Detection solution analysis for simplistic spoofing attacks in commercial mini and micro UAVs

Enamus droone kasutab lennundusest pärit GPS navigatsiooniseadmeid, millel puuduvad turvaprotokollid ning nende riskioht pahatahtlike rünnakute sihtmärgina on kasvanud hüppeliselt lähimineviku arengute ja progressi tõttu SDR ja GNSS simulatsioonitarkvara valdkonnas. See on loonud ligipääsu tehnikale amatöörkasutajatele, millel on saatja aadressi võltsimise jõudlus. Need potensiaalsed rünnakud kuuluvad lihtsakoeliste kategooriasse, kuid selle uurimustöö tulemusena selgus, et nendes rünnakute edukuses on olulised erinevused teatud GPS vastuvõtjate ja konfiguratsioonide vahel. \n\rSee uurimustöö analüüsis erinevaid saatja aadressi võltsimise avastamise meetodeid, mis olid avatud kasutajatele ning valis välja need, mis on sobilikud mini- ja mikrodroonide tehnonõuetele ja operatsioonistsenaariumitele, eesmärgiga pakkuda välja GPS aadresside rünnakute avastamiseks rakenduste tasandil avatud allikakoodiga Ground Control Station tarkvara SDK. Avastuslahenduse eesmärk on jälgida ja kinnitada äkilisi, abnormaalseid või ebaloogilisi tulemväärtusi erinevates drooni sensiorites lisaallkatest pärit lisainfoga. \n\rLäbiviidud testid kinnitavad, et olenevalt olukorrast ja tingimustest saavad saatja aadressi võltsimise rünnakud õnnestuda. Rünnakud piiravad GPS mehanismide ligipääsu, mida saab kasutada rünnakute avastuseks. Neid rünnakuid puudutav info asetseb infovoos või GPSi signaalprotsessi tasandis, kuid seda infot ei saa haarata tasandile kus SDK tarkvara haldab kõigi teiste sensorite infot.Most of UAVs are GPS navigation based aircrafts that rely on a system with lack of security, their latent risk against malicious attacks has been raised with the recent progress and development in SDRs and GNSS simulation software, facilitating to amateurs the accessibility of equipment with spoofing capabilities. The attacks which can be done with this setup belong to the category simplistic, however, during this thesis work there are validated different cases of successful results under certain GPS receivers’ state or configuration.\n\rThis work analysis several spoofing detection methods found in the open literature, and selects the ones which can be suitable for mini and micro UAV technical specifications and operational scenario, for proposing a GPS spoofing detection solution developed in the application layer of an open source code Ground Control Station software SDK. The detection solution is intended to monitor and correlate abrupt, abnormal or unreasonable values of different sensors of the UAV with data obtained from available additional sources.\n\rThe conducted tests validate the cases and circumstances where the spoofing attacks were successful. Limitations include the lack of mechanisms to access GPS values which can be useful for detection spoofing attacks, but reside in the data bit or signal processing layer of the GPS and can not be retrieve to the layer where the SDK in computing all data of other sensors

Implementation of an Extended Kalman Filter Using Inertial Sensor Data for UAVs During GPS Denied Applications

Unmanned Aerial Vehicles (UAVs) are widely used across the industry and have a strong military application for defense. As UAVs become more accessible so does the increase of their applications, now being more limited by one’s imagination as opposed to the past where micro electric components were the limiting factor. Almost all of the applications require GPS or radio guidance. For more covert and longer range missions relying solely on GPS and radio is insufficient as the Unmanned Aerial System is vulnerable to malicious encounters like GPS Jamming and GPS Spoofing. For long range mission GPS denied environments are common where loss of signal is experienced. For autonomous flight GPS is a fundamental requirement. In this work an advanced inertial navigation system is proposed along with a programmable Pixhawk flight controller and Cube Black autopilot. A Raspberry Pi serves as a companion computer running autonomous flight missions and providing data acquisition. The advancement in inertial navigation comes from the implementation of a high end Analog Devices’ IMU providing input to an Extended Kalman Filter (EKF) to reduce error associated with measurement noise. The EKF is a efficient recursive computation applying the least-squares method. UAS flight controller simulations and calibrations were conducted to ensure the expected flight capabilities were achieved. The developed software and hardware was implemented in a Quadcopter build to perform flight test. Flight test data were used to analyze the performance post flight. Later, simulated feedback of the inertial navigation based state estimates (from flight test data) is performed to ensure reliable position data during GPS denied flight. The EKF applied to perform strapdown navigation was a limited success at estimating the vehicles’ inertial states but only when tuned for the specific flight trajectory. The predicted position was successfully converted to GPS data and passed to the autopilot in a LINUX based simulations ensuring autonomous mission capability is maintainable in GPS denied environments. The results from this research can be applied with ease to any vehicle operating with a Pixhawk controller and a companion computer of the appropriate processing capability

