Computer Laboratory

Security Group

Secure location and positioning systems

Contact: Dr Markus Kuhn

Global satellite navigation (GPS, GLONAS, Galileo) is now a critical infrastructure for many aspects of society. But existing services lack the signal-integrity protection necessary to protect mass-market applications against spoofing attacks. We propose a new type of signal-authentication mechanism that could be added to future navigation systems, such as Galileo or next generation GPS. Its steganographic transmission scheme protects not only the transmitted data (which can be accomplished with well-known digital-signature and stream-authentication algorithms), but also the nanosecond-accuracy relative arrival times of signals from different satellites, the critical information from which receivers determine their position.

The proposed solution features the same asymmetric-security property that made digital-signature technology so useful: the ability to verify a signal does not lead to the ability to spoof it. This is of particular importance in civilian mass-market applications in which the person in possession of the receiver has an incentive to manipulate its reading. Examples include GPS-based road toll, pay-as-you-drive car insurance schemes, or offender-tagging systems.

The only alternative is symmetric encryption of the spreading sequences and key management through tamper-resistant subscriber modules. The conditional access industry has already gained two decades of experience in a very similar broadcast-encryption application, namely satellite pay-TV, where also very limited bandwidth is available for key management involving millions of subscribers. Rather than a durable solution, tamper-resistant hardware continues to be a rather active battlefield between pay-TV operators and crackers.

We also proposed a number of other measures that do not require modification of existing satelite broadcast signals and that can help a navigation receiver to distinguish between genuine and signals. Some of these make it substantially more difficult to synthesize a fake satnav signal that will pass as authentic:

Distance-bounding protocols against relay attacks

Authentication of humans is commonly based on either something you have (e.g., smartcard), something you know (e.g., password), something you are (e.g., biometric feature), or where you are (e.g., at your telephone at home). Authentication tokens, such as smartcards and RFID tags, are increasingly used to authorize financial transactions or gain access to buildings and services. Modern authentication tokens are very difficult to copy thanks to their cryptographic challenge-response schemes. However, many applications implicitly assume that completing such an authentication protocol implies that the token is physically present. Relay attacks, in which challenge-response data is forwarded by an attacker over a substantial distance via radio, violate this assumption. They can be a concern in real-world applications, as our demonstrations on RFID access control systems and Chip & PIN (EMV) terminals illustrate.

Distance-bounding protocols are special challenge-response authentication protocols optimized such that the message round-trip time is minimized and made particularly robust against manipulation. We have proposed a new distance-bounding protocol whose low implementation complexity and high resilience against bit errors make it particular well-suited for RFID tokens. We are in the process of implementing a number of distance-bounding extensions to commonly used interface standards, starting with ISO 7816 smartcards and ISO 14443 proximity cards.

Distance-bounding protocols have very different requirements on the underlying physical communication layer, therefore in their implementation, great attention has to be paid to all layers of the protocol stack, down to the physical representation of individual bits. Our distance-bounding research brings together the abstractions of cryptographic protocols with the gory details of modern digital communication signals.