GPS Vulnerabilities

Really good op-ed in the New York Times about how vulnerable the GPS system is to interference, spoofing, and jamming—and potential alternatives.

The 2018 National Defense Authorization Act included funding for the Departments of Defense, Homeland Security and Transportation to jointly conduct demonstrations of various alternatives to GPS, which were concluded last March. Eleven potential systems were tested, including eLoran, a low-frequency, high-power timing and navigation system transmitted from terrestrial towers at Coast Guard facilities throughout the United States.

“China, Russia, Iran, South Korea and Saudi Arabia all have eLoran systems because they don’t want to be as vulnerable as we are to disruptions of signals from space,” said Dana Goward, the president of the Resilient Navigation and Timing Foundation, a nonprofit that advocates for the implementation of an eLoran backup for GPS.

Also under consideration by federal authorities are timing systems delivered via fiber optic network and satellite systems in a lower orbit than GPS, which therefore have a stronger signal, making them harder to hack. A report on the technologies was submitted to Congress last week.

GPS is a piece of our critical infrastructure that is essential to a lot of the rest of our critical infrastructure. It needs to be more secure.

Tags: , , ,

Posted on February 22, 2021 at 6:17 AM14 Comments

Comments

consolan February 22, 2021 9:51 AM

eLoran requires radio frequency transmitters &receivers and is thus vulnerable to the very same general vulnerabilities as GPS.

Clive Robinson February 22, 2021 10:13 AM

@ Bruce,

GPS is a piece of our critical infrastructure that is essential to a lot of the rest of our critical infrastructure. It needs to be more secure.

The trouble in it’s civilian mode it is not secure and making it so is not exactly an easy thing to do. Even the supposed secure military version can be spoofed in various quite low tech ways if you know what you are doing.

MaKing GPS secure is not something you can do by throwing crypto or other of the usual knee jerk security stuff we normally talk about at it. Because it is very much a tangible physical universe issue, rather thsn an intangible information universe issue where time and space are of very limited use.

As for eLoran it’s not that much more secure either to local spoofing and unlike GPS it’s not even remotely global, having a liniting range of around 1500kM. The supposed security is to wide area spoofing based on the simple fact eLoran uses megawatt power transmitters propergating a large groundwave signal, that would need around four times the power and an equally as large antenna, which is as far as most people are concerned not something there is a realistic probablity of doing.

And it’s not just my word about the spoofing, it’s a problem with all current RF based positioning systems when it comes to the likes of time and phase shifting signals. Which is why the U.S. Senate Armed Services Committee (SASC) has ordered the Pentagon to provide an alternatives within two years[1]. SASC states that the two-year deadline is “consistent with” urgent needs, and the Pentagon must within that time not just develop and test, but produce a mature system and have it integrated into amoungst other things weapons systems… Which means that VLF time based systems like eLoran, Loran-C and the precreding phase based systems like Decca Navigator are going to have issues… Not to mention having atleast four massively tall broadcast antennas pumping out megawats into the 100kHz VLF frrquency band making easy targets for RF seeking missiles which would be similar in design to those used to take out high power radar transmitters.

Which is why several advanced technologies are being proposed as being unhackable and unjammable. The so-called “Assured Position, Navigation, and Timing” (APNT) systems will augment and replace GPS and other current “Position Navigation, and Timing”(PNT) systems.

These proposed replacments include, groovy stuff such as “Quantum compasses” quantum gravity detectors and various optical imaging for global positioning and navigation[2]. Put simply either the systens will be entirely internal/local such as inertial navigation systems are, or they will have multiple independent channels to make spoofing or replay attacks effectively infeasable.

[1] See §1601 of the 2021 National Defense Authorization Act (NDAA).

[2] The Russian GPS systems have an early form of such optical systems. On their satellites they have “tri-corner reflectors” that enable a land/sea based laser platforn to acurately find the individual satelites in a reasobabky secure fashion such that checks can be made by what could be considered an “authetication side channel”.

Elderman February 22, 2021 10:14 AM

The beginning of the 2nd paragraph should read:

China, Russia, Iran, South Korea and Saudi Arabia all have eLoran systems because they don’t want to be… at the mercy of rogue USA government foreign policy decisions.

Me February 22, 2021 10:15 AM

I’m unclear on the purpose here.

Are they attempting to prevent spoofing, which, seems like it could be handled by a simple signature (which might be difficult to get the timing right on, but the tech is still simple).

Alternatively, are they attempting to prevent DOS, which really can only be prevented by more power, which means more money.

Clive Robinson February 22, 2021 10:45 AM

@ Me,

Are they attempting to prevent spoofing, which, seems like it could be handled by a simple signature

Sorry no, all the usual crypto tricks do not work.

The reason is you are dealing with a physical tangible time and space issue not an intangible information one. To make things work with a broadcast system you need an acurate time refrence, which you do not have. Remember in each nano second light moves about a foot. Unless you wander around with an atomic standard weighing upto 40kg and a powersupply equally as big and heavy, you don’t have a sufficiently accurate refrence…

So lets assume you are all nicely locked up to a broadcast navagation system, all of your refrences are based on where the base of your antenna is. After that the signals are all locked in phase as they travel down the feeder to the receiver. So with a hundred meyer drum of cable the information you see on the receiver display actually relatest to where the antenna is, not the reciever, so if I move the antenna your apparent position changes and their is no way you can tell from the signals if the receiver has moved in a fixed relationship to the antenna or if the antenna has moved independently of the reciever.

