Susceptibility of GPS-Dependent Complex Systems to Spoofing

Faria, Lester de Abreu; Silvestre, Caio Augusto de Melo; Correia, Marcelino Aparecido Feitosa; Roso, Nelson A.

doi:10.5028/jatm.v10.839

ABSTRACT

GPS-based systems have been widely used in different critical sectors, including civilian and military applications. Despite of being able to provide great benefits, under certain circumstances they show to be highly vulnerable to intentional interferences. In this context, this article aimed to evaluate the susceptibility of different complex GPS-dependent systems to intentional interferences, focusing on the technique known as spoofing. This technique presents a high complexity and a great potential for damaging/deceiving complex systems, besides being difficult to identify and to implement countermeasures. Complex systems, like mobile phones, automobile receivers and aircraft receivers were submitted to different levels of spoofing, in free space and in a semi-anechoic chamber, being corrupted with low power levels of interference.

KEYWORDS:
GPS Receivers; Jamming; Spoofing; Vulnerabilities

INTRODUCTION

Global Navigation Satellite Systems (GNSS) are currently used throughout the Earth, providing estimations of Position, Navigation and Timing (PNT) to all operators that have a simple GPS receiver and a line of sight to, at least, four satellites.

Considering the current existing systems, the most used one is the Global Positioning System (GPS), or NAVSTAR-GPS (NAVigation System Timing And Ranging), having the US government (Department of Defense - DoD) as its main sponsor. It was the first GNSS system fully available to the users, through the creation of a constellation of satellites. Other systems already in operation, or under development, are: the Russian GLONASS (Global Navigation Satellite System); the European GALILEO (Global European Navigation Satellite System); and the Chinese BDS (BeiDou Navigation System) (Bakker 2006Bakker PF (2006) Effects of radio frequency interference on GNSS receiver output. Stevinweg: Delft University of Technology.). All the considerations provided here for the GPS system are extensive to the other ones, with minor modifications.

The system provides two types of positioning services: the SPS (Standard Positioning Service) and the PPS (Precision Positioning Service). The first is available to all users, regardless of the application, while the second is restricted only to DoD authorized users, being accessed via cryptographic techniques (Balvedi 2006Balvedi GC (2006) Efeitos dos dutos troposféricos na propagação e recepção de sinais GPS (MSc dissertation). São José dos Campos: Aeronautical Institute of Technology. In Portuguese.). Unlike these kinds of GPS signals, which are encrypted and can be authenticated, the civilian ones (and those who do not have the DoD authorization) were never intended for safety- and security-critical applications.

However, currently, the GPS system supports many critical applications not only for military, but also for civilian and commercial users worldwide. Fourteen of sixteen critical sectors of the economy depend on the GPS signals (navigation, precision agriculture, financial market, communication, etc.). Besides, in military, where this dependency is not so clear, Emitters Locating Systems (ELS), Secure Communication (SC) and Multistatic Radars (MSR), which depends on the time or frequency, are also supported by those signals, becoming increasingly dependent.

However, as demonstrated previously in Faria et al. (2016)Faria LA, Silvestre CAM, Correia MAF (2016) GPS-dependent systems: Vulnerabilities to electromagnetic attacks. Journal of Aerospace Technology and Management 8(4):423-430. doi: 10.5028/jatm.v8i4.632
https://doi.org/10.5028/jatm.v8i4.632... , despite its complexity of design and implementation, the GPS shows to be highly susceptible to the influence of intentional malicious actions, which may lead not only to a decreased accuracy (jamming), but also to the avoidance of its use through the indication of corrupted coordinates and time (spoofing). These actions result from its high sensitivity, becoming vulnerable to high signals.

Nowadays, on internet (open sources), it is very easy to find not only jamming equipment, but also spoofing ones to buy, at lower prices than expected. Besides, several tutorials can be found on websites and YouTube, detailing how to spoof and jam vectors, especially drones. It is just to google it and one can find security experts raising alarm over online drone hacking instructions (Russon 2015Russon MA (2015) Wondering how to hack a military drone? It’s all on Google; [accessed 2016 Nov 04]. http://www.ibtimes.co.uk/wondering-how-hack-military-drone-its-all-google-1500326
http://www.ibtimes.co.uk/wondering-how-h... ).

