MODEL OF A POST-QUANTUM PUBLIC KEY INFRASTRUCTURE USING A QUANTUM RANDOM NUMBER GENERATOR FOR AN AUTONOMOUS DIFFERENTIAL CORRECTION SYSTEM OF GLOBAL NAVIGATION SATELLITE SYSTEMS
DOI:
https://doi.org/10.35546/kntu2078-4481.2025.4.3.27Keywords:
global navigation satellite system (GNSS); quantum random number generator (QRNG); cyberattack; cybersecurity; differential GNSS (DGNSS); public key infrastructure (PKI); Autonomous DGNSS; post-quantum cryptography (PQC)Abstract
In the article, a formalized model of a post-quantum public key infrastructure (PKI) for the information-and- communication system (ICS) of the Autonomous Differential GNSS System (Autonomous DGNSS) is proposed, constructed on the basis of the use of a quantum random number generator (QRNG) and the national cryptographic standards DSTU 7564:2014 (“Kupyna”), DSTU 7624:2014 (“Kalyna”), DSTU 8961:2019 (“Skelia”), and DSTU 9212:2023 (“Vershyna”). The relevance of the research is conditioned by the need to increase the cryptographic robustness of data-transmission channels between the control-and-correction stations (CCS) and the data-processing center of the Autonomous DGNSS, as well as by the increased requirements for the authenticity and integrity of correction data provided through the web service to interested users of the Autonomous DGNSS, particularly under post-quantum threats. The proposed PKI model ensures authentication of CCS and users, protection of tunnel channels, integrity of correction data, and trust in the server components of the Autonomous DGNSS by integrating quantum entropy into the processes of key generation and signing. The study substantiates the role of the QRNG as a source of high-quality entropy for constructing long-term key pairs according to the DSTU “Skelia” and “Vershyna” algorithms, as well as session keys of symmetric encryption under the DSTU “Kalyna” algorithm, and also develops a generalized PKI structure with a single Root CA and several Issuing CAs for the primary and backup data-processing centers. The proposed model defines the logical interaction of PKI components, tunneling mechanisms, signature and certificate-verification modules, and demonstrates the possibility of ensuring post-quantum resistance of the Autonomous DGNSS without changing its architecture. It is shown that the use of a QRNG in combination with national cryptographic algorithms makes it possible to minimize the risk of key compromise, increase resistance to quantum attacks, and ensure long-term cryptographic reliability of communication channels and the web service of the Autonomous DGNSS. The proposed methodology allows creating PKI for information-and-communication systems of differential correction and other segments of critical infrastructure with increased requirements for trust, integrity, and confidentiality of data, taking into account the requirements of modern cybersecurity standards (ISO/IEC 27001, NIST, ND TZI).
References
Trýb J., Hospodka J. GNSS Interference and Security: Impacts on Critical Infrastructure and Mitigation Strategies. Procedia Computer Science. Вип. 253, 2025. С. 2635-2644. DOI:10.1016/j.procs.2025.01.323.
Nicholas Brown 20240620-Hidden_Risk_Report. URL: https://ggim.un.org/UNGGCE/documents/20240620-Hidden_Risk_Report.pdf.
Spanghero M., Papadimitratos P. UnReference: analysis of the effect of spoofing on RTK reference stations for connected rovers. arXiv, 2025. DOI:10.48550/arXiv.2503.20364.
Zakon Ukrayiny «Pro krytychnu infrastrukturu» № 1882-IX redaktsiya vid 21.09.2024 [Law of Ukraine "On Critical Infrastructure" No. 1882-IX, version dated 09/21/2024]. Official web portal of the Parliament of Ukraine. URL: https://zakon.rada.gov.ua/go/1882-20
Westbrook T. A. (2023) Taxonomy of Radio Frequency Jamming and Spoofing Strategies and Criminal Motives. Journal of Strategic Security, Vol. 16, no. 2. P. 68-80. DOI: https://doi.org/10.5038/1944-0472.16.2.2081.
Westbrook T. (2019) The Global Positioning System and Military Jamming: The geographies of electronic warfare. Journal of Strategic Security, Vol. 12, № 2. P. 1-16. DOI:10.5038/1944-0472.12.2.1720
Шумілова К. НАВІГАЦІЙНІ РИЗИКИ В АСПЕКТІ КІБЕРБЕЗПЕКИ ТРАНСПОРТНИХ СУДЕН І ВІЙСЬКО- ВИХ КОРАБЛІВ. Scientific Collection «InterConf+». 24(121). С. 391-408. DOI:10.51582/interconf.19-20.08.2022.037.
