CN110488324A - The anti-deception measures of Beidou II civil signal based on authentification of message - Google Patents

The anti-deception measures of Beidou II civil signal based on authentification of message Download PDF

Info

Publication number
CN110488324A
CN110488324A CN201910825637.7A CN201910825637A CN110488324A CN 110488324 A CN110488324 A CN 110488324A CN 201910825637 A CN201910825637 A CN 201910825637A CN 110488324 A CN110488324 A CN 110488324A
Authority
CN
China
Prior art keywords
information
key
beidou
message
navigation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910825637.7A
Other languages
Chinese (zh)
Inventor
吴志军
张云
刘如森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Civil Aviation University of China
Original Assignee
Civil Aviation University of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Civil Aviation University of China filed Critical Civil Aviation University of China
Priority to CN201910825637.7A priority Critical patent/CN110488324A/en
Publication of CN110488324A publication Critical patent/CN110488324A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S19/00Satellite radio beacon positioning systems; Determining position, velocity or attitude using signals transmitted by such systems
    • G01S19/01Satellite radio beacon positioning systems transmitting time-stamped messages, e.g. GPS [Global Positioning System], GLONASS [Global Orbiting Navigation Satellite System] or GALILEO
    • G01S19/13Receivers
    • G01S19/21Interference related issues ; Issues related to cross-correlation, spoofing or other methods of denial of service
    • G01S19/215Interference related issues ; Issues related to cross-correlation, spoofing or other methods of denial of service issues related to spoofing

Landscapes

  • Engineering & Computer Science (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Remote Sensing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Position Fixing By Use Of Radio Waves (AREA)

Abstract

The present invention relates to field of information security technology, are a kind of anti-deception measures certificate schemes of the Beidou II civil signal based on authentification of message.The present invention proposes a kind of anti-deception measures based on domestic cryptographic algorithm on the basis of analyzing spoofing attack.The present invention avoids the adjustment to existing Beidou II satellite navigation system frame structure by the way that all authentication informations to be inserted among the reserved bit of navigation message while realizing authentification of message function;By the authenticity and continuity of authentication code Information Authentication satellite time information, using the integrality of signing messages verifying satellites location information and other information.In order to avoid receiver causes authentification failure because of public key or wrong cipher key, key prompt information and public key prompt information are devised to remind receiver to timely update key or public key.In the Beidou II of design emulation platform against the attack of cheating, carry out the emulation experiment that spoofing attack is detected under Gaussian noise environment.Simulation result shows that the present invention can detecte spoofing attack and its certification delay is lower than 1 the percent of transmission delay, illustrate that the present invention meets the needs of Beidou II navigation civil systems authentification of message, and enhances the ability that Beidou II civil signal resists spoofing attack.

