CN116879925B - Satellite navigation signal authentication structure combining spread spectrum code and text and receiving method - Google Patents

Satellite navigation signal authentication structure combining spread spectrum code and text and receiving method Download PDF

Info

Publication number
CN116879925B
CN116879925B CN202311144728.7A CN202311144728A CN116879925B CN 116879925 B CN116879925 B CN 116879925B CN 202311144728 A CN202311144728 A CN 202311144728A CN 116879925 B CN116879925 B CN 116879925B
Authority
CN
China
Prior art keywords
key
code
secret
message
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311144728.7A
Other languages
Chinese (zh)
Other versions
CN116879925A (en
Inventor
欧钢
袁木子
林红磊
唐小妹
马春江
黄仰博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Original Assignee
National University of Defense Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology filed Critical National University of Defense Technology
Priority to CN202311144728.7A priority Critical patent/CN116879925B/en
Publication of CN116879925A publication Critical patent/CN116879925A/en
Application granted granted Critical
Publication of CN116879925B publication Critical patent/CN116879925B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S19/00Satellite radio beacon positioning systems; Determining position, velocity or attitude using signals transmitted by such systems
    • G01S19/01Satellite radio beacon positioning systems transmitting time-stamped messages, e.g. GPS [Global Positioning System], GLONASS [Global Orbiting Navigation Satellite System] or GALILEO
    • G01S19/13Receivers
    • G01S19/21Interference related issues ; Issues related to cross-correlation, spoofing or other methods of denial of service
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S19/00Satellite radio beacon positioning systems; Determining position, velocity or attitude using signals transmitted by such systems
    • G01S19/01Satellite radio beacon positioning systems transmitting time-stamped messages, e.g. GPS [Global Positioning System], GLONASS [Global Orbiting Navigation Satellite System] or GALILEO
    • G01S19/015Arrangements for jamming, spoofing or other methods of denial of service of such systems
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S19/00Satellite radio beacon positioning systems; Determining position, velocity or attitude using signals transmitted by such systems
    • G01S19/01Satellite radio beacon positioning systems transmitting time-stamped messages, e.g. GPS [Global Positioning System], GLONASS [Global Orbiting Navigation Satellite System] or GALILEO
    • G01S19/13Receivers
    • G01S19/35Constructional details or hardware or software details of the signal processing chain
    • G01S19/37Hardware or software details of the signal processing chain
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B1/00Details of transmission systems, not covered by a single one of groups H04B3/00 - H04B13/00; Details of transmission systems not characterised by the medium used for transmission
    • H04B1/69Spread spectrum techniques
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Remote Sensing (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Position Fixing By Use Of Radio Waves (AREA)

Abstract

The application relates to a satellite navigation signal authentication structure combining a spread spectrum code and a telegraph text and a receiving method. The satellite navigation signal authentication structure includes: the satellite navigation signal authentication structure comprises a carrier wave, a navigation message and a spread spectrum code; the navigation message comprises first authentication information, the first authentication information at least comprises three parts, wherein the first part is a digital signature, the second part is a plurality of message authentication codes and first key pairs, and the third part is a group of second key groups; the spreading code comprises second authentication information, the second authentication information comprises a secret spreading code formed by a plurality of secret spreading code segments, and the sequence of the secret spreading code is calculated by a corresponding message authentication code in the time period of the secret spreading code through a security algorithm. The satellite navigation signal authentication structure can shorten authentication information and prevent an attacker from bypassing an authentication mechanism to perform deception attack.