Garmin outage caused by confirmed WastedLocker ransomware attack. (2020) BleepingComputer. URL: https://www.bleepingcomputer.com/news/security/garmin-outage-caused-by-confirmed-wastedlocker-ransomware-attack/
KA-SAT Network cyber attack overview. (2022) Viasat.com. 30.03.2022. URL: https://news.viasat.com/blog/corporate/ka-sat-network-cyber-attack-overview
Melnyk D. S. (2024) Creating a model of threats to Ukraine’s national critical infrastructure as a basis for ensuring its security and resilience. Bulletin of Kharkiv National University of Internal Affairs, Vol. 104, 1 (Part 1). С. 237-250. DOI:10.32631/v.2024.1.20
Junquera-Sánchez J., Hernando-Ramiro C., Gamallo-Palomares Ó. et al. Assessment of cryptographic approaches for a quantum-resistant Galileo OSNMA. NAVIGATION: Journal of the Institute of Navigation. Vol. 71, Issue 2. P. navi.648. DOI:10.33012/navi.648.
Peña P. A. Quantum randomness reinforces post-quantum cryptography to safeguard large enterprises in the quantum-safe era. QSNP. 17.09.2025. URL: https://qsnp.eu/quantum-randomness-reinforces-post-quantum-cryptography- to-safeguard-large-enterprises-in-the-quantum-safe-era/.
Moral J. O. del, iOlius A. deMarti, Vidal G. et al. Cybersecurity in Critical Infrastructures: A Post-Quantum Cryptography Perspective. arXiv, 2024. DOI:10.48550/arXiv.2401.03780.
Gorbenko I., Kandii S. National and International Post-Quantum Standards for Asymmetric Transformations. Cybernetics and Systems Analysis. Vol. 61, 02.08.2025. DOI:10.1007/s10559-025-00800-z.
Krelina M. Quantum technology for military applications. EPJ Quantum Technology. Вип. 8, № 1. С. 24. DOI:10.1140/epjqt/s40507-021-00113-y.
Morhul D. M., Nariezhnii O. P., Hrinenko T. O. Класифікація атак та вимоги кібербезпеки до веб-ресурсу QRNG. Radiotekhnika. № 220. С. 50-57. DOI:10.30837/rt.2025.1.220.04.
Chen Y., Gao W., Chen X. et al. Advances of SBAS authentication technologies. Satellite Navigation. Vol. 2, Issue 1. P. 12. DOI:10.1186/s43020-021-00043-1.
E-GIANTS Project Concludes Study on GNSS Authentication and Security Improvements | EU Agency for the Space Programme. 05.08.2025. URL: https://www.euspa.europa.eu/newsroom-events/news/e-giants-project-concludes-study-gnss-authentication-and-security-improvements.
Gorbenko I. D., Kachko Y. G., Yesina M. V. та ін. Порівняльна характеристика алгоритмів інкапсуляції ключів Crystals-Kyber та Скеля (ДСТУ 8961-2019). Radiotekhnika. № 210. С. 7-21. DOI:10.30837/rt.2022.3.210.01.
Fesenko A., Lytvynenko Y. Cryptanalysis of the «Vershyna» digital signature algorithm. Theoretical and Applied Cybersecurity. Вип. 5, № 2. DOI:10.20535/tacs.2664-29132023.2.288499.
Televnyi D. The Kupyna hash function application to SPHINCS+ signatures. Radiotekhnika. № 198. С. 215-219. DOI:10.30837/rt.2019.3.198.17.
Інфраструктури відкритих ключів. Електроний цифровий підпис. Теорія та практика :: Державний університет інформаційно-комунікаційних технологій. URL: https://duikt.edu.ua/ua/lib/1/category/2434/view/1822.
Горбенко І. Д., Кравченко П. О. Комбінована інфраструктура відкритих ключів та її застосування. Радіоелектронні і комп’ютерні системи. Issue 5. P. 86-90. Also available online, URL: http://www.irbis-nbuv.gov.ua/cgi-bin/irbis_nbuv/cgiirbis_64.exe?I21DBN=LINK&P21DBN=UJRN&Z21ID=&S21REF=10&S21CNR=20&S21STN=1&S21FMT=ASP_meta&C21COM=S&2_S21P03=FILA=&2_S21STR=recs_2009_5_17.
Горбенко І. Д., Халімов Г. З. Розвиток, стандартизація, уніфікація, удосконалення та впровадження інфраструктури відкритих ключів (включаючи національну систему електронного цифрового підпису) на внутрішньо-державному та міжнародному рівнях. 2012. URL: http://openarchive.nure.ua/handle/document/1064.
