SlideShare a Scribd company logo

Countermeasures to GPS Spoofing

Roger Johnston
Roger Johnston

An old paper discussing GPS spoofing (not jamming) and possible countermeasures.

Engineering
1 of 7
Download to read offline
LAUR-03-6163 Appeared in Homeland Security Journal, December 12, 2003, http://www.homelandsecurity.org/bulletin/Dual%20Benefit/warner_gps_spoofing.html. GPS Spoofing Countermeasures Jon S. Warner, Ph.D. and Roger G. Johnston, Ph.D., CPP Vulnerability Assessment Team Los Alamos National Laboratory Los Alamos, New Mexico, 87545 Abstract: Civilian Global Positioning System (GPS) receivers are vulnerable to a number of different attacks such as blocking, jamming, and spoofing. The goal of such attacks is either to prevent a position lock (blocking and jamming), or to feed the receiver false information so that it computes an erroneous time or location (spoofing). GPS receivers are generally aware of when blocking or jamming is occurring because they have a loss of signal. Spoofing, however, is a surreptitious attack. Currently, no countermeasures are in use for detecting spoofing attacks. We believe, however, that it is possible to implement simple, low-cost countermeasures that can be retrofitted onto existing GPS receivers. This would, at the very least, greatly complicate spoofing attacks. Introduction: The civilian Global Positioning System (GPS) is widely used by both government and private industry for many important applications. Some of these applications include public safety services such as police, fire, rescue and ambulance. The cargo industry, buses, taxis, railcars, delivery vehicles, agricultural harvesters, private automobiles, spacecraft, marine and airborne traffic also use GPS systems for navigation. In fact, the Federal Aviation Administration (FAA) is in the process of drafting an instruction requiring that all radio navigation systems aboard aircraft use GPS [1]. Additional uses include hiking and surveying, as well as being used in robotics, cell phones, animal tracking and even GPS wristwatches. Utility companies and telecommunication companies use GPS timing signals to regulate the base frequency of their distribution grids. GPS timing signals are also used by the financial industry, the broadcast industry, mobile telecommunication providers, the international financial industry, banking (for money transfers and time locks), and other distributed computer network applications [2,3]. In short, anyone who wants to know their exact location, velocity, or time might find GPS useful. Unfortunately, the civilian GPS signals are not secure [1]. Only the military GPS signals are encrypted (authenticated), but these are generally unavailable to
civilians, foreign governments, and most of the U.S. government, including most of the Department of Defense (DoD). Plans are underway to upgrade the existing GPS system, but they apparently do not include adding encryption or authentication to the civilian GPS signal [4,5]. The GPS signal strength measured at the surface of the Earth is about –160dBw (1x10-16 Watts), which is roughly equivalent to viewing a 25-Watt light bulb from a distance of 10,000 miles. This weak signal can be easily blocked by destroying or shielding the GPS receiver’s antenna. The GPS signal can also be effectively jammed by a signal of a similar frequency, but greater strength. Blocking and jamming, however, are not the greatest security risk, because the GPS receiver will be fully aware it is not receiving the GPS signals needed to determine position and time. A more pernicious attack involves feeding the GPS receiver fake GPS signals so that it believes it is located somewhere in space and time that it is not. This “spoofing” attack is more elegant than jamming because it is surreptitious. The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory (LANL) has recently demonstrated the ease with which civilian GPS spoofing attacks can be implemented [6]. This spoofing is most easily accomplished by using a GPS satellite simulator. Such GPS satellite simulators are uncontrolled, and widely available. To conduct the spoofing attack, an adversary broadcasts a fake GPS signal with a higher signal strength than the true GPS signal. The GPS receiver believes that the fake signal is actually the true GPS signal from space, and ignores the true GPS signal. The receiver then proceeds to calculate erroneous position or time information based on this false signal. How Does GPS work? The GPS is operated by DoD. It consists of a constellation of 27 satellites (24 active and 3 standby) in 6 separate orbits and reached full official operational capability status on July 17, 1995 [7]. GPS users have the ability to obtain a 3-D position, velocity and time fix in all types of weather, 24-hours a day. GPS users can locate their position to within ± 18 ft on average or ± 60-90 ft for a worst case 3-D fix [8]. Each GPS satellite broadcasts two signals, a civilian unencrypted signal and a military encrypted signal. The civilian GPS signal was never intended for critical or security applications, though that is, unfortunately, how it is now often used. The DoD reserves the military encrypted GPS signal for sensitive applications such as smart weapons. This paper will be focusing on the civilian (unencrypted) GPS signal. Any discussion of civilian GPS vulnerabilities are fully unclassified [9]. The carrier wave for the civilian signal is the same frequency (1575.2 MHz) for all of the GPS satellites. The C/A code provides the GPS receiver on the Earth’s surface with a unique identification number (a.k.a. PRN or Pseudo Random Noise code). In this manner, each satellite transmits a unique identification number that allows the GPS receiver to know which satellites it is receiving signals from. The
Nav/System data provides the GPS receiver with information about the position of all the satellites in the constellation as well as precise timing data from the atomic clocks aboard the satellites. L1 Carrier 1575.2 MHz C/A Code 1.023 MHz Nav/System Data 50 Hz P-Code 10.23 MHz L2 Carrier 1227.6 MHz Combiner Combiner Mixer Mixer L1 Civilian Signal L2 Military Signal GPS Satellite Signals Encryption Code Figure 1: GPS signal structure. The receiver continuously listens for the GPS signals from space. The GPS receiver locks onto the signals from several GPS satellites simultaneously. The actual number of satellites the receiver locks onto is determined by: 1) the number of satellites in view of the receiver and 2) the maximum number of satellites the receiver hardware is designed to accommodate. Because of the C/A code identification, the GPS receiver knows exactly which satellites it is receiving data from at any given time. Once the identification codes for each of the received satellite signals are recognized, the GPS receiver generates an internal copy of the satellites identification codes. Each satellite transmits its identification codes in 1- millisecond intervals. The receiver compares its internally generated code against the repeating C/A code from space and looks for any lag from the expected 1-millisecond interval. Any deviation from the 1-millisecond interval is assumed to be the travel time of the GPS signal from space. Once the travel time (ΔT) is determined, the receiver then calculates the distance from itself to each satellite using the following formula: Distance = ΔT x Speed of Light. Receiver Generated Code Satellite Transmission T Figure 2: Example of GPS signal time delay.
One problem with this method is that the clocks on the receiver are not as accurate as the atomic clocks onboard the satellites. In addition to the time correction from the NAV/SYS data information from the satellites, the GPS receiver has a clever method of determining its own clock error, which we will discuss in a few moments. As previously mentioned, the receiver receives the signals from several GPS satellites simultaneously. Therefore, the distance to several satellites are known at any given time. Figure 3 gives a conceptual overview given the distance of three GPS satellites (denoted by the star symbol). Note that in Figure 3 that the ranges to the satellite, as measured by the GPS receiver, do not overlap at a single point. The measured and true ranges differ due to the clock errors in the receiver mentioned earlier. The result is a distance error seen by the receiver, which is represented by the dotted line in figure 3. You are Here Measured Range to Satellite True Range to Satellite Three Satellites Figure 3: 2-D representation of finding a position. At this point, the receiver knows it is somewhere in the area of overlap shown by the dotted line (figure 3). The receiver then interpolates this overlap area to find the center. The result of this interpolation gives two important pieces of information; 1) what the position of the receiver is and 2) the clock error of the receiver. In essence the receiver uses the correct position information to determine its own clock error. The more satellites involved, the smaller the area of overlap and the better the position fix will be. In theory, three satellites are all that is needed for a position fix. However, in practice, four or more satellites are needed to acquire an accurate latitude, longitude and altitude fix. Note that only one satellite is required for a time fix. The position is initially found in an X,Y,Z Earth centered/Earth Fixed co-ordinate frame and then converted to Latitude, Longitude and Altitude.
Countermeasures: Several of the countermeasures we propose are based on signal strength, which must (at least initially) be higher for the fake signal than the true signal from space. Some of the other countermeasures involve recognizing the characteristics of the satellite simulator itself. Many (if not all) GPS receivers display the signal strength and satellite number for each of the satellites it is receiving data from. We are unaware of any receivers that store this data and compare the information from one moment to the next. One or more of the following countermeasures should allow suspicious GPS signal activity to be detected: 1) Monitor the absolute GPS signal strength: This countermeasure involves monitoring and recording the average signal strength. We would compare the observed signal strength to the expected signal strength of about –163 dBw (5x 10-17 watts). If the absolute value of the observed signal exceeds some preset threshold, the GPS receiver would alert the user. This countermeasure is based on the idea that relatively unsophisticated GPS spoofing attacks will tend to use GPS satellite simulators. Such simulators will typically provide signal strengths many orders of magnitude larger than any possible satellite signal at the Earth’s surface. This is an unambiguous indication of a spoofing attack. 2) Monitor the relative GPS signal strength: The receiver software could be modified so that the average signal strength could be recorded and compared from one moment to the next. An extremely large change in relative signal strength would be characteristic of an adversary starting to generate a counterfeit GPS signal to override the true satellite GPS signals [6]. If the signal increases beyond some preset threshold, an alarm would sound and the end user could be alerted. 3) Monitor the signal strength of each received satellite signal: This countermeasure is an extension of the above two techniques. Here, the relative and absolute signal strengths are tested individually for each of the incoming satellite signals. Signals from a GPS satellite simulator will tend to make the signal coming from each artificial satellite of equal strength. Real satellite signals, however, vary from satellite to satellite and change over time. The idea here is that if the signal characteristics are too perfect, there is probably something wrong and the user should be alerted. Like the previous two countermeasures, this countermeasure could be implemented by modifying the existing software code of the GPS receiver. 4) Monitor satellite identification codes and number of satellite signals received: GPS satellite simulators transmit signals from multiple satellites (typically 10)—more than the number of real satellites often detected by a GPS receiver in the field at a given time. Many commercial GPS receivers display satellite identification information, but do not record this data or compare to
previously recorded data. Keeping track of both the number of satellite signals received and the satellite identification codes over time may prove helpful in determining if foul play is occurring. This is especially true of an unsophisticated spoofing attack where the adversary does not attempt to mimic the true satellite constellation at a given time. 5) Check the time intervals: With most GPS satellite simulators, the time between the artificial signal from each satellite and the next is a constant. This is not the case with real satellites. In other words, the receiver may pick up the true signal from one satellite and then a few moments later pick up a signal from another satellite, etc. With the satellite simulator, the receiver would pick up signals from all of the “satellites” simultaneously. This is an exploitable feature of the satellite simulator that could be used to tell if the signals were coming from the true source or a false simulator-based source. 6) Do a time comparison: Many current GPS receivers do not have an accurate clock. By using timing data from an accurate, continuously running clock to compare to the time derived from the GPS signal, we can check on the veracity of the received GPS signals. If the time deviates beyond some threshold, the user can be alerted to the possibility of a spoofing attack. As the VAT has demonstrated, very accurate clocks can be small and inexpensive, and operate on very low power. 7) Perform a sanity check: A small, solid-state accelerometer and compass can be used to independently monitor the physical trajectory of the receiver (heading, velocity, etc.), mounted, for example, on a moving truck. The information provided by this approach can be used to double check the current position fix reported by the GPS receiver based on a previously reported position. In a sophisticated spoofing attack, the adversary would send a false signal reporting the moving target’s true position and then gradually walk the target to a false position. This is how an attack on a cargo truck might occur for instance. The accelerometer would serve as a relative (not absolute) backup positioning system, which could be used to compare to the position reported by the GPS receiver. A discrepancy between the accelerometer and the receiver would raise a red flag and alert the user. All of the strategies 1-7 can be implemented by retrofitting existing GPS receivers; it is not necessary to redesign them. Strategies 1-5 can be implemented primarily through software alone. Strategy 6 could be implemented through software, or else a more accurate clock could be fitted onto the existing GPS receiver. Strategy 7 would require both hardware and software implementation to work properly. We believe a proof of principle for countermeasures 1-7 can be demonstrated fairly quickly. Conclusion Although the countermeasures proposed in this paper will not stop spoofing attacks, they will alert the user of the GPS receiver to suspicious activity. This will decrease the odds that a spoofing attack can succeed, and will also require
adversaries to deploy more sophisticated methods than the simple attack we have previously demonstrated [6]. We believe the potential countermeasures proposed in this paper can be implemented easily and inexpensively, including by retrofitting existing GPS receivers. Disclaimer & Acknowledgements The views expressed in this paper are those of the authors and should not necessarily be ascribed to Los Alamos National Laboratory, or the United States Department of Energy. Anthony Garcia, Adam Pacheco, Ron Martinez, Leon Lopez, and Sonia Trujillo contributed to this work. References: 1 John A. Volpe National Transportation Systems Center, Vulnerability Assessment Of The Transportation Infrastructure Relying On The Global Positioning System, Final Report., Department of Transportation, 2001, http://www.navcen.uscg.gov/archive/2001/Oct/FinalReport-v4.6.pdf. 2 S. J. Harding, Study into the impact on capability of U.K. commercial and domestic services resulting from the loss of GPS signals, Qinetiq, 2001, www.radio.gov.uk/topics/research/topics/other/gpsreport/gps-report. pdf. 3 L. Brutt, NS/EP Implication of GPS timing, Office of the manager National Communications System; Technical Notes, Technology and Standards Division 6 (2) (1999), www.ncs.gov/n2/content/technote/tnv6n2/tnv6n2.htm. 4 Committee on the Future of the Global Positioning System; National Research Council; Aeronautics and Space Engineering Board, The Global Positioning System: A Shared National Asset- Recommendations for Technical Improvements and Enhancements. (National Academy Press, 1995), www.nap.edu/books/0309052831/html/index.html. 5 Air Force release, Air Force NAVSTAR Global Positioning System Fact Sheet, Florida Today Space Online (1999), www.floridatoday.com/space/explore/stories/1999b/100399f.htm. 6 J. Warner and R. Johnston, A simple demonstration that the Global Positioning System (GPS) is vulnerable to spoofing, Journal of Security Administration, 25, 19 (2002). 7 US Coast Guard, GPS - Frequently Asked Questions, 2003, http://www.navcen.uscg.gov/faq/gpsfaq.htm. 8 US Air Force, GPS Support Center, (2003), https://www.peterson.af.mil/GPS_Support/. 9 Headquarters Air Force Space Command, NAVSTAR Global Positioning System Operations Protect Guide, Peterson Air Force Base.

Recommended

GNSS Jamming Detection, Localization and Mitigation
GNSS Jamming Detection, Localization and MitigationGNSS Jamming Detection, Localization and Mitigation
GNSS Jamming Detection, Localization and MitigationMarco Lisi
 
Introduction to Navigation Systems
Introduction to Navigation SystemsIntroduction to Navigation Systems
Introduction to Navigation SystemsJoseph Hennawy
 
Introduction-of-GNSS-2
Introduction-of-GNSS-2Introduction-of-GNSS-2
Introduction-of-GNSS-2Kutubuddin ANSARI
 
Vehicle tracking system using gps and gsm
Vehicle tracking system using gps and gsmVehicle tracking system using gps and gsm
Vehicle tracking system using gps and gsmanita maharjan
 
Global positioning system(GPS)
Global positioning system(GPS)Global positioning system(GPS)
Global positioning system(GPS)shifa
 
Gps
GpsGps
Gpszeaulodx
 
Satellite communication lecture9
Satellite communication lecture9Satellite communication lecture9
Satellite communication lecture9sandip das
 
Global Positioning System
Global Positioning SystemGlobal Positioning System
Global Positioning SystemRishi Shukla
 

Recommended

GNSS Jamming Detection, Localization and Mitigation
GNSS Jamming Detection, Localization and MitigationGNSS Jamming Detection, Localization and Mitigation
GNSS Jamming Detection, Localization and MitigationMarco Lisi
 
Introduction to Navigation Systems
Introduction to Navigation SystemsIntroduction to Navigation Systems
Introduction to Navigation SystemsJoseph Hennawy
 
Introduction-of-GNSS-2
Introduction-of-GNSS-2Introduction-of-GNSS-2
Introduction-of-GNSS-2Kutubuddin ANSARI
 
Vehicle tracking system using gps and gsm
Vehicle tracking system using gps and gsmVehicle tracking system using gps and gsm
Vehicle tracking system using gps and gsmanita maharjan
 
Global positioning system(GPS)
Global positioning system(GPS)Global positioning system(GPS)
Global positioning system(GPS)shifa
 
Gps
GpsGps
Gpszeaulodx
 
Satellite communication lecture9
Satellite communication lecture9Satellite communication lecture9
Satellite communication lecture9sandip das
 
Global Positioning System
Global Positioning SystemGlobal Positioning System
Global Positioning SystemRishi Shukla
 
Global Positioning System (GPS)
Global Positioning System (GPS) Global Positioning System (GPS)
Global Positioning System (GPS) ManjuChauhan16
 
radar-principles
radar-principlesradar-principles
radar-principlesjhcid
 
Global Positioning System (GPS)
Global Positioning System (GPS) Global Positioning System (GPS)
Global Positioning System (GPS) richard_craig
 
Introduction to global position system
Introduction to global position systemIntroduction to global position system
Introduction to global position systemUniversity of Technology
 
Gps
GpsGps
GpsMohamed Abdo
 
Global navigation satellite system based positioning combined
Global navigation satellite system based positioning combinedGlobal navigation satellite system based positioning combined
Global navigation satellite system based positioning combinedMehjabin Sultana
 
Introduction to the Global Positioning System
Introduction to the Global Positioning SystemIntroduction to the Global Positioning System
Introduction to the Global Positioning SystemNingeni sionmosesaam
 
Global positioning System
Global positioning SystemGlobal positioning System
Global positioning Systemayushrajput
 
Inmarsat – Powering global connectivity
Inmarsat – Powering global connectivityInmarsat – Powering global connectivity
Inmarsat – Powering global connectivitytechUK
 
TRS
TRSTRS
TRSNithin Kashyap
 
Cse satrack ppt
Cse satrack pptCse satrack ppt
Cse satrack pptamity university
 
GMDSS
GMDSSGMDSS
GMDSSJr. Axalan
 
Gmdss lrg
Gmdss lrgGmdss lrg
Gmdss lrgLance Grindley
 
GPS (Global Positioning System)
GPS (Global Positioning System)GPS (Global Positioning System)
GPS (Global Positioning System)TANMAY SHARMA
 
Gps
GpsGps
GpsKHUSHBU SHAH
 
Basic GPS
Basic GPSBasic GPS
Basic GPSCadetServer
 
Gps waas class 5 nov10
Gps waas class 5 nov10Gps waas class 5 nov10
Gps waas class 5 nov10Clark Jay Wilson
 
Radio And Satellite Navigation
Radio And Satellite NavigationRadio And Satellite Navigation
Radio And Satellite Navigationwillmac1wm
 
How GPS Works ?
How GPS Works ? How GPS Works ?
How GPS Works ? Aakash Yellapantulla
 
Gps ppt
Gps pptGps ppt
Gps pptRishabh Gandhi
 
FOSTER ITS _ a trusted GNSS module to secure ITS application
FOSTER ITS _ a trusted GNSS module to secure ITS applicationFOSTER ITS _ a trusted GNSS module to secure ITS application
FOSTER ITS _ a trusted GNSS module to secure ITS applicationThe European GNSS Agency (GSA)
 
Mac spoof avoider
Mac spoof avoiderMac spoof avoider
Mac spoof avoiderShailesh Maurya
 

More Related Content

What's hot

Global Positioning System (GPS)
Global Positioning System (GPS) Global Positioning System (GPS)
Global Positioning System (GPS) ManjuChauhan16
 
radar-principles
radar-principlesradar-principles
radar-principlesjhcid
 
Global Positioning System (GPS)
Global Positioning System (GPS) Global Positioning System (GPS)
Global Positioning System (GPS) richard_craig
 
Global navigation satellite system based positioning combined
Global navigation satellite system based positioning combinedGlobal navigation satellite system based positioning combined
Global navigation satellite system based positioning combinedMehjabin Sultana
 
Introduction to the Global Positioning System
Introduction to the Global Positioning SystemIntroduction to the Global Positioning System
Introduction to the Global Positioning SystemNingeni sionmosesaam
 
Global positioning System
Global positioning SystemGlobal positioning System
Global positioning Systemayushrajput
 
Inmarsat – Powering global connectivity
Inmarsat – Powering global connectivityInmarsat – Powering global connectivity
Inmarsat – Powering global connectivitytechUK
 
GPS (Global Positioning System)
GPS (Global Positioning System)GPS (Global Positioning System)
GPS (Global Positioning System)TANMAY SHARMA
 
Radio And Satellite Navigation
Radio And Satellite NavigationRadio And Satellite Navigation
Radio And Satellite Navigationwillmac1wm
 

What's hot (20)

Global Positioning System (GPS)
Global Positioning System (GPS) Global Positioning System (GPS)
Global Positioning System (GPS)
 
radar-principles
radar-principlesradar-principles
radar-principles
 
Global Positioning System (GPS)
Global Positioning System (GPS) Global Positioning System (GPS)
Global Positioning System (GPS)
 
Introduction to global position system
Introduction to global position systemIntroduction to global position system
Introduction to global position system
 
Gps
GpsGps
Gps
 
Global navigation satellite system based positioning combined
Global navigation satellite system based positioning combinedGlobal navigation satellite system based positioning combined
Global navigation satellite system based positioning combined
 
Introduction to the Global Positioning System
Introduction to the Global Positioning SystemIntroduction to the Global Positioning System
Introduction to the Global Positioning System
 
Global positioning System
Global positioning SystemGlobal positioning System
Global positioning System
 
Inmarsat – Powering global connectivity
Inmarsat – Powering global connectivityInmarsat – Powering global connectivity
Inmarsat – Powering global connectivity
 
TRS
TRSTRS
TRS
 
Cse satrack ppt
Cse satrack pptCse satrack ppt
Cse satrack ppt
 
GMDSS
GMDSSGMDSS
GMDSS
 
Gmdss lrg
Gmdss lrgGmdss lrg
Gmdss lrg
 
GPS (Global Positioning System)
GPS (Global Positioning System)GPS (Global Positioning System)
GPS (Global Positioning System)
 
Gps
GpsGps
Gps
 
Basic GPS
Basic GPSBasic GPS
Basic GPS
 
Gps waas class 5 nov10
Gps waas class 5 nov10Gps waas class 5 nov10
Gps waas class 5 nov10
 
Radio And Satellite Navigation
Radio And Satellite NavigationRadio And Satellite Navigation
Radio And Satellite Navigation
 
How GPS Works ?
How GPS Works ? How GPS Works ?
How GPS Works ?
 
Gps ppt
Gps pptGps ppt
Gps ppt
 

Viewers also liked

FOSTER ITS _ a trusted GNSS module to secure ITS application
FOSTER ITS _ a trusted GNSS module to secure ITS applicationFOSTER ITS _ a trusted GNSS module to secure ITS application
FOSTER ITS _ a trusted GNSS module to secure ITS applicationThe European GNSS Agency (GSA)
 
Top 3 MAC Spoofing Challenges You Cannot Afford to Ignore
Top 3 MAC Spoofing Challenges You Cannot Afford to IgnoreTop 3 MAC Spoofing Challenges You Cannot Afford to Ignore
Top 3 MAC Spoofing Challenges You Cannot Afford to IgnoreGreat Bay Software
 
1unit2ndpart
1unit2ndpart1unit2ndpart
1unit2ndpartprksh89
 
Network Attacks and Countermeasures
Network Attacks and CountermeasuresNetwork Attacks and Countermeasures
Network Attacks and Countermeasureskaranwayne
 
RSA - WLAN Hacking
RSA - WLAN HackingRSA - WLAN Hacking
RSA - WLAN HackingJohn Rhoton
 
Seminariode Seguridad L2
Seminariode Seguridad L2Seminariode Seguridad L2
Seminariode Seguridad L2christian nieto
 
Packet sniffing in switched LANs
Packet sniffing in switched LANsPacket sniffing in switched LANs
Packet sniffing in switched LANsIshraq Al Fataftah
 
Neighbor discovery in wireless networks with multipacket reception
Neighbor discovery in wireless networks with multipacket receptionNeighbor discovery in wireless networks with multipacket reception
Neighbor discovery in wireless networks with multipacket receptionLeMeniz Infotech
 
Network Attack Counter
Network Attack CounterNetwork Attack Counter
Network Attack CounterKHNOG
 

Viewers also liked (11)

FOSTER ITS _ a trusted GNSS module to secure ITS application
FOSTER ITS _ a trusted GNSS module to secure ITS applicationFOSTER ITS _ a trusted GNSS module to secure ITS application
FOSTER ITS _ a trusted GNSS module to secure ITS application
 
Mac spoof avoider
Mac spoof avoiderMac spoof avoider
Mac spoof avoider
 
Top 3 MAC Spoofing Challenges You Cannot Afford to Ignore
Top 3 MAC Spoofing Challenges You Cannot Afford to IgnoreTop 3 MAC Spoofing Challenges You Cannot Afford to Ignore
Top 3 MAC Spoofing Challenges You Cannot Afford to Ignore
 
1unit2ndpart
1unit2ndpart1unit2ndpart
1unit2ndpart
 
Network Attacks and Countermeasures
Network Attacks and CountermeasuresNetwork Attacks and Countermeasures
Network Attacks and Countermeasures
 
RSA - WLAN Hacking
RSA - WLAN HackingRSA - WLAN Hacking
RSA - WLAN Hacking
 
Seminariode Seguridad L2
Seminariode Seguridad L2Seminariode Seguridad L2
Seminariode Seguridad L2
 
Dynamic Port Scanning
Dynamic Port ScanningDynamic Port Scanning
Dynamic Port Scanning
 
Packet sniffing in switched LANs
Packet sniffing in switched LANsPacket sniffing in switched LANs
Packet sniffing in switched LANs
 
Neighbor discovery in wireless networks with multipacket reception
Neighbor discovery in wireless networks with multipacket receptionNeighbor discovery in wireless networks with multipacket reception
Neighbor discovery in wireless networks with multipacket reception
 
Network Attack Counter
Network Attack CounterNetwork Attack Counter
Network Attack Counter
 

Similar to Countermeasures to GPS Spoofing

Sources of GPS Errors in a Glance (2016)
Sources of GPS Errors in a Glance (2016)Sources of GPS Errors in a Glance (2016)
Sources of GPS Errors in a Glance (2016)Atiqa khan
 
Stolen car recovery
Stolen car recoveryStolen car recovery
Stolen car recoveryHossam Zein
 
Location in ubiquitous computing, LOCATION SYSTEMS
Location in ubiquitous computing, LOCATION SYSTEMSLocation in ubiquitous computing, LOCATION SYSTEMS
Location in ubiquitous computing, LOCATION SYSTEMSSalah Amean
 
Introduction togps shsm
Introduction togps shsmIntroduction togps shsm
Introduction togps shsmWRDSB
 
Global Positioning System
Global Positioning System Global Positioning System
Global Positioning System Varun B P
 
Introducing GPS Spoofing Attack on Power Grids and Counteract Methods
Introducing GPS Spoofing Attack on Power Grids and Counteract MethodsIntroducing GPS Spoofing Attack on Power Grids and Counteract Methods
Introducing GPS Spoofing Attack on Power Grids and Counteract MethodsSaraSiamak
 
Spoofing attack on PMU (Phasor measurement unit)
Spoofing attack on PMU (Phasor measurement unit)Spoofing attack on PMU (Phasor measurement unit)
Spoofing attack on PMU (Phasor measurement unit)Mohammad Sabouri
 
GLONASS and GSM based Vehicle Tracking System
GLONASS and GSM based Vehicle Tracking SystemGLONASS and GSM based Vehicle Tracking System
GLONASS and GSM based Vehicle Tracking SystemIRJET Journal
 
Latest Advances in GPS technology Seminar report
Latest Advances in GPS technology Seminar reportLatest Advances in GPS technology Seminar report
Latest Advances in GPS technology Seminar reportMode Gautam Raj
 
GNSS Receivers and the Cyber Threat
GNSS Receivers and the Cyber ThreatGNSS Receivers and the Cyber Threat
GNSS Receivers and the Cyber ThreatSailaja Tennati
 

Similar to Countermeasures to GPS Spoofing (20)

GPS.ppt
GPS.pptGPS.ppt
GPS.ppt
 
Gps
GpsGps
Gps
 
Sources of GPS Errors in a Glance (2016)
Sources of GPS Errors in a Glance (2016)Sources of GPS Errors in a Glance (2016)
Sources of GPS Errors in a Glance (2016)
 
Stolen car recovery
Stolen car recoveryStolen car recovery
Stolen car recovery
 
Gps
GpsGps
Gps
 
Location in ubiquitous computing, LOCATION SYSTEMS
Location in ubiquitous computing, LOCATION SYSTEMSLocation in ubiquitous computing, LOCATION SYSTEMS
Location in ubiquitous computing, LOCATION SYSTEMS
 
Introduction togps shsm
Introduction togps shsmIntroduction togps shsm
Introduction togps shsm
 
Global Positioning System
Global Positioning System Global Positioning System
Global Positioning System
 
Gps
GpsGps
Gps
 
Introducing GPS Spoofing Attack on Power Grids and Counteract Methods
Introducing GPS Spoofing Attack on Power Grids and Counteract MethodsIntroducing GPS Spoofing Attack on Power Grids and Counteract Methods
Introducing GPS Spoofing Attack on Power Grids and Counteract Methods
 
Spoofing attack on PMU (Phasor measurement unit)
Spoofing attack on PMU (Phasor measurement unit)Spoofing attack on PMU (Phasor measurement unit)
Spoofing attack on PMU (Phasor measurement unit)
 
GPS(Global Positioning system
GPS(Global Positioning systemGPS(Global Positioning system
GPS(Global Positioning system
 
Gps tracking
Gps trackingGps tracking
Gps tracking
 
GLONASS and GSM based Vehicle Tracking System
GLONASS and GSM based Vehicle Tracking SystemGLONASS and GSM based Vehicle Tracking System
GLONASS and GSM based Vehicle Tracking System
 
Gps
GpsGps
Gps
 
Latest Advances in GPS technology Seminar report
Latest Advances in GPS technology Seminar reportLatest Advances in GPS technology Seminar report
Latest Advances in GPS technology Seminar report
 
Global positioning system
Global positioning systemGlobal positioning system
Global positioning system
 
Yarab
YarabYarab
Yarab
 
Concept of gps
Concept of gpsConcept of gps
Concept of gps
 
GNSS Receivers and the Cyber Threat
GNSS Receivers and the Cyber ThreatGNSS Receivers and the Cyber Threat
GNSS Receivers and the Cyber Threat
 

More from Roger Johnston

In Risu Veritas: Humor & Security
In Risu Veritas: Humor & SecurityIn Risu Veritas: Humor & Security
In Risu Veritas: Humor & SecurityRoger Johnston
 
Journal of Physical Security 15(1)
Journal of Physical Security 15(1)Journal of Physical Security 15(1)
Journal of Physical Security 15(1)Roger Johnston
 
Camera Obscura and Security/Privacy
Camera Obscura and Security/PrivacyCamera Obscura and Security/Privacy
Camera Obscura and Security/PrivacyRoger Johnston
 
Vulnerability Assessment: The Missing Manual for the Missing Link
Vulnerability Assessment: The Missing Manual for the Missing Link Vulnerability Assessment: The Missing Manual for the Missing Link
Vulnerability Assessment: The Missing Manual for the Missing Link Roger Johnston
 
Journal of Physical Security 14(1)
Journal of Physical Security 14(1)Journal of Physical Security 14(1)
Journal of Physical Security 14(1)Roger Johnston
 
Journal of Physical Security 13(1)
Journal of Physical Security 13(1)Journal of Physical Security 13(1)
Journal of Physical Security 13(1)Roger Johnston
 
Election Security 2020
Election Security 2020Election Security 2020
Election Security 2020Roger Johnston
 
A New Approach to Vulnerability Assessment
A New Approach to Vulnerability AssessmentA New Approach to Vulnerability Assessment
A New Approach to Vulnerability AssessmentRoger Johnston
 
Understanding Vulnerability Assessments
Understanding Vulnerability AssessmentsUnderstanding Vulnerability Assessments
Understanding Vulnerability AssessmentsRoger Johnston
 
Devil's Dictionary of Security Terms
Devil's Dictionary of Security Terms Devil's Dictionary of Security Terms
Devil's Dictionary of Security Terms Roger Johnston
 
Vulnerability Assessments
Vulnerability Assessments Vulnerability Assessments
Vulnerability Assessments Roger Johnston
 
Design Reviews Versus Vulnerability Assessments for Physical Security
Design Reviews Versus Vulnerability Assessments for Physical SecurityDesign Reviews Versus Vulnerability Assessments for Physical Security
Design Reviews Versus Vulnerability Assessments for Physical SecurityRoger Johnston
 
Journal of Physical Security 12(3)
Journal of Physical Security 12(3)Journal of Physical Security 12(3)
Journal of Physical Security 12(3)Roger Johnston
 
Journal of Physical Security 12(2)
Journal of Physical Security 12(2)Journal of Physical Security 12(2)
Journal of Physical Security 12(2)Roger Johnston
 
Unconventional Security Devices
Unconventional Security DevicesUnconventional Security Devices
Unconventional Security DevicesRoger Johnston
 
Making the Business Case for Security Investment
Making the Business Case for Security InvestmentMaking the Business Case for Security Investment
Making the Business Case for Security InvestmentRoger Johnston
 
Journal of Physical Security 11(1)
Journal of Physical Security 11(1)Journal of Physical Security 11(1)
Journal of Physical Security 11(1)Roger Johnston
 

More from Roger Johnston (20)

In Risu Veritas: Humor & Security
In Risu Veritas: Humor & SecurityIn Risu Veritas: Humor & Security
In Risu Veritas: Humor & Security
 
Journal of Physical Security 15(1)
Journal of Physical Security 15(1)Journal of Physical Security 15(1)
Journal of Physical Security 15(1)
 
Security Audits.pdf
Security Audits.pdfSecurity Audits.pdf
Security Audits.pdf
 
Camera Obscura and Security/Privacy
Camera Obscura and Security/PrivacyCamera Obscura and Security/Privacy
Camera Obscura and Security/Privacy
 
Vulnerability Assessment: The Missing Manual for the Missing Link
Vulnerability Assessment: The Missing Manual for the Missing Link Vulnerability Assessment: The Missing Manual for the Missing Link
Vulnerability Assessment: The Missing Manual for the Missing Link
 
Journal of Physical Security 14(1)
Journal of Physical Security 14(1)Journal of Physical Security 14(1)
Journal of Physical Security 14(1)
 
Want seals with that?
Want seals with that?Want seals with that?
Want seals with that?
 
Journal of Physical Security 13(1)
Journal of Physical Security 13(1)Journal of Physical Security 13(1)
Journal of Physical Security 13(1)
 
Election Security 2020
Election Security 2020Election Security 2020
Election Security 2020
 
Security Assurance
Security AssuranceSecurity Assurance
Security Assurance
 
A New Approach to Vulnerability Assessment
A New Approach to Vulnerability AssessmentA New Approach to Vulnerability Assessment
A New Approach to Vulnerability Assessment
 
Understanding Vulnerability Assessments
Understanding Vulnerability AssessmentsUnderstanding Vulnerability Assessments
Understanding Vulnerability Assessments
 
Devil's Dictionary of Security Terms
Devil's Dictionary of Security Terms Devil's Dictionary of Security Terms
Devil's Dictionary of Security Terms
 
Vulnerability Assessments
Vulnerability Assessments Vulnerability Assessments
Vulnerability Assessments
 
Design Reviews Versus Vulnerability Assessments for Physical Security
Design Reviews Versus Vulnerability Assessments for Physical SecurityDesign Reviews Versus Vulnerability Assessments for Physical Security
Design Reviews Versus Vulnerability Assessments for Physical Security
 
Journal of Physical Security 12(3)
Journal of Physical Security 12(3)Journal of Physical Security 12(3)
Journal of Physical Security 12(3)
 
Journal of Physical Security 12(2)
Journal of Physical Security 12(2)Journal of Physical Security 12(2)
Journal of Physical Security 12(2)
 
Unconventional Security Devices
Unconventional Security DevicesUnconventional Security Devices
Unconventional Security Devices
 
Making the Business Case for Security Investment
Making the Business Case for Security InvestmentMaking the Business Case for Security Investment
Making the Business Case for Security Investment
 
Journal of Physical Security 11(1)
Journal of Physical Security 11(1)Journal of Physical Security 11(1)
Journal of Physical Security 11(1)
 

Recently uploaded

Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdfKamal Acharya
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdfKamal Acharya
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 

Recently uploaded (20)

Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 

Countermeasures to GPS Spoofing

  • 1. LAUR-03-6163 Appeared in Homeland Security Journal, December 12, 2003, http://www.homelandsecurity.org/bulletin/Dual%20Benefit/warner_gps_spoofing.html. GPS Spoofing Countermeasures Jon S. Warner, Ph.D. and Roger G. Johnston, Ph.D., CPP Vulnerability Assessment Team Los Alamos National Laboratory Los Alamos, New Mexico, 87545 Abstract: Civilian Global Positioning System (GPS) receivers are vulnerable to a number of different attacks such as blocking, jamming, and spoofing. The goal of such attacks is either to prevent a position lock (blocking and jamming), or to feed the receiver false information so that it computes an erroneous time or location (spoofing). GPS receivers are generally aware of when blocking or jamming is occurring because they have a loss of signal. Spoofing, however, is a surreptitious attack. Currently, no countermeasures are in use for detecting spoofing attacks. We believe, however, that it is possible to implement simple, low-cost countermeasures that can be retrofitted onto existing GPS receivers. This would, at the very least, greatly complicate spoofing attacks. Introduction: The civilian Global Positioning System (GPS) is widely used by both government and private industry for many important applications. Some of these applications include public safety services such as police, fire, rescue and ambulance. The cargo industry, buses, taxis, railcars, delivery vehicles, agricultural harvesters, private automobiles, spacecraft, marine and airborne traffic also use GPS systems for navigation. In fact, the Federal Aviation Administration (FAA) is in the process of drafting an instruction requiring that all radio navigation systems aboard aircraft use GPS [1]. Additional uses include hiking and surveying, as well as being used in robotics, cell phones, animal tracking and even GPS wristwatches. Utility companies and telecommunication companies use GPS timing signals to regulate the base frequency of their distribution grids. GPS timing signals are also used by the financial industry, the broadcast industry, mobile telecommunication providers, the international financial industry, banking (for money transfers and time locks), and other distributed computer network applications [2,3]. In short, anyone who wants to know their exact location, velocity, or time might find GPS useful. Unfortunately, the civilian GPS signals are not secure [1]. Only the military GPS signals are encrypted (authenticated), but these are generally unavailable to
  • 2. civilians, foreign governments, and most of the U.S. government, including most of the Department of Defense (DoD). Plans are underway to upgrade the existing GPS system, but they apparently do not include adding encryption or authentication to the civilian GPS signal [4,5]. The GPS signal strength measured at the surface of the Earth is about –160dBw (1x10-16 Watts), which is roughly equivalent to viewing a 25-Watt light bulb from a distance of 10,000 miles. This weak signal can be easily blocked by destroying or shielding the GPS receiver’s antenna. The GPS signal can also be effectively jammed by a signal of a similar frequency, but greater strength. Blocking and jamming, however, are not the greatest security risk, because the GPS receiver will be fully aware it is not receiving the GPS signals needed to determine position and time. A more pernicious attack involves feeding the GPS receiver fake GPS signals so that it believes it is located somewhere in space and time that it is not. This “spoofing” attack is more elegant than jamming because it is surreptitious. The Vulnerability Assessment Team (VAT) at Los Alamos National Laboratory (LANL) has recently demonstrated the ease with which civilian GPS spoofing attacks can be implemented [6]. This spoofing is most easily accomplished by using a GPS satellite simulator. Such GPS satellite simulators are uncontrolled, and widely available. To conduct the spoofing attack, an adversary broadcasts a fake GPS signal with a higher signal strength than the true GPS signal. The GPS receiver believes that the fake signal is actually the true GPS signal from space, and ignores the true GPS signal. The receiver then proceeds to calculate erroneous position or time information based on this false signal. How Does GPS work? The GPS is operated by DoD. It consists of a constellation of 27 satellites (24 active and 3 standby) in 6 separate orbits and reached full official operational capability status on July 17, 1995 [7]. GPS users have the ability to obtain a 3-D position, velocity and time fix in all types of weather, 24-hours a day. GPS users can locate their position to within ± 18 ft on average or ± 60-90 ft for a worst case 3-D fix [8]. Each GPS satellite broadcasts two signals, a civilian unencrypted signal and a military encrypted signal. The civilian GPS signal was never intended for critical or security applications, though that is, unfortunately, how it is now often used. The DoD reserves the military encrypted GPS signal for sensitive applications such as smart weapons. This paper will be focusing on the civilian (unencrypted) GPS signal. Any discussion of civilian GPS vulnerabilities are fully unclassified [9]. The carrier wave for the civilian signal is the same frequency (1575.2 MHz) for all of the GPS satellites. The C/A code provides the GPS receiver on the Earth’s surface with a unique identification number (a.k.a. PRN or Pseudo Random Noise code). In this manner, each satellite transmits a unique identification number that allows the GPS receiver to know which satellites it is receiving signals from. The
  • 3. Nav/System data provides the GPS receiver with information about the position of all the satellites in the constellation as well as precise timing data from the atomic clocks aboard the satellites. L1 Carrier 1575.2 MHz C/A Code 1.023 MHz Nav/System Data 50 Hz P-Code 10.23 MHz L2 Carrier 1227.6 MHz Combiner Combiner Mixer Mixer L1 Civilian Signal L2 Military Signal GPS Satellite Signals Encryption Code Figure 1: GPS signal structure. The receiver continuously listens for the GPS signals from space. The GPS receiver locks onto the signals from several GPS satellites simultaneously. The actual number of satellites the receiver locks onto is determined by: 1) the number of satellites in view of the receiver and 2) the maximum number of satellites the receiver hardware is designed to accommodate. Because of the C/A code identification, the GPS receiver knows exactly which satellites it is receiving data from at any given time. Once the identification codes for each of the received satellite signals are recognized, the GPS receiver generates an internal copy of the satellites identification codes. Each satellite transmits its identification codes in 1- millisecond intervals. The receiver compares its internally generated code against the repeating C/A code from space and looks for any lag from the expected 1-millisecond interval. Any deviation from the 1-millisecond interval is assumed to be the travel time of the GPS signal from space. Once the travel time (ΔT) is determined, the receiver then calculates the distance from itself to each satellite using the following formula: Distance = ΔT x Speed of Light. Receiver Generated Code Satellite Transmission T Figure 2: Example of GPS signal time delay.
  • 4. One problem with this method is that the clocks on the receiver are not as accurate as the atomic clocks onboard the satellites. In addition to the time correction from the NAV/SYS data information from the satellites, the GPS receiver has a clever method of determining its own clock error, which we will discuss in a few moments. As previously mentioned, the receiver receives the signals from several GPS satellites simultaneously. Therefore, the distance to several satellites are known at any given time. Figure 3 gives a conceptual overview given the distance of three GPS satellites (denoted by the star symbol). Note that in Figure 3 that the ranges to the satellite, as measured by the GPS receiver, do not overlap at a single point. The measured and true ranges differ due to the clock errors in the receiver mentioned earlier. The result is a distance error seen by the receiver, which is represented by the dotted line in figure 3. You are Here Measured Range to Satellite True Range to Satellite Three Satellites Figure 3: 2-D representation of finding a position. At this point, the receiver knows it is somewhere in the area of overlap shown by the dotted line (figure 3). The receiver then interpolates this overlap area to find the center. The result of this interpolation gives two important pieces of information; 1) what the position of the receiver is and 2) the clock error of the receiver. In essence the receiver uses the correct position information to determine its own clock error. The more satellites involved, the smaller the area of overlap and the better the position fix will be. In theory, three satellites are all that is needed for a position fix. However, in practice, four or more satellites are needed to acquire an accurate latitude, longitude and altitude fix. Note that only one satellite is required for a time fix. The position is initially found in an X,Y,Z Earth centered/Earth Fixed co-ordinate frame and then converted to Latitude, Longitude and Altitude.
  • 5. Countermeasures: Several of the countermeasures we propose are based on signal strength, which must (at least initially) be higher for the fake signal than the true signal from space. Some of the other countermeasures involve recognizing the characteristics of the satellite simulator itself. Many (if not all) GPS receivers display the signal strength and satellite number for each of the satellites it is receiving data from. We are unaware of any receivers that store this data and compare the information from one moment to the next. One or more of the following countermeasures should allow suspicious GPS signal activity to be detected: 1) Monitor the absolute GPS signal strength: This countermeasure involves monitoring and recording the average signal strength. We would compare the observed signal strength to the expected signal strength of about –163 dBw (5x 10-17 watts). If the absolute value of the observed signal exceeds some preset threshold, the GPS receiver would alert the user. This countermeasure is based on the idea that relatively unsophisticated GPS spoofing attacks will tend to use GPS satellite simulators. Such simulators will typically provide signal strengths many orders of magnitude larger than any possible satellite signal at the Earth’s surface. This is an unambiguous indication of a spoofing attack. 2) Monitor the relative GPS signal strength: The receiver software could be modified so that the average signal strength could be recorded and compared from one moment to the next. An extremely large change in relative signal strength would be characteristic of an adversary starting to generate a counterfeit GPS signal to override the true satellite GPS signals [6]. If the signal increases beyond some preset threshold, an alarm would sound and the end user could be alerted. 3) Monitor the signal strength of each received satellite signal: This countermeasure is an extension of the above two techniques. Here, the relative and absolute signal strengths are tested individually for each of the incoming satellite signals. Signals from a GPS satellite simulator will tend to make the signal coming from each artificial satellite of equal strength. Real satellite signals, however, vary from satellite to satellite and change over time. The idea here is that if the signal characteristics are too perfect, there is probably something wrong and the user should be alerted. Like the previous two countermeasures, this countermeasure could be implemented by modifying the existing software code of the GPS receiver. 4) Monitor satellite identification codes and number of satellite signals received: GPS satellite simulators transmit signals from multiple satellites (typically 10)—more than the number of real satellites often detected by a GPS receiver in the field at a given time. Many commercial GPS receivers display satellite identification information, but do not record this data or compare to
  • 6. previously recorded data. Keeping track of both the number of satellite signals received and the satellite identification codes over time may prove helpful in determining if foul play is occurring. This is especially true of an unsophisticated spoofing attack where the adversary does not attempt to mimic the true satellite constellation at a given time. 5) Check the time intervals: With most GPS satellite simulators, the time between the artificial signal from each satellite and the next is a constant. This is not the case with real satellites. In other words, the receiver may pick up the true signal from one satellite and then a few moments later pick up a signal from another satellite, etc. With the satellite simulator, the receiver would pick up signals from all of the “satellites” simultaneously. This is an exploitable feature of the satellite simulator that could be used to tell if the signals were coming from the true source or a false simulator-based source. 6) Do a time comparison: Many current GPS receivers do not have an accurate clock. By using timing data from an accurate, continuously running clock to compare to the time derived from the GPS signal, we can check on the veracity of the received GPS signals. If the time deviates beyond some threshold, the user can be alerted to the possibility of a spoofing attack. As the VAT has demonstrated, very accurate clocks can be small and inexpensive, and operate on very low power. 7) Perform a sanity check: A small, solid-state accelerometer and compass can be used to independently monitor the physical trajectory of the receiver (heading, velocity, etc.), mounted, for example, on a moving truck. The information provided by this approach can be used to double check the current position fix reported by the GPS receiver based on a previously reported position. In a sophisticated spoofing attack, the adversary would send a false signal reporting the moving target’s true position and then gradually walk the target to a false position. This is how an attack on a cargo truck might occur for instance. The accelerometer would serve as a relative (not absolute) backup positioning system, which could be used to compare to the position reported by the GPS receiver. A discrepancy between the accelerometer and the receiver would raise a red flag and alert the user. All of the strategies 1-7 can be implemented by retrofitting existing GPS receivers; it is not necessary to redesign them. Strategies 1-5 can be implemented primarily through software alone. Strategy 6 could be implemented through software, or else a more accurate clock could be fitted onto the existing GPS receiver. Strategy 7 would require both hardware and software implementation to work properly. We believe a proof of principle for countermeasures 1-7 can be demonstrated fairly quickly. Conclusion Although the countermeasures proposed in this paper will not stop spoofing attacks, they will alert the user of the GPS receiver to suspicious activity. This will decrease the odds that a spoofing attack can succeed, and will also require
  • 7. adversaries to deploy more sophisticated methods than the simple attack we have previously demonstrated [6]. We believe the potential countermeasures proposed in this paper can be implemented easily and inexpensively, including by retrofitting existing GPS receivers. Disclaimer & Acknowledgements The views expressed in this paper are those of the authors and should not necessarily be ascribed to Los Alamos National Laboratory, or the United States Department of Energy. Anthony Garcia, Adam Pacheco, Ron Martinez, Leon Lopez, and Sonia Trujillo contributed to this work. References: 1 John A. Volpe National Transportation Systems Center, Vulnerability Assessment Of The Transportation Infrastructure Relying On The Global Positioning System, Final Report., Department of Transportation, 2001, http://www.navcen.uscg.gov/archive/2001/Oct/FinalReport-v4.6.pdf. 2 S. J. Harding, Study into the impact on capability of U.K. commercial and domestic services resulting from the loss of GPS signals, Qinetiq, 2001, www.radio.gov.uk/topics/research/topics/other/gpsreport/gps-report. pdf. 3 L. Brutt, NS/EP Implication of GPS timing, Office of the manager National Communications System; Technical Notes, Technology and Standards Division 6 (2) (1999), www.ncs.gov/n2/content/technote/tnv6n2/tnv6n2.htm. 4 Committee on the Future of the Global Positioning System; National Research Council; Aeronautics and Space Engineering Board, The Global Positioning System: A Shared National Asset- Recommendations for Technical Improvements and Enhancements. (National Academy Press, 1995), www.nap.edu/books/0309052831/html/index.html. 5 Air Force release, Air Force NAVSTAR Global Positioning System Fact Sheet, Florida Today Space Online (1999), www.floridatoday.com/space/explore/stories/1999b/100399f.htm. 6 J. Warner and R. Johnston, A simple demonstration that the Global Positioning System (GPS) is vulnerable to spoofing, Journal of Security Administration, 25, 19 (2002). 7 US Coast Guard, GPS - Frequently Asked Questions, 2003, http://www.navcen.uscg.gov/faq/gpsfaq.htm. 8 US Air Force, GPS Support Center, (2003), https://www.peterson.af.mil/GPS_Support/. 9 Headquarters Air Force Space Command, NAVSTAR Global Positioning System Operations Protect Guide, Peterson Air Force Base.