On the Impact of Channel Cross-Correlations in High-Sensitivity Receivers for Galileo E1 OS and GPS L1C Signals

One of the most promising features of the modernized global navigation satellite systems signals is the presence of pilot channels that, being data-transition free, allow for increasing the coherent integration time of the receivers. Generally speaking, the increased integration time allows to better average the thermal noise component, thus improving the postcorrelation SNR of the receiver in the acquisition phase. On the other hand, for a standalone receiver which is not aided or assisted, the acquisition architecture requires that only the pilot channel is processed, at least during the first steps of the procedure. The aim of this paper is to present a detailed investigation on the impact of the code cross-correlation properties in the reception of Galileo E1 Open Service and GPS L1C civil signals. Analytical and simulation results demonstrate that the S-curve of the code synchronization loop can be affected by a bias around the lock point. This effect depends on the code cross-correlation properties and on the receiver setup. Furthermore, in these cases, the sensitivity of the receiver to other error sources might increase, and the paper shows how in presence of an interfering signal the pseudorange bias can be magnified and lead to relevant performance degradatio

Trusted GNSS-Based Time Synchronization for Industry 4.0 Applications

The protection of satellite-derived timing information is becoming a fundamental requirement in Industry 4.0 applications, as well as in a growing number of critical infrastructures. All the industrial systems where several nodes or devices communicate and/or coordinate their functionalities by means of a communication network need accurate, reliable and trusted time synchronization. For instance, the correct operation of automation and control systems, measurement and automatic test systems, power generation, transmission, and distribution typically require a sub-microsecond time accuracy. This paper analyses the main attack vectors and stresses the need for software integrity control at network nodes of Industry 4.0 applications to complement existing security solutions that focus on Global Navigation Satellite System (GNSS) radio-frequency spectrum and Precision Time Protocol (PTP), also known as IEEE-1588. A real implementation of a Software Integrity Architecture in accordance with Trusted Computing principles concludes the work, together with the presentation of promising results obtained with a flexible and reconfigurable testbed for hands-on activities

The Local Integrity Approach for Urban Contexts: Definition and Vehicular Experimental Assessment

A novel cooperative integrity monitoring concept, called “local integrity”, suitable to automotive applications in urban scenarios, is discussed in this paper. The idea is to take advantage of a collaborative Vehicular Ad hoc NETwork (VANET) architecture in order to perform a spatial/temporal characterization of possible degradations of Global Navigation Satellite System (GNSS) signals. Such characterization enables the computation of the so-called “Local Protection Levels”, taking into account local impairments to the received signals. Starting from theoretical concepts, this paper describes the experimental validation by means of a measurement campaign and the real-time implementation of the algorithm on a vehicular prototype. A live demonstration in a real scenario has been successfully carried out, highlighting effectiveness and performance of the proposed approach

Galileo AltBOC receivers - Analysis of receiver architectures, acquisition strategies and multipath mitigation techniques for the E5 AltBOC signal

Master of Science Thesi

Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks

The Self-Sovereign Identity (SSI) is a decentralized paradigm enabling full control over the data used to build and prove the identity. In Internet of Things networks with security requirements, the Self-Sovereign Identity can play a key role and bring benefits with respect to centralized identity solutions. The challenge is to make the SSI compatible with resource-constraint IoT networks. In line with this objective, the paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set. The solution is built around the proof of membership notion. The paper analyzes two membership solutions, a novel solution designed by the Authors based on Merkle trees and a second one based on the adaptation of Boneh, Boyen and Shacham (BBS) group signature scheme. The paper concludes with a performance estimation and a comparative analysis

SNAP: An authentication concept for the Galileo open service

The design of a solution for the authentication of both navigation data bits and spreading code chips, referred to as SNAP and suitable for the evolution of the Galileo E1 OS signal, is presented in the paper. Though the technique is innovative and able to achieve predefined authentication performance, it exploits the structure of the legacy Galileo signal and the characteristics of the OS NMA. A detailed overview of the open choices for the design of signal components dedicated to authentication is provided, together with an analysis of signal parameters definition. A possible implementation option of the SNAP solution is also presented

Integrity Verification of Distributed Nodes in Critical Infrastructures

The accuracy and reliability of time synchronization and distribution are essential requirements for many critical infrastructures, including telecommunication networks, where 5G technologies place increasingly stringent conditions in terms of maintaining highly accurate time. A lack of synchronization between the clocks causes a malfunction of the 5G network, preventing it from providing a high quality of service; this makes the time distribution network a very viable target for attacks. Various solutions have been analyzed to mitigate attacks on the Global Navigation Satellite System (GNSS) radio-frequency spectrum and the Precision Time Protocol (PTP) used for time distribution over the network. This paper highlights the significance of monitoring the integrity of the software and configurations of the infrastructural nodes of a time distribution network. Moreover, this work proposes an attestation scheme, based on the Trusted Computing principles, capable of detecting both software violations on the nodes and hardware attacks aimed at tampering with the configuration of the GNSS receivers. The proposed solution has been implemented and validated on a testbed representing a typical synchronization distribution network. The results, simulating various types of adversaries, emphasize the effectiveness of the proposed approach in a wide range of typical attacks and the certain limitations that need to be addressed to enhance the security of the current GNSS receivers

Toward a Post-Quantum Zero-Knowledge Verifiable Credential System for Self-Sovereign Identity

The advent of quantum computers brought a large interest in post-quantum cryptography and in the migration to quantum-resistant systems. Protocols for Self-Sovereign Identity (SSI) are among the fundamental scenarios touched by this need. The core concept of SSI is to move the control of digital identity from third-party identity providers directly to individuals. This is achieved through Verificable Credentials (VCs) supporting anonymity and selective disclosure. In turn, the implementation of VCs requires cryptographic signature schemes compatible with a proper Zero-Knowledge Proof (ZKP) framework. We describe the two main ZKP VCs schemes based on classical cryptographic assumptions, that is, the signature scheme with efficient protocols of Camenisch and Lysyanskaya, which is based on the strong RSA assumption, and the BBS+ scheme of Boneh, Boyen and Shacham, which is based on the strong Diffie-Hellman assumption. Since these schemes are not quantum-resistant, we select as one of the possible post-quantum alternatives a lattice-based scheme proposed by Jeudy, Roux-Langlois, and Sander, and we try to identify the open problems for achieving VCs suitable for selective disclosure, non-interactive renewal mechanisms, and efficient revocation