GNSS Authentication Enabled

It is an essential premise for the use of radio navigation systems that they can be trusted. Satellite based radio navigation systems have today replaced nearly all other systems for maritime navigation in addition to also serving the aerospace sector and replacing other systems and covering new requirements on land. This is a natural development as they are more accurate than the conventional systems and they have global coverage making them ubiquitous. This is very convenient for navigation, but at the same time it also makes the society more dependent on this technology. Satellite navigation has become the same within navigation as the internet has become within communication, i.e. universal and easily available. The global number of GNSS receivers is expected to pass 7 billions in 2019 corresponding approximatly to one recevier per individual in the world. GNSS poses a steadily increasing integral and critical technology to the society and it is just to be expected that this infrastructure may be attacked under the same motivation as internet has been. The answer to this threat is amongst others to offer GNSS authentication. GNSS authentication aims to provide the system user with proof that the signals he or she is using really come from the satellites they pretend to, i.e. GNSS satellites. The intention is to immediately discover spoofed signals that may have a purpose to misplace a user to a wrong and possibly desired position, and it will contribute to maintain the confidence in GNSS as a universal navigation system. The fraudulent broadcasting of fake signals will be illegal in most cases and the availability of an authentication mechanism will increase the probability of being caught at the same time as it protects the GNSS users. The satellite navigation systems are also utilized to determine accurate velocity and time and this will also contribute further motives to spoof the signals with the result that all users in an area will be affected. It is thus expected that there will be a large need in the future for technology that can protect the GNSS. The project has implemented the acquisition of the navigation messages that the GNSS satellites broadcast and storing them on a server. The navigation messages are collected from a network of receivers where all GNSS satellites are observable from many stations continuously. This gives a good basis for validation that the messages are authentic, and simple, but effective, tests have been implemented to verify their origin. When the server has determined that the navigation messages are indeed authentic it produces digital signatures of them that the user in the next step can use to validate the messages downloaded by the receiver. If a message contains anything but the contents approved by the server it will not match the signature, and should it be a new message it needs to be put on hold until a matching signature becomes availble, or otherwise it has to be rejected as a false message. The digital signature may in principle be broadcast over any suitable communication channel, but it could be beneficial to use the same as used for differential corrections should a such one be established. This may require that the bandwidth used for the signatures is not too large though. In that respect an efficient protocol for transfer of the required information has been developed so that the bandwidth is kept to a level where prohibitive communication costs are avoided. It has been prepared for authentication in the user systems by providing a software library to execute the authentication process, and this may be integrated in the receiver. The library has been integrated into the receiver model relevant for the DP-market that this project targeted, but it will be made available for other models according to future needs. The receiver addressed here has also implemented checks on the observations used for calculating the position solution and further checks on the solution characteristics in order to detect other spoofing than navigation message spoofing.

Gnss AUThentication Enabled - GAUTE Vessels using Global Navigation Satellite System (GNSS) to control operation of valuable assets in the offshore and marine market that are concerned about security constitute the user group targeted by the GNSS authentication service. In the longer term GNSS authentication is expected to develop into a mass market as the need for fraud protection develop as a result of GNSS determined Position, Velocity and Time (PVT) information becoming integral in commercial transations. GNSS is a utility of widespread use in the modern society, and it is a preferred method to establish PVT. GNSS is classified as an ICT, and as a source of open PVT information it is subject to many threats similar to those on internet. Methods to authenticate users and messages are common features on internet to protect systems from malicious intrusion, but similar tools are still not available to civil GNSS users. GNSS signal interference is a growing problem while hostile and sophisticated spoofing attacks have not yet been documented. Researchers have demonstrated it using relatively simple and inexpensive equipment though. GAUTE is a project to develop a service aiming to provide authentication of GNSS signals and the corresponding PVT solution so that a user can be confident about its origin. It will be implemented by verifying correct satellite signal properties and by digitally signing the navigation messages and the PVT solution records. It is an objective that implementation of these means of authentication will detect spoofing attempts with low cost devices that will likely become available on the internet in the future. The R&D challenge is to combine the authenticaton technology with GNSS in a system that has sufficient spoofing detection capabilities. Different from most messaging on internet, GNSS is a synchroneous system with certain timing constraints and it is a one-way signal and data transmission from the infrastructure to the user.