516 research outputs found
Security of GPS/INS based On-road Location Tracking Systems
Location information is critical to a wide-variety of navigation and tracking
applications. Today, GPS is the de-facto outdoor localization system but has
been shown to be vulnerable to signal spoofing attacks. Inertial Navigation
Systems (INS) are emerging as a popular complementary system, especially in
road transportation systems as they enable improved navigation and tracking as
well as offer resilience to wireless signals spoofing, and jamming attacks. In
this paper, we evaluate the security guarantees of INS-aided GPS tracking and
navigation for road transportation systems. We consider an adversary required
to travel from a source location to a destination, and monitored by a INS-aided
GPS system. The goal of the adversary is to travel to alternate locations
without being detected. We developed and evaluated algorithms that achieve such
goal, providing the adversary significant latitude. Our algorithms build a
graph model for a given road network and enable us to derive potential
destinations an attacker can reach without raising alarms even with the
INS-aided GPS tracking and navigation system. The algorithms render the
gyroscope and accelerometer sensors useless as they generate road trajectories
indistinguishable from plausible paths (both in terms of turn angles and roads
curvature). We also designed, built, and demonstrated that the magnetometer can
be actively spoofed using a combination of carefully controlled coils. We
implemented and evaluated the impact of the attack using both real-world and
simulated driving traces in more than 10 cities located around the world. Our
evaluations show that it is possible for an attacker to reach destinations that
are as far as 30 km away from the true destination without being detected. We
also show that it is possible for the adversary to reach almost 60-80% of
possible points within the target region in some cities
Recommended from our members
Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer
A portable civilian GPS spoofer is implemented on a digital
signal processor and used to characterize spoofing effects and develop defenses against civilian spoofing. This
work is intended to equip GNSS users and receiver manufacturers
with authentication methods that are effective
against unsophisticated spoofing attacks. The work also
serves to refine the civilian spoofing threat assessment
by demonstrating the challenges involved in mounting a
spoofing attack.Aerospace Engineering and Engineering Mechanic
Secure Trajectory Planning Against Undetectable Spoofing Attacks
This paper studies, for the first time, the trajectory planning problem in
adversarial environments, where the objective is to design the trajectory of a
robot to reach a desired final state despite the unknown and arbitrary action
of an attacker. In particular, we consider a robot moving in a two-dimensional
space and equipped with two sensors, namely, a Global Navigation Satellite
System (GNSS) sensor and a Radio Signal Strength Indicator (RSSI) sensor. The
attacker can arbitrarily spoof the readings of the GNSS sensor and the robot
control input so as to maximally deviate his trajectory from the nominal
precomputed path. We derive explicit and constructive conditions for the
existence of undetectable attacks, through which the attacker deviates the
robot trajectory in a stealthy way. Conversely, we characterize the existence
of secure trajectories, which guarantee that the robot either moves along the
nominal trajectory or that the attack remains detectable. We show that secure
trajectories can only exist between a subset of states, and provide a numerical
mechanism to compute them. We illustrate our findings through several numerical
studies, and discuss that our methods are applicable to different models of
robot dynamics, including unicycles. More generally, our results show how
control design affects security in systems with nonlinear dynamics.Comment: Accepted for publication in Automatic
Cryptography Is Not Enough: Relay Attacks on Authenticated GNSS Signals
Civilian-GNSS is vulnerable to signal spoofing attacks, and countermeasures
based on cryptographic authentication are being proposed to protect against
these attacks. Both Galileo and GPS are currently testing broadcast
authentication techniques based on the delayed key disclosure to validate the
integrity of navigation messages. These authentication mechanisms have proven
secure against record now and replay later attacks, as navigation messages
become invalid after keys are released. This work analyzes the security
guarantees of cryptographically protected GNSS signals and shows the
possibility of spoofing a receiver to an arbitrary location without breaking
any cryptographic operation. In contrast to prior work, we demonstrate the
ability of an attacker to receive signals close to the victim receiver and
generate spoofing signals for a different target location without modifying the
