Detection of Replay Attacks to GNSS based on Partial Correlations and Authentication Data Unpredictability

TL;DR

This paper introduces five novel detectors for GNSS spoofing, leveraging partial correlations and authentication data unpredictability, demonstrating high detection probability even against sophisticated replay attacks in various conditions.

Contribution

The work proposes and evaluates five new detectors based on partial correlations and OSNMA data, with one showing superior performance in detecting replay spoofing attacks.

Findings

One detector consistently outperforms others in detection accuracy.

High detection probability achieved even under favorable spoofing conditions.

Practical implementation considerations for Galileo OSNMA are discussed.

Abstract

Intentional interference, and in particular GNSS spoofing, is currently one of the most significant concerns of the Positioning, Navigation and Timing (PNT) community. With the adoption of Open Service Navigation Message Authentication (OSNMA) in Galileo, the E1B signal component will continuously broadcast unpredictable cryptographic data. This allows GNSS receivers not only to ensure the authenticity of data origin but also to detect replay spoofing attacks for receivers already tracking real signals with relatively good visibility conditions. Since the spoofer needs to estimate the unpredictable bits introduced by OSNMA with almost zero delay in order to perform a Security Code Estimation and Replay (SCER) attack, the spoofer unavoidably introduces a slight distortion into the signal, which can be the basis of a spoofing detector. In this work, we propose five detectors based on partial correlations of GNSS signals obtained over predictable and unpredictable parts of the signals. We evaluate them in a wide set of test cases, including different types of receiver and spoofing conditions. The results show that one of the detectors is consistently superior to the others, and it is able to detect SCER attacks with a high probability even in favorable conditions for the spoofer. Finally, we discuss some practical considerations for implementing the proposed detector in receivers, in particular when the Galileo OSNMA message structure is used.