skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Attention:

The NSF Public Access Repository (PAR) system and access will be unavailable from 11:00 PM ET on Friday, July 11 until 2:00 AM ET on Saturday, July 12 due to maintenance. We apologize for the inconvenience.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Impacts of a Single GPS Spoofer on Multiple Receivers: Formal Analysis and Experimental Evaluation
As many mobile devices use Global Navigation Satellite Systems (GNSSs) to determine their locations for control, compromising such systems can result in serious consequences, as shown by existing GPS spoofing attacks. However, most such spoofing attacks focus on the effect of a single spoofer attacking a single receiver. In this paper, we investigate the impacts of a single spoofer on multiple receivers, motivated by research on attacking drone swarms. Our analysis independently shows that, using a single spoofer, multiple receivers at different locations in a spoofing area will see the same location reading. We consider the base case of spoofing four satellites and also the generic case when more satellites are involved in the spoofing attack. More importantly, we conduct real-world experiments to validate our analysis and demonstrate the potential threats to many practical applications. We use off-the-shelf SDR cards for spoofing and consumer GPS receivers for obtaining spoofed location readings. While this method can enable various attacks on mobile devices depending on GPS, it is also applicable to all existing GNSSs, because they use similar principles to determine locations.  more » « less
Award ID(s):
1662487
PAR ID:
10564946
Author(s) / Creator(s):
; ;
Publisher / Repository:
IEEE
Date Published:
ISBN:
979-8-3503-0457-2
Page Range / eLocation ID:
127 to 134
Format(s):
Medium: X
Location:
Las Vegas, NV, USA
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, 28th USENIX Security Symposium (USENIX Security 19))
    Modern aircraft heavily rely on several wireless technologies for communications, control, and navigation. Researchers demonstrated vulnerabilities in many aviation systems. However, the resilience of the aircraft landing systems to adversarial wireless attacks have not yet been studied in the open literature, despite their criticality and the increasing availability of low-cost software-defined radio (SDR) platforms. In this paper, we investigate the vulnerability of aircraft instrument landing systems (ILS) to wireless attacks. We show the feasibility of spoofing ILS radio signals using commercially-available SDR, causing last-minute go around decisions, and even missing the landing zone in low-visibility scenarios. We demonstrate on aviation-grade ILS receivers that it is possible to fully and in fine-grain control the course deviation indicator as displayed by the ILS receiver, in real-time. We analyze the potential of both an overshadowing attack and a lower-power single-tone attack. In order to evaluate the complete attack, we develop a tightly-controlled closed-loop ILS spoofer that adjusts the adversary's transmitted signals as a function of the aircraft GPS location, maintaining power and deviation consistent with the adversary's target position, causing an undetected off-runway landing. We systematically evaluate the performance of the attack against an FAA certified flight-simulator (X-Plane)'s AI-based autoland feature and demonstrate systematic success rate with offset touchdowns of 18 meters to over 50 meters. 
    more » « less
  2. ; ; (, 2019 IEEE Symposium on Security and Privacy (SP))
    Location information is critical to a wide variety of navigation and tracking applications. GPS, today's de-facto outdoor localization system has been shown to be vulnerable to signal spoofing attacks. Inertial Navigation Systems (INS) are emerging as a popular complementary system, especially in road transportation systems as they enable improved navigation and tracking as well as offer resilience to wireless signals spoofing and jamming attacks. In this paper, we evaluate the security guarantees of INS-aided GPS tracking and navigation for road transportation systems. We consider an adversary required to travel from a source location to a destination and monitored by an INS-aided GPS system. The goal of the adversary is to travel to alternate locations without being detected. We develop and evaluate algorithms that achieve this goal, providing the adversary significant latitude. Our algorithms build a graph model for a given road network and enable us to derive potential destinations an attacker can reach without raising alarms even with the INS-aided GPS tracking and navigation system. The algorithms render the gyroscope and accelerometer sensors useless as they generate road trajectories indistinguishable from plausible paths (both in terms of turn angles and roads curvature). We also design, build and demonstrate that the magnetometer can be actively spoofed using a combination of carefully controlled coils. To experimentally demonstrate and evaluate the feasibility of the attack in real-world, we implement a first real-time integrated GPS/INS spoofer that accounts for traffic fluidity, congestion, lights, and dynamically generates corresponding spoofing signals. Furthermore, we evaluate our attack on ten different cities using driving traces and publicly available city plans. Our evaluations show that it is possible for an attacker to reach destinations that are as far as 30 km away from the actual destination without being detected. We also show that it is possible for the adversary to reach almost 60--80% of possible points within the target region in some cities. Such results are only a lower-bound, as an adversary can adjust our parameters to spend more resources (e.g., time) on the target source/destination than we did for our performance evaluations of thousands of paths. We propose countermeasures that limit an attacker's ability, without the need for any hardware modifications. Our system can be used as the foundation for countering such attacks, both detecting and recommending paths that are difficult to spoof. 
    more » « less
  3. (, IEEE Wireless Communications Letters)
    In a time-division duplex (TDD) multiple antenna system, the channel state information (CSI) can be estimated using reverse training. A pilot spoofing attack occurs when during the training phase, an adversary (spoofer) also sends identical training (pilot) signal as that of the legitimate receiver. This contaminates channel estimation and alters the legitimate precoder design, facilitating eavesdropping. A recent approach proposed superimposing a random sequence on the training sequence at the legitimate receivers, and then using the minimum description length (MDL) criterion to detect pilot spoofing attack via source enumeration. In this letter, we extend this approach by exploiting temporal subspace properties of the pilot signals in conjunction with the MDL criterion, to determine which pilots are contaminated by a spoofer, and which ones are free of spoofing attack. The identification performance is illustrated via simulations. 
    more » « less
  4. ; ; (, IEEE)
    Although GPS spoofing of individual devices has been extensively examined, little systematic research on swarm spoofing has been conducted. In general, swarm missions may allow each device to navigate independently for different tasks, and it is much more complicated to build corresponding spoofing signals for such general cases. To address this issue, we formulate a general swarm spoofing method to explore the theoretical capabilities and limitations of common cases. We then propose a basic swarm spoofing model to show that, if we try to spoof each receiver precisely, we can only attack a small number of receivers (≤ 9) simultaneously in theory. However, in practice, we often need to deal with many receivers. Therefore, we develop a method that can spoof more receivers with acceptable errors. We present a method to construct spoofing messages and evaluate its effectiveness in practical settings with simulations. Although this work focuses on the GPS system, the proposed ideas can be applied to other GNSSs. 
    more » « less
  5. (, Lecture Notes in Networks and Systems book series (LNNS,volume 507))
    With many data breaches and spoofing attacks on our networks, it becomes imperative to provide a reliable method for verifying the integrity of the source. Blockchain location-based proof-of-origin is explored for tracking trucks and vehicles. Blockchain applications that support quick authentication with these non-mutable ledger properties: consensus and implemented as smart contracts at the edge. This Blockchain application will now be known as the POWTracker platform, gathering data from multiple cameras. POWTracker is based on an existing GPS-based blockchain ledger and runs on an edge device that uses AI consensus and multiple cameras. By using GPS algorithms, we present a novel mining algorithm that rewards POW miners, providing a trustworthy, verifiable proof-of-location system. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email