I. INTRODUCTION The threat of spoofing GNSS (Global Navigation Satel- lite Systems) is more than a decade old, and cases of GNSS Analysis and spoofing have been observed with increasing frequency. Possible spoofing countermeasures implemented on the Recommendations for MAC receiver’s end include signal power verification [1], [2], consistency checks, and/or combination of GNSS with other and Key Lengths in Delayed navigation sources (e.g., inertial navigation systems [3]). An alternative to this approach is to add GNSS authentication Disclosure GNSS already at the source by adding cryptographic features to GNSS signals. Galileo, the European GNSS, is the first Authentication Protocols such system to include cryptographic authentication [4], and other systems have already shared studies or plans to IGNACIO FERNÁNDEZ-HERNÁNDEZ follow suit [5], [6]. European Commission, Bruxelles, Belgium However, adding cryptographic authentication to GNSS is not a trivial task as such systems are subject to technical TOMER ASHUR limitations. They are one-way broadcast systems, thus they imec-COSIC, KU Leuven, Leuven, Belgium cannot configure their signal to specific users, which makes TU Eindhoven, Eindhoven, The Netherlands it hard for the receiver to determine that the signal was VINCENT RIJMEN received from an authoritative source. Further compounding imec-COSIC, KU Leuven, Leuven, Belgium the problem is that their signals are received at a very weak power of around -155 to -160 dBW on Earth, which restricts the available data bandwidth, as receivers must accumulate enough energy to decode each bit. For example, the popular Data and signal authentication schemes are being proposed to address Global Navigation Satellite Systems’ (GNSS) vulnerability to GPS L1 C/A transmits every bit over a period of 20 ms, spoofing. Due to the low power of their signals, the bandwidth available resulting in a throughput of 50-bit/s; for Galileo E1 these for authentication in GNSS is scarce. Since delayed-disclosure proto- numbers are respectively 4 ms and 250-symbols/s, encoding cols, e.g., TESLA (timed-efficient stream loss-tolerant authentication), bits with a ½ coding rate. are efficient in terms of bandwidth and robust to signal impairments, The academic literature contains a plenitude of they have been proposed and implemented by GNSS. The length of message authentication codes (MACs) and cryptographic keys are two proposals for radionavigation authentication protocols crucial aspects of the protocol design as they have an impact on the [7]–[12]. The standard approach is to adopt and adapt utilized bandwidth, and therefore on the protocol performance. We cryptographic protocols from other domains, e.g., network analyze both aspects in detail for GNSS-TESLA and present recom- communications. However, this process may require mendations for efficient yet safe MAC and key lengths. We further specific tailoring before it can efficiently meet the special complement this analysis by proposing possible authentication success and failure policies and quantify the reduction of the attack surface constraints of GNSS. resulting from employing them. The analysis shows that in some cases This article focuses on delayed-disclosure protocols. it is safe to use MAC and key sizes that are smaller than those proposed These are protocols based on the dissemination of an au- in best-practice guidelines. While some of our considerations are thentication tag [sometimes also called “code”; or more general to delayed-disclosure lightweight protocols for data and signal specifically MAC (Message Authentication Code) when authentication, we particularize them for GNSS-TESLA protocols. the authentication tag is the output of a MAC function], stored by the receiver, and authenticated at a later time Manuscript received May 26, 2020; revised October 14, 2020; released following a disclosure of a certain cryptographic datum for publication December 21, 2020. Date of publication January 26, 2021; such as a yet-unknown symmetric-key. The motivation for date of current version June 9, 2021. this is twofold. First, such protocols can be optimized DOI. No. 10.1109/TAES.2021.3053129 for bandwidth, motivating numerous proposals such as Refereeing of this contribution was handled by J. Blanch. Galileo Open Service Navigation Message Authentication (OSNMA) [13]; GPS’s experimental signal authentication The work of Tomer Ashur was supported by an FWO post-doctoral scheme, CHIMERA [5], and SBAS authentication [14]– fellowship under Grant Number 12ZH420N. [16]. Second, while the delayed disclosure requirement is Authors’ addresses: Ignacio Fernández-Hernández is with European only one option for data authentication (the other option be- Commission, Bruxelles 1040, Belgium, E-mail: (Ignacio.fernandez- ing digital signatures), it may be a necessary component for [email protected]); Tomer Ashur is with TU Eindhvoen, Eindhoven 5612, The Netherlands, E-mail: ([email protected]); Vin- spreading code authentication [17]. This makes our analysis cent Rijmen is with KU Leuven, Leuven 3000, Belgium, E- applicable to code-level authentication schemes for GNSS mail: ([email protected]). (Corresponding author: Ignacio in which the authentication code watermarks the satellite Fernández-Hernández.) spreading code. Among delayed-disclosure protocols, we focus on lightweight protocols, and in particular the TESLA This work is licensed under a Creative Commons Attribution 4.0 License. (timed-efficient stream loss-tolerant authentication) proto- For more information, see https://creativecommons.org/licenses/by/4.0/ col, standardized in [18].
