Navigation Message Authentication for the Galileo Open Service Tomer - - PowerPoint PPT Presentation

▶

May 01, 2023 179 likes •582 views

Navigation Message Authentication for the Galileo Open Service Tomer Ashur , Dan Burkey, David Calle, Simon Cancela, Ignacio Fernandez, Oscar Pozzobon, Vincent Rijmen, Carlo Sarto, Gonzalo Seco-Granados, Javier Simon, and Paul Walker GNSS -

SLIDE 1

Navigation Message Authentication for the Galileo Open Service

Tomer Ashur, Dan Burkey, David Calle, Simon Cancela, Ignacio Fernandez, Oscar Pozzobon, Vincent Rijmen, Carlo Sarto, Gonzalo Seco-Granados, Javier Simon, and Paul Walker

SLIDE 2

GNSS - Global Navigation Satellite System

(a) GPS

SLIDE 3

GNSS - Global Navigation Satellite System

(a) GPS (b) Glonass

SLIDE 4

GNSS - Global Navigation Satellite System

(a) GPS (b) Glonass (c) Beidou

SLIDE 5

GNSS - Global Navigation Satellite System

(a) GPS (b) Glonass (c) Beidou (d) Galileo

SLIDE 6

Navigation Satellite Systems

(a) GPS (b) Glonass (c) Beidou (d) Galileo (a) NAVIC (b) Michibiki

SLIDE 7

Principles of Satellite Navigation

SLIDE 8

Applications of GNSS

SLIDE 9

Applications of GNSS

SLIDE 10

GNSS Spoofing

SLIDE 11

Authenticated GNSS

SLIDE 12

Authenticated GNSS

SLIDE 13

How?

SLIDE 14

Issues with Using Public-key Cryptography

◮ Bandwidth of GNSS systems is 50-200 bps (120 bps in Galileo)

SLIDE 15

Issues with Using Public-key Cryptography

◮ Bandwidth of GNSS systems is 50-200 bps (120 bps in Galileo) ◮ The part dedicated to authentication is 40 bits every other seconds (avg. 20 bps)

SLIDE 16

Symmetric-key Cryptography?

SLIDE 17

Using the Same key?

SLIDE 18

Using Different Keys?

SLIDE 19

Using Different Keys?

SLIDE 20

Key Hierarchy

SLIDE 21

Merkle-tree

SLIDE 22

Merkle-tree

SLIDE 23

Key Hierarchy

SLIDE 24

Key Hierarchy

SLIDE 25

Key Hierarchy

SLIDE 26

Key Hierarchy

SLIDE 27

Key Hierarchy

SLIDE 28

Timed Efficient Stream Loss-Tolerant Authentication (TESLA)

SLIDE 29

Details

◮ Changes from the original Protocol:

SLIDE 30

Details

◮ Changes from the original Protocol:

◮ One chain for all satellites

SLIDE 31

Details

◮ Changes from the original Protocol:

◮ One chain for all satellites ◮ Ki−1 = H(i, α, Ki, $)

SLIDE 32

Details

◮ Changes from the original Protocol:

◮ One chain for all satellites ◮ Ki−1 = H(i, α, Ki, $)

◮ Functions (configurable):

◮ Hash: SHA-256, SHA3-224, SHA3-256 ◮ MAC: HMAC-SHA-256, CMAC-AES ◮ Digital signature: ECDSA (P-224/256/384/521)

SLIDE 33

Details

◮ Security parameters’ sizes (configurable):

SLIDE 34

Details

◮ Security parameters’ sizes (configurable):

◮ Effective keys: 90–128 bits

SLIDE 35

Details

◮ Security parameters’ sizes (configurable):

◮ Effective keys: 90–128 bits ◮ MAC output: 10-32 bits

SLIDE 36

Details

◮ Security parameters’ sizes (configurable):

◮ Effective keys: 90–128 bits ◮ MAC output: 10-32 bits ◮ Yes, we had a security analysis for this

SLIDE 37

Summary

◮ Galileo GNSS will offer public navigation message authentication service

SLIDE 38

Summary

◮ Galileo GNSS will offer public navigation message authentication service ◮ You will be able to play Pokemon go without the fear of losing to a cheater

SLIDE 39