As TESLA-enabled GNSS for authenticated positioning reaches ubiquity, receivers must use an onboard, GNSS-independent clock and carefully constructed time synchronization algorithms to assert the authenticity afforded. This work provides the necessary checks and synchronization protocols needed in the broadcast-only GNSS context. We provide proof of security for each of our algorithms under a delay-capable adversary. The algorithms included herein enable a GNSS receiver to use its onboard, GNSS-independent clock to determine whether a message arrived at the correct time, to determine whether its onboard, GNSS-independent clock is safe to use and when the clock will no longer be safe in the future due to predicted clock drift, and to resynchronize its onboard, GNSS-independent clock. Each algorithm is safe to use even when an adversary induces delays within the protocol. Moreover, we discuss the implications of GNSS authentication schemes that use two simultaneous TESLA instances of different authentication cadences. To a receiver implementer or standards author, this work provides the necessary implementation algorithms to assert security and provides a comprehensive guide on why these methods are required.

翻译：随着支持TESLA的GNSS在认证定位领域日益普及，接收机必须使用一个机载的、独立于GNSS的时钟，并精心构建时间同步算法，以保障其提供的认证真实性。本工作为仅广播模式的GNSS场景提供了必要的校验与同步协议。我们为每种算法在存在具备延迟能力的对手模型下提供了安全性证明。本文包含的算法使GNSS接收机能够利用其机载的、独立于GNSS的时钟来判断消息是否在正确时间到达，判断其机载的、独立于GNSS的时钟是否可安全使用，以及预测时钟漂移导致该时钟在未来何时将不再安全，并能够重新同步其机载的、独立于GNSS的时钟。即使在对手在协议内引入延迟的情况下，每种算法仍可安全使用。此外，我们讨论了使用两个不同认证节奏的并行TESLA实例的GNSS认证方案的影响。对于接收机实现者或标准制定者，本工作提供了保障安全性所需的实现算法，并就为何需要这些方法提供了全面的指导。