Page 58 - EETimes Europe June 2021
P. 58
58 EE|Times EUROPE
Momentum Builds to Fend Off GNSS Jamming, Spoofing
message authentication (OSNMA).
Spirent’s Buesnel stressed the need for audit-
ing and risk assessments as essential components
of PNT security, resilience, and robustness.
“Testing to gain a quantitative understanding
of how existing systems react to real-world
threats, and to evaluate proposed mitigation
schemes, is an essential part of this,” he said.
“Often, unexpected behavior or consequences are
the result of a lack of thorough testing and risk
assessment being carried out before a system has
been deployed.”
SIGNAL ENCRYPTION
The OSNMA anti-spoofing service developed
for Europe’s GNSS system enables secure
transmissions from Galileo satellites to encryp-
tion-enabled GNSS receivers. OSNMA is in final
testing and will soon be available free to users.
The OSNMA architecture secures Galileo
signals by enabling authentication of navigation
data, which carries satellite location data. It uses A cryptographic algorithm in the OSNMA-enabled GNSS receiver
a hybrid symmetric/asymmetric cryptography authenticates Galileo OSNMA signals. (Source: Septentrio)
technique. A secret key on the satellite is used to
generate a digital signature. Both the signature
and key are appended to navigation data and transmitted to began developing this profile, but there wasn’t a formal reference for
the receiver. risk mitigation that everyone could use,” said NIST’s Jim McCarthy, a
OSNMA is designed to be backward-compatible so that position- co-author of the guidance.
ing without OSNMA will still work. The European GNSS Agency said The U.S. Department of Homeland Security (DHS) Science and
OSNMA test signals are being broadcast by the Galileo constella- Technology Directorate also weighed in earlier this year with resources
tion using the spare bits from current navigation messages, leaving designed to protect critical infrastructure against GPS spoofing. These
legacy open-service receivers unaffected. Initial testing last Novem- free tools include a PNT integrity library and Epsilon algorithm suite,
ber involved eight Galileo satellites. Septentrio said its receiver has both intended to increase PNT resilience.
authenticated navigation data from the first OSNMA-encrypted GNSS The increasing reliance on GPS for military, civil, and commercial
satellite signal. applications adds to PNT system vulnerability, according to Space
Even with secure authentication via OSNMA, this approach still Policy Directive-7, issued in January under the outgoing administra-
carries potential vulnerabilities. “With OSNMA, there is a vulnerabil- tion. “GPS users must plan for potential signal loss and take reasonable
ity in the way the key is provided,” said Bryant of u-blox. “If you are a steps to verify or authenticate the integrity of the received GPS data
clever spoofer, you could delay your signals to capture the key.” Bryant and ranging signal, especially in applications where even small degra-
nonetheless believes OSNMA will likely become mandatory in Europe dations can result in loss of life,” the directive warns.
for some applications. The PNT integrity library and Epsilon algorithm suite both address
He also thinks an authentication system devised for GPS could this issue by providing users a method to verify the integrity of received
potentially overcome this vulnerability. The proposed Chimera sys- GPS data. The new tools will help “improve resiliency against potential
tem for securing GPS signals inserts encrypted digital signatures GPS signal loss,” said Brannan Villee, PNT program manager at DHS.
and watermarks that are encoded into the satellite signal. The signal “Since GPS signals can be jammed or spoofed, critical infrastructure
authentication enhancement jointly authenticates both the navigation systems should not be designed with the assumption that GPS data will
data and the spreading code of the civilian GPS signal. always be available or will always be accurate,” added Jim Platt, chief of
Chimera employs time binding, in which the spreading code is strategic defense initiatives at the U.S. Cybersecurity and Information
punctuated by markers that are cryptographically generated using a key Security Agency’s National Risk Management Center.
derived from the digitally signed navigation message. The navigation “Application of these tools will provide increased security against
message and the spreading code cannot be independently generated. GPS disruptions,” said Platt. “However, DHS also recommends a holistic
Bit commitment ensures that a spoofer cannot generate the correct defense strategy that considers the integrity of the PNT data from its
markers until after they have been broadcast. reception through its use in the supported system.”
Two variations are specified: a “slow” channel for standalone users GNSS signals are increasingly vulnerable, and resilience efforts
and a “fast” channel for more rapid authentication when out-of-band continue to address interference and spoofing threats. The OSNMA
information is available. In the latter case, the binding is accomplished architecture is well-advanced in terms of testing and is close to becom-
by delaying disclosure of the cryptographic keys. ing more widely adopted in Europe. The Chimera specification for GPS
remains in the early testing stages.
NIST, DHS ON THE CASE Ultimately, experts agree, GNSS signal security must be viewed holis-
Earlier this year, the U.S. National Institute of Standards and Technol- tically, taking many factors into account, including signal diversity,
ogy (NIST) released its final cybersecurity guidance for PNT services. fingerprinting, and encryption. Only then can the output from PNT
The guidance recognizes the cybersecurity risks confronted by PNT and systems be trusted. ■
GPS services along with national and economic security implications.
“Many efforts to secure PNT services were under way before we Nitin Dahad is editor-in-chief of Embedded.
JUNE 2021 | www.eetimes.eu