Intentional control of invasive mobile wireless systems

Within recent years, remotely operated or autonomous drones have been encroaching on the realm of consumer electronics and are beginning to crowd the airspace in populated areas. As such, the number of incidents involving drones has seen a sharp increase and concerns are being raised. In this sense, the current work aims to explore a method which enables spoofing of the Global Positioning System (GPS) many of these devices use to navigate, and thus provide a way to shift them off course and away from the intended areas. The proposed hypothesis is that, by altering the parameters by which GPS receivers correct for clock errors in the navigation systems, it is possible to shift the device’s perceived position in a measurable and easily replicable way. To test this hypothesis, a simulator was developed to test different offsets applied to the clock correction coefficients of a GPS navigation message. The positions resulting from calculations using these altered parameters were then plotted on a map of the surrounding area and analysed. As expected, the positions are effectively and predictably altered according to the offsets applied. In order to validate the results from the simulations, real world tests were conducted using a Software Defined Radio (SDR) platform and an open source GPS Signal Generator which was modified to generate a signal based on the altered data from the simulations. With these tests it was asserted that the spoofed signals were able to consistently cause receivers to miscalculate their positions analogously to the simulations.Recentemente, drones operados remotamente ou de funcionamento autónomo têm surgido no domínio dos produtos eletrónicos para consumidores e começam a popular o espaço aéreo das áreas populacionais. Como tal, o número de incidentes envolvendo estes dispositivos tem sofrido um aumento acentuado. Neste sentido, o presente trabalho visa explorar um método que permita a falsificação dos sinais Global Positioning System (GPS) utilizados por muitos destes dispositivos para navegar, com o intuito de desenvolver uma forma de alterar a sua rota para longe das áreas desejadas. A hipótese em estudo é a de que, alterando os parâmetros usados pelos recetores GPS para corrigir erros de relógio nos sistemas de navegação, é possível alterar a posição calculada pelo dispositivo de uma forma mensurável e facilmente replicável. Para testar esta hipótese, foi desenvolvido um simulador que permite testar diferentes desvios aplicados aos valores dos coeficientes de correção do relógio presentes nas mensagens de navegação GPS. As posições resultantes de cálculos dependentes destes parâmetros foram depois traçadas num mapa da área circundante e analisadas. Como esperado, as posições são eficaz e previsivelmente alteradas de acordo com os desvios aplicados. Por forma a validar os resultados das simulações, foram realizados testes físicos usando uma plataforma de Software Defined Radio (SDR) e um gerador de sinais GPS open source que foi modificado para gerar sinais com base nos dados alterados das simulações. Estes testes sustentam a hipótese de que os sinais falsificados são capazes de provocar, consistentemente, a deteção errónea de posições por parte dos recetores de forma análoga à das simulações

