Security Code Estimation & Replay (SCER)
- SCER is a spoofing attack technique that estimates and replays encrypted GNSS codes to mislead secure positioning receivers.
- Detection methods leverage PRF-based ranging and partial-correlation detectors to quantify adversary guessing probability and system vulnerabilities.
- Countermeasures adjust system parameters like code length and aggregation time to reduce missed-detection probabilities to negligible levels.
Security Code Estimation and Replay (SCER) refers to a family of spoofing attacks and the associated cryptographic and signal processing defenses in Global Navigation Satellite Systems (GNSS), particularly for applications requiring Position, Navigation, and Timing (PNT) authentication. SCER attacks exploit the adversary’s ability to estimate unpredictable cryptographic ranging codes or navigation data “on the fly” through high-fidelity observation, with the intent of re-transmitting a forged but plausible signal capable of fooling cryptographically-protected receivers. Modern countermeasures—including those based on pseudorandom function (PRF) ranging and partial-correlation detectors—explicitly model and bound SCER effectiveness by quantifying the adversary’s achievable guessing probability, system parameter sensitivities, and required radio equipment resources.
1. SCER Attack Model and Signal Dynamics
In the canonical SCER scenario, a spoofer is equipped with a high-gain receiving antenna front-end to capture the live GNSS signal—including code sequences generated and protected by a PRF using a secret key available only to the satellite. Lacking predictive knowledge of the cryptographically-generated codes or message symbols, the adversary proceeds as follows (Anderson, 2 Oct 2025, Seco-Granados et al., 2020):
- Listen: The spoofer samples the encrypted, unpredictable signal at or above the Nyquist rate over each code period of duration , for chip-length (e.g., for Galileo E6-C).
- Estimate: For each chip, the adversary forms a hard-decision estimate via thresholding the received sample , where is AWGN.
- Replay: The attacker buffers estimated chips per period and synthesizes a forged signal, re-modulating the estimated sequence onto the carrier and transmitting with some delay .
- Iterate: For multi-code aggregation, this process is repeated over consecutive codes.
The central destabilizing feature is the adversary’s inability to predict the next PRF code or cryptographically-unpredictable data symbols in advance; thus, any estimation process is fundamentally limited by thermal noise and hardware constraints, which directly impacts attack success.
2. Mathematical Framework for SCER Probability Analysis
Authentication in PRF-based ranging is statistically modeled by considering a binary hypothesis test post–TESLA-key disclosure or after OSNMA backward authentication (Anderson, 2 Oct 2025):
where 0 and the sum is over 1 codes. The distribution is:
2
Here, 3 with 4, 5, and 6.
The optimal receiver declares authenticity if 7. The probability of missed detection (PMD) for SCER, i.e., the chance that a forged code fools the authentication:
8
where 9.
In the large-0 regime, a normal approximation yields:
1
2
This formalism allows for closed-form calculation of the required chip SNR (3) for the spoofer, under which PMD is driven above a critical (infeasible) threshold, such as 4 for 128-bit security.
3. System Parameter Scaling and Equipment Requirements
The security of PRF GNSS ranging against SCER depends critically on the parameters 5. Larger code length 6 and greater aggregation time 7 drive down the variance of the test statistic, exponentially reducing missed-detection probability for fixed per-chip SNR (Anderson, 2 Oct 2025). For Galileo E6-C, with 8 and 9:
- 0 ms aggregate ensures PMD 1 under nominal (non-SCER) models.
- To mount a successful SCER attack (e.g., 2), the adversary must achieve at least 3 dB chip SNR, which with 4 dBW signal requires >15 dBi antenna gain, a low-noise front end, and I/Q buffering of 5 million samples per 6 ms interval.
- Required hardware—a high-gain phased array, sophisticated buffering, and sub-ms replay timing—is significant, and subject to detection, monitoring, or interdiction.
Increasing 7 and 8 makes random guessing infeasible as the binomial error rate aggregates, while larger PRF keyspace eliminates the chance of code reuse within the attack’s observation window.