Description

The anti-deception measures of Beidou II civil signal based on authentification of message
Technical field
The present invention relates to field of information security technology, are a kind of anti-deceptions of Beidou II civil signal based on authentification of message Method validation scheme.
Background technique
In recent years, being all the GPS system of Global Satellite Navigation System with Beidou II satellite navigation system, repeatedly Expose the problem of satellite navigation receiver is subject to spoofing attack.Since satellite operation is farther away apart from earth surface Place, so the signal that receives of receiver is very faint and is easy to be influenced by human interference or environmental disturbances.This makes The integrity and reliability of satellite navigation information are unable to get general warranty.
Because Beidou II satellite navigation system is close with the not only positioning principle of GPS, but also the civilian information of the two is all It is plaintext transmission and lacks authentification of message measure, so both satellite navigation systems is all easily subject to the shadow of spoofing attack It rings.By taking GPS as an example, a lot of events relevant to spoofing attack were nowadays had occurred and that in the world.In December, 2011, Iran are right The GPS device of RQ-170 " sentry " unmanned plane is interfered, and Cheat Jamming Technique control unmanned plane landing is utilized;2012 December, Iran announce to capture the U.S. " scanning hawk " unmanned plane using similar technique again.2013, Texas ,Usa university The research team of Todd Humphreys professor utilizes a laptop, and a small size antenna and a cheap GPS take advantage of Jammer is deceived, the navigation system of a super yacht is successfully controlled.In January, 2016, two patrol smalls of USN Deviate original navigation route and drive into Iranian waters, American side suspects that the Iranian military probably passes through spoofing attack means and to correspond to Ship loses the ability contacted with the national military, and drives into wrong waters and be detained.
Since Beidou II satellite navigation system and GPS lack effective authentification of message measure, so the Beidou in China Two generation satellite navigation systems are likely to as GPS by the spoofing attack of above-mentioned example.Therefore, spoofing attack can be China is made an extremely bad impression based on the infrastructure of Beidou II navigation information service, and is defended to China's Beidou II Star navigation system has buried serious security risk.
1. the vulnerability analysis of Beidou Navigation System
Attack based on Beidou navigation signal can be divided into two kinds, and one is pressing type attack, another kind is that deception formula is attacked It hits.Since the reception power of Beidou II satellite navigation signals is smaller, so attacker can start pressing type attack to influence to connect Receipts machine normal received signal.The advantages of this attack is that attack pattern is simple, easily operated, but a disadvantage is that being easy to be received machine Investigation, and certain measure is taken to resist this attack.Whether production cheating interference or relay type Deceiving interference, In During implementing deception, according to certain deception strategy, it can all increase the success rate of deception.Typically, deception side's meeting It is cheated in such a way that curve is interfered with big noise combination.Specific process is as shown in Figure 1.
After deception side fully controls receiver, the false navigation information that deception side is propagated will affect the positioning of receiver As a result.In conjunction with Beidou II positioning principle, the location information and satellite time information of satellite are all referred in satellite navigation information. The location information of satellite refers to the basic navigation information in satellite navigation message, satellite time information refer to counting in week and The second counts (Seconds Of Week, SOW) in week.Generally become within a very long time since the week in temporal information counts Change less, so deception side more likely achievees the purpose that modify satellite time information by distorting SOW information.To sum up, because For in spoofing attack, SOW is probably different with true navigation message from basic navigation information.So being based on authentification of message The anti-deception measures of Beidou II need to analyze the authenticity and integrality of SOW and basic navigation information.In addition, In order to carry out detection to information occlusion situation and make early warning in advance, which will also carry out SOW continuity real-time Analysis.
2. cryptographic algorithm and authentication method analysis
A) domestic password brief introduction
In the present invention, main SM2 algorithm, SM3 algorithm and the SM4 algorithm put into effect using Chinese password office, these three algorithms Property it is as shown in table 1.
1 SM2 algorithm of table, SM3 algorithm and SM4 algorithm property
SM4 algorithm is block cipher.Encryption Algorithm and key schedule are all made of 32 wheel nonlinear iteration structures. The clear data for being not fixed length can be generated the cryptographic Hash of regular length by hash algorithm SM3.SM2 algorithm is international Cryptographic algorithm.Its elliptic curve employed in operation is source ECC-256 (Elliptic Curve Cryptography- 256) one in.Digital signature can be generated based on SM3 hash algorithm according to SM2 algorithm.
B) authentication method is analyzed
For different types of information, need to carry out information protection using different authentication password algorithms.Symmetric cryptography certification The enciphering rate and certification speed of (SM4 algorithm) are fast, but authentication information is less.This is relatively suitble to certification renewal speed fast and believes Breath measures small temporal information.The encryption intensity that asymmetric encryption authenticates (SM2 algorithm) is strong, and authentication information amount is big, but enciphering rate It is slower than symmetric cryptography certification with certification speed.This authentication mode is relatively suitble to the satellite position that renewal speed is slow and contains much information Information and associated ancillary information.Certification for temporal information is mainly to refer to recognizing second count information (SOW) in week Card, the certification of location information refer to the certification to basic navigation information.
3. Beidou navigation text structure
A) D1 navigation message
Beidou D1 navigation message mainly includes superframe, prime frame and subframe composition.Each superframe packet in D1 navigation message 24 prime frames are included, each prime frame includes 5 subframes, and each subframe includes 10 words, and each word has 30bit, each subframe one Contain 300bit altogether, navigation message is broadcast by the speed of 50bit/s, and each subframe, which is broadcast, needs 6s.
As shown in Fig. 2, the 1st, 2,3 subframe includes the basic navigation information of the satellite, content updates 1 time per hour;The 4,5 subframes are the outline almanacs of whole satellites, its content is only injected after new navigation data in earth station and just updated.4th, The data of 5 subframes are sent by 24 page timesharing.
B) D2 navigation message
Beidou D2 navigation message is mainly to send to propagate by GEO satellite.Beidou D2 navigation message mainly includes surpassing Frame, prime frame and subframe composition.Each superframe includes 120 prime frames in D2 navigation message, each prime frame includes 5 sons Frame, each subframe include 10 words, and each word has 30bit, and each subframe contains altogether 300bit, and navigation message presses 500bit/s Speed broadcast, each subframe, which is broadcast, needs 0.6s.
As shown in figure 3, the 1st subframe includes the basic navigation information of the satellite, content updates 1 time per hour, passes through 10 A page timesharing is sent;2nd, 3,4 subframe includes dipper system integrity and difference information, they are sent by 6 page timesharing; 5th subframe includes whole satellite almanac informations, grid points ionosphere information and other systems time synchronization information, it passes through What 120 page timesharing were sent.
Summary of the invention
The solution of the present invention is for Beidou II satellite navigation system vulnerability analysis, for Beidou II navigation information The main certification for considering satellite time information of certification and the certification of satellite position information.It is close in verification process in order to guarantee simultaneously The safety of key information and public key information, therefore needed while being protected to textual information to close in the anti-deception measures of Beidou II Key information and public key information are protected.In the general frame of the anti-deception measures of Beidou II, ground segment is responsible for certification The navigation message of information generates, and satellite segments are responsible for the forwarding of navigation message, and user segment is responsible for the certification to navigation information.Wherein The design framework of face section is as shown in Figure 4.
