TY - JOUR
T1 - Analysis and Recommendations for MAC and Key Lengths in Delayed-Disclosure GNSS Authentication Protocols
AU - Fernández-Hernández, Ignacio
AU - Ashur, Tomer
AU - Rijmen, Vincent
PY - 2021/6/10
Y1 - 2021/6/10
N2 - Data and signal authentication schemes are being proposed to address Global Navigation Satellite Systems' (GNSS) vulnerability to spoofing. Due to the low power of their signals, the bandwidth available for authentication in GNSS is scarce. Since delayed-disclosure protocols, e.g., TESLA (timed-efficient stream loss-tolerant authentication), are efficient in terms of bandwidth and robust to signal impairments, they have been proposed and implemented by GNSS. The length of message authentication codes (MACs) and cryptographic keys are two crucial aspects of the protocol design as they have an impact on the utilized bandwidth, and therefore on the protocol performance. We analyze both aspects in detail for GNSS-TESLA and present recommendations for efficient yet safe MAC and key lengths. We further complement this analysis by proposing possible authentication success and failure policies and quantify the reduction of the attack surface resulting from employing them. The analysis shows that in some cases it is safe to use MAC and key sizes that are smaller than those proposed in best-practice guidelines. While some of our considerations are general to delayed-disclosure lightweight protocols for data and signal authentication, we particularize them for GNSS-TESLA protocols.
AB - Data and signal authentication schemes are being proposed to address Global Navigation Satellite Systems' (GNSS) vulnerability to spoofing. Due to the low power of their signals, the bandwidth available for authentication in GNSS is scarce. Since delayed-disclosure protocols, e.g., TESLA (timed-efficient stream loss-tolerant authentication), are efficient in terms of bandwidth and robust to signal impairments, they have been proposed and implemented by GNSS. The length of message authentication codes (MACs) and cryptographic keys are two crucial aspects of the protocol design as they have an impact on the utilized bandwidth, and therefore on the protocol performance. We analyze both aspects in detail for GNSS-TESLA and present recommendations for efficient yet safe MAC and key lengths. We further complement this analysis by proposing possible authentication success and failure policies and quantify the reduction of the attack surface resulting from employing them. The analysis shows that in some cases it is safe to use MAC and key sizes that are smaller than those proposed in best-practice guidelines. While some of our considerations are general to delayed-disclosure lightweight protocols for data and signal authentication, we particularize them for GNSS-TESLA protocols.
KW - Authentication
KW - Cryptography
KW - Forgery
KW - GNSS
KW - Global navigation satellite system
KW - Media Access Protocol
KW - Protocols
KW - Satellite broadcasting
KW - TESLA
KW - authentication
KW - cryptography
KW - spoofing
KW - timed-efficient stream loss-tolerant authentication (TESLA)
KW - Global Navigation Satellite System (GNSS)
UR - http://www.scopus.com/inward/record.url?scp=85100450896&partnerID=8YFLogxK
U2 - 10.1109/TAES.2021.3053129
DO - 10.1109/TAES.2021.3053129
M3 - Article
VL - 57
SP - 1827
EP - 1839
JO - IEEE Transactions on Aerospace and Electronic Systems
JF - IEEE Transactions on Aerospace and Electronic Systems
SN - 0018-9251
IS - 3
M1 - 9336032
ER -