Previous Abstract Return to Session C3 Next Abstract

Session C3: Spectrum: Protection and Optimization

A Software Solution for Assisted Signal Authentication
M. A. Ramírez, A. Chamorro, S. Cancela, D. Calle, GMV
Date/Time: Thursday, Sep. 14, 11:03 a.m.

GNSS services have become an essential component for a diverse range of applications in our daily lives. These include mass-market applications such as sports tracking and user guidance, liability-critical applications such as banking and telecommunication time synchronization, as well as safety critical services such as aviation and automotive-related solutions, all of which rely heavily on GNSS. However, the tremendous growth witnessed over the last decade has put GNSS in the crosshairs of attackers seeking to compromise its reliability and security.
The Galileo program is working in future enhanced services, complementing the Galileo Open Service Navigation Message Authentication (OSNMA) with signal authentication through the Commercial Service signals. In the frame of this activities, a semi-assisted signal authentication concept is defined ([1]) as the Galileo Assisted Commercial Authentication Service (ACAS). In order to protect pseudoranges from replay attacks, the pseudoranges can include authentication features. Ideally, these authentication features can be implemented at spreading-code level, using spreading code encryption on a GNSS signal to be able to perform Spreading Code Authentication. The ACAS service is based on the re-encryption and publication of spreading sequences of short duration (e.g. milliseconds) from an already existing encrypted signal. In this case, the Galileo Commercial service E6C signal. After the sequences are transmitted in the signal-in-space, the OSNMA signal broadcasts a cryptographic key that allows the decryption of the sequences and the a-posteriori correlation at the receiver. This re-encryption process allows the receiver to retrieve the required number of file sequences it needs for autonomous operations during the period of time the sequences will be applicable without the need of continuous communication with an external server.
Based on the description of [1] and [2], this paper describes a commercial software solution implementing this ACAS service and focused on being able to be integrated for a wide number of applications. This software is in charge of retrieving the spreading sequences and decrypting them using the OSNMA keys transmitted through the Signal-In-Space (SIS). The sequences are to be correlated against signal recordings to compute authenticated pseudoranges. This software solution can be integrated using different elements to perform the signal recordings, from GNSS receivers to Software Defined Radio (SDR) elements. From this point onwards, the software module implements different modes of authentication based on signal acquisition processes using FFT-based circular convolution method obtaining the code phase and Doppler, comparison of pseudoranges between authentic E6 pseudoranges and OS E1 pseudoranges applying Broadcast Group Delay (BGD) corrections and computation of an authentic PVT using OSNMA authentic navigation and authentic E6 pseudoranges.
Throughout this paper a detailed description of the ACAS software solution implemented will be presented together with several integrations of the software for different use cases. In addition, the solution will be tested both using encrypted signal generation in nominal and adverse scenarios together with Signal-In-Space tests to demonstrate its robustness in a real time operational scenario. Results will be presented using different key performance indicators and conclusions will be derived based on the statistical analysis of the indicators. The conclusions will be focused on assessing the performance of the ACAS software solution and demonstrate its capabilities in real scenarios in addition with conclusions for further work and improvements on its authentication capabilities.
[1] I. Fernandez-Hernandez, S. Cancela, R. Terris-Gallego et al., "Semi-Assisted Signal Authentication Based on Galileo ACAS", arXiv preprint, 2022
[2] R. Terris-Gallego, I. Fernandez-Hernandez, J. A. López-Salcedo and G. Seco-Granados, "Guidelines for Galileo Assisted Commercial Authentication Service Implementation," 2022 International Conference on Localization and GNSS (ICL-GNSS), Tampere, Finland, 2022, pp. 01-07, doi: 10.1109/ICL-GNSS54081.2022.9797027.



Previous Abstract Return to Session C3 Next Abstract