Combinatorial Watermarking Under Limited SCER Adversarial Models

2.1 Non-SCER Case

As described in our prior work (Anderson et al., 2024a), a non-SCER adversary does not observe the watermark with listening equipment. Based on the construction of the watermark, the adversary may only conduct an impossibly large exhaustive search of the r inverted chips among the n chips to spoof a watermark. Because the signal is a stream signal, the receiver will only make one authentication attempt per ranging code. Therefore, the adversary may only make one attempt to spoof a watermarked ranging code, and the adversary must make a guess.

Our prior work (Anderson et al., 2024a) utilized a modified correlator as the radio observable for a receiver determining signal authentication with a watermark. Let R be the original (not watermarked) replica of a ranging code composed of n chips over a coherent integration time T. When the receiver radio samples the signal at frequency F, then R ∈ {−1, 1}^FT. The watermarked replica R^w includes the combination of r inverted chips and the sampling rate F; thus, R^w ∈ {-1, 1}^FT. For each watermarked ranging code, the receiver computes Y_Δ from the precorrelation signal $S\in {ℝ}^{FT}$ according to Equations (1), (2), and (3), as shown in Figure 1. The signal power P must be estimated for the signal S. In Figure 1, the system branches off of the I channel for authentication purposes for concreteness when utilizing the SBAS case (see Section 1.2) but can be modified to accommodate other GNSS signal designs. R_Δ is the subtraction of the two replicas R^w and R and is reversed for use in a linear time-invariant matching convolution filter:

$R_{\Delta }=R_{-}^w-R_{-}$1

$k_{\Delta }=\frac{1}{{\Vert R^w-R\Vert }_1}\frac{1}{\sqrt{P}}=\frac{1}{2r}\frac{n}{FT}\frac{1}{\sqrt{P}}$2

$Y_{\Delta }=k_{\Delta }·R_{\Delta }*S$3

• Download figure
• Open in new tab
• Download PowerPoint

FIGURE 1

Diagram of a radio that verifies the watermark for authentication with a non-SCER adversary

The bottom includes the standard tracking loop. From a converged tracking loop, I-baseband samples are stored in memory to await the cryptographic seed that determines the watermark. After watermark seed distribution, the I-baseband samples are processed through the R_Δ filter. The diagram uses I-baseband samples assuming the SBAS signal; other samples would be required depending on the signal design.

The signal S could be authentic or spoofed by a non-SCER adversary, represented as S^auth or S^¬SCER, respectively. The signal S is the sum of the ranging signal with power P and an additive white Gaussian noise (AWGN) term $N\in {ℝ}^{FT}$ with $N\sim N\left(0,{\sigma }^{2}I\right)$. In the authentic case, the ranging signal derives from the replica R^w (known only to the authentic GNSS provider at the time of broadcast), as in Equation (4):

$S^{\text{auth} }=\sqrt{P}{R}^w+N$4

Because of the cryptographic security on the watermark and the assumption of a non-SCER adversary, the adversary must guess and generate its own R^¬SCER to spoof the signal, as in Equation (5). Whereas the constellation will generate R^w from R by randomly inverting r chips among the n chips, the adversary may elect to invert any number of chips s. Thus, we must account for numerous non-SCER adversaries simultaneously and ensure that any authentication detector accounts for this selection by the adversary:

$S^{\neg \text{SCER}}=\sqrt{P}{R}^{\neg \text{SCER}}+N$5

For the non-SCER case, Anderson et al. (2024a) showed that Y_Δ can be derived from a hypergeometric distribution. Given the typical noisy conditions of GNSS signals, Anderson et al. (2024a) also showed how one can aggregate W watermarks to enable reasonable missed-detection and false-alarm probabilities for a threshold on Y_Δ. While Equations (4) and (5) assume an AWGN term, aggregating W identically distributed, non-AWGN terms (on the order of W = 6000 in the work by Anderson et al. (2024b)) invokes the central limit theorem, meaning that non-AWGN will approach AWGN in the aggregate:

$H\sim \mathscr{H}(n,r,s)$6

${\mathrm{PMF}}_H\left(h\right)=\frac{\left(\begin{array}{c}r\\ h\end{array}\right)\left(\begin{array}{c}n-r\\ s-h\end{array}\right)}{\left(\begin{array}{c}n\\ s\end{array}\right)}$7

