security issues in next generation satellite systems
DESCRIPTION
Oscar Pozzobon Chris Wullems Prof. Kurt Kubik. Security issues in next generation satellite systems. 14/03/2005 CGSIC Meeting, Prague, Czech Republic. Introduction. GPS security issues today GNSS security issues in integration scenarios Need for trust quantification methods for civil uses - PowerPoint PPT PresentationTRANSCRIPT
14/03/2005 CGSIC Meeting, Prague, Czech Republic
Oscar Pozzobon
Chris Wullems
Prof. Kurt Kubik
Security issues in next generation satellite systems
CGSIC Meeting, Prague, Czech Republic
Introduction
GPS security issues today GNSS security issues in integration scenarios Need for trust quantification methods for civil
uses Levels of security obtainable using proposed
signal authentication methodsLevel of protection Performance
CGSIC Meeting, Prague, Czech Republic
Qascom Background
R&D on trusted locations systems R&D on trusted GNSS receivers
NavSec Consortium
Vulnerability assessment of critical infrastructures that rely on GNSS
CGSIC Meeting, Prague, Czech Republic
GNSS Security Policy
June 2004, US-Europe Agreement on GNSS Cooperation and Security
December 8, presidential policy on Space-Based Positioning, Navigation, and Time (PNT)
December 10, GPS and GLONASS cooperation GLONASS-M : Russia and India launching and
modernizing GLONASS.
CGSIC Meeting, Prague, Czech Republic
Civil GNSS Security Today
Non IntentionalIntegrity monitoring
systems
Intentional
Jamming
Spoofing
Jamming detection / mitigation / localization
techniques
Signal authentication techniques
CGSIC Meeting, Prague, Czech Republic
Future Civil GNSS Security Issues
Complexity of Integration with different signals and different security mechanisms (e.g. GPS + Galileo SoL)
Difficult for GPS user to quantify the total trust Need for security metrics
Integrity Monitoring StationGBAS (GRAS)
SBAS (WAAS, EGNOS)
DGPS Stations
GPSConstellation
GALILEOConstellation
Signal with authentication
Signal without authentication
Pseudolites System
System Complexity and Vulnerabilities
CGSIC Meeting, Prague, Czech Republic
Security Metrics What security level is needed? what security level can be achieved?
Non intentionalIntegrity monitoring
systems
Intentional
Jamming
Spoofing
Jamming detection / Mitigation / localization
techniques
Signal Authentication Techniques
CGSIC Meeting, Prague, Czech Republic
Integrity / Authenticity Performance Requirements for Critical Application
Time-to-alarm for SoL Integrity (non-intentional effects)
Time-to-alarm for malicious attacks? (Spoofing)
3 levels of security for GNSS:
No Security
Level 1: NMA (Navigation Message Authentication)
Level 2: SCE (Spreading Code Encryption)
CGSIC Meeting, Prague, Czech Republic
Level 1: NMA (Navigation Message Authentication)
Certified receiver is able to authenticate verify integrity of NAV messages using signature.
Authentication NAV messages are created on the ground and transmitted to the satellites for broadcast.
What is NMA? A Navigation Authentication Message include a digital signature
authenticating the other navigation messages (ephemeris, almanac data, etc)
Source: The Galilei Project: GALILEO Design Consolidation, 2003
CGSIC Meeting, Prague, Czech Republic
Level 1: NMA (Navigation Message Authentication)
What does NMA protect against?Protects against navigation message spoofing
Authenticates navigation messages (ephemeris, almanac data, etc) from satellites preventing a spoofer from generating navigation messages
Significantly increases complexity of spoofingMessages could be theoretically acquired by a receiver and
replayed over a simulated signal in order to spoof the Galileo signal - would require functionality not commonly found in commercial signal simulators, and would require operation to be performed within very small time window
Attack cost vs Attack outcome
CGSIC Meeting, Prague, Czech Republic
Level 1: NMA (Navigation Message Authentication) Performance of NMA
Time-to-alarm of authentication/integrity failure?Depending on signal data rates and ANM repetition rateGPS L2C – 25bps
Minimum Authentication time = 1,6 minutes with cert obtained in 5,6 minutes*
More realistic scenario = approx 5 minutes, longer cert collection time
Galileo E1-L1-E2 – 125bps / E5a – 25bps / E5b – 125bpsPotentially better performance (unknown NAV message
structure / only projected data rates)NMA performance characteristics may be outside time-to-
alarm requirementsSuitable for dangerous goods tracking, but not for time-
critical applications*Based on ECCDSA 160bit / CNAV message structure (ICD-GPS-200C) with 48 second frame message sequencing
CGSIC Meeting, Prague, Czech Republic
Level 2: SCE (Spreading Code Encryption)
What is SCE?CDMA code is kept secret and can only be derived
using a symmetric keySymmetric keys can be distributed using PKI and
asymmetric encryption techniquesGPS P(Y) code uses declassified black keying
infrastructure for key distribution
CGSIC Meeting, Prague, Czech Republic
Level 2: SCE (Spreading Code Encryption)
What does it protect against? Protects against signal spoofing and navigation data
spoofing Users without key are denied access; Spoofed signal
acquisition is virtually impossible as CDMA code is unknown to an attacker
Time-to-alarm requirements of are easily met for both intentional and non-intentional integrity failures
CGSIC Meeting, Prague, Czech Republic
Level 2: SCE (Spreading Code Encryption)
Proposed usage in GalileoCommercial Service (CS)Public Regulated Service (PRS)Implementation is unknown – expected to be similar
to US black-key infrastructure
CGSIC Meeting, Prague, Czech Republic
Conclusions
Current civil GNSS security do not prevent spoofing There is a need for signal authentication to prevent
malicious attacks such as spoofing It appears as though L2C will not provide NMA or SCE Galileo proposals for SoL indicate NMA may be included NMA alone may not provide the required performance for SoL
time-to-alarm CS and SoL provide different quality of service guarantees
Civil signal authentication is a challenge for next generation satellite systems
Need for metrics to quantify security of complex integrated systems