Abstract

In this paper, Chips Message Robust Authentication, or Chimera, is proposed to jointly authenticate both the navigation data and the spreading code of a GPS civilian signal. Authentication schemes protect the user community, especially critical infrastructure users, against spoofing attacks by providing evidence that the received signal is from a reliable source. Chimera employs the concept of time-binding, in which the spreading code is punctured by markers that are cryptographically generated using a key derived from the digitally signed navigation message. The navigation message and the spreading code cannot be independently generated. Bit commitment ensures that a spoofer cannot generate the correct marker sequence until after it has been broadcast. Two variations are discussed: a “slow” channel for standalone users and a “fast” channel for more rapid authentication when out-of-band information is available. Appropriate performance metrics and architectures for Chimera are proposed, and the choice of specific parameters is explained in the context of expected performance. These design principles are illustrated with a specific implementation of Chimera for the GPS L1C signal.