Hijacking Satellite Navigation Sending false signals to GPS receivers could disrupt critical infrastructure.
- From: Jack Linthicum <jacklinthicum@xxxxxxxxxxxxx>
- Date: Thu, 2 Oct 2008 03:23:10 -0700 (PDT)
Thursday, October 02, 2008
Hijacking Satellite Navigation
Sending false signals to GPS receivers could disrupt critical
infrastructure.
By Erica Naone
The Global Positioning System (GPS) lies at the heart of an increasing
number of technologies, from vehicle navigation systems to the power
grid. And yet, although the military version of GPS includes security
features such as encryption, civilian signals are transmitted in the
clear. Now, researchers at Cornell University and Virginia Tech have
demonstrated a relatively simple way to fool ordinary GPS receivers
into accepting bogus signals using a briefcase-size transmitter.
Paul Kintner, a professor of electrical and computer engineering at
Cornell, who worked on the project, warns that society is becoming
dependent on GPS for an ever-broadening list of applications,
including management of the power grid and tracking criminals under
house arrest. "I'm just amazed at the way people are using these GPS
systems," Kintner says. "Ten years from now, there will be more ways
that we just don't know about--it migrates into our technological
fabric, and we become dependent on it."
Kintner and his group, which recently presented details of the
spoofing attack at the Institute of Navigation's Global Navigation
Satellite Systems (GNSS) meeting in Savannah, GA, did not start out
looking for a way to subvert GPS. They were working on a software-
based GPS receiver to help them understand the effects of solar flares
on GPS satellites. But as their design progressed, Todd Humphreys, one
of the researchers in the group, realized that the same system could
be used to spoof ordinary GPS signals.
Here's how GPS works: roughly 30 satellites orbit the earth,
broadcasting signals that can be picked up by a receiver virtually
anywhere on the planet. By collecting signals from several satellites
and measuring the time delay between each signal, GPS receivers can
calculate their exact position and receive very precise time signals.
The software GPS device built at Cornell can receive and transmit any
GPS signal. To attack a target receiver, the device need only be
placed nearby. It would start out simply retransmitting ordinary
satellite signals without any modifications. After a few seconds, the
target receiver should focus on the signal coming from the device,
because it's the clearest source. At that point, the device could
begin modifying transmissions, altering the signals little by little
until the target receiver shows any time and position the attacker
chooses. Kintner says that an attacker could use fake GPS signals to
disrupt the power grid, potentially causing power spikes and even
damaging generators. The same trick could let criminals under house
arrest move around freely, he adds.
Richard Langley, a professor in the Department of Geodesy and
Geomatics at the University of New Brunswick, in Canada, who has
worked extensively with GPS, says that this potential weak spot in the
technology has, in fact, been known for years, although little has
been done to date to protect the civilian system against it. "You
would think that more would have been developed by now," he says, "but
maybe it takes the demonstration that these guys have carried out to
show how easily a GPS receiver can be spoofed."
Langley notes that solutions are some distance away. Although a
European navigation system, called Galileo, will have the ability to
send encrypted signals for civilian use, it isn't scheduled to be
fully operational until 2013. It would be possible to add encryption
to the existing system, but Langley says that the likely cost and
disruption make this an unlikely solution. The best bet in the near
term, he says, is to add security features to normal GPS receivers.
One option would be to add more antennas to receivers. The attack
relies on the fact that most consumer GPS receivers use just a single
antenna to receive signals from multiple satellites. By adding
multiple antennas, a normal receiver could recognize that the spoofed
signals in fact come from only one source. But Langley notes that
there would be a cost trade-off. "Manufacturers have to get a return
on any investment they make in antispoofing technology," he says.
Kintner says that manufacturers have time to respond before attacks
become realistic, but he warns that countermeasures have to be
introduced. "We live in a time where we're really dependent on
technology," he says. "We need to understand how that makes us
vulnerable."
If the technology needed to make a GPS spoofing device is
miniaturized, then handheld devices could be produced for about $1,000
each, Kintner warns. "My greatest fear is that someone will reduce it
to the size of a cigarette pack, and the world will be flooded with
these small devices at a fairly cheap price," he says. "That would
make GPS useless in a whole variety of circumstances."
.
- Prev by Date: Re: Now I wonder what these would bring in Iraq and Afghanistan?
- Next by Date: USS Intrepid Prepares to Return to Manhattan Pier
- Previous by thread: USS Theodore Roosevelt visit to Cape Town
- Next by thread: USS Intrepid Prepares to Return to Manhattan Pier
- Index(es):
Relevant Pages
|
