Embed Size (px)
Citation preview
BLUESKY GNSS FIREWALL
2
Agenda
Update on PNT (Position, Navigation & Time) industry initiatives and trends for Critical Infrastructure
BlueSky GNSS Firewall product overview
GPS Anomalies (BlueSky Performance Monitoring)
Summary
3
Why should you be concerned?
Until recently, GPS devices were viewed simply as radio receivers. However, they are actually computers with similar security risks. Threats include denial-of-service attacks (jamming) and the introduction of bad data into the system (spoofing). The advent of software-defined radios has increased the ease and lowered the cost with which these types of attacks can be launched. Efforts should be made to ensure accurate and resilient timing for your GPS device.
4
GNSS has become the “utility of utilities”
Data/Cloud Services
5
GNSS is a single point of failure for Critical Infrastructure
Data/Cloud Services
6
Spoofing and Jamming in Norwegian Sea
Russian military trainingRussian battleships
7
GPS disruptions in recent NATO war games in Scandinavia
8
National Timing Security Act• The National Timing
Resilience and Security Act requires the Department of Transportation to establish a timing system to back up GPS by December 2020.
• Now signed by Congress and the President.
9
DOT moves aggressively on GPS backup
Congressional mandates The first mandate was in a law passed in
2017. The National Defense Authorization Act tasked the Departments of Defense, Transportation, and Homeland Security to jointly conduct a technology demonstration of GPS backup technology.
The National Timing Resilience and Security Act requires the Department of Transportation to establish a timing system to back up GPS by December 2020.
https://www.gpsworld.com/us-dot-moves-aggressively-on-gps-backup-rfp-this-month/
10
BlueSky GNSS Firewall
11
Signal in space vulnerabilities are generally categorized based on the failure mode they induce in a GNSS receiver Jamming: Partial or complete loss of ability to receive
GNSS signals Spoofing: Tricking a GNSS receiver into receiving
illegitimate signals
Multi GNSS systems are available for use but they provide minimal protection against signal-in-space vulnerabilities Use of multiple constellations can help in detecting errors
but: GNSS constellations are relatively close in frequency so
jamming events often impact all the constellations It is only slightly more difficult to spoof multiple GNSS
systems than it is to spoof a single GNSS system
Signal-in-Space Vulnerabilities
We cannot solve our problems with the same thinking that we used when we created them.
- Albert Einstein
GPS Galileo
BeiDou GLONASS
12
Current GPS Receivers Civilian GPS receiver
Commercial GPS receivers utilize L1 signal for tracking Varying levels of multi-constellation support and limited security
features Civilian GPS receivers make-up the majority of GPS receivers
used by Critical Infrastructure
Military GPS receiver Selective Availability Anti-Spoofing Module (SAASM) receivers utilize
L1 and the encrypted L2 signal for GPS tracking Provide better anti-jam performance and better protection against
more advanced GPS attacks Not available for commercial applications
Civilian GPS Receivers
Military GPS Receiver
13
Firewall conceptPhysical Firewall at Electrical Substation
Secure PNT for Critical Infrastructure
Unprotected PNT from the Sky
Network Firewall
14
Secure Firewall Overlay Protects against GNSS spoofing and jamming
Simple connection between GNSS antenna and GPS system
Optional internal MAC for holdover
1PPS and 10 MHz timing reference inputs for extended holdover (connection to external cesium reference)
Redundant AC or DC power options
“BlueSky Performance Monitoring” integrated within TimePictra
15
BlueSky GNSS Firewall Overview (Hardened vs. Validated)
orOptional(inside)
HardenedOutput (GPS format)
ValidatedOutput (all bands)
Holdover
Live SkyReception/Anomaly
Detection
16
BlueSky Software Engine• BlueSky software engine manages all the
elements of the GNSS firewall• Contains algorithms to aggregate and
interpret the data from anomaly detectors• Makes informed decisions on the validity of
Live Sky input and takes action to protect downstream GNSS systems
• BlueSky software engine reports on the status of the firewall and the status of the GNSS environment
• Provides Graphical User Interface (GUI) for monitoring current status of the GPS firewall
