ION GNSS 2011, September 23 rd, Portland, Oregon Improving Security of GNSS Receivers Felix Kneissl University FAF Munich.

Slides:

Advertisements

Similar presentations

Introduction to the Global Positioning System

Advertisements

International Civil Aviation Organization

Probabilistic Secure Time Transfer: Challenges and Opportunities for a Sub-Millisecond World Kyle D. Wesson, Prof. Todd E. Humphreys, Prof. Brian L. Evans.

SVN-49 Signal Anomaly Presented by Tom Stansell GPSW POC: Lt. Col. James Lake, Ph.D.

1 Security in Wireless Protocols Bluetooth, , ZigBee.

Challenges of Practical Civil GNSS Security Todd Humphreys, UT Austin Civil Navigation and Timing Security Splinter Meeting |Portland, Oregon | September.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Protecting Civil GPS Receivers

STRIDE Introduction Increasing use for PNT applications:  Positioning  Navigation  Timing.

A Novel Finger Assignment Algorithm for RAKE Receivers in CDMA Systems Mohamed Abou-Khousa Department of Electrical and Computer Engineering, Concordia.

Collaboration FST-ULCO 1. Context and objective of the work  Water level : ECEF Localization of the water surface in order to get a referenced water.

Implement a 2x2 MIMO OFDM-based channel measurement system (no data yet) at 2.4 GHz Perform baseband processing and digital up and down conversion on Nallatech.

Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints.

Spectrum Sensing Based on Cyclostationarity In the name of Allah Spectrum Sensing Based on Cyclostationarity Presented by: Eniseh Berenjkoub Summer 2009.

Space Weather influence on satellite based navigation and precise positioning R. Warnant, S. Lejeune, M. Bavier Royal Observatory of Belgium Avenue Circulaire,

GPS - Global Positioning System Presented By Brindha Narayanan.

14/03/2005 CGSIC Meeting, Prague, Czech Republic Oscar Pozzobon Chris Wullems Prof. Kurt Kubik Security issues in next generation satellite systems.

Communication Systems Simulation - II Harri Saarnisaari Part of Simulations and Tools for Telecommunication Course.

APPLICATION OF SPACE-TIME CODING TECHNIQUES IN THIRD GENERATION SYSTEMS - A. G. BURR ADAPTIVE SPACE-TIME SIGNAL PROCESSING AND CODING – A. G. BURR.

Distance-decreasing attack in GPS Final Presentation Horacio Arze Prof. Jean-Pierre Hubaux Assistant: Marcin Poturalski January 2009 Security and Cooperation.

Basic Principles of GPS Mathias Lemmens EU GIS/Mapping Advisor Abuja 4 th August 2005.

Per R. Bodin Global Posision System GPS. Per R. Bodin Litt historie 1960: nasA & DoD are Interested in developing a satellite based position system with.

Thoughts on GPS Security and Integrity Todd Humphreys, UT Austin Aerospace Dept. DHS Visit to UT Radionavigation Lab | March 10, 2011.

Aviation Considerations for Multi-Constellation GNSS Leo Eldredge, GNSS Group Federal Aviation Administration (FAA) December 2008 Federal Aviation Administration.

Kyle Wesson, Mark Rothlisberger, and Todd Humphreys

How Global Positioning Devices (GPS) work

SVY 207: Lecture 4 GPS Description and Signal Structure

Development of Global navigation satellite system (GNSS) Receiver

1 Secure Cooperative MIMO Communications Under Active Compromised Nodes Liang Hong, McKenzie McNeal III, Wei Chen College of Engineering, Technology, and.

Time of arrival(TOA) Prepared By Sushmita Pal Roll No Dept.-CSE,4 th year.

Oscar Pozzzobon Technical Director, Qascom ION GNSS 2011, September 23, Portland, US.

Signal Propagation Propagation: How the Signal are spreading from the receiver to sender. Transmitted to the Receiver in the spherical shape. sender When.

ION/GNSS 2011, 23 Sept Mark L. Psiaki Sibley School of Mechanical & Aerospace Engr., Cornell University Developing Defenses Against Jamming & Spoofing.

Space Geodesy (1/3) Geodesy provides a foundation for all Earth observations Space geodesy is the use of precise measurements between space objects (e.g.,

Peter Gurník, Oldřich Trégl Satellite based train location.

Wireless Communication Technologies 1 Outline Introduction OFDM Basics Performance sensitivity for imperfect circuit Timing and.

