Authentication Security of Combinatorial Watermarking for GNSS Signal Authentication

A function that uniformly selects a pseudorandom combination of integers from a pseudorandom seed

A one-way random integer function based on HMAC (Dang, 2008)

Plot of the upper-tail probability of the distribution of of a single watermark with the system parameters of our example GPS C/A signal described in Section 3.2.1 The adversary guesses random watermarks. Each line corresponds to a specific attack strategy s, the number of chips the adversary elects to invert. We plot only one tenth of all s results in gray for a clean figure. Some results are colored to show trends. The plot also marks the appropriate bound for a 32-bit security level.

Diagram of our proposed modified matched filter, which produces the statistic Y for determining the authenticity of a cryptographically watermarked signal

R₋ and are reversed signal replicas (including carrier, sampling effects, and coherent integration length) without and with a watermark, respectively. forms the filter kernel. K is a gain selected later for mathematical conciseness of the derived probability distributions. While a real receiver may compute the product sum, we are explicit with our use of the valid convolution to aid with propagating noise. We include the relation between the Y filter and a typical GNSS tracking loop producing prompt in-phase and quadrature correlation values and the required memory buffer.

False alert (FA) and missed detection (MD) probabilities of various scheme designs and situations for a given decision boundary on Y

The parameters are based on a theoretical L1C watermarked signal, and the signal power is based on observations of L1C signals from Section 5. For the (n, r) L1C scheme, the 10230-chip sequence is divided into 1023 10-chip sections, and individual chip sections are inverted. For the (10n, 10r) L1C scheme, 520 of the 10230 chips are inverted in a watermark. For situations in which the integration time is longer than a single spreading code (e.g., 10T, 100T), the curve is computed via repeated convolution, as described in Section 4.1. The line types (i.e., solid, dashed, or dotted) indicate corresponding MD and FA probabilities. For instance, each dashed MD line corresponds to the red dashed FA line.

Comparison of our predicted distributions with postprocessed GPS C/A observations obtained via a 25-MHz software-defined radio (based on a mirrored problem described in Section 5)

Over a 60-s time period, we obtain 6000 measurements of the proposed statistic Y, each computed over a 10-ms integration within a converged tracking loop. Each millisecond contains its own mirrored watermark such that each Y is related to 10 independent watermarks, and we computed via repeated convolution. In our scenario, the adversary has elected to randomly guess s = 52 chips to flip per millisecond against r = 52 chips flipped by the provider.