Satellite Navigation Signal Authentication Principles and Technical Architecture: Comparison
Please note this is a comparison between Version 4 by Camila Xu and Version 3 by Camila Xu.

As the Global Navigation Satellite System (GNSS) is widely used in all walks of life, the signal structure of satellite navigation is open, and the vulnerability to spoofing attacks is also becoming increasingly prominent, which will seriously affect the credibility of navigation, positioning, and timing (PNT) services. Satellite navigation signal authentication technology is an emerging technical means of improving civil signal anti-spoofing on the satellite navigation system side, and it is also an important development direction and research focus of the GNSS. 

  • satellite navigation
  • Beidou navigation satellite system
  • credible navigation

1. Introduction

With the Global Navigation Satellite System (GNSS) being widely used in power grids, finance, transportation and communication networks, and other livelihoods and key infrastructures, human life is becoming increasingly dependent on the navigation, positioning, and timing (PNT) services provided by satellite navigation [1]. However, the structure of satellite navigation signals is open, and there is a security risk of spoofing attacks, which makes the credibility of GNSS services increasingly prominent [2]. In recent years, GNSS spoofing incidents have occurred frequently [3][4]. How to solve the problem of the anti-spoofing of GNSS services and improve the credibility of user PNT services will be an important developmental direction in the future. For the GNSS anti-spoofing problem, the common method is to add more sensors [5][6], more antennas, and more complex algorithms [7][8] into the user terminal to improve the user’s anti-spoofing ability. Satellite navigation signal authentication technology is an anti-spoofing technology on the GNSS system side [9]. By adding cryptographic markers to satellite navigation signals, the receiver can verify whether the satellite navigation signals are from real satellites and whether the signals/messages have been tampered with [10]. At present, the construction of four major global navigation satellite systems has been completed. The addition of navigation signal authentication services requires appropriate modifications to the existing satellite navigation systems. On the one hand, it involves the existing system architecture, Interface Control Document (ICD), and cryptographic standards of various countries, and it is necessary to take into account the existing system design. On the other hand, GNSS has been applied on a large scale, and the navigation signal authentication service cannot affect the existing navigation and positioning service. The Galileo System announced the navigation authentication service plan in 2016, providing Open Service Navigation Message Authentication (OSNMA) [11][12] at the Galileo-E1B. The test signals are now available, and formal services will be provided in 2023 [13]. The Japanese Quasi-Zenith Satellite System (QZSS) [14] and the Navigation with Indian Constellation (NavIC) [15] have both performed the on-orbit testing and verification of navigation message authentication technology. In addition, the United States has proposed the concept of Chips Message Robust Authentication (CHIMERA), and plans to carry out technology tests in 2023 on Navigation Technology Satellite-3 (NTS-3) [16].

2. Principles and Technical Architecture of the Satellite Navigation Signal Authentication

Satellite navigation signal authentication uses cryptographic methods to improve the anti-spoofing of civil GNSS signals and provides users with more credible PNT services. First of all, this section introduces the principle of satellite navigation signal authentication. Then, it describes the technical architecture of navigation signal authentication based on space segment, ground section and user segment, Finally, it analyzes the new capabilities brought by satellite navigation signal authentication, as well as the advantages and limitations in anti-spoofing.

2.1. Principles

Satellite navigation signal authentication technology aims to add encrypted authentication marks to satellite navigation signals to prevent satellite navigation signals from GNSS spoofing attacks. It is a new GNSS anti-spoofing technology that combines information security and navigation signal design. The sender (navigation satellite) uses cryptography technology to generate an "authentication symbol", which is embedded in the existing satellite navigation signal and broadcast to users. The receiver (GNSS user terminal) verifies the "authentication symbol" to confirm whether the received navigation signal is from a real satellite in orbit, and whether the navigation message has been forged or tampered with [17]. Satellite navigation signal authentication technology has the following characteristics:

1) One-way broadcast.

