Encyclopedia
Please note this is an old version of this entry, which may differ significantly from the current revision.
Subjects:
Engineering, Aerospace
全球导航卫星系统(GNSS)广泛应用于各行各业,卫星导航信号结构开放,对欺骗攻击的脆弱性也日益突出,这将严重影响导航、定位和授时(PNT)服务的可信度。卫星导航信号认证技术是卫星导航系统侧提高民用信号反欺骗能力的新兴技术手段,也是GNSS的重要发展方向和研究重点。
- satellite navigation
- Beidou navigation satellite system
- credible navigation
1. 简介
随着全球导航卫星系统(GNSS)广泛应用于电网、金融、交通和通信网络以及其他生计和关键基础设施,人类生活越来越依赖于卫星导航提供的导航、定位和授时(PNT)服务[1]。然而,卫星导航信号的结构是开放的,存在欺骗攻击的安全风险,这使得GNSS服务的可信度日益突出[2]。近年来,GNSS欺骗事件频发[3,4]。如何解决GNSS业务的反欺骗问题,提高用户PNT服务的可信度,将是未来重要的发展方向。
对于GNSS反欺骗问题,常用的方法是在用户终端中加入更多的传感器[5,6]、更多的天线、更复杂的算法[7,8],以提高用户的反欺骗能力。卫星导航信号认证技术是GNSS系统侧的一种反欺骗技术[9]。通过在卫星导航信号中添加加密标记,接收器可以验证卫星导航信号是否来自真实卫星以及信号/消息是否被篡改[10]。目前,全球四大卫星导航系统建设已经完成。增加导航信号认证服务需要对现有卫星导航系统进行适当修改。一方面涉及各国现有的系统架构、接口控制文档(ICD)和密码标准,需要考虑现有的系统设计。另一方面,GNSS已经大规模应用,导航信号认证服务无法影响现有的导航定位服务。伽利略系统于2016年宣布了导航认证服务计划,在伽利略-E11B上提供开放服务导航消息认证(OSNMA)[12,1]。测试信号现已可用,正式服务将于2023年提供[13]。日本准天顶卫星系统(QZSS)[14]和印度星座导航(NavIC)[15]都进行了导航电文认证技术的在轨测试和验证。此外,美国还提出了芯片消息鲁棒认证(CHIMERA)的概念,并计划在2023年对导航技术卫星-3(NTS-3)进行技术测试[16]。
二、卫星导航信号认证原理与技术架构
卫星导航信号认证采用密码学方法,提高民用GNSS信号的反欺骗能力,为用户提供更可信的PNT服务。本节首先介绍卫星导航信号认证的原理。然后,介绍了基于空间段、地面段和用户段的导航信号认证技术架构,最后分析了卫星导航信号认证带来的新功能,以及反欺骗的优势和局限性。
2.1. 原则
卫星导航信号认证技术旨在为卫星导航信号添加加密认证标记,防止卫星导航信号受到GNSS欺骗攻击。它是一种新的GNSS反欺骗技术,结合了信息安全和导航信号设计。发送方(导航卫星)使用密码技术生成“认证符号”,该符号嵌入现有卫星导航信号中并广播给用户。接收器(GNSS用户终端)验证“认证符号”,以确认接收到的导航信号是否来自在轨真实卫星,以及导航信息是否被伪造或篡改[21]。卫星导航信号认证技术具有以下特点:
- (1)
-
单向广播。
卫星导航信号利用导航卫星广播信号为地面用户提供PNT服务,其信号特性具有单向广播的特点。因此,卫星导航信号认证技术应基于广播系统认证框架。
- (2)
-
信号泄露传输。
卫星导航信号采用公共信号结构广播信号,其信号认证需要具有公共信号传输的特点。
- (3)
-
与现有信号结构兼容。
卫星导航信号的认证不会影响现有的GNSS业务,因此其认证信号设计应与现有的信号结构兼容。
2.1.1. 卫星导航信号认证类型
卫星导航信号包括载波、伪码和消息。新添加的认证标记可以添加到导航消息[22]和扩频码[23]中。图1示出了包括认证消息和扩频码在内的认证码的导航消息的生成。因此,卫星导航信号认证类型分为导航消息认证(NMA)和扩码认证(SCA)[24]。
图1.卫星导航信号认证。
- (1)
-
国家海洋管理局
NMA使用消息位级认证实现导航源认证。其优点是现有信号系统的修改量小,信号调制方式不改变——只是用来升级用户接收机的软件。工程实现成本小。伽利略E1 OSNMA结构如图2所示。伽利略在早期ICD中保留了40位消息,ICD在2021年宣布澄清了40位消息是导航认证消息[25]。
图2.伽利略NMA报文结构[25]。
- (2)
-
爱生雅
SCA采用不可预测的认证扩展芯片的特性,在电源域实现认证处理,可以在伪距离域提供欺骗保护。典型的SCA是CHIMERA信号,如图3所示。基于TMBOC(时间多路复用二进制偏移载波)信号,通过时分和跳频的组合将1 ms扇区划分为31段,并为每个段分配不同的认证通道(快速通道和慢速通道)。在 29 个芯片的每个段中,1 个 BOC(1,33) 的身份验证代码被随机替换,并且 4 个 BOC(6,1) 芯片永远不会被修改 [26]。
Figure 3. CHIMERA spreading code [26].
