Page 57 - 卫星导航2021年第1-2合期
P. 57
Chen et al. Satell Navig (2021) 2:12 Page 2 of 7
Evolution of navigation signal authentication carried out by generating false signal that are highly simi-
Te basic principle of authentication is that the message lar to the real SBAS signal and tampering the message.
sender conducts cryptographic operation on the origi- A system-level spoofng countermeasure based on SBAS
nal message to generate an “authentication symbol” and NMA has been provided against this kind of SBAS mes-
sends it to the receiver along with the original message. sage tampering (Chiara et al. 2016, 2017).
Ten the receiver validates message integrity and authen-
ticates identity by verifying the symbol. NMA schemes for SBAS authentication
Te Global Positioning System (GPS) authentica- Te SBAS signal authentication adopts NMA method
tion was frst proposed by Scott in 2003 (Scott, 2003). (Fernandez-Hernandez et al., 2014). In order to protect
To reduce the software and hardware costs, it would be the navigation message data, the Digital Signature (DS)
easier to generate GPS spoofng signals in the future. or MAC is authenticated at the user terminal. Tere are
Applying a cryptographic algorithm to civil GPS navi- two types of SBAS message authentication methods, i.e.,
gation messages and spreading codes was proposed to DS and TESLA (Neish et al. 2018, 2019a, 2019b, 2019c).
protect GPS signals from spoofng attacks, and further DS is based on asymmetric cryptography. Te sender
three levels of protection measures were put forward, i.e., uses its private key to sign the message, while the receiver
message authentication, public spreading code authenti- uses a public key to verify the signature of the message
cation, and encrypted spreading code authentication. In (Yuki, 2016).
2004, the potential market for Galileo Navigation Satel- DS adopts ECDSA, which uses Elliptic Curve Cryptog-
lite System (Galileo) authentication service was outlined raphy (ECC) to simulate the digital signature algorithm.
by Pozzobon et al., who indicated Galileo authentication It has high security, but its encryption and decryption
would be used for open services, life safety services, and speed is low.
public regulatory services (Pozzobon et al., 2004). Sub- TESLA protocol is a broadcasting authentication pro-
sequently, two methods, Elliptic Curve Digital Signature tocol based on MAC designed by Perring et al. (2000).
Algorithm (ECDSA) and Timed Efcient Stream Loss- Tis protocol uses symmetric cryptographic mechanism
Tolerant Authentication (TESLA), were proposed for to enable the broadcasting authentication of messages
navigation message authentication (Wullems et al. 2005). and achieves the asymmetry of broadcasting authentica-
An authentication method based on GPS-L1C message, tion by delaying the release of the authentication key in
which mixes ECDSA and TESLA in the navigation mes- the one-way keychain, which prevents message forgery
sage to authenticate users with low requirements for ensuring the security of messages.
synchronization, was came up by a research team in the
University of Texas. In 2017, Galileo provided the Gali- Security level for SBAS authentication
leo signal authentication service for the frst time, which Te length of the key depends on the Security Level (SL)
featured the Open Service Navigation Message Authenti- of the authentication service which refers to the difculty
cation (OS-NMA) message structure integrated into the for the password algorithm to be cracked by force. For
Galileo I/NAV message sequence with TESLA protocol, example, the 128-bit security level means that it would
and standardized generation and verifcation of Message take 2 128 attempts to break. For symmetric ciphers, the
Authentication Code (MAC) and keychain (Chiara et al. security level is generally equal to the length of the key.
2017). For asymmetric ciphers, the security level is generally less
Tere are two types of navigation signal authentica- than the length of the key. For example, for the ECDSA
tion, i.e., Navigation Message Authentication (NMA) algorithm with a security level of 128-bit, the length of
and Spreading Code Authentication (SCA). For NMA, a the private key is 256-bit, and the length of the public key
cryptographic marker is added to the navigation message, is 512-bit. Considering the round expectancy of SBAS
and the receiver uses the marker to authenticate the sig- service, a security level of 128-bit is selected.
nal source. For SCA, the unpredictable chips are inserted
in an unencrypted public spreading code, and then the Comparison of the two KPIs from diverse schemes
receiver verifes the unpredictable chips in the received Time Between Authentication (TBA) and Authentication
code sequence with a cryptographic algorithm to authen- Latency (AL), as Key Performance Indicators (KPI) of
ticate the identity of the signal source. SBAS provides SBAS authentication, were proposedby several research-
users with integrity message and message tampering is ers. (Chiara et al., 2017; Enge & Walter, 2014; Fernandez-
the major threat it faces, so NMA is adopted as the sig- Hernandez et al., 2014; Neish et al., 2019a, 2019b):
nal authentication method for SBAS. Te SBAS system TBA, understood as the time between authentica-
provides users with Global Navigation Satellite System tion verifcation events, is a relevant design parameter
(GNSS) corrections and integrity messages. Spoofng is which balances the robustness and performance. When
