PNT cyber resilience : a Lab2Live observer based approach, Report 1 : GNSS resilience and identified vulnerabilities. Technical Report 1

The use of global navigation satellite systems (GNSS) such as GPS and Galileo are vital sources of positioning, navigation and timing (PNT) information for vehicles. This information is of critical importance for connected autonomous vehicles (CAVs) due to their dependence on this information for localisation, route planning and situational awareness. A downside to solely relying on GNSS for PNT is that the signal strength arriving from navigation satellites in space is weak and currently there is no authentication included in the civilian GNSS adopted in the automotive industry. This means that cyber-attacks against the GNSS signal via jamming or spoofing are attractive to adversaries due to the potentially high impact they can achieve. This report reviews the vulnerabilities of GNSS services for CAVs (a summary is shown in Figure 1), as well as detection and mitigating techniques, summarises the opinions on PNT cyber testing sourced from a select group of experts, and finishes with a description of the associated lab-based and real-world feasibility study and proposed research methodology

Who Can Find My Devices? Security and Privacy of Apple's Crowd-Sourced Bluetooth Location Tracking System

Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world's largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet. While OF is not the first system of its kind, it is the first to commit to strong privacy goals. In particular, OF aims to ensure finder anonymity, untrackability of owner devices, and confidentiality of location reports. This paper presents the first comprehensive security and privacy analysis of OF. To this end, we recover the specifications of the closed-source OF protocols by means of reverse engineering. We experimentally show that unauthorized access to the location reports allows for accurate device tracking and retrieving a user's top locations with an error in the order of 10 meters in urban areas. While we find that OF's design achieves its privacy goals, we discover two distinct design and implementation flaws that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, which could deanonymize users. Apple has partially addressed the issues following our responsible disclosure. Finally, we make our research artifacts publicly available.Comment: Accepted at Privacy Enhancing Technologies Symposium (PETS) 202

Intentional control of invasive mobile wireless systems

Within recent years, remotely operated or autonomous drones have been encroaching on the realm of consumer electronics and are beginning to crowd the airspace in populated areas. As such, the number of incidents involving drones has seen a sharp increase and concerns are being raised. In this sense, the current work aims to explore a method which enables spoofing of the Global Positioning System (GPS) many of these devices use to navigate, and thus provide a way to shift them off course and away from the intended areas. The proposed hypothesis is that, by altering the parameters by which GPS receivers correct for clock errors in the navigation systems, it is possible to shift the device’s perceived position in a measurable and easily replicable way. To test this hypothesis, a simulator was developed to test different offsets applied to the clock correction coefficients of a GPS navigation message. The positions resulting from calculations using these altered parameters were then plotted on a map of the surrounding area and analysed. As expected, the positions are effectively and predictably altered according to the offsets applied. In order to validate the results from the simulations, real world tests were conducted using a Software Defined Radio (SDR) platform and an open source GPS Signal Generator which was modified to generate a signal based on the altered data from the simulations. With these tests it was asserted that the spoofed signals were able to consistently cause receivers to miscalculate their positions analogously to the simulations.Recentemente, drones operados remotamente ou de funcionamento autónomo têm surgido no domínio dos produtos eletrónicos para consumidores e começam a popular o espaço aéreo das áreas populacionais. Como tal, o número de incidentes envolvendo estes dispositivos tem sofrido um aumento acentuado. Neste sentido, o presente trabalho visa explorar um método que permita a falsificação dos sinais Global Positioning System (GPS) utilizados por muitos destes dispositivos para navegar, com o intuito de desenvolver uma forma de alterar a sua rota para longe das áreas desejadas. A hipótese em estudo é a de que, alterando os parâmetros usados pelos recetores GPS para corrigir erros de relógio nos sistemas de navegação, é possível alterar a posição calculada pelo dispositivo de uma forma mensurável e facilmente replicável. Para testar esta hipótese, foi desenvolvido um simulador que permite testar diferentes desvios aplicados aos valores dos coeficientes de correção do relógio presentes nas mensagens de navegação GPS. As posições resultantes de cálculos dependentes destes parâmetros foram depois traçadas num mapa da área circundante e analisadas. Como esperado, as posições são eficaz e previsivelmente alteradas de acordo com os desvios aplicados. Por forma a validar os resultados das simulações, foram realizados testes físicos usando uma plataforma de Software Defined Radio (SDR) e um gerador de sinais GPS open source que foi modificado para gerar sinais com base nos dados alterados das simulações. Estes testes sustentam a hipótese de que os sinais falsificados são capazes de provocar, consistentemente, a deteção errónea de posições por parte dos recetores de forma análoga à das simulações