The satellite navigation signal uses the navigation satellite broadcast signal to provide PNT services for terrestrial users, and its signal characteristics have the characteristics of one-way broadcast. Therefore, satellite navigation signal authentication technology should be based on the broadcast system authentication framework.

2) Signal disclosure transmission.

Satellite navigation signals use the public signal structure to broadcast signals, and their signal authentication needs to have the characteristics of public signal transmission.

3) Compatible with existing signal structure.

The authentication of satellite navigation signals will not affect existing GNSS services, so its authentication signal design should be compatible with existing signal structure.

2.1.1. Satellite Navigation Signal Authentication Type

Satellite navigation signals include the carrier, pseudocodes, and message. The newly added authentication mark can be added to the navigation message [18] and spreading spectrum codes [19]. Figure 1 shows the generation of the navigation message including authentication message and the spreading spectrum code including authentication code. Therefore, the satellite navigation signal authentication type is divided into Navigation Message Authentication (NMA) and Spreading Code Authentication (SCA) [20].

Figure 1. Satellite Navigation Signal Authentication.

1) NMA

NMA uses message bit-level authentication to realize navigation source authentication. Its advantage is that the modification of the existing signal system is small and the signal modulation method is not changed. It’s just to upgrade the software of the user receiver. The engineering realization cost is small. The Galileo E1 OSNMA structure is shown as Figure 2. Galileo reserved a 40-bit message in the early ICD, and the ICD announced in 2021 clarified that the 40-bit message is the navigation authentication message [21].

Figure 2. GALILEO NMA message structure [21].

2) SCA

SCA adopts the characteristics of unpredictable authentication spreading chips, and implements authentication processing in the power domain, which can provide spoofing protection in the pseudorange domain. The typical SCA is the CHIMERA signal, as shown in the Figure 3. Based on the TMBOC (Time-Multiplexed Binary Offset Carrier) signal, the 1 ms sector is divided into 31 segments via a combination of time division and time hopping, and different authentication channel (fast channel and slow channel) are assigned for each segment. The authentication codes are randomly replaced for 29 BOC(1,1) in each segment of 33 chips, and the four BOC(6,1) chips are never modified [22].

Figure 3. CHIMERA spreading code [22].
Compared with NMA, SCA can provide spoofing protection in the pseudorange domain, and it has higher security. However, the SCA authentication chip needs to be delayed to the user receiver; the receiver needs to buffer the sampled data so the implementation cost of the receiver is relatively costly. Table 1 shows the comparison of NMA and SCA.
Table 1. Comparison of NMA and SCA.

2.1.2. Satellite Navigation Message Authentication Type

The navigation message authentication protocol includes Digital Signatures (DS) and the Timed Efficient Stream Loss-Tolerant Authentication (TESLA). Digital signatures are implemented based on asymmetric cryptography (also known as public key cryptography). The sender uses the private key to sign the message, and the receiver uses the public key to verify the signature of the message [23]. Digital signatures commonly use the Elliptic Curve Digital Signature Algorithm (ECDSA), which has the characteristics of high security and complex algorithm strength. In addition, European scholars proposed EC Schnorr’s digital signature algorithm [24]. The digital signature schematic is shown in Figure 4 below.
Figure 4. Digital Signature Schematic.
The TESLA protocol is a broadcast authentication protocol that can be applied to satellite navigation broadcast signals with limited bandwidth [25][26]. The TESLA protocol, designed by Perring et al., is an MAC-based broadcast authentication protocol [27][28]. The protocol uses a symmetric cryptography method, and the key is to use the delayed key release to ensure the security of the broadcast key. The TESLA protocol generates a set of keychains through the hash function. The generation order of the keychain is Keyi, Keyi−1, …, Key1, Key0, while the keychain system uses Key0, Key1, …, Keyi−1, Keyi. The advantage is that when the key is not received or not received at a certain moment, the key can be obtained via the key hash of the subsequent epoch. Then, according to the key Keyi and the navigation message Mi at the current moment, the Hash-based Message Authentication Code (HMAC) algorithm is used to generate the message authentication code MACi. The GNSS system broadcasts the navigation message Mi, the message authentication code MACi, and the Keyi−1 of the previous epoch to the user; that is, the symmetric key used to generate the MAC is sent after the broadcast MAC is delayed by δ time. The user receives the GNSS message Mi for storage and the delayed symmetric key Keyi, then generates delay MACi, and compares it with the MACi of the GNSS broadcast. If the two are consistent, the authentication is passed. Key chain generation and the key usage of TESLA are shown in Figure 5 below.
Figure 5. Key chain generation and key usage of TESLA.
Compared with the ECDSA algorithm, TESLA has a lower computational load and communication load, and is suitable for satellite navigation systems with limited message bandwidth. TESLA’s one-way keychain generation and transmission improve the stability of authentication services. ECDSA has a variety of international standards, and the implementation process is simple, but ECDSA occupies more data bits. The comparison between TESLA and the digital signature is shown in Table 2.
Table 2. Comparison of TESLA and ECDSA.

