In the proposals for Global Navigation Satellite Systems (GNSS) Navigation Message Authentication (NMA) that are based on adapting the Timed Efficient Stream Loss-Tolerant Authentication (TESLA) protocol, the length of the one-time keys is limited (e.g. to 80 bits) by the low transmission rate. As a consequence, the hash function that is used to build the one-way key chain is constructed having a longer, secure hash function (e.g. SHA-256), preceded by a time-varying yet deterministic padding of the input and followed by a truncation of the output. We evaluate the impact of this construction on the collision resistance of the resulting hash function and of the whole chain, and show that with current proposed parameters, combined with the use of efficient hashing hardware, it can lead to a feasible attack with significant collision probability. The collision can be leveraged to mount a long lasting spoofing attack, where the victim receiver accepts all the one time keys and the navigation messages transmitted by the attacker as authentic. We conclude by suggesting possible modifications to make TESLA-based NMA more robust to such attacks.
The GNSS community is dedicating significant effort to protect applications from harmful interference, including spoofing. As part of this effort, Europe will authenticate the Galileo Open Service message and is currently evaluating authentication schemes for EGNOS. This article presents the main results of recent EU activities on EGNOS authentication. After presenting some examples that illustrate the importance of authenticating SBAS, this article describes the main drivers for SBAS authentication design, namely, the use of I and/or Q channels, the use of the L1 and/or L5 frequencies, the authentication latency, and the cryptographic parameters. Later, the article presents the performances of EC‐Schnorr and TESLA data authentication schemes and analyzes their impact in the SBAS L1 message sequence and in the L1/L5 Dual Frequency Multi‐Constellation Standard message sequence, currently under development.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.