| 1. |
- Spanghero, Marco, et al.
(författare)
-
Authenticated time for detecting GNSS attacks
- 2020
-
Ingår i: Proceedings of the 33rd International Technical Meeting of the Satellite Division of the Institute of Navigation, ION GNSS+ 2020. - : Institute of Navigation. ; , s. 3826-3834
-
Konferensbidrag (refereegranskat)abstract
- Information cross-validation can be a powerful tool to detect manipulated, dubious GNSS data. A promising approach is to leverage time obtained over networks a mobile device can connect to, and detect discrepancies between the GNSS-provided time and the network time. The challenge lies in having reliably both accurate and trustworthy network time as the basis for the GNSS attack detection. Here, we provide a concrete proposal that leverages, together with the network time servers, the nearly ubiquitous IEEE 802.11 (Wi-Fi) infrastructure. Our framework supports application-layer, secure and robust real time broadcasting by Wi-Fi Access Points (APs), based on hash chains and infrequent digital signatures verification to minimize computational and communication overhead, allowing mobile nodes to efficiently obtain authenticated and rich time information as they roam. We pair this method with Network Time Security (NTS), for enhanced resilience through multiple sources, available, ideally, simultaneously. We analyze the performance of our scheme in a dedicated setup, gauging the overhead for authenticated time data (Wi-Fi timestamped beacons and NTS). The results show that it is possible to provide security for the external to GNSS time sources, with minimal overhead for authentication and integrity, even when the GNSS-equipped nodes are mobile, and thus have short interactions with the WiFi infrastructure and possibly intermittent Internet connectivity, as well as limited resources.
|
|
| 2. |
- Zhang, Kewei, et al.
(författare)
-
Analysis of the effect of the distance-decreasing attacks on GNSS authenticated signals
- 2018
-
Ingår i: WiSec 2018 - Proceedings of the 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks. - New York, NY, USA : Association for Computing Machinery, Inc. - 9781450357319 ; , s. 285-286
-
Konferensbidrag (refereegranskat)abstract
- Global Navigation Satellite Systems (GNSS) are vulnerable to jamming, spoong and replaying aacks because of their characteristics. Concerns regarding these aacks are being heightened because unmanned and autonomous vehicles become popular recently. Cryptographic methods have been proposed and are to be implemented in the Galileo and the GPS systems to counter spoong aacks. However, replaying aacks could still potentially harm GNSS receivers by bypassing the cryptographic methods. Distance-decreasing aacks is a strong type of replay aacks: it essentially resolves, from the aacker's point of view, the issue of introducing processing delay by implementing two phases: early detection and late commit. is poster analyzes the feasibility of distance-decreasing aacks against the GNSS navigation message authenticated signals and proposes countermeasures.
|
|
| 3. |
|
|
| 4. |
- Zhang, Kewei, et al.
(författare)
-
Fast Multiple Fault Detection and Exclusion (FM-FDE) Algorithm for Standalone GNSS Receivers
- 2021
-
Ingår i: IEEE Open Journal of the Communications Society. - : IEEE Communications Society. - 2644-125X. ; 2, s. 217-234
-
Tidskriftsartikel (refereegranskat)abstract
- Numerous applications and devices use Global Navigation Satellite System (GNSS)-provided position, velocity and time (PVT)information. However, unintentional interference and intentional attacks render GNSS-provided information unreliable. ReceiverAutonomous Integrity Monitoring (RAIM) is considered an effective and lightweight protection method when a subset of the availablesatellite measurements is affected. However, the conventional RAIM Fault Detection and Exclusion (FDE), exhaustive iterative searchto exclude faulty signals, can be expensive when there are many potential faults, especially so for multi-constellation GNSS receiversoperating in the presence of several faulty signals. Therefore, we propose a fast multiple fault detection and exclusion (FM-FDE)algorithm, to detect and exclude multiple faults for both single and multi-constellation receivers. The novelty is FM-FDE caneffectively exclude faults withouta lengthy iterative search on candidate fault signals. FM-FDE calculates position distances of anysubset pairs with (3+P) measurements, where P is the number of constellations. Then, the algorithm utilizes statistical testing toexamine the distances, identifies faulty measurements and further excludes them from the computation of the final PVT solution. Weevaluate FM-FDE with synthesized faulty measurements added to a collected data set; the results show that FM-FDE is faster thanconventional Solution Separation (SS) FDE when the number of faults is larger than 3 in a single constellation receiver. Moreover,FM-FDE is much faster when the number of faults is larger than 2 in a GPS-Galileo receiver, when both constellation contains faultymeasurements. The trade-off is that FM-FDE slightly degrades performance in terms of misdetection and false alarm probabilities,compared to the conventional SS FDE.
|
|
| 5. |
- Zhang, Kewei, et al.