Description

Satellite navigation signal authentication structure combining spread spectrum code and text and receiving method
Technical Field
The application relates to the technical field of navigation signal authentication, in particular to a satellite navigation signal authentication structure combining a spread spectrum code and a telegraph text and a receiving method.
Background
With the popularization of global navigation satellite system application, a batch of life safety related services represented by intelligent driving, civil aviation precision approach, power grid and industrial Internet of things, important civil infrastructure and the like begin to increasingly depend on positioning and timing results provided by civil GNSS. Civilian GNSS relies on navigation signals to provide services whose signal structure details are disclosed and broadcast unidirectionally by satellites to the ground, a feature that gives civilian GNSS the advantage of open use and unlimited user capacity, but also therefore carries the risk of fraud attacks. A spoofing attacker of the navigation signal may generate a spurious navigation signal and broadcast to the user based on the disclosed navigation signal structure. If the receiver cannot effectively detect whether the navigation signal is forged, the obtained positioning, navigation and time service results are misled by deception attack. If the positioning and timing of key services such as civil aviation approach and unmanned automobiles are not reliable, a great threat is generated to life safety or social operation, and the current situation may weaken the application potential of the civil GNSS. In order to ensure the safety and the credibility of the civil GNSS, the distinguishing of the deception signal and the real navigation signal can be realized by a mode of endowing the navigation signal with the authentication capability, and the technology is called navigation signal authentication. The navigation signal authentication technology detects spoofing attacks by identifying whether authentication information embedded in a navigation signal is reliable, and researches of the navigation signal authentication technology for twenty years develop two main authentication structures of Navigation Message Authentication (NMA) and spread Spectrum Code Authentication (SCA), and also derive some authentication technologies for fusion use of NMA and SCA.
However, the current global navigation satellite system GPS uses a navigation signal authentication technology which is a chip signal authentication technology, and the basic principle is that authentication information is added in a navigation message and a spread spectrum code of a navigation signal at the same time, a receiver firstly caches the received navigation signal, then verifies the authenticity of the navigation message in the navigation signal, then utilizes the navigation message to generate the authentication information in the spread spectrum code, and finally utilizes the authentication information in the generated spread spectrum code to match the spread spectrum code of the received navigation signal, thereby verifying the authenticity of the whole navigation signal, in the technology, the receiver needs to cache all the navigation signals to ensure that the authentication information in the spread spectrum code which needs to be authenticated is completely cached, so that the receiver needs to pay a large amount of data storage space; the time required for completely receiving a digital signature is long, and the authentication time is long and is not beneficial to the receiver to rapidly authenticate the authenticity of the navigation signal; the navigation message and the authentication spreading code have no constraint relation on the appearance position, an attacker can generate legal authentication spreading codes by utilizing the digital signature broadcasted in advance, the fraud attack is carried out by bypassing the authentication mechanism, the security of the navigation signal authentication is low, the navigation message of the navigation signal only depends on the digital signature to finish the authentication, and the digital signature is constrained by the algorithm characteristic and generally has longer data bits, so that the occupation of the data transmission capacity of the navigation message is larger.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a satellite navigation signal authentication structure and a reception method that can shorten authentication information, prevent an attacker from performing spoofing attacks by bypassing an authentication mechanism, and improve the security of navigation signal authentication.
A satellite navigation signal authentication structure combining a spread spectrum code and a text comprises a carrier wave, a navigation text and the spread spectrum code;
the navigation message comprises first authentication information, the first authentication information at least comprises three parts, wherein the first part is a digital signature, the second part is a plurality of message authentication codes and first key pairs, and the third part is a group of second key groups;
the digital signature is calculated by a digital signature algorithm by adopting a private key held by a satellite as a secret key and adopting all data except the first part of digital signature in a navigation message as a plaintext; the digital signature is used for authenticating the legality of the navigation message;
the message authentication codes and the first key pairs are continuously placed in the second part according to a preset time period, the message authentication codes in one time period are obtained by adopting navigation data disclosed in the navigation message as a plaintext and adopting the first key in the next time period as a key through calculation of a symmetric cryptographic algorithm, the first key in one time period is a key adopted by calculating the message authentication codes in the last time period, and the message authentication codes and the first key pairs are used for authenticating the legality of the navigation data disclosed in the navigation message;
The second key group comprises a plurality of second keys which are the same as the message authentication code and the first key in number, the second keys are obtained by adopting the first keys through one-way function calculation, and the second keys are used for authenticating the validity of the first keys;
the spreading code comprises second authentication information, the second authentication information comprises a secret spreading code formed by a plurality of secret spreading code segments, and the sequence of the secret spreading code is calculated by a corresponding message authentication code in the time period of the secret spreading code through a security algorithm.
In one embodiment, the beat length of the digital signature is the same as the beat length of the second key set and the beat length of the digital signature is an integer multiple of the beat length of the message authentication code and the first key pair.
In one embodiment, the beat length of the message authentication code and the first key pair is an integer multiple of the beat length of the secret spreading code.
In one embodiment, the occurrence position of the secret spreading code is preset; or (b)
The occurrence position of the secret spreading code is a series of sequences, and the sequences are calculated by adopting navigation data disclosed in the navigation circuit through a preset second algorithm.
In one embodiment, the sequence of the secret spreading code is obtained by secure computation from a corresponding message authentication code in a time period in which the secret spreading code is located, including:
The multiple sections of secret spreading codes in the secret spreading codes are all obtained by the same message authentication code through secure calculation, wherein different secret spreading code sections correspond to different data bit combinations in the message authentication code.
In one embodiment, one or more of the message authentication code, the first key, the second key, the navigation message, and the spreading code is represented by a binary sequence of 01.
A method for receiving a satellite navigation signal authentication structure by combining a spreading code and a text, the method comprising:
the method comprises the steps of obtaining a navigation message of a satellite navigation signal, and caching various data in the navigation message, wherein the navigation message at least comprises first authentication information, the first authentication information at least comprises three parts, the first part is a digital signature, the second part is a plurality of message authentication codes and a first key pair, and the third part is a group of second key groups;
taking a private key held by a satellite as a secret key, taking all data except the first part of digital signature in the navigation message as a plaintext, calculating the secret key and the plaintext according to a digital signature algorithm to obtain a digital signature to be compared, comparing the digital signature in a cache with the digital signature to be compared, and if the digital signature in the cache is the same as the digital signature to be compared, feeding back the navigation data disclosed in the navigation message and the second secret key group to be real;
Obtaining a second key to be compared through one-way function calculation by adopting the first key, comparing the second key in the second key group with the second key to be compared, and if the second key in the second key group is the same as the second key to be compared, feeding back the first key to be true;
the first secret key is used as a secret key for calculating the message authentication code of the previous time period, the navigation data disclosed in the navigation message is used as a plaintext to calculate the message authentication code to be compared through a symmetric cryptographic algorithm, the message authentication code in the cache is compared with the message authentication code to be compared, if the message authentication code in the cache is the same as the message authentication code to be compared, the feedback message authentication code is true, and the true navigation message is received.
In one embodiment, a sequence of a secret spreading code is obtained by calculating a message authentication code in a cache according to a preset security algorithm, and the sequence of the secret spreading code is used as a sequence to be compared of the secret spreading code;
acquiring the appearance position of a preset secret spread spectrum code, or calculating the disclosed navigation data in the navigation message according to a preset second algorithm to obtain the appearance position of the secret spread spectrum code, and taking the appearance position of the secret spread spectrum code as the position to be compared of the secret spread spectrum code;
Acquiring a sequence of a secret spread spectrum code of a navigation signal in a buffer memory and a position of the secret spread spectrum code;
if the sequence of the secret spread spectrum code is consistent with the sequence to be compared of the secret spread spectrum code, and the position of the secret spread spectrum code is consistent with the position to be compared of the secret spread spectrum code, the calculated result obtained through multiplication and addition operation of sampling points one by one is larger than a preset threshold value, and the spread spectrum code of the feedback navigation signal is true.
A satellite navigation signal authentication structure receiving device with a spread spectrum code combined with a text, comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
the method comprises the steps of obtaining a navigation message of a navigation signal, and caching various data in the navigation message, wherein the navigation message at least comprises first authentication information, the first authentication information at least comprises three parts, the first part is a digital signature, the second part is a plurality of message authentication codes and a first key pair, and the third part is a group of second key groups;
the private key held by the satellite is used as a secret key, all data except the first part of digital signature in the navigation message is used as a plaintext, the digital signature to be compared is calculated through a digital signature algorithm, the digital signature in the cache is compared with the digital signature to be compared,
If the digital signature in the cache is the same as the digital signature to be compared, the navigation data and the second key group disclosed in the feedback navigation message are real;
