RIN Blog
Blog Home All Blogs

What is spoofing and how to ensure GPS security?

Posted By Administration, 03 October 2019

As technological advances make GPS/GNSS* devices more affordable, our lives are becoming increasingly dependent on precise positioning and timing. Industries such as survey, construction and logistics rely on precise positioning for automation, efficiency and safety. GNSS time provides the pulsating heartbeat for the backbone of our industry by synchronizing telecom networks, banks and the power grid. A single day of GNSS outage is estimated to cost 1 billion dollars in US alone (1). GNSS is a reliable system, and to keep it as such professional GNSS receivers need to be wary of all possible vulnerabilities which could be exploited. Using GNSS receivers which are robust against jamming and spoofing is key for secure PNT (Positioning, Navigation and Time).

*GNSS refers to the constellations of satellites broadcasting signals from space that transmit positioning and timing information to GNSS receivers on Earth. The receivers then use this information to determine their location. These systems include the American GPS, European Galileo, Russian GLONASS, Chinese BeiDou, Japanese QZSS (Michibiki) and the Indian NAVIC system. "


What is GPS/GNSS spoofing?

Radio interference can overpower weak GNSS signals, causing satellite signal loss and potentially loss of positioning. Spoofing, is an intelligent form of interference which makes the receiver believe it is at a false location. During a spoofing attack a radio transmitter located nearby sends fake GPS signals into the target receiver. For example, a cheap SDR (Software Defined Radio) can make a smartphone believe it’s on Mount Everest!

Figure 1: cheap SDR (Software Defined Radio) can overpower GNSS signals and spoofs a single-frequency smartphone GPS into believing it is on Mount Everest.

 

Why GPS spoofing?

Imagine a combat situation. Clearly, the side which uses GPS/GNSS technology would have an advantage over the side which does not. But what if one side could manipulate GPS receivers of their adversary? This could mean taking over control of autonomous vehicles and robotic devices which rely on GPS positioning. For example, in October 2018, Russia accused the US of spoofing a drone and redirecting it to attack a Russian air base in Syria(2).

Figure 2: GNSS spoofing could be used to manipulate movement of aerial drones.

In the last 3 years over 600 incidents of spoofing have been recorded in the seas near the Russian border. These ships appeared to be “transported” to nearby airports (3). This type of spoofing might have been introduced as a defense mechanism to ground spy drones. Most semi-professional drones on the market have a built-in geo-fencing mechanism which lands them automatically if they come close to airports or other restricted areas (4).

Some of the most enthusiastic spoofers are Pokémon GO fans who use cheap SDRs (Software Defined Radios) to spoof their GPS position and catch elusive pokémon without having to leave their room.


Types of Spoofing


Spoofers overpower relatively weak GNSS signals with radio signals carrying false positioning information. There are two ways of spoofing:

Rebroadcasting GNSS signals recorded at another place or time (so-called meaconing)
Generating and transmitting modified satellite signals


Spoof-proof: how to protect your receiver against spoofing?
In order to combat spoofing, GNSS receivers need to detect spoofed signals out of a mix of authentic and spoofed signals. Once a satellite signal is flagged as spoofed, it can be excluded from positioning calculation.

There are various levels of spoofing protection that a receiver can offer. Let’s compare it to a house intrusion detection system. You can have a simple entry alarm system or a more complex movement detection system. For added security you might install video image recognition, breaking-glass sound detection or a combination of the above.

Like a house with an open door, an unprotected GNSS receiver is vulnerable to even the simplest forms of spoofing. Secured receivers, on the other hand, can detect spoofing by looking for signal anomalies, or by using signals designed to prevent spoofing such as Galileo OS-NMA and E6 or the GPS military code.

Advanced interference mitigation technologies, such as the Septentrio AIM+, use signal-processing algorithms to flag spoofing by detecting various anomalies in the signal. For example, a spoofed signal is usually more powerful than an authentic GNSS signal.

