks.

(4)

Blockchain-Enabled Trust and Access Management: Utilizes blockchain technology and smart contracts to maintain immutable transaction records, dynamically manage trust scores, and implement decentralized anomaly validation and access control decisions. To improve the security and intelligence of the designed blockchain-enabled decentralized zero-trust satellite network, FL is utilized in this work. With this concept, the proposed BEDZTM-PQC boosts the anomaly detection performance by collecting behavioral data and trust scores of users in a satellite network. Here, behavioral data represents authentication success/failure rates, communication delays or drops, smart contract violations, and resource usage anomalies recorded on the blockchain.

(5)

Blockchain provides decentralized authentication and immutable transaction records, ensuring tamper-proof security for inter-satellite communications.

(6)

Post-quantum cryptography (PQC) guarantees forward security and resistance against emerging quantum attacks, safeguarding key exchange and encryption processes.

(7)

Federated learning (FL) enables distributed anomaly detection and adaptive trust management without requiring raw data sharing, thereby preserving privacy and reducing communication overhead.

The residual paper is formulated as follows: Section 2 shows the problem formulation, Section 3 describes the architecture of BEDZTM-PQC for the secured LEO satellite network model, Section 4 provides the detailed processes of the developed FL-based anomaly detection, Section 5 illustrates the experimental results and compares them with conventional methods, and Section 6 concludes the paper.

2. Problem Formulation

In modern satellite networks, the increasing number of interconnected nodes (satellites and ground stations) introduces critical security vulnerabilities, especially in environments relying on centralized control or node-specific authentication. Existing anomaly detection and security models often fail to scale securely and reliably when protecting groups of satellite nodes or agents, leading to single points of failure (SPOF), delayed threat response, and vulnerability to quantum-era cyber attacks. To overcome these challenges, we designed a decentralized, quantum-resilient, and privacy-preserving security architecture for satellite networks that enables group-level protection, dynamic trust management, and accurate anomaly detection. Here, the objective is to maximize security trust and anomaly detection accuracy, while minimizing communication overhead and trust decay, which is mathematically described as follows:

$$max\left(\sum _{i=1}^n{T}_i\left(n\right)+\sum _{i=1}^{n}Acc\left(M_i\right)\right)-\lambda .\sum _{i=1}^n{Comm}_i\left(n\right)$$

(1)

In Equation (1), $Acc\left(M_i\right)$ describes the accuracy of model ‘$M_i$’, ${Comm}_i\left(n\right)$ defines the communication cost of the groups, $\lambda$ refers tradeoff weight parameter, and $T_i\left(n\right)$ represents each group’s dynamic trust score, whereas ‘$n$’ describes the set of satellite groups. The conventional system model for BEDZTSN is shown in Figure 1.

With the motivation of strengthening the security level of the blockchain-assisted decentralized zero-trust satellite network while decreasing the latency and resource utilization, post-quantum cryptography is utilized in this paper. In addition to that, FL is utilized in this study to accurately identify the threats in this network with better complexity.

Motivation and Novelty of the Proposed BEDZTM-PQC Framework:

Traditional satellite communication systems rely on centralized trust models that are vulnerable to single points of failure and evolving cyber threats. The proposed BEDZTM-PQC introduces a novel fusion of blockchain, PQC, and FL to overcome these challenges. The blockchain provides decentralized trust management through immutable smart contracts, ensuring transparent authentication and secure coordination among satellites. PQC guarantees resistance against quantum-based attacks, making the communication framework future-proof. FL enables distributed anomaly detection by allowing satellites to collaboratively train models without sharing raw data, thus preserving privacy and reducing communication overhead.

This integrated approach establishes a multi-layered, self-adaptive, and intelligence-driven zero-trust architecture. Unlike conventional systems, BEDZTM-PQC simultaneously achieves decentralized trust, quantum-resilient encryption, and privacy-preserving anomaly detection, offering a unique and comprehensive cybersecurity solution for next-generation satellite networks.

3. The BEDZTM-PQC Approach Development

3.1. The Architecture of BEDZTM-PQC-Secured LEO Satellite Network

The implemented BEDZTM-PQC combines two advanced security paradigms to design a robust architecture for secure space-based communication. Here, the blockchain technique provides immutable, decentralized data and trust management. Zero-trust security in BEDZTM-PQC enforces strict identity verification and access control, assuming no implicit trust for any entity (i.e., internal or external satellites).The proposed BEDZTM-PQC is useful in low earth orbit (LEO), medium earth orbit (MEO), and geostationary earth orbit (GEO) satellite constellations where inter-satellite links (ISLs) and ground station connections demand high integrity, real-time secure communication. To further increase the security of BEDZTSN via continuous authentication, PQC is applied in this research, which protects against quantum attacks. In addition to that, a machine learning algorithm, i.e., FL, is integrated with PQC to enhance real-time threat detection and response. The designed BEDZTM-PQC utilizes the basics of FL and its potential applications in blockchain-assisted decentralized zero-trust satellite networks. Also, the proposed BEDZTM-PQC leverages FL principles to deal with computational complexity problems in analyzing large-scale network data and identifying unusual patterns indicative of malicious activities with better accuracy. The architecture diagram of the BEDZTM-PQC is presented in Figure 2.

