Vulnerability analysis of GPS receiver software

Satellite navigation systems such as the Global Positioning System (GPS)makes it possible for users to find their relative or absolute position. Thanks to its mobility and reliability, the GPS is used in many civil and military applications. However, the GPS does not provide an advanced level of security. Therefore, it could be potentially a target of attacks. With the development of new GPS attacks, the security knowledge has to grow at the same rate, so existing attacks can be detected by updated versions of receiver software or hardware. In this paper, a comparative analysis of GPS receiver resilience to software attacks is performed with the help of GNSS simulator from Spirent. The main objective of this work is to perform a sensitivity analysis of variables involved in calculation of position of the GPS receivers from different price bands that might be targeted by existing or future GPS attack. Variables making the biggest impact on calculated position are determined using the model. Experimentation validation of their influence is performed using selected receivers and corrupted signals generated by GNSS simulator. The testing is based on tuning the selected variables in order to simulate the theoretical error obtained from the sensitivity analysis. The results obtained from testing are discussed in order to analyse the behaviour of the considered GNSS receivers (including the premium class ones)and establish whether they provide a protection from existing or potential GPS attacks

A Low Cost Mass-Market Deployable Security Approach Against GPS Spoofing Attacks

The Global Positioning System (GPS) is used ubiquitously for navigation and timing synchronization purposes. Many telecommunication, finance and aviation systems rely heavily on GPS information for routine operations. GPS functions by relying on satellites orbiting the earth in very accurately predictable orbits, which are used as references to identify the positions of objects (receivers). Receivers calculate their positions by receiving GPS signals and calculating their relative distances to each of the satellites. With enough relative distances, the receiver can resolve its position using the method known as trilateration [1]. In this thesis, we underline the vulnerability of this orbiting infrastructure to spoofing attacks, by easily procurable and affordable software defined radios. GPS Signal spoofing is a type of malicious attack, where an attacker generates fake GPS signal with valid GPS properties but false navigational and/or timing information to fool non-suspecting receivers. These signals appear authentic and receivers end up processing the false signal and extracting wrong information. There are two types of GPS services, civilian and military. The military service is encrypted and not vulnerable to such attacks because the pseudorandom codes are not disclosed to the public. However, this service is accessible to authorized military personnel alone. All other commercial and public GPS receivers which form the mass of the population are vulnerable to spoofing attacks. The civilian GPS broadcast band is not encrypted, and this makes it easy for an attacker to recreate the signal that appears valid to GPS receivers. In this thesis we implement a low cost, easy for mass-market application Doppler measurement based spoofing detection approach, utilizing non-specialized off the shelf commercial receivers

Detection solution analysis for simplistic spoofing attacks in commercial mini and micro UAVs

Enamus droone kasutab lennundusest pärit GPS navigatsiooniseadmeid, millel puuduvad turvaprotokollid ning nende riskioht pahatahtlike rünnakute sihtmärgina on kasvanud hüppeliselt lähimineviku arengute ja progressi tõttu SDR ja GNSS simulatsioonitarkvara valdkonnas. See on loonud ligipääsu tehnikale amatöörkasutajatele, millel on saatja aadressi võltsimise jõudlus. Need potensiaalsed rünnakud kuuluvad lihtsakoeliste kategooriasse, kuid selle uurimustöö tulemusena selgus, et nendes rünnakute edukuses on olulised erinevused teatud GPS vastuvõtjate ja konfiguratsioonide vahel. \n\rSee uurimustöö analüüsis erinevaid saatja aadressi võltsimise avastamise meetodeid, mis olid avatud kasutajatele ning valis välja need, mis on sobilikud mini- ja mikrodroonide tehnonõuetele ja operatsioonistsenaariumitele, eesmärgiga pakkuda välja GPS aadresside rünnakute avastamiseks rakenduste tasandil avatud allikakoodiga Ground Control Station tarkvara SDK. Avastuslahenduse eesmärk on jälgida ja kinnitada äkilisi, abnormaalseid või ebaloogilisi tulemväärtusi erinevates drooni sensiorites lisaallkatest pärit lisainfoga. \n\rLäbiviidud testid kinnitavad, et olenevalt olukorrast ja tingimustest saavad saatja aadressi võltsimise rünnakud õnnestuda. Rünnakud piiravad GPS mehanismide ligipääsu, mida saab kasutada rünnakute avastuseks. Neid rünnakuid puudutav info asetseb infovoos või GPSi signaalprotsessi tasandis, kuid seda infot ei saa haarata tasandile kus SDK tarkvara haldab kõigi teiste sensorite infot.Most of UAVs are GPS navigation based aircrafts that rely on a system with lack of security, their latent risk against malicious attacks has been raised with the recent progress and development in SDRs and GNSS simulation software, facilitating to amateurs the accessibility of equipment with spoofing capabilities. The attacks which can be done with this setup belong to the category simplistic, however, during this thesis work there are validated different cases of successful results under certain GPS receivers’ state or configuration.\n\rThis work analysis several spoofing detection methods found in the open literature, and selects the ones which can be suitable for mini and micro UAV technical specifications and operational scenario, for proposing a GPS spoofing detection solution developed in the application layer of an open source code Ground Control Station software SDK. The detection solution is intended to monitor and correlate abrupt, abnormal or unreasonable values of different sensors of the UAV with data obtained from available additional sources.\n\rThe conducted tests validate the cases and circumstances where the spoofing attacks were successful. Limitations include the lack of mechanisms to access GPS values which can be useful for detection spoofing attacks, but reside in the data bit or signal processing layer of the GPS and can not be retrieve to the layer where the SDK in computing all data of other sensors