AIM+ won’t even be fooled by an advanced GNSS signal generator: Spirent GSS9000. With realistic power levels and with actual navigation data within the signal, AIM+ can identify it as a “non-authentic” signal.

Other advanced anti-spoofing techniques such as using a dual-polarized antenna are being researched today, read more about this method here.


Satellite navigation data authentication


Various countries invest in spoofing resilience by building security directly into their GNSS satellites. With OS-NMA (Open Service Navigation Message Authentication), Galileo is the first satellite system to introduce an anti-spoofing service directly on a civil GNSS signal.

OS-NMA is a free service on the Galileo E1 frequency. It enables authentication of the navigation data on Galileo and even GPS satellites. Such navigation data carries information about satellite location and if altered will result in wrong receiver positioning computation. While currently in development, OS-NMA is planned to become publicly available in the near future. Also GPS is experimenting with satellite based anti-spoofing for civil users with their recent Chimera authentication system.

Figure 3: European Galileo satellites provide an open authentication service on the E1 signal and a commercial authentication service on the E6 signal. Picture, courtesy of the European Space Agency.

Recently, within the scope of the FANTASTIC project led by GSA, OS-NMA anti-spoofing protection was implemented on a Septentrio receiver.


The strongest shield: signal-level GNSS authentication


The Galileo system will be offering Commercial Authentication Service (CAS) on the E6 signal with the highest level of security for safety-critical applications such as autonomous vehicles. The signal level encryption will be based on similar techniques as the military GPS signals. Only the receivers who have the secret key are able to track such encrypted signals. The secret key is also needed to generate the signal making it impossible to fake. CAS authentication techniques are currently being prototyped at Septentrio in collaboration with the European Space Agency.

Spoof-resilient GNSS means reliable precise positioning and timing, and a peace of mind for everyone touched by this indispensable technology.



References:

1. arstechnica.com/science/2019/06/study-finds-that-a-gps-outage-would-cost-1-billion-per-day

2. rntfnd.org/2018/10/26/russia-claims-us-spoofed-drones-to-attack-base/

3. gps.gov/governance/advisory/meetings/2018-12/goward.pdf

4. gpsworld.com/spoofing-in-the-black-sea-what-really-happened/

5. Technical paper by Septentrio - Authentication by polarization: a powerful anti-spoofing method

6. insidegnss.com/new-report-details-gnss-spoofing-including-denial-of-service-attacks/

 

This blog is courtesy of Septentrio. See more at www.septentrio.com

Tags:  gnss  gps  resilience  spoofing 

Share |
PermalinkComments (0)
 

The Flypast at Royal Institute of Navigation AGM and Annual Meeting

Posted By John Pottle, 12 July 2018

The RAF could not have timed it better - the conclusion of the pre-lunch drinks coincided perfectly with the RAF 100 anniversary fly-past. The more organised guests took up positions on the roof next to the RIN Director's office, many more gathered in the gardens of the Royal Geographical Society. No sooner had the Red Arrows completed the fly-past, we all repaired for lunch before the start of the AGM.

The AGM business included election of new President, Vice Presidents and Trustees. The new Council will meet for the first time on 25 July. We were also delighted to receive good wishes from our Patron, HRH The Duke of Edinburgh. Everyone wishes him well.

The Annual Meeting which followed underlines the breadth of the Institute's work - Dr David Rooney of the Science Museum presented an engaging analysis of The Traffic Problem, Glen Gibbons of Inside GNSS presented a tremendously informative and insightful review of the Unfinished Business of Satellite Navigation. We heard about inspirational STEM projects in USA and UK as well as awards and prizes for our general aviation (GA) flying competition Top Nav; the best paper in our Journal of Navigation; and the Duke of Edinburgh's Navigation Award for Technical Achievement, which this year was awarded to Chronos Technology.

We were delighted to welcome Shaesta Waiz of Dreams Soar who presented the awards and prizes. Full details of may be found at: https://rin.org.uk/news/408631/RIN-AGM-and-Annual-Meeting---Prize-Winners-and-Election-Results.htm

The day was rounded off by an Annual Reception where old friends could catch up and new contacts were made.

