Signal processing techniques for GNSS anti-spoofing algorithms

The Global Navigation Satellite Systems (GNSS) usage is growing at a very high rate, and more applications are relying on GNSS for correct functioning. With the introduction of new GNSSs, like the European Galileo and the Chinese Beidou, in addition to the existing ones, the United States Global Positioning System (GPS) and the Russian GLONASS, the applications, accuracy of the position and usage of the signals are increasing by the day. Given that GNSS signals are received with very low power, they are prone to interference events that may reduce the usage or decrease the accuracy. From these interference, the spoofing attack is the one that has drawn major concerns in the GNSS community. A spoofing attack consist on the transmission of GNSS-like signals, with the goal of taking control of the receiver and make it compute an erroneous position and time solution. In the thesis, we focus on the design and validation of different signal processing techniques, that aim at detection and mitigation of the spoofing attack effects. These are standalone techniques, working at the receiver’s level and providing discrimination of spoofing events without the need of external hardware or communication links. Four different techniques are explored, each of them with its unique sets of advantages and disadvantages, and a unique approach to spoofing detection. For these techniques, a spoofing detection algorithm is designed and implemented, and its capabilities are validated by means of a set of datasets containing spoofing signals. The thesis focuses on two different aspects of the techniques, divided as per detection and mitigation capabilities. Both detection techniques are complementary, their joint use is explored and experimental results are shown that demonstrate the advantages. In addition, each mitigation technique is analyzed separately as they require specialized receiver architecture in order to achieve spoofing detection and mitigation. These techniques are able to decrease the effects of the spoofing attacks, to the point of removing the spoofing signal from the receiver and compute navigation solutions that are not controlled by the spoofer and lead in more accurate end results. The main contributions of this thesis are: the description of a multidimensional ratio metric test for distinction between spoofing and multipath effects; the introduction of a cross-check between automatic gain control measurements and the carrier to noise density ratio, for distinction between spoofing attacks and other interference events; the description of a novel signal processing method for detection and mitigation of spoofing effects, based on the use of linear regression algorithms; and the description of a spoofing detection algorithm based on a feedback tracking architecture

Satellite-Based Communications Security: A Survey of Threats, Solutions, and Research Challenges

Satellite-based Communication systems are gaining renewed momentum in Industry and Academia, thanks to innovative services introduced by leading tech companies and the promising impact they can deliver towards the global connectivity objective tackled by early 6G initiatives. On the one hand, the emergence of new manufacturing processes and radio technologies promises to reduce service costs while guaranteeing outstanding communication latency, available bandwidth, flexibility, and coverage range. On the other hand, cybersecurity techniques and solutions applied in SATCOM links should be updated to reflect the substantial advancements in attacker capabilities characterizing the last two decades. However, business urgency and opportunities are leading operators towards challenging system trade-offs, resulting in an increased attack surface and a general relaxation of the available security services. In this paper, we tackle the cited problems and present a comprehensive survey on the link-layer security threats, solutions, and challenges faced when deploying and operating SATCOM systems.Specifically, we classify the literature on security for SATCOM systems into two main branches, i.e., physical-layer security and cryptography schemes.Then, we further identify specific research domains for each of the identified branches, focusing on dedicated security issues, including, e.g., physical-layer confidentiality, anti-jamming schemes, anti-spoofing strategies, and quantum-based key distribution schemes. For each of the above domains, we highlight the most essential techniques, peculiarities, advantages, disadvantages, lessons learned, and future directions.Finally, we also identify emerging research topics whose additional investigation by Academia and Industry could further attract researchers and investors, ultimately unleashing the full potential behind ubiquitous satellite communications.Comment: 72 page