Figure 2 demonstrates the overall flow processes of BEDZTM-PQC to boost the robustness of satellite communication. As presented in the above architecture, initially a blockchain-enabled zero-trust satellite network is considered with a larger number of satellite users or nodes. Then, BEDZTM-PQC continuously monitors the behavioral data of all the satellite users. Next, the zero-trust decision engine (ZTDE) in BEDZTM-PQC is responsible for enforcing access control, trust scoring, and security polices where the attack surfaces are dynamic and distributed. With the help of ZTDE, BEDZTM-PQC authenticates satellite users with post-quantum credentials and signatures by analyzing every access or communication request in real time. The ZTDE in BEDZTM-PQC never assumes trust, even from previously authenticated devices or nodes, and makes policy decisions by applying zero-trust rules stored in blockchain smart contracts based on post-quantum credentials and signatures (stored in the blockchain). The blockchain is a distributed ledger technology that facilitates transparency, redundancy, and accountability across decentralized networks via recording transactions in an immutable manner. The blockchain ledger in BEDZTM-PQC stores public keys, policy decisions, and anomaly logs for transparency. Finally, FL is applied in BEDZTM-PQC to identify unusual patterns or behaviors in network data that may indicate security threats. The detailed process of BEDZTM-PQC is described in the following sections.

3.2. PQC Integrated with BEDZTS

In BEDZTSN, blockchain nodes (satellites, ground stations) require secure consensus and signing. In addition to that, zero-trust security requires strong identify verification, encryption, and continuous authentication. PQC provides quantum-safe digital signatures, key exchange, and encryption for all these layers.

3.2.1. Initialization: Satellite Key Generation

Each satellite generates a post-quantum public and private key pair (for example, use Dilithium for digital signatures and Kyber for encryption), and the key information of satellite users is stored in a blockchain smart contract. In our work, CRYSTALS-Kyber lattice-based key encapsulation mechanism is considered. Let’s assume ‘$m$’ describes the degree of polynomials where ‘$m=256$’ and ‘$q$’ defines modules where ‘$q=3329$’. Then, sample secret and error vectors are represented as follows:

$$s\leftarrow {\gamma }^z,e\leftarrow {\gamma }^z$$

(2)

In Equation (2), $\gamma$ indicates a discrete Gaussian or centered binomial distribution. From that, the public matrix is formulated as follows:

$$AϵR_q^{z\times z}$$

(3)

Consequently, compute $\tau =A.s+e$. Thus, a public key ($P_k$) is generated as follows:

$$P_k=(A, \tau )$$

(4)

Finally, a secret key ($S_k$) is generated as follows:

$$S_k=ƙ$$

(5)

3.2.2. Mutual Authentication via ZTDE

When a new node (satellite user/ground station) initiates communication, BEDZTM-PQC utilizes ZTDE, where it must present a signed identity proof using a Dilithium signature. The ZTDE verifies this by using the public key from the blockchain. If the satellite node is normal, i.e., trusted, then BEDZTM-PQC generates a key via Kyber and allows connection. If the satellite node is an anomaly, i.e., risky, then BEDZTM-PQC isolates the request and logs the anomaly in the blockchain. The ZTDE in BEDZTM-PQC stores every decision to the blockchain ledger for transparency, auditability, and collaborative trust assessment across satellites.

3.2.3. Blockchain Transactions

In BEDZTSN, all blockchain operations (i.e., policy updates, satellite logs, and telemetry records) are signed with Dilithium or FALCON. Blockchains are verified with the help of quantum-safe consensus (i.e., signature), and smart contracts are only executed if the sender is authenticated via a verified PQC signature.

Blockchain Hashing:

Blockchain hashing is utilized in BEDZTM-PQC to ensure the integrity, immutability, and security of data. It plays a significant role in transaction verification, block creation, and consensus in BEDZTSN. Here, the hash function maps the input data, i.e., transaction data, of any size to a fixed-size output. In the proposed BEDZTM-PQC, each transaction is hashed for fast lookup and integrity using the following equation:

$${\mathsf{\Psi }}_{PQ}\left(b_i\right)=PQHash\left(b_i\right)$$

(6)

In Equation (6), $b_i$ depicts a block in the blockchain, whereas ${\mathsf{\Psi }}_{PQ}\left(b_i\right)$ refers the post-quantum secure hash of the block, and $PQHash$ is the post-quantum hash function. From that, each node (satellite/ground station) verifies data integrity using hashes, and the blockchain ledger securely stores hashes of telemetry logs, access control events, authentication keys, etc. Smart contract hashes identified data to enforce zero-trust polices. The advantages of blockchain hashing in BEDZTM-PQC are shown in

Table 1. Benefits of blockchain hashing.