DeepPOSE: Detecting GPS Spoofing Attack Via Deep Recurrent Neural Network

The Global Positioning System (GPS) has become a foundation for most location-based services and navigation systems, such as autonomous vehicles, drones, ships, and wearable devices. However, it is a challenge to verify if the reported geographic locations are valid due to various GPS spoofing tools. Pervasive tools, such as Fake GPS, Lockito, and software-defined radio, enable ordinary users to hijack and report fake GPS coordinates and cheat the monitoring server without being detected. Furthermore, it is also a challenge to get accurate sensor readings on mobile devices because of the high noise level introduced by commercial motion sensors. To this end, we propose DeepPOSE, a deep learning model, to address the noise introduced in sensor readings and detect GPS spoofing attacks on mobile platforms. Our design uses a convolutional and recurrent neural network to reduce the noise, to recover a vehicle\u27s real-time trajectory from multiple sensor inputs. We further propose a novel scheme to map the constructed trajectory from sensor readings onto the Google map, to smartly eliminate the accumulation of errors on the trajectory estimation. The reconstructed trajectory from sensors is then used to detect the GPS spoofing attack. Compared with the existing method, the proposed approach demonstrates a significantly higher degree of accuracy for detecting GPS spoofing attacks

An Integrated Framework for Sensing Radio Frequency Spectrum Attacks on Medical Delivery Drones

Drone susceptibility to jamming or spoofing attacks of GPS, RF, Wi-Fi, and operator signals presents a danger to future medical delivery systems. A detection framework capable of sensing attacks on drones could provide the capability for active responses. The identification of interference attacks has applicability in medical delivery, disaster zone relief, and FAA enforcement against illegal jamming activities. A gap exists in the literature for solo or swarm-based drones to identify radio frequency spectrum attacks. Any non-delivery specific function, such as attack sensing, added to a drone involves a weight increase and additional complexity; therefore, the value must exceed the disadvantages. Medical delivery, high-value cargo, and disaster zone applications could present a value proposition which overcomes the additional costs. The paper examines types of attacks against drones and describes a framework for designing an attack detection system with active response capabilities for improving the reliability of delivery and other medical applications.Comment: 7 pages, 1 figures, 5 table

Security of GPS/INS based On-road Location Tracking Systems

Location information is critical to a wide-variety of navigation and tracking applications. Today, GPS is the de-facto outdoor localization system but has been shown to be vulnerable to signal spoofing attacks. Inertial Navigation Systems (INS) are emerging as a popular complementary system, especially in road transportation systems as they enable improved navigation and tracking as well as offer resilience to wireless signals spoofing, and jamming attacks. In this paper, we evaluate the security guarantees of INS-aided GPS tracking and navigation for road transportation systems. We consider an adversary required to travel from a source location to a destination, and monitored by a INS-aided GPS system. The goal of the adversary is to travel to alternate locations without being detected. We developed and evaluated algorithms that achieve such goal, providing the adversary significant latitude. Our algorithms build a graph model for a given road network and enable us to derive potential destinations an attacker can reach without raising alarms even with the INS-aided GPS tracking and navigation system. The algorithms render the gyroscope and accelerometer sensors useless as they generate road trajectories indistinguishable from plausible paths (both in terms of turn angles and roads curvature). We also designed, built, and demonstrated that the magnetometer can be actively spoofed using a combination of carefully controlled coils. We implemented and evaluated the impact of the attack using both real-world and simulated driving traces in more than 10 cities located around the world. Our evaluations show that it is possible for an attacker to reach destinations that are as far as 30 km away from the true destination without being detected. We also show that it is possible for the adversary to reach almost 60-80% of possible points within the target region in some cities

Defending against Sybil Devices in Crowdsourced Mapping Services

Real-time crowdsourced maps such as Waze provide timely updates on traffic, congestion, accidents and points of interest. In this paper, we demonstrate how lack of strong location authentication allows creation of software-based {\em Sybil devices} that expose crowdsourced map systems to a variety of security and privacy attacks. Our experiments show that a single Sybil device with limited resources can cause havoc on Waze, reporting false congestion and accidents and automatically rerouting user traffic. More importantly, we describe techniques to generate Sybil devices at scale, creating armies of virtual vehicles capable of remotely tracking precise movements for large user populations while avoiding detection. We propose a new approach to defend against Sybil devices based on {\em co-location edges}, authenticated records that attest to the one-time physical co-location of a pair of devices. Over time, co-location edges combine to form large {\em proximity graphs} that attest to physical interactions between devices, allowing scalable detection of virtual vehicles. We demonstrate the efficacy of this approach using large-scale simulations, and discuss how they can be used to dramatically reduce the impact of attacks against crowdsourced mapping services.Comment: Measure and integratio