In addition, successful spoofing experiments on standard receivers have been increasingly reported (Tippenhauer et al. 2011Tippenhauer NO, Pöpper C, Rasmussen KB, Capkun S (2011) On the requirements for successful GPS spoofing attacks; [accessed 2016 Oct 15] https://www.cs.ox.ac.uk/files/6489/gps.pdf
https://www.cs.ox.ac.uk/files/6489/gps.p... ), showing that commercial off-the-shelf receivers are not able to detect such attacks. The increased availability of programmable radio platforms, as will be shown later, leads to a reduced cost of attacks and to a high vulnerability of GPS systems.

In this context, this article aims to evaluate the susceptibility of complex GPS-dependent systems to spoofing, which is shown as an advanced technique of interference, where corrupted PNT signals are transmitted to the receiver, overlaying the true GPS signals. This procedure presents a high potential of damage, so that is very difficult to identify and to countermeasure. Information on the capabilities, limitations, and operational procedures helps to identify vulnerable points and detection strategies, reasons that justify this work.

In order to illustrate the high vulnerability of such systems, it stands out the case of the US RQ-170 Sentinel. In December 2011, Iran surprised the world forcing an Unmanned Aerial Vehicle (UAV) “RQ-170 Sentinel” to have a controlled landing in Iranian territory. Figure 1 depicts the incident, not presenting accurate information of the procedures and infrastructure that Iran used to perform such task. One can only infer that the communication link between the control station and the UAV has been jammed/blocked, and the UAV GPS receiver spoofed, which forced its landing (Petersomn 2011Petersomn S (2011) Iran hacked RQ-170 GPS - fooled in autopilot landing in Iran; [accessed 2014 Sep 17]. www.uasvision.com/2011/12/16/iran-hacke-rq-170-gps-fooled-in-autopilot-landing-in-iran/
www.uasvision.com/2011/12/16/iran-hacke-... ). It is worth noting that US uses an encrypted GPS code, hindering the success of interference, but, in this case, not being sufficient to prevent the Iranian action.

Figure 1
US-RQ 170 Sentinel action, in Iran (Petersomn 2011Petersomn S (2011) Iran hacked RQ-170 GPS - fooled in autopilot landing in Iran; [accessed 2014 Sep 17]. www.uasvision.com/2011/12/16/iran-hacke-rq-170-gps-fooled-in-autopilot-landing-in-iran/
www.uasvision.com/2011/12/16/iran-hacke-... ).

THEORETICAL CONCEPTS

GPS SIGNALS

GPS system determines the user’s position in real time. For that, right-circularly polarized waves are continuously emitted in three carrier frequencies, L1, L2 and L5 (respectively 1575.42 MHz, 1227.6 MHz and 1176.45 MHz), where the latter is not yet fully operational.

The carriers are BPSK (Binary Phase Shift Keying) modulated with PRN (Pseudorandom Noise) codes. The PRN code is a binary sequence, which, in addition to identifying the satellite, makes the spread spectrum signal, allowing all satellites to transmit at the same frequency. The transit time is calculated from the received signal correlated with its replica, generated in the receiver, enabling the calculation of its position. This is possible when establishing communication with, at least, four satellites.

Each transmitter is equipped with a synchronized clock, with no clock offset to the exact system time t^S , and broadcasts a carefully chosen navigation signal s_i (t) (including timestamps and information on the satellites’ deviation from the predicted trajectories). A receiver V located at the coordinates L Є R³ (to be determined) and using an omnidirectional antenna will receive the combined signal of all satellites in range:

(1)

g (L, t) = \sum_{i} A_{i} s_{i} (t - \frac{|L_{i}^{S} - L|}{c}) + n (L, t)

where A_i is the attenuation that the signal suffers on its way from L^S_i to L, |L^S_i- L| denotes the Euclidean distance between L^S_i and L, and n(L,t) is background noise.

Two PRN codes modulate the L1 frequency: C/A (coarse/acquisition clear) code and the P(Y) (precision code) encrypted code. The P(Y) code is a PRN with 10.23 MHz, what leads to a length of 30 meters. On the other hand, the C/A code operates with a chipping rate of 1.023 MHz and a length of 300 m, only in L1 carrier. The C/A codes are available for civilian and military users, while the P(Y) code is for the exclusive use of the militaries (Balvedi 2006Balvedi GC (2006) Efeitos dos dutos troposféricos na propagação e recepção de sinais GPS (MSc dissertation). São José dos Campos: Aeronautical Institute of Technology. In Portuguese.). In civilian GPS (and those which do not have authorization of the US DoD), the signals are spread using publicly known spreading PRN codes. The codes used for US military GPS are kept secret, serving for signal hiding and authentication.