Features	Benefits
Immutability	Ensure that no data in the blockchain is changed
Auditability	Any tampering with data is immediately detectable
Efficiency	Hashes allow fast verification without reprocessing all transactions
Security Backbone	Supports zero-trust and smart contract logic in satellite systems

.

3.2.4. Quantum-Safe Key Exchange for Secure Channel

Satellite nodes establish a secure channel using Kyber key encapsulation. This is followed by PQC being applied to secure blockchain transactions.

Encryption:

$${\alpha }_{PQ}\left({Tr}_i\right)=PQEncrypt({Tr}_i,PK)$$

(7)

In Equation (7), ${Tr}_i$ refers to the transaction data and $PK$ represents the post-quantum cryptographic key (i.e., public key of receiver satellite node), whereas ‘${\alpha }_{PQ}\left({Tr}_i\right)$’ defines an encrypted transaction using a PQC algorithm.

Decryption:

$$\left({\alpha }_{PQ}({Tr}_i)\right)=PQDecrypt\left({\alpha }_{PQ}\left({Tr}_i\right) ,SK\right)$$

(8)

In Equation (8), ‘${\beta }_{PQ} ({\alpha }_{PQ} ({Tr}_i\left)\right)$’ defines a decrypted transaction and $SK$ indicate represents a post-quantum cryptographic key (i.e., secret key of receiver satellite node). The following are PQC algorithms shown in

Table 2. PQC algorithms.

PQC	Type	Use Case in BEDZTSN
Crystals-Kyber	Key Encapsulation Mechanism (KEM)	Secure session key exchange for inter-satellite links
Crystals-Dilithium	Digital Signature	Signing identities, transactions, and blockchain entries
Falcon	Digital Signature	Lightweight signature for constrained LEO satellites

that are employed in our work.

4. FL-Based Anomaly Detection

In this paper, FL is used to efficiently identify the normal and anomalous behavior node based on encrypted satellite traffic data, node behavior, and smart contract interaction logs. The processing diagram of FL for threat identification in BEDZTSN is demonstrated in Figure 3.

The training phase of federated learning for anomaly detection is described mathematically as follows:

$$FL=Train\left(FL,{Data}_T\right)$$

(9)

Here, $FL$ represents FL and ${Data}_T$ indicates the training dataset ${Data}_T=\left(d_1,y_1\right),...,\left(d_n,y_{1n}\right),$ where $d_i$ includes extracted features from blockchain transactions, smart contract decisions and satellite telemetry, communication logs, and $y_i ϵ 0,1$.

FL is a machine learning concept where multiple decentralized clients (e.g., satellites, ground stations) collaboratively train a shared global model without sending their local data to a central server. Each node trains a local anomaly detection model (e.g., autoencoder), and the global model is updated in rounds.

Step-by-Step FL Process:

Step 1: Initialization: First, the global model parameters ${\omega }^0$ are initialized and shared with all participating satellites (clients).

Step 2: Local Training: Each client ‘$i$’ uses its local behavioral dataset ${Data}_T$ to train the model and compute an updated model ${\omega }_i^t$ at round t. Here, the local loss function (i.e., mean squared error for auto encoder) is mathematically obtained as follows:

$${\mathcal{L}oss}_i\left(\omega \right)={\displaystyle \frac{1}{\left|{Data}_T\right|}}{\sum }_{x_jϵ{Data}_T}l(f_{\omega }\left(d_i\right),d_i)$$

(10)

In Equation (10), $f_{\omega }\left(d_i\right)$ describes model output (e.g., reconstructed input), whereas $d_i$ represents the input vector of behavioral features. In the FL concept, the autoencoder is considered as a local model for anomaly detection. Consequently, each node determines updated model using the following:

$${\omega }_i^t={\omega }^{t-1}-\eta \nabla {\mathcal{L}oss}_i\left({\omega }^{t-1}\right)$$

(11)

The above Equation notations are shown in

Table 3. Notations.

Symbol	Meaning
${\mathit{\omega }}^{\mathit{t}-1}$	The global model weights from the previous round (t − 1). This model is sent to each client (satellite node).
${\mathit{\omega }}_{\mathit{i}}^{\mathit{t}}$	The locally updated model weights computed by client (satellite) i during round t.
$\mathit{\eta }$	The learning rate, a scalar value that controls the step size in gradient descent.
${\mathcal{L}\mathit{o}\mathit{s}\mathit{s}}_{\mathit{i}}\left({\mathit{\omega }}^{\mathit{t}-1}\right)$	The gradient of the local loss function ${\mathcal{L}oss}_i$ evaluated using satellite i data and the global weights ${\omega }^{t-1}$. This tells us the amount and in what direction to adjust the weights.
${\mathcal{L}\mathit{o}\mathit{s}\mathit{s}}_{\mathit{i}}(·)$	The local objective function (or loss function) for client i. This measures how well the model predicts or reconstructs the satellite’s own behavioral data.

.