Secure GPS clock synchronization in smart grids

Tese de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2015As smart grids resultaram da integração da rede elétrica atual no mundo digital. Isso traz várias vantagens às redes elétricas, como uma instalação, configuração e manutenção mais simples e eficiente, mas também a fácil integração na rede de novas tecnologias. Enquanto as redes elétricas continuam a crescer em dimensão e complexidade, elas tornam-se mais importantes para a sociedade e subsequentemente mais sujeitas a ataques distintos. Alguns dos objetivos mais importantes da smart grid são: acomodar uma grande variedade de tecnologias de produção de eletricidade como a eólica, solar e geotérmica; ser resiliente a ataques físicos e ciber-ataques; ter mecanismos de deteção, análise e resposta automática a incidentes; dar mais poder ao consumidor final sobre como e quando a energia pode ser comprada ou consumida. Para implementar actividades relacionadas com a monitorização do estado da smart grid, vários componentes especializados são geograficamente distribuídos pela rede. Um dos dispositivos críticos é o Phase Measurement Unit (Unidade de Medição de Fase) (PMU). Este dispositivo é usado para estimar o estado da smart grid num determinado momento, recolhendo várias métricas sobre a qualidade do sinal elétrico. Para se conseguir criar uma imagem geral da rede inteira, todos estes dispositivos necessitam de ser sincronizados no tempo, assegurando assim que as medições são efetuadas aproximadamente no mesmo instante. A sincronização do tempo desempenha um papel crucial na estabilidade e no funcionamento correto de todos os componentes da smart grid. Dada a importância da sincronização de tempo, e a falta de qualquer tipo de proteção nas soluções atuais, este sistema torna-se num alvo potencial para atacantes. Em conformidade com os standards, a precisão dos relógios dos PMU’s devem ter um erro máximo na ordem dos 30 µs. Isso garante que a informação recolhida sobre o estado da smart grid é válida. Hoje em dia este requisito é satisfeito usando equipamentos GPS em cada sítio onde se encontra um PMU. Quando o GPS foi concebido, não se pensou que podia vir a ter o sucesso e o impacto atual e, portanto, assegurar a sua segurança não foi um ponto importante. Ao longo do tempo passou a ser usado em infraestruturas críticas, o que introduz eventuais problemas graves de segurança. As smart grids são uma destas estruturas críticas onde o GPS está a ser usado sem qualquer tipo de proteção. Atualmente existe também uma versão segura do GPS que é empregue pelas forças militares. Os dispositivos que conseguem decifrar este sinal só estão disponíveis ao exército. Por além disso, todos os detalhes sobre o funcionamento do algoritmo de cifra são mantidos em segredo. Ao longo dos anos foram desenvolvidos vários tipos de ataques ao GPS. O mais básico é o Blocking que consiste simplesmente em impedir a comunicação entre a antena do recetor e o sinal GPS. Isso pode ser conseguido de uma maneira tão simples como tapar a antena com um bocado de metal. Um ataque que tenta também quebrar a ligação com o satélite é o Jamming. A ideia deste ataque é introduzir ruído suficiente para que o recetor não consiga distinguir o sinal original. Estes dois tipos de ataques só conseguem perturbar o funcionamento do recetor GPS. Um tipo de ataque mais potente é o Spoofing. Este ataque consegue modificar o sinal original vindo do satélite de forma a enganar o recetor. Assim é possível fazer com que o recetor GPS mostre uma posição¸ ou tempo incorretos. Nesta dissertação também foi analisada uma evolução deste ataque que tem como alvo a alteração ilegítima dos dados contidos no sinal. Isso pode fazer como que o recetor falhe ou deixe de poder ser usado. Os algoritmos de sincronização de relógios existentes hoje em dia, nomeadamente o Network Time Protocol (NTP) e o Precision Time Protocol (PTP), não são suficientemente robustos, em termos de segurança ou precisão, para serem utilizados na smart grid. O NTP foi concebido para a sincronização de relógios em redes de grande escala mas não consegue fornecer a precisão necessária para os requisitos da smart grid. Por outro lado temos o PTP que consegue atingir uma precisão na ordem dos nanosegundos em certas condições, mas é muito sensível a atrasos e oscilações na rede. Isso faz com que o PTP só consiga garantir uma precisão de tempo na ordem dos nanosegundos em redes de pequena escala. A smart grid usa uma rede de alta velocidade com relativamente pouco tráfego, o que torna o PTP uma possível solução para algumas partes dessa rede. Em termos de segurançaa, o PTP não está preparado para ser utilizado num ambiente tão crítico como a smart grid, sendo suscetível a ataques. O foco desta investigação é encontrar um algoritmo resiliente a faltas, capaz de satisfazer os requisitos de sincronização de tempo necessários para o correto funcionamento da smart grid. Foi desenvolvida uma solução baseada no PTP, que consegue cumprir os requisitos de precisão temporal na smart grid e também consegue mitigar todos os tipos de ataques ao GPS que foram identificados. Para além disso, a solução também permite reduzir o número de recetores de GPS necessários para o funcionamento correto da smart grid.Smart grids resulted from the integration of computer technologies into the current power grid. This brings several advantages, allowing for a faster and more efficient deployment, configuration and maintenance, as well as easy integration of new energy sources (e.g., wind and solar). As smart grids continue to grow in size and complexity, they become subject to failures and attacks from different sources. Time synchronization plays a crucial role in the stability and correct functioning of many grid components. Considering how sensitive time synchronization is, the tight restrictions imposed for correct operation and the lack of any kind of protection, makes this service a potential prime target for attackers. Today most of the time synchronization requirements are met using relatively expensive GPS hardware placed in some locations of the smart grid. When GPS was first devised, nobody could have predicted the success and the impact that it would have and therefore, security was never an important concern. Through the years, it slowly gained entrance into more critical systems, where it was never intended to be used, which can lead to serious security problems. The smart grid is just one of these critical systems where GPS is being employed without any kind of protection. The focus of this research is trying to solve this problem, by proposing a more secure and robust clock synchronization algorithm. A solution based on the Precision Time Protocol (PTP) was developed that manages to fulfill the time synchronization requirements of the smart grid and is also capable of mitigating all types of identified GPS attacks. As an added benefit, the solution may also reduce the number of GPS receivers necessary for the correct operation of the smart grid, contributing to decrease costs