Once the C/A code is open to all SPS users, it is the most widely used code in civilian and military GPS receivers, being present only in L1 signal. In addition to the PRN codes, the navigation message also modulate the carriers, including information of the broadcast ephemeris, satellite clock corrections, almanac data, ionosphere information and satellite health status.

L1 signal is defined as:

(2)

S_{L 1} = A_{P} . P (t) . D (t) . \cos (2 . π . f_{1} . t + ϕ) + A_{C} . C (t) . D (t) . \sin (2 . π . f_{1} . t + ϕ)

where S_L1 is the frequency of the L1 signal, A_P is the amplitude of the P(Y) code, P(t) is the phase of the P(Y) code and D(t) is the navigation message, f₁ is the frequency of the carrier L₁, φ is the initial phase and finally A_C and D(t) are the amplitude and the phase of the C/A code, respectively.

The analysis presented in the present paper is restricted to the study of the effects on the L1 carrier signals, which is the frequency used by the SPS users, the great majority of civil and military institutions outside the United States.

POWER LEVELS

The GPS system specification provides, for transmission, a power about 27 watts (or 14.3 dBw) to the C/A code in L1. The minimum received power level for the C/A code, in L1, is -160 dBw, not expecting to exceed -153 dBw (Kaplan and Hegarty 2006Kaplan E, Hegarty C (2006) Understanding GPS: principles and applications. Norwood: Artech House.). These low power level signals explain the high susceptibility to intentional jamming and spoofing.

The antenna of a GPS system has omnidirectional characteristics. Its radiation pattern should provide reception of all GPS signals within the reception hemisphere of the antenna (from horizon to horizon, at all elevations). On the other hand, interfering signals generally have low elevation angles, where receiving antennae present lower gains, on the horizon. The gain does not vary with the azimuth, but with the elevation angle, as can be seen in Fig. 2.

Figure 2
Typical radiation diagram of a GPS receiving antenna.

SPOOFING

Inserting false PNT information in a GPS receiver is what can be defined, quite simply, as the spoofing technique. Spoofing is a more threatening electronic attack than jamming because the targeted GPS receiver or the victim’s receiver cannot detect the attack and so cannot warn users that its navigation solution is untrustworthy. This technique is quite complex and cause major damage to military and high-value civilian operations when not identified. Because of the high risk that it offers, just a few detailed information is open-access, although some of them can be found (Tippenhauer et al. 2011Tippenhauer NO, Pöpper C, Rasmussen KB, Capkun S (2011) On the requirements for successful GPS spoofing attacks; [accessed 2016 Oct 15] https://www.cs.ox.ac.uk/files/6489/gps.pdf
https://www.cs.ox.ac.uk/files/6489/gps.p... ; Humphreys et al. 2008Humphreys TE, Ledvina BM, Psiaki ML, O’Hanlon BW, Kintner PM (2008) Assessing the spoofing threat: Development of a portable GPS civilian spoofer. Proceedings of the ION GNSS International Technical Meeting of the Satellite Division; Savannah, USA.). Besides, equipment that allows implementing it at different levels of complexity is also available on internet and literally allows controlling the victim’s GPS system.

The simplest form of spoofing, or spoofing level 1, uses a GPS signal simulator to generate a false signal, containing multiple satellite GPS signals. After generating the signal, radio frequency is radiated toward a victim receiver. The main deficiency shown in this technique is the desynchronization between the false and the true GPS signals, since they will not present the same phase. This desynchronization does not allow the processing of the false signal, so acting as noise and, if the power level is enough, it can cause the victim receiver to miss the original signal, thus acting as a simple jammer and alerting the operator to a possible spoofing (Warner and Johnston 2002Warner J, Johnston R (2002) A simple demonstration that the global positioning system (GPS) is vulnerable to spoofing. Journal of Security Administration 25:19-28.).

A more efficient variation of spoofing, also known as spoofing level 2, is the one in which the attacker previously knows the position and speed of the victim receiver. This attack can be accomplished using a simulator and a portable GPS signal receiver (receiver-spoofer), which must be positioned close to the target, so that they receive the same signal. Based on this signal, the receiver-spoofer creates a false one. If this technique is performed correctly, the victim receiver will display all PNT information, based on malicious signal.

