mobile technologie

NEW ANDROID REVIEW

mercredi 14 janvier 2015

Industry voice: Why a commercial GNSS test bed could help to deal with GPS spoofing

Industry voice: Why a commercial GNSS test bed could help to deal with GPS spoofing

Introduction and vulnerabilities


In the 1997 Bond movie Tomorrow Never Dies, the evil media mogul Elliot Carver gets hold of a GPS encoder and uses it to send false signals, causing a British warship to stray without permission into Chinese territorial waters.


You can rely on Bond movies to recruit the very latest leading edge technology for their plots – even if the crime itself goes back to legends of Cornish wreckers luring ships onto rocks by night with false lamp signals. While the wreckers' aim was to salvage precious cargo, Elliot Carver's wicked plan was to boost his TV ratings by launching a Sino-British war.


Spoofing concerns


Seventeen years on, and there is growing concern that similar "spoofed" signals, apparently from a Global Navigation Satellite System (GNSS), could indeed be used for criminal purposes.


Back in 2013, a group from the University of Texas demonstrated how a false GPS signal generator could override a luxury yacht's navigation computers as it travelled from Monaco to Rhodes in the Mediterranean. First an alarm reported that the ship had wandered off course and the computers re-plotted the supposedly "correct" course based on false signals. There was no secondary warning to suggest that the new course was incorrect.


Professor Todd Humphreys who led the spoofing team said: "I didn't know, until we performed this experiment, just how possible it is to spoof a marine vessel and how difficult it is to detect this attack… With 90% of the world's freight moving across the seas and a great deal of the world's human transportation going across the skies, we have to gain a better understanding of the broader implications of GPS spoofing."


Those broader implications could include the critical role of GPS in providing highly accurate time data for cell phones, high speed trading systems, and other systems that use GPS signal for timing.


Why are GPS systems vulnerable?


GPS navigation devices have become so common – in cars, built into smartphones and in handy gadgets for rugged outdoor activities – that it is perhaps surprising to learn that they rely on very delicate measurements of extremely weak signals.


Even with around 30 satellites in orbit at about twenty thousand kilometres above the globe, the distance between any satellite and a GPS receiver is far greater than the distance to the nearest cell tower, while the satellite has to rely on solar power to generate its signals. The signal power can be thought of as being equivalent to a 40 Watt light bulb, and the signals reaching your GPS device are actually weaker than the background electronic, or thermal "noise". So how can the system possibly manage?


Part of the answer is that the GPS signals are, by digital data standards, lengthy pieces of code, and the receiver is specifically listening for those codes – just as you might recognise someone calling your name even across a crowded, noisy room. To achieve this, the receiver takes its time – again by digital data standards – while it searches for and acquires those faint satellite signals. This is why, when you switch on your sat-nav, you typically have to wait a few seconds for it to come to life.


Having taken time to identify the signals, the actual calculation of position relies on extremely accurate timing. Each satellite contains its own atomic clock keeping near perfect time that forms part of the signal transmitted – so the receiver gets a time signal that was "exact" when transmitted, but "slow" when received because of the time it takes for the signal to travel from satellite to receiver. The discrepancy between time signal and time of arrival provides a measure of the receiver's distance from the satellite.


It is actually even more difficult than that. Firstly the speed of light, and so of transmission, is slower as the atmosphere gets thicker towards the surface of the Earth, making the calculation a lot more complicated. Secondly the receiver does not have its own atomic clock on board, so cannot be totally accurate about the signal delay. To get round this problem, the system has to use the satellite time signals to reset its own internal clock at the same time as measuring those signals – effectively becoming the satellite's "slave clock".


What makes this possible is an element of redundancy: if you had perfect time in the receiver you could fix your location in 3D space with only three satellite signals; instead the system looks for four (or more) satellite signals to not only provide verification through redundancy, but this also allows for iterative time verification.