In the ground segment Frame Design that Fig. 4 is shown, ground master station is responsible for generating basic navigation information, and the second counts letter in week Breath and other satellite navigation relevant informations, and record the authentication code backup information from satellite reception.Key Management Center is main Responsible key, public key, private key, public key transport packet, cryptographic key protection information, close (public affairs) key prompt information are related to close (public affairs) key The generation of information.It include public key information and public key id information in public key transport packet, public key transport packet can pass through north Bucket short message and digital certificate are transferred to user.Cryptographic key protection information is the information after key is encrypted, and is passed by navigation message It is defeated by user, user is helped to obtain key information.Close (public affairs) key relevant information is a packet, wherein public key ID is contained, Key and key ID.Key Management Center generates close (public affairs) key relevant information and close (public affairs) key prompt information and ground master control The backup location authentication code information for the basic navigation information and record that generate of standing can generate signing messages by private key.The second counts in week The key that number information can be exported by Key Management Center generates home position authentication code and backup location authentication code.Home position Authentication code information, backup location authentication code information, signing messages, cryptographic key protection information, close (public affairs) key prompt information, basic navigation Information, second count information and other satellite navigation relevant informations can be forwarded to user segment by satellite in week.User segment is connecing After receiving navigation message information, receiver can carry out navigation message authentification of message according to Fig. 5 user segment design framework.
In Fig. 5 user segment Frame Design, the cryptographic key protection information in navigation message is a cipher-text information, can be by short The public key ID of message or updating digital certificate is decrypted, and decrypts available key information and key ID.Key information Second count information in week can be authenticated based on authentication code and authentication code backup information, to confirm satellite time information It is really continuous.Key prompt information and public key prompt information can inform whether receiver needs to update key information or public affairs Key information avoids the authentification failure caused because of key or public key mistake.Key prompt information, public key prompt information, recognizes Code backup information, public key ID are demonstrate,proved, key and these information of key ID become auxiliary information.Auxiliary information can with include satellite position The basic navigation information of information passes through public key together and carries out signature authentication.This verification process is known as satellite position and auxiliary information Certification.When satellite position and auxiliary information authenticate successfully, illustrate receiver received location information and the phase that is retained It is all complete reliable for closing key information.To sum up, when satellite time authentification of message satellite position information and auxiliary information all authenticate Success, can just illustrate that the received satellite message information of receiver is not subject to spoofing attack and the influence of block attacks, this A little information can be used for a series of services such as future positioning, time service.
Based on the analysis above for cryptographic algorithm and Beidou II fraud problem, will be authenticated below from temporal information, Three aspects of certification of key prompt information and public key prompt information, satellite position information and auxiliary information are illustrated this Invention.
1. the certification of satellite time information
For the certification of satellite time information take dislocation authenticate method (i.e. current ciphertext not only with this subframe satellite Temporal information is related, also also related simultaneously to the satellite time information of a upper subframe).The authentication information of satellite time information Generation will use SM4 algorithm.Wherein the design and transmission of SM4 key are as follows.
A) SM4 key designs.
In the present invention, the key designs of SM4 are as shown in Figure 6.As shown in Figure 6, preceding 28 information of SM4 key information is 4 groups mention bits of information.Since the reserved bit for being assigned to certain subframes in Beidou navigation text is less, therefore will be extracted in this method 4 cipher-text informations are as authentication code (mentioning bits of information) and insert it into navigation message and be sent to recipient, specific implementation side The system for 7 bit informations that formula mentions every group in bits of information by 4 groups is converted.Low 88 bit information of SM4 key information is to fill out Information is filled, according to Beidou control interface file, it is known that the SOW information of two continuous subframes has 40 bits, and in SM4 algorithm, At least 128 bit informations are encrypted, therefore there remains 88 bit informations and need to design, it adds for satellite time information It is close.
B) the transmission of SM4 key
The key of SM4 is one group of 128 random number, its numerical value is codetermined by satellite and ground receiver center.Generally For, all satellites transmit identical key information in same time period.SM4 key information is passed in navigation message by ciphertext It is defeated.The cleartext information structure of the ciphertext is as shown in Figure 7.The cleartext information length is 256, and wherein SM4 key information length is 128, SM4 key ID is 64, and zero padding fills 64.256 cleartext informations obtain 256 ciphertexts by encryption key. Wherein encryption key is generated by public key ID cyclic pac king.Encryption Algorithm is SM4 algorithm.The cipher-text information of generation passes through navigation electricity Reserved place transmission in text.After receiver receives cipher-text information, the cipher-text information of position shown in table 2 is extracted.
Table 2 includes the ciphertext position of SM4 key
After receiver is extracted the cipher-text information of position shown in table 2, receiver is recycled by the public key ID itself saved Filling generates decruption key and decrypts to cipher-text information.SM4 key information and SM4 key ID information will be next super after decryption Satellite time authentification of message is used in frame.
C) the verification process of satellite time information
Satellite time authentification of message uses the authentication method of subframe interlacing, and this method is mainly detected by identifying code simultaneously The complete and continuity of satellite time information.The process for wherein generating authentication code is as shown in Figure 8.In the process for generating authentication code In, the satellite time information combination filling information by the satellite time information of this subframe together with a upper subframe is combined, and is made For in plain text.The message structure of the plaintext is as shown in Figure 9.Cleartext information as shown in Figure 9 is generated into ciphertext by SM4 algorithm.In Cipher-text information required by information extraction position is extracted in ciphertext to send as authentication code and inserting it into navigation message.Its In, it filling information and mentions bits of information and is included in SM4 key.
Figure 10 illustrates the verification process of authentication code.After recipient receives navigation information, recipient is by received Subframe satellite time information extracts, in conjunction with the satellite time information and filling information of a upper subframe, by these information according to Fig. 9 is combined, and generates ciphertext using SM4 algorithm.The cipher-text information that SM4 key requires, these ciphertexts are extracted in ciphertext Information is compared with the authentication code received.If the two is consistent, satellite time information is continuous and true, otherwise, the navigation There are cheated possibilities for information.
D) authentication code information insertion location
In order to guarantee that time certification code information can be authenticated timely, the position that authentication code information is inserted into is extremely to close Key.Figure 11 illustrates the home position that authentication code is inserted into.As shown in figure 11, in Beidou II navigation message, any one Subframe front end is owned by 4 reserved bits, and for specific location at each subframe the 12nd to the 15th, authentication code is inserted into these Position.These positions are known as home position.Although the authentication code of home position facilitates receiver to extract, home position lacks The protection of check code, it is more likely that the authentication result of mistake can be obtained by the influence of noise.Therefore, when noise is smaller, It can guarantee to authenticate effect using which, when noise is larger, authentication code needs to back up calibration.As shown in figure 12, D1 navigates 5th subframe 11-24 page reserved bit of text is more.It is to retain at low 150 of all 1st subframes of D2 navigation message Position, therefore, can carry out authentication code backup in these reserved bits.
In view of navigation message is to continuously transmit and the message structure of D1 navigation message and D2 navigation message is not also identical, The shared reserved bit of authentication code backup is not also identical, and specific reserved bit occupies as shown in table 3.
3 authentication code backup location of table
For the check-verifying period of backup location, in D1 navigation message, whens each superframe transmissions, is 12 minutes a length of, and at this It is average respectively in the authentication information of two position insertion backups, therefore in D1 navigation message in 12 minutes message transmitting procedures Backup authentication code check-verifying period is 6 minutes.In D2 navigation message, in every 10 continuous prime frame information, it can all include backup Authentication information, when transmission of this 10 prime frames, is 30 seconds a length of, therefore in D2 navigation message, backup verification authentication code check-verifying period It is 30 seconds.