Step 3: Model Update Sharing (on-chain)

Each satellite determines its local update using the following:

$$∆{\omega }_i^t={\omega }_i^t-{\omega }_i^{t-1}$$

(12)

The hash of $∆{\omega }_i^t$ and a proof of correctness (optional for privacy) are stored on the blockchain for verifiability using the following:

$${BlockchainEntry}_i^t=Hash\left(∆{\omega }_i^t\right)\mid \mid Timestamp\mid \mid Node ID$$

(13)

Step 4: Global Aggregation

The aggregator determines the Federated Averaging using the following:

$${\omega }^t=\sum _{i=1}^M{\displaystyle \frac{\left|{Data}_T\right|}{\sum _{j=1}^M\left|{Data}_T\right|}}{\omega }_i^t$$

(14)

Then, weighted aggregation using trust scores (e.g., based on node behavior history) is formulated as follows:

$${\omega }^t={\sum }_{i=1}^M{TS}_i.{\omega }_i^t\mathrm{Where} \sum {TS}_i=1$$

(15)

The updated model ${\omega }^t$ is sent to all clients for the next training round or for inference use.

Step 5: Anomaly Detection: After training, each satellite uses the global model to detect behavioral anomalies in real-time using the following:

$$y=\left\{\begin{array}{c}ifTS\left(d_i\right)>th, then\left(y=1\to anomalybehaviour\right)\\ otherwise, \left(y=0\to Normalbehaviour\right)\end{array}\right.$$

(16)

From that, FL efficiently detects unusual patterns or behaviors in network data that may point out security threats or system faults with higher accuracy. Here, 0 represents a normal behavior satellite node, whereas 1 describes an anomaly satellite node, according to the detected output; then, ZTDE in BEDZTM-PQC makes policy enforcement, i.e., allows, restricts, or re-authenticates. If the anomaly node is detected, then BEDZTM-PQC logs the event in the blockchain ledger and triggers the smart contract policy (e.g., deny access, re-authenticate). If the normal behavior node is detected, then BEDZTM-PQC logs the event in the blockchain ledger and grants full access.

Step 6: Continuous Verification (zero-trust Loop):

The identity of each satellite user or node is continuously re-verified with the help of a PQ signature and using dynamic behavioral data. Here, suspicious activity (i.e., invalid PQ signature anomaly in message timing) triggers policy enforcement via the smart contract.

The algorithmic process of the proposed BEDZTM-PQC is described in Algorithm 1.

Algorithm 1: Blockchain-Enabled Decentralized Zero-trust Model based Post-Quantum Cryptography and Federated Learning

1: Input: Number of satellite $i_1,i_2,..,i_M$’; Behavior logs, access pattern, trust score

2: Output: Enhance security and Intelligence of satellite network

3: Begin

4: Consider number of satellite users $i_1,i_2,..,i_M$’ in BEDZTSN

5: Define problem formulation $\underset{a_{\mathit{ij}\left(t\right)}}{\max }\sum _{i,j}{a}_{ij\left(t\right)}.{Tr}_{ij}-x.L\left(t\right)-y.\sum _i\left({\displaystyle \frac{C_i}{E_i}}\right)$

6: For each satellite user ‘$i$’

//Satellite Behavior Continuous Monitoring//

7: Continuously monitors their behaviors in dynamic satellite network

8: Stores Behavioral data of each user in blockchain ledger

9: end for

10: // Satellite Key Generation//

11: For each satellite user ‘$i$’ generate post-quantum public and private key pair

12: Sample Secret and error vectors are represented as $s\leftarrow {\gamma }^z,e\leftarrow {\gamma }^z$,$\gamma$ indicate discrete Gaussian or centered binomial distribution

13: public matrix is formulated as $AϵR_q^{z\times z}$

14: compute $\tau =A.s+e$. Then, public key (PK) is generated as,$P_k=(A,\tau )$

15: secret key (SK) is generated as,$S_k=ƙ$

16: end for

// Mutual Authentication via ZTDE Decision Logic//

17: for each new access request from satellite node or user ‘$i$’

18: if (PQ Signature Valid) & (Policy Match), Then

19: if (QRVM Trust Score < Threshold) Then Grant Access

20: else

21: Deny Access + Log Event

22: end if

23: else

24: Re-Authenticate or Block

25: end if

26: end for

// BlockChain Ledger//

27: For each transaction data in blockchain

28: Hash function maps transaction data of any size to fixed-size output

${\mathsf{\Psi }}_{PQ}\left(b_i\right)=PQHash\left(b_i\right)$

29: Blockchain ledger securely stores hashes of transaction data

30: Verifies data integrity

31: end for

// Quantum Safe Key Exchange for Secure Channel//

32: For each transaction in blockchain

33: Encrypt transaction with public key of receiver satellite node

${\alpha }_{PQ} \left({Tr}_i\right) = PQEncrypt({Tr}_i ,PK)$

34: Perform Post-quantum Decryption with secret key of receiver node

${\beta }_{PQ} ({\alpha }_{PQ} ({Tr}_i\left)\right) = PQDecrypt({\alpha }_{PQ} ({Tr}_i), SK)$

35: End For

// FL for Anomaly Detection//

36: For each satellite user ‘$i$’ with input behavior data features ‘$d_i$’