• Interfaces with TimePictra to provide situational awareness of your entire GNSS infrastructure
17
All signals are analyzed using three types of analytics Waveform Analytics: Analyze characteristics of the physical
signal (e.g. carrier frequency, power level, spectrum shape) Data Analytics: Analyze characteristics of the received data
(e.g. week number, leap second info, satellite ephemeris) Solution Analytics: Analyze characteristics of the solution
output (e.g. time, position, velocity)
Decision engine determines signal validity Decision is based on the aggregate information from the
anomaly detectors because there are many opportunities for false alarms from any one anomaly detector
Good coverage comes from having detectors of each type
GNSS security means intelligently analyzing the signals It is not based on the “number of detectors” but rather the
intelligence of the detectors
BlueSky GNSS Signal Analysis
WaveformAnalytics
Live Sky Unprotected GNSS Signals
DataAnalytics
SolutionAnalytics
Protected GNSS Signals
Vulnerable Live-Sky Environment
Decision Based on Detector Intelligence
18
BlueSky GNSS Firewall Deployment models
SyncServer S600/S650
MAC
Validated
Equipment requiring GPS/L1 signal
Hardened
GPS Splitter
Firewall usingValidated Output
Firewall usingHardened Output
Firewall deployed for monitoring only
Optional MACOptionalCesium
Equipment requiring GPS/L1 signal
19
Visibility of GNSS Anomalies(BlueSky Performance Monitoring)
20
Causes of GNSS AnomaliesPower received on Earth from a GPS satellite, -160 dBW, is as “bright” as a flashlight in Los Angeles when viewed in New York City, approx. 5000 km away
12,000 miles between satellites and receiver
21
Sample of GNSS metricsMetric Characteristic of Signal Anomaly
Tracked Satellite Count Are the expected number of satellites in view?
GPS Position Delta Is the position data coming from the sky moving too much relative to surveyed antenna position?
Phase Time Deviation Is the sky received “time” moving? (suddenly, gradually, etc?)
GPS Signal Average Is the GNSS signal strength of the visible satellites in the expected range?
Satellites in view Are individual satellites at expected carrier-to-noise level?
RF Power Is the RF power level within expected threshold?
22
TimePictra - BlueSky GNSS Firewall Management
23
RF Power Detection GNSS RF Power operates at a very low signal level
Typically, when connected to antenna, signal is in the 60db to 90db range
Small power shifts, just enough to take over the reception of the receiver
Time based performance monitoring shows characteristics of knock-off signal
Dashboard views are also convenient for seeing alarm condition
24
Time Jump Anomaly Timing anomalies can be sudden jumps or gradual time shifts Autonomous timescale algorithms are used to detect time
offsets (sudden, gradual, etc.) When detected, GPS synthesizer technology driven by the
timescale(Hardened Output), can maintain operation300nS jump
Anomaly detected; howeverTimescale remains stable
25
Position Movement Anomaly
Position MovementPosition Movement
Position Movement
Threshold set to 10meters
Anomaly position detector can be set to the desired threshold, for example 10 meters
Once threshold is crossed, alarm is generated
Time based performance monitoring provides plot of position movements
26
Observing multiple anomaly types to detect root cause
GPS Position movement occurring relative to surveyed antenna position
GPS phase movement relative to internal time-scale
Both position and time are repeatedly occurring
27
System designers can no longer treat GPS as a “trusted” source of time GPS signal-in-space threats are not just a theoretical possibility – they have
been realized GPS receivers are actually computers with similar security risks
Securing GPS-based systems from signal-in-space attacks requires a layered approach Detection: Rapidly identify local GPS anomalies such as
spoofing or jamming Resiliency: Design systems that can continue their operations
during periods of GPS outages Visibility: Provide situational awareness of the GNSS
environment
Last but not least: The sky is not falling Practical things can be done today to harden
your system against signal-in-space threats
Key Points
Design Approach for Securing Systems Against GPS Signal-in-Space Threats
BlueSky Performance Monitoring
BlueSky GNSS Firewall
Detection, Resiliency, Visibility
