Civil Global Navigation Satellite System (GNSS) signals are broadcast unencrypted worldwide according to an open-access standard. The virtues of open-access and global availability have made GNSS a huge success. Yet the transparency and predictability of these signals renders them easy to counterfeit, or spoof. During a spoofing attack, a malefactor broadcasts counterfeit GNSS signals that deceive a victim receiver into reporting the spoofer-controlled position or time. Given the extensive integration of civil GNSS into critical national infrastructure and safety-of-life applications, a successful spoofing attack could have serious and significant consequences. 

Unlike civil GNSS signals, military GNSS signals employ symmetric-key encryption, which serves as a defense against spoofing attacks and as a barrier to unauthorized access. Despite the effectiveness of the symmetric-key approach, it has significant drawbacks and is impractical for civil applications.  First, symmetric-key encryption requires tamper-resistant receivers to protect the secret keys from unauthorized discovery and dissemination. Manufacturing a tamper-resistant receiver increases cost and limits manufacturing to trusted foundries. Second, key management is problematic and burdensome despite the recent introduction of over-the-air keying. Third, even symmetric-key encryption remains somewhat vulnerable to specialized spoofing attacks.

I propose an entirely new approach to navigation and timing security that avoids the shortcomings of the symmetric-key approach while maintaining a high resistance to spoofing. My first contribution is a probabilistic framework that develops necessary components of signal authentication. Based on this framework, I develop my second and third contributions: an asymmetric-key cryptographic signal authentication technique and a non-cryptographic spoofing detection technique, both of which operate without a locally stored secret key. These techniques stand as viable spoofing defenses for civil users and could augment—or even replace—current and planned military anti-spoofing measures.

Finally, I offer an in-depth case study of the security vulnerabilities of a modern GNSS-based aviation surveillance technology. I then evaluate possible cryptographic enhancements to the system in the context of the technical and regulatory aviation environment.

To cite and download this dissertation:
K.D. Wesson, "Secure Navigation and Timing Without Local Storage of Secret Keys," Ph.D. dissertation, Department of Electrical and Computer Engineering, The University of Texas at Austin, 2014.