37: Initialization global parameters ‘${\omega }^0$’anddistribute to all clients

38: for each round t = 1 to T

39: Local Training phase $FL =Train(FL,{Data}_T)$

40: Local loss function ${\mathcal{L}oss}_i\left(\omega \right)={\displaystyle \frac{1}{\left|{Data}_T\right|}}{\sum }_{x_jϵ{Data}_T}l(f_{\omega }\left(d_i\right),d_i)$

41: Update model ${\omega }_i^t$ at round t using ${\omega }_i^t={\omega }^{t-1}-\eta \nabla {\mathcal{L}oss}_i\left({\omega }^{t-1}\right)$

42: Each satellite determines its local update using $∆{\omega }_i^t={\omega }_i^t-{\omega }_i^{t-1}$

43: Each node records a hashed proof of update on blockchain for audit

${BlockchainEntry}_i^t=Hash\left(∆{\omega }_i^t\right)\mid \mid Timestamp\mid \mid NodeID$

44: Global Aggregation ${\omega }^t=\sum _{i=1}^M{\displaystyle \frac{\left|{Data}_T\right|}{\sum _{j=1}^M\left|{Data}_T\right|}}{\omega }_i^t$

45: Weighted aggregation using trust scores using ${\omega }^t=\sum _{i=1}^M{TS}_i.{\omega }_i^t$ Where $\sum {TS}_i=1$

46: Anomaly Detection $y=\left\{\begin{array}{c}if TS\left(d_i\right)>th, then (y=1\to anomaly behaviour)\\ otherwise,(y=0\to Normal behaviour)\end{array}\right.$

47: end if

48: end for

49: end for

// Continuous Verification (Zero Trust Loop)//

50: Each satellite user or node is continuously re-verified

51: Triggers policy enforcement via smart contract

52: end

5. Simulation

The proposed BEDZTM-PQC and conventional blockchain-enabled federated learning (BFL) framework [1] are implemented in MATLAB. To conduct the experimental process, the varying numbers of satellite users in a range of 50, 100, 150, 250, 500, 750, and 1000 are assumed as input. The simulations and model evaluations were performed on a standalone desktop system with the following conditions are shown in

Table 4. Hardware and software environment.

Component	Specification
Processor (CPU)	Intel Core i7-12700K @ 3.60 GHz, 12 Cores
RAM	32 GB DDR4 @ 3200 MHz
Storage	1 TB NVMe SSD
GPU	NVIDIA RTX 3060 (12 GB)
Power Supply	500 W PSU, consistent 220 V input
Operating System	Windows 10 Pro (64-bit)
Simulation Tools	MATLAB R2024b
Blockchain Framework	Hyperledger Fabric 2.5 (private network with 3 peers and 1 ordered node)
PQC Library	CRYSTALS-Kyber and Dilithium
ML Framework	Scikit-learn, Tensor Flow Quantum

,

Table 5. Satellite network environment.

Parameter	Value
Number of satellites	100 (LEO constellation, 500–1200 km altitude)
Ground stations	10 (globally distributed)
Mobility model	TLE-based SGP4 orbital propagation via Ns-3
Inter-satellite links (ISL)	Laser and RF hybrid links
Link delay	2–12 ms (ISL), 10–80 ms (satellite-ground)

and

Table 6. Zero-trust and authentication parameters.

Feature	Configuration
Trust evaluation cycle	Every 3 s per node
Trust decay rate	Adaptive, based on behavioral uncertainty
Mobility model	Per session and on suspicious activity trigger
Inter-satellite links	[0, 1], with 0.5 as decision threshold
Link delay	2–12 ms (ISL), 10–80 ms (satellite-ground)
Communication protocol	Custom overlay over UDP/IP stack

respectively.

The following table shows five users’ session evaluations.

In the above

Table 7. Real-world simulation performance results.

User_ID	Sessions	Trust Score (TS)	Local Loss	User_Type
“User_1”	39	0.35	0.087	“Anomaly”
“User_2”	43	0.92	0.031	“Normal”
“User_3”	37	0.90	0.030	“Normal”
“User_4”	34	0.89	0.034	“Normal”
“User_5”	32	0.45	0.078	“Anomaly”

, User_1 and User_5 had low trust scores due to higher local loss, and, therefore, BEDZTM-PQC found User_1 and User_5 as an anomaly.

• The simulation results of BEDZTM-PQC are compared against the state-of-the-art BFL framework [1] using the following metrics:

• Accuracy.
• Latency.
• Security.
• Energy resource consumption.
• Robustness to adaptive attacks.

5.1. Performance Measure of Accuracy

The accuracy is calculated based on the ratio of the number of satellite users that are correctly identified as an anomaly or normal to the total number of satellite users considered as an input, using the following equation:

$$\mathrm{\pounds }={\displaystyle \frac{{\mu }_a}{M}}\times 100$$

(17)

In Equation (17), ‘${\mu }_a$’ represents the number of satellite users exactly authenticated as an anomaly or normal, whereas ‘$M$’ defines the total users considered as an input for simulation work. The authentication accuracy is observed in terms of percentage (%).