2.2. Technical Architecture

The satellite navigation system consists of the space segment, ground segment, and user segment. Based on the existing satellite navigation system, the satellite navigation signal authentication will be extended to the space segment, the ground segment, the user terminal, and the network auxiliary segment. The space segment adds the authentication spreading code/authentication messages to the broadcast downlink satellite navigation signal, the user segment authenticates the received satellite navigation signal, and the network auxiliary segment uses the communication base station (terrestrial communication/satellite communication) to provide network auxiliary authentication information. If there is a GNSS spoofing signal in the actual environment, the user segment can identify whether the current signal is a spoofing signal through the authentication of the message/spreading spectrum code. The architecture of the satellite navigation signal authentication is shown in Figure 6.
Figure 6. Satellite navigation signal authentication architecture.

2.3. Incremental Capability

Navigation signal authentication technology will bring a new service to the GNSS, which neither improves the accuracy nor augments the integrity and continuity, just focuses on improving the anti-spoofing capability of GNSS civil signals to provide users with more credible PNT services. Signal authentication is a system-side anti-spoof technology which can resist generative spoofing. The orange part in Figure 7 represents the incremental capability.
Figure 7. Ability of satellite navigation signal authentication technology.
(1)
Anti-spoofing method
The anti-spoofing capability can be divided into system-side and user-side anti-spoofing technology according to the anti-spoofing method. The system-side anti-spoofing technology provides signal services with anti-spoofing capability, including navigation encryption signal technology [29] and navigation signal authentication technology [30]. The user-side anti-spoofing technology includes the direction of arrival (DOA) detection based on multi-array antennas [7][8], multiple correlation peaks [31][32], signal power [33][34], Doppler consistency [35][36], baseband processing algorithms, and the auxiliary information of external sensors [4][5]. Table 3 lists the comparison of the common anti-spoof algorithms. Compared with the existing user-side anti-spoofing algorithms, navigation signal authentication has a better anti-spoofing effect.
Table 3. Comparison of common anti-spoofing algorithms.
[30].
Table 4. Signal authentication anti-spoofing effect [30].
(2)
Anti-spoofing capability
According to the GNSS cheating attacker type, it is divided into generated spoofing and meaconing. The anti-spoofing effect of the satellite navigation signal authentication is detailed, as shown in Table 4
Generated spoofing means that the attacker generates a spoofing signal with the exact same structure as the real GNSS signal [37], which utilizes the known vulnerabilities of the civilian signal ICD to generate a false GNSS spoofing signal and broadcast it to the target receiver. The prerequisite for satellite navigation signal authentication is that the spoofing attacker cannot break the cryptographic algorithm, so that the authentication message/spreading code cannot be forged. Therefore, satellite navigation signal authentication can solve the generative spoofing attack to civilian users. Meaconing means that the attacker receives the navigation signal [38], performing proper delay and power amplification on the real GNSS signal, and then broadcasts the meaconing signal to the target receiver. The meaconing does not change the message and spreading code, so the satellite navigation signal authentication effect is not good for this method. In addition to the above two common spoofing methods, Security Code Estimation and Replay (SCER) [39] has also been proposed in recent years. This method is to receive the real signal and estimate the encrypted or authenticated message in real time as much as possible. Then, the encrypted or authenticated message in the signal is reassembled and sent. SCER predicts the authentication message based on the security code estimation method, which is effective for security codes with a low symbol rate (navigation message), but less effective for security codes with a high symbol rate (spreading code).