$R_{-}^w*R^{\neg \text{SCER} }=(n-2r-2s+4H)\frac{FT}{n}$8

$N_{\Delta ,W}\sim N\left(0,\frac{1}{r}·\frac{n}{FT}·\frac{{\sigma }^2}{P}·\frac{1}{W}\right)$9

$y=g_{\Delta ,\neg \text{SCER}}(h\mid r,s)=\frac{1}{2r}·(4h-2r)$10

$Y_{\Delta ,W}^{\neg \text{SCER}}=\frac{1}{W}\sum _W{g}_{\Delta ,\neg \text{SCER}}\left(H\right)+\frac{1}{W}\sum _W{N}_{\Delta }$11

$PM{F}_{Y_{\Delta ,W}^{-\text{SCER}}}\left(y\right)=\left({\left(PM{F}_H°W{g}_{\Delta ,\neg \text{SCER}}^{-1}\right)}^{*W}*PM{F}_{N_{\Delta ,W}}\right)\left(y\right)$12

For a complete derivation of the above, we refer to the work of Anderson (2024) and Anderson et al. (2024a). Equations (7)–(12) provide a summary of the results of these derivations. However, we note that the SCER derivations of this work follow almost the same mathematical process as the non-SCER derivations.

2.2 SCER Case

In our prior work (Anderson et al., 2024a, 2024b), we assumed that the adversary did not listen to the signal to estimate the watermark and replay a signal with the adversary-observed watermark. Rather, the adversary made a random guess for the watermark and transmitted a spoofed signal. In this work, we now examine an adversary attempting to observe the watermark and replay a signal.

In the literature, attacks that listen for security chips and replay are called SCER attacks (Humphreys, 2013). Figure 2 provides a conceptual diagram of an SCER attack for our combinatorial-watermarking context. Among GNSS spoofing adversaries, SCER-capable adversaries are considerably more sophisticated and complicated, and successfully fooling a receiver is considerably more difficult. In some contexts, schemes that prohibit all but SCER-capable adversaries are sufficient spoofing deterrents. However, even when cryptography is incorporated into GNSS signals, these GNSS signals still remain vulnerable to SCER attacks.

• Download figure
• Open in new tab
• Download PowerPoint

FIGURE 2

Conceptual diagram of an SCER attack

The adversary attempts to directly observe the watermark in the signal and then replay a watermarked signal to spoof a receiver. The thought bubble of the adversary portrays the adversary attempting to use its measurements of the true signal to construct a single watermark likely to spoof a receiver without detection by the receiver. The top row of boxes represents a collection of inverted-chip likelihoods among a single watermarked ranging code. The varying hues of red represent the soft information provided by the likelihood (i.e., a darker red corresponds to a higher inverted-chip likelihood). The bottom row of boxes represents the adversary’s decision to watermark. The adversary can elect to invert any number of chips based on its measurements.

SCER attacks are difficult to carry out for multiple reasons. One reason is that the GNSS signal is below the thermal noise floor, and estimating security chips requires sophisticated (and likely arduous) radio equipment (e.g., high-gain antennas). A second reason is that the adversary must transport the estimate of the security chips to a transmitting antenna within a sufficiently short time to avoid detection by the receiver’s onboard clock. A third reason is that the cryptographic construction limits the effectiveness of advanced decision algorithms beyond an exhaustive search among an enormous search space. Similar to Humphreys (2013), we will assume that our adversary has access to advanced radio equipment, with no delay in its observation antenna, and has access to a watermark decision-making algorithm (although a practical computer must be capable of computing the decision) and replaying antenna (with no information transmission delay among components).

2.2.1 Chip Estimation Model

To conduct an SCER attack, the adversary must estimate the inverted chips within each ranging code. With the unbiased inversion selection algorithm for combinatorial watermarking, the adversary must observe and check the entire ranging code for inverted chips.

Under the standard σ²-noise-power AWGN assumption for a binary phase shift key (BPSK) signal, the constellation points are separated by $2\sqrt{P}$ and distributed normally with standard deviation σ, with 0 located halfway between them, as shown in Figure 3. Without a loss of generality, suppose that a non-inverted chip is centered at $\sqrt{P}$ and an inverted chip is centered at $-\sqrt{P}$ in the baseband measurement. This can be achieved in practice by wiping off the ranging code via element-wise multiplication of the signal S by the replica R.

