Optimal Compromise among Security, Availability and Resources in the Design of Sequences for GNSS Spreading Code Authentication

Spreading code authentication has been proposed as a promising countermeasure against signal layer spoofing attacks to GNSS. It consists in replacing part of the spreading code with a secret, cryptographically generated sequence, that is also provided to legitimate receivers, allowing them to verify the signal authenticity and integrity. Different techniques and formats have been proposed, yet their formulation is typically given as a particular solution, lacking proper generality. This paper aims at providing a unified general model for the design, description, evaluation and comparison of such techniques, introducing simple performance and security metrics, and abstracting from the particular cryptographic mechanisms that are required to generate the sequences. We derive a way to optimize the trade-offs between the security level and the availability of the signal for receivers that do not know the modified code, and between the security level and the required cryptographic resources We also propose a simpler mechanism that closely approaches the optimal tradeoff, and show that it significantly outperforms existing and proposed techniques, especially in the typically considered performance range. Finally, we evaluate the robustness of the proposed schemes to a partial observation of the transmitted modified code by the attacker.