Implementation of Data Authentication on SBAS

Todd Walter, Jason Anderson, and Sherman Lo

Peer Reviewed

Abstract: Navigation message authentication has been proposed for Satellite Based Augmentation Systems (SBAS) as a means to mitigate a potential threat that could create hazardously misleading information. The SBAS corrections are a trusted source of differential Global Navigation Satellite System (GNSS) corrections and confidence levels. Currently they have no means of protection, and an aircraft will accept any properly formatted signal that it receives. As the signal design is fully open and easily accessible, it is possible for adversarial parties to generate signals impersonating official SBAS providers. Message authentication has been proposed that would add digital signatures such that the data content can be rigorously traced back to the intended trusted source. An initial scheme was proposed in 2019 based upon the Time-Efficient Loss-tolerant Authentication (TESLA) scheme [1]. This method continues to be refined and evaluated. While many aspects of the L1 SBAS message authentication scheme are mature [2], there are still several details still to be harmonized. The use of TESLA to implement the signatures is by now well-agreed to, as is the concept to establish the root of trust using asymmetric elliptic curve cryptography. Several countries have performed preliminary prototyping and agree that the overall concept is feasible. Development of the International Civil Aviation Organization (ICAO) Standards and Recommended Practices (SARPs) has been initiated, but development of the receiver Minimum Operational Performance Standard (MOPS) is on hold. Outreach has been established to the recently founded ICAO Trust Framework Panel (TFP), to help vet the TESLA scheme and to establish the key management and they participate in our teleconferences. A roadmap for the ICAO ad hoc authentication working group is well underway. This paper provides an overview of this TESLA scheme and provides a description of different options for increasing the security provided by the signature message as well as defining a proposed method to be robust against missing messages. Additionally we describe how to retain security when the signature messages are delayed due to SBAS alert messages.
Published in: Proceedings of the ION 2024 Pacific PNT Meeting
April 15 - 18, 2024
Hilton Waikiki Beach
Honolulu, Hawaii
Pages: 709 - 721
Cite this article: Walter, Todd, Anderson, Jason, Lo, Sherman, "Implementation of Data Authentication on SBAS," Proceedings of the ION 2024 Pacific PNT Meeting, Honolulu, Hawaii, April 2024, pp. 709-721. https://doi.org/10.33012/2024.19631
Full Paper: ION Members/Non-Members: 1 Download Credit
Sign In