Transcript Slide 1

Thoughts on GPS Security and Integrity
Todd Humphreys, UT Austin Aerospace Dept.
DHS Visit to UT Radionavigation Lab | March 10, 2011
GPS: The Big Issues
 Weak GPS Signals
 Like a 30-Watt lightbulb held 4000 km away
 GPS does not penetrate well indoors
 GPS is easy target for jamming
 GPS is vulnerable to natural interference (e.g.,
solar radio bursts and ionospheric scintillation)
 Unauthenticated Civil GPS Signals
 Civil GPS broadcast “in the clear”
 Makes civil GPS vulnerable to spoofing
Emerging Threat: GPS Jamming
Emerging Threat: Civil GPS Spoofing
Spoofing and Jamming are Different Threats
 Spoofing is more difficult & costly
 Spoofing leaves no trace – victim receiver


doesn’t know it’s being spoofed
Spoofer typically targets a single receiver
Many countermeasures to jamming are
ineffective against spoofing
Assessing the Spoofing Threat
 Multi-frequency, multi-system receivers




inherently resistant to spoofing
Vast majority of GPS receivers in critical
applications are single-frequency L1 C/A (easily
spoofable)
Software radio techniques are game-changer,
enabling one to “download” a spoofer
Strong financial incentives encourage “complicit
spoofing” (spoofing one’s own receiver)
Timing receivers used in communications
infrastructure are attractive target
Civil GPS Spoofing Testbed at UT Austin
Spoofer
 GPS L1 C/A output
 Software radio platform
 Output precisely synchronized with


authentic signals via feedback
Finely adjustable output signal
strength
Remotely commanded via Internet
Defender





Vestigial signal defense
Data bit latency defense
Cryptographic defenses
Phase trauma monitoring
Dual-frequency tracking
Inside the Box
Digital attenuator for precise control of output signal power
Inside the Box
Spoofing signal feedback for precise signal alignment
Inside the Box
Interface board for remote operation
Inside the Box
Tracking, data-bit prediction, and synthesis on single DSP
Total bill of materials: ~$1,000
Civil Anti-Spoofing Techniques Inspired by
Work to Date
 Data bit latency defense (weak but easy to implement)
 Multi-antenna defense (patented in 1996; strong against



single spoofer; fails against multiple spoofers; requires
additional hardware)
Vestigial signal defense (work in progress; appears
strong)
Navigation message authentication (strong, practical,
more on this later)
Cross-correlation using P(Y) code (pioneered by Lo,
refined by Psiaki, very strong but not so practical)
Thoughts on the Way Forward for Civil
GNSS Authentication




More signals means more inherent security, but probably insufficient
Some civil cryptographic authentication scheme is likely required
“Signal definition inertia is enormous” – Tom Stansell
Navigation message authentication (NMA) appears to be best, practical
option (advocated by Logan Scott in 2003, others since, more on this
later)
 Goal of cryptographic authentication: force adversary to use directional
antennas in a replay attack
 Preliminary evaluation of NMA for L2C suggests optimism (more on this
later)
 Cryptography must be paired with detection theory
Spoofing Detection as a Hypothesis Testing
Problem (Soft W-chip Estimation)
Spoofing
depends on
rough
See detection
forthcoming
paper
estimates of nominal (C/No)s and
(C/No)r
on this topic: “Detection
strategies for civil cryptographic anti-spoofing.”
Navigation and Timing Resilience Through
Opportunistic Navigation
Tightly-Coupled Opportunistic Navigation
Enabling configuration:
(1) Same clock: Downmix and sample
GPS and SOO with same oscillator
(2) Same silicon: Sample GPS and SOO
in same A/D converter
TCON for Legacy GPS Receivers:
The GPS Assimilator
Assimilator Prototype
More Information
http://radionavlab.ae.utexas.edu
Backup Slides
Synchrophasor-Aided Power
Distribution
Usage Example: Protecting a GPS Time and
Frequency Receiver
Usage Example: Reducing Ionospheric Errors
Usage Example: Harnessing CDMA Cellular
Signals as Aid for Weak GPS Signal Tracking
Usage Example: Iridium-Augmented GPS




Strong signals
Stable clocks
Navigational backup to GPS
Civilian Anti-spoofing
GPS Signals
Aiding signal from LEO high-power
spot beams over area of operations
LEO
crosslinks
User
400-km switchable beams