| As the application of Global Navigation Satellite Systems(GNSS)technologies deepen in the social and military field,security issues of satellite service have attracted more and more attention worldwide.The format of the civilian navigation signal is open to the public,which makes the receiver vulnerable to spoofing attacks.This form of attack is concealed and poses serious security threats.In this thesis,anti-spoofing technology is researched due to the publicity of civil navigation signals.Taking the Global Positioning System as the research object,this thesis introduces the satellite signal structure,navigation message format and data,and the principle of positioning solution.Subsequently,the vulnerability of navigation signals and various existing forms of spoofing attacks are analyzed.This thesis conducts in-depth research on the navigation message authentication scheme based on cryptography to defend against spoofing.According to the types of cryptography-based anti-spoofing strategy,this thesis introduces the authentication process of navigation message based on asymmetric encryption and symmetric encryption.The digital signature in the asymmetric encryption scheme,and the principle of the one-way hash function and message authentication code algorithm in the Timed Efficient Stream Loss-tolerant Authentication(TESLA)protocol are analyzed.In the scenario of navigation message authentication,the security of the key chain is improved by introducing random parameters as "salt" in the key iteration algorithm,and the key and message authentication code are truncated reasonably under the premise of security analysis to make it suitable for the unidirectional GNSS with limited channel capacity.Different types of authentication schemes are analyzed and compared from the perspectives of security,bandwidth requirement,key management,etc.According to the selected GPS L1C/A LNAV navigation message frame structure,this thesis proposes to use Single MAC to improve the message group authentication in the traditional TESLA-based scheme,which can reduce the impact of a single lost message on the authentication result.The specific design of the authentication data block is given,and the effectiveness of the scheme is verified through simulation experiments.The authentication performance framework is outlined.Compared with the authentication scheme based on elliptic curve digital signature algorithm and the traditional TESLA-based scheme,the simulation results show that the improved scheme has better performance on both authentication error rate and authentication rate. |
PDF Full Text Request