다양한 교란 시나리오를 이용한 GNSS 수신기 성능 분석에 대한 연구

학위논문(박사)--서울대학교 대학원 :공과대학 기계항공공학부,2020. 2. 기창돈.The security and safety aspects of global navigation satellite systems have been receiving significant attention from researchers and the general public, because the use of GNSS has been increasing in modern society. In this situation, the importance of GNSS safety and security is also increasing. The most dangerous type of interference is a spoofing because if the receiver captures a spoofing signal, the navigation solution can be controlled by the spoofer. In this paper, I analyzed the characteristics of the main spoofing parameters that determines the success or failure of spoofing process when the spoofing signal is injected into the receiver. I also proposed a CCEE. It determines the spoofing result according to the various spoofing parameter. Also the correlation between spoofing parameters could be explained by estimating the boundary value and line using CCEE. In addition, spoofing success and failure could be distinguished in the spoofing parameter space using CCEE results. When the covert capture is performed at the receiver, the two correlation peaks of authentic and covert capture signals are generated on the code domain. The relative velocity (Doppler difference value) of the two signal peaks determines the time of total spoofing process. In general, the timing at which the DLL tracking lock point is switched from the authentic signal to the spoofing signal is different according to the visible satellite. This raises the value of WSSE. In order to minimize this, the spoofing should be performed in a short time by determining the optimal sweep direction. In a 3D situation, triangles are defined using a particular visible satellites, and the circumcenter direction of the triangle on the victim becomes the optimal direction, and the relative speed of the authentic and the covert capture signal for the visible satellite be maximized on the optimal covert capture direction. To simulate the proposed methods, we defined the covet capture scenarios and generated the IF data to simulate the intended scenarios. Then, using the corresponding IF data, signal processing was performed through SDR. Through this, it was confirmed that the spoofing is successfully performed as intended scenarios through the optimal spoofing parameters generated through CCEE, and the covert capture process time is noticeably minimized through the optimal sweep direction.GNSS는 점점 활용범위가 확장되고 있고, 현재는 대체불가능한 시스템이 되었다. 이런 상황에서 GNSS의 안전 및 보안의 중요성 또한 크게 증가하고 있다. 본 논문에서는 GNSS의 보안에 가장 위협이 되는 기만에 대해서, 기만 신호가 수신기에 주입되었을 때 수신기의 ACF가 어떻게 변화되어 가며 기만 공격을 결정하는 주된 기만파라미터들의 특징에 대해서 분석을 진행하였다. 그리고 기만 신호에 따른 기만 결과를 결정하는 CCEE를 제안하고, 이를 통해서 기만파라미터들의 상관관계에 대해서 분석하였다. 기존에는 무수히 반복된 계산을 통해서 판단 가능한 기만 결과를 CCEE를 통해 한번의 계산으로 결과를 확인하도록 하였다. 또한 CCEE를 이용하여 경계 값과 경계 라인을 정의함으로써, 기만파라미터 공간에서 기만 성공과 실패를 구분할 수 있음이 확인되었다. 수신기에서 기만이 수행될 때, 코드도메인상에서 replica와 cross correlation에 의한 원신호와 기만신호 각각의 correlation peak가 생성된다. 두 신호 peak의 상대속도가 기만이 수행되는 시간을 결정한다. 일반적으로 기만이 수행되는 동안, 각 채널간 DLL tracking lock 지점이 원신호에서 기만신호로 전환되는 시점이 다르다. 이로 인해서 WSSE의 값이 상승하게 된다. 이를 최소화하기 위해서, 최적 기만 sweep 방향을 결정함으로써 빠른 시간에 기만을 수행할 수 있음을 확인하였다. 3D 상황에서 특정 가시위성를 이용하여 삼각형을 정의하고, 해당 삼각형의 외심 방향이 최적 방향이 되며, 해당 방향이 기만 수행이 가장 늦게 되는 가시위성에 대한 원신호와 기만신호의 상대속도가 최대가 되는 방향임을 확인하였다. 제안된 방법들을 모사하기 위해서, 기만시나리오를 정의하고, 해당 기만시나리오를 모사하는 IF data를 생성하였다. 그리고, 해당 IF data를 이용하여, SDR을 통해서 신호 처리를 진행하였다. 이를 통해, CCEE를 적용하여 생성한 최적 기만파라미터로 기만이 의도된 데로 수행이 되며, optimal 방향을 통해 기만수행시간이 최소화 됨을 확인하였다.Chapter 1. Introduction 1 1.1. Research Motivation １ 1.2. Related research ２ 1.3. Outline of the Dissertation ４ 1.4. Contributions 5 Chapter 2. Background ７ 2.1. GPS receiver fundamental ７ 2.1.1. GPS signal structure ７ 2.1.2. Signal processing structure of GPS receiver ９ 2.1.3. Signal acquisition １０ 2.1.4. Signal tracking １１ 2.1.5. Navigation Message Decoding １４ 2.1.6. Pseudorange model and range calculation １６ 2.2. GNSS interferences and attack strategies １９ 2.2.1. Types of GNSS interferences １９ 2.2.2. Interference attack strategies ２１ Chapter 3. Covert Capture Effectiveness Equation ２６ 3.1. Authentic and spoofing signal ACF model ２６ 3.2. Spoofing scenario simulation using ACF model ３０ 3.3. Development of spoofing process equation ３３ 3.3.1. conventional approach for tau calculation ３３ 3.3.2. proposed approach for τ calculation ３４ 3.3.3. Spoofing attack success or failure criteria ３７ 3.3.4. Derivation of SPE ４４ 3.4. Analysis of CCEE simulation results ４９ 3.4.1. CCEE performance analysis ４９ 3.4.2. Determination of boundary line and surface using SPE ５３ Chapter 4. Optimal sweep direction of covert capture signal ５８ 4.1. Maximum Doppler difference value ５８ 4.2. Optimal covert capture direction in 2D case ６２ 4.3. Optimal covert capture direction in 3D case ６８ 4.4. Optimal covert capture direction using optimization method ７１ Chapter 5. Covert capture simulation using software defined receiver ７３ 5.1. Implementation of GNSS measurement and IF data generation simulator ７３ 5.1.1. Pseudorange model ７３ 5.1.2. Simulator structure ７４ 5.1.3. Signal amplitude calculation in spoofing scenario ７５ 5.2. CCEE simulation in SDR ８１ 5.2.1. Compensation value calculation for covert capture ８４ 5.2.2. Compensation value calculation for covert capture ８５ 5.3. Optimal covert capture direction simulation in SDR ９２ Chapter 6. Changing the user's trajectory using covert capture signal ９５ Chapter 7. Conclusions and future works １０２ 7.1. Conclusions １０２ 7.2. Future works １０３ Capture 8. Reference １０４Docto