Table 8. Simulation performance of accuracy level.

Number of Satellite	Security Level (%)
Users	Existing BFL	Proposed BEDZTM-PQC Model
50	89.54	93.11
100	89.92	93.85
150	90.14	94.05
250	90.48	94.41
500	90.89	94.89
750	91.03	95.23
1000	91.31	96.14

and Figure 4 demonstrate that the simulation results of BEDZTM-PQC consistently outperform conventional BFL [1] across all tested satellite constellation sizes (from 50 to 1000 nodes). This improvement validates the effectiveness of combining trust-aware federated learning, zero-trust authentication, and post-quantum secure communication mechanisms. The BEDZTM-PQC model achieves near 96.14% accuracy at 1000 nodes, demonstrating excellent scalability, security, and learning stability. The performance gap between BFL [1] and BEDZTM-PQC increases with network size, which is critical for future large-scale LEO satellite constellations. The experimental results demonstrate that the BEDZTM-PQC framework significantly enhances authentication accuracy over conventional BFL [1] across all network sizes. The combination of blockchain, zero-trust evaluation, and PQC not only improves authentication accuracy but also ensures resilience against adaptive threats and scalability to 1000 nodes. Thus, the proposed BEDZTM-PQC achieves 96.14% accuracy while considering 1000 users as input for experimental evaluation, whereas state-of-the-art BFL [1] obtained 91.31%.

5.2. Performance Measure of Latency

Latency is calculated based on the time required to efficiently deliver the data packets between the genuine users in the satellite network. Accordingly, the latency is obtained as follows:

$$l=\sum _{i=1}^n{\delta }_i\times \mathsf{\tau }$$

(18)

In Equation (18), ‘${\delta }_i$’ represents a data packet and ‘$\mathsf{\tau }$’ describes the time used by a satellite user to effectively broadcast the single data packets in the network, whereas ‘$n$’ represents the total data packets considered as input. The latency is observed in terms of milliseconds (ms).

In

Table 9. Simulation performance of latency.

Number of Data	Latency (ms)
Packets	Existing BFL	Proposed BEDZTM-PQC Model
50	0.44	0.30
100	0.47	0.33
150	0.50	0.37
250	0.55	0.42
500	0.58	0.48
750	0.62	0.51
1000	0.65	0.56

and Figure 5, the proposed BEDZTM-PQC model consistently outperforms traditional BFL across all scalability points. In addition, the proposed BEDZTM-PQC offers stronger authentication security, better resistance to adaptive attacks, and higher robustness in FL environments. The performance gap increases with scale, demonstrating that the proposed BEDZTM-PQC is better suited for large satellite constellations. This is because of the use of trust-aware federated learning, zero-trust authentication, and the post-quantum secure communication concept in our research work. Hence, the proposed BEDZTM-PQC model boosts the rate of reliable data transmission in a satellite environment. For that reason, the proposed BEDZTM-PQC attained 98.12% security while taking 250 data packets as input for experimental evaluation, whereas the state-of-the-art BFL [1] achieves 93.48%.

5.3. Performance Measure of Security

The security level (µ) is calculated depending on the ratio of the number of data packets that are accessed only by authoritative users to the total data packets considered as input. Thus, the security level (µ) is obtained using the following:

$$\mathrm{\mu }={\displaystyle \frac{{\nu }_a}{\nu }}\times 100$$

(19)

In Equation (14), ‘${\nu }_a$’ describes the number of data packets accessed only by genuine users in a satellite network environment, whereas ‘$\nu$’ points out the total data packets taken as input. The security rate is observed in terms of percentage (%).

In

Table 10. Simulation performance of security.

Number of Data	Security (%)
Packets	Existing BFL	Proposed BEDZTM-PQC Model
50	90.57	96.41
100	92.02	96.90
150	92.44	97.06
200	92.87	97.45
250	93.48	98.12

and Figure 6, the proposed BEDZTM-PQC model consistently outperforms traditional BFL across all scalability points. In addition, the proposed BEDZTM-PQC offers stronger authentication security, better resistance to adaptive attacks, and higher robustness in FL environments. The performance gap increases with scale, demonstrating that the proposed BEDZTM-PQC is better suited for large satellite constellations. This is because of the use of trust-aware federated learning, zero-trust authentication, and the post-quantum secure communication concept in our research work. Hence, the proposed BEDZTM-PQC model boosts the rate of reliable data transmission in satellite environments. For that reason, the proposed BEDZTM-PQC attained 98.12% security while taking 250 data packets as input for experimental evaluation, whereas state-of-the-art BFL [1] achieves 93.48%, respectively.

5.4. Scalability to Large Satellite Constellations (e.g., 1000+ Nodes)

In

Table 11. Comparative scalability result.

