Evaluation for BDSBAS Single-Frequency Service Assisted by Data Authentication
Xiaoshuang Li, Kun Fang, Hongwen Wang, Shujing Wang, Zhipeng Wang, Beihang University
Location: Beacon A
Satellite-Based Augmentation Systems (SBAS) was initially proposed to enhance accuracy and integrity in civil aviation navigation. SBAS monitors core constellation signals through a network of reference receivers distributed across continental areas and broadcasts corrections and integrity information via geostationary satellites to end users[1]. This system aims to meet the accuracy and integrity requirements of Category I (CAT-I) operations. However, as the threats posed by jamming and spoofing incidents continue to increase, SBAS users may be vulnerable to spoofing interference. In recent years, the International Civil Aviation Organization (ICAO) has been actively discussing and researching data authentication measures for SBAS to mitigate the impact of spoofing attacks[2].
Similar to Global Navigation Satellite System (GNSS) signals, the power of SBAS signals reaching the ground is very weak, approximately only -160 dBW. Additionally, SBAS signals have publicly available Interface Control Documents (ICDs) that enable users to develop receivers. Due to the relatively low power and fully open signal format, spoofers can counterfeit SBAS signals using software-defined radio techniques. Compared to meaconing, the risks associated with spoofing interference are even greater; if the message content is counterfeited, the user’s receiver may still accept and utilize SBAS augmentation information without spoofing detection. This situation could increase positioning errors for users, leading to severe integrity events. To protect the integrity of SBAS messages, several authentication schemes have been proposed by researchers worldwide in recent years[3]. Among these, the Time-Efficient Loss-tolerant Authentication (TESLA) protocol-based scheme developed by Stanford University continues to be refined and standardized, and has been preliminarily accepted by the International Civil Aviation Organization (ICAO) as part of its Standards and Recommended Practices (SARPs). Although these authentication techniques are relatively mature, several important aspects require refinement[4]. From the service provider's perspective, the BDSBAS single-frequency service is currently undergoing a technical review. Upon successful completion of this review, approval will be granted to officially provide the BDSBAS single-frequency service to aviation users. It is essential to consider a single-frequency authentication system that is suitable for BDSBAS. From the end user's perspective, methods for handling authentication messages and conducting evaluation experiments still need to be developed. To advance the authentication capabilities of BDSBAS, it is necessary to evaluate the impact of the current authentication scheme on the processing of the BDSBAS B1C signal.
This paper primarily investigates the authentication model for the BDSBAS Single-frequency Service and evaluates receiver performance methods. First, an authentication scheme based on Chinese commercial cryptography SM3 cryptographic hash algorithm is proposed to implement on current unauthenticated BDSBAS single-frequency signals. Second, a state transition model of SBAS receivers is selected and developed under various GNSS signal processing procedures. Subsequently, key performance indicators (KPIs) focusing on positioning and authentication performance are developed. Finally, the proposed modeling and evaluation method is validated using collected BDSBAS B1C intermediate frequency data.
The main research content includes the following parts:
First, an SBAS single-frequency service data authentication scheme based on Chinese commercial cryptography is developed. Several SBAS message authentication protocols have been proposed in recent years[3], most of which support both single-frequency and dual-frequency signals. This paper focuses on a single-frequency data authentication scheme for BDSBAS B1C signals. Authentication message bandwidth and latency are critical factors in protocol design. The current single-frequency SBAS message content occupies excessive bandwidth; therefore, the proposed solution aims to minimize bandwidth usage[5] and optimize the existing message formatting. After evaluating these factors, the Stanford University I-channel L1 implementation emerges as the most suitable scheme[3]. In this implementation, one authentication message is produced for every five successive unauthenticated messages, resulting in a designed time between authentications (TBA) of 6 seconds. To address the current absence of an SBAS message authorization and authentication system based on Chinese commercial cryptography, this paper proposes a scheme that combines the SM3 cryptographic hash algorithm with the TESLA protocol to create a message authentication mechanism. Additionally, authentication message streams have been generated based on the SBAS message data broadcasted by the BeiDou GEO satellite's B1C signal.