Compared with NMA, SCA can provide spoofing protection in the pseudorange domain, and it has higher security. However, the SCA authentication chip needs to be delayed to the user receiver; the receiver needs to buffer the sampled data so the implementation cost of the receiver is relatively costly. Table 1 shows the comparison of NMA and SCA.
Table 1. Comparison of NMA and SCA.
| Type | Indicators | Receiver Processing | Feature |
|---|---|---|---|
| NMA [25] | Galileo-OSNMA Time Between Authentication: 10 s |
Message bit authentication using Message Authentication Code (MAC) | The project implementation is less difficult, the security level is not as good as SCA, and it can be processed in real time at the terminal. |
| SCA [26] | NTS3-CHIMERA Time Between Authentication for slow channel: 180 s Time Between Authentication for fast channel: 1.5 s or 6 s |
Power Domain Authentication Using Sampled Data for Spreading Code Correlation Processing | The pseudorange can be authenticated. The authentication requires data caching, and the project implementation is costly. |
2.1.2. Satellite Navigation Message Authentication Type
The navigation message authentication protocol includes Digital Signatures (DS) and the Timed Efficient Stream Loss-Tolerant Authentication (TESLA).
Digital signatures are implemented based on asymmetric cryptography (also known as public key cryptography). The sender uses the private key to sign the message, and the receiver uses the public key to verify the signature of the message [27]. Digital signatures commonly use the Elliptic Curve Digital Signature Algorithm (ECDSA), which has the characteristics of high security and complex algorithm strength. In addition, European scholars proposed EC Schnorr’s digital signature algorithm [18]. The digital signature schematic is shown in Figure 4 below.
Figure 4. Digital Signature Schematic.
The TESLA protocol is a broadcast authentication protocol that can be applied to satellite navigation broadcast signals with limited bandwidth [28,29]. The TESLA protocol, designed by Perring et al., is an MAC-based broadcast authentication protocol [30,31]. The protocol uses a symmetric cryptography method, and the key is to use the delayed key release to ensure the security of the broadcast key.
The TESLA protocol generates a set of keychains through the hash function. The generation order of the keychain is Keyi, Keyi−1, …, Key1, Key0, while the keychain system uses Key0, Key1, …, Keyi−1, Keyi. The advantage is that when the key is not received or not received at a certain moment, the key can be obtained via the key hash of the subsequent epoch. Then, according to the key Keyi and the navigation message Mi at the current moment, the Hash-based Message Authentication Code (HMAC) algorithm is used to generate the message authentication code MACi. The GNSS system broadcasts the navigation message Mi, the message authentication code MACi, and the Keyi−1 of the previous epoch to the user; that is, the symmetric key used to generate the MAC is sent after the broadcast MAC is delayed by δ time. The user receives the GNSS message Mi for storage and the delayed symmetric key Keyi, then generates delay MAC′i′, and compares it with the MACi of the GNSS broadcast. If the two are consistent, the authentication is passed. Key chain generation and the key usage of TESLA are shown in Figure 5 below.
Figure 5. Key chain generation and key usage of TESLA.
Compared with the ECDSA algorithm, TESLA has a lower computational load and communication load, and is suitable for satellite navigation systems with limited message bandwidth. TESLA’s one-way keychain generation and transmission improve the stability of authentication services. ECDSA has a variety of international standards, and the implementation process is simple, but ECDSA occupies more data bits. The comparison between TESLA and the digital signature is shown in Table 2.
Table 2. Comparison of TESLA and ECDSA.
2.2. Technical Architecture
The satellite navigation system consists of the space segment, ground segment, and user segment. Based on the existing satellite navigation system, the satellite navigation signal authentication will be extended to the space segment, the ground segment, the user terminal, and the network auxiliary segment. The space segment adds the authentication spreading code/authentication messages to the broadcast downlink satellite navigation signal, the user segment authenticates the received satellite navigation signal, and the network auxiliary segment uses the communication base station (terrestrial communication/satellite communication) to provide network auxiliary authentication information. If there is a GNSS spoofing signal in the actual environment, the user segment can identify whether the current signal is a spoofing signal through the authentication of the message/spreading spectrum code. The architecture of the satellite navigation signal authentication is shown in Figure 6.