obtaining a second key to be compared by adopting the first key through one-way function calculation, comparing the second key in the second key group with the second key to be compared,
if the second key in the second key group is the same as the second key to be compared, the first key is fed back to be real;
the first key is used as a key for calculating the message authentication code of the previous time period, the navigation data disclosed in the navigation circuit is used as a plaintext, the message authentication code to be compared is calculated through a symmetric cryptographic algorithm, the message authentication code in the cache is compared with the message authentication code to be compared,
if the message authentication code in the cache is the same as the message authentication code to be compared, the feedback message authentication code is true.
A satellite navigation signal authentication structure with a spreading code in combination with a telegram receives a non-volatile computer storage medium storing computer executable instructions, wherein the computer executable instructions are arranged to:
the method comprises the steps of obtaining a navigation message of a navigation signal, and caching various data in the navigation message, wherein the navigation message at least comprises first authentication information, the first authentication information at least comprises three parts, the first part is a digital signature, the second part is a plurality of message authentication codes and a first key pair, and the third part is a group of second key groups;
The private key held by the satellite is used as a secret key, all data except the first part of digital signature in the navigation message is used as a plaintext, the digital signature to be compared is calculated through a digital signature algorithm, the digital signature in the cache is compared with the digital signature to be compared,
if the digital signature in the cache is the same as the digital signature to be compared, the navigation data and the second key group disclosed in the feedback navigation message are real;
obtaining a second key to be compared by adopting the first key through one-way function calculation, comparing the second key in the second key group with the second key to be compared,
if the second key in the second key group is the same as the second key to be compared, the first key is fed back to be real;
the first key is used as a key for calculating the message authentication code of the previous time period, the navigation data disclosed in the navigation circuit is used as a plaintext, the message authentication code to be compared is calculated through a symmetric cryptographic algorithm, the message authentication code in the cache is compared with the message authentication code to be compared,
if the message authentication code in the cache is the same as the message authentication code to be compared, the feedback message authentication code is true.
According to the satellite navigation signal authentication structure and the receiving method of the spread spectrum code and text combination, when the satellite navigation signal authentication structure of the spread spectrum code and text combination is designed, a symmetrical and asymmetrical password algorithm combination mode, namely a data encryption and digital signature combination mode is adopted to verify the authenticity of the navigation text, so that the problem that authentication information is longer due to the fact that the prior art completely depends on digital signatures is avoided; by gathering the secret spreading codes to form a plurality of continuous spreading code sections, the problem that a user needs to continuously buffer long-time signals when the spreading codes are distributed according to spreading code chips is solved; meanwhile, the restriction is carried out on the design of the occurrence positions of the digital signature and the secret spread spectrum code, so that the authentication information in the navigation message always appears after the secret spread spectrum code, the problem that an attacker receives data for generating the secret spread spectrum code in advance is avoided through the design by virtue of the time difference, and the security of the navigation signal authentication is improved by adding the navigation signal spread spectrum code authentication structure when the satellite navigation signal authentication structure is used for receiving. Compared with the prior navigation message and spread spectrum code mixed authentication technology, the structure is modified, the authentication efficiency is improved, the length of a storage signal required by a user receiver is reduced, the hidden danger that an attacker bypasses authentication in the prior art is avoided, and the navigation signal with low storage cost and high authentication efficiency can be received.
Drawings
FIG. 1 is a block diagram of a satellite navigation signal authentication structure combining a spreading code and a text in one embodiment;
FIG. 2 is a schematic diagram illustrating an arrangement of authentication information in a navigation message according to an embodiment;
FIG. 3 is a schematic diagram of a process for computing a digital signature in one embodiment;
FIG. 4 is a schematic diagram of a message authentication code calculation process according to another embodiment;
FIG. 5 is a schematic diagram of a second key calculation process in one embodiment;
FIG. 6 is a flow chart of a method for receiving a satellite navigation signal authentication structure by combining a spreading code and a text according to an embodiment;
FIG. 7 is a schematic diagram of the positional relationship of the secret spreading code in the spreading code of the navigation signal in one embodiment;
FIG. 8 is a diagram illustrating the structure of different satellite signals and the time delay relationship in one embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
In one embodiment, as shown in fig. 1, a satellite navigation signal authentication structure combining a spreading code and a text is provided, where the satellite navigation signal authentication structure includes a carrier wave, a navigation text and a spreading code;
The navigation message comprises first authentication information, the first authentication information at least comprises three parts, wherein the first part is a digital signature, the second part is a plurality of message authentication codes and first key pairs, and the third part is a group of second key groups;
the digital signature is calculated by a digital signature algorithm by adopting a private key held by a satellite as a secret key and adopting all data except the first part of digital signature in a navigation message as a plaintext; the digital signature is used for authenticating the legality of the navigation message;
the message authentication codes and the first key pairs are continuously placed in the second part according to a preset time period, the message authentication codes in one time period are obtained by adopting navigation data disclosed in the navigation message as a plaintext and adopting the first key in the next time period as a key through calculation of a symmetric cryptographic algorithm, the first key in one time period is a key adopted by calculating the message authentication codes in the last time period, and the message authentication codes and the first key pairs are used for authenticating the legality of the navigation data disclosed in the navigation message;
the second key group comprises a plurality of second keys which are the same as the message authentication code and the first key in number, the second keys are obtained by adopting the first keys through one-way function calculation, and the second keys are used for authenticating the validity of the first keys;
The spreading code comprises second authentication information, the second authentication information comprises a secret spreading code formed by a plurality of secret spreading code segments, and the sequence of the secret spreading code is calculated by a corresponding message authentication code in the time period of the secret spreading code through a security algorithm.
In the satellite navigation signal authentication structure combining the spread spectrum code and the text, the satellite navigation signal authentication structure comprises a carrier wave, a navigation text and a spread spectrum code, wherein the navigation text comprises first authentication information, the spread spectrum code comprises second authentication information, the first authentication information and the second authentication information are both used for realizing navigation signal authentication, the first authentication information in the navigation text at least comprises three parts, the first part is a digital signature, the second part is a plurality of message authentication codes and first key pairs, and the third part is a group of second key groups. The authentication information of the first part and the third part is obtained by splicing different parts in a plurality of sections of different navigation messages, and the authentication information of the second part in each section of navigation message is complete.
As shown in FIG. 2, the arrangement condition of the authentication information in the navigation messages is that the length of each section of navigation message is equal, and all the three sections of authentication information are contained, and the three sections of authentication information can appear in the same position or different positions in each section of navigation message, and the positions of occurrence are influenced by the arrangement and the regulation of the navigation messages.
The first part digital signature is a result obtained by calculating all other data except the first part digital signature, namely plaintext, in the navigation message by adopting a private key held by a satellite through a digital signature algorithm. Digital signatures have the following characteristics: the digital signature can be obtained by calculation by using the private key and a piece of data, and all people can use the public key to verify whether the digital signature is legal or not by using the digital signature and the piece of data, but an attacker can hardly obtain any legal digital signature by calculation by using any plaintext under the condition of not grasping the private key.
In this embodiment, the data used to sign the digital signature is all data except the first portion of the digital signature. The user can recover the data through the demodulation process while receiving the navigation signal, and the navigation message also contains the digital signature. Therefore, the receiver can obtain the data and the digital signature at the same time, and the public key can be used for authenticating the validity of the digital signature in the navigation message, so that the validity of the navigation message is authenticated.
The calculation of the digital signature is shown in fig. 3. The digital signature is calculated through a digital signature algorithm, a private key held by a satellite is used as a secret key, common navigation data, a plurality of message authentication codes, a first secret key pair and a group of second secret key groups are used as plaintext of the digital signature together.
A message authentication code and a first key of the second part are calculated by a symmetric cryptographic algorithm for authenticating an authentication information of the navigation data disclosed in the navigation message. The symmetric cryptographic algorithm has the characteristic that the keys used for encryption and decryption are the same, so that if a user wants to authenticate, the encrypted data also needs to master the same key as the satellite, and the key needs to be broadcasted in the navigation message. In order to prevent an attacker from generating a message authentication code corresponding to navigation data through a key broadcasted in a navigation message, the first key broadcasted in the navigation message needs to be delayed for a period of time, and the first key corresponding to the message authentication code is broadcasted after the validity period of the message authentication code is invalid, so that the attacker is prevented from forging signals.
In this embodiment, the message authentication code and the first key are placed continuously according to a certain period of time, and the first key B0 collocated with the message authentication code A1 in each period is a key used for calculating the message authentication code A0 in the previous period. Thus, the user only needs to buffer the currently received message authentication code first, and wait until the next message authentication code and the key pair arrives, and use the first key in the next time period to verify the authenticity of the previous message authentication code.
