Over the last decade, the increasing dependence of civil applications on GNSS (more particularly: GPS) has raised concerns over GNSS security. The question has been extensively addressed in the so-called Volpe Report (Vulnerability Assessment of the Transport Infrastructure Relying on the GPS—Aug. 29, 2001—John A. Volpe National Transportation Systems Center) as regards the transportation sector. Gradually, the demand for OS (open service) signal authentication has arisen in the location community. The worldwide reliance on GPS for civil applications, some with security implications, has been considered a concern for the program over the past years. No civil authentication has yet been implemented, but some proposals have been made from the research communities. The European Commission and the European GNSS Agency are studying the incorporation of OS Authentication to the Galileo service roadmap.
The word “authentication” in the satellite navigation domain refers in general to the authenticity of a position calculated from navigation satellite signals. In order to authenticate a position, the authenticity of the signals used in the position calculation need to be assured and, in addition to that, the receiver must insure that the internal process to calculate this position has not been forged. In the context of the present document, authentication primarily means signal authentication. The two main pieces of information that a receiver extracts from the satellite radio-navigation signals are the satellite position and time information (contained in the navigation message), and the signal time-of-arrival (which is obtained in most receivers by code phase measurements). Therefore, authentication of radio-navigation signals refers to:                the confirmation of the authenticity and integrity of the data transmitted from the satellite.        the confirmation of the authenticity of the signal time of arrival measured by the receiver.        
Authentication can guarantee a certain level of security against the threats that an attacker can put in place to forge the radio-navigation signals leading to false positions. These threats are usually divided in jamming, spoofing and meaconing.
Jamming attacks cannot be easily diverted by modifying the signal properties (other than significantly increasing the transmission power), so they are not the focus of this document. Jamming attacks lead to a position denial, whereas spoofing or meaconing attacks lead to a wrong position, with potentially more dangerous consequences.
Several approaches for satellite radio-navigation signal authentication have been presented in the past.
The article “Signal Authentication—A Secure Civil GNSS for Today”, by Sherman Lo et al., published in the Sep./Oct. 2009 issue of Inside GNSS discloses a GNSS signal authentication method that relies on the fact the GPS L1 frequency carries both C/A code and (encrypted) P(Y)-code signals, transmitted in phase quadrature. The method further exploits the fact that the P(Y)-code sequence received at a first location (the location of a receiver, whose position is to be authenticated) is identical to the P(Y)-code sequence received at a second location (the location of a monitor receiver), if the difference of the satellite-to-receiver signal times is taken into account. The presence of a correlation peak in the P(Y)-code sequences recorded at the two locations establishes signal authenticity (if one assumes that both receivers are not simultaneously within the reception range of the same signal-spoofing attacker). Specific aspects of this method are furthermore disclosed in US 2009/0195443 and US 2009/0195354.
The abstract “PROSPA: Open Service Authentication”, by M. Turner, A. Chambers, E. Mak, Astrium UK; E. Aguado, B. Wales, M. Dumville, NSL, UK; P. Lindsay, UKSA, UK, available online under: http://www.ion.org/meetings/abstracts.cfm?paperID=244, refers the so-called PROSPA system. The final PROSPA system will include a “snippet generator” located at secure centres. The snippet generator will essentially be a PRS receiver. Snippets of the encrypted PRS signal are generated by a proprietary algorithm, which does not reveal the encrypted code. The snippets are checked in the service centre using a snippet validation receiver and if confirmed good they are distributed to the user receivers via a communications channel. The user receivers can then authenticate the open service signals by performing a time-aligned correlation with the PRS snippet. A strong correlation shows that the PRS signal is present and hence the signal is authentic and suitable for use.
U.S. Pat. No. 5,754,657 discloses a authentication or validation method wherein the receiver whose position is to be validated or invalidated forms an “augmented data signal” comprising raw signal data as well as the asserted position and time. The augmented data signal is transmitted to a central station, which essentially checks whether the raw data are consistent with the asserted position and time as well as with the signals broadcast by the satellites.
US patent application 2013/0060955 discloses a system and method for location authentication. A client (receiver) is configured to receive the navigation message of each of the navigation satellite signals. The client estimates navigation data bits contained in the navigation messages and computes a signature that depends on the times of arrival of the navigation messages (e.g. the signature may be an XOR sum of bits of the navigation messages). An authentication server uses the client's asserted location (or PVT) to estimate the client's signature. The validity or invalidity of the asserted location is determined on the basis of a comparison of the client's signature and the server-calculated estimate thereof.
US patent application 2010/0283671 relates to a receiver that receives a plurality of signals that are modulated with a common carrier, each signal of the signals originating at a different source and experiencing a transit delay and Doppler frequency shift before reaching the receiver, the transit delay and Doppler frequency shift being related to position and movement of each of the respective sources. The receiver includes means, such as a directional antenna, to ensure that the received signals are bona fide, or at least not subject to the same bogus signal or signals to which a second receiver may be subjected.
US patent application 2009/0316900 discloses a data encryption and decryption system that securely “geoencrypts” data using location-dependent navigation signals.
International patent application WO 2011/157554 Al relates to a method of providing an authenticable time-and-location indication using a radio-navigation signal receiver. The method comprises receiving radio-navigation signals broadcast from a plurality of radio-navigation signal sources, at least some of the radio- navigation signals containing one or more cryptographic tokens protected by encryption, the cryptographic tokens being updated from time to time. The receiver retrieves, by decryption, the cryptographic tokens from the radio-navigation signals containing them. The receiver then determines positioning data, representing its geographical position and time, based on the radio-navigation signals received. The receiver generates a digital authentication code using a cryptographic function taking as inputs at least the positioning data and the retrieved cryptographic tokens, and produces a data package including a first part containing the positioning data and a second part containing the digital authentication code.
The paper “Practical Cryptographic Civil GPS Signal Authentication” by Kyle Wesson, Mark Rothlisberger, and Todd Humphreys, NAVIGATION, Volume 59, Issue 3, pages 163-248, mentions an implementation of the technique called navigation message authentication (NMA), a technique according to which the low-rate navigation message is encrypted or digitally signed, allowing a receiver to verify that the GPS Control Segment generated the data.
The working paper “Authenticating GNSS—Proofs against Spoofs—Part 2” by Guenter W. Hein, Felix Kneiss I, Jose-Ang el Avila-Rodriguez, and Stefan Wallner, in InsideGNSS, Sep./Oct. 2007, proposes standard NMA methods for authentication of Galileo signals.