Overall a most enjoyable day. If you’ve not been to our Annual Meeting before we hope you’ll give it a try in 2019! Everyone is welcome.

Tags:  Education  GNSS  Land Navigation  Navigation  Navigation On Foot  Resilience 

Share |
PermalinkComments (0)
 

Securing Positioning, Navigation & Timing: 14 June 2018 Event Report

Posted By John Pottle, 21 June 2018

The recently published Blackett report “Satellite-Derived Time and Position: A Study of Critical Dependencies” concludes “we must take steps to increase the resilience of our critical services in the event of Global Navigation Satellite System (GNSS) disruption, including by “adopting potential back-up systems where necessary”.

Implementation of the Blackett recommendations is being overseen by a UK Cabinet Office Blackett Review Implementation Team (BRIG). The technical aspects of implementing the recommendations are being led by a Positioning, Navigation and Timing Technical Group (PNTTG), reporting to the BRIG.

Three organisations represented on PNTTG – Innovate UK Knowledge Transfer Network (KTN), Royal Institute of Navigation (RIN) and The General Lighthouse Authorities – hosted a seminar on 14 June 2018 to review user needs and the status of two possible RF back-up options to GNSS mentioned in the London Economics report on the economic impact of a GNSS disruption.

The event attracted strong interest, with more than 100 delegates, including representation from user communities requiring assured and accurate position or time. Presenter organisations included UK Space Agency, RIN, Spirent, Imperial College Institute for Security Science and Technology, Ursanav and Orolia. Nick Lambert of NLA International facilitated and chaired the event.

The status of two possible RF back-up systems was presented and discussed: enhanced Loran (eLoran) by Chuck Schue, CEO Ursanav, and Satellite Time and Location (STL) by John Fischer, CTO Orolia. Orolia also demonstrated a static STL system as a back-up to GNSS, generating considerable interest amongst delegates.

STL, which is operational and undergoing user trials and evaluation at present, uses the existing Iridium global satellite constellation’s paging channel to enable a positioning and timing capability on a global basis. Power levels are 1000x (30dB) higher than GNSS, meaning that use indoors becomes possible. STL is currently being evaluated for provision of precise time to financial and government institutions in USA, UK, Italy and Japan. The system uses a narrow-band signal just above the GNSS L-band frequencies. As the signals are encrypted it is practically impossible to spoof STL. The higher power level also offers potential resiliency advantages to GNSS.

eLoran is a ground-based system for time and position, operating in internationally protected frequency bands. The combination of high power and low frequency enables wider coverage than GNSS including indoors and even limited capability under water. eLoran stations are operational to enable precise time in USA (East Coast) and UK. Positioning from eLoran would require additional stations to be made live, noting however that each ground station offers very broad geographic coverage. As well as the USA and UK, other regions offering or considering eLoran type services include Russia, Asia (4 countries including China), Middle East (3 countries) and Australia.

As well as the possibility to consider back-up systems to GNSS on a discrete basis, Orolia and STL shared a white paper on the benefits of an holistic approach to resilient GNSS. The link is provided below.

The seminar concluded by considering some key questions, including how to set up a single UK point of contact for industry and users to increase awareness, share insights and knowledge, and develop a roadmap towards standards and accreditation for resilient systems. This work is being further considered by the organisers, who will report to the next BRIG and PNTTG meetings. Comments and views are invited, please contact RIN or KTN.

 

Links to referenced documents:

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/619544/17.3254_Economic_impact_to_UK_of_a_disruption_to_GNSS_-_Full_Report.pdf

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/676675/satellite-derived-time-and-position-blackett-review.pdf

https://spectracom.com/sites/default/files/document-files/Holistic-Approach-to-Trusted-Resilient-PNT.pdf

Tags:  GNSS  Navigation  Resilience  Safety  Trinity House 

Share |
PermalinkComments (0)