An Evaluation of the Vestigial Signal Defense for Civil GPS Anti-Spoofing Kyle Wesson, Daniel Shepard, Jahshan Bhatti, and Todd Humphreys Presentation.

Riding out the Rough Spots: Scintillation-Robust GNSS Carrier Tracking Dr. Todd E. Humphreys Radionavigation Laboratory University of Texas at Austin.

Automatic Gain Control Response Delay and Acquisition in Direct- Sequence Packet Radio Communications Sure 2007 Stephanie Gramc Dr. Noneaker.

By Andrew Y.T. Kudowor, Ph.D. Lecture Presented at San Jacinto College.

Copyright © 2010 National Institute of Information and Communications Technology. All Rights Reserved 1 R&D and Standardization Activities on Distributed.

1 A Randomized Space-Time Transmission Scheme for Secret-Key Agreement Xiaohua (Edward) Li 1, Mo Chen 1 and E. Paul Ratazzi 2 1 Department of Electrical.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

GPS: Everything you wanted to know, but were afraid to ask Andria Bilich National Geodetic Survey.

Introduction To Localization Techniques (GPS)

Gain (dB) Benefits –Resistance to jamming –Resistance to detection –Sharing of channels among multiple users Applications –Cellular code-division multiple-access.

Multi-user Broadcast Authentication in Wireless Sensor Networks Kui Ren, Wenjing Lou, Yanchao Zhang SECON2007 Manar Mahmoud Abou elwafa.

Performance of Adaptive Beam Nulling in Multihop Ad Hoc Networks Under Jamming Suman Bhunia, Vahid Behzadan, Paulo Alexandre Regis, Shamik Sengupta.

West Hills College Farm of the Future. West Hills College Farm of the Future Precision Agriculture – Lesson 2 What is GPS? Global Positioning System Operated.

Chapter 2 GPS Crop Science 6 Fall 2004 October 22, 2004.

L. Xiao, L. Greenstein, N. Mandayam, W. Trappe WINLAB, Dept. ECE, Rutgers University CISS 2008 This work is supported in part.

1 SVY 207: Lecture 12 Modes of GPS Positioning Aim of this lecture: –To review and compare methods of static positioning, and introduce methods for kinematic.

Secure Civil Navigation and Timing Todd Humphreys | Aerospace Engineering The University of Texas at Austin MITRE | July 20, 2012.

Assessing the Civil GPS Spoofing Threat

Antenna Arrays and Automotive Applications

Physical Layer Authentication for Mobile Terminals over MIMO Fading Wiretap Channels. Mahendra Kumar Shukla(2011-DC-07) December.

Principles Identified - UK DfT -

Global Positioning System

GPS - Global Positioning System

Global Positioning System Supplemental from JD Text

Geodesy & Crustal Deformation

Practical Cryptographic Civil GPS Signal Authentication

Howard Huang, Sivarama Venkatesan, and Harish Viswanathan

Counter-UAV Challenges: Is GNSS Spoofing Effective?

Off-Road Equipment Management TSM 262: Spring 2016

IEEE MEDIA INDEPENDENT HANDOVER

Denial-of-Service Jammer Detector Training Course Worldsensing

International Civil Aviation Organization

Security in Wide Area Networks

Presentation transcript:

ION GNSS 2011, September 23 rd, Portland, Oregon Improving Security of GNSS Receivers Felix Kneissl University FAF Munich

ION GNSS 2011, September 23 rd, Portland, Oregon Means of User and Signal Authentication User Authentication (restrictive)  Spreading code encryption  Navigation data encryption  Send time randomization Signal Authentication  Non-cryptographic: sensor integration, multiple signal instances test, signal strength test, RAIM, group antenna processing, …  Cryptographic: navigation message authentication, private- and public spreading code authentication Transitive Signal authentication  Non-cryptographic techniques with fully secured hardware  Cryptographic techniques with partially secured hardware 2

ION GNSS 2011, September 23 rd, Portland, Oregon Transitive Signal Authentication Definition of “Transitive Signal Authentication” A third party is interested in reading authentic position and time information from a person using GNSS for positioning Applications for “Transitive Signal Authentication” Ankle monitor / electronic tagging, road tolling, pay-as-you-drive insurance, … Influence on Threat Models Receiver chain must not be seen as a trustworthy entity  Implementation of hardware-security of entire equipment or sub- components aided by cryptographic security at its interfaces Assumptions on (complicit-) spoofers capabilities  E.g. security code estimation or sample stream variation techniques AGCA/DDSPNDP

