Papers
Topics
Authors
Recent
Search
2000 character limit reached

Security Code Estimation & Replay (SCER)

Updated 3 July 2026
  • SCER is a spoofing attack technique that estimates and replays encrypted GNSS codes to mislead secure positioning receivers.
  • Detection methods leverage PRF-based ranging and partial-correlation detectors to quantify adversary guessing probability and system vulnerabilities.
  • Countermeasures adjust system parameters like code length and aggregation time to reduce missed-detection probabilities to negligible levels.

Security Code Estimation and Replay (SCER) refers to a family of spoofing attacks and the associated cryptographic and signal processing defenses in Global Navigation Satellite Systems (GNSS), particularly for applications requiring Position, Navigation, and Timing (PNT) authentication. SCER attacks exploit the adversary’s ability to estimate unpredictable cryptographic ranging codes or navigation data “on the fly” through high-fidelity observation, with the intent of re-transmitting a forged but plausible signal capable of fooling cryptographically-protected receivers. Modern countermeasures—including those based on pseudorandom function (PRF) ranging and partial-correlation detectors—explicitly model and bound SCER effectiveness by quantifying the adversary’s achievable guessing probability, system parameter sensitivities, and required radio equipment resources.

1. SCER Attack Model and Signal Dynamics

In the canonical SCER scenario, a spoofer is equipped with a high-gain receiving antenna front-end to capture the live GNSS signal—including code sequences generated and protected by a PRF using a secret key available only to the satellite. Lacking predictive knowledge of the cryptographically-generated codes or message symbols, the adversary proceeds as follows (Anderson, 2 Oct 2025, Seco-Granados et al., 2020):

  • Listen: The spoofer samples the encrypted, unpredictable signal at or above the Nyquist rate over each code period of duration TT, for chip-length nn (e.g., n=5115n=5115 for Galileo E6-C).
  • Estimate: For each chip, the adversary forms a hard-decision estimate R^i=±1\hat{R}_i = \pm1 via thresholding the received sample Si=±P+NiS_i = \pm\sqrt{P} + N_i, where NiN(0,σ2)N_i \sim \mathcal{N}(0,\sigma^2) is AWGN.
  • Replay: The attacker buffers nn estimated chips per period and synthesizes a forged signal, re-modulating the estimated sequence onto the carrier and transmitting with some delay Δt\Delta t.
  • Iterate: For multi-code aggregation, this process is repeated over WW consecutive codes.

The central destabilizing feature is the adversary’s inability to predict the next PRF code or cryptographically-unpredictable data symbols in advance; thus, any estimation process is fundamentally limited by thermal noise and hardware constraints, which directly impacts attack success.

2. Mathematical Framework for SCER Probability Analysis

Authentication in PRF-based ranging is statistically modeled by considering a binary hypothesis test post–TESLA-key disclosure or after OSNMA backward authentication (Anderson, 2 Oct 2025):

YPRF,W=1Wj=1WkPRFRPRFSjY_{\mathrm{PRF},W} = \frac{1}{W} \sum_{j=1}^W k_{\mathrm{PRF}} R^{\mathrm{PRF}}_{-} \ast S_j

where nn0 and the sum is over nn1 codes. The distribution is:

nn2

Here, nn3 with nn4, nn5, and nn6.

The optimal receiver declares authenticity if nn7. The probability of missed detection (PMD) for SCER, i.e., the chance that a forged code fools the authentication:

nn8

where nn9.

In the large-n=5115n=51150 regime, a normal approximation yields:

n=5115n=51151

n=5115n=51152

This formalism allows for closed-form calculation of the required chip SNR (n=5115n=51153) for the spoofer, under which PMD is driven above a critical (infeasible) threshold, such as n=5115n=51154 for 128-bit security.

3. System Parameter Scaling and Equipment Requirements

The security of PRF GNSS ranging against SCER depends critically on the parameters n=5115n=51155. Larger code length n=5115n=51156 and greater aggregation time n=5115n=51157 drive down the variance of the test statistic, exponentially reducing missed-detection probability for fixed per-chip SNR (Anderson, 2 Oct 2025). For Galileo E6-C, with n=5115n=51158 and n=5115n=51159:

  • R^i=±1\hat{R}_i = \pm10 ms aggregate ensures PMD R^i=±1\hat{R}_i = \pm11 under nominal (non-SCER) models.
  • To mount a successful SCER attack (e.g., R^i=±1\hat{R}_i = \pm12), the adversary must achieve at least R^i=±1\hat{R}_i = \pm13 dB chip SNR, which with R^i=±1\hat{R}_i = \pm14 dBW signal requires >15 dBi antenna gain, a low-noise front end, and I/Q buffering of R^i=±1\hat{R}_i = \pm15 million samples per R^i=±1\hat{R}_i = \pm16 ms interval.
  • Required hardware—a high-gain phased array, sophisticated buffering, and sub-ms replay timing—is significant, and subject to detection, monitoring, or interdiction.

Increasing R^i=±1\hat{R}_i = \pm17 and R^i=±1\hat{R}_i = \pm18 makes random guessing infeasible as the binomial error rate aggregates, while larger PRF keyspace eliminates the chance of code reuse within the attack’s observation window.

