- Publication date
- Deadline date
The Navigation Authentication through Commercial Service-Enhanced Terminals (NACSET) project evaluated and tested different techniques to improve the resilience and security of a global navigation satellite system (GNSS) system, and in particular its user segment. The project’s objective was twofold: to study and assess system evolutions for cryptographic key management, and to develop a resilient receiver combining receiver aids and sensors with the Galileo Commercial Service (CS) Authentication features to increase robustness against spoofing attacks.
Contract Number: Call for tenders No 438/PP/GRO/RCH/15/8382
Project Segment: Horizon 2020, GNSS Evolution, Mission and Services related R&D activities: Galileo Commercial Service Evolutions
Duration: 36 months
Budget: €999 500
Project Partners: GMV (Spain), Qascom (Italy), Ifen (Germany), CGI (United Kingdom)
David Calle, GMV
European Commission Project Manager:
GSA Project Manager:
The Galileo programme is working to launch enhanced services in the future. To provide authentication, the programme will incorporate:
- a Navigation Message Authentication (NMA) Service, which consists of the digital signature of the navigation data of the Open Service (OS) to ensure data authenticity.
- a Signal Authentication Service to protect Galileo signals from advanced spoofing. This will be for professional applications, come with a fee, and be based on the Commercial Service signal.
The new features will improve GNSS applications and reduce the likelihood of malicious attacks such as jamming and spoofing.
The successful implementation of these Galileo services still requires the completion of user-side algorithms. The European Commission launched the NACSET project in early 2017 to investigate and implement different assisted and standalone techniques to detect and mitigate potential problems to improve resilience at user level.
The NACSET project pursued the following objectives:
- develop an end-to-end key management simulator and conduct experiments to understand the challenges and complexity inherent to secure key management and distribution (KMS), including the NavSec and Open Service Navigation Message Authentication (OSNMA) keys
- develop a resilient navigation platform (CS-RPP) with improved anti-attack techniques based on different assisted solutions, i.e. assisted navigation message and signal authentication, time synchronisation, and external sensors. The CS-RPP includes a user terminal (UT) consisting of a resilient GNSS client able to perform attack detection and calculate resilient PVT (Position Velocity Time) solutions making use of different data and signal sources
- support the provision of a prototype Synchronisation and Authentication Service (SAS) to external users based on the NACSET platform
- carry out research on aspects related to the Galileo CS which have not been covered by previous activities, to obtain valuable evidence and conclusions to contribute to future evolutions of the service
The main outcomes of the NACSET project were:
- Key Management: The Key Management Simulator (KMS) implements secure key distribution algorithms for the CS and OSNMA. The platform can work in autonomous mode, simulating the parts of Galileo infrastructure involved in the key management process, from the Ground Mission Segment (GMS) and GNSS Service Centre (GSC) elements to the user segment. In addition, the KMS can be integrated with the Galileo elements, as it has implemented all the necessary interfaces (with CSP-GSC, GSC-GMS, CSP- CS users and GSC-OS users) that are aligned with the official ones. The main outcomes of the KMS are:
- a binary group key distribution model was selected to simulate the CS key distribution
- for the OSNMA, ICD version 1.0 was implemented regarding both the Timed Efficient Stream Loss-tolerant Authentication (TESLA) key and public key management
- secure protocols were used for the implementation of the interfaces between the key management platform and the users. This includes SSH handshakes, Certificate Authorities, etc.
- Anti-Spoofing/Authentication techniques: The CS-RPP is broken-down into two collaborative elements: A Synchronization and Authentication Server (SAS) and a User Terminal (UT). SAS and UT exchange information to implement several signal and data authentication solutions. In addition, the UT implements additional standalone anti-spoofing techniques. The UT element is the component part of the system aiming to provide the signal processing capabilities and to exercise the defined standalone and assisted PVT protection techniques. The Signal in Space (SIS) interface is provided by a multi-GNSS and multi-antenna receiver, whereas PVT resilience will be achieved by using the authentication properties of the Galileo SIS signals (spreading code encryption, future NMA, unpredictable bits, etc.) together with innovative features such as angle-of-arrival detection thanks to multiple antennas, body-frame motion using an accurate inertial measurement unit (IMU), chip scale atomic clock (CSAC), automatic gain control (AGC), and monitoring and secure real-time communication with the SAS, which provides assisted authentication services.
The NACSET project was focused on the definition, implementation, validation and experimentation of a set of techniques aimed at improving the resilience and security of the GNSS receiver at user level. During the development of the system and its integration and testing stages, valuable conclusions were drawn, which should be considered for future activities. The main conclusions of the NACSET project were:
- The KMS experiment assessment found that the proposed key management engineering solution implemented at the KMS is an effective option which fulfils the security target required for the Galileo Commercial Service. The assessment also showed that the asymmetric OSNMA key model also meets expected security targets. However, the TESLA chain delivery approach may need to meet some additional security considerations if/when it is used in a real service environment. The experiment assessments also demonstrated that the proposed CS key management engineering solution is scalable and adaptable enough to meet market expectations for service needs with respect to user capacity within the service and flexibility for varying consumption demands.
- For CS-RPP experimentation results, all techniques were tested against real spoofing attacks with successful results. Nevertheless, work on the platform and analysis of the system test results reveals several considerations:
- For the assisted signal authentication techniques, the most promising one for future service implementation is the re-encrypted Chip Spreading Sequence (CSS). This is because the Remote Processing Authentication (RPA) technique needs bi-directional communication between users and the service provider, which it is not very practical for implementation.
- The standalone anti-spoofing techniques implemented at the performed significantly well in the experimentation campaign:
- The dual antenna technique is a powerful method to detect the standard spoofer (one signal source), which is considered to be the most probable threat to the typical GNSS user.
- CSAC monitoring is considered to be a useful technique to detect the start of a spoofing attack, but it should be used with other spoofing techniques as it is very dependent on PVT noise (even though the CSAC clock is very stable), which means performance can be dependent on the environment.
- Another technique implemented is based on the monitoring of the AGC and C/N0 (Carrier-to-Noise power ratio) values of the receiver. This is one of the most reactive modules, having the capability to rapidly sense the in-channel power.
- A tightly coupled approach to hybridise the IMU data with the GNSS, the technique implemented in the NACSET UT can perfectly detect trajectory spoofing.
- One of the main activities of the project was to research, develop and test an anti-replay solution which takes advantage of the unpredictable symbols contained in the Galileo OSNMA data transmitted on the E1B signal. The demonstration on anti-replay capabilities of OSNMA simulating different kind of environments was achieved.
Disclaimer: The project results represent the views of the consortium. They do not necessarily represent the views of the European Commission and they do not commit the Commission to implementing the results.