Authentication of GNSS signals by radio signal fingerprinting
The objective is to identify the most reliable GNSS signal authentication concept based on radio-level signal classification.
The authentication of GNSS signals poses a challenging problem. Before exploiting a signal (e.g. its pseudo-noise sequence) it would be desirable for the receiver to have assurance quickly (ideally in less than 10-s) and reliably that the signal is actually coming from a navigation satellite and not from a spoofer (e.g. unknown pseudolite, delayed version of the same signal). Classical data-level authentication solutions work after signal demodulation (PN sequence de-spreading), require data-level cryptography (shared secrets) and key management. Furthermore, they cannot combat against delayed versions of the original signal, which is a problem for navigation receivers. Physical-layer authentication techniques like radio signal fingerprinting rely instead on what signals are (no shared secrets). Minimal differences in the physical structure of RF signal transmitters such as in the oscillator, amplifier and delay circuits produce differences in the amplitude, phase and frequency. Such differences can be exploited by adapted receivers to identify and classify the signal source. These techniques could offer an alternative to such data-level techniques with less system impact. These techniques allow to compare a received signal 'signature' against a local database of signatures with certain algorithms and decision criteria/metrics (e.g. fingerprint matcher using Mahalanobis distance). They do not need to process data-level information. They rely on the normal presence of pilots or equivalent repeated symbol patterns in all data frames of wireless systems producing repetitive radio signals. They are a subject of very intense research for what concerns certain security threats (e.g. impersonation, spoofing, intrusion detection) considering context (e.g. SNR conditions, classification objective, parametric and non-parametric statistical features) and implementation complexity for all sort of wireless technologies and standards from RFID tags to ZigBee, Z-wave, Wireless LAN, LTE. GNSS signals by definition are produced by very high quality radio sources. Thus, the feasibility of exploiting small differences between those sources to define well-identifiable signatures, corresponding metrics and apply signal classification techniques needs to be confirmed first. Another line of research could be to exploit the analogue distortions typically used by fingerprinting matching techniques to create an artificial signature in the signal that could be later exploited for authentication, in contrast with the typically proposed solutions based on specific PRN injection. Signal classification techniques basically rely on the processing of RF signal samples, extraction of relevant features and statistical processing with machine learning techniques (e.g. decision-tree, random forests). A survey of those techniques and a selection of a subset for further analysis, simulation and even implementation (e.g. with vector signal receiver platform) has to be performed. As part of the activity, the provision of representative and distinct GNSS signal sources with similar level of quality is crucial. The I/Q samples of recorded GNSS Navigation signals with good SNR as with an In-Orbit Test Station is needed both to generate the local database of 'clean' signatures stored by the classifier and as a signal source to be used on the stimulus side. SNR and multipath conditions need to be considered and realistic scenarios reproduced through simulation and possibly testing/evaluation and channel emulation with a radio platform. The activity consists of the following tasks : 1) to assess the feasibility of employing RF signal fingerprinting as an authentication technique for GNSS signals; 2) to study, simulate and evaluate performance of selected radio signal classification techniques for both high-end and low-end navigation receivers; 3) to propose a reliable GNSS signal authentication concept based on radio-level signal classification