In order to conduct a spoofing task, initially a correlation between the corrupted and the original signal must be performed. When the peak of correlation of the corrupted signal is aligned with the original one, the power of malicious signal is increased. Thus, the receiver DLL (Delay Lock Loop) centralizes the false signal, taking the “control” of the victim receiver, and can generate any PNT information by the simple manipulation of the generated signal. Although this technique is highly complex, experiments show that it is possible and feasible to be implemented (Warner and Johnston 2002Warner J, Johnston R (2002) A simple demonstration that the global positioning system (GPS) is vulnerable to spoofing. Journal of Security Administration 25:19-28.).

Figure 3 depicts the process of control of the receiver DLL, where it is possible to observe the correlation between the code generated in the receiver and the GPS signals (original and corrupted ones). As can be seen, after the correlation of the signals, the malicious one mocks the victim receiver, becoming the main signal provide information to the receiver.

Figure 3
DLL domain.

Finally, a third spoofing technique, known as spoofing level 3, is based on a set of receivers-spoofers, in a coordinated way to remove some possible countermeasures that can be implemented based on spatial discrimination. This technique is the most complex and therefore the most expensive and difficult to achieve.

PREVIOUS RELATED WORK

In 2001, the Volpe report (John 2001John A. Volpe National Transportation Systems Center (2001) Vulnerability assessment of the transportation infrastructure relying on the global positioning system.) firstly identified a malicious interference in civilian GPS as a problem, writing that: “as GPS further penetrates into the civil infrastructure, it becomes a tempting target that could be exploited by individuals, groups, or countries hostile to the U.S.”. After that, spoofing attacks were treated in different publications and, in Warner and Johnston (2002)Warner J, Johnston R (2002) A simple demonstration that the global positioning system (GPS) is vulnerable to spoofing. Journal of Security Administration 25:19-28., a satellite simulator was firstly used to attack a receiver mounted in another platform, being successful in taking over the victim’s satellite lock. In Humphreys et al. (2008)Humphreys TE, Ledvina BM, Psiaki ML, O’Hanlon BW, Kintner PM (2008) Assessing the spoofing threat: Development of a portable GPS civilian spoofer. Proceedings of the ION GNSS International Technical Meeting of the Satellite Division; Savannah, USA., GPS spoofing signals were created by decoding legitimate GPS signals and generating time shifted copies (meaconing), which were transmitted with higher energy to overlay the original ones, what was repeated in Motella et al. (2010)Motella B, Pini M, Fantino M, Mussalano P, Nicola M, Fortuny-Guasch J, Wildemeersch M, Symeonidis D (2010) Performance assessment of low cost GPS receivers under civilian spoofing attacks. Proceedings of the 5th ESA Workshop on Satellite Navigation Technologies and European Workshop on GNSS Signals and Signal Processing (Navitec). doi: 10.1109/navitec.2010.5708018
https://doi.org/10.1109/navitec.2010.570... . Meaconing shows to be less expensive but generates time delays between signals (Tippenhauer et al. 2011Tippenhauer NO, Pöpper C, Rasmussen KB, Capkun S (2011) On the requirements for successful GPS spoofing attacks; [accessed 2016 Oct 15] https://www.cs.ox.ac.uk/files/6489/gps.pdf
https://www.cs.ox.ac.uk/files/6489/gps.p... ).

GPS spoofing is discussed analytically in Kuhn (2004)Kuhn MG (2004) An asymmetric security mechanism for navigation signals. Proceedings of the Information Hiding Workshop., showing that it is possible to manipulate military and civilian GPS signals by pulse-delaying, or replaying (individual) navigation signals with a delay.

These different possible models of attack require a variety of countermeasures focusing on avoiding collateral effects, what is discussed in John (2001)John A. Volpe National Transportation Systems Center (2001) Vulnerability assessment of the transportation infrastructure relying on the global positioning system.; Kuhn (2004)Kuhn MG (2004) An asymmetric security mechanism for navigation signals. Proceedings of the Information Hiding Workshop.; Papadimitratos and Jovanovic (2008aPapadimitratos P, Jovanovic A (2008a) GNSS-based positioning: Attacks and countermeasures. Proceedings of the IEEE Military Communications Conference (MILCOM). doi: 10.1109/milcom.2008.4753512
https://doi.org/10.1109/milcom.2008.4753... ; 2008b)Papadimitratos P, Jovanovic A (2008b) Protection and fundamental vulnerability of GNSS. Proceedings of the International Workshop on Satellite and Space Communications. doi: 10.1109/iwssc.2008.4656777
https://doi.org/10.1109/iwssc.2008.46567... ; Warner and Johnston (2003)Warner JS, Johnston RG (2003) GPS spoofing countermeasures. Homeland Security Journal.. In a close future, countermeasures shall rely only on modifications of the receivers, once those that could be implemented in the signals, or in the satellites themselves, have low probability of implementation, due to the high complexity.