Second, the transition model of receiver authentication states is evaluated. Typically, SBAS message content is used in the user position solution only after authentication, a process known as “Authenticate then Use” (ATU) paradigm. However, due to SBAS integrity information’s Time To Alert (TTA) of 6 seconds[6], these messages may be utilized prior to authentication. Receivers generally need to operate for a period before employing SBAS for positioning corrections; thus, Receiver Autonomous Integrity Monitoring (RAIM) can provide integrity before SBAS implementation. Generally, the SBAS message contents broadcast by the three BeiDou GEO satellites are identical. However, under varying reception conditions, the received content may differ. Consequently, it is essential to establish a selection strategy for receivers to utilize signals from different GEO satellites. According to the newly updated SBAS authentication state diagram, receivers can initially operate in an Aircraft Based Augmentation System (ABAS) mode, employing RAIM in single-frequency operation. Once SBAS is ready, they can transition to utilizing SBAS systems that offer authentication within the ATU framework or those lacking authentication capabilities. Using authenticated SBAS data instills confidence that the information received was genuinely transmitted by the SBAS system rather than being spoofed. However, the authentication of SBAS data does not guarantee that the signal is received directly from the SBAS satellite, nor does it ensure that the other GNSS signals processed by the receiver are authentic direct-path signals. Therefore, it is necessary to establish a spoofing detection mechanism within the authentication model. These considerations are incorporated into our software-defined receiver (SDR) which can complete the entire authentication process.
Subsequently, KPIs related to the authentication and positioning processes are defined. The Authentication Error Rate (AER) is defined as the proportion of “authentication failure” events and “authentication unavailable” events to all authentication events, measuring the robustness of navigation message authentication schemes against channel errors in the absence of external attacks, primarily depending on the bit error rate of the transmission channel. TBA is defined as the interval between authentications, and is considered a design parameter since it is typically a constant value. However, due to the occurrence of “authentication failure” and “authentication unavailable” events, TBA often becomes an indeterminate value greater than 6 seconds, reflecting the efficiency of the authentication process. Moreover, SBAS is subject to transmission rate limitations, and incorporating authentication messages necessitates adjustments to the layout of the original messages. This adjustment may extend the broadcast cycle of the valid messages, potentially degrading the SBAS service performance. Furthermore, if the addition of an authentication service results in an “authentication failure” event, the corresponding enhancement messages become “unsecure” and cannot be used subsequently, further reducing system performance. Therefore, a quantitative analysis of the changes in SBAS service performance before and after introducing the authentication service is essential. This paper investigates the impact of the authentication service on original SBAS performance by calculating positioning accuracy and protection levels in parallel experiments.
The proposed authentication modeling and evaluation method is validated using real measured data. Under SBAS augmentation conditions, the user receiver can provide the current corrected position and protection level in real-time. For the authentication function, KPIs such as AER and TBA are assessed. This study involves the collection of SBAS BIC and GPS intermediate frequency signals under varying reception conditions including open environments and urban canyons, with the signals being acquired and tracked. The demodulated SBAS messages are integrated with the proposed authentication scheme, followed by functional testing and performance evaluation. The results indicate that the proposed authentication solution performs effectively when positioning is augmented by BDSBAS B1C signals and all related KPIs are evaluated.
[1] Walter T. Satellite-Based Augmentation Systems (SBASs)[M]//Position, Navigation, and Timing Technologies in the 21st Century. John Wiley & Sons, Ltd, 2020: 277-306.
[2] Wullems C, Tosato L, Pozza D, et al. SBAS Authentication Concepts and Trade-offs[C]//35th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2022). Denver, Colorado, 2022: 69-88.
[3] Fernández-Hernández I, Walter T, Neish A M, et al. SBAS Message Authentication: A review of Protocols, Figures of Merit and Standardization Plans[C]//2021 International Technical Meeting of The Institute of Navigation. Online, 2021: 111-124.
[4] Walter T, Anderson J, Lo S. Implementation of Data Authentication on SBAS[C]//Proceedings of the ION 2024 Pacific PNT Meeting. 2024: 709-721.
[5] Sakai T, Kitamura M, Kezuka A. Prototyping Message Authentication on L1 SBAS[C]//Proceedings of the 36th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2023). 2023: 1156-1162.
[6] DO-229F - Electronic[EB/OL]//RTCA. [2024-09-29]. https://www.rtca.org/products/do-229f-electronic/.