Abstract
Intentional interference, and in particular GNSS spoofing, is currently one of the most significant concerns of the positioning, navigation and timing community. With the adoption of Open Service Navigation Message Authentication (OSNMA) in Galileo, the E1B signal component will continuously broadcast unpredictable cryptographic data. This allows GNSS receivers not only to ensure the authenticity of data origin but also to detect replay spoofing attacks for receivers already tracking real signals with relatively good visibility conditions. Since the spoofer needs to estimate the unpredictable bits introduced by OSNMA with almost zero delay in order to perform a Security Code Estimation and Replay (SCER) attack, the spoofer unavoidably introduces a slight distortion into the signal, which can be the basis of a spoofing detector. In this work, we propose five detectors based on partial correlations of GNSS signals obtained over predictable and unpredictable parts of the signals. We evaluate them in a wide set of test cases, including different types of receiver and spoofing conditions. The results show that one of the detectors is consistently superior to the others, and it is able to detect SCER attacks with a high probability even in favorable conditions for the spoofer. Finally, we discuss some practical considerations for implementing the proposed detector in receivers, in particular when the Galileo OSNMA message structure is used.
Similar content being viewed by others
Data availability
No specific datasets are needed to obtain the results of this paper.
References
Arndt D, Heyn T, Konig J, Ihlow A, Heuberger A, Prieto-Cerdeira R, Eberlein E (2012) Extended two-state narrowband LMS propagation model for S-band. In: Proceedings of the IEEE international symposium on broadband multimedia systems and broadcasting, Seoul, 2012, pp 1–6, https://doi.org/10.1109/BMSB.2012.6264301
Beard R, Senior K (2017) Clocks. In: Teunissen PJG, Montenbruck O (eds) Springer handbook of global navigation satellite systems. Springer, Cham
Cancela S, Calle JD, Fernández-Hernández I (2019) CPU consumption analysis of TESLA-based navigation message authentication. In: European navigation conference (ENC), Warsaw, Poland, 2019, pp 1–6, https://doi.org/10.1109/EURONAV.2019.8714171
Caparra G, Ceccato S, Laurenti N, Cramer J (2017) Feasibility and limitations of self-spoofing attacks on GNSS signals with message authentication. In: Proceedings of the ION GNSS 2017, Institute of Navigation, Oregon, Portland, USA, September 25–29, pp 3968–3984. https://doi.org/10.33012/2017.15402
Curran J, O’Driscoll C (2016) Message authentication, channel coding & anti-spoofing. In: Proceeding of the. ION GNSS 2016, Institute of Navigation, Oregon, Portland, USA, September 12–16, pp 2948–2959. https://doi.org/10.33012/2016.14670
European Union (2016) OSSISICD: Open service signal in space interface control document, Issue 1.3, https://www.gsc-europa.eu/sites/default/files/sites/all/files/Galileo-OS-SIS-ICD.pdf
Fernández-Hernández I, Seco-Granados G (2016) Galileo NMA signal unpredictability and anti-replay protection. In: Proceedings of the international conference on localization and GNSS (ICL-GNSS), Barcelona, 2016, pp 1–5, https://doi.org/10.1109/ICL-GNSS.2016.7533686
Fernández-Hernández I, Rijmen V, Seco-Granados G, Simon J, Rodriguez I, Calle JD (2016) A navigation message authentication proposal for the galileo open service. Navigation 63(1):85–102. https://doi.org/10.1002/navi.125
Gomez-Casco D, Lopez-Salcedo JA, Seco-Granados G (2018) C/N0 estimators for high-sensitivity snapshot GNSS receivers. GPS Solut 22:122. https://doi.org/10.1007/s10291-018-0786-y
Hegarty C, O’Hanlon B, Odeh A, Shallberg K, Flake J (2019) Spoofing detection in GNSS receivers through cross-ambiguity function monitoring. Proceedings of the ION GNSS 2019, Institute of Navigation, Miami, Florida, USA, September 16–20, pp 920–942, https://doi.org/10.33012/2019.16986
Humphreys T (2013) Detection strategy for cryptographic GNSS anti-spoofing. IEEE Trans Aerosp Electron Syst 49(2):1073–1090. https://doi.org/10.1109/TAES.2013.6494400
Humphreys T (2015) Texbat Data Sets 7 and 8. Technical Report. http://radionavlab.ae.utexas.edu/datastore/texbat/texbat_ds7_and_ds8.pdf
Neish A, Walter T, Enge P (2019) Quantum-resistant authentication algorithms for satellite-based augmentation systems. Navigation 66(1):199–209. https://doi.org/10.1002/navi.287
Perrig A, Canetti R, Tygar J, Song D (2000) Efficient authentication and signing of multicast streams over lossy channels. In: Proceedings of the IEEE symposium on security and privacy, May 2000, pp 56–73. https://doi.org/10.1109/SECPRI.2000.848446.
Prieto-Cerdeira R, Perez-Fontan F, Burzigotti P, Bolea-Alamañac A, Sanchez-Lago I (2010) Versatile two-state land mobile satellite channel model with first application to DVB-SH analysis. Int J Satell Commun Network 28(5–6):291–315. https://doi.org/10.1002/sat.964
Psiaki ML, Humphreys T (2016) GNSS spoofing and detection. Proc IEEE 104(6):1258–1270. https://doi.org/10.1109/JPROC.2016.2526658
Van Dierendonck A (1996) GPS receivers. In: Parkinson B, Spliker J (eds) Global positioning system: theory and applications. American Institute of Aeronautics and Astronautis, Virginia, pp 329–408
Acknowledgements
This work was supported in part by the European GNSS Agency (GSA) framework contract GSA/OP/12/26/Lot.1, and in part by the Research and Development Projects of Spanish Ministry of Science, Innovation, and Universities under Grants TEC2017-89925-R and TEC2017-90808-REDT, and by the ICREA Academia Program.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Seco-Granados, G., Gómez-Casco, D., López-Salcedo, J.A. et al. Detection of replay attacks to GNSS based on partial correlations and authentication data unpredictability. GPS Solut 25, 33 (2021). https://doi.org/10.1007/s10291-020-01049-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10291-020-01049-z