In literature, just a few publications (Motella et al. 2010Motella B, Pini M, Fantino M, Mussalano P, Nicola M, Fortuny-Guasch J, Wildemeersch M, Symeonidis D (2010) Performance assessment of low cost GPS receivers under civilian spoofing attacks. Proceedings of the 5th ESA Workshop on Satellite Navigation Technologies and European Workshop on GNSS Signals and Signal Processing (Navitec). doi: 10.1109/navitec.2010.5708018
https://doi.org/10.1109/navitec.2010.570... ; Cavaleri et al. 2010Cavaleri A, Motella B, Pini M, Fantino M (2010) Detection of spoofed GPS signals at code and carrier tracking level. Proceedings of the 5th ESA Workshop on Satellite Navigation Technologies and European Workshop on GNSS Signals and Signal Processing (Navitec). doi: 10.1109/navitec.2010.5708016
https://doi.org/10.1109/navitec.2010.570... ; Ledvina et al. 2010Ledvina BM, Bencze WJ, Galusha B, Miller I (2010). An in-line anti-spoofing device for legacy civil GPS receivers. Proceedings of the ION International Technical Meeting.; Montgomery et al. 2009Montgomery, PY, Humphreys TE, Ledvina BM (2009) Receiver-autonomous spoofing detection: Experimental results of a multi-antenna receiver defense against a portable civil GPS spoofer. Proceedings of the ION International Technical Meeting.) present experimental data on spoofing attacks, indicating a high-added value for any information concerning to this unexplored theme.

EXPERIMENTAL SETUP AND RESULTS

Aiming to check and validate the previously described concepts, some experiments were designed, addressing different levels of intentional interference (spoofing) in different kind of receivers, from the simplest (automotive receivers) to more complex ones (aeronautical receivers). Thus, spoofing level 1 could be evaluated, as well as the power level required to an effective interference.

SPOOFING IN MOBILE PHONES AND AUTOMOTIVE RECEIVERS

Initially, a test was designed with modulated signal (spoofing) to verify the robustness of different kinds of receivers. The experimental setup, as depicted in Fig. 4 (Electronic Warfare Laboratory of the Technological Institute of Aeronautics - LAB-GE), consisted of the following equipment:

Figure 4
Semi-anechoic chamber with the devices under test.

Modulated Signal Generator Keysight N7609B;
DHR antenna 0118;
SMA coaxial cable;
Software N7609B, for GNSS signals;
Pedestal for placing the receivers; and
Semi-anechoic chamber.

In order to isolate the receivers from any interference or of original GPS satellite signals, the tests were performed in a semi-anechoic chamber. This experiment aimed to test each one of the receivers for their susceptibility to spoofing level 1, radiating the GPS signal generated by the N7609B software. This software allows selecting and simulating signals of GPS and other constellations, such as GLONASS and GALILEO. The power of each one of the satellites can also be controlled, as well as the relative power scale, the pseudo-range, the Doppler shift and the multipath. It is a complex signal generator, allowing different kinds of interaction with GPS receivers and tests. Two programming pages of the software can be seen in Fig. 5.

Figure 5
Programming pages of the N7609B software.

The experiment was conducted in two phases with increasing level of complexity:

Modulated signal with false coordinates (static and dynamic) and false date-time data (referring to 2013);
Modulated signal with false coordinates (static and dynamic) and correct date-time data, consistent with the date of the experiment.

In the first experiment, the automotive receiver was clearly spoofed with a power as low as -50 dBm. The coordinates of Beijing (N40.0096856; W116.478479) were inserted in the receiver, as shown in Fig. 6.

Figure 6
Automotive receiver under static spoofing.

Note that the GPS satellites, designated in the software, were identified (green color) and presented in the receiver (highlighted as 1). Likewise, Beijing coordinates were also presented (highlighted as 2). This spoofing was performed with the insertion of a static coordinate, in which the target was supposed to be stopped at the referred coordinates (highlighted as 3). Thus, the interference (spoofing) was quite efficient, even at extremely low levels of signals (-50 dBm) and the receiver understood that he was in China rather than its actual position in São José dos Campos - São Paulo, Brazil.

In the case of the mobile phone, it was required -30 dBm to spoof the receiver, showing a higher robustness to this action, but remaining already extremely sensitive and vulnerable. In Fig. 7 it is possible to verify the false position of the receiver (highlighted as 1), the coordinates of Beijing (highlighted as 2), and the indication of a static coordinate (highlighted as 3, speed equals to 0).

