KU Leuven: Galileo signals will become more difficult to falsify

February 13, 2017  - By

Researchers from the Department of Electrical Engineering at KU Leuven (University of Leuven, Belgium) have designed authentication features that will make it more difficult to send out false Galileo signals.

Professor Vincent Rijmen and doctoral student Tomer Ashur from the Department of Electrical Engineering (ESAT) at KU Leuven have advised the European Commission on ways to make Galileo signals more difficult to falsify. Their authentication method involves electronic signatures, similar to methods used for online banking.

Navigation systems are based on satellites that send out signals, including their location. The distance to four or more satellites makes it possible to determine someone’s geographical position and time. But this process may go wrong when hackers send out signals of their own that drown out the real ones. As the authentic signals are blocked, the position information for the navigation system is no longer correct.

To avoid delaying the launch of Galileo, the researchers could only use the remaining “bits” in the signals for authentication purposes.

“This is why we support the TESLA method for electronic signatures,” Rijmen says.

TESLA (Timed Efficient Stream Loss-Tolerant Authentication) signatures fit into 100 bits,” he adds. “They quickly expire, but this is not a disadvantage in the case of satellite navigation because the location is authenticated every 30 seconds or less anyway.”

The method still needs to be tested and validated before it can be made available to the general public.

“The authentication service is scheduled to become publicly available on a number of Galileo satellites in 2018,” Rijmen says. “By 2020, the method will be fully operational. To use it, however, you will need a special receiver for Galileo signals that can also verify the electronic signatures. These receivers are currently in development.”

The European Union activated its Galileo satellite navigation system in December 2016.

About the Author:

GPS World covers all aspects of the GPS and GNSS industry for our readers. To submit news, please send your release to gpsworld@gpsworld.com.

4 Comments on "KU Leuven: Galileo signals will become more difficult to falsify"

Trackback | Comments RSS Feed

  1. William K. says:

    A system to determine the direction of arrival would be adequate to detect all of the current forms of spoofing, because the position of the satellites is adequately known for that purpose. But it would be a fair bit more complex because of needing to determine the direction of arrival of signals from several satellites. But the technology to do that is quite mature already, which should help with the development.
    Of course, if the whole satellite spectrum was jammed, then an entirely different method would be required.

  2. Seamas says:

    It’s hard to believe that modifying the navigation message will make it any harder to spoof Galileo. The raw navigation data, including the spare bits, can be streamed in real-time from any one of hundreds of reference stations worldwide, via binex/rtcm messages. By doing this, the spoofed signal would carry the exact same data as the genuine signal. How does this make it harder to falsify the Galileo signal? Especially considering that a spoofing device would probably use these reference stations to get the ephemeris anyway…

    • Tom Roberts says:

      The linked citation is rather unhelpful. A more useful citation is Perrig [2017] which states
      “The security of TESLA relies on the following assumptions:
      *The receiver’s clock is time synchronized up to
      a maximum error of . (We suggest that because
      of clock drift, the receiver periodically resynchronizes
      its clock with the sender.)
      *The functions F; F0 are secure PRFs, and the
      function F furthermore provides weak collision
      resistance.4
      As long as these assumptions are satisfied, it is
      computationally intractable for an attacker to forge a
      TESLA packet that the receivers will authenticate successfully.”

      I’d treat this as a hypothesis until somebody proves it experimentally, and “intractable” is a strong term. But the key concept is having a time synchronized key.

      See
      https://scholar.google.com/citations?view_op=view_citation&hl=en&user=-PWcE1YAAAAJ&citation_for_view=-PWcE1YAAAAJ:zYLM7Y9cAGgC
      or search for — Perrig Tesla 2017 —

  3. Seamas says:

    Interesting points Tom, I agree, and I would go a little further to say that:
    “I’d treat this as a hypothesis until somebody FAILS TO DISPROVE it experimentally”.

    What is particular confusing about the statement is the line:
    “because the location is authenticated every 30 seconds or less anyway.”

    Even if the navigation data is protected, how could this even protect the user’s estimation of position? The PVT is related to WHEN the signal arrives, not just WHAT the signal contains. All users on earth see the same navigation data but still compute different positions. The location is not authenticated, just the data.

    One can easily falsify a signal, just by copying it, bit-for-bit, exactly as the original one. This is still a false signal, even if the navigation data has not been changed/forged. It doesn’t come from the satellite, and can lead a receiver to believe it is somewhere else.

    Listening to the genuine signal and copying off the bits can allow you to generate a false signal. It might be delayed by a few milliseconds, but a receiver might never notice the delay due to local clock drift.

    There is probably only one type of system that can synchronise a mobile clocks to that level of accuracy – and that’s GNSS. Certainly a receiver cannot use GNSS to correct its clock, just so that it can tell if the GNSS signal is late! This is a just circular argument.

    If a receiver goes for network connections to adjust its clock, then it could probably just source the navigation data from an A-GNSS server anyway. Telecoms-enabled units probably already do this.

    I wonder if the authors are confusing data-security and position-security? It is a positioning system after all…