The miracle is not so much the miracle of human inventiveness, as the miracle that it actually works – in a relatively cheap handheld or wrist-worn gadget, what's more!


How to crack the system


Given such weak signals and such a complex calculation, there is one very simple way to disrupt GPS, and that is to block the signals by jamming them. For a few hundred pounds you can buy a portable GPS jammer or "Personal Privacy Device" to stop law enforcement agencies from using your smartphone or a concealed vehicle tracking device to inform them about your movements. These can also allow lorry drivers to bypass the vehicle tracking systems used by fleet operators to monitor vehicle usage and abusage.


In 2013 there were a number of incidents around the world where GPS jammers affected other users, including a truck driver in New Jersey who caused interference to the Newark Liberty International Airport ground-based augmentation system, and taxi drivers in Melbourne, Australia using jammers to queue-jump and steal fares. These show just how widespread GPS jamming devices have become – quite apart from the sat-navs you buy for navigation.


If an enemy or criminal were to deliberately jam GPS or GNSS signals, it might seem a pretty blunt instrument in the sense that the impact of the jamming cannot be controlled or targeted. Approaching the jammer, the receiver will stop tracking satellites, and most individuals will realise that something is amiss and stop using it. Out comes that dog-eared street map you last saw somewhere in the car boot – and in something as critical as an aeroplane there are always alternative navigation systems just to be on the safe side.


Potential for chaos


But multiply that nuisance factor across a wide area, and it could create chaos. A concerted jamming attack on a major city could mean delivery drivers losing their guidance, bus and transport status screens displaying incorrect information, passengers stuck on trains because doors refuse to open (some use GNSS to control operation of doors at stations), ATM machines and other systems that also use GPS could cease to function... A city grinds to a halt whilst authorities try to identify the problem and locate the jamming source – even a blunt instrument can do plenty of damage to a big enough target.


What could be even more threatening is "spoofing": i.e. creating fake GNSS signals with all the complexity of real signals, but specifically designed to generate false but convincing position data. From what has been said about the nature and subtlety of these signals, it is clearly not such a trivial task as simply jamming the signal – otherwise it might seem surprising that we had to wait sixteen years after Tomorrow Never Dies before those students from Texas provided their public demonstration of spoofing in practice.


The real threat of spoofing is that the victim does not know what is happening and so carries on using false information. Yes, a spoofing box like the one created by the students could be concealed aboard a ship or plane and at some time be switched on, replicate the real signals and be accepted, and then increase signal strength until it dominates the real signals, and then begin to bend reality by taking the vessel off course and into forbidden territory – or onto rocks.


This would need to be done cleverly – not even the most trusting navigator would accept that the ship was cruising down Kensington High Street – so what defence measures are there apart from common sense?


There is visual confirmation – if the supposed location looks way off course suspicions will be aroused – and there are alternative positioning systems such as those based on dead-reckoning using accelerometers, vision sensors, or an alternative fixing technology such as eLORAN. Augmenting your GNSS with one of these technologies could provide an indication that something is wrong.


Then there is the alternative provided by another good GNSS. Although the US military might regret no longer having a monopoly with GPS, the fact that there are other systems operational or coming online will provide extra resilience, and the European Galileo constellation is deliberately designed to complement GPS for additional accuracy and resiliency. So a truly diabolical spoofing attack would also need to foil all these backup alternatives, and that could include not only the complexity of creating realistic GPS signals but also spoofing every other likely GNSS signal in the vicinity just in case.


Worth the effort?


Would it be worth going to all this trouble? James Bond's villain clearly believed so. More realistically we can see the potential for disruption that might tempt an enemy nation to launch a spoofing attack. And the damage could be less obvious than a plane or ship going off course – such is the extreme accuracy of the GPS atomic clocks that they are widely used as a source of accurate timing. Every cell tower, for example, has its own GPS receiver, not because it might forget where it is, but to provide a super-accurate time signal for its own transmission purposes.