Navigation for UAVs using Signals of Opportunity

The reliance of Unmanned Aerial Vehicles (UAVs) on Global Navigation Satellite System (GNSS) for autonomous operation represents a significant vulnerability to their reliable and secure operation due to signal interference, both incidental (e.g. terrain shadowing, ionospheric scintillation) and malicious (e.g. jamming, spoofing). An accurate and reliable alternative UAV navigation system is proposed that exploits Signals of Opportunity (SOP) thus offering superior signal strength and spatial diversity compared to satellite signals. Given prior knowledge of the transmitter's position and signal characteristics, the proposed technique utilizes triangulation to estimate the receiver's position. Dual antenna interferometry provides the received signals' Angle of Arrival (AoA) required for triangulation. Reliance on precise knowledge of the antenna system's orientation is removed by combining AoAs from different transmitters to obtain a differential Angles of Arrival (dAoAs). Analysis, simulation, and ground-based experimental techniques are used to characterize system performance; a path to miniaturized system integration is also presented. Results from these ground-based experiments show that when the received signal-to-noise ratio (SNR) is above about 45 dB (typically in within 30 km of the transmitters), the proposed method estimates the receiver's position uncertainty range from less than 20 m to about 60 m with an update rate of 10 Hz

An autonomous navigational system using GPS and computer vision for futuristic road traffic

Navigational service is one of the most essential dependency towards any transport system and at present, there are various revolutionary approaches that has contributed towards its improvement. This paper has reviewed the global positioning system (GPS) and computer vision based navigational system and found that there is a large gap between the actual demand of navigation and what currently exists. Therefore, the proposed study discusses about a novel framework of an autonomous navigation system that uses GPS as well as computer vision considering the case study of futuristic road traffic system. An analytical model is built up where the geo-referenced data from GPS is integrated with the signals captured from the visual sensors are considered to implement this concept. The simulated outcome of the study shows that proposed study offers enhanced accuracy as well as faster processing in contrast to existing approaches

DRONE DELIVERY OF CBNRECy – DEW WEAPONS Emerging Threats of Mini-Weapons of Mass Destruction and Disruption (WMDD)

Drone Delivery of CBNRECy – DEW Weapons: Emerging Threats of Mini-Weapons of Mass Destruction and Disruption (WMDD) is our sixth textbook in a series covering the world of UASs and UUVs. Our textbook takes on a whole new purview for UAS / CUAS/ UUV (drones) – how they can be used to deploy Weapons of Mass Destruction and Deception against CBRNE and civilian targets of opportunity. We are concerned with the future use of these inexpensive devices and their availability to maleficent actors. Our work suggests that UASs in air and underwater UUVs will be the future of military and civilian terrorist operations. UAS / UUVs can deliver a huge punch for a low investment and minimize human casualties.https://newprairiepress.org/ebooks/1046/thumbnail.jp