References

  1. EUSPA EO and GNSS Market Report 2022. Available online: https://www.euspa.europa.eu/euspa-market-report-2022-0 (accessed on 1 December 2022).
  2. Humphreys, T.E.; Ledvina, B.M.; Psiaki, M.L.; O’Hanlon, B.W.; Kintner, P.M., Jr. Assessing the spoofing threat: Development of a portable GPS civilian spoofer. In Proceedings of the 21st International Technical Meeting of the Satellite Division of the Institute of Navigation (ION GNSS 2008), Savannah, GA, USA, 16–19 September 2008; pp. 2314–2325.
  3. Bhatti, J.; Humphreys, T.E. Hostile Control of Ships via False GPS Signals: Demonstration and Detection. Navigation 2017, 64, 51–66.
  4. Wang, K.; Chen, S.; Pan, A. Time and Position Spoofing with Open Source Projects. In Proceedings of the Black Hat Europe 2015, Amsterdam, The Netherlands, 10–13 November 2015.
  5. Moafipoor, S.; Bock, L.; Fayman, J.A. Resilient Sensor Management for Dismounted Assured-PNT. In Proceedings of the 2020 International Technical Meeting of the Institute of Navigation, San Diego, CA, USA, 21–24 January 2020; pp. 1135–1147.
  6. Khanafseh, S.; Roshan, N.; Langel, S.; Chan, F.-C.; Joerger, M.; Pervan, B. GPS spoofing detection using RAIM with INS coupling. In Proceedings of the Position, Location and Navigation Symposium-PLANS, Monterey, CA, USA, 5–8 May 2014; pp. 1232–1239.
  7. Yang, Q.; Zhang, Y.; Tang, C.K. A combined antijamming and antispoofing algorithm for GPS Arrays. Int. J. Antennas Propag. 2019, 2019, 8012569.
  8. Lee, Y.S.; Yeom, J.S.; Noh, J.H.; Lee, S.J.; Jung, B.C. A novel GNSS spoofing detection technique with array antenna-based multi-PRN diversity. J. Position. Navig. Timing 2021, 10, 169–177.
  9. de Castro, H.V.; van der Maarel, G.; Safipour, E. The possibility and added-value of authentication in future Galileo open signal. In Proceedings of the 23th International Technical Meeting of the Satellite Division of the Institute of Navigation (ION 2010), Portland, OR, USA, 21–24 September 2010.
  10. Fernandez-Hernandez, I.; Rijmen, V.; Seco-Granados, G.; Simón, J.; Rodríguez, I. Design Drivers, Solutions and Robustness Assessment of Navigation Message Authentication for the Galileo Open Service. In Proceedings of the 27th International Technical Meeting of the Satellite Division of the Institute of Navigation (ION GNSS + 2014), Tampa, FL, USA, 8–12 September 2014; pp. 2810–2827.
  11. Walker, P.; Rijmen, V.; Fernandez-Hernandez, I.; Bogaardt, L.; Seco-Granados, G.; Simón, J.; Calle, D.; Pozzobon, O. Galileo Open Service Authentication: A Complete Service Design and Provision Analysis. In Proceedings of the 28th International Technical Meeting of the Satellite Division of the Institute of Navigation (ION GNSS + 2015), Tampa, FL, USA, 14–18 September 2015; pp. 3383–3396.
  12. Fernandez-Hernandez, I.; Rijmen, V.; Seco-Granados, G.; Simon, J.; Rodríguez, I.; David Calle, J. A Navigation Message Authentication Proposal for the Galileo Open Service. Navig. J. Inst. Navig. 2016, 63, 85–102.
  13. Nicola, M.; Motella, B.; Pini, M.; Falletti, E. Galileo OSNMA Public Observation Phase: Signal Testing and Validation. IEEE Access 2022, 10, 27960–27969.
