Presentation is loading. Please wait.

Presentation is loading. Please wait.

Thoughts on GPS Security and Integrity Todd Humphreys, UT Austin Aerospace Dept. DHS Visit to UT Radionavigation Lab | March 10, 2011.

Published byAlan Marshall Modified over 9 years ago

Similar presentations

Presentation on theme: "Thoughts on GPS Security and Integrity Todd Humphreys, UT Austin Aerospace Dept. DHS Visit to UT Radionavigation Lab | March 10, 2011."— Presentation transcript:

1 Thoughts on GPS Security and Integrity Todd Humphreys, UT Austin Aerospace Dept. DHS Visit to UT Radionavigation Lab | March 10, 2011

2 GPS: The Big Issues  Weak GPS Signals  Like a 30-Watt lightbulb held 4000 km away  GPS does not penetrate well indoors  GPS is easy target for jamming  GPS is vulnerable to natural interference (e.g., solar radio bursts and ionospheric scintillation)  Unauthenticated Civil GPS Signals  Civil GPS broadcast “in the clear”  Makes civil GPS vulnerable to spoofing

3 Emerging Threat: GPS Jamming

4 Emerging Threat: Civil GPS Spoofing

5 Spoofing and Jamming are Different Threats  Spoofing is more difficult & costly  Spoofing leaves no trace – victim receiver doesn’t know it’s being spoofed  Spoofer typically targets a single receiver  Many countermeasures to jamming are ineffective against spoofing

6 Assessing the Spoofing Threat  Multi-frequency, multi-system receivers inherently resistant to spoofing  Vast majority of GPS receivers in critical applications are single-frequency L1 C/A (easily spoofable)  Software radio techniques are game-changer, enabling one to “download” a spoofer  Strong financial incentives encourage “complicit spoofing” (spoofing one’s own receiver)  Timing receivers used in communications infrastructure are attractive target

7 Civil GPS Spoofing Testbed at UT Austin  Vestigial signal defense  Data bit latency defense  Cryptographic defenses  Phase trauma monitoring  Dual-frequency tracking Spoofer Defender  GPS L1 C/A output  Software radio platform  Output precisely synchronized with authentic signals via feedback  Finely adjustable output signal strength  Remotely commanded via Internet

8 Inside the Box Digital attenuator for precise control of output signal power

9 Inside the Box Spoofing signal feedback for precise signal alignment

10 Inside the Box Interface board for remote operation

11 Inside the Box Tracking, data-bit prediction, and synthesis on single DSP Total bill of materials: ~$1,000

12 Civil Anti-Spoofing Techniques Inspired by Work to Date  Data bit latency defense (weak but easy to implement)  Multi-antenna defense (patented in 1996; strong against single spoofer; fails against multiple spoofers; requires additional hardware)  Vestigial signal defense (work in progress; appears strong)  Navigation message authentication (strong, practical, more on this later)  Cross-correlation using P(Y) code (pioneered by Lo, refined by Psiaki, very strong but not so practical)

13 Thoughts on the Way Forward for Civil GNSS Authentication  More signals means more inherent security, but probably insufficient  Some civil cryptographic authentication scheme is likely required  “Signal definition inertia is enormous” – Tom Stansell  Navigation message authentication (NMA) appears to be best, practical option (advocated by Logan Scott in 2003, others since, more on this later)  Goal of cryptographic authentication: force adversary to use directional antennas in a replay attack  Preliminary evaluation of NMA for L2C suggests optimism (more on this later)  Cryptography must be paired with detection theory

14 Spoofing Detection as a Hypothesis Testing Problem (Soft W-chip Estimation) Spoofing detection depends on rough estimates of nominal (C/No)s and (C/No)r See forthcoming paper on this topic: “Detection strategies for civil cryptographic anti-spoofing.”

15 Navigation and Timing Resilience Through Opportunistic Navigation

16 Tightly-Coupled Opportunistic Navigation Enabling configuration: (1) Same clock: Downmix and sample GPS and SOO with same oscillator (2) Same silicon: Sample GPS and SOO in same A/D converter Enabling configuration: (1) Same clock: Downmix and sample GPS and SOO with same oscillator (2) Same silicon: Sample GPS and SOO in same A/D converter

17 TCON for Legacy GPS Receivers: The GPS Assimilator

18 Assimilator Prototype

19 More Information http://radionavlab.ae.utexas.edu

20 Backup Slides

21 Synchrophasor-Aided Power Distribution

22 Usage Example: Protecting a GPS Time and Frequency Receiver

23 Usage Example: Reducing Ionospheric Errors

24 Usage Example: Harnessing CDMA Cellular Signals as Aid for Weak GPS Signal Tracking

25 User LEO crosslinks Aiding signal from LEO high-power spot beams over area of operations 400-km switchable beams GPS Signals  Strong signals  Stable clocks  Navigational backup to GPS  Civilian Anti-spoofing Usage Example: Iridium-Augmented GPS

Download ppt "Thoughts on GPS Security and Integrity Todd Humphreys, UT Austin Aerospace Dept. DHS Visit to UT Radionavigation Lab | March 10, 2011."

