Leuven duo ensure safe ride for Europe’s navigation system


Borrowing from cryptography and online banking, Vincent Rijmen and Tomer Ashur are ensuring that Galileo, Europe’s answer to the GPS, is hacker-proof by the time it rolls out in 2020

Turn left at the next right

In times when computers without internet access seem an artefact of the past and even the most basic kitchen appliances have wi-fi connectivity, few things in our lives seem safe from hackers’ prying eyes.

From the GPS receiver in your car, to the map application in your smartphone, a skilled hacker can easily take control of them and begin sending you false information remotely. In 2020, when Europe finally gets its own navigation system – the Galileo – these issues will become more pressing than ever.

The European Space Agency (ESA) is currently working to make sure that the system is airtight by the time it rolls out. After years of planning, the first of the 30 satellites were launched in 2011.

Galileo – run by the European Commission in partnership with the ESA – is seen as Europe’s answer to the American GPS and the Russian Glonass, at a time when the relations between the EU, the US and Russia have become chilly.

The team of scientists and researchers at ESA are working on authentication features that would prevent Galileo from picking up false signals or rejecting real ones. Vincent Rijmen and Tomer Ashur of the University of Leuven are the researchers helping the ESA make the signals more difficult to forge.

Unbreakable codes

But it’s no easy task. Because half of the system’s satellites are already in orbit – and to avoid delaying the whole operation – they can implement only a handful of safety features at a time. This limit also works to not tax the signals’ limited bandwidth.

Some of the features appear very conventional, borrowing from electronic signatures used in credit card transactions, online banking and internet activities that involve transferring sensitive information.

“This is why we opted for the method used in electronic signatures,” says Rijmen, who works at the University of Leuven’s Department of Electrical Engineering. “These signatures take up less than 100 bits, which is also the reason why they expire so quickly. But this is not a problem in the case of satellite navigation because the location is authenticated every 30 seconds or less.”

You could call me a cryptanalyst, which means that I usually try to ‘hack’ things

- Tomer Ashur of KU Leuven

Ashur, a PhD researcher under Rijmen’s mentorship, wrote the assessment report on the security features for the entire authentication system, weighing in on the benefits of certain cryptographic tools and parameters. “You could call me a cryptanalyst, which means that I usually try to ‘hack’ things,” he laughs. “But since it’s done by the good guys, I’d prefer to call it ‘a security assessment’.”

Why is it so important that the Galileo system is equipped with an airtight authentication protocol? “In 2007, I was working for a data security company that protects businesses from data leaks,” says Ashur. “We had a project with this huge bank in South Africa, and we were supposed to install our software on the bank’s computers.”

As is often the case, he continues, “some of the installations didn’t go so well, and one of them was so faulty that the host computer could no longer be started. Unfortunately, this computer was located in the security operations room and was responsible for showing the location of all the bank’s armoured trucks.”

Message received

A more trivial example, he adds, is the recent hype surrounding the Pokémon Go game. “Last September, a large number of users were banned from playing because some of them were cheating inside the game by providing fake location data and catching pokemons that were not in their vicinity.”

The existing satellite-based navigation systems, he explains, were originally developed for military purposes – the US Army still operates a high-precision version of its GPS system. “This is clearly a problem that needs solving.”

How does this compare to encryption used in emails or instant messengers? “Encryption has got nothing to do with this,” says Ashur. “The purpose of encryption is to hide information so that it cannot be read by an unauthorised party. Since satellite navigation data is openly transmitted, this is not what we were looking for.”

What the researchers did instead was add a sort of signature that “allows the receiver to verify that the data was really sent from the satellite and is not a forgery made by the hacker,” Ashur explains. “Data authentication is a common problem in cryptography, and there are standard methods on how to deal with it.”

Adding secret codes to Galileo’s system and signals is a real challenge. The cost of exchanging information between the satellites and the units on the ground “is extremely high,” says Ashur. “The environment in which we have to work is also very constrained. You could compare it to having to convey all the information in this article in only two sentences.”

Photo: ESA/P. Carril