Detection solution analysis for simplistic spoofing attacks in commercial mini and micro UAVs

Enamus droone kasutab lennundusest pärit GPS navigatsiooniseadmeid, millel puuduvad turvaprotokollid ning nende riskioht pahatahtlike rünnakute sihtmärgina on kasvanud hüppeliselt lähimineviku arengute ja progressi tõttu SDR ja GNSS simulatsioonitarkvara valdkonnas. See on loonud ligipääsu tehnikale amatöörkasutajatele, millel on saatja aadressi võltsimise jõudlus. Need potensiaalsed rünnakud kuuluvad lihtsakoeliste kategooriasse, kuid selle uurimustöö tulemusena selgus, et nendes rünnakute edukuses on olulised erinevused teatud GPS vastuvõtjate ja konfiguratsioonide vahel. \n\rSee uurimustöö analüüsis erinevaid saatja aadressi võltsimise avastamise meetodeid, mis olid avatud kasutajatele ning valis välja need, mis on sobilikud mini- ja mikrodroonide tehnonõuetele ja operatsioonistsenaariumitele, eesmärgiga pakkuda välja GPS aadresside rünnakute avastamiseks rakenduste tasandil avatud allikakoodiga Ground Control Station tarkvara SDK. Avastuslahenduse eesmärk on jälgida ja kinnitada äkilisi, abnormaalseid või ebaloogilisi tulemväärtusi erinevates drooni sensiorites lisaallkatest pärit lisainfoga. \n\rLäbiviidud testid kinnitavad, et olenevalt olukorrast ja tingimustest saavad saatja aadressi võltsimise rünnakud õnnestuda. Rünnakud piiravad GPS mehanismide ligipääsu, mida saab kasutada rünnakute avastuseks. Neid rünnakuid puudutav info asetseb infovoos või GPSi signaalprotsessi tasandis, kuid seda infot ei saa haarata tasandile kus SDK tarkvara haldab kõigi teiste sensorite infot.Most of UAVs are GPS navigation based aircrafts that rely on a system with lack of security, their latent risk against malicious attacks has been raised with the recent progress and development in SDRs and GNSS simulation software, facilitating to amateurs the accessibility of equipment with spoofing capabilities. The attacks which can be done with this setup belong to the category simplistic, however, during this thesis work there are validated different cases of successful results under certain GPS receivers’ state or configuration.\n\rThis work analysis several spoofing detection methods found in the open literature, and selects the ones which can be suitable for mini and micro UAV technical specifications and operational scenario, for proposing a GPS spoofing detection solution developed in the application layer of an open source code Ground Control Station software SDK. The detection solution is intended to monitor and correlate abrupt, abnormal or unreasonable values of different sensors of the UAV with data obtained from available additional sources.\n\rThe conducted tests validate the cases and circumstances where the spoofing attacks were successful. Limitations include the lack of mechanisms to access GPS values which can be useful for detection spoofing attacks, but reside in the data bit or signal processing layer of the GPS and can not be retrieve to the layer where the SDK in computing all data of other sensors

Simplified GNSS Fusion-based Train Positioning System and its Diagnosis

International audienceIn this paper, two simple GNSS-based positioning methods are proposed and their diagnostic functions for GNSS failure are tested. Firstly, the odometer-based method, which are proposed in our previous research [1], is concretized to be implemented for general cases. This method detects faults in the GNSS solution due to satellite failure or local effects using both odometry and track geometry of the onboard system. It enables to monitor all three-dimensional solution error so that higher sensitivity for the fault detection can be achieved. Secondly, single-axis accelerometer-based approach is newly proposed. Positioning architecture of this method is designed in traveling distance domain with the configuration of single-axis accelerometer installed along the forward direction. The diagnosis of GNSS signal can be done easily in one-dimensional space. Therefore, the latter method is expected to give greater sensitivity to detect GNSS failures while maintaining a relatively simple architecture. Both methods are tested in simulation, and their abilities for detecting fault in GNSS signal are investigated and compared

Securing Autonomous Vehicles Against GPS Spoofing Attacks: A Deep Learning Approach