ION GNSS 2011, September 23 rd, Portland, Oregon Signal Authentication Definition of “Signal Authentication” A GNSS user is interested itself in receiving authentic signals to gain security on the derived time and position information Applications for “Signal Authentication” Aviation applications, personal navigation, precise farming (additional detection possibilities given by differential techniques), … Influence on Threat Models Receiver chain is considered as a trustworthy entity  User access to AGC, multilevel ADC must be available for the defender Assumptions on spoofers capabilities for cryptographic spoofing detection  E.g. security code estimation or sample stream variation techniques AGCA/DDSPNDP

ION GNSS 2011, September 23 rd, Portland, Oregon Non-Cryptographic Spoofer Detection Both the counterfeit and authentic signal will be received by the defender’s antenna / receiver Complicit-spoofing has not to be considered and thus the counterfeit signal has to be transmitted via radio link Signal cancellation is assumed to be very unlikely (although possible) Antenna phase center position uncertainty Oscillator frequency error prediction (spoofer & satellite) Orbit error and ionospheric error prediction Test for multiple signal instances (MSIs, Vestigial Signal Defense) Masking of the authentic signal will be detectable by the defender Monitoring both the signal power and noise power either gives proof of an insecure environment or guarantees a minimum C/N 0 of the authentic signal within the user’s IF-stream

ION GNSS 2011, September 23 rd, Portland, Oregon Monitoring of Signal- and Noise Power Signal power for spoofing detection Calibration process elevation dependent for the expected C/N 0  Account for AGC-factor  Independent estimation of the IF-Sample’s signal and noise power Distinctness to elemental variations of the signal power is not canonical / impractical Monitoring signal power to assess efficiency of spoofing detection via multiple signal instances test Coarse bounds provide thresholds for the main detection routines  Low false alarm rate If certain remaining authentic signal power can not be guaranteed spoofing has to be assumed C/N 0 AGC not applicable fully applicable

ION GNSS 2011, September 23 rd, Portland, Oregon Acquisition Techniques detecting MSIs Parameter estimation for code delay and Doppler offset Block acquisition techniques using FFT Sensitivity and granularity tunable by different sample rates and integration times False alarm probability can be reduced by handing detected signals to a tracking channel verifying the detection Weaker detection capabilities in the vicinity of the momentarily tracked signal

ION GNSS 2011, September 23 rd, Portland, Oregon Multicorrelator Techniques detecting MSIs Direct computation of the correlation power in the vicinity of the tracking point for several code delays Frequency analysis on subsequent I&D values approximates 2-D correlator Elimination of the tracked signal’s correlation peak Small monitoring domain for reasonable computational effort Excellent detection capabilities in the vicinity of the momentarily tracked signal

ION GNSS 2011, September 23 rd, Portland, Oregon Cryptographic Spoofer Detection Testing for MSIs of encrypted ranging code signals barely practical  Parameter space for acquisition test only bounded by receiver clock uncertainty  2-D multicorrelators not obtainable by simple frequency analysis Regenerated secured signals with low / zero / negative latency are detectable via statistical hypothesis testing  Humphreys, T.E, "Detection Strategy for Cryptographic GNSS Anti- Spoofing“, IEEE Transactions on Aerospace and Electronic Systems, 2011, submitted for review  Regenerated secured signals with higher latency induce detectable receiver clock errors respectively are not able to displace a SCE type signal in track Additional proper acquisition strategies (search earliest signals first) guarantee authentic signals

ION GNSS 2011, September 23 rd, Portland, Oregon Spoofing Detection vs. Spoofing Mitigation Non-cryptographic signal based spoofing detection just detects spoofed environments but not spoofing signals Spoofing – when monitored – acts as a denial of service attack Spoofing influences availability and continuity of service budget Cryptographic spoofing detection allows for detecting spoofing signals Spoofing can securely be mitigated, but Any spoofing device can easily act as jamming device and Navigation message authentication schemes suffer a certain authentication delay Sensor integration could provide signal source distinction even for unsecured signals

ION GNSS 2011, September 23 rd, Portland, Oregon Acknowledgments Travel grant provided by the Satellite Navigation University Network Project in cooperation with the G-TRAIN consortium Parts of the work have been elaborated within the UniTaS IV project funded by the Bundesministerium für Wirtschaft und Technologie administered by the Deutsches Zentrum für Luft- und Raumfahrt FKZ 50 NA 0734