Securing a UAV Using Features from an EEG Signal

This thesis focuses on an approach which entails the extraction of Beta component of the EEG (Electroencephalogram) signal of a user and uses his/her EEG beta data to generate a random AES (Advanced Encryption Standard) encryption key. This Key is used to encrypt the communication between the UAVs (Unmanned aerial vehicles) and the ground control station. UAVs have attracted both commercial and military organizations in recent years. The progress in this field has reached significant popularity, and the research has incorporated different areas from the scientific domain. UAV communication became a significant concern when an attack on a Predator UAV occurred in 2009, which allowed the hijackers to get the live video stream. Since a UAVs major function depend on its onboard auto pilot, it is important to harden the system against vulnerabilities. In this thesis, we propose a biometric system to encrypt the UAV communication by generating a key which is derived from Beta component of the EEG signal of a user. We have developed a safety mechanism that gets activated in case the communication of the UAV from the ground control station gets attacked. This system was validated on a commercial UAV under malicious attack conditions during which we implement a procedure where the UAV return safely to an initially deployed "home" position

Resilient Shield: Reinforcing the Resilience of Vehicles Against Security Threats

Vehicles have become complex computer systems with multiple communication interfaces. In the future, vehicles will have even more connections to e.g., infrastructure, pedestrian smartphones, cloud, road-side-units and the Internet. External and physical interfaces, as well as internal communication buses have shown to have potential to be exploited for attack purposes. As a consequence, there is an increase in regulations which demand compliance with vehicle cyber resilience requirements. However, there is currently no clear guidance on how to comply with these regulations from a technical perspective.To address this issue, we have performed a comprehensive threat and risk analysis based on published attacks against vehicles from the past 10 years, from which we further derive necessary security and resilience techniques. The work is done using the SPMT methodology where we identify vital vehicle assets, threat actors, their motivations and objectives, and develop a comprehensive threat model. Moreover, we develop a comprehensive attack model by analyzing the identified threats and attacks. These attacks are filtered and categorized based on attack type, probability, and consequence criteria. Additionally, we perform an exhaustive mapping between asset, attack, threat actor, threat category, and required mitigation mechanism for each attack, resulting in a presentation of a secure and resilient vehicle design. Ultimately, we present the Resilient Shield a novel and imperative framework to justify and ensure security and resilience within the automotive domain

DRONE DELIVERY OF CBNRECy – DEW WEAPONS Emerging Threats of Mini-Weapons of Mass Destruction and Disruption (WMDD)

Drone Delivery of CBNRECy – DEW Weapons: Emerging Threats of Mini-Weapons of Mass Destruction and Disruption (WMDD) is our sixth textbook in a series covering the world of UASs and UUVs. Our textbook takes on a whole new purview for UAS / CUAS/ UUV (drones) – how they can be used to deploy Weapons of Mass Destruction and Deception against CBRNE and civilian targets of opportunity. We are concerned with the future use of these inexpensive devices and their availability to maleficent actors. Our work suggests that UASs in air and underwater UUVs will be the future of military and civilian terrorist operations. UAS / UUVs can deliver a huge punch for a low investment and minimize human casualties.https://newprairiepress.org/ebooks/1046/thumbnail.jp

Cyber-Human Systems, Space Technologies, and Threats

CYBER-HUMAN SYSTEMS, SPACE TECHNOLOGIES, AND THREATS is our eighth textbook in a series covering the world of UASs / CUAS/ UUVs / SPACE. Other textbooks in our series are Space Systems Emerging Technologies and Operations; Drone Delivery of CBNRECy – DEW Weapons: Emerging Threats of Mini-Weapons of Mass Destruction and Disruption (WMDD); Disruptive Technologies with applications in Airline, Marine, Defense Industries; Unmanned Vehicle Systems & Operations On Air, Sea, Land; Counter Unmanned Aircraft Systems Technologies and Operations; Unmanned Aircraft Systems in the Cyber Domain: Protecting USA’s Advanced Air Assets, 2nd edition; and Unmanned Aircraft Systems (UAS) in the Cyber Domain Protecting USA’s Advanced Air Assets, 1st edition. Our previous seven titles have received considerable global recognition in the field. (Nichols & Carter, 2022) (Nichols, et al., 2021) (Nichols R. K., et al., 2020) (Nichols R. , et al., 2020) (Nichols R. , et al., 2019) (Nichols R. K., 2018) (Nichols R. K., et al., 2022)https://newprairiepress.org/ebooks/1052/thumbnail.jp