• Download figure
• Open in new tab
• Download PowerPoint

FIGURE 3

Conceptual figure of the chip estimation model for a single chip after elementwise multiplication by the unwatermarked replica

For the non-watermarked chip hypothesis, the constellation point will be 1. For the watermarked chip hypothesis, the constellation point will be −1. The diagram includes the probability density functions (PDFs) with an SNR of 3 dB. The adversary may choose any decision boundary α (e.g., a maximum likelihood or maximum a posterior decision). The probabilities of errors are labeled, given the decision boundary and noise model.

Using its radio measurements and the model from the previous paragraph, the chip-estimating adversary must select a decision boundary. A halfway boundary would be a good choice, assuming a uniform prior between inverted and non-inverted chips. However, that will never be the case for a watermarked signal because the number of watermarked chips must be less than the number of non-watermarked chips so that receivers can track the signal. Given a boundary α, the probabilities of error p_e|r and p_e|¬r for whether the chip is inverted or not inverted are provided in Equations (13) and (14), respectively:

$p_{e\mid r}={\int }_{-\infty }^{\alpha }{\text{PDF}}_{N(\sqrt{P},\sigma )}\left(x\right)dx$13

$p_{e\mid \neg r}={\int }_{\alpha }^{\infty }{\text{PDF}}_{N(-\sqrt{P},\sigma )}\left(x\right)dx$14

By parameterizing the chip estimation by α, we account for any prior-chip-inversion probability strategy by the adversary. In the non-SCER case, the adversary has the selection of s in its spoofing strategy. In the SCER case, the adversary has the selection of α in its spoofing strategy. All α values must be accounted for with a SCER spoofing detector.

In the conceptual diagram shown in Figure 2, within the thought bubble, the adversary is using its measurements to decide how to form a spoofed watermarked ranging code. Section 3 analyzes the case in which the SCER adversary implements a decision rule that ignores soft information (i.e., measurement likelihoods) from the chip estimation BPSK model. This model is useful for deriving concise mathematical adversarial distributions of the authentication statistics similar to that of the non-SCER case. Section 4 attempts to utilize soft information to enact a more sophisticated adversary that exploits the soft information.

3.1 Filter Set

From Equations (18) and (19), we suggest two filters of the form shown in Equations (20) and (21). The first filter is a subtraction filter from our previous work, and the second is a sum filter. This symmetric pair poses several advantages related to analysis by separating the two binomial distributions. This separation makes the following mathematic derivations easier and symmetric, provides an intuitive interpretation, and constrains the adversary’s success over its selected α:

$\left(R_{-}^w-R_{-}\right)*R^{\text{HDSCER}}=\left(-2r+4B_r\right)\frac{FT}{n}$20

$\left(R_{-}^w+R_{-}\right)*R^{\text{HDSCER}}=\left(2(n-r)-4B_{\neg r}\right)\frac{FT}{n}$21

The statistic of Equation (20) measures how well the adversary can predict where the chip inversions exist. The statistic of Equation (21) measures how well the receiver will track the spoofed signal. When we judiciously choose the following gains for these filters, the distribution of the statistics is simplified and is easier to intuitively understand. Equation (2) provides k_Δ, which was used in the non-SCER case, and Equation (22) provides k_Σ:

$k_{\Sigma }=\frac{1}{{\Vert R^w+R\Vert }_1}\frac{1}{\sqrt{P}}=\frac{1}{2(n-r)}\frac{n}{FT}\frac{1}{\sqrt{P}}$22

The final filters for study in this work are defined by Equations (3) and (23), as shown in Figure 4:

$Y_{\Sigma }=k_{\Sigma }·R_{\Sigma }=k_{\Sigma }·\left(R_{-}^w+R_{-}\right)$23

• Download figure
• Open in new tab
• Download PowerPoint

FIGURE 4

Diagram of a radio that checks the watermark for authentication for the SCER case

The bottom includes the standard tracking loop. From a converged tracking loop, I-baseband samples are stored in memory to await the cryptographic seed that determines the watermark. After the watermark seed distribution, the I-baseband samples are processed through the R_Δ and R_Σ filters. The diagram uses I-baseband samples assuming the SBAS signal; other samples would be required depending on the signal design.

3.2 Statistic Distributions

Based on their construction, Y_Δ and Y_Σ derive from independent binomial distributions. Because of the central limit theorem effect, the spread of the distributions of Y will shrink about their expectations, which are shown to be functions of p_e|r and p_e|¬r in Section 3.3. Another set of statistics would not be independent, complicating the analysis.

