Comments

ChasAugust 9, 2016 6:35 PM

So if I had an $80MM super yacht I'd have US Navstar, Russian GLONASS, European GALILEO, and Chinese BeiDou-2tf running in a voting scheme (plus alarms when systems go off or online). Additionally I'd have Maritime Inertial Navigation Systems (from three different manufacturers) in a triple redundancy scheme to ensure positional accuracy.

rAugust 9, 2016 8:14 PM

@tz,

Nice. But I'm not a big fan of things that attract the Secret Service so no thank you, I'll stick to r/e work. :)

EvanAugust 10, 2016 1:37 AM

@Chas:
A halfway decent real-time GNSS receiver should drop outliers already, whether it's using one satellite constellation or several, and even cheap units can tell you how much or how little confidence (consistency) there is in your estimated position. In other words, the voting process is built in - that's why the attack in the article didn't just spoof a single GPS satellite, but all the visible ones. It wouldn't be too much more work to add GLONASS, Beidou, and Galileo to the attack platform, comparable to adding them to the receiver setup. By contrast a two-antenna direction of arrival setup means a spoofer literally has to have a separate orbital or at least airborne unit for each individual satellite to be spoofed, making attacks prohibitively expensive.

The good news is that unless the adversary has a good sense of your position already, a single-antenna spoofing attack can't be much more than the equivalent of jamming or denial of service, since the GPS will get a bunch of signals that don't make any sense otherwise, and recognize that fact. Bad if that's your only way of knowing where you're going, but not "drawn into a trap" bad.

Clive RobinsonAugust 10, 2016 7:21 AM

There is little in this article that has not been discussed before on this blog, oh and one or two mistakes in it.

Quite a long time ago I demonstrated the weakness of a GPS receiver with not much more than a drum of coax (later using an X-band link). I also described how to spot the spoofing with two or more antennas back then provided you could get them sufficiently far appart. If Masking a bEACON (MEACON) is in progress by single point jamming then both antennas would report impossibly they are in the same location... You could spot this by having two identical GPS receivers and taking the NMEA outputs into a simple microcontroler, which even back then was a very lowcost solution. A slightly more expensive method is to use four antennas and turn them --via electronic PIN diode attenuators-- into a synthesised rotating antenna. You then use the superimposed phase difference on each satellite signal as a direction indication. Two things show up, the first is all satellites appear with the same phase offset indicating impossibly they are all in the same place, secondly if the attacker is using multiple transmitters you can from the location information transmitted by the satellites caculate their supposed direction (for days or months ahead, such is orbital mechanics). Further more advanced GNSS devices have both a "tracker" and "dead reckoner" to allow for temporary Loss Of Signal etc. The tracker calculates the forward in time position of the satellites the dead reckoner the current "assumed" position of the receiver antenna. Any errors would show up in a remarkably short time. Back then I did consider an interferometer solution but the cost and equipment size was well over the top of an acceptable solution.

There is of course a three hundred year old solution that in a modern form can stop spoofing happening. And I'm supprised the article did not mention it. It is something that NASA knows it is going to have to use if they want to go much above the geo stationary satellite orbit forva trip to the moon or mars. It's normally called "astro navigation" and needs a sextant, position tables for celestial objects, pencil and paper and an accurate clock (especially if you are using only one celestial object and estimated position). The modern form using electronic cameras and a modicum of computing power is used to very accurately position satellites and is planned to be used for satellites that will orbit the moon. Whilst the stars are not always visable on earth the position of the sun can be determind through clouds using polarising filters, aslong as the estimated position is reasonably accurate --think very early inertial navigation systems as sufficient-- then a vessel at sea could know it's position with almost the same accuracy as the early GPS with SA on.

As for crypto protection whilst it is possible to come up with a system using PubKey signing etc it does not get around the issue that what ever you do becomes an undesirable point of failure. It also would go against the military stratagem that gave us the SA code to degrade the system for civilian / opposition usage originaly.

But the big take away is GPS is a technology that like the telephone on all it's forms has moved well and truly out of the military domain into the civilian domain, but it is a "convenience" rather more than it is a necessity, and we should not let it become a crutche on which we become overly dependent.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.