Verifying RADAR Data Using Two-Dimensional QIM-based Data Hiding

Modern vehicles have evolved into supporting advanced internal networks and connecting System Based Chips (SBC), System in a Package (SiP) solutions or traditional micro controllers to foster an electronic ecosystem for high speed data transfers, precision and real-time control. The use of Controller Area Networks (CAN) is widely adopted as the backbone of internal vehicle communication infrastructure. Automotive applications such as ADAS, autonomous driving, battery management systems, power train systems, telematics and infotainment, all utilize CAN transmissions directly or through gateway management. The network transmissions lack robust integrity verification mechanisms to validate authentic data payloads, making it vulnerable to packet replay, spoofing, insertion, deletion and denial of service attacks. Additional methods exist to secure network data such as traditional cryptography. Utilizing this method will increase the computational complexity, processing latency and increase overall system cost. This thesis proposes a robust, light and adaptive solution to validate the authenticity of automotive sensor data using CAN network protocol. We propose using a two-dimensional Quantization Index Modulation (QIM) data hiding technique, to create a means of verification. Analysis of the proposed framework will be conducted in a sensor transmission scenario for RADAR sensors in an autonomous vehicle setting. The detection and effects of distortion on the application are tested through the implementation of sensor fusion algorithms and the results are observed and analyzed. The proposed framework offers a needed capability to maintain transmission integrity without the compromise of data quality and low design complexity. This framework could also be applied to different network architectures, as well as its operational scope could be modified to operate with more abstract types of data.MSEElectrical Engineering, College of Engineering & Computer ScienceUniversity of Michigan-Dearbornhttp://deepblue.lib.umich.edu/bitstream/2027.42/167354/1/Brandon Fedoruk - Final Thesis.pd

Performance Improvement of Wide-Area-Monitoring-System (WAMS) and Applications Development

Wide area monitoring system (WAMS), as an application of situation awareness, provides essential information for power system monitoring, planning, operation, and control. To fully utilize WAMS in smart grid, it is important to investigate and improve its performance, and develop advanced applications based on the data from WAMS. In this dissertation, the work on improving the WAMS performance and developing advanced applications are introduced.To improve the performance of WAMS, the work includes investigation of the impacts of measurement error and the requirements of system based on WAMS, and the solutions. PMU is one of the main sensors for WAMS. The phasor and frequency estimation algorithms implemented highly influence the performance of PMUs, and therefore the WAMS. The algorithms of PMUs are reviewed in Chapter 2. To understand how the errors impact WAMS application, different applications are investigated in Chapter 3, and their requirements of accuracy are given. In chapter 4, the error model of PMUs are developed, regarding different parameters of input signals and PMU operation conditions. The factors influence of accuracy of PMUs are analyzed in Chapter 5, including both internal and external error sources. Specifically, the impacts of increase renewables are analyzed. Based on the analysis above, a novel PMU is developed in Chapter 6, including algorithm and realization. This PMU is able to provide high accurate and fast responding measurements during both steady and dynamic state. It is potential to improve the performance of WAMS. To improve the interoperability, the C37.118.2 based data communication protocol is curtailed and realized for single-phase distribution-level PMUs, which are presented in Chapter 7.WAMS-based applications are developed and introduced in Chapter 8-10. The first application is to use the spatial and temporal characterization of power system frequency for data authentication, location estimation and the detection of cyber-attack. The second application is to detect the GPS attack on the synchronized time interval. The third application is to detect the geomagnetically induced currents (GIC) resulted from GMD and EMP-E3. These applications, benefited from the novel PMU proposed in Chapter 6, can be used to enhance the security and robust of power system