Received: 11 May 2022 Revised: 1 February 2023 Accepted: 23 February 2023 DOI: 10.33012/navi.595 NAVIGATION, 70(3) Licensed under CC-BY 4.0 © 2023 Institute of Navigation ORIGINAL ARTICLE Authentication of Satellite-Based Augmentation Systems with Over-the-Air Rekeying Schemes Jason Anderson* Sherman Lo Andrew Neish Todd Walter 1 INTRODUCTION In this work, we delineate a complete satellite-based augmentation system (SBAS) authentication scheme, including over-the-air re-keying (OTAR) and dis- cuss how this proposed scheme meets necessary security levels and desirable traits for SBAS stakeholders, including backward compatibility, data efficiency, and quick time to first authenticated fix (TFAF). Moreover, this new scheme can be expanded in response to additional stakeholder feedback. This work addresses the complete authentication scheme design, including the connecting receiver hard- ware requirements needed for maintenance schedules, key updates, and scheme maintenance, and uses a full-stack Monte-Carlo SBAS simulation to test and evaluate its performance. This work builds on and expands on our previous work (Anderson et al., 2021) and includes updated security details as well as additional results and definitions based upon SBAS Stakeholder feedback. Aeronautics and Astronautics Stanford, California United States of America Correspondence Jason Anderson Email: jand271@stanford.edu Abstract Here we delineate a complete satellite-based augmentation system (SBAS) authentication scheme, including over-the-air rekeying (OTAR), that uses the elliptic curve digital signature algorithm (ECDSA) and timed efficient stream loss-tolerant authentication (TESLA) without the quadrature (Q) channel. This scheme appends two new message types to the SBAS scheduler without over- burdening the message schedule. We have taken special care to ensure that our scheme (1) meets the appropriate security requirements needed to prevent and deter spoofing; (2) is compatible with existing cryptographic standards; (3) is flexible, expandable, and future-proof to different cryptographic and imple- mentation schemes; and (4) is backward compatible with legacy receivers. The scheme accommodates a diverse set of features, including authenticating core-constellation ephemerides. We discuss the SBAS provider and receiver machine state and its startup, including its use by aircraft that traverse differing SBAS coverage areas. We tested our scheme with existing SBAS simulation and analysis tools and found that it had negligible effects on current SBAS availabil- ity and continuity requirements. Keywords authentication, over-the-air rekeying, SBAS, TESLA