1 / 16

Security issues in next generation satellite systems

Oscar Pozzobon Chris Wullems Prof. Kurt Kubik. Security issues in next generation satellite systems. 14/03/2005 CGSIC Meeting, Prague, Czech Republic. Introduction. GPS security issues today GNSS security issues in integration scenarios Need for trust quantification methods for civil uses

fletcher-kent
Download Presentation

Security issues in next generation satellite systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Oscar Pozzobon Chris Wullems Prof. Kurt Kubik Security issues in next generation satellite systems 14/03/2005 CGSIC Meeting, Prague, Czech Republic

  2. Introduction • GPS security issues today • GNSS security issues in integration scenarios • Need for trust quantification methods for civil uses • Levels of security obtainable using proposed signal authentication methods • Level of protection • Performance

  3. Qascom Background • R&D on trusted locations systems • R&D on trusted GNSS receivers • NavSec Consortium • Vulnerability assessment of critical infrastructures that rely on GNSS

  4. GNSS Security Policy • June 2004, US-Europe Agreement on GNSS Cooperation and Security • December 8, presidential policy on Space-Based Positioning, Navigation, and Time (PNT) • December 10, GPS and GLONASS cooperation • GLONASS-M : Russia and India launching and modernizing GLONASS.

  5. Civil GNSS Security Today Integrity monitoring systems Non Intentional Intentional Jamming detection / mitigation / localization techniques Jamming Spoofing Signal authentication techniques

  6. Future Civil GNSS Security Issues • Complexity of Integration with different signals and different security mechanisms (e.g. GPS + Galileo SoL) • Difficult for GPS user to quantify the total trust • Need for security metrics

  7. Security Metrics • What security level is needed? • what security level can be achieved? Non intentional Integrity monitoring systems Intentional Jamming detection / Mitigation / localization techniques Jamming Spoofing Signal Authentication Techniques

  8. Integrity / Authenticity Performance Requirements for Critical Application • Time-to-alarm for SoL Integrity (non-intentional effects) • Time-to-alarm for malicious attacks? (Spoofing) • 3 levels of security for GNSS: Level 2: SCE (Spreading Code Encryption) Level 1: NMA (Navigation Message Authentication) No Security

  9. Source: The Galilei Project: GALILEO Design Consolidation, 2003 Level 1: NMA (Navigation Message Authentication) • What is NMA? • A Navigation Authentication Message include a digital signature authenticating the other navigation messages (ephemeris, almanac data, etc) • Certified receiver is able to authenticate verify integrity of NAV messages using signature. • Authentication NAV messages are created on the ground and transmitted to the satellites for broadcast.

  10. Level 1: NMA (Navigation Message Authentication) • What does NMA protect against? • Protects against navigation message spoofing • Authenticates navigation messages (ephemeris, almanac data, etc) from satellites preventing a spoofer from generating navigation messages • Significantly increases complexity of spoofing • Messages could be theoretically acquired by a receiver and replayed over a simulated signal in order to spoof the Galileo signal - would require functionality not commonly found in commercial signal simulators, and would require operation to be performed within very small time window • Attack cost vs Attack outcome

  11. Level 1: NMA (Navigation Message Authentication) • Performance of NMA • Time-to-alarm of authentication/integrity failure? • Depending on signal data rates and ANM repetition rate • GPS L2C – 25bps • Minimum Authentication time = 1,6 minutes with cert obtained in 5,6 minutes* • More realistic scenario = approx 5 minutes, longer cert collection time • Galileo E1-L1-E2 – 125bps / E5a – 25bps / E5b – 125bps • Potentially better performance (unknown NAV message structure / only projected data rates) • NMA performance characteristics may be outside time-to-alarm requirements • Suitable for dangerous goods tracking, but not for time-critical applications *Based on ECCDSA 160bit / CNAV message structure (ICD-GPS-200C) with 48 second frame message sequencing

  12. Level 2: SCE (Spreading Code Encryption) • What is SCE? • CDMA code is kept secret and can only be derived using a symmetric key • Symmetric keys can be distributed using PKI and asymmetric encryption techniques • GPS P(Y) code uses declassified black keying infrastructure for key distribution

  13. Level 2: SCE (Spreading Code Encryption) • What does it protect against? • Protects against signal spoofing and navigation data spoofing • Users without key are denied access; Spoofed signal acquisition is virtually impossible as CDMA code is unknown to an attacker • Time-to-alarm requirements of are easily met for both intentional and non-intentional integrity failures

  14. Level 2: SCE (Spreading Code Encryption) • Proposed usage in Galileo • Commercial Service (CS) • Public Regulated Service (PRS) • Implementation is unknown – expected to be similar to US black-key infrastructure

  15. Conclusions • Current civil GNSS security do not prevent spoofing • There is a need for signal authentication to prevent malicious attacks such as spoofing • It appears as though L2C will not provide NMA or SCE • Galileo proposals for SoL indicate NMA may be included • NMA alone may not provide the required performance for SoL time-to-alarm • CS and SoL provide different quality of service guarantees • Civil signal authentication is a challenge for next generation satellite systems • Need for metrics to quantify security of complex integrated systems

  16. Oscar Pozzobon o.pozzobon@qascom.com Chris Wullems c.wullems@qascom.com Questions?

More Related