1 / 11

Improving Security of GNSS Receivers

Improving Security of GNSS Receivers. Felix Kneissl University FAF Munich. Means of User and Signal Authentication. User Authentication (restrictive) Spreading code encryption Navigation data encryption Send time randomization Signal Authentication

jeromez
Download Presentation

Improving Security of GNSS Receivers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Improving Security of GNSS Receivers Felix Kneissl University FAF Munich

  2. Means of User and Signal Authentication • User Authentication (restrictive) • Spreading code encryption • Navigation data encryption • Send time randomization • Signal Authentication • Non-cryptographic: sensor integration, multiple signal instances test, signal strength test, RAIM, group antenna processing, … • Cryptographic: navigation message authentication, private- and public spreading code authentication • Transitive Signal authentication • Non-cryptographic techniques with fully secured hardware • Cryptographic techniques with partially secured hardware 2

  3. AGC A/D DSP NDP Transitive Signal Authentication • Definition of “Transitive Signal Authentication” • A third party is interested in reading authentic position and time information from a person using GNSS for positioning • Applications for “Transitive Signal Authentication” • Ankle monitor / electronic tagging, road tolling, pay-as-you-drive insurance, … • Influence on Threat Models • Receiver chain must not be seen as a trustworthy entity • Implementation of hardware-security of entire equipment or sub-components aided by cryptographic security at its interfaces • Assumptions on (complicit-) spoofers capabilities • E.g. security code estimation or sample stream variation techniques

  4. AGC A/D DSP NDP Signal Authentication • Definition of “Signal Authentication” • A GNSS user is interested itself in receiving authentic signals to gain security on the derived time and position information • Applications for “Signal Authentication” • Aviation applications, personal navigation, precise farming (additional detection possibilities given by differential techniques), … • Influence on Threat Models • Receiver chain is considered as a trustworthy entity • User access to AGC, multilevel ADC must be available for the defender • Assumptions on spoofers capabilities for cryptographic spoofing detection • E.g. security code estimation or sample stream variation techniques

  5. Non-Cryptographic Spoofer Detection • Both the counterfeit and authentic signal will be received by the defender’s antenna / receiver • Complicit-spoofing has not to be considered and thus the counterfeit signal has to be transmitted via radio link • Signal cancellation is assumed to be very unlikely (although possible) • Antenna phase center position uncertainty • Oscillator frequency error prediction (spoofer & satellite) • Orbit error and ionospheric error prediction • Test for multiple signal instances (MSIs, Vestigial Signal Defense) • Masking of the authentic signal will be detectable by the defender • Monitoring both the signal power and noise power either gives proof of an insecure environment or guarantees a minimum C/N0 of the authentic signal within the user’s IF-stream

  6. Monitoring of Signal- and Noise Power • Signal power for spoofing detection • Calibration process elevation dependent for the expected C/N0 • Account for AGC-factor • Independent estimation of the IF-Sample’s signal and noise power • Distinctness to elemental variations of the signal power is not canonical / impractical C/N0 not applicable AGC • Monitoring signal power to assess efficiency of spoofing detection via multiple signal instances test • Coarse bounds provide thresholds for the main detection routines • Low false alarm rate • If certain remaining authentic signal power can not be guaranteed spoofing has to be assumed fully applicable

  7. Acquisition Techniques detecting MSIs • Parameter estimation for code delay and Doppler offset • Block acquisition techniques using FFT • Sensitivity and granularity tunable by different sample rates and integration times • False alarm probability can be reduced by handing detected signals to a tracking channel verifying the detection • Weaker detection capabilities in the vicinity of the momentarily tracked signal

  8. Multicorrelator Techniques detecting MSIs • Direct computation of the correlation power in the vicinity of the tracking point for several code delays • Frequency analysis on subsequent I&D values approximates 2-D correlator • Elimination of the tracked signal’s correlation peak • Small monitoring domain for reasonable computational effort • Excellent detection capabilities in the vicinity of the momentarily tracked signal

  9. Cryptographic Spoofer Detection • Testing for MSIs of encrypted ranging code signals barely practical • Parameter space for acquisition test only bounded by receiver clock uncertainty • 2-D multicorrelators not obtainable by simple frequency analysis • Regenerated secured signals with low / zero / negative latency are detectable via statistical hypothesis testing • Humphreys, T.E, "Detection Strategy for Cryptographic GNSS Anti-Spoofing“, IEEE Transactions on Aerospace and Electronic Systems, 2011, submitted for review • Regenerated secured signals with higher latency induce detectable receiver clock errors respectively are not able to displace a SCE type signal in track • Additional proper acquisition strategies (search earliest signals first) guarantee authentic signals

  10. Spoofing Detection vs. Spoofing Mitigation • Non-cryptographic signal based spoofing detection just detects spoofed environments but not spoofing signals • Spoofing – when monitored – acts as a denial of service attack • Spoofing influences availability and continuity of service budget • Cryptographic spoofing detection allows for detecting spoofing signals • Spoofing can securely be mitigated, but • Any spoofing device can easily act as jamming device and • Navigation message authentication schemes suffer a certain authentication delay • Sensor integration could provide signal source distinction even for unsecured signals

  11. Acknowledgments Parts of the work have been elaborated within the UniTaS IV project funded by the Bundesministerium für Wirtschaft und Technologie administered by the Deutsches Zentrum für Luft- und Raumfahrt FKZ 50 NA 0734 Travel grant provided by the Satellite Navigation University Network Project in cooperation with the G-TRAIN consortium

More Related