- Datum objave
- Otvaranje ponuda
The European Commission is exploring the possibility of improving the security of the SBAS service. The objective of the SBAS Simulation Platform for Authentication Reliable Concepts (SPARC) project is to identify a viable solution to authenticate the SBAS messages, when broadcast by the GEO satellites, possibly providing authentication also for the GNSS constellations augmented by SBAS. SPARC was launched by EC under the H2020 Framework Programme and it was technically managed by GSA (now EUSPA).
Contract Number: No 658/PP/GRO/RCH/17/10415
Project Segment: Horizon 2020, GNSS Evolution, Mission and Services related R&D activities: Galileo Commercial Service Evolutions
Duration: 30 months
Project Partners Qascom, GMV Aerospace and Defence, Stanford University, Adrian Perrig, Honeywell
Andrea Dalla Chiara, Qascom
andrea [dot] dallachiaraqascom [dot] it (andrea[dot]dallachiara[at]qascom[dot]it)
European Commission Project Manager:
Ignacio [dot] FERNANDEZ-HERNANDEZec [dot] europa [dot] eu (Ignacio[dot]FERNANDEZ-HERNANDEZ[at]ec[dot]europa[dot]eu)
GSA (EUSPA) Project Manager:
Mikael [dot] MABILLEAUgsa [dot] europa [dot] eu (Mikael[dot]MABILLEAU[at]gsa[dot]europa[dot]eu)
Satellite based augmentation systems (SBAS) have been conceived to support the satellite-based navigation systems accuracy and integrity limitations, with special focus to aviation users. In particular, the SBAS systems provide an integrity service and broadcasts user differential corrections to improve the precision in limited areas. SBAS systems are in fact regional systems such as WAAS over the United States, EGNOS over the Europe and others. An emerging trend of the last years is the increasing number of radio frequency interferences (RFI) and cyberattacks to navigation systems that can threaten the receiver operations.
The European Commission is exploring the possibility of improving the security of the SBAS service. This was the main objective of SPARC, identifying a viable solution for the authentication of the SBAS data, broadcast by the GEO satellites, possibly providing authentication also for the GNSS constellations.
The main purpose of the SPARC project was the identification of viable authentication solutions for the protection of the SBAS data service. This objective descends from the opportunity of upgrading the standard thanks to the introduction of the L5 Dual Frequency Multi Constellation (DFMC) service, and from the necessity to protect a data service otherwise weak against spoofing. In order to meet the main purpose, the SPARC project encompasses several sub-objectives:
- Definition of the background, preliminary hazards analysis, identification of a baseline of authentication requirements, design of viable authentication solutions for SBAS data.
- Design and development of a flexible end-to-endsimulator, capable of simulating the GNSS data (GPS and Galileo) SBAS data, SBAS authentication data, and the receiver’s processing. The simulator is then coupled with a performance analysis tool.
- Execution of extensive test campaigns to assess the performance of the different solutions, measured at system level and user level. This also includes the performance of the authentication protocols.
- Cooperation with external entities involved in the standardization process and active in the competent fora. Stanford University and Honeywell have been largely involved to take advantage of the point of view of the United States and that of the manufacturer, respectively. The dissemination of the main results was part of this activity.
- Analysis of possible key management protocols adequate for the SBAS authentication solutions.
The main achievements of the project are:
- Definition of a preliminary hazard analysis related to the SBAS users and the implementation of an authentication protocol to protect the SBAS data. The great merit of this activity was the fact that it focused the attention of the international community on the necessity of having a common understanding of the threat space, and the user constraints. The latter are of particular interest, especially because they could relax the requirements of the authentication protocols, constituting barriers against data alteration.
- Identification of a great number of authentication solutions viable to protect the SBAS data. Solutions have been designed for both the legacy L1 standardized service and the L5 DFMC service that is currently completing the standardization process.
- The authentication solutions have been designed to respect the constraints of the standardized service when broadcast in the same data stream; some of them have also been conceived for broadcast through an alternative channel, an independent component in quadrature. For some solutions, the necessity of minimizing the transmitted power has been analyzed, leading to schemes with reduced signal strength and limited bandwidth.
- Analysis of the necessity of time synchronization for the receiver, to support protocols based on the TESLA scheme. In this case, relevant contribution has been given by the manufacturers: at time of writing, the data interfaces available in the receivers are used for updating the maps and plans, however they mostly implement proprietary interfaces, therefore it is not possible to define a standardized way of giving a trusted time to the receiver without impacting significantly the devices currently in operations. For these reasons, most of the protocols based on TESLA have been discarded, and for the same reason a synchronization protocol has been designed, applicable for any solution requiring a level of time synchronization. In particular, the scheme designed in SPARC was conceived for receivers embedding a low-grade oscillator drifting about 86 ms per day, with a maximum tolerable offset due to free coasting up to ±5 seconds.
- Design and development of a flexible end-to-end simulator, capable of simulating the GNSS data (GPS and Galileo) the SBAS data, the SBAS authentication data, and the receiver’s processing. The simulator is capable of configuring and testing authentication solutions in L1, L5, using the standardized in-phase signals for data broadcasting, or a fully custom signal with flexible power level,
modulation and data rate. The simulator embeds a semi-analytic software receiver that does not process baseband signals, but a model of the autocorrelation function created using the signal measurements (pseudorange and doppler): this is sufficient to generate the correlation values that feed a standard tracking loop and all the following stages of the receiver. Those stage encompasses data decoding and navigation with SBAS data and its authentication, so that the system, user and authentication performance can be assessed.
- Execution of an extensive test campaign to assess the performance of the different solutions, measured at system level and user level. This also includes the performance of the authentication protocols. The SPARC simulator has been used to perform test in nominal and adversarial conditions, using (at least) the following experimental configurations:
- Fully simulated: end-to-end simulation. This is the test mode mostly used, capable to run daily simulation in less than one hour, thus returning statistical results
- Simulation of all the most promising solutions for the L5 DFMC service.
- Simulation of solutions selected for L5, converted to fit L1 service and signal.
- Test of a real-life receiver using the capability of the simulator to interface with a Spirent Constellation Simulator. In this case, the experimentation has been executed at JRC.
- Test of real-life error patterns recorded through a real flight test.
- Derivation of important elements helping the design of an authentication solution. The analyses and the test campaigns demonstrated that certain peculiarities of the SBAS services can be exploited as barrier against data corruption or forging.
- Cooperation with external entities involved in the standardization process and active in the competent fora. Stanford University and Honeywell have been largely involved to take advantage of the point of view of the United States and that of the manufacturer, respectively.
- Analysis of possible key management protocols adequate for the SBAS authentication solutions. In particular, two schemes have been analysed, one based on the full broadcast of public keys and their signature, and one based on the broadcast of small size encryption keys to be used for recovering key stored in the receiver memory in encrypted form.
- Successful dissemination. All the main outcomes of the project have been presented at ICAO and EU-US GNSS Working Group C, helping the community to advance in the definition of the path to the adoption of an authentication protocol for the SBAS standard.
- Some of the stated topics have also been published at international conferences, such as the ION GNSS+ 2020 and ION ITM 2021, resulting in a total of 4 publications, one of them peer reviewed.
It is expected that the results of SPARC will help in the completion of the SBAS Dual Frequency Multiconstellation Standards.
Disclaimer: The project results represent the views of the consortium. They do not necessarily represent the views of the European Commission and they do not commit the Commission to implementing the results.