Time Synchronization of TESLA-Enabled GNSS Receivers

Abstract

As timed efficient stream loss-tolerant authentication (TESLA)-enabled global navigation satellite systems (GNSS) for authenticated positioning reaches ubiquity, receivers must use an onboard, GNSS-independent clock (GIC) and carefully constructed time synchronization algorithms to assert the authenticity afforded. This work provides the necessary checks and synchronization protocols needed in the broadcast-only GNSS context. We provide proof of security for each of our algorithms under a delay-capable adversary. The algorithms included herein enable a GNSS receiver to use its GIC to determine whether a message arrived at the correct time, to determine whether its GIC is safe to use and when the clock will no longer be safe in the future due to predicted clock drift, and to resynchronize its GIC. Each algorithm is safe to use even when an adversary induces delays within the protocol. Moreover, we discuss the implications of GNSS authentication schemes that use two simultaneous TESLA instances of different authentication cadences. To a receiver implementer or standards author, this work provides the necessary implementation algorithms to assert security and provides a comprehensive guide on why these methods are required. We discuss and address a vulnerability related to the standard synchronization protocols in the context of broadcast-only TESLA.