Presentation is loading. Please wait.

Presentation is loading. Please wait.

Distance-decreasing attack in GPS Final Presentation Horacio Arze Prof. Jean-Pierre Hubaux Assistant: Marcin Poturalski January 2009 Security and Cooperation.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Distance-decreasing attack in GPS Final Presentation Horacio Arze Prof. Jean-Pierre Hubaux Assistant: Marcin Poturalski January 2009 Security and Cooperation."— Presentation transcript:

1 Distance-decreasing attack in GPS Final Presentation Horacio Arze Prof. Jean-Pierre Hubaux Assistant: Marcin Poturalski January 2009 Security and Cooperation in Wireless Networks

2 Secowinet 2009/20102 Outline GNSS Threat model Distance-decreasing attack Performance Discussion Conclusion

3 Secowinet 2009/20103 INTRO GNSS Global Navigation Satellite Systems Road toll collection Position-based insurance Air traffic control Resource access control Security sensitive applications GPS GLONASS Compass Galieleo GPS GLONASS Compass Galileo

4 Secowinet 2009/20104 Security in GNSS Integrity Authentication Privacy SPOOFING

5 Secowinet 2009/20105 GNSS

6 Secowinet 2009/20106 Spoofing Attack actually implemented by O’Hanlon et al. at Cornell Univ. Software-defined receiver/spoofer Cost :1500$ O’ Hanlon, B. et al., January 1 2009, Assessing the Spoofing Threat, GPS World, http://www.gpsworld.com/defense/security-surveillance/assessing-spoofing-threat-3171 http://www.gpsworld.com/defense/security-surveillance/assessing-spoofing-threat-3171

7 Secowinet 2009/20107 Solutions Signal Authentication through Spread Spectrum Security Codes (SSSC) Signal Authentication through Spreading Code Encryption (SCE) Non cryptographic methods Navigation Message Encryption Navigation Message Authentication –D–Digital signature included in the messages –P–Public/private key pairs for each satellite O. Pozzobon et al. 2004, Secure Tracking using Trusted GNSS Receivers and Galileo Authentication Services, Journal of Global Positioning Systems, Vol. 3, No. 1-2: 200-207. G.W. Hein and F. Kneissl, September/October 2007, Authenticating GNSS Proofs Against Spoofs, InsideGNS.

8 Secowinet 2009/20108 Relay attack G.W. Hein and F. Kneissl, September/October 2007, Authenticating GNSS Proofs Against Spoofs, InsideGNS. The relay retransmits the messages bit by bit introducing a certain delay for each message of S i Relay

9 Secowinet 2009/20109 Mistaken GNSS Clock Offset Test Papadimitatos, P., Jovanovic, A., Global Navigation Satellite Systems (GNSS) - Attacks and Countermeasures, in IEEE Military Communications Conference (IEEE MILCOM), p. 1-7

10 Secowinet 2009/201010 DD-attack Distance-decreasing attacks proposed by Clulow et al. in 2006 in the context of distance bounding protocols. Same configuration that the relay attack. “Reduce” the actual propagation delay. J. Clulow, G. P. Hancke, M. G. Kuhn, and T. Moore So near and yet so far: Distance-bounding attacks in wireless networks., In ESAS, 2006.So near and yet so far: Distance-bounding attacks in wireless networks.

11 Secowinet 2009/201011 DD-attack bit T LC T relay Satellite Relay R x Relay T x GPS time bit T ED bit TbTb distance

12 Secowinet 2009/201012 Early detection Know the value of the bit, before the bit is completely transmitted. bit Satellite Relay R x bit T ED TbTb

13 Secowinet 2009/201013 Late commit Start transmitting something (e.g. noise) Then, transmit something else so the receiver still decode the bit correctly. bit T LC Relay T x GPS bit

14 Secowinet 2009/201014 DD-attack GPS bit T LC T relay Satellite Relay R x Relay T x time bit T ED bit TbTb distance

15 Secowinet 2009/201015 GPS Modulation (L1) Bit sequence Code CDMA sequence DSSS Direct-sequence spread spectrum - CDMA Data rate 50 bps Sequence or Spreading code (Pseudorandom) –Rate 1.023 MHz, period of 1023 chips BPSK

16 Secowinet 2009/201016 GPS Receiver Down- converter Antenna A/D Converter Digital IF X X Carrier Replica COS P X X Code Generator Q I PS Q PS P SIN IIPIP QPQP Demodulation

17 Secowinet 2009/201017 ED and LC ED LC –First phase: Signal constant during T S but average 0 –Second phase: Signal corresponding to ED’s result

18 Secowinet 2009/201018 Performance Metric: BER estimated by theoretical P e –P e probability of error per bit Parameters –C/N 0 Carrier-to-noise Density –T ED –T relay

19 Secowinet 2009/201019 DD-attack bit T LC T relay Satellite Relay R x Relay T x GPS time bit T ED bit TbTb distance

20 Secowinet 2009/201020 Performance ED LC Normal Detector

21 Secowinet 2009/201021 BER for ED

22 Secowinet 2009/201022 BER for LC

23 Secowinet 2009/201023 DD-attack performance T LC = 2ms T LC = 4ms T LC = 6ms T LC = 8ms T LC = 10ms T LC = 12ms T LC = 14ms T LC = 16ms T LC = 18ms

24 Secowinet 2009/201024 Compact presentation

25 Secowinet 2009/201025 Discussion Feasibility –O’Hanlon et al. device is a perfect platform for DD-Attack –By increasing the Tx power of the relay, we can achieve any performance. –T relay = 1ms => already 300Km in range error. –Performance increased by bit prediction

26 Secowinet 2009/201026 Discussion Countermeasures –Non cryptographic countermeasures Inertial Tests, Doppler Shift, Angle of arrival –Clock Offset Test non effective! –Analysis of the samples at the receiver To be further developed

27 Secowinet 2009/201027 Conclusion Distance-decreasing attack is feasible in GPS L1 carrier. A considerable error in position estimation can be introduced by with practically no lose of performance. DD-attacks are specific to coding and modulation scheme. Analysis for other signals to be done (e.g. GPS L2 and L5, Galileo L5). Designers of security sensitive devices must be warned about these kind of attacks.

