As the 全球导航卫星系统(Global Navigation Satellite System (GNSS) is widely used in all walks of life, the signal structure of satellite navigation is open, and the vulnerability to spoofing attacks is also becoming increasingly prominent, which will seriously affect the credibility of navigation, positioning, and timing (PNT) services. Satellite navigation signal authentication technology is an emerging technical means of improving civil signal anti-spoofing on the satellite navigation system side, and it is also an important development direction and research focus of the GNSS. NSS)广泛应用于各行各业,卫星导航信号结构开放,对欺骗攻击的脆弱性也日益突出,这将严重影响导航、定位和授时(PNT)服务的可信度。卫星导航信号认证技术是卫星导航系统侧提高民用信号反欺骗能力的新兴技术手段,也是GNSS的重要发展方向和研究重点。
Satellite navigation signal authentication technology aims to add encrypted authentication marks to satellite navigation signals to prevent satellite navigation signals from GNSS spoofing attacks. It is a new GNSS anti-spoofing technology that combines information security and navigation signal design. The sender (navigation satellite) uses cryptography technology to generate an "authentication symbol", which is embedded in the existing satellite navigation signal and broadcast to users. The receiver (GNSS user terminal) verifies the "authentication symbol" to confirm whether the received navigation signal is from a real satellite in orbit, and whether the navigation message has been forged or tampered with [17]. Satellite navigation signal authentication technology has the following characteristics:
1) One-way broadcast.
The satellite navigation signal uses the navigation satellite broadcast signal to provide PNT services for terrestrial users, and its signal characteristics have the characteristics of one-way broadcast. Therefore, satellite navigation signal authentication technology should be based on the broadcast system authentication framework.
2) Signal disclosure transmission.
卫星导航信号利用导航卫星广播信号为地面用户提供PNT服务,其信号特性具有单向广播的特点。因此,卫星导航信号认证技术应基于广播系统认证框架。Satellite navigation signals use the public signal structure to broadcast signals, and their signal authentication needs to have the characteristics of public signal transmission.
3) Compatible with existing signal structure.
卫星导航信号采用公共信号结构广播信号,其信号认证需要具有公共信号传输的特点。The authentication of satellite navigation signals will not affect existing GNSS services, so its authentication signal design should be compatible with existing signal structure.
Satellite navigation signals include the carrier, pseudocodes, and message. The newly added authentication mark can be added to the navigation message [18] and spreading spectrum codes [19]. Figure 1 shows the generation of the navigation message including authentication message and the spreading spectrum code including authentication code. Therefore, the satellite navigation signal authentication type is divided into Navigation Message Authentication (NMA) and Spreading Code Authentication (SCA) [20].
卫星导航信号包括载波、伪码和消息。新添加的认证标记可以添加到导航消息[22]和扩频码[23]中。图1示出了包括认证消息和扩频码在内的认证码的导航消息的生成。因此,卫星导航信号认证类型分为导航消息认证(NMA)和扩码认证(SCA)[24]。1) NMA
NMA uses message bit-level authentication to realize navigation source authentication. Its advantage is that the modification of the existing signal system is small and the signal modulation method is not changed. It’s just to upgrade the software of the user receiver. The engineering realization cost is small. The Galileo E1 OSNMA structure is shown as Figure 2. Galileo reserved a 40-bit message in the early ICD, and the ICD announced in 2021 clarified that the 40-bit message is the navigation authentication message [21].
Figure 图2. GALILEO NMA message structure [21].
2) SCA
SCA adopts the characteristics of unpredictable authentication spreading chips, and implements authentication processing in the power domain, which can provide spoofing protection in the pseudorange domain. The typical SCA is the CHIMERA signal, as shown in the Figure 3. Based on the TMBOC (Time-Multiplexed Binary Offset Carrier) signal, the 1 ms sector is divided into 31 segments via a combination of time division and time hopping, and different authentication channel (fast channel and slow channel) are assigned for each segment. The authentication codes are randomly replaced for 29 BOC(1,1) in each segment of 33 chips, and the four BOC(6,1) chips are never modified [22].
伽利略NMA报文结构[25]。Type | Indicators | Receiver Processing | Feature |
---|---|---|---|
NMA [21][25] | Galileo-OSNMA Time Between Authentication: 10 s |
Message bit authentication using Message Authentication Code (MAC) | The project implementation is less difficult, the security level is not as good as SCA, and it can be processed in real time at the terminal. |
Protocol | Cryptographic Algorithm | Calculated Amount | Authentication Information Truncation | Key Distribution Requirements | Key Length under the Same Security Level |
---|---|---|---|---|---|
TESLA [25]][28[26] | |||||
SCA [22][26] | NTS3-CHIMERA Time Between Authentication for slow channel: 180 s Time Between Authentication for fast channel: 1.5 s or 6 s |
Power Domain Authentication Using Sampled Data for Spreading Code Correlation Processing | The pseudorange can be authenticated. The authentication requires data caching, and the project implementation is costly. |
It is difficult for spoofed attackers to predict the authentication message/spreading code | |||
High | |||
DOA detection based on multi-array antennas [7][8][7,8] | The spoofing signal is generally emitted from a single transmitting antenna, and its satellites come from the same direction, while the real satellites of the signal come from different directions | High | |
High/Medium | Multiple correlation peaks [31][32][33,34] | The superposition of the spoofed signal and the real signal will bring multiple correlation peaks, and it will also cause distortion of the correlation peaks | Medium |
Signal power [33][35[34],36] | The spoofing signal has more power, and the signal power changes during the spoofing implementation | Medium | |
Doppler consistency [35][36][37,38] | It is difficult for spoofing signals to keep the carrier Doppler shift consistent with the pseudocode Doppler shift | Medium | |
Auxiliary information of external sensors [4][5][4,5] | Spoofing signals cannot deceive sensors such as inertial navigation, chip-scale atomic clocks, and lidar | High |
Spoofing | NMA | SCA | |
---|---|---|---|
Generated spoofing | Primary generated spoofing (low-cost software radio or commercial signal simulator) | High | High |
Intermediate generated spoofing (receive GNSS signal first and then generate spoofing signal) | High | High | |
SCER | Low | ||
Advanced generated spoofing (multiple intermediate generative spoofing) | High/Medium | High | |
Meaconing | Simple meaconing (same delay for each satellite channel) | Low | Low |
Multichannel meaconing (the delay of each satellite channel is inconsistent) | Low | Low |