Now imagine I have a trick where I can make that transmission line not one hundred meters but one hundred and fifty kilometers?

Well I’ve explained how to do that in the past.

But remember if I make the antenna effectively move slowely then your refrence clock slaved to it will follow it…

Think on it as a form of “replay attack” that both jams the original signal at your receiver as well as playing a time dlayed version at you…

It’s why you need a second physical refrence channel.

Brian Weeden February 22, 2021 2:29 PM

While this is indeed a real issue, the article gets some aspects wrong. Outside of a Carrington-level space weather event that creates far more problems than just GPS, there’s just not a scenario for the entire constellation of 30+ GPS satellites being destroyed. There is very little orbital debris at the altitude GPS operates at and the GPS satellites are already radiation-hardened because they operate in the Van Allen radiation belts.

The real challenges are from the weak signal that the public is allowed to use and the lack of any sort of encryption/authentication on it. (The US military has access to completely separate signals that are both higher power and encrypted).

It should be noted that these weaknesses are largely the result of deliberate design choices by the US military, which wants to retain the ability to prevent adversaries from using GPS in a conflict against the US. That means they need the ability to jam/spoof the public GPS signals themselves.

Since the first GPS national policy on GPS issued by the Clinton Administration in 1996, the overall goal was to get as many people using (and reliant) on GPS as possible to deter anyone from attacking it, while ensuring the US could control global access to it. That has failed with the emergence of the European Galileo and Chinese BeiDou (in addition to the existing Russian Glonass) global networks and the regional Indian IRNSS and Japanese QZSS networks.

However, US federal law prohibits consumers from using any of these systems domestically, with the exception of Galileo that just got a recent waiver:
https://www.gps.gov/spectrum/foreign/

More info about GPS and the signals here:
https://www.gps.gov/systems/gps/space/
https://www.gps.gov/systems/gps/modernization/civilsignals/

jones February 22, 2021 5:10 PM

I think @Clive has made a point a couple times about the underlying nature of GPS that might benefit from some additional elaboration.

When one uses a GPS device, one is not “in communication with” the satellite network in the way that one is “in communication with” a cell phone tower when one places a call.

A GPS device is something like a fancy clock: it compares the time it takes to receive timing pulses from several satellites to determine a position in 3D space.

There’s a wrinkle, though: GPS needs to take into account relativistic physics. It’s not enough to triangulate — or, specifically, trilaterate — a position. One needs a fourth timing pulse to factor in the effects of relativity.

Relativity says that the passage of time is affected by the speed at which an observer is traveling and by the intensity of the gravitational field the observer experiences.

Because the GPS satellites are a) farther from the earth than us and b) traveling very fast, the GPS system needs to accommodate relativity.

Just like weather systems can affect the accuracy of GPS coordinates, so can deliberate interference.

The article notes:

“Ship captains have reported GPS errors showing them 20-120 miles inland when they were actually sailing off the coast of Russia in the Black Sea”

If the timing signals can be interfered with, an innocent party might be made to stumble into a diplomatic incident.

Research into various applications of “ionospheric heaters” like HAARP have included things like over-the-horizon RADAR, or the ability to heat a column of air and change its density to knock a missile off course.

One might imagine similar applications of “ionospheric heaters” with respect to altering the timing of a GPS signal by manipulating the density of some portion of the atmosphere; above all else, GPS signals need to be very precise, and this isn’t a matter of encryption.

This type of attack is also more nuanced than plain jamming.

Clive Robinson February 22, 2021 6:44 PM

@ Bruce, Brian Weeden, ALL,

Of course the FCC and some of it’s not so bright activities could be the worst harm to befall the satellite navigation system signals…

As some know,

1, The current GPS uses L-Band to transmit it’s signals.

2, Due to concerns about receivers the spectrum either side has been in effect “guard banded” which leaves a hole in the spectrum utilisation.

3, Mobile data services are desperate for spectrum space.

4, The FCC decided to issue licences for that L-Band spectrum space for terestrial data networking in the US.

Yes the FCC, in it’s infinite wisdom decided GPS use in the entire US was unimportant compared to a single commercial wireless data service provider (Ligado). Despite protests from many quaters including many other Federal agencies, and the DoD with it’s 1.7billion dollar budget to run/maintain the systems, and also many other comercial entities uterly dependent on those satellite signals,

https://www.gpsworld.com/coalition-supports-ndaa-provisions-to-protect-gps-against-ligado/

@ ALL,

Speaking of of a Carrington-level space weather events many would be surprised at just how susceptible the satellite navigation systems are to Space Weather ordinarily. Well… Some time between now 0100 UTC and for the next several days we are expecting to get a nice whammy in terms of a strike by a Solar Storm. The sooner it arives the more energetic it will be thus the greater effect it will have on the ionosphere through which those GPS signals have to travel and it’s reasonably certain there are going to be disturbances, as well as some nice auroras to make fairy curtains in the sky at lower latitudes than normal so many more people may get to see them.

xcv February 22, 2021 8:19 PM

@jones

Research into various applications of “ionospheric heaters” like HAARP have included things like over-the-horizon RADAR, or the ability to heat a column of air and change its density to knock a missile off course.

