Authentication Security of PRF GNSS Ranging

TL;DR

This work develops a rigorous, statistically grounded framework for the authentication security of PRF-based GNSS ranging, addressing Non-SCER and SCER spoofing models and deriving PMD and PFA bounds through CLT arguments and exact expressions. It formulates the PRF ranging processing, including a TESLA-style commit-and-reveal scheme, and applies the theory to Galileo's SAS with encrypted E6-C signals to determine practical aggregation windows that achieve 32- and 128-bit security. The analysis further extends to Hard-decision SCER and soft-information PSCER adversaries, predicting required receiving-radios and demonstrating that, for Galileo E6-C, ~100 ms can yield 32-bit security while ~400 ms can yield 128-bit security under non-SCER conditions; it also shows that HDSCER could break security with plausible ground-based antennas, underscoring the need for detection and policy enforcement. Overall, the results offer design guidelines for PRF GNSS ranging protocols to meet cryptographic security targets and quantify the trade-offs between false alarms, missed detections, and adversarial capabilities in practical GNSS deployments.

Abstract

This work derives the authentication security of pseudorandom function (PRF) GNSS ranging under multiple GNSS spoofing models, including the Security Code Estimation and Replay (SCER) spoofer. When GNSS ranging codes derive from a PRF utilizing a secret known only to the broadcaster, the spoofer cannot predict the ranging code before broadcast. Therefore, PRF ranging can be used to establish trust in the GNSS pseudoranges and the resulting receiver position, navigation, and timing (PNT) solution. I apply the methods herein to Galileo's Signal Authentication Service (SAS) utilizing the encrypted Galileo E6-C signal to compute that, at most, 400 ms of Galileo E6-C data to assert 128-bit authentication security under non-SCER models. For the SCER adversary, I predict the adversary's needed receiving radio equipment to break authentication security. One can use this work to design a PRF GNSS ranging protocol to meet useful authentication security requirements by computing the probability of missed detection.

Figures (8)

• Figure 1: An example radio block diagram that describes how PRF ranging would occur. The gray box diagrams a typical tracking loop where early, prompt, and late (EPL) correlations are used to form a tracking loop to determine the carrier phase, doppler, and code phase. An unknown PRF sequence is known to be present, so the baseband samples are stored into memory awaiting the PRF replica seed. After distribution of the PRF seed, the receiver will do an additional correlation with the PRF replica to determine authenticity. This figure depicts the case where a PRF signal is used to authenticate another signal: like if the encrypted Galileo E6-C is used to authenticate the open Galileo E1-B. A similar authentication system could use the PRF ranges directly for Position, Navigation, and Timing (PNT).
• Figure 2: The PMD computed via \ref{['eq:PMD-nscer']}.
• Figure 3: Minimum Noise Assumptions over Aggregation Time with varying security requirements utilizing the CLT approximations. Results below $W=30$ are not provided because this figure utilizes the CLT formulations.
• Figure 4: Comparison of HDSCER PMD with multiple $W$ against the adversarial precorrelation chip SNR.
• Figure 5: The effect of increasing decision boundary on $Y_\text{PRF}$ on the needed breaking Adversarial SNR and PFA.