IEEE TRANSACTIONS ON AEROSPACE AND ELECTRONIC SYSTEMS VOL. 57, NO. 3 JUNE 2021 1827 After this introduction, we provide a short overview of B. Primitives and Generic Security TESLA adapted for GNSS data authentication, hereinafter MAC functions are a family of functions, parameterized referred to as GNSS-TESLA. We then propose a framework by a symmetric key, such that each function in the family for analyzing the probability of MAC forgery attacks. Two performs a unique mapping from an arbitrary-length input user profiles are considered: safety-critical and standard; to a fixed-length output, of S bits in our case. In the sequel, and we derive the probability of a successful forgery attack we refer to this output as the MAC, and to its generating against each of them respective to our proposals for suc- function as the MAC function. An attack against the MAC cessful and failed authentication policies, and respective to function (resp., the MAC) is any method to distinguish it different MAC sizes. We then particularize the discussion from a random mapping (resp., from a truly S-bit random to delayed-disclosure schemes using hash chains for key bitstring). MAC functions are a well-understood object and dissemination. This key dissemination mechanism is the some designs have been shown to withstand all forms of engine underlying the TESLA protocol. We describe the known cryptanalysis despite many years of scrutiny. In adversarial model and possible attack vectors and derive symmetric-key cryptography this is the highest form of attack complexities, which we use to estimate attack costs confidence as symmetric-key algorithms are normally not and recommend safe key sizes and cryptoperiods. We con- reducible to hard mathematical problems as in the case clude the article with a discussion on how to interpret our of public-key cryptography. Specifically, HMAC-SHA-256 recommendations. and CMAC-AES-256, proposed for Galileo OSNMA [22], have been determined to satisfy the confidence threshold II. PRELIMINARIES required by standardization bodies and were subsequently A. Overview of TESLA Delayed-Disclosure Authentica- included in their portfolios [23]–[25]. tion Protocols for GNSS The same discussion, mutatis mutandis, applies to hash functions, which can be viewed as a degenerate MAC The TESLA scheme is a delayed-disclosure authentica- function whose key was fixed to a publicly known value.1 tion protocol for continuous data broadcasting presented in A more detailed framework for the security objectives and [19]. Several references detail TESLA protocol implemen- basic attacks of one-way functions, including keyed- and tations applied to GNSS, such as [20] and [21]. The idea unkeyed-hash functions, can be found in [26]. behind this protocol is to use a one-way function (e.g., a We note that GNSS does not introduce any particular- hash function) to create a chain of authentication keys; this ities in that respect and proceed under the assumption that is called a keychain. The last key of this chain is then released choosing a secure primitive (MAC or hash function) is a and authenticated off-channel. The last bootstrapping step, closed problem: a function included in the portfolio of a i.e., how to authenticate the last key in the chain, is outside respectable standardization body would suffice, security- the scope of this article. In each step of the protocol, a wise, and efficiency can now be the primary driver for the unit of data is authenticated by means of a cryptographic actual choice within the portfolio. We can therefore proceed MAC function using a previously disclosed key in the chain. to analyze the two remaining factors: the MAC function’s The key is disclosed after a delay period and its validity is output size and the key length. verified by locally re-evaluating the one-way function with respect to this key and comparing its output to the last known valid key. Once the key is accepted as valid, previously C. Adversarial Model and Attack Objectives received data authenticated using this key, can be verified. In the context of GNSS data authentication, the goal The receiver stores the received data stream D and its of an adversary is to trick the user into accepting spoofed corresponding MAC M, and stores them awaiting the arrival data, i.e., data that was not originated from an authoritative of the delayed-disclosed key K. Upon the arrival of this key, source. This can be done by attacking the output directly the receiver computes M’ using D and K, and compares this or by means of a key recovery; each of these is said to with the broadcast M. More formally be an attack vector. The output and the key, both being of