Prototyping Message Authentication on L1 SBAS

Takeyasu Sakai, Mitsunori Kitamura, Atsushi Kezuka

Abstract: The SBAS (satellite-based augmentation system) is the international standard system for global satellite-based navigation. The SBAS augments GNSS to support the most safety-critical application, i.e., aviation, through providing very high level of integrity. Today the SBAS is widely used as a seamless navigation measure covering enroute and terminal navigation to precision approach guidance. Japan has been operating the SBAS called MSAS (Michibiki Satellite Augmentation System) since 2007. Recently the ICAO NSP (Navigation Systems Panel) has been investigating authentication scheme for SBAS as a security measure. Originally it was discussed to implement by L5 SBAS Q-channel, however, the latest discussion is based on L1 and L5 SBAS I-channel. This means the authentication messages can be transmitted by the current L1 SBAS as well as future L5 SBAS. The key technique to enable SBAS authentication is the digital signature. A receiver can verify that the signal is transmitted by the trusted source with the digital signature of the SBAS message. Due to the limitation of available bandwidth, TESLA (Timed Efficient Stream Loss-tolerant Authentication) protocol and ECDSA (Elliptic Curve Digital Signature Algorithm) are used like Galileo OS-NMA (Open Service - Navigation Message Authentication). A new Message Type 20 will be defined to bring MAC (Message Authentication Code) of five preceding messages and keychain of TESLA hash function every six seconds. Message Type 21 will provide ECDSA public keys signed by the SBAS provider. Key information is managed with layered architecture to ensure required level of tolerance. The authors have developed a prototype of SBAS authentication message generator named MIVEX-AUTH (MSAS V4 Experiment - Authentication). The prototype generates authentication messages, Message Type 20 and Message Type 21, based on the first draft of the standards being discussed at the ICAO NSP. A purpose to develop the prototype is promotion of the interoperability among SBAS providers to prevent misinterpretation and/or erroneous parameters of the standards between service providers and between receiver manufacturers. Exchange of actual message generated by the prototype will reveal missing descriptions in the standards. Another purpose of the prototype is investigation of adaptability of the authentication messages to the current L1 SBAS, especially MSAS in our case. Message Type 20 and Message Type 21 require 30% of bandwidth based on the draft standards. It is necessary to modify the message sequence of the current L1 SBAS because it does not have enough space for authentication messages. Among candidate methods to reduce the number of messages for the current system without authentication, usage of Message Type 6 is the most effective through reduction of fast corrections. The prototype replaces some Message Types 2 to 5 by Message Type 6 and creates space for Message Types 20 and 21. The prototyping is completed and end-to-end test with receiver side software has been conducted. The test results confirms that the prototype is fully functional based on the draft standards as designed and works well to generate authentication messages for L1 SBAS.
Published in: Proceedings of the 36th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2023)
September 11 - 15, 2023
Hyatt Regency Denver
Denver, Colorado
Pages: 1156 - 1162
Cite this article: Sakai, Takeyasu, Kitamura, Mitsunori, Kezuka, Atsushi, "Prototyping Message Authentication on L1 SBAS," Proceedings of the 36th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2023), Denver, Colorado, September 2023, pp. 1156-1162.
Full Paper: ION Members/Non-Members: 1 Download Credit
Sign In