The process of calculating the message authentication code is shown in fig. 4. The second part of authentication information comprises a plurality of pairs of message authentication codes and a first key pair, wherein the message authentication codes adopt navigation data disclosed in a navigation message as plaintext, and adopt a first key B in the next time period as a key, and the result is obtained by calculation through a symmetric cryptographic algorithm.
The second key set of the third part is to avoid that an attacker generates a false key to fool the authentication measure by the user. The message authentication code and the corresponding first key of the second part only ensure the pairing between them, but not the authenticity of the first key itself, so that the second key of the third part is required to verify the authenticity of the first key itself in the second part.
The generation process of the second key group of the third part is as follows: each set of second keys corresponds to a number of periods of the second portion, each second key in a set of second keys corresponding to a corresponding one of the periods of the second portion. The keys in the second key group are numbered C1, C2, C3, etc., and the first keys corresponding to the message authentication codes in the second section are numbered B1, B2, B3, etc. Then there is a correspondence between these two keys as follows: c1 corresponds to B1, C2 corresponds to B2, C3 corresponds to B3, etc.
In this embodiment, the second key in the second key group is a result obtained by performing a one-way function calculation on the first key corresponding to the message authentication code, as shown in fig. 5. A one-way function has the property that it is easier to calculate an output using an input for this function, but by means of an output it is almost impossible to back-deduce the input. Therefore, for the two keys, the first key B1 corresponding to the message authentication code can be calculated easily to obtain the second key C1 in the second key group. However, after C1 is known, the value of B1 is hardly obtained by back-pushing. Based on the above characteristics, one such authentication scheme may be constructed: the satellite uses the digital signature of the first part to secure the second key C1 and broadcasts the second key C1 in advance for the receiver to learn. Then when the message authentication code and the first key B1 appear, the user receiver may calculate a one-way function using the first key B1, compare whether the result of the one-way function is equal to the second key C1, and thus verify the authenticity of the first key B1.
The first part of the digital signature and the third part of the second key set, which appear in the same beat, are called the first authentication period, i.e. one digital signature corresponds to one set of the second key set. The occurrence of a pair of message authentication codes and a first key pair becomes a continuous authentication period. Each first authentication period comprises an integer number of consecutive authentication periods, that is to say each first authentication period comprises an integer number of message authentication codes and first key pairs, i.e. the number of second keys in a set of second key sets is equal to the number of first keys in consecutive authentication periods. This ensures that the second key C1, the second key C2, the second key C3, and the like in the second key group correspond one-to-one to the first key B1, the first key B2, the first key B3, and the like corresponding to the message authentication code in the successive authentication periods.
The authentication information in the navigation signal spreading code is called an authentication spreading code and is composed of a series of segmented secret spreading code segments. The position where the secret spreading code appears in the spreading code can be pre-agreed, or can be calculated on site by the navigation data disclosed in the navigation message. The positions of the secret spreading codes form a series of sequences, and the navigation data disclosed in the navigation message is used for calculating a sequence through a specific algorithm, such as a shuffling algorithm, and the sequence is the positions of the secret spreading codes in the spreading codes. The specific algorithm can adopt a safe secret algorithm, namely the position where the secret spread spectrum code appears can be calculated according to the navigation message, but the navigation message can not be calculated from the position where the secret spread spectrum code appears; or a general algorithm, for example, if the navigation message is 1010, the secret spreading code appears at 10 s.
The sequence of secret spreading codes is calculated by a security algorithm from the second part of the message authentication code in the time period of the secret spreading code. The security algorithm can calculate the secret spreading code through the message authentication code, but the calculation method of what the message authentication code is according to the secret spreading code cannot be reversely deduced can be adopted as long as the calculation method meets the conditions. And by time constraint, the time of occurrence of the message authentication code is always later than the time of occurrence of the secret authentication code. For example, a certain continuous authentication period is 5 to 10 seconds, the message authentication code in this time period starts to appear at 7 th second, and the secret spreading code must appear before 7 seconds when the transmission is completed at 9 seconds. When the attacker does not receive the message authentication code, the attacker cannot calculate the secret spread spectrum code, and a normal user can calculate the same secret spread spectrum code after receiving the message authentication code. Then, the user receiver correlates with the secret spreading code cached before through correlation operation, and can judge the existence of the secret spreading code through the magnitude of the correlation result, thereby verifying whether legal authentication information exists in the spreading code of the navigation signal.
Each successive authentication period may contain several segments of secret spreading codes that are all generated by secure computation from the same message authentication code, but different segments of secret spreading codes may correspond to different combinations of data bits in the message authentication code. For example, a message authentication code and its corresponding first key are included in a continuous authentication period, and if three spreading code authentication periods are included in the continuous authentication period, three secret spreading code segments are present in the spreading code representing the navigation signal in the period. The three secret spreading code segments may be derived from the first 1/3, middle 1/3 and last 1/3 data bits of the message authentication code, respectively.
In this embodiment, the first authentication period may include an integer number of consecutive authentication periods, and the consecutive authentication period may include an integer number of spreading code authentication periods, which form an overall hierarchical structure of the authentication signal. The data verifying the message authentication code and the first key in each successive authentication cycle occurs in the previous first authentication cycle. For example, if one continuous authentication period is 15 seconds in duration and the first authentication period is 60 seconds in duration, then the message authentication code and the first key in the continuous authentication period occurring at 75 seconds are verified using the first authentication period occurring at 0 to 60 seconds. The message authentication code and the first key, which occur in the successive authentication periods of 120 to 135 seconds, the successive authentication periods of 135 to 150 seconds, and the like, are authenticated using the first authentication period of 60 to 120 seconds.
In order to further improve the authentication efficiency of the navigation signals, the time of the occurrence of the authentication information between the navigation signals of different satellites has a uniform offset, so that a characteristic is realized: when the receiver tracks a plurality of satellites, authentication of different satellites can be completed sequentially, so that the authentication interval between any two satellites is shortened. For example, satellite 1 starts the 1 st first authentication period at 0 seconds, then satellite 1 starts the 1 st first authentication period at 3 seconds, satellite 2 starts the 1 st first authentication period at 6 seconds, and so on. This ensures that, although 60 seconds are required for each first authentication period, there is a satellite navigation signal for the receiver to authenticate every 3 seconds.
In this embodiment, one or more of the message authentication code, the first key, the second key, the navigation message, and the spreading code may be represented by a binary sequence of 01.
The satellite navigation signal authentication structure of the embodiment adopts a mode of combining symmetric and asymmetric cryptographic algorithms, namely a mode of combining data encryption and digital signature to verify the authenticity of a navigation message, thereby avoiding the problem of longer authentication information caused by the fact that the prior art completely relies on the digital signature; by gathering the secret spreading codes to form a plurality of continuous spreading code sections, the problem that a user needs to continuously buffer long-time signals when the spreading codes are distributed according to spreading code chips is solved; meanwhile, by means of constraint on design of the occurrence positions of the digital signature and the secret spread spectrum code, authentication information in the navigation message always occurs after the secret spread spectrum code, and by means of the time difference, the problem that an attacker receives data for generating the secret spread spectrum code in advance is avoided through design.
In one embodiment, the beat length of the digital signature is the same as the beat length of the second key set and the beat length of the digital signature is an integer multiple of the beat length of the message authentication code and the first key pair.
In one embodiment, the beat length of the message authentication code and the first key pair is an integer multiple of the beat length of the secret spreading code.
In one embodiment, the occurrence position of the secret spreading code is preset; or (b)
The occurrence position of the secret spreading code is a series of sequences, and the sequences are calculated by adopting navigation data disclosed in the navigation circuit through a preset second algorithm.
In a specific embodiment, the second algorithm comprises a shuffling algorithm and a confidentiality algorithm; the authentication information in the navigation signal spreading code is called an authentication spreading code and is composed of a series of segmented secret spreading code segments. The position where the secret spreading code appears in the spreading code can be pre-agreed, or can be calculated on site by the navigation data disclosed in the navigation message. The positions of the secret spreading codes form a series of sequences, and the navigation data disclosed in the navigation message is used for calculating a sequence through a specific algorithm, such as a shuffling algorithm, and the sequence is the positions of the secret spreading codes in the spreading codes. The specific algorithm can adopt a safe secret algorithm, namely the position where the secret spread spectrum code appears can be calculated according to the navigation message, but the navigation message can not be calculated from the position where the secret spread spectrum code appears; or a general algorithm, for example, if the navigation message is 1010, the secret spreading code appears at 10 s.
In one embodiment, the sequence of the secret spreading code is obtained by secure computation from a corresponding message authentication code in a time period in which the secret spreading code is located, including:
the multiple sections of secret spreading codes in the secret spreading codes are all obtained by the same message authentication code through secure calculation, wherein different secret spreading code sections correspond to different data bit combinations in the message authentication code.
