Jason Anderson, Sherman Lo, Todd Walter, Stanford University

View Abstract Sign in for premium content


Herein, we delineate and suggest mitigations for a critical security attack involving the time synchronization requirement of any broadcast-only Timed-Efficient Stream Loss-tolerant Authentication (“TESLA”) scheme, including those in development for many Global Navigation Satellite Systems (“GNSS”). TESLA’s bandwidth efficiency and loss-tolerant properties are advantageous, even necessary, to provide GNSS cryptographic authentication security on data channels and ranging signals. TESLA presumes a loose-time synchronization assumption, and receivers must externally (i.e., via an out-of-band channel) verify this assumption (e.g., at startup, routine maintenance, routinely) to assert authentication security. However, the combination of (1) TESLA’s adaptation to the broadcast-only context and (2) the current network timing synchronization standards lends to an attack that could allow receivers to accept forgeries. The time synchronization protocol must be modified to mitigate this threat. We show this attack’s concrete feasibility using data from a study conducted on a Network Time Protocol (“NTP”) server.