Inside GNSS Media & Research

JUL-AUG 2019

Issue link: https://insidegnss.epubxp.com/i/1148308

Contents of this Issue

Navigation

Page 32 of 67

www.insidegnss.com J U L Y / A U G U S T 2 0 1 9 Inside GNSS 33 e KDA keys will have a new crypto period that is very short, for example 10 seconds. e KDA keys are released authenticated a er the expires for use in class 1 devices. e fi nal KDA keys will be a vector (including the KDA IV): (19) e KDA keys generates the Authentication Pseudo Random Number (PRN) sequence used for the Delayed Authentication (DA) service. It is generated by: (20) Where SC is a Stream Cipher function that generates the entire PRN sequence for delayed authentication integration peri- od (for example 20ms). e KEA keys will have a new crypto period that can range between and at discretion of the designer. e KEA keys are never released, and are maintained secret by the security module Class 3. e fi nal KEA keys will be a vector (including the KEA IV): (21) The KEA keys generates the Pseudo Random Number (PRN) sequence used for the early authentication service. It is generated by: (22) Where SC is a Stream Cipher function that generates the entire PRN sequence for the early authentication integra- tion period period (for example 10ms). and can be interleaved at choice by the system designer. One option that is considered in this article is the transmission of with a frequency and once every transmissions substitute the code with a . is would allow for example a 1s (an early authentication PRN transmitted every second) and a 10s , (every 9 seconds a delayed authentication PRN is transmitted). Finally, operational keys generate ( ) generates the Key Secure Navigation (KSN) key that is used to generate the PRN sequence used for secure navigation. As an exam- ple, it can be generated by: (23) (24) (25) Where SC is a Stream Cipher function that generates the entire PRN sequence and H a secure one way hashing func- tion. e introduction of an H function is suggested to detach the implementation of the PRN generation from the operational keys in order to not expose the service to poten- tial direct cryptanalysis of the PRN sequence. It is up to the FIGURE 5 Code combinations in Multi-Tier Signal Authentication. FIGURE 6 Key tree example construction. system designer to fi nd a strategy for the secure generation or dissemination of and , and they could be also a time-variable function. e fi nal PRN sequence transmitted by the satellite will be a combination of (20),(22) and (23): Given the repetition intervals = and = , (26) Meaning that substitutes once every 9 occur- rences as for the example above. Figure 6 shows the example of an entire key tree generation process following the approach proposed. e system designer shall adapt this example to its specifi c needs. Probabilistic Key Distribution for smart card attacks mitigation One interesting approach to mitigate the risk of a compromised smartcard can be achieved by using multiple session keys, each generating a specifi c KEA key, from which only a part of the codes associated to the KEA service can be derived. A receiver is given only a subset of all the session keys, in this way it can

Articles in this issue

Links on this page

view archives of Inside GNSS Media & Research - JUL-AUG 2019