Through the use of systems such as GPS, satellite navigation has become a critical element of society and economy. However, in spite of their high importance, Global Navigation Satellite Systems (GNSS) civil signals are very easy to forge. They are transmitted and received at a very low power (around −160 dBW, or 10−16 Watts), meaning that a device transmitting counterfeit signals at a low power can take control of a GNSS receiver. Currently, civil GNSS signals do not provide any means of determining the authenticity of these signals in order to prevent such attacks, although it is believed such a feature may be implemented in some GNSS in the future. However, some GNSS signal and data authentication measures have been proposed, as will be discussed below.
The term “authentication” in the satellite navigation domain refers in general to the authenticity of a position calculated from navigation satellite signals. In order to authenticate a position, the authenticity of the signals used in the position calculation need to be assured and, in addition to that, the receiver must ensure that the internal process to calculate this position has not been forged. As used herein, “authentication” primarily means signal authentication. The two main pieces of information that a receiver extracts from the GNSS signals are the satellite position and time information (contained in the navigation message), and the signal time-of-arrival (which is obtained in most receivers by code phase measurements). Therefore, authentication of radionavigation signals refers to the confirmation of the authenticity and integrity of the data transmitted from the satellite, and the authentication of the signal time of arrival (TOA) measured by the receiver.
As Direct Sequence Spread Spectrum (DSSS) Code Division Multiple Access (CDMA) signals, GNSS signals contain a bitstream of data modulated on a spreading code that spreads the signal power across a certain bandwidth, and which is also used for the calculation of time of arrival. Authentication measures are divided in those related to spreading-codes and those related to navigation data, also called navigation message authentication (NMA).
Elements of the present invention are based on aspects of the TESLA (Timed Efficient Stream Loss-Tolerant Authentication) protocol for radionavigation message authentication.
A. Perrig et al. “Timed Efficient Stream Loss-Tolerant Authentication (TESLA): Multicast Source Authentication Transform Introduction, (2005, Carnegie Mellon University, Network Working Group) introduces the concept of TESLA as a method to allow a receiver of multicast or broadcast information from a sender to check the integrity and authenticate information. TESLA uses symmetric cryptography, and time-delayed key disclosure to achieve asymmetry property and therefore minimizing key management tasks. The paper refers specifically to the use of TESLA in authentication of data packages in the context of network communications. It does not refer to its application into radiolocation or radionavigation, or to satellite communications. The authors do not propose the use of the TESLA protocol in radionavigation, and do not analyze its availability under fading and shadowing transmission channels.
Sherman C. Lo, et al., “Assessing the Security of a Navigation System: A Case Study using Enhanced Loran”, Stanford University, discusses an adapted version of TESLA for navigation channels in enhanced Loran, for example in which a given key is used for several MACs. Authentication is discussed in relation to key cryptography, as well as other techniques for enhancing the security of Loran. The TESLA data authentication technique is discussed in one section, and is the known technique discussed hereinabove. The authors set out an adaptation of TESLA for navigation channels, to make it more suitable for Loran. It is stated that one modification in order to be more tolerant of message loss in a data efficient manner is to use a given key for several MACs.
C Wullems et al.: “Signal Authentication and Integrity Schemes for Next Generation Global Navigation Satellite Systems”, Proceedings of the European Navigation Conference GNSS, 22 Jul. 2005 (2005-07-22), pages 1-11, XP055141309, Munich, discloses techniques for NMA-based authentication of GNSS signals based on TESLA. A transmitter generates a key chain by hashing function F. Authentication is performed, for the current timeslot, by determining whether there is a match between (i) a MAC (MAC′n+2) derived from MACs obtained from a first (data) type of message during a previous timeslot and a key (K′n+2) obtained by applying a secure key generation function F′ to a key (Kn+2) obtained from a second type of message during the current timeslot, and (ii) a MAC (MAC′n+2) obtained from the second type of message during the previous timeslot.
Known systems making use of TESLA for radionavigation signal authentication are based on the following steps:                the generation for each transmitter i, from an initial random seed Ki,n, of a chain of keys Ki,n to Ki,0 generated recursively through a one-way function, and the use of the said one-way chain in reverse order (Ki,0 to Ki,n), whereby, at a certain time slot j, a transmitter i of the radionavigation system authenticates its broadcast data with a message authentication code (MACi,j) that uses the said key Ki,j from the said one way chain;        the transmission by each transmitter i of the data to authenticate, together with the said MAC and, after a certain period of time, the said key Ki,j;        the reception by the receiver from each transmitter of the transmitter data, the MACi,j and the key Ki,j;        the verification by the receiver of the authenticity of the satellite data by the generation of MACi,j with the data itself and Ki,j, and the comparison with the MACi,j received from the satellite i;        the verification by the receiver, for each of the signals from each said transmitter i, of the authenticity of Ki,j by performing the one-way function recursively to generate a previous key of the chain, for example Ki,0, that is certified as authentic from a previously received certificate.        
Therefore, known uses of TESLA protocols for radionavigation follow an approach whereby each signal from each transmitter is authenticated independently, and a problem is that all the required data for the authentication process needs to be received from the transmitter whose data is to be authenticated.
A further problem with conventional systems is that they do not provide the possibility to optimally use data from one satellite to authenticate other satellites and minimize the total number of bits required for the authentication of several satellites. They also do not provide the possibility to use the data from satellites with potentially better reception conditions to authenticate other satellites.
These factors represent a major problem for some radionavigation systems, such as those based on satellite navigation, where the reception conditions can be generally degraded and can vary significantly for different satellites due to local obstructions in certain terrestrial environments, for example urban or suburban areas.
The disclosure enables authentication of radio-navigation signals with an optimum level of robustness and availability, including environments where the signal reception and data demodulation conditions prevent the successful demodulation of all the data from all the radio-navigation transmitters.