Previous Abstract Return to Session F3b Next Abstract

Session F3b: GNSS Robustness to Vulnerabilities 1

SBAS Data Authentication Scheme on Q-Channel Based on Digital Signatures
Ivan Lapin, Jaron Samson, Gianluca Caparra, Radio Navigation Systems and Techniques Section, European Space Agency; Matthew Dibb, System Security Engineering Section, European Space Agency; Jean-Christophe Denis, EGNOS Project Office, European Space Agency; Cyrille Boulanger, Centre National d'Études Spatiales; Mikael Mabilleau, Ettore Canestri, European Union Agency for Space Programme
Date/Time: Thursday, Sep. 19, 8:57 a.m.

Peer Reviewed

A novel data authentication scheme for the satellite-based augmentation system (SBAS) called DS-Q is proposed and evaluated. The scheme is based on the transmission of cryptographically secure digital signatures on SBAS L1 and SBAS L5 Q-channels, allowing the SBAS user to verify the authenticity of SBAS messages on the I-channel without any latency and without impacting message timeouts, scheduling, or service performance. DS-Q is derived using a three-step top-down process that avoids taking the available data bandwidth of SBAS signals as the main driver of the data authentication scheme. As the first step, twelve needs for an SBAS data authentication function from the system and user perspective are formulated, requiring the scheme to be secure, non-intrusive, and flexible. As the second step, the design of DS-Q is proposed, which includes SBAS data authentication message (DAM), protocol logic, and over-the-air rekeying (OTAR) mechanism. To fit the generated digital signatures into a single DAM, the feasibility of implementing an alternative signal modulation on the Q-channel providing a data rate of at least 600 bit/s is discussed. As the last step, DS-Q is qualitatively evaluated with respect to the needs formulated in the first step, showing it meets all but one need, which cannot be met by any SBAS data authentication scheme as it requires the protection of the SBAS user against meaconing or spoofing attacks targeting GNSS core constellations. The scheme presented in this work represents a valid complementary solution to be considered for a longer-term evolution of the SBAS standards. DS-Q should not preclude the possibility of standardizing the current I-channel solution discussed at the International Civil Aviation Organization (ICAO) or pursuing alternative solutions, such as signal authentication or user-based solutions.



Previous Abstract Return to Session F3b Next Abstract