Establishing trust through authentication in satellite based augmentation systems
Abstract/Contents
- Abstract
- Global Navigation Satellite System (GNSS) technologies have become pervasive in today's world. The number of receivers in the civilian sector is in the billions and continues to grow at an explosive rate. As the adoption of GNSS technologies surges, knowledge of its vulnerabilities has become more common place and tools capable of disrupting and spoofing the service have become cheaper and more available. Open-source software is available on the internet that gives nefarious actors the ability to broadcast false (spoof) GNSS signals with little to no sophisticated knowledge of GNSS works. These tools make an attack on infrastructure and safety of life systems more accessible than ever. The GNSS community is developing methods to detect and mitigate spoofing threats and one such method is the use of cryptographic signatures to authenticate GNSS data. Spoofing threats to Satellite Based Augmentation Systems (SBAS) constitute a single point of failure for safety critical systems that rely upon correction and integrity services provided through the SBAS data stream. Data authentication, in addition to receiver-based detection methods, can serve as a strong solution to mitigate and detect intentional SBAS spoofing threats carried out through false signal generation. This thesis presents a cryptographic authentication process designed to secure SBAS data. These pages include everything from how messages are signed at the broadcast data-level to how keys are securely distributed to SBAS users. Most importantly, this authentication process protects users while maintaining the 6 second Time-To-Alert (TTA) requirement with negligible impact to availability and continuity. The data authentication techniques presented in this thesis are currently being considered for SBAS systems such as the Wide Area Augmentation System (WAAS) and the European Geostationary Navigation Overlay Service (EGNOS). The contributions of this thesis can be summed up as follows: This thesis is the first to design an SBAS authentication system that preserves integrity against spoofing threats and message loss. Many authentication solutions to date group messages together to form a single signature of a single batch of messages. Unfortunately, this means that if a single message is lost in that batch, all other messages in the same batch can no longer be authenticated by the user which could dramatically decrease the availability and continuity of the SBAS service. To address this, previous authors have adopted a methodology by which users would use messages even if those messages could not be authenticated. This provides an avenue by which an attacker could inject false messages into an aviation receiver, circumventing the cryptographic signatures altogether. This thesis presents an authentication scheme that protects receivers from harmful spoofed messages while maintaining high availability and continuity even in the case of message loss. This thesis is the first to develop a detailed key delivery and management process that is interoperable and forward compatible for all SBAS receivers. Prior to this thesis, there was little treatment of public key infrastructures and how they could be designed for GNSS authentication and no work had been formally done examining how SBAS would manage the delivery of authentication keys. SBAS is a broadcast service operating at a very low data rate and aviation receivers do not have access to third-party networks to retrieve such key management information. This thesis develops a method that delivers keys over the air to users and paves the way for how this key management architecture can be standardized for all SBAS internationally. Finally, this thesis is the first to complete a detailed analysis on quantum computing threats to authentication techniques for SBAS. The arrival of large-scale quantum computers in the future will threaten many of the authentication algorithms in use today. This thesis is the first to analyze these quantum computing threats against authentication algorithms in the context of SBAS and points to potential solutions as these threats evolve
Description
| Type of resource | text |
|---|---|
| Form | electronic resource; remote; computer; online resource |
| Extent | 1 online resource |
| Place | California |
| Place | [Stanford, California] |
| Publisher | [Stanford University] |
| Copyright date | 2020; ©2020 |
| Publication date | 2020; 2020 |
| Issuance | monographic |
| Language | English |
Creators/Contributors
| Author | Neish, Andrew Michael |
|---|---|
| Degree supervisor | Walter, Todd |
| Thesis advisor | Walter, Todd |
| Thesis advisor | Powell, J. David, 1938- |
| Degree committee member | Powell, J. David, 1938- |
| Associated with | Stanford University, Department of Aeronautics & Astronautics |
Subjects
| Genre | Theses |
|---|---|
| Genre | Text |
Bibliographic information
| Statement of responsibility | Andrew Neish |
|---|---|
| Note | Submitted to the Department of Aeronautics & Astronautics |
| Thesis | Thesis Ph.D. Stanford University 2020 |
| Location | electronic resource |
Access conditions
- Copyright
- © 2020 by Andrew Michael Neish
- License
- This work is licensed under a Creative Commons Attribution Non Commercial 3.0 Unported license (CC BY-NC).
Also listed in
Loading usage metrics...