In this section, we feed the HDSCER-spoofed signal S^HDSCER from Equation (24) into the filter set from Section 3.1:

$S^{\text{HDSCER}}=\sqrt{P}{R}^{\text{HDSCER}}+N$24

For mathematical conciseness, we use the following:

$y=g_{\Delta ,\text{HDSCER}}(b\mid r)=\frac{1}{2r}·(4b-2r)$25

$y=g_{\Sigma ,\text{HDSCER}}(b\mid r)=\frac{1}{2(n-r)}·\left(2\right(n-r)-4b)$26

$N_{\Sigma ,W}\sim N\left(0,\frac{1}{n-r}·\frac{n}{FT}·\frac{{\sigma }^2}{P}·\frac{1}{W}\right)$27

The choice of filters Y_Δ and Y_Σ separates the binomial distributions. Feeding signal S^HDSCER into Y_Δ yields Equation (29):

$\begin{array}{cc}{Y}_{\Delta }^{\text{HDSCER}}& =k_{\Delta }\left(R_{-}^w-R_{-}\right)*\left(\sqrt{P}{R}^{\text{HDSCER}}+N\right)\\ & =k_{\Delta }\sqrt{P}\left(R_{-}^w-R_{-}\right)*R^{\text{HDSCER}}+k_{\Delta }·\left(R_{-}^w-R_{-}\right)*N\\ & =\frac{1}{2r}\left(-2r+4B_r\right)+k_{\Delta }·\left(R_{-}^w-R_{-}\right)*N\\ Y_{\Delta }^{\text{HDSCER}}& =g_{\Delta , \text{HDSCER} }\left(B_r\right)+N_{\Delta }\end{array}$28

$\begin{array}{c}{\mathrm{PMF}}_{Y_{\Delta }^{\text{HDSCER} }}\left(y\right)={\mathrm{PMF}}_{B_r}\left(g_{\Delta , \text{HDSCER} }^{-1}\left(y\right)\right)*{\mathrm{PMF}}_{N_{\Delta }}\left(y\right)\\ {\mathrm{PMF}}_{Y_{\Delta }^{\text{HDSCER} }}\left(y\right)=\left(\left({\mathrm{PMF}}_{B_r}°g_{\Delta , \text{HDSCER} }^{-1}\right)*{\mathrm{PMF}}_{N_{\Delta }}\right)\left(y\right)\end{array}$29

Feeding signal S^HDSCER into Y_Σ yields Equation (31):

$\begin{array}{cc}{Y}_{\sum }^{\text{HDSCER}}& =k_{\sum }\left(R_{-}^w+R_{-}\right)*\left(\sqrt{P}{R}^{\text{HDSCER}}+N\right)\\ & =k_{\sum }\sqrt{P}\left(R_{-}^w+R_{-}\right)*R^{\text{HDSCER}}+k_{\sum }·\left(R_{-}^w+R_{-}\right)*N\\ & =\frac{1}{2(n-r)}\left(2(n-r)-4B_{\neg r}\right)+k_{\Sigma }·\left(R_{-}^w+R_{-}\right)*N\\ Y_{\sum }^{\text{HDSCER}}& =g_{\sum , \text{HDSCER} }\left(B_{\neg r}\right)+N_{\sum }\end{array}$30

$\begin{array}{c}{\mathrm{PMF}}_{Y_{\Sigma }^{\text{HDSCER}}}\left(y\right)={\mathrm{PMF}}_{B_{\neg r}}\left(g_{\Sigma ,\text{HDSCER}}^{-1}\left(y\right)\right)*{\mathrm{PMF}}_{N_{\Sigma }}\left(y\right)\\ {\mathrm{PMF}}_{Y_{\Sigma }^{\text{YHDSCER} }}\left(y\right)=\left(\left({\mathrm{PMF}}_{B_{\neg r}}°g_{\Sigma , \text{HDSCER} }^{-1}\right)*{\mathrm{PMF}}_{N_{\Sigma }}\right)\left(y\right)\end{array}$31

For the case in which the receiver averages over W watermarks, we have the following:

$PM{F}_{Y_{\Delta ,W}^{\text{HDSCER}}}\left(y\right)=({(PM{F}_{B_r}°W{g}_{\Delta ,\text{HDSCER}}^{-1})}^{*W}*PM{F}_{N_{\Delta ,W}})\left(y\right)$32

