Internal Market, Industry, Entrepreneurship and SMEs

EAST: EGNOS Authentication Security Testbed

EAST: EGNOS Authentication Security Testbed

The EAST project defines and characterises authentication strategies for EGNOS (European Geostationary Navigation Overlay Service). The project created a set of viable solutions for authenticating EGNOS messages and signals, as well as a simulator to assess the performance of the authentication techniques.

Contract Number: 436/PP/GROW/RCH/15/8380

Duration: 14 months (Jan 2016 – April 2017)

Budget: € 290 445

Project Partners: Qascom S.r.l. (Italy), GMV Aerospace and Defence S.A.U (Spain), Università degli Studi di Padova (Italy)

Project Coordinator:
Andrea Dalla Chiara
andrea.dallachiara@qascom.it

European Commission Project Manager:
Ignacio Fernandez-Hernandez
ignacio.fernandez-hernandez@ec.europa.eu

Background

EGNOS is the European satellite-based augmentation system (SBAS). It currently augments the Global Positioning System (GPS) in a geographical region over Europe. EGNOS transmits a data signal in the L1 band (1 575.42 MHz) that broadcasts integrity data and corrections for GPS satellite navigation signals. An upgrade to the current SBAS service is currently under discussion. This upgrade would provide a new dual-frequency multi-constellation (DFMC) service in the L1 band and also the L5 band.

The signals broadcast by EGNOS and its data, as well as any other SBAS service, can be subject of falsification. Since SBAS data is generally trusted by the user, wrong data can lead to a degradation of service. The computation of navigation solutions can also be strongly affected, and this can be done in a way that is not detectable by traditional techniques available for global navigation satellite systems (GNSS). This creates a risk for many SBAS users including civil aviation and safety critical applications. Authentication techniques could help mitigate this threat.

Project objectives

The project aimed to define and characterise authentication strategies for EGNOS. The objective was to develop a platform where different authentication approaches could be compared and characterised, with the intention of potentially including authentication features into EGNOS services.

Results

The project carried out two main tasks:

  • The definition and design of several authentication techniques to protect the SBAS data and the signal. The definition of the techniques was supported by an analysis of state-of-the-art broadcast authentication, EGNOS user needs, a risk assessment and a preliminary analysis of the impact on the SBAS service.
  • The development of a simulation platform, capable of generating EGNOS messages with and without authentication data. The simulator can process EGNOS data in intensive simulations to provide statistical analysis. It does so using proper modelling and data transformation. The testbed is also capable of generating real baseband signals, including EGNOS, GPS and Galileo, to test their impact on a receiver. All the output data is processed by an application layer that computes EGNOS performance (i.e. eventual degradations from the nominal) and the performance of the authentication service.

Two main authentication strategies were proposed:

  • Data level authentication based on verifying the authenticity of the data carried by the signal, with no focus on the signal itself. In this context, two different approaches were identified and the most suitable configurations were identified as digital signature and TESLA.
  • Signal level authentication based on determining the authenticity of the broadcasted signal. The watermarking approach was explored. This strategy is based on the partial modification of the open spreading code. In particular, a subset of the chips is substituted by an unpredictable sequence.

The outcomes of the analyses and the experimentation campaigns contributed to the derivation of a set of final recommendations. In general, the adoption of authentication techniques for SBAS are desirable and viable. They enhance the robustness of the service and open it to new potential user segments (in addition to the aviation community). In this case, several aspects should be considered including user needs, the standardisation process and a market analysis. The impact on the standard service is crucial as it imposes proper tuning of techniques and eventually the exploitation of new signals components.

Expected impact

The EAST project delimited the characteristics of viable authentication solutions for SBAS (specifically EGNOS) to protect the data and the signal. The techniques have also been simulated and their applicability proved, highlighting advantages and drawbacks. The analysis indicated a number of crucial points starting with compatibility with the standard service, and possible solutions have been drafted. Additionally, an analysis of the path to adoption was carried out. This included standardisation, realisation, maintenance processes and costs.

Disclaimer: The project results represent the views of the consortium. They do not necessarily represent the views of the European Commission and they do not commit the Commission to implementing the results.