Download ppt "Distance-decreasing attack in GPS Final Presentation Horacio Arze Prof. Jean-Pierre Hubaux Assistant: Marcin Poturalski January 2009 Security and Cooperation."

Similar presentations

OUTLINE Motivation Modeling Simulation Experiments Conclusions.

OUTLINE Motivation Modeling Simulation Experiments Conclusions.
VSMC MIMO: A Spectral Efficient Scheme for Cooperative Relay in Cognitive Radio Networks 1.

VSMC MIMO: A Spectral Efficient Scheme for Cooperative Relay in Cognitive Radio Networks 1.
IE 419/519 Wireless Networks Lecture Notes #6 Spread Spectrum.

IE 419/519 Wireless Networks Lecture Notes #6 Spread Spectrum.
12.215 Modern Navigation Thomas Herring MW 11:00-12:30 Room 54-820A

Modern Navigation Thomas Herring MW 11:00-12:30 Room A
GPS Signal Structure Sources: –GPS Satellite Surveying, Leick –Kristine Larson Lecture Notes 4519/asen4519.html.

GPS Signal Structure Sources: –GPS Satellite Surveying, Leick –Kristine Larson Lecture Notes 4519/asen4519.html.
University of Malta ICECS 2010 Terence Zarb, Ivan Grech, Edward Gatt, Owen Casha, Joseph Micallef Presented by: Terence Zarb Department of Microelectronics.

University of Malta ICECS 2010 Terence Zarb, Ivan Grech, Edward Gatt, Owen Casha, Joseph Micallef Presented by: Terence Zarb Department of Microelectronics.
Challenges of Practical Civil GNSS Security Todd Humphreys, UT Austin Civil Navigation and Timing Security Splinter Meeting |Portland, Oregon | September.

Challenges of Practical Civil GNSS Security Todd Humphreys, UT Austin Civil Navigation and Timing Security Splinter Meeting |Portland, Oregon | September.
ION GNSS 2011, September 23 rd, Portland, Oregon Improving Security of GNSS Receivers Felix Kneissl University FAF Munich.

ION GNSS 2011, September 23 rd, Portland, Oregon Improving Security of GNSS Receivers Felix Kneissl University FAF Munich.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
Marcin Poturalski, Manuel Flury,

Marcin Poturalski, Manuel Flury,
Computer Communication & Networks Lecture # 06 Physical Layer: Analog Transmission Nadeem Majeed Choudhary

Computer Communication & Networks Lecture # 06 Physical Layer: Analog Transmission Nadeem Majeed Choudhary
Effectiveness of Distance Decreasing Attacks Against Impulse Radio Ranging Manuel Flury, Marcin Poturalski, Panos Papadimitratos, Jean-Pierre Hubaux, Jean-Yves.

Effectiveness of Distance Decreasing Attacks Against Impulse Radio Ranging Manuel Flury, Marcin Poturalski, Panos Papadimitratos, Jean-Pierre Hubaux, Jean-Yves.
Collaboration FST-ULCO 1. Context and objective of the work  Water level : ECEF Localization of the water surface in order to get a referenced water.

Collaboration FST-ULCO 1. Context and objective of the work  Water level : ECEF Localization of the water surface in order to get a referenced water.
Charles Tytler  Pseudo-satellites:  Ground-based transmitters of GPS signals  Augment GPS  Applications:  Indoor GPS  Mining, Caves  Underground/Underwater.

Charles Tytler  Pseudo-satellites:  Ground-based transmitters of GPS signals  Augment GPS  Applications:  Indoor GPS  Mining, Caves  Underground/Underwater.
FHSS vs. DSSS Presented by Ali Alhajhouj. Presentation Outline Introduce the issues involved in the system behaviors for FHSS and DSSS systems used in.

FHSS vs. DSSS Presented by Ali Alhajhouj. Presentation Outline Introduce the issues involved in the system behaviors for FHSS and DSSS systems used in.
Global Navigation Satellite Systems Research efforts in Luleå Staffan Backén, LTU Dr. Dennis M. Akos, LTU.

Global Navigation Satellite Systems Research efforts in Luleå Staffan Backén, LTU Dr. Dennis M. Akos, LTU.
Digital Data Transmission ECE 457 Spring 2005. Information Representation Communication systems convert information into a form suitable for transmission.

Digital Data Transmission ECE 457 Spring Information Representation Communication systems convert information into a form suitable for transmission.
King Fahd University of Petroleum &Minerals Electrical Engineering Department EE-400 presentation CDMA systems Done By: Ibrahim Al-Dosari 221416 Mohammad.

King Fahd University of Petroleum &Minerals Electrical Engineering Department EE-400 presentation CDMA systems Done By: Ibrahim Al-Dosari Mohammad.
Mini-Project 2006 Secure positioning in vehicular networks based on map sharing with radars Mini-Project IC-29 Self-Organized Wireless and Sensor Networks.

Mini-Project 2006 Secure positioning in vehicular networks based on map sharing with radars Mini-Project IC-29 Self-Organized Wireless and Sensor Networks.
GPS - Global Positioning System Presented By Brindha Narayanan.

GPS - Global Positioning System Presented By Brindha Narayanan.

Similar presentations

Ads by Google