4. Partial-Correlation Based SCER Detection in OSNMA

OSNMA-enabled Galileo E1-B signals offer unpredictability via cryptographically-secure bits, exposing SCER attacks through transient waveform distortions that arise when the spoofer attempts real-time symbol estimation (Seco-Granados et al., 2020). Five detectors based on partial correlations over predictable and unpredictable parts of the signal are introduced (denoted R^i=±1\hat{R}_i = \pm19–Si=±P+NiS_i = \pm\sqrt{P} + N_i0):

Detector Test Statistic Key Feature
Si=±P+NiS_i = \pm\sqrt{P} + N_i1 Si=±P+NiS_i = \pm\sqrt{P} + N_i2 Ratio (raw)
Si=±P+NiS_i = \pm\sqrt{P} + N_i3 Si=±P+NiS_i = \pm\sqrt{P} + N_i4 Ratio (quadratic)
Si=±P+NiS_i = \pm\sqrt{P} + N_i5 Si=±P+NiS_i = \pm\sqrt{P} + N_i6 Mean difference
Si=±P+NiS_i = \pm\sqrt{P} + N_i7 Si=±P+NiS_i = \pm\sqrt{P} + N_i8 C/N₀ estimate diff
Si=±P+NiS_i = \pm\sqrt{P} + N_i9 NiN(0,σ2)N_i \sim \mathcal{N}(0,\sigma^2)0 Phase difference

With NiN(0,σ2)N_i \sim \mathcal{N}(0,\sigma^2)1 (“mean difference”) outperforming others in both sensitivity and implementation simplicity, requiring as few as NiN(0,σ2)N_i \sim \mathcal{N}(0,\sigma^2)2 unpredictable symbols (sub-second at 250 symbols/s) for NiN(0,σ2)N_i \sim \mathcal{N}(0,\sigma^2)3 with minimal false alarms (1–2%) when the spoofer has no power advantage. Even with spoofer’s +5 dB power, NiN(0,σ2)N_i \sim \mathcal{N}(0,\sigma^2)4 (1.5 s).

Thresholds are set analytically based on the expected Rayleigh distribution under NiN(0,σ2)N_i \sim \mathcal{N}(0,\sigma^2)5, with ROC curves empirically validated. All detectors operate efficiently on standard GNSS SoCs without additional hardware.

5. Practical Deployment and Protocol Implications

SCER defense for GNSS is shaped by the interplay of cryptographic unpredictability (e.g., OSNMA MACs, PRF codes), aggregation and test windowing parameters, and real-time detection strategies:

  • Robust detection is achieved by randomizing partial-correlation windows and by leveraging the known release cadence of unpredictable OSNMA bits.
  • Receiver computational burden is negligible (<1% CPU for 2500 partial correlations/s).
  • The need for clock and delay consistency (to thwart accumulation of timing slippage) forces the spoofer to attempt jamming and replay with delays of tens to hundreds of microseconds, but practical oscillator stabilities make this impractical without extensive, detectable interference.
  • The OSNMA unpredictable-symbol budget ensures real-time detection is possible even with moderate adversarial signal power.

A plausible implication is that any meaningful SCER attempt requires not only sophisticated radio hardware but also the ability to sustain uninterrupted capture and replay for periods exceeding GNSS signal reacquisition times, rendering covert large-scale attacks impractical under realistic field constraints.

6. Experimental Results and Comparative Detector Performance

Experiments demonstrate that under AWGN and land-mobile-satellite (LMS) channel models, the NiN(0,σ2)N_i \sim \mathcal{N}(0,\sigma^2)6 detector achieves the best trade-off between detection probability (NiN(0,σ2)N_i \sim \mathcal{N}(0,\sigma^2)7) and false alarm (NiN(0,σ2)N_i \sim \mathcal{N}(0,\sigma^2)8):

  • With NiN(0,σ2)N_i \sim \mathcal{N}(0,\sigma^2)9, nn0 reaches nn1 after nn2 unpredictable symbols (∼0.44 s at 250 sym/s) at zero dB spoofer advantage, and nn3 symbols (∼1.5 s) at +5 dB.
  • Sensitivity degrades by less than nn4 under high mobility (100 km/h LMS).
  • As only hundreds of unpredictable symbols per interval are needed, and OSNMA provides nn5 in nn6 s, temporal robustness is high.
  • All detectors can be fused across satellites for improved detection rate, and thresholds can be adaptively set with statistical monitoring.

This suggests SCER-resilient GNSS receivers can flag attacks well within the observation period the spoofer would require to synchronize and effect a successful replay.

7. Strengths, Limitations, and Future Directions

Cryptographic unpredictability exploited by PRF ranging and OSNMA defends effectively against SCER attacks, with closed-form analyses linking hardware constraints to missed-detection rates and receiver-design parameters. The partial-correlation detection framework, particularly the nn7 detector, provides a lightweight, scalable, and channel-agnostic solution for live GNSS receivers (Anderson, 2 Oct 2025, Seco-Granados et al., 2020).

Limitations include:

  • Dependence on the receiver’s ability to maintain lock on the authentic signal.
  • Necessity for accurate modeling of OSNMA unpredictability for threshold tuning.
  • Detection rate trade-offs must be balanced against false alarms, especially in dense multipath or under frequent reacquisition intervals.

Future work is focused on formal ROC curve derivation, hybridizing amplitude/phase analysis with doppler and cycle-slip checks, sequential probability ratio testing to lower nn8 without increasing observation horizon, and multi-satellite fusion for scalable, cross-constellation detection (Seco-Granados et al., 2020).

SCER attacks are thus rendered both detectable and impractical against properly engineered, cryptographically-protected GNSS systems, affirming the centrality of unpredictability and rapid authentication cycles in future PNT security architectures.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (2)

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Security Code Estimation and Replay (SCER).