In a specific embodiment, the sequence of secret spreading codes is calculated by a security algorithm from a second part of the message authentication codes in the time period in which the sequence of secret spreading codes is located. The security algorithm can calculate the secret spreading code through the message authentication code, but the calculation method of what the message authentication code is according to the secret spreading code cannot be reversely deduced can be adopted as long as the calculation method meets the conditions. And by time constraint, the time of occurrence of the message authentication code is always later than the time of occurrence of the secret authentication code. For example, a certain continuous authentication period is 5 to 10 seconds, the message authentication code in this time period starts to appear at 7 th second, and the secret spreading code must appear before 7 seconds when the transmission is completed at 9 seconds. When the attacker does not receive the message authentication code, the attacker cannot calculate the secret spread spectrum code, and a normal user can calculate the same secret spread spectrum code after receiving the message authentication code. Then, the user receiver correlates with the secret spreading code cached before through correlation operation, and can judge the existence of the secret spreading code through the magnitude of the correlation result, thereby verifying whether legal authentication information exists in the spreading code of the navigation signal.
In one embodiment, one or more of the message authentication code, the first key, the second key, the navigation message, and the spreading code is represented by a binary sequence of 01.
As shown in fig. 6, a method for receiving a satellite navigation signal authentication structure by combining a spread spectrum code and a text is disclosed, and the method comprises:
step 602, obtaining a navigation message of a satellite navigation signal, and caching various data in the navigation message, wherein the navigation message at least comprises first authentication information, the first authentication information at least comprises three parts, the first part is a digital signature, the second part is a plurality of message authentication codes and a first key pair, and the third part is a group of second key groups.
Step 604, taking the private key held by the satellite as a secret key, taking all data except the first part of digital signature in the navigation message as a plaintext, calculating the secret key and the plaintext according to a digital signature algorithm to obtain a digital signature to be compared, comparing the digital signature in the cache with the digital signature to be compared, and if the digital signature in the cache is the same as the digital signature to be compared, feeding back the navigation data disclosed in the navigation message and the second secret key set to be real.
Step 606, the second key to be compared is obtained by using the first key through a one-way function calculation, the second key in the second key group is compared with the second key to be compared, and if the second key in the second key group is the same as the second key to be compared, the feedback of the first key is true.
Step 608, the first key is used as a key for calculating the message authentication code of the previous time period, the navigation data disclosed in the navigation message is used as a plaintext, the message authentication code to be compared is calculated through a symmetric cryptographic algorithm, the message authentication code in the cache is compared with the message authentication code to be compared, if the message authentication code in the cache is the same as the message authentication code to be compared, the feedback message authentication code is true, and the true navigation message is received.
In the satellite navigation signal authentication structure receiving method combining the spread spectrum code and the text, when the receiver performs authentication and reception of the navigation signal, the receiver needs to authenticate the navigation text first, the authentication mode of the navigation text is that the navigation text is normally received first, various data in the navigation text is cached, and the method also comprises the authentication information of the three parts; secondly, authenticating the digital signature in the authentication information of the first part, thereby verifying the authenticity of the navigation message data and the second key group in the third part; after the authenticity of the second key set is verified, the second key set can be used for rapidly authenticating the authenticity of the message authentication code and the first key pair in the second part, and after the authenticity of the first key is verified, the authenticity of the message authentication code and other data of the navigation message can be authenticated.
In one embodiment, a sequence of a secret spreading code is obtained by calculating a message authentication code in a cache according to a preset security algorithm, and the sequence of the secret spreading code is used as a sequence to be compared of the secret spreading code;
acquiring the appearance position of a preset secret spread spectrum code, or calculating the disclosed navigation data in the navigation message according to a preset second algorithm to obtain the appearance position of the secret spread spectrum code, and taking the appearance position of the secret spread spectrum code as the position to be compared of the secret spread spectrum code;
acquiring a sequence of a secret spread spectrum code of a navigation signal in a buffer memory and a position of the secret spread spectrum code;
if the sequence of the secret spread spectrum code is consistent with the sequence to be compared of the secret spread spectrum code, and the position of the secret spread spectrum code is consistent with the position to be compared of the secret spread spectrum code, the calculated result obtained through multiplication and addition operation of sampling points one by one is larger than a preset threshold value, and the spread spectrum code of the feedback navigation signal is true.
In a specific embodiment, after receiving the message authentication code, the receiver may further calculate the message authentication code within the time period in which the secret spreading code is located by using a pre-agreed security algorithm, to obtain a sequence of secret spreading codes. The security algorithm can calculate the secret spreading code through the message authentication code, but the calculation method of what the message authentication code is according to the secret spreading code cannot be reversely deduced can be adopted as long as the calculation method meets the conditions. This sequence will be consistent with the sequence of the secret spreading codes present in the navigation signal.
The receiver can consult the appointed position of the secret spread spectrum code or adopt the navigation data disclosed in the navigation circuit to calculate the position of the secret spread spectrum code through a preset second algorithm. The preset second algorithm, such as a shuffling algorithm, a security algorithm or a general algorithm, may be used, so long as a number sequence calculated by using the navigation data disclosed in the navigation message can be used.
When the calculated sequence is consistent with the sequence of the secret spread spectrum code in the navigation signal and the position of the secret spread spectrum code is the same as the expected position, a relatively large result can be obtained by using an operation called correlation, namely multiplication and addition operation of sampling points one by one; if the calculated sequence is not consistent with the sequence of the secret spreading code in the navigation signal or the position of the secret spreading code is not consistent with the expected position, the result of the correlation operation is very small. The receiver can judge whether the secret spread spectrum code in the navigation signal is consistent with the sequence obtained by the calculation of the message authentication code through the magnitude of the correlation operation result, thereby judging the authenticity of the spread spectrum code of the navigation signal and realizing the authentication of the navigation signal.
It should be understood that, although the steps in the flowchart of fig. 6 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in fig. 6 may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor do the order in which the sub-steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of the sub-steps or stages of other steps or other steps.
In one embodiment, in order to facilitate understanding of the satellite navigation signal authentication structure and the receiving method with the combination of the spreading code and the text according to the embodiment of the present invention, the following further describes the satellite navigation signal authentication structure and the receiving method with the combination of the spreading code and the text:
the satellite navigation signal authentication structure with the combination of the spreading code and the text with the authentication function adds authentication information on the navigation text and the spreading code, as shown in fig. 2.
The navigation message is repeated with a segment period of 60s length, each segment represents a cold start authentication period, wherein the navigation message comprises 4 continuous authentication periods of 15s length, the message in each continuous authentication period comprises three different data, and the three data are respectively:
1. navigation message service data;
2. message Authentication Code and Key (MACK);
3. authentication header, root key and digital signature (hashes).
The MACK and the Hackers are data supporting signal authentication, and the navigation message service data is the service data of the FPP. The specific combination and sequence of the three different data are determined by the text formatting, and the continuous structure is not strictly required, and only MACK and Hackers pages of each continuous authentication period are constrained to complete broadcasting within 15s corresponding to the MACK and Hackers pages.
In terms of spreading codes, each spreading code of the 1s navigation signal comprises two 1ms secret spreading code clusters, and the originally disclosed periodic spreading codes are replaced by the secret spreading codes in the time of the two 1ms signals. The two 1ms secret spreading code positions that are replaced in the signals of all satellites are fixed and identical and are both located on the same fixed 0 symbol of the low speed BPSK message. The receiver does not demodulate the text symbol when processing the navigation signals for these locations, but directly sets the current symbol to 0. According to the symbol rate setting of the low-speed BPSK message 250sps, the total length of the authentication spreading code in each second is exactly equal to the width of one message symbol, as shown in FIG. 7, wherein the portion marked with BPSK is a common and public spreading code, namely the original spreading code in the navigation signal; the portion marked with Auth is the portion replaced with the secret spreading code, i.e. the authentication information in the spreading code. All secret spreading code sequences within each 15s successive authentication period are calculated by SM3 algorithm from MACK field of next 15 s.
As shown in fig. 8, there is a 3 second offset from the start of the cold start period of different satellites, and the maximum offset is equal to the length of 15s of one continuous authentication period. At this time, the offset value of the start time of the authentication cold start has 5 different values in the whole constellation, which are aligned with the start time of the low-speed text frame respectively.
Since the offset of the authentication information is an integer multiple of the navigation message frame (3 times of the CSK frame, 1 time of the BPSK frame), the offset of the start time of the authentication period does not affect the position of the navigation message data in the corresponding message frame. At this time, if the receiver simultaneously sees 5 satellites with different offset lengths, all the navigation signals received by the receiver can be authenticated once every 3 s. To prevent security risks due to premature MACK leakage caused by the start time offset, the MACK field recommends scheduling transmissions at the end of every 15s.
The following describes the structure of MACK and Hackers in the authentication scheme and the updating mode of the secret key.
1. Message Authentication Code and Key (MACK)
