A comprehensive proposal for securing terrestrial radionavigation systems
The security of terrestrial radionavigation systems (TRNS) has not yet been addressed in the literature. This proposal builds on what is known about securing global navigation satellite systems (GNSS) to address this gap, re-evaluating proposals for GNSS security in light of the distinctive properties of TRNS. TRNS of the type envisioned in this paper are currently in their infancy, unburdened by considerations of backwards compatibility: security for TRNS is a clean slate. This thesis argues that waveform- or signal-level security measures are irrelevant for TRNS, preventing neither spoofing nor unauthorized use of the service. Thus, only security measures which modify navigation message bits merit consideration. This thesis proposes orthogonal mechanisms combining navigation message encryption (NME) and navigation message authentication (NMA), constructed from standard cryptography primitives and specialized to TRNS: message encryption allows providers to offer tiered access to navigation parameters on a bit-by-bit basis, and message authentication disperses the bits of a message authentication code across all data packets, posing an additional challenge to spoofers. This cryptographic proposal, however, is still vulnerable to certain types of replay threats. This thesis addresses this gap by augmenting TRNS with autonomous signal-situational-awareness (SSA) capability, allowing TRNS operators to detect spoofing and meaconing attacks. Two signal authentication techniques for SSA are developed to detect a weak spoofing signal in the presence of static and dynamic multipath. This thesis also proposes enhancements to these signal authentication techniques. These enhancements exploit the synergy from combining information across multiple epochs, or over multiple monitoring beacons, to further lower the spoofer detection threshold. Both techniques with their enhancements are shown to be effective in simulations of the varied operating environments that a generic TRNS will encounter. With both proposed cryptographic NME+NMA scheme and autonomous SSA in place, TRNS gains a defensive capability that GNSS cannot easily match: a comprehensive defense against most man-in-the-middle attacks on position, navigation and timing services.