한국어
Just five years ago, initiating a GNSS spoofing attack required not only high-priced equipment but university-level engineering expertise. Now, the technology and much of the software is freely available online, and bad actors with limited skill can use it. Faced with high-profile incidents such as the 2019 “Crop Circle” event in China, where ships entering the port of Shanghai were affected by spoofing at the mouth of the HuangPu river, and a similar event in Iran, we can see that the potential global impact is substantial.
Our presentation* at ION GNSS+ 2020 detailed the technical aspects of our lab tests of GNSS receivers to see how they reacted to spoofing and meaconing attempts. This is the first time a detailed study of receiver responses has been undertaken. Without an understanding of how a receiver behaves, in terms of its resistance to attacks (robustness) as well as its resilience (how well the device recovers to normal operation) it is difficult to trust the output from that device unconditionally.
Not only the maritime and transportation industries, but communications, power grids and financial markets are at risk. In fact, any industry that depends on date, time and location data for accurate transaction auditing, are potential targets. Spoofing has even been reported in the location-based advertising industry leading to mis-targeted ad spends, which translates to tens of billions of dollars lost.
Meanwhile, attempts to spoof drones in war zones or in border patrol applications have been recorded, and hackers have even sold Pokemon GO accounts at highly inflated prices, collecting high-value “monsters” using sophisticated GNSS spoofing set-ups from home.
Unintended Consequences
There’s another critical aspect to spoofing that makes testing for robustness and resilience even more essential: not every victim of an attack is an intended target. Spoofing, by its very nature, will affect receivers in a wide area.
A telling example of this occurred at an Institute of Navigation event in 2017, where accidental radiation from a signal generator in an exhibitor’s booth made over 100 personal smartphones believe the year was actually 2014 and their location was not at the event but rather on another continent. The impact of such a seemingly simple issue was that email, texting and other basic functions of the phones would not work; Once the spoofing source was identified, some smartphones quickly recovered and regained normal operations but others did not, some required intervention by service providers and I know of one user whose phone has never fully recovered.
In another instance, at Germany’s Hanover airport, aircraft systems displayed errors when lining up on a particular runway. The issues turned out to be caused by a GNSS repeater system installed in a nearby hangar. Signals from this system would propagate and could be picked up by GPS receivers 1000 meters away near the runway threshold. This incident highlights the need to understand the impact of GNSS interference and spoofing on systems and devices – impacts can be unexpected and unpredictable.
Spoofing has even been reported in the location-based advertising industry leading to mis-targeted ad spends, which translates to tens of billions of dollars lost.
Resistance vs Recovery
The balance between robustness and resilience is a critical factor for receiver manufacturers. Often, the terms can be used interchangeably, which leads to unclear expectations. In our tests, we observed suggestions that sometimes a receiver that can resist a spoofing attack for longer or to a higher power level than other devices don’t seem to always recover to their initial state fully - if at all. Meanwhile, other devices that are less able to resist a spoofing attack seem to have the capability to recover faster or more completely once the spoofed signal terminates. These behaviours are not consistent, but are something we want to investigate further.
What this tells us is two-fold: first, testing is essential. But the kind of testing is equally important. There are trade-offs for each type of testing. Real-world tests are, of course, important to understanding how systems behave under threat conditions. Over-the-air tests that incorporate terrain, weather, line of sight issues and other environmental factors are incredibly valuable. But the practicality of real-world testing is limited by the need for a site both large enough and remote enough from systems that are not under test, in particular aircraft flying overhead. Instead, simulations and lab testing can provide controlled, repeatable test conditions to identify issues early on. An ideal test regime would combine elements of all test types combined to provide the most meaningful quantitative data.
A suitable test methodology that allows like-for-like comparison of equipment and systems in terms of performance and resilience is key. The need for quantitative test data as part of any risk assessment process is critical and will help to deliver cost-effective systems that are much more robust and resilient to GNSS threats.
The second point is that the industry needs to continue its move to evaluating the performance of Positioning, Navigation and Timing solutions using a system of systems approach. Much like Dr. Bradford Parkinson’s “Protect, Toughen, Augment” framework for GPS, this means employing a layered approach to risk reduction. Recognizing that every system can be exploited in some way, industry is moving away from solely relying on GNSS toward a future that engages other PNT sensors and systems, providing redundancy as well as checks and balances.
The Bigger Picture: Analyzing the Risk Chain
So, while testing is essential, developing equipment that is more resistant to and recoverable from spoofing requires also demands assessing the entire risk chain — from understanding the environment in which these systems operate, to identifying and quantifying threats, to developing a test methodology that can deliver the most useful and accurate results. Spirent’s expertise and services give you actionable insights to guide the development and evolution of new, more effective technologies.
The future may bring any number of solutions that can improve both resilience and robustness, from improved antenna systems to the use of more capable dead-reckoning or holdover systems as well as complementary technologies, including eLORAN, low earth orbit satellites and fibre optics.
As you drive toward greater accuracy and integrity with less risk, Spirent is ready to work with you, providing the experience and lab capabilities needed to reach that goal. Contact us to find out more.
*Session B6: Spectrum: Protection and Optimization
An Assessment of GNSS Receiver Behavior in Laboratory Conditions When Subject to GPS Meaconing or Spoofing Scenarios
