An official website of the United States government
Low-cost and easily obtained Global Navigation Satellite System (e.g., GPS) receivers are broadly embedded into various devices for providing location information. In this work, we develop a secret key establishment by utilizing the driving data obtained from GPS. Those data may exhibit randomness as the driver may alternatively step on the accelerator and brake pedals from time to time with varying force in order to adapt to the road traffic during driving. A driving vehicle provides a physically secure boundary as the devices co-located within the vehicle can observe common GPS data, as opposed to devices that do not experience the trip. We implement this key establishment in a real-world environment on top of off-the-shelf GPS-equipped devices as well as widely deployed GPS modules each connected with Raspberry Pi. Extensive experimental results show that when a user drives around 1.36 km for 1.32 minutes on average under moderate traffic conditions, two legitimate GPS-equipped devices in the vehicle can successfully establish a 128-bit secret key. Meanwhile, an attacker following the target vehicle is unable to establish a secret key with the legitimate devices.
more »
« less
GPSKey: GPS-based Secret Key Establishment for Intra-Vehicle Environment
With the advent of the in-vehicle infotainment (IVI) systems (e.g., Android Automotive) and other portable devices (e.g., smartphones) that may be brought into a vehicle, it becomes crucial to establish a secure channel between the vehicle and an in-vehicle device or between two in-vehicle devices. Traditional pairing schemes are tedious, as they require user interaction (e.g., manually typing in a passcode or bringing the two devices close to each other). Modern vehicles, together with smartphones and many emerging Internet-of-things (IoT) devices (e.g., dashcam) are often equipped with built-in Global Positioning System (GPS) receivers. In this paper, we propose a GPS-based Key estab- lishment technique, called GPSKey, by leveraging the inherent randomness of vehicle movement. Specifically, vehicle movement changes with road ground conditions, traffic situations, and pedal operations. It thus may have rich randomness. Meanwhile, two in- vehicle GPS receivers can observe the same vehicle movement and exploit it for key establishment without requiring user interaction. We implement a prototype of GPSKey on top of off-the-shelf devices. Experimental results show that legitimate devices in the same vehicle require 1.18-minute of driving on average to establish a 128-bit key. Meanwhile, the attacker who follows or leads the victim’s vehicle is unable to infer the key.
more »
« less
- Award ID(s):
- 1948547
- PAR ID:
- 10324610
- Date Published:
- Journal Name:
- Workshop on Automotive and Autonomous Vehicle Security (AutoSec) 2022
- Page Range / eLocation ID:
- 1-8
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Autonomous vehicles (AVs) use diverse sensors to understand their surroundings as they continually make safety-critical decisions. However, establishing trust with other AVs is a key prerequisite because safety-critical decisions cannot be made based on data shared from untrusted sources. Existing protocols require an infrastructure network connection and a third-party root of trust to establish a secure channel, which are not always available.In this paper, we propose a sensor-fusion approach for mobile trust establishment, which combines GPS and visual data. The combined data forms evidence that one vehicle is nearby another, which is a strong indication that it is not a remote adversary hence trustworthy. Our preliminary experiments show that our sensor-fusion approach achieves above 80% successful pairing of two legitimate vehicles observing the same object with 5 meters of error. Based on these preliminary results, we anticipate that a refined approach can support fuzzy trust establishment, enabling better collaboration between nearby AVs.more » « less
-
As many mobile devices use Global Navigation Satellite Systems (GNSSs) to determine their locations for control, compromising such systems can result in serious consequences, as shown by existing GPS spoofing attacks. However, most such spoofing attacks focus on the effect of a single spoofer attacking a single receiver. In this paper, we investigate the impacts of a single spoofer on multiple receivers, motivated by research on attacking drone swarms. Our analysis independently shows that, using a single spoofer, multiple receivers at different locations in a spoofing area will see the same location reading. We consider the base case of spoofing four satellites and also the generic case when more satellites are involved in the spoofing attack. More importantly, we conduct real-world experiments to validate our analysis and demonstrate the potential threats to many practical applications. We use off-the-shelf SDR cards for spoofing and consumer GPS receivers for obtaining spoofed location readings. While this method can enable various attacks on mobile devices depending on GPS, it is also applicable to all existing GNSSs, because they use similar principles to determine locations.more » « less
-
Although GPS spoofing of individual devices has been extensively examined, little systematic research on swarm spoofing has been conducted. In general, swarm missions may allow each device to navigate independently for different tasks, and it is much more complicated to build corresponding spoofing signals for such general cases. To address this issue, we formulate a general swarm spoofing method to explore the theoretical capabilities and limitations of common cases. We then propose a basic swarm spoofing model to show that, if we try to spoof each receiver precisely, we can only attack a small number of receivers (≤ 9) simultaneously in theory. However, in practice, we often need to deal with many receivers. Therefore, we develop a method that can spoof more receivers with acceptable errors. We present a method to construct spoofing messages and evaluate its effectiveness in practical settings with simulations. Although this work focuses on the GPS system, the proposed ideas can be applied to other GNSSs.more » « less
-
We describe a multi-speaker, smartphone-based environment for developing interactive, distributed music and art applications, installations, and experiences. This system facilitates audience engagement through participation via personal smartphones, potentially connecting with traditional computing devices via the Internet without additional software or special configurations. The proposed approach has been inspired and motivated in part by the COVID-19 pandemic and builds on earlier works and technology. It demonstrates a design approach that is more efficient and provides a new avenue for music composers and artists to design highly distributed, participatory, immersive music and art experiences, utilizing various input sensors and actuators available in today’s smartphones. These include individual smartphone accelerometers, video cameras, and – of course – speakers. The use of smartphones also provides for relatively precise geolocation through GPS or simple social engineering approaches, such as using dedicated QR codes for different locations (e.g., seats in an auditorium). This allows for composing experiences to be rendered in the same room / auditorium, highly distributed across the Internet, or a combination of both. The paper presents the technological background and describes three case studies of such experiences, in an attempt to demonstrate the approach and inspire new avenues for artistic creativity and expression towards highly immersive, participatory installations / performances of music and art works for the 21st century.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.14722/autosec.2022.23023