They tried to kill me. That can cause a direct lightning strike on command. Two strikes, downtown Kansas City, MO.

The strikes are triangulated off two television broadcasting towers both on 31rd Street.

The Fox 4 News tower on W 31st & SW Trafficway and the KCTV Public Television 19 tower on E 31st and Grand Ave.

Giant capacitative ground strikes occur in other parts of town in a thunderstorm because these towers and the surrounding areas are especially well insulated underground against lightning and the broadcasting signals cause a severe induction effect in coordination with ionospheric heating signals from HAARP …

JonKnowsNothing February 23, 2021 11:43 AM

@Clive @All

re:Legal questions on reliability of position locations

An MSM article about an appeal of conviction of 5 fisherman accused of being involved in a drugs-at-sea exchange.

7 years after they were convicted it turned out the location information used in the trial did not come from the UK Border Agency boat involved but “another source”. Additionally a surveillance plane had been dispatched to that area and their systems did not log the fishermen in the area.

The previously un-reviewed/un-analyzed location data from the UK Border Agency boat showed that other boats were in the vicinity of the drug-raft.

It seems that “location, location, location” may still be a useful legal mantra and “no location found” or Empty Set is just as useful too.

A good deal of the Jan 6, 2021 arrests will rely on location and location tracking. The defendants or their lawyers would be wise to brush up on the Maths.

ht tps://www.theguardian.com/law/2021/feb/23/fishermens-freshwater-five-drug-smuggling-conviction-was-unsafe-court-hears

ht tps://en.wikipedia.org/wiki/Empty_set
ht tps://en.wikipedia.org/wiki/Null_set
(url fractured to prevent autorun)

Clive Robinson February 23, 2021 3:05 PM

@ JonKnowsNothing,

It seems that “location, location, location” may still be a useful legal mantra and “no location found” or Empty Set is just as useful too.

As well as renembering that a “device” is not a person, and may not be associated with any particular person.

In London some of the smarter kids have learnt that it works the other way that is your device can give you an alibi…

If you are off to do something nefarious you leave your phone around at a mates house, preferably one of the opposite sex. They opperate your phone as though they are you and respond to texts only. You get another mate or collection of mates to send text messages to your phone.

So when they get pulled “Wasn’t me mate, I was around at Chantells as her parents were out” All Chantell has to do is confirm it… And you get off the suspect list, unless you’ve done something else that gets you put back on again (some are dumb enough to later take selfies with the loot etc…).

Z.Lozinski February 23, 2021 4:48 PM

@Clive,

Unless you wander around with an atomic standard weighing upto 40kg and a powersupply equally as big and heavy, you don’t have a sufficiently accurate refrence…

Not any longer. There has been a lot of research in the last few years into CSACs (Chip Scale Atomic Clocks). The idea is to create a chip that incorporates an high precision clock, giving accuracy equivalent to the time standards implemented by atomic clocks in national laboratories.

Various groups worldwide have been working on improving and miniaturising precision clock technologies. The NPL has been working on compact atomic clocks (where compact is 20-75 cm). There are also groups working on chip scale atomic clocks (CSACs). From some of the recent presentations I have seen the chip scale clocks are developing at a rate, they will be ready for integration into e.g. a mobile base station in a couple of years. Think a few Watts.

This is a huge improvement as anyone building cloud infrastructure has been worrying about good sources of time. Putting GNSS antennas on data centre roofs is fine, until you get the reported GNSS-jamming events that have been reported in the last 5 or so years.

Clive Robinson February 23, 2021 8:16 PM

@ Z.Lozinski,

There has been a lot of research in the last few years into CSACs (Chip Scale Atomic Clocks).

I’ve been aware of them for some time, however about 18months ago was the last time I had a look around and I got the impression that none of them were close to being ready for “prime time”.

But even if all the data centers had them there would still be synchronizing issues.

At the moment the useful assumption is that we have an atomic standard at the center of the earth rather than at some location on the Earth’s surface[1] as this simplifies a lot of calculations.

That’s fine for terestrial time keeping but things get realy weird when you start lookin at satellites doing orbits around two celestial objects such as the earth and moon.

[1] Whilst it’s not immediatly obvious if we assume the Earth is a perfect sphere all clocks would be equidistant from the Earths center thus would all have a second start at the same point in time, thus any adjustment is made simoly on “known height” which is generaly fairly simple to work out. If however we picked say the north pole as the time refrence point then the clocks would need a complex three dimensional location based algorithm to ensure they were all in sync and the clocks would have to likewise use a complex formular based not just on position movment but at what velocity… And that’s before we start thinking about relativistic corections. Which all gets even worse when you deal with time on satellites like the Moon or around another planet.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.