Optimal Compromise among Security, Availability and Resources in the Design of Sequences for GNSS Spreading Code Authentication

Abstract

Spreading code authentication has been proposed as a promising countermeasure against signal layer spoofing attacks to GNSS. It consists in replacing part of the spreading code with a secret, cryptographically generated sequence, that is also provided to legitimate receivers, allowing them to verify the signal authenticity and integrity. Different techniques and formats have been proposed, yet their formulation is typically given as a particular solution, lacking proper generality.This paper aims at providing a unified general model for the design, description, evaluation and comparison of such techniques, introducing simple performance and security metrics, abstracting from the particular cryptographic mechanisms required to generate the sequences. We derive a way to optimize the trade-offs between security level and signal availability to receivers that do not know the modified code, and between security level and required cryptographic resources.We also propose a simpler mechanism that closely approaches the optimal trade-off, and show that it significantly outperforms existing and proposed techniques, especially in the typically considered performance range. Finally, we evaluate the robustness of the proposed schemes to a partial observation of the transmitted modified code by the attacker.