AUTHENTICATION OF GNSS SIGNALS BY RADIO SIGNAL FINGERPRINTING – EXPRO+
12, October 2018

ESA Open Invitation to Tender AO9529
Open Date: 05/10/2018
Closing Date: 16/11/2018 13:00:00

Status: ISSUED
Reference Nr.: 18.1ET.20
Prog. Ref.: Technology Developme
Budget Ref.: E/0901-01 – Technology Developme
Special Prov.: BE+DK+FR+DE+IT+NL+ES+SE+CH+GB+IE+AT+NO+FI+PT+GR+LU+CZ+RO+PL+EE+HU
Tender Type: C
Price Range: 200-500 KEURO
Products: Ground Segment / Ground Station / F&T equipment / GPS Receivers
Techology Domains: RF Systems, Payloads and Technologies / Radio Navigation Systems/Subsystems / Navigation System Tools / RF Systems, Payloads and Technologies / Radio Navigation Systems/Subsystems / Ground Receivers
Establishment: ESTEC
Directorate: Directorate of Tech, Eng. & Quality
Department: Electrical Engineering Department
Division: Radio Frequency Systems & Payloads Offic
Contract Officer: Erkelens-Sickinger, Franziska
Industrial Policy Measure: C1 – Activities in open competition limited to the non-Larg…
Last Update Date: 05/10/2018
Update Reason: Tender issue

The authentication of GNSS signals poses a challenging problem. Before exploiting a signal (e.g. its pseudo-noise sequence) it would be desirable for the receiver to have assurance quickly (ideally in less than 10-s) and reliably that the signal is actually coming from a navigation satellite and not from a spoofer (e.g. unknown pseudolite, delayed version of the same signal). Classical data-level authentication solutions work after signal demodulation (PN sequence de-spreading), require data-level cryptography (shared secrets) and key management. Furthermore, they cannot combat against delayed versions of the original signal, which is a problem for navigation receivers. Physical-layer authentication techniques like radio signal fingerprinting rely instead on what signals are (no shared secrets). Minimal differences in the physical structure of RF signal transmitters such as in the oscillator, amplifier and delay circuits produce differences in the amplitude, phase and frequency. Such differences can be exploited by adapted receivers to identify and classify the signal source. These techniques could offer an alternative to such data-level techniques with less system impact. These techniques allow to compare a received signal ‘signature’ against a local database of signatures with certain algorithms and decision criteria/metrics (e.g. fingerprint matcher using Mahalanobis distance). They do not need to process data-level information. They rely on the normal presence of pilots or equivalent repeated symbol patterns in all data frames of wireless systems producing repetitive radio signals. They are a subject of very intense research for what concerns certain security threats (e.g. impersonation, spoofing, intrusion detection) considering context (e.g. SNR conditions, classification objective, parametric and non-parametric statistical features) and implementation complexity for all sort of wireless technologies and standards from RFID tags to ZigBee,Z-wave, Wireless LAN, LTE. GNSS signals by definition are produced by very high quality radio sources. Thus, the feasibility of exploiting small differences between those sources to define well-identifiable signatures, corresponding metrics and apply signal classification techniques needs to be confirmed first. Another line of research could be to exploit the analogue distortions typically used by fingerprinting matching techniques to create an artificial signature in the signal that could be later exploited for authentication, in contrast with the typically proposed solutions based on specific PRN injection. Signal classification techniques basicallyrely on the processing of RF signal samples, extraction of relevant features and statistical processing with machine learning techniques (e.g. decision-tree, random forests). A survey of those techniques and a selection of a subset for further analysis, simulation and even implementation (e.g. with vector signal receiver platform) has to be performed. As part of the activity, the provision ofrepresentative and distinct GNSS signal sources with similar level of quality is crucial. The I/Q samples of recorded GNSS Navigation signals with good SNR as with an In-Orbit Test Station is needed both to generate the local database of ‘clean’ signatures storedby the classifier and as a signal source to be used on the stimulus side. SNR and multipath conditions need to be considered and realistic scenarios reproduced through simulation and possibly testing/evaluation and channel emulation with a radio platform.The activity consists of the following tasks :1) to assess the feasibility of employing RF signal fingerprinting as an authentication technique for GNSS signals;2) to study, simulate and evaluate performance of selected radio signal classification techniques for both high-end and low-end navigation receivers;3) to propose a reliable GNSS signal authentication concept based on radio-level signal classificationProcurement Policy: C(1) = Activity rrestricted to non-prime contractors (incl. SMEs). For additional information please go to EMITS news “Industrial Policy measures for non-primes, SMEs and RD entities in ESA programmes”.

If you wish to access the documents related to the Invitation to Tender, you have to log in to the ESA Portal.