2022
DOI: 10.48550/arxiv.2204.11641
|View full text |Cite
Preprint
|
Sign up to set email alerts
|

Cryptography Is Not Enough: Relay Attacks on Authenticated GNSS Signals

Abstract: Civilian-GNSS is vulnerable to signal spoofing attacks, and countermeasures based on cryptographic authentication are being proposed to protect against these attacks. Both Galileo and GPS are currently testing broadcast authentication techniques based on the delayed key disclosure to validate the integrity of navigation messages. These authentication mechanisms have proven secure against record now and replay later attacks, as navigation messages become invalid after keys are released. This work analyzes the s… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
8
0

Year Published

2023
2023
2024
2024

Publication Types

Select...
2
2

Relationship

0
4

Authors

Journals

citations
Cited by 4 publications
(8 citation statements)
references
References 19 publications
0
8
0
Order By: Relevance
“…While we use the term ‘authenticated positioning’, it should be noted that OSNMA at the moment can only authenticate the navigation data, and the PVT is still computed using unauthenticated ranging data. This caveat is also explained in the OSNMA receiver guidelines [ 2 ], and there have already been works where the unauthenticated ranging data are exploited to spoof receivers despite authentic navigation data [ 8 ]. While the positions we compute in this section cannot be considered fully authenticated, they are resilient against spoofing based on altering the navigation message.…”
Section: Results and Analysismentioning
confidence: 99%
See 1 more Smart Citation
“…While we use the term ‘authenticated positioning’, it should be noted that OSNMA at the moment can only authenticate the navigation data, and the PVT is still computed using unauthenticated ranging data. This caveat is also explained in the OSNMA receiver guidelines [ 2 ], and there have already been works where the unauthenticated ranging data are exploited to spoof receivers despite authentic navigation data [ 8 ]. While the positions we compute in this section cannot be considered fully authenticated, they are resilient against spoofing based on altering the navigation message.…”
Section: Results and Analysismentioning
confidence: 99%
“…Despite OSNMA being a relatively new and modern technology still in its test phase, there is already relevant literature related to it encompassing both theoretical work [ 4 , 5 , 6 , 7 , 8 , 9 ] and practical performance assessments [ 10 , 11 , 12 , 13 , 14 , 15 , 16 , 17 , 18 , 19 , 20 , 21 ]. In addition to this, there are a few open-source implementations of the OSNMA protocol [ 22 , 23 , 24 , 25 ], and some companies already support it in some of their products, such as Septentrio [ 26 ].…”
Section: Introductionmentioning
confidence: 99%
“…Meaconing can also be effective against encrypted signals, as the signal content remains unaltered [8]. Advanced forms of meaconing allow spoofing of arbitrary positions by individually delaying each signal [4]. However, a lock on all counterfeit signals is not guaranteed and depends on factors such as the target's speed [28].…”
Section: Attack Model and Scenariosmentioning
confidence: 99%
“…Despite significant efforts by all GNSS operating stakeholders to upgrade security or deploy new, more secure generations of systems, civil GNSSs currently do not have sufficient security measures as practically demonstrated in the case of GPS [3]. However, cryptographically authenticated GNSS signals have also recently been shown to remain vulnerable to spoofing attacks [4].…”
Section: Introductionmentioning
confidence: 99%
“…Finally, some attacks can be carried out without violating any cryptographic properties of the system. The authors of [12] show that precisely timed message replays can cause Global Navigation Satellite Systems (GNSS) to misreport the location of the receiver to an attacker-specified location. Since these attacks are carried out by simply introducing delay to messages rather than altering message contents, conventional cryptography does not protect against them.…”
Section: Motivationmentioning
confidence: 99%