The Texas Spoofing Test Battery: Toward a Standard for Evaluating GPS Signal Authentication Techniques

A battery of recorded spoofing scenarios has been compiled for evaluating civil Global Positioning System (GPS) signal authentication techniques. The battery can be considered the data component of an evolving standard meant to define the notion of spoof resistance for commercial GPS receivers. The setup used to record the scenarios is described. A detailed description of each scenario reveals readily detectable anomalies that spoofing detectors could target to improve GPS securityAerospace Engineering and Engineering Mechanic

An Integrated Framework for Sensing Radio Frequency Spectrum Attacks on Medical Delivery Drones

Drone susceptibility to jamming or spoofing attacks of GPS, RF, Wi-Fi, and operator signals presents a danger to future medical delivery systems. A detection framework capable of sensing attacks on drones could provide the capability for active responses. The identification of interference attacks has applicability in medical delivery, disaster zone relief, and FAA enforcement against illegal jamming activities. A gap exists in the literature for solo or swarm-based drones to identify radio frequency spectrum attacks. Any non-delivery specific function, such as attack sensing, added to a drone involves a weight increase and additional complexity; therefore, the value must exceed the disadvantages. Medical delivery, high-value cargo, and disaster zone applications could present a value proposition which overcomes the additional costs. The paper examines types of attacks against drones and describes a framework for designing an attack detection system with active response capabilities for improving the reliability of delivery and other medical applications.Comment: 7 pages, 1 figures, 5 table

Radio Frequency Interference Impact Assessment on Global Navigation Satellite Systems

The Institute for the Protection and Security of the Citizen of the EC Joint Research Centre (IPSC-JRC) has been mandated to perform a study on the Radio Frequency (RF) threat against telecommunications and ICT control systems. This study is divided into two parts. The rst part concerns the assessment of high energy radio frequency (HERF) threats, where the focus is on the generation of electromagnetic pulses (EMP), the development of corresponding devices and the possible impact on ICT and power distribution systems. The second part of the study concerns radio frequency interference (RFI) with regard to global navigation satellite systems (GNSS). This document contributes to the second part and contains a detailed literature study disclosing the weaknesses of GNSS systems. Whereas the HERF analysis only concerns intentional interference issues, this study on GNSS also takes into account unintentional interference, enlarging the spectrum of plausible interference scenarios.JRC.DG.G.6-Security technology assessmen

Signal processing techniques for GNSS anti-spoofing algorithms

The Global Navigation Satellite Systems (GNSS) usage is growing at a very high rate, and more applications are relying on GNSS for correct functioning. With the introduction of new GNSSs, like the European Galileo and the Chinese Beidou, in addition to the existing ones, the United States Global Positioning System (GPS) and the Russian GLONASS, the applications, accuracy of the position and usage of the signals are increasing by the day. Given that GNSS signals are received with very low power, they are prone to interference events that may reduce the usage or decrease the accuracy. From these interference, the spoofing attack is the one that has drawn major concerns in the GNSS community. A spoofing attack consist on the transmission of GNSS-like signals, with the goal of taking control of the receiver and make it compute an erroneous position and time solution. In the thesis, we focus on the design and validation of different signal processing techniques, that aim at detection and mitigation of the spoofing attack effects. These are standalone techniques, working at the receiver’s level and providing discrimination of spoofing events without the need of external hardware or communication links. Four different techniques are explored, each of them with its unique sets of advantages and disadvantages, and a unique approach to spoofing detection. For these techniques, a spoofing detection algorithm is designed and implemented, and its capabilities are validated by means of a set of datasets containing spoofing signals. The thesis focuses on two different aspects of the techniques, divided as per detection and mitigation capabilities. Both detection techniques are complementary, their joint use is explored and experimental results are shown that demonstrate the advantages. In addition, each mitigation technique is analyzed separately as they require specialized receiver architecture in order to achieve spoofing detection and mitigation. These techniques are able to decrease the effects of the spoofing attacks, to the point of removing the spoofing signal from the receiver and compute navigation solutions that are not controlled by the spoofer and lead in more accurate end results. The main contributions of this thesis are: the description of a multidimensional ratio metric test for distinction between spoofing and multipath effects; the introduction of a cross-check between automatic gain control measurements and the carrier to noise density ratio, for distinction between spoofing attacks and other interference events; the description of a novel signal processing method for detection and mitigation of spoofing effects, based on the use of linear regression algorithms; and the description of a spoofing detection algorithm based on a feedback tracking architecture

Security Evaluation of GNSS Signal Quality Monitoring Techniques against Optimal Spoofing Attacks

GNSSs have a significant impact on everyday life and, therefore, the are increasingly becoming an attractive target for illicit exploitation. As such, anti-spoofing algorithms have become an relevant research topic within the GNSS discipline. This Thesis provides a review of recent research in the field of GNSS spoofing/anti-spoofing, designs a method to generate an energy optimal spoofing signal and evaluates the performance of the anti-spoofing signal quality monitoring techniques against it

