Open GNSS signal authentication based on the Galileo Commercial Service (CS)

摘要

GNSS authentication demand has been rapidly increasing in the last years, and the lack of system and signals providing embedded authentication led the development of receiver based solution or heuristic techniques to detect counterfeited signals. The opportunity of navigation data authentication has been considered in the last years, but still leaves a number of unresolved problems for making it a robust authentication technique, and vulnerabilities have been discussed. The Galileo Commercial Service represents an unexplored opportunity for GNSS signal authentication, providing full ranging code encryption access for commercial and civilian applications, with potential access to encryption keys on a fee basis when the system will be operational. It offers what can be defined robust authentication by leveraging the unpredictability characteristic of the signal when travelling in space and by preserving its secrecy and integrity when acquired, being invisible below the receiver thermal noise. A counter side of encrypted services is the cost and complexity of receivers, which might limit the commercial exploitation of authentication solutions for a number of mass markets. This work, which is part of the activities developed within the European GNSS Agency (GSA) STON (Secure Technologies based On location) project, presents an innovative approach for performing signal authentication of E1 signals with the Galileo CS signal, reducing the receiver cost to the minimum. The E6 CS signal is acquired together with the E1 untrusted PVT data on a hardware token, and an authentication server with access to the CS keys processes them remotely to verify the consistency. This paper presents the high-level architecture, the authentication algorithms and the preliminary results.