Authentication of Satellite-Based Augmentation Systems with Over-the-Air Rekeying Schemes

Here we delineate a complete satellite-based augmentation system (SBAS) authentication scheme, including over-the-air rekeying (OTAR), that uses the elliptic curve digital signature algorithm (ECDSA) and timed efficient stream loss-tolerant authentication (TESLA) without the quadrature (Q) channel. This scheme appends two new message types to the SBAS scheduler without over-burdening the message schedule. We have taken special care to ensure that our scheme (1) meets the appropriate security requirements needed to prevent and deter spoofing; (2) is compatible with existing cryptographic standards; (3) is flexible, expandable, and future-proof to different cryptographic and implementation schemes; and (4) is backward compatible with legacy receivers. The scheme accommodates a diverse set of features, including authenticating core-constellation ephemerides. We discuss the SBAS provider and receiver machine state and its startup, including its use by aircraft that traverse differing SBAS coverage areas. We tested our scheme with existing SBAS simulation and analysis tools and found that it had negligible effects on current SBAS availability and continuity requirements.