${\mathrm{PMF}}_{Y_{\Sigma ,W}^{\text{HDSCER}}}\left(y\right)=\left({\left({\mathrm{PMF}}_{B_{\neg r}}°W{g}_{\Sigma ,\text{HDSCER}}^{-1}\right)}^{*W}*{\mathrm{PMF}}_{N_{\Sigma ,W}}\right)\left(y\right)$33

The Y_Δ statistic indicates how well the adversary can predict where the chip inversions exist, and the Y_Σ statistic indicates how low the adversary’s false-inverted-chip estimation rate is. Because the receiver will initially track with R, the Y_Σ statistic also measures how well the receiver will track the spoofed signal.

In this section, we take a direct computational approach via convolution for $Y_{\Delta }^{\text{HDSCER}}$ and $Y_{\Sigma }^{\text{HDSCER}}$, similar to the work by Anderson et al. (2024a) for $Y_{\Delta }^{\neg \text{SCER} }$. We note that in several authentication designs, the receiver will receive multiple watermarks (Air Force Research Laboratory, 2019; Anderson et al., 2024b). For example, we adopt the 6-s watermark observation window of Anderson et al. (2024b), where the receiver receives an average of 6,000 individual values of Y_Δ and Y_Σ, allowing us to apply the central limit theorem and use the results of the following section. The adversary model is a group of adversaries with varying observation capability (via p_e|r and p_e|¬r). Therefore, for this work, we expect that examining trends in the statistic expectation over varying adversary errors will be useful for watermark design.

3.3 Deriving the Mean and Variance of the Filter Set

This section derives the mean and variance of the statistics from Section 3.2 to enable a study of useful design trends in Section 3.4. For $E\left[Y_{\Delta ,W}^{\text{HDSCER}}\right]$, which is the expectation of Y_Δ in the presence of an HDSCER adversary with the receiver averaging over W watermarks, we have Equation (34):

$\begin{array}{cc}E\left[Y_{\Delta ,W}^{\text{HDSCER}}\right]& =E\left[Y_{\Delta }^{\text{HDSCER}}\right]\\ & =E\left[g_{\Delta ,\text{HDSCER}}\left(B_r\right)+N_{\Delta }\right]\\ & =\frac{1}{2r}·E\left[-2r+4B_r\right]\\ & =\frac{1}{2r}·\left(-2r+4r\left(1-p_{e\mid r}\right)\right)\\ & =-1+2\left(1-p_{e\mid r}\right)\\ E\left[Y_{\Delta ,W}^{\text{HDSCER}}\right]& =1-2p_{e\mid r}\end{array}$34

For $E\left[Y_{\Sigma ,W}^{\text{HDSCER}}\right]$, which is the expectation of Y_Σ in the presence of an HDSCER adversary with the receiver averaging over W watermarks, we have Equation (35):

$\begin{array}{cc}E\left[Y_{\Sigma ,W}^{\text{HDSCER}}\right]& =E\left[Y_{\Sigma }^{\text{HDSCER}}\right]\\ & =E\left[g_{\Sigma ,\text{HDSCER}}\left(B_{\neg r}\right)+N_{\Sigma }\right]\\ & =\frac{1}{2(n-r)}·E\left[2(n-r)-4B_{\neg r}\right]\\ & =\frac{1}{2(n-r)}·\left(2(n-r)-4(n-r)p_{e\mid \neg r}\right)\\ E\left[Y_{\Sigma ,W}^{\text{HDSCER}}\right]& =1-2p_{e\mid \neg r}\end{array}$35

For $V\left[Y_{\Delta ,W}^{\text{HDSCER}}\right]$, we have Equation (36):

$\begin{array}{cc}V\left[Y_{\Delta ,W}^{\text{HDSCER}}\right]& =\frac{1}{W}V\left[g_{\Delta ,\text{HDSCER}}\left(B_{\neg r}\right)+N_{\Delta }\right]\\ & =\frac{1}{W}V\left[g_{\Delta ,\text{HDSCER}}\left(B_{\neg r}\right)\right]+\frac{1}{r}\frac{n}{FT}\frac{{\sigma }^2}{P}\frac{1}{W}\\ & =\frac{4}{r^2}V\left[B_r\right]\frac{1}{W}+\frac{1}{r}\frac{n}{FT}\frac{{\sigma }^2}{P}\frac{1}{W}\\ & =\frac{4}{r^2}r{p}_{e\mid \neg r}\left(1-p_{e\mid r}\right)\frac{1}{W}+\frac{1}{r}\frac{n}{FT}\frac{{\sigma }^2}{P}\frac{1}{W}\\ V\left[Y_{\Delta ,W}^{\text{HDSCER}}\right]& =\frac{4}{r}{p}_{e\mid r}\left(1-p_{e\mid r}\right)\frac{1}{W}+\frac{1}{r}\frac{n}{FT}\frac{{\sigma }^2}{P}\frac{1}{W}\end{array}$36

