Location information is critical to a wide-variety of navigation and tracking
applications. Today, GPS is the de-facto outdoor localization system but has
been shown to be vulnerable to signal spoofing attacks. Inertial Navigation
Systems (INS) are emerging as a popular complementary system, especially in
road transportation systems as they enable improved navigation and tracking as
well as offer resilience to wireless signals spoofing, and jamming attacks. In
this paper, we evaluate the security guarantees of INS-aided GPS tracking and
navigation for road transportation systems. We consider an adversary required
to travel from a source location to a destination, and monitored by a INS-aided
GPS system. The goal of the adversary is to travel to alternate locations
without being detected. We developed and evaluated algorithms that achieve such
goal, providing the adversary significant latitude. Our algorithms build a
graph model for a given road network and enable us to derive potential
destinations an attacker can reach without raising alarms even with the
INS-aided GPS tracking and navigation system. The algorithms render the
gyroscope and accelerometer sensors useless as they generate road trajectories
indistinguishable from plausible paths (both in terms of turn angles and roads
curvature). We also designed, built, and demonstrated that the magnetometer can
be actively spoofed using a combination of carefully controlled coils. We
implemented and evaluated the impact of the attack using both real-world and
simulated driving traces in more than 10 cities located around the world. Our
evaluations show that it is possible for an attacker to reach destinations that
are as far as 30 km away from the true destination without being detected. We
also show that it is possible for the adversary to reach almost 60-80% of
possible points within the target region in some cities