Embed Size (px)
DESCRIPTION
GNSS Security. Todd Humphreys | Aerospace Engineering The University of Texas at Austin GPS World Webinar | September 18, 2014. Acknowledgements. - PowerPoint PPT Presentation
Citation preview
GNSS Security
Todd Humphreys | Aerospace EngineeringThe University of Texas at Austin
GPS World Webinar | September 18, 2014
• University of Texas Radionavigation Lab graduate students Jahshan Bhatti, Kyle Wesson, Ken Pesyna, Zak Kassas, Daniel Shepard, Andrew Kerns, and Nathan Green
Acknowledgements
Interest: There were about 25 presentations on GNSS security, principally from two panel sessions and two regular sessions devoted to the topic—all well attended. Galileo Authentication: F. Diani (European GNSS Agency) reported on a trade study conducted for the EGA that revealed substantial interest in signal-side open-service Galileo authentication via NMA, especially for transport regulation and mobile payments. I. Fernandez-Hernandez (European Commission DG ENTR) presented the current Galileo blueprint for NMA-based signal-side authentication and revealed that they have already conducted initial SIS tests.
Security Highlights from ION GNSS+ 2014 (1/2)
GPS Authentication: GPSD, Aerospace Corp., BAH, and University of Texas engaged in a feasibility study for NMA on GPS L2 and L5. No SIS testing yet.Antennas: Stanford, DLR, and Cornell introduced clever antenna-based signal authentication techniques. One Stanford/DLR technique switches polarization in a single element to detect spoofing from below. Others: L. Scott considered “social” approaches to interference deterrence. O. Pozzobon proposed a far-term spreading code authentication for Galileo. G. Gao: Distribute risk of authentication across unreliable peers. J. Curran agreed that NMA on Galileo open service is worthwhile and feasible.
Security Highlights from ION GNSS+ 2014 (2/2)
GNSS Security Scenarios
Full trust and physical security
GNSS Security Scenarios
Public communication channel(with uncontrolled latency)
2
GNSS Security Scenarios
Tamper-proof receiver
3a
GNSS Security Scenarios
Tamper-proof receiver with aninternal antenna array
3b
GNSS Security Scenarios
Tamper-proof private key storage
4
GNSS Security Scenarios
Untrusted receiver
5
A Rough View of the Secure GNSS Market
mobile payment
regulated transport
A Rough View of the Secure GNSS Market
mobile payment
regulated transport
The largest market segments are the hardest to secure
Perspective: Don't expect cryptographic GNSS signal authentication to be anywhere near as secure as, say, message authentication across the Internet. It's not even close. The problem is that we're trying to secure not only data content but also signal arrival time. Replay: All crypto schemes remain vulnerable to replay attacks, no matter how long their keys or how short their security chips.Dependency: One still needs a good clock and a received power monitor to properly exploit crypto-enhanced GNSS signals; PPDs are a nuisance for security.
Signal-side GNSS crypto authentication is a good start, but is not sufficient for secure GNSS (1/2)
Signal-side GNSS crypto authentication is a good start, but is not sufficient for secure GNSS (1/2)
Overlap: PPDs are also a nuisance for authentication.Proof of location: Where are you? Convince me.
Cryptographic Non-Cryptographic
Stan
d-Al
one
Net
wor
ked
J/N Sensing(Scott, Ward, UC Boulder, Calgary)
SSSC or NMA on WAAS(Scott, UT)
Single-Antenna Spatial Correlation(Cornell, Calgary)
Correlation Anomaly Defense(UT, TENCAP, Ledvina, Torino)
Sensor Diversity Defense(DLR, Stanford, MITRE, DARPA, BAE, UT)
NMA on L2C, L5, or L1C(UT, MITRE, Scott, GPSD)
P(Y) Cross-Correlation(Stanford, Cornell)
Multi-Element Antenna Defense(DLR, MITRE, Cornell, Stanford)
Mobility Trace Analysis(UT)
SSSC on L1C(Scott)
GNSS Authentication Without Local Storage of Secret Keys
Cryptographic Non-Cryptographic
Stan
d-Al
one
Net
wor
ked
J/N Sensing(Scott, Ward, UC Boulder, Calgary)
SSSC or NMA on WAAS(Scott, UT)
Single-Antenna Spatial Correlation(Cornell, Calgary)
Correlation Anomaly Defense(UT, TENCAP, Ledvina, Torino)
Sensor Diversity Defense(DLR, Stanford, MITRE, DARPA, BAE, UT)
NMA on L2C, L5, or L1C(UT, MITRE, Scott, GPSD)
P(Y) Cross-Correlation(Stanford, Cornell)
Multi-Element Antenna Defense(DLR, MITRE, Cornell, Stanford)
Mobility Trace Analysis(UT)
SSSC on L1C(Scott)
GNSS Authentication Without Local Storage of Secret Keys
GNSS signal authentication is fundamentally a problem of statistical decision theory
Starting Point: An Informed Perspective on the Relative Strength of GNSS Security
Cost of Successful Attack(Million-Dollar Years)
Security Protocol
∞ One-Time Pad
NIST-approved symmetric-key data encryption1010 NIST-approved public-key data encryption
101Symmetric-key GNSS securityPublic-key GNSS security Non-cryptographic GNSS security
A vast divide
“[The received power defense] has low computational complexity and is an extremely powerful means to detect spoofing, making spoofing no more of a threat than the much less sophisticated radio frequency interference/jamming.”
Received Power Defense
Akos, D, “Who’s afraid of the spoofer? GPS/GNSS Spoofing Detection via Automatic Gain Control (AGC),” NAVIGATION, 2012.
The Received Power Defense: Two Weaknesses
The received power defense is not sufficient for GNSS signal authentication because the variations in received power due to non-spoofing phenomena are not small compared to the increase in power due to spoofing -- PPDs and SRBs can cause false alarms.
Solar Radio Bursts
Personal Privacy Devices (Jammers)
The Pincer Defense
Wesson, Humphreys, and Evans, “Receiver-Autonomous GPS Signal Authentication based on Joint Detection of Correlation Profile Distortion and Anomalous Received Power,” in preparation.
Observation 1: Autocorrelation distortion a function of spoofer power advantage.Observation 2: A low-power attack (~ 0 dB advantage) can be effective.
Strategy: Leave spoofer no place to hide by trapping it between a received power monitor and an autocorrelation distortion monitor.
The Pincer Defense
received power
decision regions
symmetric distortion statistic
empirical distributions
spoofingjam
min
g
multipath
The Pincer Defense
received power
decision regions
symmetric distortion statistic
empirical distributions
spoofingjam
min
g
multipathGNSS Security is fundamentally a problem of
statistical decision theory
Code Origin AuthenticationCode Timing Authentication
Cryptographic GNSS Signal Authentication(The Crypto Defense)
Inside the Spoofer: Security Code Chip Estimation
Cryptographic PNT signal authentication should be viewed from Bayesian perspective:
The attacker need not crack the code, only estimate it
Security Code Estimation and Replay (SCER) Attack
unpredictable security code
Generation of detection statistic is readily implementable as a specialized correlation
SCER Attack Defense: Inside the Defender
SCER Attack Defense: Demonstration via Testbed
The SCER attack defense is promising but has weaknesses:1. Struggles during initial stage of attack2. Fails in the face of a full signal replay attack
A looming challenge in PNT security will be providing proof of location or time to a skeptical second party. This problem scales differently than attacks against non-complicit PNT sensing: A single rogue actor with an inexpensive receiver network (“Dr. No”) could sell forged GNSS-based proofs of location and time to thousands of subscribers.
radionavlab.ae.utexas.edu
