GNSS Security Todd Humphreys | Aerospace Engineering The University of Texas at Austin GPS World Webinar | September 18, 2014.

Slides:

Advertisements

Similar presentations

Probabilistic Secure Time Transfer: Challenges and Opportunities for a Sub-Millisecond World Kyle D. Wesson, Prof. Todd E. Humphreys, Prof. Brian L. Evans.

Advertisements

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

Internet of Things Security Architecture

Challenges of Practical Civil GNSS Security Todd Humphreys, UT Austin Civil Navigation and Timing Security Splinter Meeting |Portland, Oregon | September.

Protecting Civil GPS Receivers

GPS Spoofing & Implications for Telecom Kyle Wesson The University of Texas at Austin Sprint Synchronization Conference | September 18, 2013.

ION GNSS 2011, September 23 rd, Portland, Oregon Improving Security of GNSS Receivers Felix Kneissl University FAF Munich.

Secure Navigation and Timing Todd Humphreys | Aerospace Engineering The University of Texas at Austin LAAFB GPS Directorate | December 5, 2012.

Thursday, 3:55pm, room 24 This session will discuss techniques for enhancing the ability of receivers to detect, disregard, and operate through intentional.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

14/03/2005 CGSIC Meeting, Prague, Czech Republic Oscar Pozzobon Chris Wullems Prof. Kurt Kubik Security issues in next generation satellite systems.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Distance-decreasing attack in GPS Final Presentation Horacio Arze Prof. Jean-Pierre Hubaux Assistant: Marcin Poturalski January 2009 Security and Cooperation.

Cryptography1 CPSC 3730 Cryptography Chapter 7 Confidentiality Using Symmetric Encryption.

Wireless Sensor Network Security Anuj Nagar CS 590.

Xiaohua (Edward) Li1 and E. Paul Ratazzi2

UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Frontiers in Radionavigation Dr. Todd E. Humphreys.

Characterization of Receiver Response to a Spoofing Attack Daniel Shepard DHS visit to UT Radionavigation Lab 3/10/2011.

Thoughts on GPS Security and Integrity Todd Humphreys, UT Austin Aerospace Dept. DHS Visit to UT Radionavigation Lab | March 10, 2011.

WNCG, UT Austin, 1 April 2011 Mark L. Psiaki Sibley School of Mechanical & Aerospace Engr., Cornell University Civilian GPS Spoofing Detection based on.

Kyle Wesson, Mark Rothlisberger, and Todd Humphreys

Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.

Security in Wireless Sensor Networks. Wireless Sensor Networks  Wireless networks consisting of a large number motes  self-organizing  highly integrated.

Neighborhood Watch: Security and Privacy Analysis of Automatic Meter Reading Systems Ishtiaq Rouf, Hossen Mustafa Rob Miller Marco Grutese Presented By.

Extending the Reach of GPS-assisted Femtocell Synchronization and Localization through Tightly- Coupled Opportunistic Navigation Ken Pesyna, Kyle Wesson,

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Improving the Security of GNSS Receivers Portland, Oregon | September 23, 2011.

Cryptography and Network Security (CS435)

Adv. Network Security How to Conduct Research in Network Security.

Oscar Pozzzobon Technical Director, Qascom ION GNSS 2011, September 23, Portland, US.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

ION/GNSS 2011, 23 Sept Mark L. Psiaki Sibley School of Mechanical & Aerospace Engr., Cornell University Developing Defenses Against Jamming & Spoofing.

Asymmetric-Key Cryptography Also known as public-key cryptography, performs encryption and decryption with two different algorithms. Each node announces.

Evaluation of Smart Grid and Civilian UAV Vulnerability to GPS Spoofing Attacks D. P. Shepard, J. A. Bhatti, T. E. Humphreys, The University of Texas at.

An Evaluation of the Vestigial Signal Defense for Civil GPS Anti-Spoofing Kyle Wesson, Daniel Shepard, Jahshan Bhatti, and Todd Humphreys Presentation.

Riding out the Rough Spots: Scintillation-Robust GNSS Carrier Tracking Dr. Todd E. Humphreys Radionavigation Laboratory University of Texas at Austin.

Information Security Lab. Dept. of Computer Engineering 182/203 PART I Symmetric Ciphers CHAPTER 7 Confidentiality Using Symmetric Encryption 7.1 Placement.

Chapter 4 Application Level Security in Cellular Networks.

Adapted from the original presentation made by the authors Reputation-based Framework for High Integrity Sensor Networks.

Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.

The Sybil Attack in Sensor Networks: Analysis & Defenses

1 A Randomized Space-Time Transmission Scheme for Secret-Key Agreement Xiaohua (Edward) Li 1, Mo Chen 1 and E. Paul Ratazzi 2 1 Department of Electrical.

Dr. Reuven Aviv, Nov 2008 Conventional Encryption 1 Conventional Encryption & Message Confidentiality Acknowledgements for slides Henric Johnson Blekinge.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.

1 Security for distributed wireless sensor nodes Ingrid Verbauwhede Department of Electrical Engineering University of California Los Angeles

Performance of Adaptive Beam Nulling in Multihop Ad Hoc Networks Under Jamming Suman Bhunia, Vahid Behzadan, Paulo Alexandre Regis, Shamik Sengupta.

Approximate Networking H. T. Kung Harvard University Panel 1 on “What Are the Biggest Opportunities in Networking Problem?” NITRD Workshop on Complex Engineered.

GPS Spoofing Detection System Mark Psiaki & Brady O’Hanlon, Cornell Univ., Todd Humphreys & Jahshan Bhatti, Univ. of Texas at Austin Abstract: A real-time.

Future Directions in GNSS Research Todd Humphreys | Aerospace Engineering The University of Texas at Austin GPS World Webinar | November 15, 2012.

Computer Security By Duncan Hall.

Secure Civil Navigation and Timing Todd Humphreys | Aerospace Engineering The University of Texas at Austin MITRE | July 20, 2012.

Characterization of Receiver Response to a Spoofing Attack Daniel Shepard Honors Thesis Symposium 4/21/2011.

Approximate Networking H. T. Kung Harvard University Panel 1 on “What Are the Biggest Opportunities in Networking Problem?” NITRD Workshop on Complex Engineered.

Assessing the Civil GPS Spoofing Threat

Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

A Layered Solution to Cybersecurity Dr. Erfan Ibrahim Cyber-Physical Systems Security & Resilience Center National Renewable Energy Laboratory.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

GPS Denial – Causes and Solutions Neil Gerein. NovAtel Inc. Proprietary Moving, or gathering data, you need to know where you are 2.

Practical Cryptographic Civil GPS Signal Authentication

Channel Spoofer: Defeating Channel Variability and Unpredictability

Counter-UAV Challenges: Is GNSS Spoofing Effective?

Todd Humphreys | Aerospace Engineering

Presentation transcript:

GNSS Security Todd Humphreys | Aerospace Engineering The University of Texas at Austin GPS World Webinar | September 18, 2014

University of Texas Radionavigation Lab graduate students Jahshan Bhatti, Kyle Wesson, Ken Pesyna, Zak Kassas, Daniel Shepard, Andrew Kerns, and Nathan Green Acknowledgements

Interest: There were about 25 presentations on GNSS security, principally from two panel sessions and two regular sessions devoted to the topic—all well attended. Galileo Authentication: F. Diani (European GNSS Agency) reported on a trade study conducted for the EGA that revealed substantial interest in signal-side open-service Galileo authentication via NMA, especially for transport regulation and mobile payments. I. Fernandez-Hernandez (European Commission DG ENTR) presented the current Galileo blueprint for NMA-based signal-side authentication and revealed that they have already conducted initial SIS tests. Security Highlights from ION GNSS (1/2)

GPS Authentication: GPSD, Aerospace Corp., BAH, and University of Texas engaged in a feasibility study for NMA on GPS L2 and L5. No SIS testing yet. Antennas: Stanford, DLR, and Cornell introduced clever antenna-based signal authentication techniques. One Stanford/DLR technique switches polarization in a single element to detect spoofing from below. Others: L. Scott considered “social” approaches to interference deterrence. O. Pozzobon proposed a far- term spreading code authentication for Galileo. G. Gao: Distribute risk of authentication across unreliable peers. J. Curran agreed that NMA on Galileo open service is worthwhile and feasible. Security Highlights from ION GNSS (2/2)

GNSS Security Scenarios Full trust and physical security

GNSS Security Scenarios Public communication channel (with uncontrolled latency) 2

GNSS Security Scenarios Tamper-proof receiver 3a

GNSS Security Scenarios Tamper-proof receiver with an internal antenna array 3b

GNSS Security Scenarios Tamper-proof private key storage 4

GNSS Security Scenarios Untrusted receiver 5

A Rough View of the Secure GNSS Market mobile payment regulated transport

A Rough View of the Secure GNSS Market mobile payment regulated transport The largest market segments are the hardest to secure

Perspective: Don't expect cryptographic GNSS signal authentication to be anywhere near as secure as, say, message authentication across the Internet. It's not even close. The problem is that we're trying to secure not only data content but also signal arrival time. Replay: All crypto schemes remain vulnerable to replay attacks, no matter how long their keys or how short their security chips. Dependency: One still needs a good clock and a received power monitor to properly exploit crypto-enhanced GNSS signals; PPDs are a nuisance for security. Signal-side GNSS crypto authentication is a good start, but is not sufficient for secure GNSS (1/2)

Overlap: PPDs are also a nuisance for authentication. Proof of location: Where are you? Convince me.

Cryptographic Non-Cryptographic Stand-Alone Networked J/N Sensing (Scott, Ward, UC Boulder, Calgary) SSSC or NMA on WAAS (Scott, UT) Single-Antenna Spatial Correlation (Cornell, Calgary) Correlation Anomaly Defense (UT, TENCAP, Ledvina, Torino) Sensor Diversity Defense (DLR, Stanford, MITRE, DARPA, BAE, UT) NMA on L2C, L5, or L1C (UT, MITRE, Scott, GPSD) P(Y) Cross-Correlation (Stanford, Cornell) Multi-Element Antenna Defense (DLR, MITRE, Cornell, Stanford) Mobility Trace Analysis (UT) SSSC on L1C (Scott) GNSS Authentication Without Local Storage of Secret Keys

Cryptographic Non-Cryptographic Stand-Alone Networked J/N Sensing (Scott, Ward, UC Boulder, Calgary) SSSC or NMA on WAAS (Scott, UT) Single-Antenna Spatial Correlation (Cornell, Calgary) Correlation Anomaly Defense (UT, TENCAP, Ledvina, Torino) Sensor Diversity Defense (DLR, Stanford, MITRE, DARPA, BAE, UT) NMA on L2C, L5, or L1C (UT, MITRE, Scott, GPSD) P(Y) Cross-Correlation (Stanford, Cornell) Multi-Element Antenna Defense (DLR, MITRE, Cornell, Stanford) Mobility Trace Analysis (UT) SSSC on L1C (Scott) GNSS Authentication Without Local Storage of Secret Keys GNSS signal authentication is fundamentally a problem of statistical decision theory

Starting Point: An Informed Perspective on the Relative Strength of GNSS Security Cost of Successful Attack (Million-Dollar Years) Security Protocol One-Time Pad NIST-approved symmetric-key data encryption NIST-approved public-key data encryption Symmetric-key GNSS security Public-key GNSS security Non-cryptographic GNSS security

“[The received power defense] has low computational complexity and is an extremely powerful means to detect spoofing, making spoofing no more of a threat than the much less sophisticated radio frequency interference/jamming.” Received Power Defense Akos, D, “Who’s afraid of the spoofer? GPS/GNSS Spoofing Detection via Automatic Gain Control (AGC),” NAVIGATION, 2012.

The Received Power Defense: Two Weaknesses The received power defense is not sufficient for GNSS signal authentication because the variations in received power due to non-spoofing phenomena are not small compared to the increase in power due to spoofing -- PPDs and SRBs can cause false alarms. Solar Radio Bursts Personal Privacy Devices (Jammers)

The Pincer Defense Wesson, Humphreys, and Evans, “Receiver-Autonomous GPS Signal Authentication based on Joint Detection of Correlation Profile Distortion and Anomalous Received Power,” in preparation. Observation 1: Autocorrelation distortion a function of spoofer power advantage. Observation 2: A low-power attack (~ 0 dB advantage) can be effective. Strategy: Leave spoofer no place to hide by trapping it between a received power monitor and an autocorrelation distortion monitor.

The Pincer Defense received power decision regions symmetric distortion statistic empirical distributions spoofing jamming multipath

The Pincer Defense received power decision regions symmetric distortion statistic empirical distributions spoofing jamming multipath GNSS Security is fundamentally a problem of statistical decision theory

Code Origin Authentication Code Timing Authentication Cryptographic GNSS Signal Authentication (The Crypto Defense)

Inside the Spoofer: Security Code Chip Estimation Cryptographic PNT signal authentication should be viewed from Bayesian perspective: The attacker need not crack the code, only estimate it Security Code Estimation and Replay (SCER) Attack unpredictable security code

Generation of detection statistic is readily implementable as a specialized correlation SCER Attack Defense: Inside the Defender

SCER Attack Defense: Demonstration via Testbed The SCER attack defense is promising but has weaknesses: 1.Struggles during initial stage of attack 2.Fails in the face of a full signal replay attack

A looming challenge in PNT security will be providing proof of location or time to a skeptical second party. This problem scales differently than attacks against non- complicit PNT sensing: A single rogue actor with an inexpensive receiver network (“Dr. No”) could sell forged GNSS-based proofs of location and time to thousands of subscribers.

radionavlab.ae.utexas.edu