navigation message contents. Our strategy exploits the essential common
reception and transmission time method used to estimate pseudorange in GNSS
receivers, thereby rendering any cryptographic authentication useless. We
evaluate our attack on a commercial receiver (ublox M9N) and a software-defined
GNSS receiver (GNSS-SDR) using a combination of open-source tools, commercial
GNSS signal generators, and software-defined radio hardware platforms. Our
results show that it is possible to spoof a victim receiver to locations around
4000 km away from the true location without requiring any high-speed
communication networks or modifying the message contents. Through this work, we
further highlight the fundamental limitations in securing a broadcast
signaling-based localization system even if all communications are
cryptographically protected
GNSS Spoof Detection Using Shipboard IMU Measurements
A variety of approaches have been proposed in the literature to detect spooing of Global Navigation Satellite Systems (GNSS). These approaches vary widely based upon the assumed capabilities and a priori knowledge of the spoofer. This paper considers a method to detect spoofing based on comparing the relative (not absolute) platform trajectory estimated by the GNSS receiver to the relative trajectory developed from IMU measurements (specifically pitch and roll from a gyro compass). The primary contribution of this paper is the development and analysis of a GNSS spoofing detection algorithm that exploits the unknown (to the spoofer) âhighâ frequency pitch/roll motion of the ship as seen by a commercial-off-the-shelf (COTS) receiver and an inertial measurement unit (IMU) that may already be in use onboard ships. We focus on generalized likelihood ratio tests using simple models of the GNSS and gyro measurements. Further, we avoid using a navigation filter, such as the extended Kalman filter, on the measurements; instead, the algorithm directly employs the instantaneous trajectories. Experimental results are shown using a commercial GNSS receiver with data from a GNSS simulator with IMU capability. The length of time and amount of motion required to achieve low probabilities of false alarm and missed detection are analyzed
Location-independent GNSS Relay Attacks: A Lazy Attackerâs Guide to Bypassing Navigation Message Authentication
In this work, we demonstrate the possibility of spoofing a GNSS receiver to arbitrary locations without modifying the navigation messages. Due to increasing spoofing threats, Galileo and GPS are evaluating broadcast authentication techniques to validate the integrity of navigation messages. Prior work required an adversary to record the GNSS signals at the intended spoofed location and relay them to the victim receiver. Our attack demonstrates the ability of an adversary to receive signals close to the victim receiver and in real-time generate spoofing signals for an arbitrary location without modifying the navigation message contents.We exploit the essential common reception and transmission time method used to estimate pseudorange in GNSS receivers, thereby potentially rendering any cryptographic authentication useless. We build a proof-of-concept real-time spoofer capable of receiving authenticated GNSS signals and generating spoofing signals for any arbitrary location and motion without requiring any high-speed communication networks or modifying the message contents. Our evaluations show that it is possible to spoof a victim receiver to locations as far as 4000 km away from the actual location and with any dynamic motion path. This work further highlights the fundamental limitations in securing a broadcast signaling-based localization system even if all communications are cryptographically protected
Quantum Geo-Encryption
In this work we introduce the concept of quantum geo-encryption - a protocol
that invokes direct quantum encryption of messages coupled to quantum location
monitoring of the intended receiver. By obfuscating the quantum information
required by both the decrypting process and the location verification process,
a communication channel is created in which the encrypted data can only be
decrypted at a specific geographic locale. Classical wireless communications
can be invoked to unlock the quantum encryption process thereby allowing for
any deployment scenario regardless of the channel conditions. Quantum
geo-encryption can also be used to realize quantum-computing instructions that
can only be implemented at a specific location, and allow for a specified
geographical data-route through a distributed network. Here we consider the
operational aspects of quantum geo-encryption in generic Rician channels,
demonstrating that the likelihood of a successful spoofing attack approaches
zero as the adversary moves away from the allowed decrypting location. The work
introduced here resolves a long-standing quest to directly deliver information
which can only be decrypted at a given location free of assumptions on the
physical security of a receiver.Comment: 3 Figure
- âŠ