The message authentication code and Key field contains the Message Authentication Code (MAC) of the current 15s navigation message, 10 bits in length, and the Key (Key) used to calculate the last 15s navigation message authentication code, 73 bits in length. The receiver can authenticate all message data (low-speed message and high-speed message) within the 15s using this MAC and the Key of the next 15s.
The secret key used by the text message authentication code of every 15s is randomly generated, and the authenticity and the credibility are ensured by the authentication secret key contained in the Hackers. Authentication code key K for each text message Mn There is an authentication key K located in the Hackers Hn So that the two satisfy the following recurrence relation:
wherein,is a truncating function truncating the input x to the high L bits, ">The SM3 algorithm is used for calculating the password hash of the input x, the security and the data overhead are integrated, and the truncated length of the message authentication code key is 73 bits. I.e. authentication keyIs message authentication code calculation key->The receiver, after hashing and truncating the result, verifies the code key by applying to the message obtained from the message>Calculate the same hash and truncate procedure, and authenticate key +.>Comparing to verify the message authentication code key +.>Is the authenticity of (a).
In order to achieve as high an authentication efficiency as possible, 4 authentication keys are contained in each Hackers within 60s, which correspond to the message authentication code keys of the last 15s continuous authentication period in the 60s cold start period and the first three 15s continuous authentication periods in the next 60s cold start period, respectively.
The message authentication code key is used for calculating the message authentication code of the navigation message data in the following way: the s satellite broadcasts the navigation message of the nth section When using the message authentication code key +.>The message authentication code is calculated as follows:
where || is an operator that connects two binary strings. Let random attacker guess MAC success rate asShortened length of message authentication code +.>Is 10 bits. The receiver demodulates the navigation message and uses the business data, MAC and key +.>Common cache, in authentication key->After the authenticity of the last section of the message buffer memory is realized, the data of the last section of the service data can be verified by utilizing the data of the last section of the message buffer memory and a MAC verification algorithm>Is the authenticity of (a). N+1th section service data, MAC and key +.>After broadcasting, the user can verify the key +.>And business data->And so on, to achieve continuous broadcast message authentication.
According to the above structure, the MACK total length is 83 bits, and is completely broadcasted every 15 s.
In each Hackers, the authentication header length is 4 bits. Currently, 0x0 represents that the signature algorithm uses the SM2 digital signature algorithm (GM/T0003.2-2012), the private key length 256 bits, the MAC length 10 bits, and the MAC key length 73 bits. Future authentication versions may choose longer key lengths, signature algorithms against quantum computation, etc. depending on security requirements.
Each Hackers contains authentication keys of 4 message authentication code keys, and the length of each authentication key is 73 bits. This root key is signed using the SM2 digital signature algorithm, with a private key length of 256 bits. The obtained digital signature result is the digital signature part of the Hackers, and the length is 512 bits.
The total length of the Hackers is 808 bits, and the broadcast is completed every 60 s. Since all satellites share the same MAC key, the data of the Hackers field broadcasted by all satellites are identical, and the time for collecting complete Hackers can be shortened by receiving the telegrams of different time offset satellites.
2. Secret spreading code
The secret spreading code sequence varies with each 15s of successive authentication period, and in each 15s of successive authentication period, contains a total of 61380 secret spreading code chips of 30ms, and all the spreading code chips are generated by MACK in the next 15s of successive authentication period through SM3 algorithm.
The secret spreading code is generated according to a total of 2046 chips per 1ms, and the sequence is shown as the following formula:
wherein,MACKis MACK field data of the next 15s consecutive authentication period,the value range is 1-30, and the value is expressed in the form of 8bit bytes during generation. The secret spreading code per 1ms consists of 7 complete SM3 outputs and one SM3 output truncated to 254 bits, with a total length of just 2046 chips.
3. Authentication cold start
When the receiver is started to search for the navigation signal for the first time, a cold start of signal authentication needs to be executed.
The receiver for authentication cold start needs to receive the Hackers field in the navigation message, obtain the authentication key of the MAC key chain from it, and verify its authenticity by digital signature.
After the receiver finishes receiving a complete 60s signal, the obtained MAC key authentication key can be used for verifying the authenticity of the MAC key in the last 15s continuous authentication period in the 60s, so that the authenticity of the MAC and navigation message data in the last 15s continuous authentication period in the 60s is further verified, and finally the cold start is finished.
The receiver which completes cold start can scroll and update the fields of the hakers in real time through continuous receiving signals, and the scroll and update is not influenced by satellite transit because the fields of the hakers broadcasted by all satellites are identical.
4. Continuous authentication
The primary authentication process of the receiver is continuous authentication. When the receiver performs signal authentication, firstly tracking signals, demodulating messages, and caching signal samples of the occurrence position of an encrypted spreading code with a certain length according to signal carrier-to-noise ratio conditions; after the MACK of the next continuous authentication period finishes broadcasting, firstly verifying the authenticity of the current continuous authentication period MACK and the corresponding message, and generating all secret spread codes in the current 15s as local codes through the next continuous authentication period MACK; and performing correlation operation on the local code and the cached signal samples, and checking the existence and code phase of a correlation peak, thereby realizing double authentication of the current period spread spectrum code and the text data.
Since the secret spreading codes of all satellites appear in the same signal time, only the signal samples of the time period need to be buffered, and additional buffering is performed according to the maximum satellite transmission delay, so that the spreading code authentication of all satellites can be supported.
Based on the same thought, some embodiments of the present application also provide a device and a non-volatile computer storage medium corresponding to the above method.
Some embodiments of the present application provide a satellite navigation signal authentication structure and a receiving and authentication device combining a spreading code and a text, wherein the satellite navigation signal authentication structure comprises:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
the method comprises the steps of obtaining a navigation message of a navigation signal, and caching various data in the navigation message, wherein the navigation message at least comprises first authentication information, the first authentication information at least comprises three parts, the first part is a digital signature, the second part is a plurality of message authentication codes and a first key pair, and the third part is a group of second key groups;
The private key held by the satellite is used as a secret key, all data except the first part of digital signature in the navigation message is used as a plaintext, the digital signature to be compared is calculated through a digital signature algorithm, the digital signature in the cache is compared with the digital signature to be compared,
if the digital signature in the cache is the same as the digital signature to be compared, the navigation data and the second key group disclosed in the feedback navigation message are real;
obtaining a second key to be compared by adopting the first key through one-way function calculation, comparing the second key in the second key group with the second key to be compared,
if the second key in the second key group is the same as the second key to be compared, the first key is fed back to be real;
the first key is used as a key for calculating the message authentication code of the previous time period, the navigation data disclosed in the navigation circuit is used as a plaintext, the message authentication code to be compared is calculated through a symmetric cryptographic algorithm, the message authentication code in the cache is compared with the message authentication code to be compared,
if the message authentication code in the cache is the same as the message authentication code to be compared, the feedback message authentication code is true.
Some embodiments of the present application further provide a satellite navigation signal authentication structure with a spreading code combined with a text, and a received non-volatile computer storage medium storing computer executable instructions, where the computer executable instructions are configured to:
The method comprises the steps of obtaining a navigation message of a navigation signal, and caching various data in the navigation message, wherein the navigation message at least comprises first authentication information, the first authentication information at least comprises three parts, the first part is a digital signature, the second part is a plurality of message authentication codes and a first key pair, and the third part is a group of second key groups;
the private key held by the satellite is used as a secret key, all data except the first part of digital signature in the navigation message is used as a plaintext, the digital signature to be compared is calculated through a digital signature algorithm, the digital signature in the cache is compared with the digital signature to be compared,
if the digital signature in the cache is the same as the digital signature to be compared, the navigation data and the second key group disclosed in the feedback navigation message are real;
obtaining a second key to be compared by adopting the first key through one-way function calculation, comparing the second key in the second key group with the second key to be compared,
if the second key in the second key group is the same as the second key to be compared, the first key is fed back to be real;
the first key is used as a key for calculating the message authentication code of the previous time period, the navigation data disclosed in the navigation circuit is used as a plaintext, the message authentication code to be compared is calculated through a symmetric cryptographic algorithm, the message authentication code in the cache is compared with the message authentication code to be compared,
If the message authentication code in the cache is the same as the message authentication code to be compared, the feedback message authentication code is true.
The embodiments of the present application are described in a progressive manner, and the same and similar parts of the embodiments are all referred to each other, and each embodiment is mainly described in the differences from the other embodiments. In particular, for the apparatus and medium embodiments, the description is relatively simple, as it is substantially similar to the method embodiments, with reference to the section of the method embodiments being relevant.
The devices and media provided in the embodiments of the present application are in one-to-one correspondence with the methods, so that the devices and media also have similar beneficial technical effects as the corresponding methods, and since the beneficial technical effects of the methods have been described in detail above, the beneficial technical effects of the devices and media are not repeated here.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is directed to methods, apparatus (systems), and computer program products in accordance with embodiments of the present invention
And a flowchart and/or block diagram of an article. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.