(författare)
-
GNSS receiver tracking performance analysis under distance-decreasing attacks
- 2015
-
Ingår i: Proceedings of 2015 International Conference on Localization and GNSS. - : IEEE.
-
Konferensbidrag (refereegranskat)abstract
- Numerous works have investigated the vulnerability of Global Navigation Satellite Systems (GNSS) against attacks. Upcoming systems make provisions for cryptographic civilian signal protection. However, this alone does not fully protect GNSS-based localization. In this paper, we show that attacks at the physical layer, without modification of navigation messages, can be severely effective. We analyze the influence of the, so called distance decreasing attacks, and we investigate their feasibility and we find that they can be practical and effective. Finally, we consider signal quality monitoring, but it can not readily serve as a countermeasure.
|
|
| 6. |
- Zhang, Kewei, et al.
(författare)
-
On the effects of distance-decreasing attacks on cryptographically protected GNSS signals
- 2019
-
Ingår i: ION 2019 International Technical Meeting Proceedings. - : Institute of Navigation. - 0936406216 - 9780936406213 ; , s. 363-372, s. 363-372
-
Konferensbidrag (refereegranskat)abstract
- The security of global navigation satellite systems draws attention increasingly, and authentication mechanisms for civilian services seem very effective in thwarting malicious behavior. For example, the Galileo E1 Open Service introduces navigation message authentication. Authentication, as well as encryption at navigation message or spreading code level, can prevent spoofing attacks, but do not preclude replay attacks. In this work, we consider a type of strong replay attacks, distance-decreasing attacks, against cryptographically protected GNSS signals. Distance-decreasing attack enhance an attacker's capability of allowing it to mislead the victim receiver that the GNSS signals arrive earlier than true signals. We analyze the instantiation and the effects of the distance-decreasing attacks on unprotected GNSS signals, on navigation message authenticated signals, and on spreading-code encrypted signals. We discuss different strategies that the attacker can adopt to introduce the least bit errors to the re-transmitted signals and avoid being detected at the victim receiver. We provide evaluation results of distance-decreasing attacks on unprotected signals and authenticated navigation message signals, based on different strategies and configurations, and we sketch countermeasures to the different strategies.
|
|
| 7. |
- Zhang, Kewei, et al.
(författare)
-
Protecting GNSS-based Services using Time Offset Validation
- 2020
-
Ingår i: 2020 IEEE/ION Position, Location and Navigation Symposium, PLANS 2020. ; , s. 575-583
-
Konferensbidrag (refereegranskat)abstract
- Global navigation satellite systems (GNSS) provide pervasive accurate positioning and timing services for a large gamut of applications, from Time based One-Time Passwords (TOPT), to power grid and cellular systems. However, there can be security concerns for the applications due to the vulnerability of GNSS. It is important to observe that GNSS receivers are components of platforms, in principle having rich connectivity to different network infrastructures. Of particular interest is the access to a variety of timing sources, as those can be used to validate GNSS-provided location and time. Therefore, we consider off-the-shelf platforms and how to detect if the GNSS receiver is attacked or not, by cross-checking the GNSS time and time from other available sources. First, we survey different technologies to analyze their availability, accuracy and trustworthiness for time synchronization. Then, we propose a validation approach for absolute and relative time. Moreover, we design a framework and experimental setup for the evaluation of the results. Attacks can be detected based on WiFi supplied time when the adversary shifts the GNSS provided time, more than 23.942 μs; with Network Time Protocol (NTP) supplied time when the adversary-induced shift is more than 2.046 ms. Consequently, the proposal significantly limits the capability of an adversary to manipulate the victim GNSS receiver.
|
|
| 8. |
- Zhang, Kewei, et al.
