Inside GNSS Media & Research

SEP-OCT 2018

Issue link:

Contents of this Issue


Page 58 of 67 S E P T E M B E R / O C T O B E R 2 0 1 8 Inside GNSS 59 requirements which aut hentication needs to meet. e most critical navi- gation operations in aviation are final approach and landing. Current SBAS (EGNOS, WAAS) are capable of sup- porting Cat I approaches, while naviga- tion data authentication is under discus- sion for the next generation standards. Cat I operational requirements dictate that authentication needs to respect the 6 seconds time to integrity alert and not negatively impact other performance aspects such as continuity. But strength in authentication is linked to the length of the key. If authentication needs to happen continuously instead of only once at the beginning of the approach, and if it needs to continue to authenti- cate the signal during the approach, then it needs to be done within the 6 seconds time to alert, while also leaving some room for a missed authentication due to bit errors. When relaxing authenti- cation requirements to something less than near real time, key length can be increased to make it stronger, but then other vulnerabilities become greater again. More generally, authentication and the need to decode a long key may bring other challenges: if now it becomes pos- sible to just send a short pulse every 6 seconds to knock out part of the authen- tication sequence, then vulnerability to jamming is increased. If authentication would be adopted, the more sensible approach would likely be to authenti- cate once or twice before beginning an approach, and then preserve this solu- tion with other monitors in line with the timescales of corresponding threat scenarios. Again, the right design bal- ance would need to be found to ensure that the added complexities actually bring benefit in hardening GNSS against attacks. Finally it has already been recog- nized in the community that naviga- tion data authentication will only protect against some spoofing attack scenarios, but not all of them. From an initial anal- ysis and looking at the GNSS signal and guidance elements in descending order of priority, protecting navigation data would come in at the third place aer first protecting the guidance path defini- tion and then the main ingredient of the actual navigation solution, pseudorang- es. erefore, the complexities of intro- ducing an authentication feature need to be evaluated against doing other, more simple things, such as adding baromet- ric altitude monitoring (through equip- ment integration, not replying on pilot monitoring only). Summary and Conclusion ese arguments should not be under- stood as aviation closing the door to authentication – it is more a report on ongoing thoughts and discussions. Cer- tainly, increasing security of such an essential CNS element as GNSS in any feasible way is a welcome possibility. However, to judge what best to do and how, an integrated analysis needs to con- sider many factors and weigh them care- fully. is article aims to highlight some of them, and also to educate the GNSS community about the complexities of the larger aviation and CNS system context. erefore, we encourage further research on the topic of GNSS security in aviation, so that this evolving relation- ship can converge towards an effective mix of operational measures and real time equipment mitigation functions. is should ensure that GNSS spoofing will remain something that has so far never been found to be a contributing factor to an aircra accident or incident. This article has focused on GNSS spoofing attacks directed at aircraft. However, many ground CNS systems also use GNSS for a large variety of purposes, including time synchroniza- tion. For ground CNS systems, many of the constraints discussed herein do not apply and are quite similar to other sectors. For such receivers, authentica- tion and many more advanced mitiga- tion techniques are completely feasible options. e scope of this discussion is further limited to the GNSS PVT infor- mation as it is obtained by the GNSS receiver through signals from the anten- na. It did not look at how the PVT infor- mation could be corrupted once it leaves the receiver for further processing. is is also an active area of security analysis, which has commonality with securing system architectures and data channels in general. It is a considerable challenge to keep an overview of all these aspects and focus mitigation efforts on the most relevant weaknesses. Hopefully, we will be able to remain a step ahead of the evolving security threat in all these areas. Acknowledgements The author would like to thank Paco Salabert, Pascal Barret and other EURO- CONTROL colleagues for their review and helpful discussions. Additional Resources [1] Annex 10 to the Convention on International Civil Aviation, Aeronautical Telecommunications, Volume I, Radio Navigation Aids, available from the International Civil Aviation Organization [2] ICAO, see default.aspx [3] European Radio Navigation Plan, European Commission, Version 1, 9 March 2018, available at [4] GNSS Sole Service Feasibility Study, EUROCON- TROL Experimental Centre Note No. 04/03, avail- able at content/public/document/eec/report/2003/007_ GNSS_Sole_Service_Feasibility_Study.pdf [5] ICAO Doc 10007, Report of the 12th Air Navi- gation Conference, Recommendation 6/7d, 2012, available from the International Civil Aviation Orga- nization [6] ICAO Doc 9849, Global Navigation Satellite System (GNSS) Manual, Advance 3rd Edition, 2017 (unedited), available from the International Civil Aviation Organization [7] Naerlich S., "Treatment of GNSS Repeaters", ICAO Navigation Systems Panel, Working Group of the Whole, Working Paper 3, Montreal, Canada, 9-18 November 2010 Author Gerhard (Gary) Berz is a Senior Navigation Systems Expert at EUROCONTROL, where he chairs the Navigation Steering Group on infrastructure aspects and actively participates in a number of working groups, including the ICAO Navigation Systems Panel and the EU/US Working Group C on Next Genera- tion GNSS. One of his main work areas is GNSS RF interference mitigation and spectrum matters. Before joining EUROCONTROL, he worked at sky- guide, the Air Navigation Service Provider of Swit- zerland, and for the U.S. Naval Air Systems Com- mand. He obtained avionics engineering degrees from Embry Riddle Aeronautical University and Ohio University.

Articles in this issue

Links on this page

view archives of Inside GNSS Media & Research - SEP-OCT 2018