Secure navigation and timing without local storage of secret keys
MetadataShow full item record
Civil Global Navigation Satellite System (GNSS) signals are broadcast unencrypted worldwide according to an open-access standard. The virtues of open-access and global availability have made GNSS a huge success. Yet the transparency and predictability of these signals renders them easy to counterfeit, or spoof. During a spoofing attack, a malefactor broadcasts counterfeit GNSS signals that deceive a victim receiver into reporting the spoofer-controlled position or time. Given the extensive integration of civil GNSS into critical national infrastructure and safety-of-life applications, a successful spoofing attack could have serious and significant consequences. Unlike civil GNSS signals, military GNSS signals employ symmetric-key encryption, which serves as a defense against spoofing attacks and as a barrier to unauthorized access. Despite the effectiveness of the symmetric-key approach, it has significant drawbacks and is impractical for civil applications. First, symmetric-key encryption requires tamper-resistant receivers to protect the secret keys from unauthorized discovery and dissemination. Manufacturing a tamper-resistant receiver increases cost and limits manufacturing to trusted foundries. Second, key management is problematic and burdensome despite the recent introduction of over-the-air keying. Third, even symmetric-key encryption remains somewhat vulnerable to specialized spoofing attacks. I propose an entirely new approach to navigation and timing security that avoids the shortcomings of the symmetric-key approach while maintaining a high resistance to spoofing. My first contribution is a probabilistic framework that develops necessary components of signal authentication. Based on the framework, I develop an asymmetric-key cryptographic signal authentication technique and a non-cryptographic spoofing detection technique, both of which operate without a secret key stored locally in a secure receiver. These anti-spoofing techniques constitute the remaining two contributions of this dissertation. They stand as viable spoofing defenses for civil users and could augment---or even replace---current and planned military anti-spoofing measures. Finally, I offer an in-depth case study of the security vulnerabilities and possible cryptographic enhancements of a modern GNSS-based aviation surveillance technology in the context of the technical and regulatory aviation environment.