Figure 7
Mobile phone under static spoofing.

Subsequently, it has been verified the receivers’ susceptibility to spoofing with dynamic coordinates (navigation routes) and false date-time data. Initially it was radiated a power of -50 dBm for both receptors, being gradually increased up to -30 dBm. Then, it was possible to circumvent only the automotive receiver but not the mobile phone.

Seeking to increase the complexity and efficiency of the experiment, it was carried on the spoofing with dynamic coordinates, and date-time data compatible with the real ones. Both receivers were corrupted after such a procedure. Figure 8 illustrates it with the closest date-time data (in red arrows), the captured satellites (highlighted as 1), the spoofed coordinates of China (highlighted as 2), the spoofed speed (highlighted as 3) and the present position (highlighted as 4). Both receivers (automotive and mobile phone) could be corrupted with such procedures.

Figure 8
Automotive and mobile phone receivers under dynamic spoofing, with a date-time data close to the real ones.

SPOOFING IN AERONAUTICAL RECEIVERS

Similar procedures to the ones previously presented were implemented for aeronautical receivers (GPS stand-alone and EGIR) to evaluate its robustness to spoofing.

The aeronautical receiver, known as EGIR, is a solution that assembles a GPS, an Inertial (INS) and a Radio-Altimeter (RALT). It is able to provide three independent solutions:

INS only;
GPS only; and
GPS/INS combined.

In addition, it continuously monitors the performance of each one of the navigation solutions, calculating a Figure of Merit (FOM) associated with the expected error.

After different trials of spoofing in free space, under original and corrupted GPS signals, such receivers have not incorporated the corrupted coordinates. Instead, it presented only a cancelling of the GPS signal, both in GPS stand-alone and in GPS+INS, as seen in Figs. 9 and 10, where, in each figure, the top part indicates the correct coordinates just after the alignment while the bottom part indicates the reading after the spoofing and the loss of the signal. Thus, it acted as a simple jammer, keeping clear the need for further studies on this subject, focusing on the development or implementation of more complex spoofing techniques.

Figure 9
Aeronautical GPS receiver under spoofing.

Figure 10
Aeronautical EGIR receiver under spoofing.

CONCLUSION

As can be seen, GPS devices have been widely disseminated and used in different systems, both for civilian and militaries applications. However, despite being able to provide great benefits, it should be considered that these systems are, under certain circumstances, vulnerable to intentional interference. Moreover, the deepening dependence of the civil and military infrastructures on GPS and the potential for financial gain or high-profile mischief makes GPS spoofing a gathering threat.

In this work, a series of experiments were carried out, seeking to evaluate the consequences of spoofing to complex systems. The simple experiments that have been developed and described in this work demonstrate that it is straightforward to mount a spoofing attack that could defeat most complex GPS-dependent systems.

Despite this issue is not a widespread concern on internet, and in scientific publications, some conclusions could be drawn from the experiments:

Spoofing level 1 with false date-time data: it was found that the automotive receiver proved to be totally vulnerable. Therefore, less complex spoofed signals, such as the coordinates without the date-time group, were enough to corrupt the coordinates of the equipment under test. However, in more complex receivers, as in the case of mobile phones and aeronautical receivers, it was not possible to corrupt the signal. Based on that, it can be concluded that the interference has been successful for canceling the GPS signal, as a jammer, which eventually can alert the user to the loss of coordinates.

Spoofing level 1 with compliant date-time data: it was possible to verify the success of the interference in the automotive receiver and in mobile phones, which was efficient in static and dynamic scenarios. On the other hand, it was not possible to achieve success in aeronautical receivers (GPS stand-alone and EGIR).

Finally, it was possible to infer the existence of different levels of susceptibility to intentional interference in complex GPS receivers. These results lead to the need of an evaluation of the vulnerability and to the sensibility to spoofing of different equipment and systems, in order to provide adequate countermeasures or, at least, identifying the interference. In addition, it shows the importance of the research and suggests its continuity as an alert to authorities, considering possible problems with adverse groups. Thus, it must be emphasized the strategic importance of this study and showed the profound impact that it can have on social and operational issues.

Moreover, based on recent news on internet, it appears that no sort of encrypted signals or authentication can assure systems against sophisticated spoofing attack, presenting high levels of dangerousness for all systems that use any kind of GPS signals.