Some financial high-speed trading systems are so time critical that they rely on GPS time data to determine precisely when trades were made. So criminal – or military – ingenuity might develop ways to generate all sorts of mayhem out of a cleverly targeted spoofing attack.


Do not forget the human factor, either: these systems have served us so well already that it is increasingly tempting to put blind faith in them. The recent MAIB report on the collision between Seagate and Timor Stream identified several human errors, including an oversight that one of the ship's AIS devices was broadcasting a heading 160 degrees out.


We are entering a whole new territory – with little more than a spoofed GNSS to guide us. Maybe.


Analysing and minimising the risk of spoofing


It is perhaps comforting to know that a spoofing attack will demand rather sophisticated technology to generate realistic signals and not be immediately recognised as a fraud. But it remains cold comfort unless there is some way to assess how your GNSS receiver responds to spoof signals, and use that information to devise a counter strategy that increases resilience to interference.


Test beds have been created to provide such test and measurement – the EU's Joint Research Centre has developed one for its Galileo project, for example. But it is only since February 2014 that there has been a commercially available system to test GNSS under laboratory conditions in this way.


Spirent SimSAFE provides a laboratory test bed, incorporating simulators, monitors and computers with software designed expressly for GNSS testing, and that includes testing against possible spoofing attacks.


Basically, the system creates those subtle GNSS signals in a truly realistic manner – taking account of all the factors that can distort their timing and the sort of background noise they struggle against – and transmits them down a cable to the receiving device, rather than through the air. This allows very sensitive monitoring and measurement of the receiver's behaviour under truly realistic GNSS operating conditions, as well as when various spoofing, jamming or other likely attacks are thrown at it.


In practice this could allow a large GNSS user or receiver manufacturer to test devices to see how well they perform, and how vulnerable they are to attack. It also means that device manufacturers now have a means to develop standardised tests against set criteria to improve the performance and reduce the vulnerability of their products. Eventually there will be a set of standard tests which will allow GNSS users to select the best equipment for their application based on the level of protection against jamming and spoofing it offers.


This has important implications for the whole GNSS market, as users can begin to demand equipment that has passed certain tests on an industry standard test bed, and these tests could include a measure of spoofing vulnerability.


Meanwhile, let's hope Elliot Carver doesn't get hold of one first…



  • Guy Buesnel is Product Manager – GNSS Vulnerabilities at Spirent Communications






from TechRadar: All latest feeds http://ift.tt/1yjPdBz

via IFTTT

Related Posts:

  • Review: Vodafone Smart Speed 6 Introduction and features Network own-brand phones have long since stopped being the compromise they once were. Like a supermarket's own flaked corn cereal or beans baked in tomato sauce, they're the acceptable face of smart… Read More
  • Review: Wileyfox Storm Introduction and features With the introduction of 2K screens on the likes of the LG G4 and the Samsung Galaxy S6, along with 64-bit processors in the iPhone 5S, flagship smartphone performance and specs have begun to platea… Read More
  • Hands-on review: Updated: OnePlus X Hands on: OnePlus X review OnePlus is expanding its range of smartphones with the OnePlus X, which slides in below the Chinese firm's flagship OnePlus 2. It's a mid-tier offering with a highly reasonable price tag, aimed at … Read More
  • Review: BlackBerry Priv Introduction and design Well this is a turn up for the books. After almost four years of banging the BlackBerry 10 drum it seems the Canadian firm has finally admitted defeat, launching its first Android smartphone in the Bl… Read More
  • Hands-on review: Motorola Moto X Force Hands on: Motorola Moto X Force review The Motorola Moto X Force is the firm's new flagship smartphone, coming in above the Moto X Play and Moto X Style, and boasting a smashproof screen. Yes, you've read that right, Motorol… Read More

0 commentaires :

Enregistrer un commentaire

Inscription à : Publier les commentaires ( Atom )

Copyright © 2025 mobile technologie | Powered by Blogger
Blogger Templates