A comprehensive proposal for securing terrestrial radionavigation systems

The security of terrestrial radionavigation systems (TRNS) has not yet been addressed in the literature. This proposal builds on what is known about securing global navigation satellite systems (GNSS) to address this gap, re-evaluating proposals for GNSS security in light of the distinctive properties of TRNS. TRNS of the type envisioned in this paper are currently in their infancy, unburdened by considerations of backwards compatibility: security for TRNS is a clean slate. This thesis argues that waveform- or signal-level security measures are irrelevant for TRNS, preventing neither spoofing nor unauthorized use of the service. Thus, only security measures which modify navigation message bits merit consideration. This thesis proposes orthogonal mechanisms combining navigation message encryption (NME) and navigation message authentication (NMA), constructed from standard cryptography primitives and specialized to TRNS: message encryption allows providers to offer tiered access to navigation parameters on a bit-by-bit basis, and message authentication disperses the bits of a message authentication code across all data packets, posing an additional challenge to spoofers. This cryptographic proposal, however, is still vulnerable to certain types of replay threats. This thesis addresses this gap by augmenting TRNS with autonomous signal-situational-awareness (SSA) capability, allowing TRNS operators to detect spoofing and meaconing attacks. Two signal authentication techniques for SSA are developed to detect a weak spoofing signal in the presence of static and dynamic multipath. This thesis also proposes enhancements to these signal authentication techniques. These enhancements exploit the synergy from combining information across multiple epochs, or over multiple monitoring beacons, to further lower the spoofer detection threshold. Both techniques with their enhancements are shown to be effective in simulations of the varied operating environments that a generic TRNS will encounter. With both proposed cryptographic NME+NMA scheme and autonomous SSA in place, TRNS gains a defensive capability that GNSS cannot easily match: a comprehensive defense against most man-in-the-middle attacks on position, navigation and timing services.Aerospace Engineerin

Unconditionally Secure Authentication and Integrity Protection for the Galileo Open Service Signal

The operational GNSSs do not offer authentication and integrity protection for the Open Service (OS) signal/message. But it is urgently needed, since several attacks can threat the OS user. By this reason the Galileo GNSS is working on this issue. This thesis contributes at the problem by adopting an approach as generic as possible, which outlines a theoretical bound on the key size. Therefore, the focus is providing data and signal unconditionally secure authentication and integrity pro

On the Security of the Automatic Dependent Surveillance-Broadcast Protocol

Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next generation air transportation systems. As the heart of modern air traffic control, it will play an essential role in the protection of two billion passengers per year, besides being crucial to many other interest groups in aviation. The inherent lack of security measures in the ADS-B protocol has long been a topic in both the aviation circles and in the academic community. Due to recently published proof-of-concept attacks, the topic is becoming ever more pressing, especially with the deadline for mandatory implementation in most airspaces fast approaching. This survey first summarizes the attacks and problems that have been reported in relation to ADS-B security. Thereafter, it surveys both the theoretical and practical efforts which have been previously conducted concerning these issues, including possible countermeasures. In addition, the survey seeks to go beyond the current state of the art and gives a detailed assessment of security measures which have been developed more generally for related wireless networks such as sensor networks and vehicular ad hoc networks, including a taxonomy of all considered approaches.Comment: Survey, 22 Pages, 21 Figure

Authentication and Integrity Protection at Data and Physical layer for Critical Infrastructures

This thesis examines the authentication and the data integrity services in two prominent emerging contexts such as Global Navigation Satellite Systems (GNSS) and the Internet of Things (IoT), analyzing various techniques proposed in the literature and proposing novel methods. GNSS, among which Global Positioning System (GPS) is the most widely used, provide affordable access to accurate positioning and timing with global coverage. There are several motivations to attack GNSS: from personal privacy reasons, to disrupting critical infrastructures for terrorist purposes. The generation and transmission of spoofing signals either for research purpose or for actually mounting attacks has become easier in recent years with the increase of the computational power and with the availability on the market of Software Defined Radios (SDRs), general purpose radio devices that can be programmed to both receive and transmit RF signals. In this thesis a security analysis of the main currently proposed data and signal level authentication mechanisms for GNSS is performed. A novel GNSS data level authentication scheme, SigAm, that combines the security of asymmetric cryptographic primitives with the performance of hash functions or symmetric key cryptographic primitives is proposed. Moreover, a generalization of GNSS signal layer security code estimation attacks and defenses is provided, improving their performance, and an autonomous anti-spoofing technique that exploits semi-codeless tracking techniques is introduced. Finally, physical layer authentication techniques for IoT are discussed, providing a trade-off between the performance of the authentication protocol and energy expenditure of the authentication process