ZED-F9P-Integration Manual
UBX-18010802 - R02
4 Receiver description Page 66 of 114
Advance Information
The feature works by the receiver calculating a numerical signature for the configured messages.
The system receiving the message can verify the signature based on the message content and the
configured value, termed "seed".
Two new messages are provided for configuring the seed used for the signing: UBX-CFG-FIXSEED
and UBX-CFG-DYNSEED.
4.14.2 Configuring the fixed seed and register messages
In the UBX-CFG-FIXSEED message the fixed seed and the set of UBX messages to be signed can
be configured.
At least one message has to be registered and a maximum of 10 messages are supported.
Configuring the set of messages that are signed will not enable these messages by default.
All UBX messages can be signed.
This message can only be sent once to the receiver. All subsequent messages will result in
a NAK answer.
4.14.3 Configuring the dynamic seed
In the UBX-CFG-DYNSEED message an additional seed can be configured to make a replay attack
more difficult. This form of attack stores the messages received from the receiver for a certain time
and replays them later.
To prevent such an attack the host can use the time information from the receiver or a dynamic
seed. This generates a random seed at regular intervals that is then used by the received to sign
the outgoing messages.
The frequency of the update on the dynamic seed has to be configured depending on the security
concept of the whole system. In case the interval is too long the attacker can store the first set of
messages and replay them during the whole period until a new seed is generated. The recommended
interval would be in the range of some seconds to a few minutes.
By default the dynamic seed is set to: 0x0000_0000_0000_0000.
While programming the dynamic seed the receiver may send still send signatures which are
based on the old seed.
4.14.4 Parsing the signature
The UBX-SEC-SIGN message contains the signature of a previously transmitted message and is
always sent after the related message. It is not guaranteed that between the message and the
signature no other messages are output.
The payload of UBX-SEC-SIGN contains the reference to the signed message. It can be used to
match the related message using the class ID, the message ID and the UBX checksum of the
related message. This means that a previously transmitted message is signed when the class ID,
the message ID and the UBX checksum match.
4.14.5 Calculate the hash
The picture below shows the layout of the buffer over which the SHA-256 hash is calculated.
To Next Page
Loading...
Need help?
General