Similar presentations

Probabilistic Secure Time Transfer: Challenges and Opportunities for a Sub-Millisecond World Kyle D. Wesson, Prof. Todd E. Humphreys, Prof. Brian L. Evans.

Probabilistic Secure Time Transfer: Challenges and Opportunities for a Sub-Millisecond World Kyle D. Wesson, Prof. Todd E. Humphreys, Prof. Brian L. Evans.
Challenges of Practical Civil GNSS Security Todd Humphreys, UT Austin Civil Navigation and Timing Security Splinter Meeting |Portland, Oregon | September.

Challenges of Practical Civil GNSS Security Todd Humphreys, UT Austin Civil Navigation and Timing Security Splinter Meeting |Portland, Oregon | September.
The leading pioneer in GPS technology Copyright © 2007 NavCom Technology, Inc.Confidential A New Anti-Jamming Method for GNSS Receivers Jerry Knight, Charles.

The leading pioneer in GPS technology Copyright © 2007 NavCom Technology, Inc.Confidential A New Anti-Jamming Method for GNSS Receivers Jerry Knight, Charles.
Protecting Civil GPS Receivers

Protecting Civil GPS Receivers
ION GNSS 2011, September 23 rd, Portland, Oregon Improving Security of GNSS Receivers Felix Kneissl University FAF Munich.

ION GNSS 2011, September 23 rd, Portland, Oregon Improving Security of GNSS Receivers Felix Kneissl University FAF Munich.
GNSS Security Todd Humphreys | Aerospace Engineering The University of Texas at Austin GPS World Webinar | September 18, 2014.

GNSS Security Todd Humphreys | Aerospace Engineering The University of Texas at Austin GPS World Webinar | September 18, 2014.
Secure Navigation and Timing Todd Humphreys | Aerospace Engineering The University of Texas at Austin LAAFB GPS Directorate | December 5, 2012.

Secure Navigation and Timing Todd Humphreys | Aerospace Engineering The University of Texas at Austin LAAFB GPS Directorate | December 5, 2012.
Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.

Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.
Thursday, 3:55pm, room 24 This session will discuss techniques for enhancing the ability of receivers to detect, disregard, and operate through intentional.

Thursday, 3:55pm, room 24 This session will discuss techniques for enhancing the ability of receivers to detect, disregard, and operate through intentional.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
GPS - Global Positioning System Presented By Brindha Narayanan.

GPS - Global Positioning System Presented By Brindha Narayanan.
Workshop EGNOS KRAKÓW 2004 1 GNSS RECEIVER TESTING TECHNIQUES IN A LABORATORY ENVIRONMENT Institute of Radar Technology Military University of Technology.

Workshop EGNOS KRAKÓW GNSS RECEIVER TESTING TECHNIQUES IN A LABORATORY ENVIRONMENT Institute of Radar Technology Military University of Technology.
14/03/2005 CGSIC Meeting, Prague, Czech Republic Oscar Pozzobon Chris Wullems Prof. Kurt Kubik Security issues in next generation satellite systems.

14/03/2005 CGSIC Meeting, Prague, Czech Republic Oscar Pozzobon Chris Wullems Prof. Kurt Kubik Security issues in next generation satellite systems.
GPS and other GNSS signals GPS signals and receiver technology MM10 Darius Plausinaitis

GPS and other GNSS signals GPS signals and receiver technology MM10 Darius Plausinaitis
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Distance-decreasing attack in GPS Final Presentation Horacio Arze Prof. Jean-Pierre Hubaux Assistant: Marcin Poturalski January 2009 Security and Cooperation.

Distance-decreasing attack in GPS Final Presentation Horacio Arze Prof. Jean-Pierre Hubaux Assistant: Marcin Poturalski January 2009 Security and Cooperation.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Wireless Sensor Network Security Anuj Nagar CS 590.

Wireless Sensor Network Security Anuj Nagar CS 590.

Similar presentations

Ads by Google