Inside GNSS Media & Research

JUL-AUG 2019

Issue link:

Contents of this Issue


Page 30 of 67 J U L Y / A U G U S T 2 0 1 9 Inside GNSS 31 component are transferred to the smartcard, which produces the local replica for correlation. Figures 3 and 4 are examples of Class 2 implementations on either a GNSS module (with an external HSM) or in a smart phone (using a smartcard, or the operator sim card assuming they would adopt this approach). High Level Protocol Description e protocol combines both cryptographic techniques and receiver implementations to achieve the following services: • Delayed authentication (DA). is is achieved by the release of a delayed key that is used to generate a PRN sequence that can authenticate the code a er it was received. • Early Authentication (EA). is is achieved by the generation of keys inside a security module of Class 2 devices that allows the generation of a PRN sequence in advance and is used to authenticate the code as soon as it is received. • Authentication and secure navigation (SN) with a symmetric approach. is is achieved by generating the full encrypted PRN sequence inside Class 3 devices and that allows authen- tication and secure navigation. e concept of having a high frequency transmission of PRN for authentication and a lower one is also detailed in the paper by Anderson et alia (Additional Resources), where it is described as fast and slow authentication. A major diff erence is that in Chimera the fast authentication requires a connection with an aiding channel, as it is assumed that the fast authen- tication information is transmitted over a network channel. With the proposed approach in this article, a Class 2 device can achieve a high frequent authentication without connection for short periods (this could be a fl ight, or a specifi c travel or journey, and needs to connect in case of rekeying of the sys- tem, that could be scheduled or requested [requested should be alerted via an above Navigation Message Authentication (NMA] service). Alternatively, if suffi cient bandwidth is available, rekey- ing could be performed over the signal in space (however 1-2 megabytes of data would be required). Service Category: Authentication Latency Secure Navigation Requires Comm link Requires HSM Delayed Authentication (DA) Class 1– autonomous 10s Snapshot, 10s No No Delayed Authentication (DA) Class 1– Remote Processing 3-5s Snapshot, 3-5s Yes No Early Authentication (EA) Class 2, low end HSM 1s* Snapshot based No** Yes Secure Navigation (SN)+ EA Class 3, High end HSM <=1s <=1s No Yes Table 1: Comparison of HW categories * Performances under evaluation ** The hardware does not require a comm-link unless a rekeying is performed by the system. This could be a comm link or a physical update of keys in the HSM. e main concept is the following: the system generates mas- ter keys that are kept secret and never released. e master keys generate the operational keys, that are used for a period that shall be designed based on the security requirements. From the operational keys two other subset are obtained: • Session keys, that are created every X minutes (for example 10 mins). e Session keys generates two types of keys: ◉ Key Early Authentication (KEA) key, a key that will be used to implement a relatively fast authentication at code level with a symmetric authentication approach. e KEA will gener- ate a short PRN sequence that will be included in the signal at high frequency, for example every second. ese keys will also be available in the Class 3 receiver to achieve very low authentication latency and low time between authentications. ◉ Key Delayed Authentication (KDA) key, that is gener- ated as one time key every X seconds (for example 10s). e authentication key creates a PRN sequence that lasts some ms and is used for authentication purposes only. e key is released with a delayed approach and authenticated with some form of data authentication or Navigation Message Authentication (NMA). • Secure navigation keys, that are used to generate the PRN sequence for robust navigation. This, differently from authentication, allows robust navigation also when the signal is spoofed by an attacker and continuous authenti- cation of the signal. Receiver operation for delayed authentication (Class 1 devices): e receiver needs to acquire an open signal and get a time ref- erence and code phase. At the time T0 of the foreseen delayed authentication sequence transmission the receiver will store the IF data (I/Q samples for example) and wait for the key to be released or connect to a cloud server and send the IF data. For signal in space availability only, as soon as the key is released and authenticated the receiver can generate the PRN sequence from the key and perform a correlation with the stored signal (at time T0). For connected services the receiver will transmit the IF data and wait for processing, or, alternatively can receive the PRN sequence or the delayed KDA via the cloud service. Receiver operation for early authentication (Class 2 devices): The receiver needs to acquire an open signal and get a time reference and code phase. At the time T0 of the foreseen early authentication sequence transmission the receiver will correlate the signal with a local replica generated by the KEA keys. KEA will be generated by the session key. If session keys are compromised the Class 2 device needs to connect to a net- work and download the new session keys via a secure protocol (detection of attacks that can compromise the keys is not investigated in this article. One possible approach could be to use higher class receivers to detect lower class attacks).

Articles in this issue

Links on this page

view archives of Inside GNSS Media & Research - JUL-AUG 2019