REFERENCES

Bakker PF (2006) Effects of radio frequency interference on GNSS receiver output. Stevinweg: Delft University of Technology.
Balvedi GC (2006) Efeitos dos dutos troposféricos na propagação e recepção de sinais GPS (MSc dissertation). São José dos Campos: Aeronautical Institute of Technology. In Portuguese.
Cavaleri A, Motella B, Pini M, Fantino M (2010) Detection of spoofed GPS signals at code and carrier tracking level. Proceedings of the 5th ESA Workshop on Satellite Navigation Technologies and European Workshop on GNSS Signals and Signal Processing (Navitec). doi: 10.1109/navitec.2010.5708016
» https://doi.org/10.1109/navitec.2010.5708016
Faria LA, Silvestre CAM, Correia MAF (2016) GPS-dependent systems: Vulnerabilities to electromagnetic attacks. Journal of Aerospace Technology and Management 8(4):423-430. doi: 10.5028/jatm.v8i4.632
» https://doi.org/10.5028/jatm.v8i4.632
Humphreys TE, Ledvina BM, Psiaki ML, O’Hanlon BW, Kintner PM (2008) Assessing the spoofing threat: Development of a portable GPS civilian spoofer. Proceedings of the ION GNSS International Technical Meeting of the Satellite Division; Savannah, USA.
John A. Volpe National Transportation Systems Center (2001) Vulnerability assessment of the transportation infrastructure relying on the global positioning system.
Kaplan E, Hegarty C (2006) Understanding GPS: principles and applications. Norwood: Artech House.
Kuhn MG (2004) An asymmetric security mechanism for navigation signals. Proceedings of the Information Hiding Workshop.
Ledvina BM, Bencze WJ, Galusha B, Miller I (2010). An in-line anti-spoofing device for legacy civil GPS receivers. Proceedings of the ION International Technical Meeting.
Motella B, Pini M, Fantino M, Mussalano P, Nicola M, Fortuny-Guasch J, Wildemeersch M, Symeonidis D (2010) Performance assessment of low cost GPS receivers under civilian spoofing attacks. Proceedings of the 5th ESA Workshop on Satellite Navigation Technologies and European Workshop on GNSS Signals and Signal Processing (Navitec). doi: 10.1109/navitec.2010.5708018
» https://doi.org/10.1109/navitec.2010.5708018
Montgomery, PY, Humphreys TE, Ledvina BM (2009) Receiver-autonomous spoofing detection: Experimental results of a multi-antenna receiver defense against a portable civil GPS spoofer. Proceedings of the ION International Technical Meeting.
Petersomn S (2011) Iran hacked RQ-170 GPS - fooled in autopilot landing in Iran; [accessed 2014 Sep 17]. www.uasvision.com/2011/12/16/iran-hacke-rq-170-gps-fooled-in-autopilot-landing-in-iran/
» www.uasvision.com/2011/12/16/iran-hacke-rq-170-gps-fooled-in-autopilot-landing-in-iran/
Papadimitratos P, Jovanovic A (2008a) GNSS-based positioning: Attacks and countermeasures. Proceedings of the IEEE Military Communications Conference (MILCOM). doi: 10.1109/milcom.2008.4753512
» https://doi.org/10.1109/milcom.2008.4753512
Papadimitratos P, Jovanovic A (2008b) Protection and fundamental vulnerability of GNSS. Proceedings of the International Workshop on Satellite and Space Communications. doi: 10.1109/iwssc.2008.4656777
» https://doi.org/10.1109/iwssc.2008.4656777
Russon MA (2015) Wondering how to hack a military drone? It’s all on Google; [accessed 2016 Nov 04]. http://www.ibtimes.co.uk/wondering-how-hack-military-drone-its-all-google-1500326
» http://www.ibtimes.co.uk/wondering-how-hack-military-drone-its-all-google-1500326
Tippenhauer NO, Pöpper C, Rasmussen KB, Capkun S (2011) On the requirements for successful GPS spoofing attacks; [accessed 2016 Oct 15] https://www.cs.ox.ac.uk/files/6489/gps.pdf
» https://www.cs.ox.ac.uk/files/6489/gps.pdf
Warner J, Johnston R (2002) A simple demonstration that the global positioning system (GPS) is vulnerable to spoofing. Journal of Security Administration 25:19-28.
Warner JS, Johnston RG (2003) GPS spoofing countermeasures. Homeland Security Journal.

