Navigation Message Authentication (NMA) is a necessary security provision in GNSS open service, considering that more and more infrastructures rely on civilian GNSS signals, and several cryptographic mechanisms have been proposed to implement it. Most solutions adapt existing protocols to the specific requirement and constraints of the GNSS scenario, which is inherently one-way and asymmetric, and hence make use of asymmetric cryptography. However, no similar proposal has yet been made for the provision of key management services (distribution, upgrade, revocation), which are crucial for the security of any cryptographic mechanism. We propose a key management scheme which is based on a layered structure, where higher layer keys, more secure and longer valid, protect the integrity of messages for the management of lower layer keys. The lowest layer keys are used for the NMA mechanism and are frequently changed. Moreover, in order to save bandwidth they can be stored into the receiver in encrypted form, together with their certificate, to be decrypted and retrieved as they come into use. Despite the generality and flexibility of the scheme, we show that two layers, in addition to the root certificate authority, would be sufficient to grant operation of a GNSS open service receiver with the required security level for several years, with the currently proposed NMA schemes in the literature. Finally, we discuss possible changes and design choices, and evaluate the performance of the scheme.
A key management architecture for GNSS open service Navigation Message Authentication
Caparra, Gianluca;Ceccato, Silvia;Sturaro, Silvia;Laurenti, Nicola
2017
Abstract
Navigation Message Authentication (NMA) is a necessary security provision in GNSS open service, considering that more and more infrastructures rely on civilian GNSS signals, and several cryptographic mechanisms have been proposed to implement it. Most solutions adapt existing protocols to the specific requirement and constraints of the GNSS scenario, which is inherently one-way and asymmetric, and hence make use of asymmetric cryptography. However, no similar proposal has yet been made for the provision of key management services (distribution, upgrade, revocation), which are crucial for the security of any cryptographic mechanism. We propose a key management scheme which is based on a layered structure, where higher layer keys, more secure and longer valid, protect the integrity of messages for the management of lower layer keys. The lowest layer keys are used for the NMA mechanism and are frequently changed. Moreover, in order to save bandwidth they can be stored into the receiver in encrypted form, together with their certificate, to be decrypted and retrieved as they come into use. Despite the generality and flexibility of the scheme, we show that two layers, in addition to the root certificate authority, would be sufficient to grant operation of a GNSS open service receiver with the required security level for several years, with the currently proposed NMA schemes in the literature. Finally, we discuss possible changes and design choices, and evaluate the performance of the scheme.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
