Transcript presentation - The University of Texas at Austin

GNSS Security
Todd Humphreys | Aerospace Engineering
The University of Texas at Austin
GPS World Webinar | September 18, 2014
Acknowledgements
• University of Texas Radionavigation Lab
graduate students Jahshan Bhatti, Kyle
Wesson, Ken Pesyna, Zak Kassas, Daniel
Shepard, Andrew Kerns, and Nathan
Green
Security Highlights from ION GNSS+ 2014 (1/2)
Interest: There were about 25 presentations on GNSS
security, principally from two panel sessions and two
regular sessions devoted to the topic—all well attended.
Galileo Authentication: F. Diani (European GNSS Agency)
reported on a trade study conducted for the EGA that
revealed substantial interest in signal-side open-service
Galileo authentication via NMA, especially for transport
regulation and mobile payments. I. Fernandez-Hernandez
(European Commission DG ENTR) presented the current
Galileo blueprint for NMA-based signal-side
authentication and revealed that they have already
conducted initial SIS tests.
Security Highlights from ION GNSS+ 2014 (2/2)
GPS Authentication: GPSD, Aerospace Corp., BAH, and
University of Texas engaged in a feasibility study for NMA
on GPS L2 and L5. No SIS testing yet.
Antennas: Stanford, DLR, and Cornell introduced clever
antenna-based signal authentication techniques. One
Stanford/DLR technique switches polarization in a single
element to detect spoofing from below.
Others: L. Scott considered “social” approaches to
interference deterrence. O. Pozzobon proposed a farterm spreading code authentication for Galileo. G. Gao:
Distribute risk of authentication across unreliable peers.
J. Curran agreed that NMA on Galileo open service is
worthwhile and feasible.
GNSS Security Scenarios
Full trust and physical security
GNSS Security Scenarios
2
Public communication channel
(with uncontrolled latency)
GNSS Security Scenarios
3a
Tamper-proof receiver
GNSS Security Scenarios
3b
Tamper-proof receiver with an
internal antenna array
GNSS Security Scenarios
4
Tamper-proof private key storage
GNSS Security Scenarios
5
Untrusted receiver
A Rough View of the Secure GNSS Market
regulated transport
mobile payment
A Rough View of the Secure GNSS Market
regulated transport
mobile payment
The largest market segments are
the hardest to secure
Signal-side GNSS crypto authentication is a good
start, but is not sufficient for secure GNSS (1/2)
Perspective: Don't expect cryptographic GNSS signal
authentication to be anywhere near as secure as, say,
message authentication across the Internet. It's not even
close. The problem is that we're trying to secure not only
data content but also signal arrival time.
Replay: All crypto schemes remain vulnerable to replay
attacks, no matter how long their keys or how short their
security chips.
Dependency: One still needs a good clock and a received
power monitor to properly exploit crypto-enhanced GNSS
signals; PPDs are a nuisance for security.
Signal-side GNSS crypto authentication is a good
start, but is not sufficient for secure GNSS (1/2)
Overlap: PPDs are also a nuisance for authentication.
Proof of location: Where are you? Convince me.
GNSS Authentication Without Local Storage of Secret Keys
Networked
Stand-Alone
Cryptographic
SSSC on L1C
(Scott)
SSSC or NMA on WAAS
(Scott, UT)
NMA on L2C, L5, or L1C
(UT, MITRE, Scott, GPSD)
Non-Cryptographic
J/N Sensing
(Scott, Ward, UC Boulder, Calgary)
Sensor Diversity Defense
(DLR, Stanford, MITRE, DARPA, BAE, UT)
Single-Antenna Spatial Correlation
(Cornell, Calgary)
Correlation Anomaly Defense
(UT, TENCAP, Ledvina, Torino)
P(Y) Cross-Correlation
(Stanford, Cornell)
Multi-Element Antenna Defense
(DLR, MITRE, Cornell, Stanford)
Mobility Trace Analysis
(UT)
GNSS Authentication Without Local Storage of Secret Keys
Networked
Stand-Alone
Cryptographic
SSSC on L1C
(Scott)
SSSC or NMA on WAAS
(Scott, UT)
NMA on L2C, L5, or L1C
(UT, MITRE, Scott, GPSD)
Non-Cryptographic
J/N Sensing
(Scott, Ward, UC Boulder, Calgary)
Sensor Diversity Defense
(DLR, Stanford, MITRE, DARPA, BAE, UT)
Single-Antenna Spatial Correlation
(Cornell, Calgary)
Correlation Anomaly Defense
(UT, TENCAP, Ledvina, Torino)
P(Y) Cross-Correlation
(Stanford, Cornell)
Multi-Element Antenna Defense
(DLR, MITRE, Cornell, Stanford)
GNSS signal authentication is Mobility
fundamentally
a
Trace Analysis
(UT)
problem of statistical decision theory
Starting Point: An Informed Perspective on
the Relative Strength of GNSS Security
Cost of Successful Attack
(Million-Dollar Years)
∞
Security Protocol
One-Time Pad
10
NIST-approved symmetric-key data encryption
NIST-approved public-key data encryption
101
Symmetric-key GNSS security
Public-key GNSS security
Non-cryptographic GNSS security
10
Received Power Defense
“[The received power defense] has low computational complexity and is an
extremely powerful means to detect spoofing, making spoofing no more of a
threat than the much less sophisticated radio frequency interference/jamming.”
Akos, D, “Who’s afraid of the spoofer? GPS/GNSS Spoofing Detection via
Automatic Gain Control (AGC),” NAVIGATION, 2012.
The Received Power Defense: Two Weaknesses
Personal Privacy Devices (Jammers)
Solar Radio Bursts
The received power defense is not sufficient for GNSS signal authentication
because the variations in received power due to non-spoofing phenomena are
not small compared to the increase in power due to spoofing -- PPDs and SRBs
can cause false alarms.
The Pincer Defense
Observation 1: Autocorrelation distortion a function of spoofer power advantage.
Observation 2: A low-power attack (~ 0 dB advantage) can be effective.
Strategy: Leave spoofer no place to hide by trapping it between a received power
monitor and an autocorrelation distortion monitor.
Wesson, Humphreys, and Evans, “Receiver-Autonomous GPS Signal Authentication based on Joint Detection
of Correlation Profile Distortion and Anomalous Received Power,” in preparation.
The Pincer Defense
symmetric distortion statistic
received power
decision regions
jamming
empirical distributions
multipath
spoofing
The Pincer Defense
symmetric distortion statistic
received power
decision regions
jamming
empirical distributions
spoofing
multipath
GNSS Security is fundamentally a problem of
statistical decision theory
Cryptographic GNSS Signal Authentication
(The Crypto Defense)
Origin Authentication
Code Timing
Authentication
Security Code Estimation and Replay (SCER) Attack
unpredictable security code
Inside the Spoofer:
Security Code Chip Estimation
Cryptographic PNT signal authentication
should be viewed from Bayesian perspective:
The attacker need not crack the code, only estimate it
SCER Attack Defense: Inside the Defender
Generation of detection statistic is readily
implementable as a specialized correlation
SCER Attack Defense: Demonstration via Testbed
The SCER attack defense is promising but has weaknesses:
1. Struggles during initial stage of attack
2. Fails in the face of a full signal replay attack
A looming challenge in PNT security will be
providing proof of location or time to a
skeptical second party. This problem scales
differently than attacks against noncomplicit PNT sensing: A single rogue actor
with an inexpensive receiver network (“Dr.
No”) could sell forged GNSS-based proofs of
location and time to thousands of
subscribers.
radionavlab.ae.utexas.edu