2. key prompt information and public key prompt information
The authentification failure caused in order to avoid receiver because of wrong cipher key or public key mistake, this method is in navigation electricity Key prompt information and public key prompt information are devised in text to remind receiver to timely update key information or public key information.It is close Key prompt information includes the low level significance bit information and key updating information of key ID;Public key prompt information includes the low of public key ID Position significance bit information and public key more new information.The insertion position of these information is as shown in table 4.
4 key prompt information of table and public key prompt information position
Key prompt information and public key prompt information can be inserted into position as shown in table 4.Close (public affairs) key message structure is such as Shown in Figure 13.It is few due to retaining bit quantity, so it is effective only close (public affairs) key ID low level to be retained in close (public affairs) key prompt information Position information.As shown in figure 13, key updating information or public key more new information include 4 information altogether, according to different types of navigation Text, the content of close (public affairs) key ID low order also can be different, close (public affairs) key ID corresponding to different close (public affairs) key more new informations The low order information content is as shown in table 5.
Close (public affairs) key of table 5 updates Meaning of Information
According to table 5, when close (public affairs) key more new information is 1111, specific message structure is as shown in figure 13.But work as When close (public affairs) key more new information is not 1111, in order to help receiver to confirm whether updated key is accurate, close (public affairs) key ID Information will add the low level significance bit information of future keys id information.The structure of key prompt information or public key prompt information at this time As shown in figure 14, when close (public affairs) key more new information is not 1111, close (public affairs) ID low order information contains instantly close (public affairs) Key ID low order information and following close (public affairs) the key ID low order information.
It, can be by different modes more when more new information changes for receiver discovery key updating information or public key The newly key or public key information of itself.The update of public key information can pass through digital certificate or short message acquisition of information.When right When future keys more new information is 0001 or 1111, updating for key information can be by the ciphertext of extraction position as shown in table 2 Then information is decrypted the ciphertext by public key ID, new key ID information and key information can be obtained.When key or After the completion of public key updates, receiver future SM4 key ID information according to shown in Figure 14 or future SM2 public key id information It is compared with the SM4 key information or public key information of acquisition, to determine whether acquired key or public key are newest.This Outside, the update of SM4 key and SM2 public key can be nonsynchronous.Satellite and ground master station can control SM4 key more Newly, and ground master station can control the update of SM2 public key.
3. the certification of satellite position information and auxiliary information
Lead to authentification failure in order to avoid relevant authentication information is arbitrarily modified by deception side, the method for the present invention is in certification satellite While location information can also integrated authentication be carried out to auxiliary information.Wherein satellite position information refers in navigation message Basic navigation information, auxiliary information include that key prompt information, public key prompt information and the backup of navigation message plaintext transmission are recognized Demonstrate,prove the SM2 public key id information of code information and receiver itself preservation, SM4 key ID information and SM4 key information.Pass through Once signed information is authenticated, the integrity detection of two kinds of information of satellite position information and auxiliary information may be implemented in receiver. Whole signing messages generating process is as shown in figure 15.In Figure 15, the cleartext information of input consists of two parts, and is by leading respectively The authentication code backup information of avionics text plaintext transmission, basic navigation information and key prompt information and public key prompt information, with And key, key ID and public key ID that receiver saves.Wherein authentication code backup information, basic navigation information, key prompt Information and public key prompt information can generate digest value by SM3 algorithm after permutation and combination as shown in figure 16.By the letter of Figure 16 Breath passes through SM3 algorithm, receiver 256 summary infos of acquisition.Simultaneously the summary info also will with SM2 public key id information, currently SM4 key information needed for superframe authenticates and its id information carry out exclusive or.Wherein SM2 public key id information, needed for current super frame certification SM4 key information and its id information permutation and combination are as shown in figure 17.
SM3 256 summary infos generated and Figure 17 256 information shown are subjected to exclusive or.The result of exclusive or claims For the digest value for carrying key information.The digest value can be generated by SM2 private key and be signed.The signature is 512 long.Sender's meeting This 512 signatures are inserted into navigation message, and navigation message is sent.
After receiving satellite navigation message, receiver can be in conjunction with needed for the current super frame certification itself saved SM4 key information and its id information, and believed by SM2 public key acquired in short message or digital certificate and SM2 public key ID Breath authenticates the received signing messages of institute.The specific verification process of signing messages is as shown in figure 18.
In Figure 18, receiver extracts signing messages after receiving navigation message, according to position shown in table 6.
6 cleartext information position of table
The difference of position is extracted according to signature, receiver, which extracts the such as corresponding authentication code backup information of table 6, basic navigation, to be believed Breath, key prompt information and public key prompt information.Information after extraction simultaneously can carry out information concatenation according to Figure 16.Concatenation As a result digest value calculating can be carried out by SM3 algorithm.In addition, the SM2 public key id information that receiver is retained, SM4 key information And SM4 key ID information can carry out information combination according to Figure 17.Information combination result and SM3 generate digest value into The processing of row exclusive or.The signing messages of the information that receiver obtains exclusive or, public key information and reception text that receiver retains is defeated Enter into SM2 verification algorithm and is verified.
Detailed description of the invention
Fig. 1 cheats process
Fig. 2 D1 navigation message subframe structure
Fig. 3 D2 navigation message subframe structure
Fig. 4 ground segment Frame Design
Fig. 5 user segment Frame Design
Fig. 6 SM4 key information structure
Fig. 7 includes the cleartext information structure of SM4 key
The process of Fig. 8 generation authentication code
Satellite time information plaintext structure Fig. 9 to be encrypted
The process of Figure 10 authentication verification code
The home position of Figure 11 authentication code
The 5th subframe 11-24 page of Figure 12 D1 navigation message
Figure 13 close (public affairs) key more new information close (public affairs) key prompt information structure when being 1111
Figure 14 close (public affairs) key more new information close (public affairs) key prompt information structure when not being 1111
Figure 15 signature generates block diagram
Figure 16 authentication code backup information, basic navigation information, key prompt information and public key prompt information permutation and combination
The permutation and combination of SM4 key needed for Figure 17 SM2 public key id information, current super frame authenticate and its id information
Figure 18 navigation message signature authentication process
No. 4 satellite carrier-to-noise ratios of Figure 19 (on) and No. 14 satellite carrier-to-noise ratios (under)
Figure 20 tests block diagram
The original textual information of Figure 21 (on) with Bose-Chaudhuri-Hocquenghem Code after textual information (under)
Figure 22 initial navigation information (left side) and navigation information spread spectrum (right side)
Figure 23 navigation information is in B1I frequency point carrier modulation
Figure 24 signal add make an uproar on (left side) and signal demodulation after final signal (right side)
Figure 25 D1 navigation message certification rate
Figure 26 D2 navigation message certification rate
Certification rate under Figure 27 difference threshold value
Specific embodiment
1. invention is realized
In this test, used COMPUTER PARAMETER, receiver type, antenna type, receive information time and Place is as shown in table 7.
7 experimental facilities parameter of table
As shown in table 7, two computers are mainly used in experimentation, computer 1 mainly passes through Visual Studio In OPENSSL database carry out emulation cipher program.Computer 2 be by MATLAB carry out Beidou II textual information transmitting with The emulation of receive process.By receiver shown in table 7 and antenna, the information of No. 4 with No. 14 satellites, two different loads are received It makes an uproar more as shown in figure 19 than information.In Figure 19, two satellite carrier-to-noise ratio detection time intervals are all 10 seconds, and testing result is two and defends The carrier-to-noise ratio of star changes.The average carrier-to-noise ratio of two satellites is 44.6029dB and 43.8348dB.No. 4 satellites and No. 14 satellites Textual information and other parameters it is as shown in table 8.