4. Partial-Correlation Based SCER Detection in OSNMA
OSNMA-enabled Galileo E1-B signals offer unpredictability via cryptographically-secure bits, exposing SCER attacks through transient waveform distortions that arise when the spoofer attempts real-time symbol estimation (Seco-Granados et al., 2020). Five detectors based on partial correlations over predictable and unpredictable parts of the signal are introduced (denoted 9–0):
| Detector | Test Statistic | Key Feature |
|---|---|---|
| 1 | 2 | Ratio (raw) |
| 3 | 4 | Ratio (quadratic) |
| 5 | 6 | Mean difference |
| 7 | 8 | C/N₀ estimate diff |
| 9 | 0 | Phase difference |
With 1 (“mean difference”) outperforming others in both sensitivity and implementation simplicity, requiring as few as 2 unpredictable symbols (sub-second at 250 symbols/s) for 3 with minimal false alarms (1–2%) when the spoofer has no power advantage. Even with spoofer’s +5 dB power, 4 (1.5 s).
Thresholds are set analytically based on the expected Rayleigh distribution under 5, with ROC curves empirically validated. All detectors operate efficiently on standard GNSS SoCs without additional hardware.
5. Practical Deployment and Protocol Implications
SCER defense for GNSS is shaped by the interplay of cryptographic unpredictability (e.g., OSNMA MACs, PRF codes), aggregation and test windowing parameters, and real-time detection strategies:
- Robust detection is achieved by randomizing partial-correlation windows and by leveraging the known release cadence of unpredictable OSNMA bits.
- Receiver computational burden is negligible (<1% CPU for 2500 partial correlations/s).
- The need for clock and delay consistency (to thwart accumulation of timing slippage) forces the spoofer to attempt jamming and replay with delays of tens to hundreds of microseconds, but practical oscillator stabilities make this impractical without extensive, detectable interference.
- The OSNMA unpredictable-symbol budget ensures real-time detection is possible even with moderate adversarial signal power.
A plausible implication is that any meaningful SCER attempt requires not only sophisticated radio hardware but also the ability to sustain uninterrupted capture and replay for periods exceeding GNSS signal reacquisition times, rendering covert large-scale attacks impractical under realistic field constraints.
6. Experimental Results and Comparative Detector Performance
Experiments demonstrate that under AWGN and land-mobile-satellite (LMS) channel models, the 6 detector achieves the best trade-off between detection probability (7) and false alarm (8):
- With 9, 0 reaches 1 after 2 unpredictable symbols (∼0.44 s at 250 sym/s) at zero dB spoofer advantage, and 3 symbols (∼1.5 s) at +5 dB.
- Sensitivity degrades by less than 4 under high mobility (100 km/h LMS).
- As only hundreds of unpredictable symbols per interval are needed, and OSNMA provides 5 in 6 s, temporal robustness is high.
- All detectors can be fused across satellites for improved detection rate, and thresholds can be adaptively set with statistical monitoring.
This suggests SCER-resilient GNSS receivers can flag attacks well within the observation period the spoofer would require to synchronize and effect a successful replay.
7. Strengths, Limitations, and Future Directions
Cryptographic unpredictability exploited by PRF ranging and OSNMA defends effectively against SCER attacks, with closed-form analyses linking hardware constraints to missed-detection rates and receiver-design parameters. The partial-correlation detection framework, particularly the 7 detector, provides a lightweight, scalable, and channel-agnostic solution for live GNSS receivers (Anderson, 2 Oct 2025, Seco-Granados et al., 2020).
Limitations include:
- Dependence on the receiver’s ability to maintain lock on the authentic signal.
- Necessity for accurate modeling of OSNMA unpredictability for threshold tuning.
- Detection rate trade-offs must be balanced against false alarms, especially in dense multipath or under frequent reacquisition intervals.
Future work is focused on formal ROC curve derivation, hybridizing amplitude/phase analysis with doppler and cycle-slip checks, sequential probability ratio testing to lower 8 without increasing observation horizon, and multi-satellite fusion for scalable, cross-constellation detection (Seco-Granados et al., 2020).
SCER attacks are thus rendered both detectable and impractical against properly engineered, cryptographically-protected GNSS systems, affirming the centrality of unpredictability and rapid authentication cycles in future PNT security architectures.