Figure 6. Satellite navigation signal authentication architecture.
2.3. Incremental Capability
Navigation signal authentication technology will bring a new service to the GNSS, which neither improves the accuracy nor augments the integrity and continuity, just focuses on improving the anti-spoofing capability of GNSS civil signals to provide users with more credible PNT services. Signal authentication is a system-side anti-spoof technology which can resist generative spoofing. The orange part in Figure 7 represents the incremental capability.
Figure 7. Ability of satellite navigation signal authentication technology.
- (1)
-
Anti-spoofing method
The anti-spoofing capability can be divided into system-side and user-side anti-spoofing technology according to the anti-spoofing method. The system-side anti-spoofing technology provides signal services with anti-spoofing capability, including navigation encryption signal technology [32] and navigation signal authentication technology [17]. The user-side anti-spoofing technology includes the direction of arrival (DOA) detection based on multi-array antennas [7,8], multiple correlation peaks [33,34], signal power [35,36], Doppler consistency [37,38], baseband processing algorithms, and the auxiliary information of external sensors [4,5]. Table 3 lists the comparison of the common anti-spoof algorithms. Compared with the existing user-side anti-spoofing algorithms, navigation signal authentication has a better anti-spoofing effect.
Table 3. Comparison of common anti-spoofing algorithms.
| Anti-Spoofing Method | Description | Effect |
|---|---|---|
| Navigation signal encryption [32] | Encrypted signals serve authorized users, making it difficult for attackers to predict signals | High |
| Navigation signal authentication [17] | It is difficult for spoofed attackers to predict the authentication message/spreading code | High |
| DOA detection based on multi-array antennas [7,8] | The spoofing signal is generally emitted from a single transmitting antenna, and its satellites come from the same direction, while the real satellites of the signal come from different directions | High |
| Multiple correlation peaks [33,34] | The superposition of the spoofed signal and the real signal will bring multiple correlation peaks, and it will also cause distortion of the correlation peaks | Medium |
| Signal power [35,36] | The spoofing signal has more power, and the signal power changes during the spoofing implementation | Medium |
| Doppler consistency [37,38] | It is difficult for spoofing signals to keep the carrier Doppler shift consistent with the pseudocode Doppler shift | Medium |
| Auxiliary information of external sensors [4,5] | Spoofing signals cannot deceive sensors such as inertial navigation, chip-scale atomic clocks, and lidar | High |
- (2)
-
Anti-spoofing capability
According to the GNSS cheating attacker type, it is divided into generated spoofing and meaconing. The anti-spoofing effect of the satellite navigation signal authentication is detailed, as shown in Table 4 [17].
Table 4. Signal authentication anti-spoofing effect [17].
| Spoofing | NMA | SCA | |
|---|---|---|---|
| Generated spoofing | Primary generated spoofing (low-cost software radio or commercial signal simulator) | High | High |
| Intermediate generated spoofing (receive GNSS signal first and then generate spoofing signal) | High | High | |
| SCER | Low | High/Medium | |
| Advanced generated spoofing (multiple intermediate generative spoofing) | High/Medium | High | |
| Meaconing | Simple meaconing (same delay for each satellite channel) | Low | Low |
| Multichannel meaconing (the delay of each satellite channel is inconsistent) | Low | Low | |
Generated spoofing means that the attacker generates a spoofing signal with the exact same structure as the real GNSS signal [39], which utilizes the known vulnerabilities of the civilian signal ICD to generate a false GNSS spoofing signal and broadcast it to the target receiver. The prerequisite for satellite navigation signal authentication is that the spoofing attacker cannot break the cryptographic algorithm, so that the authentication message/spreading code cannot be forged. Therefore, satellite navigation signal authentication can solve the generative spoofing attack to civilian users.
Meaconing means that the attacker receives the navigation signal [40], performing proper delay and power amplification on the real GNSS signal, and then broadcasts the meaconing signal to the target receiver. The meaconing does not change the message and spreading code, so the satellite navigation signal authentication effect is not good for this method.
In addition to the above two common spoofing methods, Security Code Estimation and Replay (SCER) [41] has also been proposed in recent years. This method is to receive the real signal and estimate the encrypted or authenticated message in real time as much as possible. Then, the encrypted or authenticated message in the signal is reassembled and sent. SCER predicts the authentication message based on the security code estimation method, which is effective for security codes with a low symbol rate (navigation message), but less effective for security codes with a high symbol rate (spreading code).
This entry is adapted from the peer-reviewed paper 10.3390/rs15051462
This entry is offline, you can click here to edit this entry!