Table 8 receives navigation message parameter
No. 14 satellite is D1 navigation message information in table 8, and No. 4 satellite is D2 navigation message information.This two satellites Navigation message information by the initial data as later experiments, generate the text with authentication function for meeting the method for the present invention Information.
2. invention is tested
This experiment mainly carries out experiment simulation to the process that key and public key do not update.As shown in figure 20, it is led for Beidou The textual information testing process against the attack of cheating that navigates includes three main contents: information generation unit point, partial message transmission and Authentification of message part.As shown in figure 20, information generation unit point mainly includes 2 tasks: the 1. generation of key information;2. being based on 4 Number satellite and No. 14 satellite message data generate signature and authentication code information by cryptographic algorithm, and insert it into and lead In the reserved bit of avionics text, the navigation message that authentication function is had set by this method is generated.In message transmitting procedure, The navigation message with authentication function is being passed through into BCH Error Correction of Coding with the navigation message with deception information first, is interweaving, expands Frequency modulation system and carrier modulation.Secondly Gauusian noise jammer is added to the signal of modulation.Finally the signal after interference is demodulated, It deinterleaves, error correction information.During authentification of message, the textual information after error correction is authenticated first, detects the electricity received Whether literary information is deception information.Followed by the certification delay of this method and certification rate are analyzed.
A) key generates
In the present invention, needing key to carry out the process of information encryption mainly includes text transmission process.In the two mistakes Cheng Zhong, because its specific algorithm used is different, key required for different textual informations is also different.In entire experiment, no Consider the variation of SM4 key and SM2 public key.All key informations and text relevant with key transmit information in experiment As shown in table 9.
9 key information of table and text relevant with key transmit information
Key information as shown in table 9 can be generated in following authentication code, be used in signature generation.Electricity relevant to key Text transmission information can be inserted into navigation message, be sent together with navigation message.
B) authentication code generates
SM4 key information shown in second count information and table 9 in week in No. 4 satellite messages based on the received, certification Each step difference information content is as shown in table 10 in code generating process.
Second count information generates authentication code in 10 two groups of table continuous weeks
As shown in table 10,4 binary system authentication codes, the authentication code can be generated in second count information in every two groups continuous weeks It can be respectively put into the home position of this subframe and the backup location of navigation message.In this experiment, it is stored in backup position The authentication code set transmission delay average out to 6 minutes in D1 navigation message, transmission delay average out to 30 seconds in D2 navigation message.
C) signature generates
By taking the signature process of D1 navigation message information as an example, table 11 illustrates the different information contents in each step.
11 D1 navigation message of table generates the different information of each step in signature process
According to table 11, the basic navigation information in No. 14 satellite messages is extracted and is believed as original basic navigation Breath.In combination with backup authentication code information, key prompt information and public key prompt information generate abstract letter by SM3 algorithm Breath.In addition, SM2 public key ID, SM4 key ID and SM4 key are combined, generate to exclusive or information.Will to exclusive or information with Summary info carries out exclusive or, and resulting 256 information of exclusive or generates signing messages by the private key of SM2.The signing messages can be inserted Enter among navigation message, is sent together with navigation message.
In the present invention, mainly Beidou II navigation message information emulator is transmitted.For key transmission process and Speech only discusses the time delay of its Encrypt and Decrypt and authentification of message, and the accuracy of information is transmitted for it without discussing.It is right It mainly include that check code generation interweaves with information, modulates information adds and makes an uproar and demodulate in the transmission process of text.
D) BCH code is generated interweaves with information
The each subframe of navigation message information generated in information generating process with authentication function shares 224. In order to reduce information in the bit error rate of transmission process, is provided in BD-ICD, need to generate this 224 navigation message information 300 standard textual informations.Process shown in Figure 21 is that 224 information carries out 300 standards generated after Bose-Chaudhuri-Hocquenghem Code Textual information.During the experiment, every 15 information is a group information, and every group information can correct one by Bose-Chaudhuri Hocquenghem error correction codes Mistake.It include 11 information bits and 4 bit check positions wherein in this 15 information.Meanwhile the influence excessive in order to avoid noise Same group information navigation information, according to the requirement of ICD, this 300 standard textual informations will also carry out information intertexture.It will pass through The navigation message information of Bose-Chaudhuri-Hocquenghem Code and interleaving process is as initial information.Initial information will do it modulation, adds and makes an uproar and demodulate Emulation, to detect the authentication performance of authentication method designed by the present invention in a noisy environment.
E) signal modulation
For the initial information generated, according to the difference of its satellite number, it will different modes is selected to carry out information Modulation is modulated D1 navigation message using NH, band spectrum modulation and carrier modulation in conjunction with the foregoing description;It navigates for D2 electric Literary grace band spectrum modulation and carrier modulation.Figure 22 illustrate transmission D2 navigation message No. 4 satellites initial navigation information and Spectrogram after band spectrum modulation.There is still a need for carry out carrier modulation for signal after band spectrum modulation.According to the regulation in BD-ICD, Beidou Two generation navigation signals can be modulated to B1I frequency range, and carrier frequency 1561.098MHz, information is in B1I frequency point signal modulation frequency Spectrogram is as shown in figure 23.After the navigation message for having authentication function is modulated to 1561.098MHz, need to add navigation signal Add Gaussian noise.The watt level of noise to before the carrier-to-noise ratio numerical value of received No. 4 satellites and No. 14 satellites it is related.Base In the analysis of carrier-to-noise ratio numerical value, by adding the Gaussian noise of appropriate power in simulated environment, so that simulated environment is more sticked on It is bordering on true environment.
F) signal, which adds, makes an uproar and demodulates
According to the derivation in known references, following formula table can be used for the relationship of satellite-signal carrier-to-noise ratio and signal-to-noise ratio Show:
Wherein CNR is expressed as carrier-to-noise ratio, unit dB.Snr is expressed as signal-to-noise ratio, and SNR unit is dB and SNR=101g (snr).N/T is expressed as sampling frequency, according to bandpass signal sampling theorem it is found that the sampling frequency and signal frequency of bandpass signal And the relationship of signal bandwidth is as follows.
Wherein fHIt is bandpass signal highest frequency, m is less than fHThe maximum integer of/B.It is wanted according to the signal parameter of BD-ICD It asks, can be calculatedTherefore substituting into formula (2) can obtain, and carrier-to-noise ratio differs 69.12dB with signal-to-noise ratio.
According in table 8, the average carrier-to-noise ratio of No. 14 satellites and No. 4 satellites that receiver receives signal is 44.9029dB With 43.8348dB, mean value is about 44.37dB.Therefore the signal-to-noise ratio for transmitting signal is -24.75dB, after adding Gaussian noise, The spectrogram of the noisy signal and the signal spectrum figure after demodulated despreading are as shown in figure 24.After the demodulated despreading of signal, Process by deinterleaving and BCH error correction is obtained 224 textual informations by 300 textual informations.These textual informations will It will do it information verification process.
3. experimental result and analysis
It during the experiment, (wherein include true textual information and falseness by the textual information for simulating multiple superframes Textual information) transmission, to detect this method whether can be with the true and false of verification information.Integral experiment is mainly opened from authenticated time Pin and two angles of certification rate are analyzed.
A) authenticated time Overhead Analysis
Before textual information transmission, key generation process, time such as table 12 consumed by all ciphertexts and authentication code It is shown.
