14/03/2005 CGSIC Meeting, Prague, Czech Republic

Oscar Pozzobon

Chris Wullems

Prof. Kurt Kubik

Security issues in next generation satellite systems

CGSIC Meeting, Prague, Czech Republic

Introduction

GPS security issues today GNSS security issues in integration scenarios Need for trust quantification methods for civil

uses Levels of security obtainable using proposed

signal authentication methodsLevel of protection Performance

CGSIC Meeting, Prague, Czech Republic

Qascom Background

R&D on trusted locations systems R&D on trusted GNSS receivers

NavSec Consortium

Vulnerability assessment of critical infrastructures that rely on GNSS

CGSIC Meeting, Prague, Czech Republic

GNSS Security Policy

June 2004, US-Europe Agreement on GNSS Cooperation and Security

December 8, presidential policy on Space-Based Positioning, Navigation, and Time (PNT)

December 10, GPS and GLONASS cooperation GLONASS-M : Russia and India launching and

modernizing GLONASS.

CGSIC Meeting, Prague, Czech Republic

Civil GNSS Security Today

Non IntentionalIntegrity monitoring

systems

Intentional

Jamming

Spoofing

Jamming detection / mitigation / localization

techniques

Signal authentication techniques

CGSIC Meeting, Prague, Czech Republic

Future Civil GNSS Security Issues

Complexity of Integration with different signals and different security mechanisms (e.g. GPS + Galileo SoL)

Difficult for GPS user to quantify the total trust Need for security metrics

Integrity Monitoring StationGBAS (GRAS)

SBAS (WAAS, EGNOS)

DGPS Stations

GPSConstellation

GALILEOConstellation

Signal with authentication

Signal without authentication

Pseudolites System

System Complexity and Vulnerabilities

CGSIC Meeting, Prague, Czech Republic

Security Metrics What security level is needed? what security level can be achieved?

Non intentionalIntegrity monitoring

systems

Intentional

Jamming

Spoofing

Jamming detection / Mitigation / localization

techniques

Signal Authentication Techniques

CGSIC Meeting, Prague, Czech Republic

Integrity / Authenticity Performance Requirements for Critical Application

Time-to-alarm for SoL Integrity (non-intentional effects)

Time-to-alarm for malicious attacks? (Spoofing)

3 levels of security for GNSS:

No Security

Level 1: NMA (Navigation Message Authentication)

Level 2: SCE (Spreading Code Encryption)

CGSIC Meeting, Prague, Czech Republic

Level 1: NMA (Navigation Message Authentication)

Certified receiver is able to authenticate verify integrity of NAV messages using signature.

Authentication NAV messages are created on the ground and transmitted to the satellites for broadcast.

What is NMA? A Navigation Authentication Message include a digital signature

authenticating the other navigation messages (ephemeris, almanac data, etc)

Source: The Galilei Project: GALILEO Design Consolidation, 2003

CGSIC Meeting, Prague, Czech Republic

Level 1: NMA (Navigation Message Authentication)

What does NMA protect against?Protects against navigation message spoofing

Authenticates navigation messages (ephemeris, almanac data, etc) from satellites preventing a spoofer from generating navigation messages

Significantly increases complexity of spoofingMessages could be theoretically acquired by a receiver and

replayed over a simulated signal in order to spoof the Galileo signal - would require functionality not commonly found in commercial signal simulators, and would require operation to be performed within very small time window

Attack cost vs Attack outcome

CGSIC Meeting, Prague, Czech Republic

Level 1: NMA (Navigation Message Authentication) Performance of NMA

Time-to-alarm of authentication/integrity failure?Depending on signal data rates and ANM repetition rateGPS L2C – 25bps

Minimum Authentication time = 1,6 minutes with cert obtained in 5,6 minutes*

More realistic scenario = approx 5 minutes, longer cert collection time

Galileo E1-L1-E2 – 125bps / E5a – 25bps / E5b – 125bpsPotentially better performance (unknown NAV message

structure / only projected data rates)NMA performance characteristics may be outside time-to-

alarm requirementsSuitable for dangerous goods tracking, but not for time-

critical applications*Based on ECCDSA 160bit / CNAV message structure (ICD-GPS-200C) with 48 second frame message sequencing

CGSIC Meeting, Prague, Czech Republic

Level 2: SCE (Spreading Code Encryption)

What is SCE?CDMA code is kept secret and can only be derived

using a symmetric keySymmetric keys can be distributed using PKI and

asymmetric encryption techniquesGPS P(Y) code uses declassified black keying

infrastructure for key distribution

CGSIC Meeting, Prague, Czech Republic

Level 2: SCE (Spreading Code Encryption)

What does it protect against? Protects against signal spoofing and navigation data

spoofing Users without key are denied access; Spoofed signal

acquisition is virtually impossible as CDMA code is unknown to an attacker

Time-to-alarm requirements of are easily met for both intentional and non-intentional integrity failures

CGSIC Meeting, Prague, Czech Republic

Level 2: SCE (Spreading Code Encryption)

Proposed usage in GalileoCommercial Service (CS)Public Regulated Service (PRS)Implementation is unknown – expected to be similar

to US black-key infrastructure

CGSIC Meeting, Prague, Czech Republic

Conclusions

Current civil GNSS security do not prevent spoofing There is a need for signal authentication to prevent

malicious attacks such as spoofing It appears as though L2C will not provide NMA or SCE Galileo proposals for SoL indicate NMA may be included NMA alone may not provide the required performance for SoL

time-to-alarm CS and SoL provide different quality of service guarantees

Civil signal authentication is a challenge for next generation satellite systems

Need for metrics to quantify security of complex integrated systems

Oscar Pozzobono.pozzobon@qascom.com

Chris Wullemsc.wullems@qascom.com

Questions?