Hijacking of position data: A new GPS vulnerability

Dinesh Manandhar Associate Professor (Project) Center for Spatial Information Science (CSIS) The University of Tokyo, Japan

Today, when you buy a computer, you also buy an anti-virus software. But why? It’s because you don’t feel secure with virus attacks to your brand new computer and you would like to protect and keep clean your computer from any possible virus attacks. However, you are getting threats all the time and you keep on updating anti-virus software routinely. Such, virus attacks may not be life-threating attacks but it does create serious problems due to loss of data.

Days are not so far that something similar to computer will also happen to a system that uses GPS devices for location and time information. Today, systems that require location and time data depend on GPS due to its global availability, accuracy and free of cost. For example, carnavigation, auto-driving, synchronization of telecom systems, timing in financial transactions, monitoring of vessels (AIS/ VMS), guiding aircrafts, vehicle toll fee collection, location based services (LBS) and many safety and security related systems use GPS for location and time information. Today, these systems heavily depend on the use of GPS and it has become an essential part to make our daily life comfortable. We are using GPS information knowingly or un-knowingly in our daily life. It’s not your choice but it has become an integrated system of our daily life. In some cases, it is required by laws, rules and regulations. For example, all mobile phones shall have a GPS receiver to facilitate location data during emergencies. E-call and ERA-GLOANSS has become mandatory in cars for emergency services in EU and Russia respectively.

However, on the other hand, GPS or GNSS signals are quite vulnerable to interference, jamming and spoofing. Interference and jamming can be either intentional or nonintentional. But, Spoofing is an intentional act and the most serious one. In the case of interference and jamming, the receiver stops working so the system knows that something has gone wrong and necessary actions can be taken to prevent from potential dangers. In the case of spoofing, it is to make the receiver keep on working but with fake position data. For example, even if a user is in Tokyo, it is possible to spoof the receiver of the user to show its location as Osaka. Your position data can be simply hijacked from one location to another location. Neither the receiver nor the user has any means to check this fake output location data for its correctness. The design of current GPS signals (civilian signals) do not allow to check against spoofing attacks.

Despite of GPS spoofing issues were being raised in Volpe Reports by the Department of Transport, USA in 2001 and in a James Bond movie “Tomorrow Never Dies” released in 1997, very few research were conducted until 2010. Many new GNSS signals were designed between 2000 and 2010 or later but none of these signals implemented functionalities to protect from spoofing in civilian signals.

Spoofing attacks can be done very easily because all necessary signal design information are published in Interface Control Document (ICD). ICD is a mandatory document for all service providers to make it public so that GPS receiver manufacturers can design and manufacture GPS receivers. A hardware device that can generate GPS like signal for spoofing is available for a few hundred dollars and it can be powered through a USB port. The device can be easily programmed to generate any type of GNSS signals. Also, GPS signals are very weak power signals (-130dBm at receiver antenna which is below the thermal noise of the device) and a spoofer signal at very low power, say -64dBm (EIRP at transmitter antenna) is strong enough to spoof receivers in it’s vicinity of about 5-10 meters radius. -64dBm corresponds to license free signal power at the transmitter antenna (EIRP) at 1-10GHz frequency in Japan. This level of very weak signal is not a problem in terms of interference and jamming because it will not have any significant impact on other signals beyond 1-3m distance. But, if we consider spoofing attacks, this power level is strong enough to attack users in its vicinity within 5-10 meters. The radio regulations in many countries basically focus on interference and jamming vulnerabilities but not spoofing. The radio regulations related with GNSS or RNSS frequencies shall be revised considering spoofing issues as well. For example, the government of the USA does not allow broadcasting any other signal in the RNSS (used for GPS/ GNSS) frequency bandwidths. However, this is just an overall approach to keep the whole RNSS bandwidth clean from any other harmful signals. This may help to protect from interference and jamming but not from spoofing. For example, what will happen if some systems intentionally or un-intentionally transmits a GPS like signal to spoof GPS users from space?

After 2010, we have seen many research, papers and some tentative solutions coming up to solve spoofing issues. However it is not an easy task since these solutions have to be compatible with the signals already in the space and without impact on existing receiver hardware integrated with other systems. We have been working in this field for more than ten years. We have already developed a test-bed system few years ago that is capable to conduct real-time authentication tests by broadcasting test signals from QZSS satellites. Our system is capable to authenticate GPS (USA), GALILEO (EU) and BEIDOU (China) beside QZSS (Japan) signals. GALILEO has also announced that it’s open signal in E1 band will also provide authentication capabilities.

Thus, we do see bright aspects in protecting the GPS systems from spoofing attacks. This means that in the next few years when you buy a GPS receiver or GPS based system, you will also be buying an “antivirus package” to protect your GPS from spoofing attacks. We call this “anti-virus package” as “Signal authentication service” that will detect whether the position and time data from your receiver is actually computed from the GPS satellites in the space or not. This type of authentication service will be a must for safe and secure operation of auto-driving and many other safety and security related applications.

Please refer https://home.csis.u-tokyo. ac.jp/~dinesh/index.htm for more information related with GNSS.