For $V\left[Y_{\Sigma ,W}^{\text{HDSCER}}\right]$, we have Equation (37):

$\begin{array}{cc}V\left[Y_{\Sigma ,W}^{\text{HDSCER}}\right]& =\frac{1}{W}V\left[g_{\Sigma ,\text{HDSCER}}\left(B_{\neg r}\right)+N_{\Sigma }\right]\\ & =\frac{1}{W}V\left[g_{\Sigma , \text{HDSCER} }\left(B_{\neg r}\right)\right]+\frac{1}{n-r}\frac{n}{FT}\frac{{\sigma }^2}{P}\frac{1}{W}\\ & =\frac{4}{{(n-r)}^2}V\left[B_{\neg r}\right]+\frac{1}{n-r}\frac{n}{FT}\frac{{\sigma }^2}{P}\frac{1}{W}\\ & =\frac{1}{W}\frac{4}{{(n-r)}^2}(n-r)p_{e\mid \neg r}\left(1-p_{e\mid r}\right)+\frac{1}{n-r}\frac{n}{FT}\frac{{\sigma }^2}{P}\frac{1}{W}\\ V\left[Y_{\Sigma ,W}^{\text{HDSCER}}\right]& =\frac{4}{n-r}{p}_{e\mid \neg r}\left(1-p_{e\mid \neg r}\right)\frac{1}{W}+\frac{1}{n-r}\frac{n}{FT}\frac{{\sigma }^2}{P}\frac{1}{W}\end{array}$37

The above distributions cover the spoofing case. For the authentic case, the provider knows the watermark, meaning that p_e|r = p_e|¬r = 0. Therefore, the binomial terms cancel, leaving statistics with a mean of 1 and the variances above, but with no binomial terms.

3.4 Adversarial Spoofing Efficacy Among Two Statistics

Now that we have derived the mean and variance of the filter distribution under authentic and spoofing conditions (as a function of the adversary’s chip estimation error probability) in Section 3.3, in this section, we discuss the receiver decision problem. First, we discuss an intuitive example; we then discuss design implications.

In Figure 5, we conceptually connect the adversary’s choice of α to the sum and difference statistics. On the left, we have the security code estimation model with a decision boundary $\alpha =-0.75\sqrt{P}$ selected by the adversary (as an intuitive example). The decision boundary α directly relates to the prior probability that a chip is flipped. On the right, we have the 1-sigma confidence interval for a single 1-ms watermark with a signal-to-noise ratio (SNR) of 0 dB from Anderson et al. (2024b). The green region shows the probability distribution under authentic conditions, and the red region corresponds to spoofing conditions, each from the derivations of Section 3.3. The dashed line is a trajectory defined by Equation (39). As the adversary changes their selection of α, the red ellipse traverses the dashed trajectory. As the SCER SNR increases, the spoofing probability distribution trajectory moves closer to intersecting the authentic case and vice versa.

• Download figure
• Open in new tab
• Download PowerPoint

FIGURE 5

Conceptual figure relating the adversary’s choice of α to the probability distribution function (PDF) of Y_Δ and Y_Σ, as explained in Section 3.4

Figure 5 provides an intuitive visual on the dynamics of how α relates to Y_Δ and Y_Σ. When the receiver applies the central limit theorem over the observation of thousands of watermarks, the ellipses will shrink substantially (e.g., by a factor of $\sqrt{6000}$). Ultimately, with better radio and computational equipment, p_e|r → 0 and p_e|¬r → 0 for the SCER adversary; thus, the adversary will be able to approach a perfect estimation and replay of the watermark. The combination of the narrowing central limit theorem distribution and the knowledge that an increasingly successful SCER adversary could exist motivates a design based exclusively on the expectation value (ignoring the spread of the distribution). Therefore, we provide Figure 6 based on the SNR-level sets computed via Equation (39).

