On SBAS Authentication with OTAR Schemes

Jason Anderson, Sherman Lo, Andrew Neish, Todd Walter

Abstract: Herein we delineate a complete Satellite-Based Augmentation System (“SBAS”) authentication scheme, including over-the-air re-keying (“OTAR”), that uses Elliptic Curve Digital Signature Algorithm (“ECDSA”) and Timed Efficient Stream Loss Tolerant Authentication (“TESLA”) without using the Quadrature (“Q”) channel. This scheme appends two new message types (”MT”) to the SBAS scheduler without overburdening the SBAS message schedule. We take special care to make our scheme (1) meet appropriate security requirements to prevent and deter spoofing; (2) compatible with existing cryptographic standards; (3) flexible, expandable, and future proof to different cryptographic and implementation schemes; and (4) backward compatible with legacy receivers. The scheme accommodates a diverse set of features, including authenticating core-constellation ephemerides. The scheme requires loose time synchronization between the receiver and the provider, and we assert reasonable mitigation strategies to prevent attacks to that assumption. This work also discusses the SBAS provider and receiver machine state and startup, including aircraft that traverse differing SBAS coverage areas. We test our scheme with existing SBAS simulation and analysis tools to show negligible effects on SBAS availability and continuity requirements.
Published in: Proceedings of the 34th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2021)
September 20 - 24, 2021
Union Station Hotel
St. Louis, Missouri
Pages: 4288 - 4304
Cite this article: Anderson, Jason, Lo, Sherman, Neish, Andrew, Walter, Todd, "On SBAS Authentication with OTAR Schemes," Proceedings of the 34th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2021), St. Louis, Missouri, September 2021, pp. 4288-4304.
https://doi.org/10.33012/2021.18132
Full Paper: ION Members/Non-Members: 1 Download Credit
Sign In