S. Cancela, J. Navarro, D. Calle, GMV, Spain; A. Dalla Chiara, I. Fernández-Hernández, G. Seco-Granados, UAB, Spain

View Abstract Sign in for premium content


Technological advances in the field of PNT have made our daily basis more dependent on accurate positioning services. Hence, the reliability, security and general protection of these services is becoming a trendy concern for governments. At present time, plenty of threats have been identified and demonstrated based on the current definition of the GNSS signals. As GNSS has become a key element in decisive infrastructures, improving the security of the GNSS signals against potential attacks and exploits, and finding PNT backups, are essential pillars of PNT policies. Focused on the former objective, the European GNSS Programmes are deeply involved in researching new protection methods for the EGNSS positioning services. The NACSET project (Navigation Authentication through Commercial Service-Enhanced Terminals), launched at the beginning of 2017 and concluded in 2019, has evaluated signal authentication techniques against malicious attacks based on the Galileo signals. The project developed a platform to demonstrate the feasibility of signal authentication combined with receiver-based signal protection techniques. In particular, the platform uses the Galileo E1-B OS Navigation Message Authentication (OSNMA) signal and the E6-C Commercial Authentication Service (CAS) signal encrypted at spreading code level. These signals are used for two complementary purposes: first, an anti-replay protection technique which makes use of the unpredictable bits of the OSNMA data stream transmitted through the E1-B SIS; and second, a semi-autonomous signal authentication technique which makes use of the Galileo E6C encrypted signal together with the TESLA cryptographic keys contained in the OSNMA data. The E1-B anti-replay protection implemented at the receiver exploits some cryptographic information included in the OSNMA data stream that is unpredictable for a real-time attacker. The case assessed in this paper in the case of a zero-delay SCER (security code estimation and replay) attack in which the spoofer transmits a signal replica that is perfectly aligned with an already tracked true signal. In this case, the OSNMA unpredictable bits, encoded into unpredictable symbols, can be considered as ‘security codes’ and the attacker needs to estimate them on the fly. This imperfect estimation is analyzed to detect the attack. Compared to previous work, our current results show the effectiveness of the technique in fading environments, such as urban ones, including low and variable C/N0 and signal occlusions, which, to the knowledge of the authors, has not been reported to date. The results also assess the sensitivity to the number of symbols accumulated by the detector, particularized to Galileo OSNMA operational configurations. In order to demonstrate the functionality of the Anti-Replay technique, a SCER attack simulator has been developed. The simulator consists of two elements: a software module and the HackRF software-defined radio (SDR) platform. The SDR is used to transmit the signal samples previously generated by the software module. The software is able to generate both trusted and spoofed E1-B signals to simulate attack conditions, together with the emulation of various fading effects to test the technique performances. Different signal conditions have been also exercised to test the spoofing detection capability of the protection technique: open sky conditions and urban conditions. Also different attack conditions have been assessed in the different environments. The E6-C signal authentication protection is based on a novel technique, to the knowledge of the authors, which allows signal authentication in a semi-autonomous way, without any modification to the existing Galileo E1-B and E6-C signals, nor the storage of a secret cryptographic key in the security module. It is based on the principle of re-encrypted sequences, which consists of re-encrypting portions of the Galileo E6-C NAVSEC keystream with a key generated based on yet-undisclosed OSNMA TESLA keys, and pre-storing these portions in the receiver, for later use. When the keys are disclosed in the Galileo E1-B signal, the user will decrypt them, obtaining the replica and performing the correlation with a previously stored sample of the E6-C stream. By this method, the receiver can have the benefits of semi-autonomous signal authentication with the already existing Galileo signals, and without the storage of a secret key, nor a continuous connection to an assistance server. Autonomy can last as long as the period for which re-encrypted sequences are pre-stored in the receiver, i.e. up to several days or weeks. The re-encrypted sequences technique has been fully prototyped in the NACSET project, and its implementation and functional tests will be fully described for the first time in this paper. This technique is currently under analysis as the baseline for a possibly open signal authentication service offered by Galileo 1st Generation based on the existing Commercial Authentication Service (CAS) E6 signals. Therefore, its importance can be significant toward future authentication services.