To address the surging group communication demands arising from direct-to-device (D2D) connectivity of smartphones and IoT devices in low-Earth-orbit (LEO) satellite networks, this paper proposes a group encryption transmission scheme that jointly optimizes end-to-end security and spectral efficiency. The method innovatively integrates ciphertext-policy attribute-based encryption (CP-ABE) into the LEO multicast architecture for the first time, enabling fine-grained access control and secure multi-user reception over a single channel. By eliminating per-user encryption, the scheme avoids spectral redundancy inherent in conventional approaches, thereby preserving high spectral-efficiency broadcast while ensuring robust security. Moreover, it significantly reduces key management overhead, cutting key distribution costs by over 60%. Experimental evaluations demonstrate that the proposed scheme exhibits strong scalability and practicality under dynamic topologies and high-mobility conditions typical of LEO networks.

Low Earth Orbit (LEO) satellite networks serve as a cornerstone infrastructure for providing ubiquitous connectivity in areas where terrestrial infrastructure is unavailable. With the emergence of Direct-to-Cell (DTC) satellites, these networks can provide direct access to mobile phones and IoT devices without relying on terrestrial base stations, leading to a surge in massive connectivity demands for the serving satellite. To address this issue, group communication is an effective paradigm that enables simultaneous content delivery to multiple users and thus optimizes bandwidth reuse. Although extensive research has been conducted to improve group communication performance, securing this communication without compromising its inherent spectrum efficiency remains a critical challenge. To address this, we introduce StarCast, a secure group encryption scheme for LEO satellite networks. Our solution leverages ciphertext-policy attribute-based encryption (CP-ABE) to implement fine-grained access control by embedding access policies directly within the ciphertext. Unlike standard secure communication approaches that require dedicated per-user channels and significantly deplete limited satellite spectrum resources, StarCast maintains efficient spectrum reuse within user groups while ensuring that only authorized users can access transmitted data. Additionally, it significantly reduces the costly key management overhead associated with conventional encryption schemes.