With the rapid advancement of technology and multimedia systems, ensuring security has become a critical concern. Connected and Autonomous Vehicles (CAVs) are vulnerable to various hacking techniques, including jamming and spoofing. Global Positioning System (GPS) location spoofing poses a significant threat to CAVs, compromising their security and potentially endangering pedestrians and drivers. To address this issue, this research proposes a novel methodology that uses deep learning (DL) algorithms, such as Convolutional Neural Networks (CNN), and machine learning (ML) algorithms, such as Support Vector Machine (SVM), to protect CAVs from GPS location spoofing attacks. The proposed solution is validated using real-time simulations in the CARLA simulator, and extensive analysis of different learning algorithms is conducted to identify the most suitable approach across three distinct trajectories. Training and testing data include GPS coordinates, spoofed coordinates, and localization algorithm values. The proposed machine learning algorithm achieved 99% and 96% accuracy for the best and worst case scenarios, respectively. In case of deep learning, it achieved as high as 99% for best and 82% for the worst case scenario

PNT cyber resilience : a Lab2Live observer based approach, Report 1 : GNSS resilience and identified vulnerabilities. Technical Report 1

The use of global navigation satellite systems (GNSS) such as GPS and Galileo are vital sources of positioning, navigation and timing (PNT) information for vehicles. This information is of critical importance for connected autonomous vehicles (CAVs) due to their dependence on this information for localisation, route planning and situational awareness. A downside to solely relying on GNSS for PNT is that the signal strength arriving from navigation satellites in space is weak and currently there is no authentication included in the civilian GNSS adopted in the automotive industry. This means that cyber-attacks against the GNSS signal via jamming or spoofing are attractive to adversaries due to the potentially high impact they can achieve. This report reviews the vulnerabilities of GNSS services for CAVs (a summary is shown in Figure 1), as well as detection and mitigating techniques, summarises the opinions on PNT cyber testing sourced from a select group of experts, and finishes with a description of the associated lab-based and real-world feasibility study and proposed research methodology

Location Estimation and Recovery using 5G Positioning: Thwarting GNSS Spoofing Attacks

The availability of cheap GNSS spoofers can prevent safe navigation and tracking of road users. It can lead to loss of assets, inaccurate fare estimation, enforcing the wrong speed limit, miscalculated toll tax, passengers reaching an incorrect location, etc. The techniques designed to prevent and detect spoofing by using cryptographic solutions or receivers capable of differentiating legitimate and attack signals are insufficient in detecting GNSS spoofing of road users. Recent studies, testbeds, and 3GPP standards are exploring the possibility of hybrid positioning, where GNSS data will be combined with the 5G-NR positioning to increase the security and accuracy of positioning. We design the Location Estimation and Recovery(LER) systems to estimate the correct absolute position using the combination of GNSS and 5G positioning with other road users, where a subset of road users can be malicious and collude to prevent spoofing detection. Our Location Verification Protocol extends the understanding of Message Time of Arrival Codes (MTAC) to prevent attacks against malicious provers. The novel Recovery and Meta Protocol uses road users' dynamic and unpredictable nature to detect GNSS spoofing. This protocol provides fast detection of GNSS spoofing with a very low rate of false positives and can be customized to a large family of settings. Even in a (highly unrealistic) worst-case scenario where each user is malicious with a probability of as large as 0.3, our protocol detects GNSS spoofing with high probability after communication and ranging with at most 20 road users, with a false positive rate close to 0. SUMO simulations for road traffic show that we can detect GNSS spoofing in 2.6 minutes since its start under moderate traffic conditions

Timing and Navigation in UAVs: Synchronization of UAV Swarms and Testing GPS Error Effects on GNSS Reception

Precise timing and precise location information are provided by Global Navigation Satellite Systems (GNSS) and play a crucial role in the positioning, navigation and data acquisition of most Unmanned Aerial Vehicles (UAV). GNSS functions include the following applications in UAVs: time-stamping and geo-referencing of collected data and images, synchronization of swarm flying and follow-me flights, determination of position and attitude in-flight, flight trajectory by following a pre-defined number of waypoints, mission planning, return home automatically without external control, avoidance of obstacles and geo-fencing.  Some of these critical operations have implications for the safety of the UAV, the surrounding environment and health and safety of people, for example UAVs threatening to bring down aircrafts  at airports, which are no-fly zones for UAVs. The appropriate GNSS based function to avoid this is geo-fencing. Another example is obstacle avoidance to prevent collisions and damages both for the UAV and the obstacle, e.g. anything from a window pane, tree, human being, to a power line. In order to ensure health and safety it is thus important to ensure correct function of the navigation and the timing, under a wide variety of circumstances, and in different signal environments. There can be signal disturbances, such as obscurations by buildings or reflected GNSS signals, called multipath. The performance of timing and navigation based on GPS/GNSS can be tested and verified in a controlled and repeatable way in the laboratory with different types of test equipment. We will give an introduction to a wide range of potential threats to GNSS Positioning, navigation and timing and an overview of different test methods. In addition, we are presenting a method for time synchronization of drones to enable safe swarm and follow flights in UAVs

