Novel Replay Attacks Against Galileo Open Service Navigation Message Authentication

Proceedings of the Satellite Division's International Technical Meeting Pub Date : 2023-10-05 DOI:10.33012/2023.19397

Haiyang Wang, Yuanyu Zhang, Yulong Shen, Jinxiao Zhu, Yin Chen, Xiaohong Jiang

{"title":"Novel Replay Attacks Against Galileo Open Service Navigation Message Authentication","authors":"Haiyang Wang, Yuanyu Zhang, Yulong Shen, Jinxiao Zhu, Yin Chen, Xiaohong Jiang","doi":"10.33012/2023.19397","DOIUrl":null,"url":null,"abstract":"Open Service Navigation Message Authentication (OSNMA) serves as a critical security mechanism for the Galileo global navigation satellite system. At the core of OSNMA is a Timed Efficient Stream Loss-tolerant Authentication (TESLA) scheme, which generates a tag for each navigation message using a secret key and later discloses the key to receivers for authenticating the message-tag pair. Despite its great effectiveness against spoofing attacks, OSNMA’s ability to resist replay attacks is questionable since the replayed signals containing authentic messages and tags may bypass the authentication under certain circumstances. This paper, for the first time, reveals two serious vulnerabilities of OSNMA: time synchronization (TS) and non-continuous message authentication (NCMA). TS is a mandatory requirement that specifies that the difference between a receiver’s local reference time and the Galileo System Time (GST) extracted from Galileo signals does not exceed a given threshold. Exploiting this vulnerability, we propose a pre-startup replay (PreRep) attack, where Galileo signals are continuously recorded and replayed to a victim receiver before it starts up such that the TS requirement is satisfied and the receiver is locked to the replayed signals. NCMA means that OSNMA temporarily suspends the authentication process probably due to the reception of a broken message, tag or key, and restores the authentication after receiving a later-disclosed valid message-tag-key pair. Based on this vulnerability, we propose a post-startup replay (PosRep) attack, which conducts the replay attack after the victim receiver starts up such that the replayed signals break the currently receiving message-tag-key pair, deliberately suspending the authentication process, while subsequently-replayed signals can pass the authentication successfully as the message-tag-key pairs inside are valid. Finally, we conducted extensive experiments based on real-world OSNMA-integrated receivers and two software-defined radio (SDR) devices to demonstrate the feasibility of the proposed attacks.","PeriodicalId":498211,"journal":{"name":"Proceedings of the Satellite Division's International Technical Meeting","volume":"48 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Satellite Division's International Technical Meeting","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.33012/2023.19397","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Open Service Navigation Message Authentication (OSNMA) serves as a critical security mechanism for the Galileo global navigation satellite system. At the core of OSNMA is a Timed Efficient Stream Loss-tolerant Authentication (TESLA) scheme, which generates a tag for each navigation message using a secret key and later discloses the key to receivers for authenticating the message-tag pair. Despite its great effectiveness against spoofing attacks, OSNMA’s ability to resist replay attacks is questionable since the replayed signals containing authentic messages and tags may bypass the authentication under certain circumstances. This paper, for the first time, reveals two serious vulnerabilities of OSNMA: time synchronization (TS) and non-continuous message authentication (NCMA). TS is a mandatory requirement that specifies that the difference between a receiver’s local reference time and the Galileo System Time (GST) extracted from Galileo signals does not exceed a given threshold. Exploiting this vulnerability, we propose a pre-startup replay (PreRep) attack, where Galileo signals are continuously recorded and replayed to a victim receiver before it starts up such that the TS requirement is satisfied and the receiver is locked to the replayed signals. NCMA means that OSNMA temporarily suspends the authentication process probably due to the reception of a broken message, tag or key, and restores the authentication after receiving a later-disclosed valid message-tag-key pair. Based on this vulnerability, we propose a post-startup replay (PosRep) attack, which conducts the replay attack after the victim receiver starts up such that the replayed signals break the currently receiving message-tag-key pair, deliberately suspending the authentication process, while subsequently-replayed signals can pass the authentication successfully as the message-tag-key pairs inside are valid. Finally, we conducted extensive experiments based on real-world OSNMA-integrated receivers and two software-defined radio (SDR) devices to demonstrate the feasibility of the proposed attacks.

查看原文本刊更多论文

针对伽利略开放服务导航报文认证的新型重放攻击

开放服务导航报文认证(OSNMA)是伽利略全球卫星导航系统的关键安全机制。OSNMA的核心是一个定时高效流容错认证(TESLA)方案，它使用一个密钥为每个导航消息生成一个标签，然后将密钥公开给接收方，用于对消息-标签对进行身份验证。尽管OSNMA对欺骗攻击非常有效，但它抵抗重放攻击的能力值得怀疑，因为在某些情况下，包含真实消息和标签的重放信号可能会绕过身份验证。本文首次揭示了OSNMA的两个严重漏洞:时间同步(TS)和非连续消息认证(NCMA)。TS是一项强制性要求，它指定接收器的本地参考时间与从伽利略信号中提取的伽利略系统时间(GST)之间的差异不超过给定的阈值。利用这个漏洞，我们提出了一种启动前重放(preep)攻击，其中伽利略信号在启动之前被连续记录并重放给受害者接收器，从而满足TS要求，接收器被锁定到重放的信号。NCMA意味着OSNMA可能由于接收到损坏的消息、标签或密钥而暂时暂停身份验证过程，并在接收到稍后公开的有效消息-标签-密钥对后恢复身份验证。基于此漏洞，我们提出一种启动后重放(post-startup replay, PosRep)攻击，即在受害接收方启动后进行重放攻击，重放信号破坏当前接收的消息标签密钥对，故意暂停认证过程，而随后重放的信号由于内部的消息标签密钥对是有效的，可以成功通过认证。最后，我们在真实世界的集成了osnma的接收器和两个软件定义无线电(SDR)设备上进行了广泛的实验，以证明所提出攻击的可行性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the Satellite Division's International Technical Meeting

自引率

0.00%

发文量