GNSS Authentication

There was this old story in 2007 on a hackers running an FM transmitter that was injecting spoofed RDS-TMC messages fooling GPS navigation systems. Fast forward to 2018 and we have a similar device that injects spoofed satellite signals. Both attacks have roots in the lack of an authentication scheme in GPS.

Authentication is often thought of as a less important security feature than encryption. And actually it is otherwise. This is probably because in analog (protein /  human) systems authentication is always implicit. When a person we know calls us, we not only look at the incoming call number. We recognize the voice and other contextual information around that call. Such as was she supposed to call me, was the subject of the conversation known / expected etc. Simple machines do not do such implicit secondary authentication checks. They rely on explicit authentication checks. And if the checks are not present,  the recipient probably has to blindly trust the message. Which is the case with GPS navigation systems.

One interesting development here is the new EU Galileo system. It has authentication built it.

Authentication has always been difficult for low data rate and small message type transmissions, as it introduces quite a burden of overhead on top of the data it protects. Also in many cases authentication based on symmetric keys is not an option. If the receiver is not trusted, and it has access to a symmetric key, the system is compromised, as the receiver may start using the key to transmit spoofed data. Using asymmetric cryptography is even heavier.

But the Galileo system makes use of a very smart an effective concept called TESLA (Time Efficient Stream Loss-tolerant Authentication). TESLA cleverly uses a concept of one way chains, revealing the keys in revese to their generation order. It requires some loose time synchronization, but that is given in GPS systems anyway.

Galileo brings not only much improved accuracy. With authentication it is also an inherently safer system to use. It can be trusted. Trusting the source of information is paramount in the digital world.

Update: it turns out there are analogue techniques to defend against GPS spoofing. There is a good work by Paul Montgomery (Novariant, Inc), Todd Humphreys (University of Teas at Austin), Brent Ledvina (Virginia Tech) available here (PDF): A Multi-Antenna Defense Receiver-Autonomous GPS Spoofing Detection. Also u-Blox reports their modules are resistant to spoofing attacks. These workarounds may indeed make it harder for hackers to succeed, but the real protection lies in the proper authentication in the digital domain.