1 / 28

GNSS Security

GNSS Security. Todd Humphreys | Aerospace Engineering The University of Texas at Austin GPS World Webinar | September 18, 2014. Acknowledgements.

serafina-mauro
Download Presentation

GNSS Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GNSS Security Todd Humphreys | Aerospace Engineering The University of Texas at Austin GPS World Webinar | September 18, 2014

  2. Acknowledgements • University of Texas Radionavigation Lab graduate students Jahshan Bhatti, Kyle Wesson, Ken Pesyna, Zak Kassas, Daniel Shepard, Andrew Kerns, and Nathan Green

  3. Security Highlights from ION GNSS+ 2014 (1/2) Interest: There were about 25 presentations on GNSS security, principally from two panel sessions and two regular sessions devoted to the topic—all well attended. Galileo Authentication: F. Diani (European GNSS Agency) reported on a trade study conducted for the EGA that revealed substantial interest in signal-side open-service Galileo authentication via NMA, especially for transport regulation and mobile payments. I. Fernandez-Hernandez (European Commission DG ENTR) presented the current Galileo blueprint for NMA-based signal-side authentication and revealed that they have already conducted initial SIS tests.

  4. Security Highlights from ION GNSS+ 2014 (2/2) GPS Authentication: GPSD, Aerospace Corp., BAH, and University of Texas engaged in a feasibility study for NMA on GPS L2 and L5. No SIS testing yet. Antennas: Stanford, DLR, and Cornell introduced clever antenna-based signal authentication techniques. One Stanford/DLR technique switches polarization in a single element to detect spoofing from below. Others: L. Scott considered “social” approaches to interference deterrence. O. Pozzobon proposed a far-term spreading code authentication for Galileo. G. Gao: Distribute risk of authentication across unreliable peers. J. Curran agreed that NMA on Galileo open service is worthwhile and feasible.

  5. GNSS Security Scenarios Full trust and physical security

  6. GNSS Security Scenarios 2 Public communication channel (with uncontrolled latency)

  7. GNSS Security Scenarios 3a Tamper-proof receiver

  8. GNSS Security Scenarios 3b Tamper-proof receiver with an internal antenna array

  9. GNSS Security Scenarios 4 Tamper-proof private key storage

  10. GNSS Security Scenarios 5 Untrusted receiver

  11. A Rough View of the Secure GNSS Market regulated transport mobile payment

  12. A Rough View of the Secure GNSS Market regulated transport mobile payment The largest market segments are the hardest to secure

  13. Signal-side GNSS crypto authentication is a good start, but is not sufficient for secure GNSS (1/2) Perspective: Don't expect cryptographic GNSS signal authentication to be anywhere near as secure as, say, message authentication across the Internet.  It's not even close.  The problem is that we're trying to secure not only data content but also signalarrival time. Replay: All crypto schemes remain vulnerable to replay attacks, no matter how long their keys or how short their security chips. Dependency: One still needs a good clock and a received power monitor to properly exploit crypto-enhanced GNSS signals; PPDs are a nuisance for security.

  14. Signal-side GNSS crypto authentication is a good start, but is not sufficient for secure GNSS (1/2) Overlap:PPDs are also a nuisance for authentication. Proof of location: Where are you? Convince me.

  15. GNSS Authentication Without Local Storage of Secret Keys Non-Cryptographic Cryptographic SSSC on L1C (Scott) J/N Sensing (Scott, Ward, UC Boulder, Calgary) Stand-Alone SSSC or NMA on WAAS (Scott, UT) Sensor Diversity Defense (DLR, Stanford, MITRE, DARPA, BAE, UT) NMA on L2C, L5, or L1C (UT, MITRE, Scott, GPSD) Single-Antenna Spatial Correlation (Cornell, Calgary) Correlation Anomaly Defense (UT, TENCAP, Ledvina, Torino) P(Y) Cross-Correlation (Stanford, Cornell) Multi-Element Antenna Defense (DLR, MITRE, Cornell, Stanford) Networked Mobility Trace Analysis (UT)

  16. GNSS Authentication Without Local Storage of Secret Keys Non-Cryptographic Cryptographic SSSC on L1C (Scott) J/N Sensing (Scott, Ward, UC Boulder, Calgary) Stand-Alone SSSC or NMA on WAAS (Scott, UT) Sensor Diversity Defense (DLR, Stanford, MITRE, DARPA, BAE, UT) NMA on L2C, L5, or L1C (UT, MITRE, Scott, GPSD) Single-Antenna Spatial Correlation (Cornell, Calgary) Correlation Anomaly Defense (UT, TENCAP, Ledvina, Torino) P(Y) Cross-Correlation (Stanford, Cornell) Multi-Element Antenna Defense (DLR, MITRE, Cornell, Stanford) Networked GNSS signal authentication is fundamentally a problem of statistical decision theory Mobility Trace Analysis (UT)

  17. Starting Point: An Informed Perspective on the Relative Strength of GNSS Security Cost of Successful Attack (Million-Dollar Years) Security Protocol One-Time Pad NIST-approved symmetric-key data encryption NIST-approved public-key data encryption A vast divide Symmetric-key GNSS security Public-key GNSS security Non-cryptographic GNSS security

  18. Received Power Defense “[The received power defense] has low computational complexity and is an extremely powerful means to detect spoofing, making spoofing no more of a threat than the much less sophisticated radio frequency interference/jamming.” Akos, D, “Who’s afraid of the spoofer? GPS/GNSS Spoofing Detection via Automatic Gain Control (AGC),” NAVIGATION, 2012.

  19. The Received Power Defense: Two Weaknesses Personal Privacy Devices (Jammers) Solar Radio Bursts The received power defense is not sufficient for GNSS signal authentication because the variations in received power due to non-spoofing phenomena are not small compared to the increase in power due to spoofing -- PPDs and SRBs can cause false alarms.

  20. The Pincer Defense Observation 1: Autocorrelation distortion a function of spoofer power advantage. Observation 2: A low-power attack (~ 0 dB advantage) can be effective. Strategy: Leave spoofer no place to hide by trapping it between a received power monitor and an autocorrelation distortion monitor. Wesson, Humphreys, and Evans, “Receiver-Autonomous GPS Signal Authentication based on Joint Detection of Correlation Profile Distortion and Anomalous Received Power,” in preparation.

  21. The Pincer Defense symmetric distortion statistic received power decision regions empirical distributions jamming spoofing multipath

  22. The Pincer Defense symmetric distortion statistic received power decision regions empirical distributions jamming spoofing multipath GNSS Security is fundamentally a problem of statistical decision theory

  23. Cryptographic GNSS Signal Authentication (The Crypto Defense) Code Origin Authentication Code Timing Authentication

  24. Security Code Estimation and Replay (SCER) Attack unpredictable security code Inside the Spoofer: Security Code Chip Estimation Cryptographic PNT signal authentication should be viewed from Bayesian perspective: The attacker need not crack the code, only estimateit

  25. SCER Attack Defense: Inside the Defender Generation of detection statistic is readily implementable as a specialized correlation

  26. SCER Attack Defense: Demonstration via Testbed The SCER attack defense is promising but has weaknesses: Struggles during initial stage of attack Fails in the face of a full signal replay attack

  27. A looming challenge in PNT security will be providing proof of location or timeto a skeptical second party. This problem scales differently than attacks against non-complicit PNT sensing: A single rogue actor with an inexpensive receiver network (“Dr. No”) could sell forged GNSS-based proofs of location and time to thousands of subscribers.

  28. radionavlab.ae.utexas.edu

More Related