Inside GNSS Media & Research

JUL-AUG 2019

Issue link:

Contents of this Issue


Page 37 of 67

38 Inside GNSS J U L Y / A U G U S T 2 0 1 9 Secure Navigation Code is the one reported in the legend. 10 ms is the total accumulation time for the TH approach, that is its observation window. Conversely, the observation time for TD in this particular case corresponds to the watermarking percentage, because the number of accumulations is 1. Figure 12 presents the probability of detection for a false- alarm probability of 10 - 6 , with a chipping rate of 1.023 MChip/s, with a more realistic approach. In this case the inte- gration time is fi xed to (a) 1ms and (b) 0.1 ms, for a rep- etition period of 10 ms. e authentication test is done with diff erent number of non-coherent accumulation: precisely: 1, 2, 5, 10, 50, 100, for the indicated total accumulation times. It is recalled that corresponds to the observation window for the TD approach (1ms in (a) and 0.1 ms in (b)). Conversely, the observation window for the TH approach remains 10 ms, for the spreading nature of the technique. Note: indicates the observation window necessary to complete an authentication test. It corresponds to when all the data necessary to reconstruct the Authentication-Code is broadcast later. However, the technique can be designed in a way that the same observation window is covered by more than 1 broadcast of the reconstruction data: this could be the case for low very power components. e analysis presented in Figure 11 and Figure 12 is derived from the analytical model, in AWGN channel. From Figure 12 it can be seen that an accumulation below one second can be well tailored with a 10% of watermarking, thus allowing quick authentication test, and comparable delay. e drawback of this approach can be found in the amount of data necessary to reconstruct 10% of the spreading code, and the corresponding bandwidth exploited. e second option of Figure 1212 relaxes the bandwidth demand, at the cost of slower authentication, and longer delay: however, being the Authentication-Code spread in a longer interval, the overall power of the secret com- ponent is weaker, thus making the solution more robust against estimation-based attacks. The considerations above ca n be ex tended to cover the conf iguration with a probabilistic key distribution approach. In this case, the bandwidth consumption is less critical, since the data is already stored in the receiver. Evolving the analysis reported, a more complex partition- ing policy can be adopted to increase the diversity among the subset of keys detained by a user. As described in Figure 77, the greater the number of total keys compared to the number of keys per user, the smaller is the overlapping among users. This is desirable to reduce the impact of a compromised smart card, as depicted in Figure 13 The fig- ure considers a more realistic setup, where the session lasts 10 seconds and 100 keys are hold by the user (on a total of N); each key allows the generation of a code sequence long 100 us. Figure 13 shows the probability of passing the authentication test, when tracking a spoofing signal forged with the compromised keys (non-coherent integrations). The curves clearly show that a spoofing signal has a lower probability of being recognized as authentic, because of the penalty on the accumulated power: the reference indi- cates the performance on the authentic signal with all keys available. This gives the spoofer some margin to play with the transmitted power, but this can be easily detected with power monitoring thus making the attack less effective. Conclusions is article has presented an innovate design for GNSS authen- tication implementation at system and receiver level that can satisfy a large number of user requirements, in terms of robust- ness and performances. is is achieved via implementations in diff erent type of receiver classes, based on the desired ser- vice. ree multi-tier services are discussed: delayed authen- tication service, early authentication service and secure navi- gation service. e use of smartcards and hardware security modules is introduced for commercial and civil applications, taking as example the maturity of digital satellite television. Finally, an innovative approach for preventing spoofi ng in case of key leakage is discussed. Acknowledgments Silvia Ceccato, Nicola Laurenti, Gianluca Caparra from University of Padova for the fruitful discussions on GNSS and authentication. Additional Resources (1) Anderson, J. M., K. L. Carroll, N. P. DeVilbiss, J. T., "Chips-Message Robust Authentication (Chimera) for GPS Civilian Signals". Author(s), ION GNSS 2017, Portland, US (2) Anderson, J. M., K. L. Carroll, N. P. Devilbiss, J. T. Gillis, J. C. Hinks, B. W. O. Hanlon, J. J. Rushanan, L. Scott, and R. A. Yazdi, "Chips- Message Robust Authentication (Chimera) for GPS Civilian Signals," in International Technical Meeting of The Satellite Division of the Institute of Navigation, ION GNSS+, (Portland, Oregon), pp. 2388–2416, sep 2017. (3) Caparra, G., "On the Achievable Equivalent Security of GNSS Ranging Code Encryption," in IEEE/ION Position, Location and Navigation Symposium (PLANS) 2018, (Monterey, California), 2018. WORKING PAPERS FIGURE 13 Impact of spoofi ng with an increasing number of compromised keys (r). Probability of passing the authentication test when the spoofi ng signal is tracked.

Articles in this issue

Links on this page

view archives of Inside GNSS Media & Research - JUL-AUG 2019