Table 12 generates relevant authentication information spent time
According to table 12, key information is generated and SM2 signature generation spent time is longer, but both less than 0.2 second.This Outside, these two types of information can generate in advance, it is not necessary to generate at any time along with navigation message.Therefore, these two types of information are to transmission Square bring expense is not very big.Time-consuming needed for SM4 key information ciphertext generates illustrates SM4 key information less than 1 microsecond Transmission influences text transmission minimum.In addition, although the authentication code needs of SM4 are given birth in time according to the update of satellite time information At, but time-consuming 0.25 microsecond of every subframe authentication code information, it is delayed 6 seconds or D2 and leads far below the every sub-frame transmission of D1 navigation message The every sub-frame transmission of avionics text is delayed 0.6 second, so the generation of SM4 authentication code will not cause shadow to the normal transmission of navigation message It rings.After information receives, receiving end will be decrypted or authenticate to different information.Various process spent time such as 13 institute of table Show.
The decryption of 13 information of table or authentification of message spent time
According to table 13, SM4 key information decryption spent time is both less than 1 microsecond.Therefore this method will not be close to SM4 The either SM2 public key information reception of key information has an impact.During the experiment, all false navigation message information result in The case where authentification failure, authentification failure, can prompt receiver to delete the information of this satellite, illustrate that this method can attack deception It hits and is normally detected.In addition, the certification code authentication time-consuming of the SM4 according to shown in table 13 and SM2 signature authentication are time-consuming, and combine not Same type navigation message transmission delay, can calculate three kinds of authentication modes as shown in table 14 (home position authenticate code authentication, Backup location authenticates code authentication and signature authentication) whole delay in different type text.
Whole delay of the 14 different authentication mode of table in different type text
As shown in table 14, whole delay refers mainly to the sum of average text transmission delay and certification delay.If text transmission is prolonged When and certification delay difference hundred times, then integrally delay calculate on, numerical value it is lower delay ignore.By being delayed to certification Comparative analysis with average text transmission delay is it is found that whether D1 navigation message and D2 navigation message, in different authenticating parties Under formula, whole delay is mainly caused by text transmission.In addition, by calculating it is found that designed different authentication side in this method 1 the percent of the average text transmission delay of certification delay all deficiencies of formula, the certification even for home position authentication code is delayed The one thousandth of all insufficient average text transmission delay.Therefore, certification brought by various authentication modes according to the present invention Being delayed, it is smaller all to influence on receiver reception text or analysis text, will not normally receive navigation message to receiver and cause shadow It rings.
B) certification rate is analyzed
The certification success rate of different authentication mode according to the present invention is all related to the accurate reception of textual information content. Therefore, by the noise power continued to increase, further detect satellite-signal under normal noise environment as shown in table 8 or even Under the noise circumstance of the requirement of Beidou user terminal RDSS unit performance and test method (referred to as RDSS) defined, this method Can related various authentication modes work normally.Under different signal-to-noise ratio, the D1 navigation message of different authentication mode Certification rate and the certification rate of D2 navigation message are as illustrated in figs. 25 and 26.(load is made an uproar under normal noise environment as shown in table 8 Than for 44.37dB, signal-to-noise ratio is -24.75dB), for different authentication mode, D1 navigation message can be reached with D2 navigation message To 100% certification rate.For comprehensive comparison, D1 navigation message is higher than D2 navigation message for noise resistance, this is Because D1 navigation information ratio D2 navigation information increases NH modulation during modulation.In addition, being protected under certain authentication mode The lowest signal-to-noise that certification rate is 100% is held, the signal-to-noise ratio referred to as under this kind of authentication mode accommodates lower limit.According to fig. 25 and figure Related data in 26, it is as shown in Table 15 that signal-to-noise ratio of D1, D2 navigation message under different authentication mode accommodates lower limit.
Signal-to-noise ratio of 15 D1, D2 navigation message of table under different authentication mode accommodates lower limit
In table 15, the signal-to-noise ratio of home position authentication code accommodates the signal-to-noise ratio receiving lower limit that lower limit is higher than signature;Signature Signal-to-noise ratio accommodates the signal-to-noise ratio receiving lower limit that lower limit is higher than backup location authentication code.This is because being done when signal is in larger noise It disturbs down, the authentication code of home position lacks the protection of Bose-Chaudhuri Hocquenghem error correction codes, is easy to appear bit-errors, causes authentification failure.Therefore, The signal-to-noise ratio of home position authentication code accommodates lower limit highest, and it is worst to resist noise immune.In addition, as noise power constantly increases Greatly, because the authentication content (basic navigation information, public key prompt information etc.) for including in signing messages will be far more than backup location The authentication content (SOW) that authentication code information is included, so signing messages, which authenticates, is easier authentification failure, therefore the signal-to-noise ratio signed Accommodate the signal-to-noise ratio receiving lower limit that lower limit is higher than backup location authentication code.According to the requirement of Beidou RDSS, receiver receives signal Carrier-to-noise ratio be greater than 35dB, derived according to formula (1) and relevant calculation it is found that the receiver signal-to-noise ratio that receives signal is big In -34.12dB.By table 15 and Figure 25 and Figure 26 it is found that when signal-to-noise ratio is greater than -34.12dB, transmitted in two kinds of navigation messages In three kinds of authentication modes be attained by 100% certification rate.For D1 navigation message and D2 navigation message, when signal noise When than being respectively smaller than -48.1006dB and -37.0103dB, three kinds of authentication modes involved in this method are attained by 100% Certification rate.
In view of the basic navigation information update period in Beidou navigation textual information is at least 1 hour.When leading substantially Boat information once authenticates success, then receiver, which only needed to use within the update cycle, has been certified successful basic navigation letter Breath is positioned, without authenticating basic navigation information again.Therefore, even if the certification rate of signing messages is slightly below 100%, Authentification of message success can also be considered as.Since to accommodate lower limit excessively high for the signal-to-noise ratio of home position authentication code, therefore by the certification of signature Certification rate (P2) combinatory analysis of rate (P1) and backup location authentication code will be whole corresponding to this method as shown in formula (3) Realization card rate calculation method advanced optimizes.
Threshold value of the present invention is set as 1,0.995 and 0.99.Under different threshold values, D1 navigation message certification rate and D2 navigation electricity Literary certification rate is as shown in figure 27.When threshold value is lower, it is lower that signal-to-noise ratio of the invention accommodates lower limit.It is of the invention when threshold value is 1 It is -49.1065dB that D1 navigation message signal-to-noise ratio, which accommodates lower limit, and it is -37.5103dB that D2 navigation message signal-to-noise ratio, which accommodates lower limit,;When When threshold value is 0.995, it is -49.3205dB, D2 navigation message noise specific volume that D1 navigation message signal-to-noise ratio of the invention, which accommodates lower limit, Lower limit of receiving is -37.9189dB.When threshold value is 0.99, D1 navigation message signal-to-noise ratio of the invention accommodate lower limit be- It is -38.1123dB that 49.4016dB, D2 navigation message signal-to-noise ratio, which accommodate lower limit,.In general, the present invention selects threshold value for 0.995 Certification rate curve as whole certification rate curve of the invention.It can ensure that 3 kinds of sides designed by the method for the present invention in this way Method can realize effective certification, false dismissal situation will not occur because threshold value is too low;The update of basic navigation information can be taken into account again Characteristic can also be considered as authentification of message success even if whole certification rate, which is greater than 99.5%, is but lower than 100%.In a practical situation, Receiver can reasonably adjust threshold value, to make according to itself demand for security and the noise characteristic of receiver local environment It is more preferable to obtain performance of the invention.