  14. Manandhar, D.; Shibasaki, R. Authenticating GALILEO Open Signal using QZSS Signal. In Proceedings of the 31st International Technical Meeting of the Satellite Division of the Institute of Navigation (ION GNSS + 2018), Miami, FL, USA, 24–28 September 2018; pp. 3995–4003.
  15. Pravin, P. Navigation Message Authentication (NMA) for NavIC SPS; ICG-16: Abu Dhabi, United Arab Emirates, 2022.
  16. Anderson, J.M.; Carroll, K.L.; DeVilbiss, N.P.; Gillis, J.T.; Hinks, J.C.; O’Hanlon, B.W.; Rushanan, J.J.; Scott, L.; Yazdi, R.A. Chips-Message Robust Authentication (CHIMERA) for GPS Civilian Signals. In Proceedings of the 31th International Technical Meeting of the Satellite Division of the Institute of Navigation, ION GNSS + 2018, Portland, OR, USA, 25–29 September 2018.
  17. Fernandez-Hernandez, I. Snapshot and Authentication Techniques for Satellite Navigation; Aalborg University: Aalborg, Denmark, 2015.
  18. Curran, J.T.; Paonni, M. Securing GNSS: An End-to-end Feasibility Analysis for the Galileo Open-service. In Proceedings of the 27th International Technical Meeting of the Satellite Division of the Institute of Navigation (ION GNSS + 2014), Tampa, FL, USA, 8–12 September 2014; pp. 2828–2842.
  19. Gkougkas, E.; Pany, T.; Eissfeller, B. Sensitivity Analysis of Potential Future Authentication Components for Open Service GNSS Signals. In Proceedings of the 31st International Technical Meeting of The Satellite Division of the Institute of Navigation (ION GNSS + 2018), Miami, FL, USA, 24–28 September 2018.
  20. Shen, C.; Guo, C. Study and Evaluation of GNSS Signal Cryptographic Authentication Defenses. GNSS World China 2018, 43, 7–12.
  21. European Union. GALILEO Open Service Navigation Message Authentication (OSNMA) Receiver Guidelines for the Test Phase; European Union Issue 1.0; European Union: Luxembourg, 2021.
  22. Air Force Research Laboratory Space Vehicles Directorate Advanced GPS Technology. Chips Message Robust Authentication (Chimera) Enhancement for the L1C Signal: Space Segment/User Segment Interface. 16 April 2019. CHAPMAN D C. Chips Message Robust Authentication (Chimera) Enhancement for the L1C Signal: Space Seg-ment/User Segment Interface (IS-AGT-100): Advanced GPS Technologies Program. 2019.
  23. Hiroshi, Y. Angō Gijutsu Nyūmon, 3rd ed.; Post & Telecom Press: Beijing, China, 2016. (In Chinese)
  24. Fernández-Hernández, I.; Walter, T.; Neish, A.M.; Anderson, J.; Mabilleau, M.; Vecchione, G.; Châtre, E. SBAS message authentication: A review of protocols, figures of merit and standardization plans. In Proceedings of the 2021 International Technical Meeting of the Institute of Navigation, Auditorium UPC, Barcelona, Spain, 25–28 January 2021; pp. 111–124.
  25. Neish, A.; Walter, T.; Powell, J.D. SBAS data authentication: A concept of operations. In Proceedings of the 32nd International Technical Meeting of the Satellite Division of the Institute of Navigation (ION GNSS + 2019), Miami, FL, USA, 16–20 September 2019; pp. 1812–1823.