Satellites	Authentication	Average	Peak	Blockchain	PQC
	Accuracy (%)	Latency (ms)	Memory Per Node (MB)	Overhead (ms)	Key Size (kB)
250	96.3	1.48	4.8	190	3.2
500	95.2	1.85	5.5	220	3.2
750	93.8	2.21	6.4	265	3.2
1000	92.1	2.58	7.2	312	3.2
1250	90.3	2.95	8.1	355	3.2
1500	88.6	3.42	8.9	398	3.2

[24], accuracy decreases gradually as the number of satellite nodes increases due to higher behavioral diversity, increased chance of data heterogeneity, and more potential for adversarial behavior.

Table 11 [24] illustrates the performance of the proposed BEDZTM-PQC under varying numbers of satellite nodes (250–1500). The results demonstrate a clear trade-off between authentication accuracy, latency, memory consumption, and blockchain overhead as network scale increases. The authentication accuracy decreases slightly from 96.3% at 250 satellites to 88.6% at 1500 satellites. Theoretically, this degradation occurs because as the network expands, the number of inter-satellite communication links and concurrent authentication requests grows exponentially, increasing the probability of transient mismatches and synchronization delays. However, the model maintains high accuracy due to the FL mechanism, which continuously updates local models using decentralized anomaly feedback while preserving data privacy. Latency increases from 1.48 ms to 3.42 ms as the number of satellites grows. This trend aligns with the expected communication overhead in decentralized blockchain-based systems. The latency growth is primarily due to block propagation delay and consensus validation time within the blockchain ledger. Despite this increase, the observed latency remains within acceptable real-time communication thresholds for inter-satellite links, demonstrating that the ZTA with smart contract enforcement does not critically impact operational responsiveness. The peak memory per node rises gradually from 4.8 MB to 8.9 MB. This increment is theoretically justified by the increase in stored local ledger data, authentication logs, and FL model parameters. The hierarchical federated learning structure minimizes this impact by distributing training tasks across groups, thus avoiding excessive memory overload on individual satellites. Blockchain overhead increases from 190 ms to 398 ms with network size, reflecting the additional time required for consensus verification and block synchronization among larger satellite clusters. This overhead is partly mitigated by the model’s group-based blockchain partitioning, where smaller clusters maintain localized chains before synchronizing globally, reducing delay propagation effects. The PQC key size remains constant at 3.2 kB, which indicates that the post-quantum cryptographic scheme (likely lattice-based or hash-based) maintains consistent key lengths regardless of network size. This stability ensures predictable storage and transmission overhead, making the cryptographic layer scalable for large constellations. The theoretical analysis confirms that BEDZTM-PQC achieves a balanced trade-off between security strength and computational efficiency. Despite a moderate increase in latency and overhead with scaling, the system maintains high authentication accuracy, manageable resource utilization, and quantum-resistant protection, validating its feasibility for next-generation decentralized satellite security architectures.

5.5. Energy/Resource Consumption per Authentication Cycle

Table 12. Comparative energy/resource consumption result.

Action Phase	Avg CPU Time (ms)	Energy Consumption (mJ)	Comm Overhead (Bytes/Session)
Trust Score Calculation	3.8	13.2	250
Post-Quantum Decryption	2.2	8.1	128 (key handshake)
Blockchain Transaction (Smart Contract Logging)	3.6	11.7	300 (anomaly log payload)
Final Detection and Action	1.3	4.2	150 (alert/grant signal)
Total per Cycle	19.2 ms	68.4 mJ	~828 bytes

shows ultra-low energy footprint per cycle (~68.4 mJ), which fits well within LEO nano satellite power budgets; real-time authentication is achieved in ~19.2 ms and communication overhead is under 1 KB, including PQC keys and blockchain logs.

Table 12 presents the computational and communication performance of the BEDZTM-PQC model during different action phases within each authentication and anomaly detection cycle. The metrics analyzed include average CPU time, energy consumption, and communication overhead, which together quantify the system’s operational efficiency and resource cost. Trust score calculation phase consumes an average of 3.8 ms CPU time and 13.2 mJ of energy, with a communication overhead of 250 bytes per session. The moderate resource usage stems from the multi-factor trust evaluation, where each satellite computes a trust score based on behavioral, cryptographic, and consensus parameters. The computational demand here is largely due to the Bayesian trust aggregation and blockchain state verification used to cross-validate node integrity within the cluster. The PQC decryption phase requires 2.2 ms and 8.1 mJ, with an additional 128 bytes for key exchange and handshake communication. The relatively low overhead demonstrates the efficiency of the selected lattice-based post-quantum cryptographic scheme, which provides quantum-resistant encryption while maintaining practical computational requirements. This phase ensures message confidentiality and forward security without significantly impacting energy budgets, which is crucial for power-constrained satellites. The blockchain transaction stage exhibits a CPU time of 3.6 ms and energy consumption of 11.7 mJ, with a communication payload of approximately 300 bytes per anomaly or transaction record. The overhead arises from smart contract execution and block validation, which require consensus among group members. The theoretical advantage here lies in distributed verification, where logging security events on-chain guarantees immutability and accountability, thereby reinforcing the ZTA principles. The detection and action phase is responsible for alert generation or access authorization, consuming 1.3 ms and 4.2 mJ with 150 bytes of signaling data. Its minimal cost reflects the optimized federated anomaly classifier, which leverages locally trained models for rapid decision-making. The lightweight signaling ensures prompt response for threat mitigation with minimal delay propagation across the satellite cluster. The total computational cost per full cycle is 19.2 ms and 68.4 mJ, with an approximate communication footprint of 828 bytes. Theoretically, this represents a highly efficient operational profile, balancing cryptographic security, blockchain verification, and learning-based detection. Such results validate the feasibility of deploying BEDZTM-PQC in real-time inter-satellite communication environments, where both low latency and high energy efficiency are mission-critical. The integrated evaluation of cryptographic, blockchain, and federated processes shows that the model maintains strong security guarantees with lightweight computational and communication overhead. This confirms that the multi-layered zero-trust mechanism is suitable for distributed satellite networks without compromising operational efficiency.