Claims (8)

1. The utility model provides a satellite navigation signal authentication structure that spread spectrum sign indicating number and telegraph text are united, satellite navigation signal authentication structure includes carrier wave, navigation telegraph text and spread spectrum sign indicating number, its characterized in that:
the navigation message comprises first authentication information, the first authentication information at least comprises three parts, wherein the first part is a digital signature, the second part is a plurality of message authentication codes and first key pairs, and the third part is a group of second key groups;
the digital signature is obtained by adopting a private key held by a satellite as a secret key and adopting all data except the first part of digital signature in the navigation message as a plaintext through calculation of a digital signature algorithm; the digital signature is used for authenticating the legality of the navigation message;
the message authentication codes and the first key pairs are continuously placed in the second part according to a preset time period, the message authentication codes in one time period are obtained by adopting the first key in the next time period as a key and calculating the first key in one time period as a key used for calculating the message authentication codes in the last time period by using the first key in the next time period as a key, and the message authentication codes and the first key pairs are used for authenticating the validity of the navigation data disclosed in the navigation message;
The second key group comprises a plurality of second keys which are the same as the message authentication code and the first key in number, the second keys are obtained by adopting the first keys through one-way function calculation, and the second keys are used for authenticating the validity of the first keys;
the spreading code comprises second authentication information, the second authentication information comprises a secret spreading code formed by a plurality of secret spreading code segments, and the sequence of the secret spreading code is calculated by a corresponding message authentication code in a time period where the secret spreading code is located through a security algorithm.
2. The satellite navigation signal authentication structure of claim 1, wherein the digital signature has a beat length that is the same as the beat length of the second key set and the beat length of the digital signature is an integer multiple of the beat length of the message authentication code and first key pair.
3. The satellite navigation signal authentication structure of claim 1, wherein the beat length of the message authentication code and first key pair is an integer multiple of the beat length of the secret spreading code.
4. The satellite navigation signal authentication structure of claim 1, wherein the occurrence location of the secret spreading code is preset; or (b)
The occurrence position of the secret spread spectrum code is a series of number columns, and the number columns are calculated by adopting navigation data disclosed in the navigation message through a preset second algorithm.
5. The satellite navigation signal authentication structure of claim 1, wherein the sequence of secret spreading codes is obtained by secure computation from a corresponding message authentication code within a time period in which the secret spreading code is located, comprising:
the plurality of secret spreading code segments in the secret spreading code are all obtained by the same message authentication code through secure calculation, wherein different secret spreading code segments correspond to different data bit combinations in the message authentication code.
6. The satellite navigation signal authentication structure of claim 1, wherein one or more of the message authentication code, the first key, the second key, the navigation message, and the spreading code are represented by a binary sequence of 01.
7. A satellite navigation signal authentication structure receiving method by combining a spreading code and a text, the method being for receiving the satellite navigation signal authentication structure according to any one of claims 1 to 6, the method comprising:
Acquiring a navigation message of a satellite navigation signal, and caching various data in the navigation message, wherein the navigation message at least comprises first authentication information, the first authentication information at least comprises three parts, the first part is a digital signature, the second part is a plurality of message authentication codes and a first key pair, and the third part is a group of second key groups;
taking a private key held by a satellite as a secret key, taking all data except a first part of digital signature in the navigation message as a plaintext, calculating the secret key and the plaintext according to a digital signature algorithm to obtain a digital signature to be compared, comparing the digital signature in a cache with the digital signature to be compared, and if the digital signature in the cache is the same as the digital signature to be compared, feeding back the navigation data disclosed in the navigation message and a second secret key group to be true;
obtaining a second key to be compared through one-way function calculation by adopting the first key, comparing the second key in the second key group with the second key to be compared, and if the second key in the second key group is the same as the second key to be compared, feeding back the first key to be true;
And taking the first key as a key for calculating a message authentication code of a previous time period, taking navigation data disclosed in the navigation message as a plaintext, calculating a message authentication code to be compared through a symmetric cryptographic algorithm, comparing the message authentication code in a cache with the message authentication code to be compared, and if the message authentication code in the cache is the same as the message authentication code to be compared, feeding back the message authentication code to be real and receiving a real navigation message.
8. The method of claim 7, wherein the method further comprises:
calculating the message authentication code in the cache according to a preset security algorithm to obtain a sequence of a secret spread spectrum code, and taking the sequence of the secret spread spectrum code as a sequence to be compared of the secret spread spectrum code;
acquiring the appearance position of a preset secret spread spectrum code, or calculating the disclosed navigation data in the navigation message according to a preset second algorithm to obtain the appearance position of the secret spread spectrum code, and taking the appearance position of the secret spread spectrum code as the position to be compared of the secret spread spectrum code;
acquiring a sequence of a secret spread spectrum code of a navigation signal in a buffer memory and a position of the secret spread spectrum code;
if the sequence of the secret spread spectrum code is consistent with the sequence to be compared of the secret spread spectrum code, and the position of the secret spread spectrum code is consistent with the position to be compared of the secret spread spectrum code, the calculated result obtained through multiplication and addition operation of sampling points one by one is larger than a preset threshold value, and the spread spectrum code of the feedback navigation signal is real.
CN202311144728.7A 2023-09-06 2023-09-06 Satellite navigation signal authentication structure combining spread spectrum code and text and receiving method Active CN116879925B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311144728.7A CN116879925B (en) 2023-09-06 2023-09-06 Satellite navigation signal authentication structure combining spread spectrum code and text and receiving method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311144728.7A CN116879925B (en) 2023-09-06 2023-09-06 Satellite navigation signal authentication structure combining spread spectrum code and text and receiving method

