Jason Anderson, Sherman Lo, Todd Walter, Stanford University

View Abstract Sign in for premium content


This work examines cryptographic design principles for next-generation GNSS signals that could provide a publicly authenticated ranging signal of comparable security to current encrypted signals. We discuss how any authentication of spreading codes must act as an effective bit-commitment authentication; therefore, we advocate and greedily apply Timed Efficient Stream Loss-tolerant Authentication (“TESLA”) to cryptography-first GNSS design. Since any authentication acts as bit-commitment authentication, greedily using TESLA provides additional features regarding bandwidth efficiency and loss-tolerances relevant to GNSS. Using those design principles, we suggest a new method to generate secure spreading codes and distribute the required cryptographic seeds as a case study on how a cryptography-first design methodology would guide the design of a ranging signal. Moreover, we suggest an alternative publicly authenticated signal achievable by merely modifying the re-keying procedure of existing symmetrically encrypted signals (e.g., GPS’s P(Y)-code, Galileo’s E6B/C signal). This modification would maintain the current, real-time secure use of current encrypted ranging signals while providing a critical infrastructure needed by aviation and autonomous vehicle stakeholders. We compare this method to other publicly authenticated ranging signals and make the case that our suggestion would be easier and faster to achieve because it requires no changes to existing signals. Finally, we suggest that future GNSS systems modularly separate signal purposes. One signal, or signals, could provide the best possible real-time unauthenticated service, unencumbered by applying cryptography. One signal could provide the best possible delayed cryptographic spoofing detection service, unencumbered by existing requirements of real-time signals.