Space Systems: Emerging Technologies and Operations

SPACE SYSTEMS: EMERGING TECHNOLOGIES AND OPERATIONS is our seventh textbook in a series covering the world of UASs / CUAS/ UUVs. Other textbooks in our series are Drone Delivery of CBNRECy – DEW Weapons: Emerging Threats of Mini-Weapons of Mass Destruction and Disruption (WMDD); Disruptive Technologies with applications in Airline, Marine, Defense Industries; Unmanned Vehicle Systems & Operations On Air, Sea, Land; Counter Unmanned Aircraft Systems Technologies and Operations; Unmanned Aircraft Systems in the Cyber Domain: Protecting USA’s Advanced Air Assets, 2nd edition; and Unmanned Aircraft Systems (UAS) in the Cyber Domain Protecting USA\u27s Advanced Air Assets, 1st edition. Our previous six titles have received considerable global recognition in the field. (Nichols & Carter, 2022) (Nichols et al., 2021) (Nichols R. K. et al., 2020) (Nichols R. et al., 2020) (Nichols R. et al., 2019) (Nichols R. K., 2018) Our seventh title takes on a new purview of Space. Let\u27s think of Space as divided into four regions. These are Planets, solar systems, the great dark void (which fall into the purview of astronomers and astrophysics), and the Dreamer Region. The earth, from a measurement standpoint, is the baseline of Space. It is the purview of geographers, engineers, scientists, politicians, and romantics. Flying high above the earth are Satellites. Military and commercial organizations govern their purview. The lowest altitude at which air resistance is low enough to permit a single complete, unpowered orbit is approximately 80 miles (125 km) above the earth\u27s surface. Normal Low Earth Orbit (LEO) satellite launches range between 99 miles (160 km) to 155 miles (250 km). Satellites in higher orbits experience less drag and can remain in Space longer in service. Geosynchronous orbit is around 22,000 miles (35,000 km). However, orbits can be even higher. UASs (Drones) have a maximum altitude of about 33,000 ft (10 km) because rotating rotors become physically limiting. (Nichols R. et al., 2019) Recreational drones fly at or below 400 ft in controlled airspace (Class B, C, D, E) and are permitted with prior authorization by using a LAANC or DroneZone. Recreational drones are permitted to fly at or below 400 ft in Class G (uncontrolled) airspace. (FAA, 2022) However, between 400 ft and 33,000 ft is in the purview of DREAMERS. In the DREAMERS region, Space has its most interesting technological emergence. We see emerging technologies and operations that may have profound effects on humanity. This is the mission our book addresses. We look at the Dreamer Region from three perspectives:1) a Military view where intelligence, jamming, spoofing, advanced materials, and hypersonics are in play; 2) the Operational Dreamer Region; whichincludes Space-based platform vulnerabilities, trash, disaster recovery management, A.I., manufacturing, and extended reality; and 3) the Humanitarian Use of Space technologies; which includes precision agriculture wildlife tracking, fire risk zone identification, and improving the global food supply and cattle management. Here’s our book’s breakdown: SECTION 1 C4ISR and Emerging Space Technologies. C4ISR stands for Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance. Four chapters address the military: Current State of Space Operations; Satellite Killers and Hypersonic Drones; Space Electronic Warfare, Jamming, Spoofing, and ECD; and the challenges of Manufacturing in Space. SECTION 2: Space Challenges and Operations covers in five chapters a wide purview of challenges that result from operations in Space, such as Exploration of Key Infrastructure Vulnerabilities from Space-Based Platforms; Trash Collection and Tracking in Space; Leveraging Space for Disaster Risk Reduction and Management; Bio-threats to Agriculture and Solutions From Space; and rounding out the lineup is a chapter on Modelling, Simulation, and Extended Reality. SECTION 3: Humanitarian Use of Space Technologies is our DREAMERS section. It introduces effective use of Drones and Precision Agriculture; and Civilian Use of Space for Environmental, Wildlife Tracking, and Fire Risk Zone Identification. SECTION 3 is our Hope for Humanity and Positive Global Change. Just think if the technologies we discuss, when put into responsible hands, could increase food production by 1-2%. How many more millions of families could have food on their tables? State-of-the-Art research by a team of fifteen SMEs is incorporated into our book. We trust you will enjoy reading it as much as we have in its writing. There is hope for the future.https://newprairiepress.org/ebooks/1047/thumbnail.jp

Swarm of UAVs for Network Management in 6G: A Technical Review

Fifth-generation (5G) cellular networks have led to the implementation of beyond 5G (B5G) networks, which are capable of incorporating autonomous services to swarm of unmanned aerial vehicles (UAVs). They provide capacity expansion strategies to address massive connectivity issues and guarantee ultra-high throughput and low latency, especially in extreme or emergency situations where network density, bandwidth, and traffic patterns fluctuate. On the one hand, 6G technology integrates AI/ML, IoT, and blockchain to establish ultra-reliable, intelligent, secure, and ubiquitous UAV networks. 6G networks, on the other hand, rely on new enabling technologies such as air interface and transmission technologies, as well as a unique network design, posing new challenges for the swarm of UAVs. Keeping these challenges in mind, this article focuses on the security and privacy, intelligence, and energy-efficiency issues faced by swarms of UAVs operating in 6G mobile networks. In this state-of-the-art review, we integrated blockchain and AI/ML with UAV networks utilizing the 6G ecosystem. The key findings are then presented, and potential research challenges are identified. We conclude the review by shedding light on future research in this emerging field of research.Comment: 19,