5.6. Robustness to Adaptive Attacks

In

Table 13. Comparative robustness to adaptive attacks.

Attack Type	Detection Rate (%)	False Negative Rate (%)	Avg Detection Delay (ms)	Remarks
Baseline Random Attack	97.4	2.6	1.3	High sensitivity maintained via trust scores + anomaly thresholds
Mimicry Behavior Attack	89.5	10.5	2.4	Delay increases due to realistic behavior imitation; cost function impact observed
Poisoned FL Model Updates	93.2	6.8	1.8	Trust score decay + gradient norm clipping restrict model poisoning
Backdoor Trigger Injection	90.7	9.3	2.5	Blockchain-based model fingerprinting detects tampered updates
Replay Attack with PQC Wrapping	95.5	4.5	1.7	Time-bound PQC token validation + ledger replay logs mitigate the threat
Insider Trusted Node Hijack	88.2	11.8	2.9	Adaptive trust reweighting + anomaly history tracking slowly mitigates impact

, the BEDZTM-PQC maintains strong robustness for baseline random attack, replay attack, and slight vulnerability to mimicry attackers, and insider trusted node hijack due to static behavior inputs.

Table 14. Comparative performance of security models [1,6,8] for satellite networks.

Feature/Metric	BFL [1]	HECC-Based Authentication [6]	Ozta [8]	Proposed BEDZTM-PQC
Accuracy	~91% at 1000 nodes	Moderate (~85% at scale)	Limited, anomaly-specific	96.14% at 1000 nodes
Latency	Moderate (0.65 ms @1000 packets)	Low (lightweight crypto)	Moderate-High	Low (0.56 ms @1000 packets)
Security Strength	Classical crypto, not quantum-safe	Lightweight ECC, vulnerable to quantum	Zero-trust enforced, no PQC	Quantum-resistant (CRYSTALS-Kyber, Dilithium, Falcon)
Scalability	Moderate (performance degrades > 750 nodes)	Poor for large constellations	Architecture supports scaling, but limited anomaly detection	High (robust at >1000 nodes)
Anomaly Detection	Federated learning (basic)	Authentication only, no anomaly detection	Partial (false injection focus)	Hierarchical FL with group-based detection
Robustness to Adaptive Attacks	Moderate	Weak against insider/mimicry attacks	Not evaluated	Strong (trust-score reweighting, PQC replay defense)

and Figure 7 show the proposed BEDZTM-PQC consistently outperforms BFL, HECC-based authentication, and oZTA across all critical metrics. Its integration of the blockchain, federated learning, and PQC provides not only immediate improvements in accuracy and latency but also ensures long-term quantum resilience and robustness against adaptive threats.

6. Conclusions

In this paper, BEDZTM-PQC is presented for anomaly detection in satellite communication networks by integrating PQC mechanisms with the FL concept. The designed BEDZTM-PQC eliminates implicit trust among satellite nodes and ground stations by enforcing continuous verification, decentralized access control, and tamper-proof auditability via a blockchain. By incorporating lattice-based post-quantum cryptographic primitives, the BEDZTM-PQC ensures long-term resilience against quantum-era attacks, which are especially relevant to mission-critical space systems. To detect anomalous behaviors in real time, BEDZTM-PQC employed the FL concept, where autoencoder-based detectors are considered as local models. These models can adapt to evolving traffic patterns without requiring labeled training data, making them ideal for dynamic, high-latency satellite environments. This research presents an advanced security framework tailored for the emerging needs of satellite networks, where traditional centralized models and individual node protections are no longer sufficient. The proposed group-protected decentralized zero-trust architecture, reinforced by the blockchain, PQC, and FL provides a robust and scalable solution to modern cyber threats, particularly in the context of space-based communication systems. By introducing group-level authentication, trust scoring, and threshold cryptographic mechanisms, the model effectively mitigates single point of failure (SPOF) risks at both node and team levels. Blockchain technology underpins the system’s trust and accountability by maintaining immutable records of all interactions and decisions. The proposed architecture demonstrates significant improvements in security robustness, anomaly detection accuracy, fault tolerance, and system scalability. These enhancements make the solution particularly suitable for critical applications in defense, remote sensing, environmental monitoring, and global satellite communications.