Cyber Threats Facing Autonomous and Connected Vehicles: Future Challenges

Vehicles are currently being developed and sold with increasing levels of connectivity and automation. As with all networked computing devices, increased connectivity often results in a heightened risk of a cyber security attack. Furthermore, increased automation exacerbates any risk by increasing the opportunities for the adversary to implement a successful attack. In this paper, a large volume of publicly accessible literature is reviewed and compartmentalised based on the vulnerabilities identified and mitigation techniques developed. This review highlighted that the majority of research is reactive and vulnerabilities are often discovered by friendly adversaries (white-hat hackers). Many gaps in the knowledge base were identified. Priority should be given to address these knowledge gaps to minimise future cyber security risks in the connected and autonomous vehicle sector

A Hierarchical Architectural Framework for Securing Unmanned Aerial Systems

Unmanned Aerial Systems (UAS) are becoming more widely used in the new era of evolving technology; increasing performance while decreasing size, weight, and cost. A UAS equipped with a Flight Control System (FCS) that can be used to fly semi- or fully-autonomous is a prime example of a Cyber Physical and Safety Critical system. Current Cyber-Physical defenses against malicious attacks are structured around security standards for best practices involving the development of protocols and the digital software implementation. Thus far, few attempts have been made to embed security into the architecture of the system considering security as a holistic problem. Therefore, a Hierarchical, Embedded, Cyber Attack Detection (HECAD) framework is developed to provide security in a holistic manor, providing resiliency against cyber-attacks as well as introducing strategies for mitigating and dealing with component failures. Traversing the hardware/software barrier, HECAD provides detection of malicious faults at the hardware and software level; verified through the development of an FPGA implementation and tested using a UAS FCS

GNSS Integrity Monitoring assisted by Signal Processing techniques in Harsh Environments

The Global Navigation Satellite Systems (GNSS) applications are growing and more pervasive in the modern society. The presence of multi-constellation GNSS receivers able to use signals coming from different systems like the american Global Positioning System (GPS), the european Galileo, the Chinese Beidou and the russian GLONASS, permits to have more accuracy in position solution. All the receivers provide always more reliable solution but it is important to monitor the possible presence of problems in the position computation. These problems could be caused by the presence of impairments given by unintentional sources like multipath generated by the environment or intentional sources like spoofing attacks. In this thesis we focus on design algorithms at signal processing level used to assist Integrity operations in terms of Fault Detection and Exclusion (FDE). These are standalone algorithms all implemented in a software receiver without using external information. The first step was the creation of a detector for correlation distortion due to the multipath with his limitations. Once the detection is performed a quality index for the signal is computed and a decision about the exclusion of a specific Satellite Vehicle (SV) is taken. The exclusion could be not feasible so an alternative approach could be the inflation of the variance of the error models used in the position computation. The quality signal can be even used for spoofinng applications and a novel mitigation technique is developed and presented. In addition, the mitigation of the multipath can be reached at pseudoranges level by using new method to compute the position solution. The main contributions of this thesis are: the development of a multipath, or more in general, impairments detector at signal processing level; the creation of an index to measure the quality of a signal based on the detector’s output; the description of a novel signal processing method for detection and mitigation of spoofing effects, based on the use of linear regression algorithms; An alternative method to compute the Position Velocity and Time (PVT) solution by using different well known algorithms in order to mitigate the effects of the multipath on the position domain