Claims (2)

1. a kind of Beidou II civil signal certificate scheme based on authentification of message, it is characterised in that:
1) realize the Beidou II civil signal method against the attack of cheating based on domestic password: by the experimental results showed that, should Invention can realize the detection to spoofing attack under more severe noise circumstance.The authenticated time expense of the invention is smaller, 1 the percent of its authentication time delay deficiency propagation delay time.Finally, the invention can be according to receiver environment and receiver safety Demand adjusts coherent detection threshold value, so that the invention possesses better anti-deception performance.
2) develop the simulation model of the civilian information transmission of Beidou II: the simulation model is according to Beidou Navigation System control interface The BCH error correction of navigation message information is realized in the requirement of file, is interweaved, NH modulation, band spectrum modulation, a series of function such as carrier modulation Energy.By the simulation model, the transmission of the navigation message with authentication function can be simulated, and detects designed authentication method Authentication performance under Gauusian noise jammer.
3) the detection spoofing attack time is short: the invention can authenticate satellite position information and satellite time information.Together When devise related assistant authentification information in the method, avoid recipient and led because of own key or public key information mistake Cause authentification failure.Simulation results show in normal circumstances, and this method may be implemented to complete in shorter delay to taking advantage of Deceive the detection of attack.
2. the feature 1 of pair right 1) invention can not only authenticate satellite time information and satellite position information, but also Key and public key prompt information are devised, recipient is avoided to lead to authentification failure because of key or public key mistake.Public key information It can be updated by short message or digital certificate.When receiver carries out public key information update using short message, public key letter Breath all can guarantee its confidentiality and integrality by Encryption Algorithm and identifying algorithm.It is proved from theory analysis, this method A variety of cheating interferences based on single satellite information can be carried out detecting.Furthermore Beidou II civil systems are analyzed to exist The security breaches of textual information transmission.It was found that it is very possible that Beidou II receiver receives satellite information under spoofing attack It is to be generated by attacker, and be used to control and receive machine output error positioning result.
CN201910825637.7A 2019-09-03 2019-09-03 The anti-deception measures of Beidou II civil signal based on authentification of message Pending CN110488324A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910825637.7A CN110488324A (en) 2019-09-03 2019-09-03 The anti-deception measures of Beidou II civil signal based on authentification of message

