In this paper, we study the privately-own IRIDIUM satellite constellation, to
provide a location service that is independent of the GNSS. In particular, we
apply our findings to propose a new GNSS spoofing detection solution,
exploiting unencrypted IRIDIUM Ring Alert (IRA) messages that are broadcast by
IRIDIUM satellites. We firstly reverse-engineer many parameters of the IRIDIUM
satellite constellation, such as the satellites speed, packet interarrival
times, maximum satellite coverage, satellite pass duration, and the satellite
beam constellation, to name a few. Later, we adopt the aforementioned
statistics to create a detailed model of the satellite network. Subsequently,
we propose a solution to detect unintended deviations of a target user from his
path, due to GNSS spoofing attacks. We show that our solution can be used
efficiently and effectively to verify the position estimated from standard GNSS
satellite constellation, and we provide constraints and parameters to fit
several application scenarios. All the results reported in this paper, while
showing the quality and viability of our proposal, are supported by real data.
In particular, we have collected and analyzed hundreds of thousands of IRA
messages, thanks to a measurement campaign lasting several days. All the
collected data (1000+ hours) have been made available to the research
community. Our solution is particularly suitable for unattended scenarios such
as deserts, rural areas, or open seas, where standard spoofing detection
techniques resorting to crowd-sourcing cannot be used due to deployment
limitations. Moreover, contrary to competing solutions, our approach does not
resort to physical-layer information, dedicated hardware, or multiple receiving
stations, while exploiting only a single receiving antenna and
publicly-available IRIDIUM transmissions. Finally, novel research directions
are also highlighted.Comment: Accepted for the 13th Conference on Security and Privacy in Wireless
and Mobile Networks (WISEC), 202