论文信息 - Galileo Open Service Authentication: A Complete Service Design and Provision Analysis

Galileo Open Service Authentication: A Complete Service Design and Provision Analysis

GNSS authentication, and in particular Navigation Message Authentication (NMA), has been already studied in the scientific literature. However, not many references that analyse the assets at risk, existing threats, mitigation actions, and residual risks through standard risk assessment processes, are available. In this paper, we outline how to use such processes to justify the design and selection of some configurable options for the service specification and operational procedures of GNSS Navigation Message Authentication (NMA) using the Galileo Open Service signals. The proposed NMA scheme is based on the TESLA protocol as proposed in [1]. To motivate the design of the service, we first identify the categories of users and associated risks of attack. We then summarize the mitigation capability against these attacks provided by the TESLA solution referred herein. We define the cryptographic parameters to use for the service in the foreseeable future. We also identify further mitigations that the receiver manufacturer or service user might need to consider to ensure security of the position and/or the time fixes according to their risk aversion. These might include a trusted local clock reference, a process to verify or challenge digital certificates and statistical analysis of symbol recovery. We then define crypto parameters and procedures that affect the quality of service for different users, as a function of several system performance scenarios. We show that, for the selected parameters, multiconstellation NMA can be achieved in environments with a masking angle up to 40°. We also show that authentication using only validated signals presents good performance at 5° masking angle, for users requiring four satellites transmitting NMA. This performance may increase through an optimized downlink strategy.

[1] Per K. Enge,et al. Authenticating aviation augmentation system broadcasts , 2010, IEEE/ION Position, Location and Navigation Symposium.

[2] Dawn Song,et al. The TESLA Broadcast Authentication Protocol , 2002 .

[3] Martin E. Hellman,et al. A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[4] Vincent Rijmen,et al. Design Drivers, Solutions and Robustness Assessment of Navigation Message Authentication for the Galileo Open Service , 2014 .

[5] Todd E. Humphreys,et al. Detection Strategy for Cryptographic GNSS Anti-Spoofing , 2013, IEEE Transactions on Aerospace and Electronic Systems.

[6] Curran James Thomas,et al. Securing The Open-Service: A Candidate Navigation Message Authentication Scheme for Galileo E1 OS , 2014 .

[7] J. A. Volpe. Vulnerability Assessment of the Transportation Infrastructure Relying on the Global Positioning Syst , 2001 .

[8] Todd E. Humphreys,et al. A blueprint for civil GPS navigation message authentication , 2014, 2014 IEEE/ION Position, Location and Navigation Symposium - PLANS 2014.

[9] O. Pozzobon,et al. Signal authentication and integrity schemes for next generation global navigation satellite systems , 2005 .

[10] Per Enge,et al. Efficient Authentication Mechanisms for Navigation Systems - a Radio-Navigation Case Study , 2009 .