Interference Management and System Optimization with GNSS and non-GNSS Signals for Enhanced Navigation

In the last few decades, Global Navigation Satellite System (GNSS) has become an indispensable element in our society. Currently, GNSS is used in a wide variety of sectors and situations, some of them offering critical services, such as transportation, telecommunications, and finances. For this reason, and combined with the relative ease an attack on the GNSS wireless signals can be performed nowadays with an Software Defined Radio (SDR) transmitter, GNSS has become more and more a target of wireless attacks of diverse nature and motivations. Nowadays, anyone can buy an interference device (also known as a jammer device) for a few euros. These devices are legal to be bought in many countries, especially online. But at the same time, they are illegal to be used. These devices can interfere with signals in specific frequency bands, used for services such as GNSS. An outage in the GNSS service at a specific location area (which can be even a few km2) could end up in disastrous consequences, such as an economical loss or even putting lives at risk, since many critical services rely on GNSS for their correct functioning. Fundamentally, this thesis focuses on developing new methods and algorithms for interference management in GNSS. The main focus is on interference detection and classification, but discussions are also made about interference localization and mitigation. The detection and classification algorithms analyzed in this thesis are chosen from the point of view of the aviation domain, in which additional constraints (e.g., antenna placement, number of antennas, vibrations due to movement, etc.) need to be taken into account. The selected detection and classification methods are applied at the pre-correlation level, based on the raw received signal. They apply specific signal transforms in the digital domain (e.g., time-frequency transformations) to the received signal. With such algorithms, interferences can be detected at a level as low as 0 dB Jamming-to-Signal Ratio (JSR). The interference classification combines transformed signals with previously trained signals Convolutional Neural Network (CNN) and/or Support Vector Machine (SVM) to determine the type of interference signal among the studied ones. The accuracy of such a classification methodology is above 90%. Knowing which signal causes interference we can better optimize which mitigation and localization algorithm we should use to obtain the best mitigation results. Furthermore, this thesis also studies alternative positioning methods, starting from the premise that GNSS may not always be available and/or we are certain that we can not rely on it due to some reason such as high or unmitigated interferences. Therefore, if one needs to get a Position Velocity and Time (PVT) solution, one would have to rely on alternative signals that could offer positioning features, such as the cellular network signals (i.e. 4G, 5G, and further releases) and/or satellite positioning based on Low Earth Orbit (LEO) satellites. Those systems use presumably different frequency bands, which makes it more unlikely that they will be jammed at the same time as the GNSS signal. In this sense, positioning based on LEO satellites is studied in this thesis from the point of view of feasibility and expected performance

DeepPOSE: Detecting GPS Spoofing Attack Via Deep Recurrent Neural Network

The Global Positioning System (GPS) has become a foundation for most location-based services and navigation systems, such as autonomous vehicles, drones, ships, and wearable devices. However, it is a challenge to verify if the reported geographic locations are valid due to various GPS spoofing tools. Pervasive tools, such as Fake GPS, Lockito, and software-defined radio, enable ordinary users to hijack and report fake GPS coordinates and cheat the monitoring server without being detected. Furthermore, it is also a challenge to get accurate sensor readings on mobile devices because of the high noise level introduced by commercial motion sensors. To this end, we propose DeepPOSE, a deep learning model, to address the noise introduced in sensor readings and detect GPS spoofing attacks on mobile platforms. Our design uses a convolutional and recurrent neural network to reduce the noise, to recover a vehicle\u27s real-time trajectory from multiple sensor inputs. We further propose a novel scheme to map the constructed trajectory from sensor readings onto the Google map, to smartly eliminate the accumulation of errors on the trajectory estimation. The reconstructed trajectory from sensors is then used to detect the GPS spoofing attack. Compared with the existing method, the proposed approach demonstrates a significantly higher degree of accuracy for detecting GPS spoofing attacks

An Experimental Performance Evaluation of Innovations Sequence-based INS Monitor against GNSS Spoofing

Outgoin