(författare)
-
Protecting GNSS Open Service-Navigation Message Authentication against Distance-Decreasing Attacks
-
Annan publikation (övrigt vetenskapligt/konstnärligt)abstract
- As the security of global navigation satellite systems(GNSS) for civilian usage is becoming increasingly important,navigation message authentication is to significantly improveresilience to spoofing attacks. However, not all attacks can beeffectively countered: a strong variant of replay/relay attacks,distance-decreasing (DD) attacks, can shorten pseudorange mea-surements, without manipulating the cryptographically protectednavigation message, thus manipulating the positiion, velocity, andtime solution undetected. First, we discuss how DD attacks cantamper with GNSS signals, demonstrating the attack effectivenesson a recorded Galileo signal. DD attacks might introduce biterrors to the forged signals, but the adversary can keep this errorrate very low with proper attack parameter settings. Then, basedon our mathematical model of the prompt correlator outputof the tracking phase at the victim receiver, we find that thecorrelator output distribution changes in presence of DD attacks.This leads us to apply hypothesis testing to detect the DD attacks,notably a Goodness of Fit (GoF) test and a generalized likelihoodratio test (GLRT), depending on the victim’s knowledge on theDD attacks. Monte Carlo simulations are used to evaluate thedetection probability and the receiver operating characteristic(ROC) curves for two tests, for different adversary configurationand noise settings. Then, we evaluate the effectiveness of the twotests with a synthesized DD signal. The results show that bothtests can detect DD attacks with similar performance in highsignal-to-noise ratio (SNR) environments. The GLRT detectionprobability is approximately20%higher than that of the GoFtest in low SNR environments
|
|
| 9. |
- Zhang, Kewei, et al.
(författare)
-
Protecting GNSS Open Service-Navigation Message Authentication against Distance-Decreasing Attacks
-
Annan publikation (övrigt vetenskapligt/konstnärligt)abstract
- As the security of global navigation satellite systems (GNSS) for civilian usage is increasingly important, navigation message authentication (NMA) significantly improves resilience to spoofing attacks. However, not all attacks can be effectively countered: a strong variant of replay/relay attacks, distance-decreasing (DD) attacks, can shorten pseudorange measurements, without manipulating the cryptographically protected navigation message, thus manipulating the position, velocity, and time solution undetected. First, we discuss how DD attacks can tamper with GNSS signals, demonstrating the attack effectiveness on a recorded Galileo signal. DD attacks might introduce bit errors to the forged signals, but the adversary can keep this error rate very low with proper attack parameter settings. Then, based on our mathematical model of the prompt correlator output of the tracking phase at the victim receiver, we find that the correlator output distribution changes in the presence of DD attacks. This leads us to apply hypothesis testing to detect DD attacks, notably a Goodness of Fit (GoF) test and a generalized likelihood ratio test (GLRT), depending on the victim’s knowledge on the DD attacks. Monte Carlo simulations are used to evaluate the detection probability and the receiver operating characteristic (ROC) curves for two tests, for different adversary configuration and noise settings. Then, we evaluate the effectiveness of the GoF and GLRT tests with a synthesized DD signal. Both tests can detect DD attacks with similar performance in high signal-to-noise ratio (SNR) environments. The GLRT detection probability is approximately 20% higher than that of the GoF test in low SNR environments.
|
|
| 10. |
- Zhang, Kewei, et al.
(författare)
-
Protecting GNSS Open Service Navigation Message Authentication Against Distance-Decreasing Attacks
- 2022
-
Ingår i: IEEE Transactions on Aerospace and Electronic Systems. - : Institute of Electrical and Electronics Engineers (IEEE). - 0018-9251 .- 1557-9603. ; 58:2, s. 1224-1240
-
Tidskriftsartikel (refereegranskat)abstract
- As the security of global navigation satellite systems (GNSSs) for civilian usage is increasingly important, navigation message authentication (NMA) significantly improves resilience to spoofing attacks. However, not all attacks can be effectively countered: a strong variant of replay/relay attacks, distance-decreasing (DD) attacks, can shorten pseudorange measurements, without manipulating the cryptographically protected navigation message, thus manipulating the position, velocity, and time solution undetected. First, we discuss how DD attacks can tamper with GNSS signals, demonstrating the attack effectiveness on a recorded Galileo signal. DD attacks might introduce bit errors to the forged signals, but the adversary can keep this error rate very low with proper attack parameter settings. Then, based on our mathematical model of the prompt correlator output of the tracking phase at the victim receiver, we find that the correlator output distribution changes in the presence of DD attacks. This leads us to apply hypothesis testing to detect DD attacks, notably a goodness-of-fit (GoF) test and a generalized likelihood ratio test (GLRT), depending on the victim's knowledge on the DD attacks. Monte Carlo simulations are used to evaluate the detection probability and the receiver operating characteristic curves for two tests, for different adversary configuration and noise settings. Then, we evaluate the effectiveness of the GoF test and the GLRT with a synthesized DD signal. Both tests can detect DD attacks with similar performance in high-signal-to-noise-ratio (SNR) environments. The GLRT detection probability is approximately 20% higher than that of the GoF test in low-SNR environments.
|
|
