Search for a command to run...
Global Navigation Satellite Systems (GNSS) are a key enabler for many new technologies, ranging from autonomous vehicles to shared mobile devices. In order to ensure high precision for those applications, GNSS augmentation systems are needed to provide correction data to reach an accuracy that is in the order of centimeters. Those systems can be provided as paid services where correction data are broadcast over a satellite link. In order to protect those systems and restrict their access only to paying users, we must adopt encryption mechanisms designed to avoid that pirates redistribute or resell the decryption key to unauthorized parties. At the same time, integrity protection mechanisms are needed to avoid that active attackers inject malicious GNSS augmentation data, which could disrupt or mislead the positioning. These objectives are made challenging by the peculiarities of satellite communication for the GNSS augmentation, in which bandwidth is scarce and receivers are resource-constrained. In this paper, we propose APBE (Anti-Piracy Broadcast Encryption) and SIA (Succinct Immediate Authentication), two methods to enhance the GNSS augmentation service security by providing protection against respectively pirate customers and active attackers. Both methods are specifically tailored to minimize bandwidth and processing time on the receiver. We demonstrate their feasibility via a proof-of-concept implementation on an ESP32 embedded system. We also measure APBE and SIA performance under various configuration, each giving a different security/performance tradeoff. APBE and SIA are candidate mechanisms to be included in the future versions of SPARTN, which is an open industry standard for GNSS augmentation.