Presentation on theme: "GNSS Security Todd Humphreys | Aerospace Engineering The University of Texas at Austin GPS World Webinar | September 18, 2014."— Presentation transcript:
GNSS Security Todd Humphreys | Aerospace Engineering The University of Texas at Austin GPS World Webinar | September 18, 2014
University of Texas Radionavigation Lab graduate students Jahshan Bhatti, Kyle Wesson, Ken Pesyna, Zak Kassas, Daniel Shepard, Andrew Kerns, and Nathan Green Acknowledgements
Interest: There were about 25 presentations on GNSS security, principally from two panel sessions and two regular sessions devoted to the topic—all well attended. Galileo Authentication: F. Diani (European GNSS Agency) reported on a trade study conducted for the EGA that revealed substantial interest in signal-side open-service Galileo authentication via NMA, especially for transport regulation and mobile payments. I. Fernandez-Hernandez (European Commission DG ENTR) presented the current Galileo blueprint for NMA-based signal-side authentication and revealed that they have already conducted initial SIS tests. Security Highlights from ION GNSS+ 2014 (1/2)
GPS Authentication: GPSD, Aerospace Corp., BAH, and University of Texas engaged in a feasibility study for NMA on GPS L2 and L5. No SIS testing yet. Antennas: Stanford, DLR, and Cornell introduced clever antenna-based signal authentication techniques. One Stanford/DLR technique switches polarization in a single element to detect spoofing from below. Others: L. Scott considered “social” approaches to interference deterrence. O. Pozzobon proposed a far- term spreading code authentication for Galileo. G. Gao: Distribute risk of authentication across unreliable peers. J. Curran agreed that NMA on Galileo open service is worthwhile and feasible. Security Highlights from ION GNSS+ 2014 (2/2)
GNSS Security Scenarios Full trust and physical security
GNSS Security Scenarios Public communication channel (with uncontrolled latency) 2
A Rough View of the Secure GNSS Market mobile payment regulated transport
A Rough View of the Secure GNSS Market mobile payment regulated transport The largest market segments are the hardest to secure
Perspective: Don't expect cryptographic GNSS signal authentication to be anywhere near as secure as, say, message authentication across the Internet. It's not even close. The problem is that we're trying to secure not only data content but also signal arrival time. Replay: All crypto schemes remain vulnerable to replay attacks, no matter how long their keys or how short their security chips. Dependency: One still needs a good clock and a received power monitor to properly exploit crypto-enhanced GNSS signals; PPDs are a nuisance for security. Signal-side GNSS crypto authentication is a good start, but is not sufficient for secure GNSS (1/2)
Overlap: PPDs are also a nuisance for authentication. Proof of location: Where are you? Convince me.
Cryptographic Non-Cryptographic Stand-Alone Networked J/N Sensing (Scott, Ward, UC Boulder, Calgary) SSSC or NMA on WAAS (Scott, UT) Single-Antenna Spatial Correlation (Cornell, Calgary) Correlation Anomaly Defense (UT, TENCAP, Ledvina, Torino) Sensor Diversity Defense (DLR, Stanford, MITRE, DARPA, BAE, UT) NMA on L2C, L5, or L1C (UT, MITRE, Scott, GPSD) P(Y) Cross-Correlation (Stanford, Cornell) Multi-Element Antenna Defense (DLR, MITRE, Cornell, Stanford) Mobility Trace Analysis (UT) SSSC on L1C (Scott) GNSS Authentication Without Local Storage of Secret Keys
Cryptographic Non-Cryptographic Stand-Alone Networked J/N Sensing (Scott, Ward, UC Boulder, Calgary) SSSC or NMA on WAAS (Scott, UT) Single-Antenna Spatial Correlation (Cornell, Calgary) Correlation Anomaly Defense (UT, TENCAP, Ledvina, Torino) Sensor Diversity Defense (DLR, Stanford, MITRE, DARPA, BAE, UT) NMA on L2C, L5, or L1C (UT, MITRE, Scott, GPSD) P(Y) Cross-Correlation (Stanford, Cornell) Multi-Element Antenna Defense (DLR, MITRE, Cornell, Stanford) Mobility Trace Analysis (UT) SSSC on L1C (Scott) GNSS Authentication Without Local Storage of Secret Keys GNSS signal authentication is fundamentally a problem of statistical decision theory
Starting Point: An Informed Perspective on the Relative Strength of GNSS Security Cost of Successful Attack (Million-Dollar Years) Security Protocol One-Time Pad NIST-approved symmetric-key data encryption NIST-approved public-key data encryption Symmetric-key GNSS security Public-key GNSS security Non-cryptographic GNSS security
“[The received power defense] has low computational complexity and is an extremely powerful means to detect spoofing, making spoofing no more of a threat than the much less sophisticated radio frequency interference/jamming.” Received Power Defense Akos, D, “Who’s afraid of the spoofer? GPS/GNSS Spoofing Detection via Automatic Gain Control (AGC),” NAVIGATION, 2012.
The Received Power Defense: Two Weaknesses The received power defense is not sufficient for GNSS signal authentication because the variations in received power due to non-spoofing phenomena are not small compared to the increase in power due to spoofing -- PPDs and SRBs can cause false alarms. Solar Radio Bursts Personal Privacy Devices (Jammers)
The Pincer Defense Wesson, Humphreys, and Evans, “Receiver-Autonomous GPS Signal Authentication based on Joint Detection of Correlation Profile Distortion and Anomalous Received Power,” in preparation. Observation 1: Autocorrelation distortion a function of spoofer power advantage. Observation 2: A low-power attack (~ 0 dB advantage) can be effective. Strategy: Leave spoofer no place to hide by trapping it between a received power monitor and an autocorrelation distortion monitor.
The Pincer Defense received power decision regions symmetric distortion statistic empirical distributions spoofing jamming multipath
The Pincer Defense received power decision regions symmetric distortion statistic empirical distributions spoofing jamming multipath GNSS Security is fundamentally a problem of statistical decision theory
Code Origin Authentication Code Timing Authentication Cryptographic GNSS Signal Authentication (The Crypto Defense)
Inside the Spoofer: Security Code Chip Estimation Cryptographic PNT signal authentication should be viewed from Bayesian perspective: The attacker need not crack the code, only estimate it Security Code Estimation and Replay (SCER) Attack unpredictable security code
Generation of detection statistic is readily implementable as a specialized correlation SCER Attack Defense: Inside the Defender
SCER Attack Defense: Demonstration via Testbed The SCER attack defense is promising but has weaknesses: 1.Struggles during initial stage of attack 2.Fails in the face of a full signal replay attack
A looming challenge in PNT security will be providing proof of location or time to a skeptical second party. This problem scales differently than attacks against non- complicit PNT sensing: A single rogue actor with an inexpensive receiver network (“Dr. No”) could sell forged GNSS-based proofs of location and time to thousands of subscribers.