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910825637.7A CN110488324A (en) 2019-09-03 2019-09-03 The anti-deception measures of Beidou II civil signal based on authentification of message

Publications (1)

Publication Number Publication Date
CN110488324A true CN110488324A (en) 2019-11-22

Family

ID=68555598

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910825637.7A Pending CN110488324A (en) 2019-09-03 2019-09-03 The anti-deception measures of Beidou II civil signal based on authentification of message

Country Status (1)

Country Link
CN (1) CN110488324A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112291783A (en) * 2020-10-28 2021-01-29 中国科学院空天信息创新研究院 Text authentication method and system, sending end and receiving end
CN115022879A (en) * 2022-05-11 2022-09-06 西安电子科技大学 Enhanced Beidou user terminal access authentication method and system based on position key
CN116224377A (en) * 2023-01-18 2023-06-06 北京交通大学 Authentication method for satellite navigation signals

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104936172A (en) * 2015-05-11 2015-09-23 柳州天运寰通科技有限公司 Beidou positioning data transmission encryption system
CN109581421A (en) * 2018-12-14 2019-04-05 中国民航大学 The anti-deception hardware platform of Beidou II navigation message realized based on Verilog language
CN109633693A (en) * 2018-12-14 2019-04-16 中国民航大学 The anti-fraud schemes of Beidou II navigation system based on domestic password
CN109995531A (en) * 2018-12-18 2019-07-09 中国民航大学 The anti-deception measures of Beidou II system protected based on domestic password and spread spectrum information

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104936172A (en) * 2015-05-11 2015-09-23 柳州天运寰通科技有限公司 Beidou positioning data transmission encryption system
CN109581421A (en) * 2018-12-14 2019-04-05 中国民航大学 The anti-deception hardware platform of Beidou II navigation message realized based on Verilog language
CN109633693A (en) * 2018-12-14 2019-04-16 中国民航大学 The anti-fraud schemes of Beidou II navigation system based on domestic password
CN109995531A (en) * 2018-12-18 2019-07-09 中国民航大学 The anti-deception measures of Beidou II system protected based on domestic password and spread spectrum information

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZHIJUN WU ET.AL.: "ECDSA-Based Message Authentication Scheme for BeiDou-II Navigation Satellite System", 《IEEE TRANSACTIONS ON AEROSPACE AND ELECTRONIC SYSTEMS》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112291783A (en) * 2020-10-28 2021-01-29 中国科学院空天信息创新研究院 Text authentication method and system, sending end and receiving end
CN112291783B (en) * 2020-10-28 2024-05-31 中国科学院空天信息创新研究院 Text authentication method and system, transmitting end and receiving end
CN115022879A (en) * 2022-05-11 2022-09-06 西安电子科技大学 Enhanced Beidou user terminal access authentication method and system based on position key
CN115022879B (en) * 2022-05-11 2023-11-21 西安电子科技大学 Enhanced Beidou user terminal access authentication method and system based on position key
CN116224377A (en) * 2023-01-18 2023-06-06 北京交通大学 Authentication method for satellite navigation signals

Similar Documents

Publication Publication Date Title
Wu et al. BD-II NMA&SSI: An scheme of anti-spoofing and open BeiDou II D2 navigation message authentication
CN106170716B (en) Method and system for optimizing authentication of radio navigation signals
US8391488B2 (en) Method and apparatus for using navigation signal information for geoencryption to enhance security
CN110488324A (en) The anti-deception measures of Beidou II civil signal based on authentification of message
US10680807B2 (en) Quantum self-authenticating timing system
CN103516522B (en) A kind of core watermark blind detection based on zero knowledge probative agreement
AU2017258272B2 (en) GNSS message authentication
Curran et al. Securing the open-service: A candidate navigation message authentication scheme for galileo E1 OS
CN109617693A (en) The anti-deception measures of Beidou II system based on elliptic curve
CN109639431A (en) A kind of text authentication method, equipment, system and medium
CN104603637A (en) Authentication of satellite navigation signals
Caparra et al. Feasibility and limitations of self-spoofing attacks on GNSS signals with message authentication
CN107483459A (en) The interface protection method of anti-replay-attack
Wu et al. TESLA-based authentication for BeiDou civil navigation message
CN102611557B (en) Safe network coding data transmission method based on knapsack cryptosystem
Karimi et al. Enhancing security and confidentiality in location-based data encryption algorithms
Chiara et al. Authentication concepts for satellite-based augmentation systems
CN109995531A (en) The anti-deception measures of Beidou II system protected based on domestic password and spread spectrum information
Wesson Secure navigation and timing without local storage of secret keys
Qiu et al. Geoencryption using loran
CN110224810A (en) A kind of method for anti-counterfeit of two dimensional code
Cogdell et al. Australia/New Zealand DFMC SBAS and navigation message authentication
CN112671544B (en) System and method for managing message authentication key
Zhijun et al. BDSec: Security authentication protocol for BeiDou-II civil navigation message
Ceccato Security in Global Navigation Satellite Systems: authentication, integrity protection and access control

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20191122

WD01 Invention patent application deemed withdrawn after publication