• Download figure
• Open in new tab
• Download PowerPoint

FIGURE 6

Hard-decision expectation trajectory (along α) for varying levels of SNR The non-SCER trajectory line follows along possible values of s.

For the non-SCER case, as in our prior work (Anderson et al., 2024a), we used only Y_Δ. However, for the SCER case, the adversary can select an α that results in missed detection if only Y_Δ is checked. When both terms are checked, we can constrain the adversary’s ability to circumvent authentication checks up to the adversary’s chip estimation efficacy and its choice of α.

From the viewpoint of mathematical conciseness, one can better account for the upper tail Y distributions (for bounding missed-detection probabilities with a threshold detector) and other effects (such as advantages from Section 4) by adjusting the actual SNR of the adversary. For instance, rather than computing the false-alarm and missed-detection probabilities from the integration of the repeatedly convolved distributions of a receiver-decided decision boundary on Y_Δ, Y_Σ, one could approximate this effect by computing the dB-width of sigma, adjust the adversary’s SNR, and continue the design with the central limit theorem formulations in Section 3.3. To design a scheme similar to that of Anderson et al. (2024b), we now consider the problem of selecting n and r values under an SCER model (i.e., how large of a dish can the SCER-capable adversary use while yielding a specific SNR) that yields acceptable missed-detection probabilities. However, it is possible to consider the distribution tails (rather than just the expectation) via repeated convolution of the binomial distributions.

The efficacy of receiver decisions on Y_Δ, Y_Σ can be evaluated by integrating over the joint decision space shown in Figure 6 or with the SNR adjusted by a 3-sigma dB-width or with other adjustments from Section 4. An interesting consequence is the possibility of using Equation (39) as the decision boundary to have a more favorable probability of missed detection and false alarms compared with a linear decision boundary. Note that as Y_Σ decreases, the receiver’s ability to track the signal rapidly decreases, informing a reasonable decision area over Y_Δ, Y_Σ for integration.

4.1 Better SCER Adversaries and Design Implications

At the time of this work, we have not yet found a pathway to mathematically derive the advantage for the soft-decision adversary, determine the best soft-decision adversary, or bound the advantage of any soft-decision adversary. Given the convenience of the mathematically concise derivations for the hard-decision adversary and the conventions of error-correction code, it is likely appropriate to attempt to find a soft-information advantage bound or correction for use in designing a system with the hard-decision derivations. For instance, suppose that one could show that a soft-decision adversary performs no better than a hard-decision adversary with an x -dB-larger SNR. Then, one could design a system using the hard-decision formulae with simple corrections.

Because an adversary could continually achieve a better radio for the security code estimation, the GNSS designer should focus on ensuring that the system design requires an antenna that is reasonably burdensome on the spoofer and easy for someone in the area to detect. For instance, one could design the system to require a large dish antenna that would likely be visible in a protected area (e.g., in the vicinity of an airport). Noting that the r = 15 design of Anderson et al. (2024b) was created before this work, we can derive the gain required to spoof a receiver. In our prior work (Anderson et al., 2024b), we suggested a decision boundary of Y_Δ > 0.5 for missed-detection and false-alarm rates of 10^-9 for non-SCER adversaries. To spoof a receiver on expectation, the adversary would need an antenna array or a high-gain antenna until the spoofing ellipses from Figure 8 cross past the receiver’s decision boundary (e.g., Y_Δ, Y_Σ > 0.5 or Y_Δ + Y_Σ > 1).

Rigorously determining the advantage of a soft-decision adversary presents a difficult challenge in both deriving an answer and defining a model. For instance, in the model of this work, an adversary could put enormous power on a single chip (and zero out the other chips). Among all of the ranging code measurements, suppose that the adversary placed power on only two chips: the one with the highest measured likelihood of being inverted and the one with the highest measured likelihood of not being inverted. It is very likely that these two measurements (e.g., among r and n – r) are correct. With a perfectly tracking receiver, the adversary could spoof Y_Δ and Y_Σ by placing maximum power on those two chips. However, this represents a degenerate case, motivating a more sophisticated receiver and spoofing radio models (e.g., where the power of these chips is saturated in the two-chip power spoof). As the model becomes more complicated and realistic, it is unlikely that there will be a mathematically concise answer, motivating us to determine the best solution via Monte Carlo methods and direct experimentation.