Time Synchronization of TESLA-enabled GNSS Receivers

TL;DR

This paper develops and proves security of time synchronization algorithms for TESLA-enabled GNSS receivers, enabling secure, onboard clock validation and resynchronization in authenticated positioning systems.

Contribution

It introduces new algorithms for secure time synchronization and validation in GNSS receivers using TESLA, with formal security proofs and practical implementation guidance.

Findings

Algorithms are secure against delay-capable adversaries.

Receivers can verify message timing and clock safety.

Protocols enable resynchronization despite adversarial delays.

Abstract

As TESLA-enabled GNSS for authenticated positioning reaches ubiquity, receivers must use an onboard, GNSS-independent clock and carefully constructed time synchronization algorithms to assert the authenticity afforded. This work provides the necessary checks and synchronization protocols needed in the broadcast-only GNSS context. We provide proof of security for each of our algorithms under a delay-capable adversary. The algorithms included herein enable a GNSS receiver to use its onboard, GNSS-independent clock to determine whether a message arrived at the correct time, to determine whether its onboard, GNSS-independent clock is safe to use and when the clock will no longer be safe in the future due to predicted clock drift, and to resynchronize its onboard, GNSS-independent clock. Each algorithm is safe to use even when an adversary induces delays within the protocol. Moreover, we discuss the implications of GNSS authentication schemes that use two simultaneous TESLA instances of different authentication cadences. To a receiver implementer or standards author, this work provides the necessary implementation algorithms to assert security and provides a comprehensive guide on why these methods are required.