PNT cyber resilience : a Lab2Live observer based approach, Report 1 : GNSS resilience and identified vulnerabilities. Technical Report 1

The use of global navigation satellite systems (GNSS) such as GPS and Galileo are vital sources of positioning, navigation and timing (PNT) information for vehicles. This information is of critical importance for connected autonomous vehicles (CAVs) due to their dependence on this information for localisation, route planning and situational awareness. A downside to solely relying on GNSS for PNT is that the signal strength arriving from navigation satellites in space is weak and currently there is no authentication included in the civilian GNSS adopted in the automotive industry. This means that cyber-attacks against the GNSS signal via jamming or spoofing are attractive to adversaries due to the potentially high impact they can achieve. This report reviews the vulnerabilities of GNSS services for CAVs (a summary is shown in Figure 1), as well as detection and mitigating techniques, summarises the opinions on PNT cyber testing sourced from a select group of experts, and finishes with a description of the associated lab-based and real-world feasibility study and proposed research methodology

Hardware Assisted Solutions for Automobile Security

In the past couple of decades, many in-vehicle features have been invented and deployed in order to make modern vehicles which not only safer and more reliable but also connected, smarter, and intelligent. Meanwhile, vehicular ad-hoc networks (VANETs) are proposed to provide communications between vehicles and road-side stations as the foundation of the intelligent transportation system to provide efficient and safe transportation. To support these updated functions, a large amount of electronic equipment has been integrated into the car system. Although these add-on functions around vehicles offer great help in driving assistance, they inevitably introduced new security vulnerabilities that threaten the safety of the on-board drivers, passengers and pedestrians. This has been demonstrated by many well-documented attacks either on the in-vehicle bus system or on the wireless vehicular network communications. In this dissertation, we design and implement several hardware-oriented solutions to the arousing security issues on vehicles. More specifically, we focus on three important and representative problems: (1) how to secure the in-vehicle Controller Area Network (CAN), (2) how to secure the communication between vehicle and outside, and (3) how to establish trust on VANETs. Current approaches based on cryptographic algorithms to secure CAN bus violate the strict timing and limited resource constraints for CAN communications. We thus emphasize on the alternate solution of intrusion detection system (IDS) in this dissertation. We explore monitoring the changes of CAN message content or the physical delay of its transmission to detect on the CAN bus. We first propose a new entropy-based IDS following the observation that all the known CAN message injection attacks need to alter the CAN identifier bit. Thus, analyzing the entropy changes of such bits can be an effective way to detect those attacks. Next, we develop a delay-based IDS to protect the CAN network by identifying the location of the compromised Electronic Control Unit (ECU) from the transmission delay difference to two terminals connected to the CAN bus. We demonstrate that both approaches can protect the integrity of the messages on CAN bus leading to a further improve the security and safety of autonomous vehicles. In the second part of this dissertation, we consider Plug-and-Secure, an industrial practice on key management for automotive CAN networks. It has been proven to be information theoretically secure. However, we discover side-channel attacks based on the physical properties of the CAN bus that can leak almost the entire secret key bits. We analyze the fundamental characteristics that lead to such attacks and propose techniques to minimize information leakage at the hardware level. Next, we extend our study from in-vehicle secure CAN communication to the communication between vehicle and outside world. We take the example of the popular GPS spoofing attack and show how we can use the rich information from CAN bus to build a cross-validation system to detect such attacks. Our approach is based on the belief that the local driving data from the in-vehicle network can be authenticated and thus trusted by secure CAN networks mechanisms. Such data can be used to cross-validate the GPS signals from the satellite which are vulnerable to spoofing attacks. We conduct driving tests on real roads to show that our proposed approach can defend both GPS spoofing attacks and location-based attacks on the VANETs. Finally, we propose a blockchain based Anonymous Reputation System (BARS) to establish a privacy-preserving trust model for VANETs. The certificate and revocation transparency is implemented efficiently with the proofs of presence and absence based on the extended blockchain technology. To prevent the broadcast of forged messages, a reputation evaluation algorithm is presented relying on both direct historical interactions of that vehicle and indirect opinions from the other vehicles. This dissertation features solutions to vehicle security problems based on hardware or physical characteristics, instead of cryptographic algorithms. We believe that given the critical timing requirement on vehicular systems and their very limited resource (such as the bandwidth on CAN bus), this will be a very promising direction to secure vehicles and vehicular network