Security challenges for for

Global Navigation Satellite Systems

Elisabetta CarraraSecurity Accreditation Technical Officer

elisabetta.carrara@gsa.europa.eu

20-22 January 2010 – ETSI, Sophia Antipolis, France

European GNSS

� European Global Navigation Satellite Systems (GNSS)� Galileo

• First launches 2010, operational after 2013

� EGNOS (the European navigation Satellite Based Augmentation System)

• EGNOS open Service launched in October 2009

5th ETSI Security Workshop 2

� GNSS Supervisory Authority (GSA)� GSA is a community Agency of the European Union

� Created by the Council Regulation (EC) No 1321/2004 of 12 July 2004

� Security as core responsibility• Security accreditation• Operation of the GNSS Security Monitoring Centre (GSMC)• Promotion of applications and services• Support to the European Commission

Galileo Services

Open Access

Commercial

Free to air; Mass market; Simple positioning

Encrypted; High accuracy; Guaranteed service

Open Service + Integrity and

5th ETSI Security Workshop 3

Safety of Life

Search and Rescue

Open Service + Integrity and Authentication of signal

Encrypted; Integrity; Continuous availability

Near real-time; Precise; Return link feasible

Public Regulated

EU Transport Council Approval: 09.12.2004

Galileo Security

Accidental or deliberate attack

on Galileo

���� Prevention of misuse of services

�Control of service denial

�Control of legitimate use

leg

itim

ate

use

Galileo system and services

5th ETSI Security Workshop 4

Subversive and hostile use of

Galileo services

�Control of legitimate use

leg

itim

ate

use

���� Protection of Galileo infrastructure and

���� Protection of all services

� Ensure availability

� Ensure integrity

�Ensure confidentiality

Illegitimate use

EU GNSS as Critical Infrastructure

� Potential use in key areasmakes the EU GNSS a Critical Infrastructure� Positioning

• Reporting the coordinates of hazardous goods, high value items, fleet management …

� Navigation• For critical transport, law enforcement, emergency

services, defence …

5th ETSI Security Workshop 5

� Timing• Systems and network synchronization for electricity, oil

and gas distribution, telecom operators …

� …and let us not forget the increasing dependability of the society from the GNSS technologies

GALILEO ArchitectureGALILEO Architecture

5th ETSI Security Workshop 6

• 3 Control Centres

• 5 TT&C Stations

•9 Missions Uplink Stations

• 30-40 Galileo Sensor Stations

• Constellation of 30 Satellites

• Supporting external entities

EGNOS ArchitectureEGNOS Architecture

5th ETSI Security Workshop 7

Galileo Security Accreditation

� Galileo Security Accreditation� a formal statement issued by an appointed Authority to confirm that the system

itself can process, store or forward sensitive or classified information without unacceptable risks, according to specific conditions that are defined in the applicable System-Specific Security Requirements Statement and in the related Security Operating Procedures.

� Security Risk management process

5th ETSI Security Workshop 8

� Security Risk management process � Component, site, system levels

� The security accreditation process� It ensures that the security measures are adequate

to defend the system against threats and vulnerabilities� It ensures that the system itself does not meet any

unacceptable risk during its lifecycle� Mandatory for information system processing

classified information

GNSS Certification

� Safety Certification of GNSS � Use for safety critical applications

EGNOS (2010):� EGNOS to be used for navigation of civil

aircraft

5th ETSI Security Workshop 9

aircraft� EC Single European Sky Regulations

� Systems delivering air navigation services to civil aviation shall be certified

� Follow ICAO standards� Cooperation with Eurocontrol

� Safety goes along with Security� Work on a Security Management System

� Required by EC Regulations� Recommended by Eurocontrol guidelines

Galileo PRS

� Public Regulated Service� For users authorised by governements� Access is controlled by the EU Member States� Separate from other Services (continuity of service)� Improved robustness to interference, jamming� Protected against spoofing attacks

� Integrity

5th ETSI Security Workshop 10

� Integrity� Trustworthy signal

� Continuity� PRS has a low risk of unpredicted outages

� Technical Standards� PRS meets performance requirements for air and maritime

navigation

Standardisation of PRS Receivers

� Standardisation activities to be initiated� Links to different applications� EU FP6 & FP7� PROGRESS (Programme for Governmental Receivers

Specification and Standardisation)� Paving the way for PRS Standardisation framework of PRS receiver and Security

Module, e.g.

5th ETSI Security Workshop 11

Module, e.g. • Establishment of ah-hoc European Standardisation fora

– Followed by handover to European Standardisation Organisations• definition of preliminary performance specifications• Definition of the security requirements for PRS receivers and Security Modules • guidelines for security certification and accreditation of the PRS receivers• Framework for the receiver safety certification• Functional analysis and Protection Profile for PRS Security Module• performance simulations

� Final Workshop in January 2011

� http://progress.galileoprojects.eu

5th ETSI Security Workshop 12

Thank you for your attention