  26. Neish, A.; Walter, T.; Enge, P. Parameter selection for the TESLA keychain. In Proceedings of the 31st International Technical Meeting of the Satellite Division of the Institute of Navigation (ION GNSS + 2018), Miami, FL, USA, 24–28 September 2018; pp. 2155–2171.
  27. Perrig, A.; Canetti, R.; Tygar, J.D. Efficient authentication and signing of multicast streams over lossy channels. In Proceedings of the 2000 IEEE Symposium on Security and Privacy, Berkeley, CA, USA, 14–17 May 2000; pp. 56–73.
  28. Caparra, G.; Sturaro, S.; Laurenti, N.; Wullems, C. Evaluating the Security of One-Way Key Chains in TESLA-Based GNSS Navigation Message Authentication Schemes. In Proceedings of the 2016 International Conference on Localization and GNSS (ICL-GNSS), Barcelona, Spain, 28–30 June 2016; pp. 1–6.
  29. Zhao, X.; Liu, C. GPS Military Signal Security Protection and Password Management. Mod. Navig. 2020, 11, 14–19.
  30. Margaria, D.; Motella, B.; Anghileri, M.; Floch, J.-J.; FernandezHernandez, I.; Paonni, M. Signal structure-based authentication for civil GNSSs: Recent solutions and perspectives. IEEE Signal Process. Mag. 2017, 34, 27–37.
  31. Li, J.Z.; Zhu, X.W.; Ouyang, M.J.; Li, W.Q.; Chen, Z.K.; Dai, Z.Q. Research on multi-peak detection of small delay spoofing signal. IEEE Access 2020, 8, 151777–151787.
  32. Khan, A.M.; Ahmad, A. Global navigation satellite systems spoofing detection through measured autocorrelation function shape distortion. Int. J. Satell. Commun. Netw. 2022, 40, 148–156.
  33. Dehghanian, V.; Nielsen, J.; Lachapelle, G. GNSS spoofing detection based on receiver C/N0 estimates. In Proceedings of the International Technical Meeting of the Satellite Division of the Institute of Navigation, Nashville, TN, USA, 17–21 September 2012; pp. 2875–2884.
  34. Elezi, E.; Cankaya, G.; Boyaci, A.; Yarkan, S. A detection and identification method based on signal power for different types of electronic jamming attacks on GPS signals. In Proceedings of the 2019 IEEE 30th Annual International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC), Istanbul, Turkey, 8–11 September 2019; pp. 1–5.
  35. He, L.; Li, H.; Lu, M.Q. Global navigation satellite system spoofing detection technique based on the doppler ripple caused by vertical reciprocating motion. IET Radar Sonar Navig. 2019, 13, 1655–1664.
  36. He, L.; Li, H.; Lu, M.Q. Dual-antenna GNSS spoofing detection method based on doppler frequency difference of arrival. GPS Solut. 2019, 23, 1–14.
  37. Bian, S.; Hu, Y.; Ji, B. Research status and prospect of GNSS anti-spoofing technology. Sci. Sin. Inf. 2017, 47, 275–287.
  38. Zhao, X.; Chen, X.; Guo, X. A Repeater Spoofing Method for GNSS Clock of receiver. Telecommun. Eng. 2020, 60, 1415–1419.
  39. Arizabaleta, M.; Gkougkas, E.; Pany, T. A Feasibility Study and Risk Assessment of Security Code Estimation and Replay (SCER) Attacks. In Proceedings of the 32nd International Technical Meeting of the Satellite Division of the Institute of Navigation (ION GNSS + 2019), Miami, FL, USA, 16–20 September 2019.
More
ScholarVision Creations