Publications (2)

Publication Number Publication Date
CN116879925A CN116879925A (en) 2023-10-13
CN116879925B true CN116879925B (en) 2023-11-10

Family

ID=88262498

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311144728.7A Active CN116879925B (en) 2023-09-06 2023-09-06 Satellite navigation signal authentication structure combining spread spectrum code and text and receiving method

Country Status (1)

Country Link
CN (1) CN116879925B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117310755B (en) * 2023-11-30 2024-02-20 中国人民解放军国防科技大学 Satellite navigation signal credible authentication protocol and terminal credible positioning method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106170716A (en) * 2014-04-08 2016-11-30 欧洲联盟·由欧洲委员会代表 The method and system that the certification of radio navigation signal is optimized
CN108008420A (en) * 2017-11-30 2018-05-08 北京卫星信息工程研究所 Beidou navigation text authentication method based on Big Dipper short message
CN112671544A (en) * 2020-12-30 2021-04-16 中国科学院空天信息创新研究院 System and method for managing message authentication key
CN113608242A (en) * 2021-06-18 2021-11-05 西安空间无线电技术研究所 Navigation signal security enhancement method based on code period spread spectrum code authentication

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3349044A1 (en) * 2017-01-11 2018-07-18 The European Union, represented by the European Commission Method and system for radionavigation authentication
DE102020212451A1 (en) * 2020-10-01 2022-04-07 Robert Bosch Gesellschaft mit beschränkter Haftung Method of digitally signing a message

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106170716A (en) * 2014-04-08 2016-11-30 欧洲联盟·由欧洲委员会代表 The method and system that the certification of radio navigation signal is optimized
CN108008420A (en) * 2017-11-30 2018-05-08 北京卫星信息工程研究所 Beidou navigation text authentication method based on Big Dipper short message
CN112671544A (en) * 2020-12-30 2021-04-16 中国科学院空天信息创新研究院 System and method for managing message authentication key
CN113608242A (en) * 2021-06-18 2021-11-05 西安空间无线电技术研究所 Navigation signal security enhancement method based on code period spread spectrum code authentication

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"Design Drivers, Solutions and Robustness Assessment of Navigation Message Authentication for the Galileo Open Service";Ignacio Fernández Hernández等;《ION GNSS+ 2014, Tampa, FL, NAVIGATION, the Journal of the Institute of Navigation》;第63卷(第1期);85-102 *
"北斗三号民用导航信号认证方法研究";王正等;《第十三届中国卫星导航年会论文集——S07卫星导航信号处理》;1-5 *
"卫星导航信号电文加密技术研究与评估";申成良等;《全球定位系统》;第43卷(第3期);7-12 *

Also Published As

Publication number Publication date
CN116879925A (en) 2023-10-13

Similar Documents

Publication Publication Date Title
CN109951296B (en) Remote data integrity verification method based on short signature
US8391488B2 (en) Method and apparatus for using navigation signal information for geoencryption to enhance security
Pozzobon et al. Anti-spoofing and open GNSS signal authentication with signal authentication sequences
CN106170716B (en) Method and system for optimizing authentication of radio navigation signals
CN103795543B (en) A kind of secure two-way authentication method for rfid system
CN116879925B (en) Satellite navigation signal authentication structure combining spread spectrum code and text and receiving method
CN105743888A (en) Agent re-encryption scheme based on keyword research
US9465582B1 (en) Significant random number generator
Aghapour et al. An ultra-lightweight and provably secure broadcast authentication protocol for smart grid communications
Neish et al. Parameter selection for the TESLA keychain
CN110474932A (en) A kind of encryption method and system based on information transmission
CN104363097A (en) Mutual authentication method for lightweight-class RFID on elliptic curve
Curran et al. Securing GNSS: An end-to-end feasibility analysis for the Galileo open-service
Wu et al. TESLA-based authentication for BeiDou civil navigation message
Ying et al. Efficient authentication protocol for secure vehicular communications
Karimi et al. Enhancing security and confidentiality in location-based data encryption algorithms
CN110855667A (en) Block chain encryption method, device and system
Lee Two ultralightweight authentication protocols for low-cost RFID tags
Shih et al. Traceability for Vehicular Network Real-Time Messaging Based on Blockchain Technology.
CN110046511A (en) Leaking data method, apparatus, equipment and storage medium are prevented based on alliance's chain
Al‐Balasmeh et al. Framework of data privacy preservation and location obfuscation in vehicular cloud networks
KR101217491B1 (en) A method for searching keyword based on public key
Yuan et al. An implementation of navigation message authentication with reserved bits for civil BDS anti-spoofing
US8954728B1 (en) Generation of exfiltration-resilient cryptographic keys
Qiu et al. Geoencryption using loran

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant