An Evaluation of the Vestigial Signal Defense for Civil GPS Anti-Spoofing Kyle Wesson, Daniel Shepard, Jahshan Bhatti, and Todd Humphreys Presentation.

Slides:

Advertisements

Similar presentations

GPS and Time Metrology GPS is base for the most common used long-haul time and frequency measurement methods within the time community, it is: –precise.

Advertisements

Probabilistic Secure Time Transfer: Challenges and Opportunities for a Sub-Millisecond World Kyle D. Wesson, Prof. Todd E. Humphreys, Prof. Brian L. Evans.

Chunyi Peng, Guobin Shen, Yongguang Zhang, Yanlin Li, Kun Tan BeepBeep: A High Accuracy Acoustic Ranging System using COTS Mobile Devices.

Challenges of Practical Civil GNSS Security Todd Humphreys, UT Austin Civil Navigation and Timing Security Splinter Meeting |Portland, Oregon | September.

Protecting Civil GPS Receivers

GPS Spoofing & Implications for Telecom Kyle Wesson The University of Texas at Austin Sprint Synchronization Conference | September 18, 2013.

ION GNSS 2011, September 23 rd, Portland, Oregon Improving Security of GNSS Receivers Felix Kneissl University FAF Munich.

GNSS Security Todd Humphreys | Aerospace Engineering The University of Texas at Austin GPS World Webinar | September 18, 2014.

Secure Navigation and Timing Todd Humphreys | Aerospace Engineering The University of Texas at Austin LAAFB GPS Directorate | December 5, 2012.

Millimeter-accurate Augmented Reality enabled by Carrier-Phase Differential GPS Ken Pesyna, Daniel Shepard, Todd Humphreys ION GNSS 2012 Conference, Nashville,

STRIDE Introduction Increasing use for PNT applications:  Positioning  Navigation  Timing.

Software Hardening & FIPS 140 Eugen Bacic & Gary Maxwell September 27th, 2005.

RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.

Thursday, 3:55pm, room 24 This session will discuss techniques for enhancing the ability of receivers to detect, disregard, and operate through intentional.

Collaboration FST-ULCO 1. Context and objective of the work  Water level : ECEF Localization of the water surface in order to get a referenced water.

Geodetic Research Laboratory, Department of Geodesy and Geomatics Engineering Workshop, October 27 – 28, 2006, Quebec city, Quebec Sükeová, Liliána 1 L2C.

GPS - Global Positioning System Presented By Brindha Narayanan.

Advancing Wireless Link Signatures for Location Distinction J. Zhang, M. H. Firooz, N. Patwari, S. K. Kasera MobiCom’ 08 Presenter: Yuan Song.

Workshop EGNOS KRAKÓW GNSS RECEIVER TESTING TECHNIQUES IN A LABORATORY ENVIRONMENT Institute of Radar Technology Military University of Technology.

14/03/2005 CGSIC Meeting, Prague, Czech Republic Oscar Pozzobon Chris Wullems Prof. Kurt Kubik Security issues in next generation satellite systems.

A SINGLE FREQUENCY GPS SOFTWARE RECEIVER

Liveness Testing Shivankush Aras. Threats to Biometric System Artificially created biometrics: e.g. image of a face or iris, lifted latent fingerprints,

GPS and other GNSS signals GPS signals and receiver technology MM10 Darius Plausinaitis

Distance-decreasing attack in GPS Final Presentation Horacio Arze Prof. Jean-Pierre Hubaux Assistant: Marcin Poturalski January 2009 Security and Cooperation.

27 June 2000IAIN/ION Meeting1 Practical Implementation Considerations in the Detection of GPS Satellite Signal Failure A. J. Van Dierendonck, AJ Systems.

Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.

Frontiers in Radionavigation Dr. Todd E. Humphreys.

Characterization of Receiver Response to a Spoofing Attack Daniel Shepard DHS visit to UT Radionavigation Lab 3/10/2011.

Thoughts on GPS Security and Integrity Todd Humphreys, UT Austin Aerospace Dept. DHS Visit to UT Radionavigation Lab | March 10, 2011.

WNCG, UT Austin, 1 April 2011 Mark L. Psiaki Sibley School of Mechanical & Aerospace Engr., Cornell University Civilian GPS Spoofing Detection based on.

Kyle Wesson, Mark Rothlisberger, and Todd Humphreys

How Global Positioning Devices (GPS) work

Development of Global navigation satellite system (GNSS) Receiver

Improving the Security of GNSS Receivers Portland, Oregon | September 23, 2011.

R/C Simulation and Hardware Proof of Concept Development Dr. Philip A. Dafesh, Dr. R. T. Bow, Mr. G. Fan and Mr. M. Partridge Communication Systems Subdivision.

Oscar Pozzzobon Technical Director, Qascom ION GNSS 2011, September 23, Portland, US.

ION/GNSS 2011, 23 Sept Mark L. Psiaki Sibley School of Mechanical & Aerospace Engr., Cornell University Developing Defenses Against Jamming & Spoofing.

10/7/ Innovative Solutions International Satellite Navigation Division ION NTM 01 Capabilities of the WAAS and EGNOS For Time Transfer SBAS, an Alternate.

Evaluation of Smart Grid and Civilian UAV Vulnerability to GPS Spoofing Attacks D. P. Shepard, J. A. Bhatti, T. E. Humphreys, The University of Texas at.

IGS Workshop 2008 The Galileo Ground Mission Segment Performances Francisco Amarillo-Fernandez, Massimo Crisci, Alexandre Ballereau John Dow, Martin Hollreiser,

Riding out the Rough Spots: Scintillation-Robust GNSS Carrier Tracking Dr. Todd E. Humphreys Radionavigation Laboratory University of Texas at Austin.

1 Todd E. Humphreys, Cornell University Larry Young, JPL Thomas Pany, University FAF Munich 2008 IGS Workshop, Miami Beach FL IGS Receiver Considerations.

Quickest Detection of GPS Spoofing Attack Z. Zhang, M. Trinkle, L. Qian, and H. Li MILCOM 2012 Nadia Adem 10/27/2014.

GPS: Everything you wanted to know, but were afraid to ask Andria Bilich National Geodetic Survey.

SVY 207: Lecture 7 Differential GPS By now you should understand: –How GPS point positioning works from first principles Aim of this lecture: –To understand.

Characterization of Receiver Response to a Spoofing Attack

M. Gende, C. Brunini Universidad Nacional de La Plata, Argentina. Improving Single Frequency Positioning Using SIRGAS Ionospheric Products.

What Makes a GNSS Signal the IGS Analysis Center Workshop 2-6 June 2008, Miami Beach Larry Young (not an expert, just a user) Jet Propulsion Lab.

Tightly-Coupled Opportunistic Navigation for Deep Urban and Indoor Positioning Ken Pesyna, Zak Kassas, Jahshan Bhatti, and Todd Humphreys Presentation.

Constructing a Continuous Phase Time History from TDMA Signals for Opportunistic Navigation Ken Pesyna, Zak Kassas, Todd Humphreys IEEE/ION PLANS Conference,

GPS Spoofing Detection System Mark Psiaki & Brady O’Hanlon, Cornell Univ., Todd Humphreys & Jahshan Bhatti, Univ. of Texas at Austin Abstract: A real-time.

Future Directions in GNSS Research Todd Humphreys | Aerospace Engineering The University of Texas at Austin GPS World Webinar | November 15, 2012.

Analyzing the Effect of Interference in GNSS Scintillation Monitoring Rodrigo Romero Politecnico di Torino 11th European Space.

Secure Civil Navigation and Timing Todd Humphreys | Aerospace Engineering The University of Texas at Austin MITRE | July 20, 2012.

Characterization of Receiver Response to a Spoofing Attack Daniel Shepard Honors Thesis Symposium 4/21/2011.

Assessing the Civil GPS Spoofing Threat

Relative positioning with Galileo E5 AltBOC code measurements DEPREZ Cécile Dissertation submitted to the University of Liège in partial requirements for.

Telecommunication Laboratories Jia-Lun Wang, Shinn-Yan Lin, Yi-Jiun Huang, Huang-Tien Lin and Chia-Shu Liao APMP 2012 November 26, 2012 MSL Wellington,

ESSEM Earth System Science and Environmental Management 17/11/ ESWW6-2 M. Messerotti, A. Marassi M. MESSEROTTI 1,2,3, A. MARASSI 1 1 INAF-Astronomical.

Thomas Herring, IERS ACC, MIT

GPS - Global Positioning System

A review of audio fingerprinting (Cano et al. 2005)

Spirent: GNSS Testing SERFA 2016.

Spatial Discovery in 60 GHz

Practical Cryptographic Civil GPS Signal Authentication

Counter-UAV Challenges: Is GNSS Spoofing Effective?

Performance requirements update

Advancing Wireless Link Signatures for Location Distinction

Todd Humphreys | Aerospace Engineering

Spatial Discovery in 60 GHz

Presentation transcript:

An Evaluation of the Vestigial Signal Defense for Civil GPS Anti-Spoofing Kyle Wesson, Daniel Shepard, Jahshan Bhatti, and Todd Humphreys Presentation at ION 2011| September 22, 2011

Acknowledgements

Outline I. Civil Anti-Spoofing Overview II. Interference Model III. Video Comparison: Interference IV. Interference Detection Metrics V. Ongoing Work

Types of Civil Anti-Spoofing Civil Anti-Spoofing Cryptographic Security- Enhanced GPS (NMA or SCA) Dual-Receiver Correlation Non- Cryptographic Multi-Antenna Defense Vestigial Signal Defense (VSD) Why VSD?  Implementable today!  Software-only defense; requires no additional receiver hardware Why not cryptographic anti-spoofing?  Requires infrastructure and possibly changes to GPS IS  Vulnerable to initial phase of spoofing attack

What is the Vestigial Signal Defense?  FACT: Suppressing authentic GPS signal during a spoofing attack is difficult  OPPORTUNITY: Ad-mixture of spoofing and authentic GPS signal can lead to detectable corruption of the complex correlation function  PROBLEM: Interaction of spoofing and authentic GPS signal is similar to interaction of multipath and direct-path GPS signal  DEFINITION: VSD is a technique for monitoring distortion in the complex correlation function VSD Goal: Reduce the degrees-of-freedom available to a spoofer, making it mimic multipath (i.e., “corner in” the spoofer)

Interference Model Direct Path: Multipath: Spoofing:

Visual: Complex Correlation Domain

Interference Comparison: The Tools The Multipath Monitor (GCAF) 500 MHz bandwidth 512 Correlation Tap Dump at 1000 Hz Designed at UT Applied Research Labs Debut at ION GNSS 2010 The Spoofer Real-time civil GPS spoofer Enables civil anti-spoofing research Described in open-literature Debut at ION GNSS 2008 loaned by University of Texas Applied Research Laboratory

Multipath Wardriving Campaign 1) NI RFSA can record 30 MHz bandwidth about GPS L1 frequency slaved to OCXO clock 2) Loaded test equipment into truck and recorded data in downtown Austin, Texas 3) Post-processed data with software-defined GPS receiver

Test Setup Spoofer Multipath Record/Playback GCAF

Complex Correlation Domain Explanation

Is it Spoofing or Multipath?

Videos

Observations  Multipath can look like spoofing!  Spoofing can look like multipath!  Detecting the difference between spoofing and multipath is difficult!

Proposed Spoofing Detection Metrics Sensible Suggestion: Apply signal quality and multipath monitoring metrics to spoofing detection:  Delta-Test [1]:  Ratio-Test [1,2,3]: [1] Ledvina, B.M. et al., “An In-Line Anti-Spoofing Device for Legacy Civil GPS Receivers,” (2010) Institute of Navigation ITM, San Diego, CA. [2] Cavaleri, A. et al., “Detection of spoofed GPS signals at code and carrier tracking level," (2010) Satellite Navigation Technologies and European Workshop on GNSS Signals and Signal Processing (NAVITEC). [3] Cavaleri, A. et al., “Signal Quality Monitoring Applied to Spoofing Detection,” (2011) ION GNSS, Portland, OR. [Session C3, Paper #1]

Examining the Ratio Test (1/3) Mean = 0.42 Std = P F = 5.7e-7

Examining the Ratio Test (2/3) Mean = 0.43 Std = P F = 5.7e-7 Corresponds to Video

Examining the Ratio Test (3/3) Mean = 0.47 Std = P F = 5.7e-7 Corresponds to Video

Takeaways  Possible high false alarm rate if no reliable method to differentiate spoofing and multipath  Most metrics ignore quadrature component  Certain taps may be better discriminators than others

Ongoing Work Maximum-likelihood {α, τ, θ} tracking: 1. Bistatic-radar-based localization of interference sources 2. Tertiary hypothesis tests on α

Conclusions  Multipath can look like spoofing!  Spoofing can look like multipath!  Blind application of signal quality monitoring may lead to a high false alarm rate  VSD is still under development  Goal: reduce the degrees-of-freedom available to a spoofer, making it mimic multipath Multipath and Spoofing Data Set Available: Multipath and Spoofing Data Set Available: