GPS receivers can be 'spoofed,' say researchers
September 22, 2008
An illustration showing how a GPS receiver/spoofer would transmit a false signal that a target GPS receiver could mistake for an authentic one.
(PhysOrg.com) -- Just like flat-screen televisions, cell phones and computers, global positioning system (GPS) technology is becoming something people can't imagine living without. So if such a ubiquitous system were to come under attack, would we be ready?
It's an uncomfortable question, but one that a group of Cornell researchers have considered with their research into "spoofing" GPS receivers.
GPS is a U.S. navigation system of more than 30 satellites circling Earth twice a day in specific orbits, transmitting signals to receivers on land, sea and in air to calculate their exact locations. "Spoofing," a not-quite-technical term first coined in the radar community, is the transmission of fake GPS signals that receivers accept as authentic ones.
The Cornell researchers, after more than a year of building equipment and experimenting in Rhodes Hall, presented a paper on their findings at a meeting of the Institute of Navigation, Sept. 19 in Savannah, Ga.
To demonstrate how a navigation device can be fooled, the researchers, led by Cornell professors Paul Kintner and Mark Psiaki, programmed a briefcase-size GPS receiver, used in ionospheric research, to send out fake signals.
Paper co-authors Brent Ledvina, Cornell Ph.D. '07 and now an assistant professor of electrical and computer engineering at Virginia Tech, and first author Todd Humphreys, Cornell Ph.D. '07, described how the "phony" receiver could be placed in the proximity of a navigation device, where it would track, modify, and retransmit the signals being transmitted from the GPS satellite constellation. Gradually, the "victim" navigation device would take the counterfeit navigation signals for the real thing.
Handheld GPS receivers are popular for their usefulness in navigating unfamiliar highways or backpacking into wilderness areas. But GPS is also embedded in the world's technological fabric. Such large commercial enterprises as utility companies and financial institutions have made GPS an essential part of their operations.
"GPS is woven into our technology infrastructure, just like the power grid or the water system," said Kintner, Cornell professor of electrical and computer engineering and director of the Cornell GPS Laboratory. "If it were attacked, there would be a serious impact."
By demonstrating the vulnerability of receivers to spoofing, the researchers believe they can help devise methods to guard against such attacks.
"Our goal is to inspire people who design GPS hardware to think about ways to make it so the kinds of things we're showing can be overcome," said Psiaki, Cornell professor of mechanical and aerospace engineering.
The idea of GPS receiver spoofing isn't new; in fact, the U.S. government addressed the issue in a December 2003 report detailing seven "countermeasures" against such an attack.
But, according to the researchers, such countermeasures would not have successfully guarded against the signals produced by their reprogrammed receiver.
"We're fairly certain we could spoof all of these, and that's the value of our work," Humphreys said.
Provided by Cornell University
Sep 27, 2006 |
not rated yet |
0
Not really, the encryption would have to be widely known by the public for them to use the GPS in the first place.
I'm pretty sure the military has their more accurate GPS encrypted for their use only, but if someone cracked the code, then its fair game.
Even now, people have hacked the 'radio traffic' signals sent to some GPS units, to create fake detours.
Even though I don't think it will cause any problems in real life, I see it being used in lots of movies.
I'd be more concerned about the fact that military can change the encryption at any point and kill all of the consumer/non-us gps systems, which is why europe is pissed and launching their own. Other armies are using our gps, the probability of us shutting it down, or having it lie, in a war is very probable.
Received to send out? Pardon me for being pedantic, but.. c'mon!!!!!
(FYI: transceiver)
Rather than just sending fake coordinates, it could get the real signal and delay it by differing amounts. It would make no difference if the signal was encrypted or authenticated, the GPS unit would think it was somewhere else.
you're kidding, right? public key encryption would work ....
So you're suggesting that signals can be stopped from the authenticating source? That's akin to saying wireless encryption doesn't encrypt because you don't have line of sight.
Public key encryption is perfect for this. It's lightweight, of variable length and complexity, and (without the private key) incredibly difficult to spoof. In order to snag the private key they'd have to either get their hands on a satellite, or decode the encryption that's currently used to time synch the satelites to the Naval monitoring stations, and that's recycled every 15 minutes, so, good luck with that.
If the receiving equipment is sensitive enough it should be able to discriminate between the two signals by analysing the Doppler shift.
That would require an overhaul of how GPS units work.
Yes it would require some modifications - but I'm having second thoughts about the idea anyway.
I suppose that the Doppler shift itself could be spoofed - and quite easily too. All it requires is a spoofer that simply receives the GPS signal, amplifies, then delays, then retransmits. The retransmission should faithfully and automatically include the doppler shift.
If someone really wanted to attack the GPS network, they'd bomb the monitoring facilities. Not write a complex algorythym that detects the location of a current satellite, calculates and emulates that satellites doppler shift, and then falsifies location.
When tracking signals and navigating the SNR is often far too low for a GPS receiver to actually decode the data anyway, they are using the code frame timing to accurately measure the time of arrival and phase to an accuracy of a few ns, having a stronger signal transmitted using the same code would make it impossible to receive the true signal and discriminate this from the fake signal, so even using the true navigation data messages it is possible to fake the position by transmitting a stronger phase shifted replica of the real signal with appropriate doppler applied.