Publication Dates

Publication in this collection
2018

History

Received
11 Nov 2016
Accepted
15 May 2017

This is an Open Access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

[1] Bakker PF (2006) Effects of radio frequency interference on GNSS receiver output. Stevinweg: Delft University of Technology.

[2] Balvedi GC (2006) Efeitos dos dutos troposféricos na propagação e recepção de sinais GPS (MSc dissertation). São José dos Campos: Aeronautical Institute of Technology. In Portuguese.

[3] Cavaleri A, Motella B, Pini M, Fantino M (2010) Detection of spoofed GPS signals at code and carrier tracking level. Proceedings of the 5th ESA Workshop on Satellite Navigation Technologies and European Workshop on GNSS Signals and Signal Processing (Navitec). doi: 10.1109/navitec.2010.5708016
» https://doi.org/10.1109/navitec.2010.5708016

[4] Faria LA, Silvestre CAM, Correia MAF (2016) GPS-dependent systems: Vulnerabilities to electromagnetic attacks. Journal of Aerospace Technology and Management 8(4):423-430. doi: 10.5028/jatm.v8i4.632
» https://doi.org/10.5028/jatm.v8i4.632

[5] Humphreys TE, Ledvina BM, Psiaki ML, O’Hanlon BW, Kintner PM (2008) Assessing the spoofing threat: Development of a portable GPS civilian spoofer. Proceedings of the ION GNSS International Technical Meeting of the Satellite Division; Savannah, USA.

[6] John A. Volpe National Transportation Systems Center (2001) Vulnerability assessment of the transportation infrastructure relying on the global positioning system.

[7] Kaplan E, Hegarty C (2006) Understanding GPS: principles and applications. Norwood: Artech House.

[8] Kuhn MG (2004) An asymmetric security mechanism for navigation signals. Proceedings of the Information Hiding Workshop.

[9] Ledvina BM, Bencze WJ, Galusha B, Miller I (2010). An in-line anti-spoofing device for legacy civil GPS receivers. Proceedings of the ION International Technical Meeting.

[10] Motella B, Pini M, Fantino M, Mussalano P, Nicola M, Fortuny-Guasch J, Wildemeersch M, Symeonidis D (2010) Performance assessment of low cost GPS receivers under civilian spoofing attacks. Proceedings of the 5th ESA Workshop on Satellite Navigation Technologies and European Workshop on GNSS Signals and Signal Processing (Navitec). doi: 10.1109/navitec.2010.5708018
» https://doi.org/10.1109/navitec.2010.5708018

[11] Montgomery, PY, Humphreys TE, Ledvina BM (2009) Receiver-autonomous spoofing detection: Experimental results of a multi-antenna receiver defense against a portable civil GPS spoofer. Proceedings of the ION International Technical Meeting.

[12] Petersomn S (2011) Iran hacked RQ-170 GPS - fooled in autopilot landing in Iran; [accessed 2014 Sep 17]. www.uasvision.com/2011/12/16/iran-hacke-rq-170-gps-fooled-in-autopilot-landing-in-iran/
» www.uasvision.com/2011/12/16/iran-hacke-rq-170-gps-fooled-in-autopilot-landing-in-iran/

[13] Papadimitratos P, Jovanovic A (2008a) GNSS-based positioning: Attacks and countermeasures. Proceedings of the IEEE Military Communications Conference (MILCOM). doi: 10.1109/milcom.2008.4753512
» https://doi.org/10.1109/milcom.2008.4753512

[14] Papadimitratos P, Jovanovic A (2008b) Protection and fundamental vulnerability of GNSS. Proceedings of the International Workshop on Satellite and Space Communications. doi: 10.1109/iwssc.2008.4656777
» https://doi.org/10.1109/iwssc.2008.4656777

[15] Russon MA (2015) Wondering how to hack a military drone? It’s all on Google; [accessed 2016 Nov 04]. http://www.ibtimes.co.uk/wondering-how-hack-military-drone-its-all-google-1500326
» http://www.ibtimes.co.uk/wondering-how-hack-military-drone-its-all-google-1500326

[16] Tippenhauer NO, Pöpper C, Rasmussen KB, Capkun S (2011) On the requirements for successful GPS spoofing attacks; [accessed 2016 Oct 15] https://www.cs.ox.ac.uk/files/6489/gps.pdf
» https://www.cs.ox.ac.uk/files/6489/gps.pdf

[17] Warner J, Johnston R (2002) A simple demonstration that the global positioning system (GPS) is vulnerable to spoofing. Journal of Security Administration 25:19-28.

[18] Warner JS, Johnston RG (2003) GPS spoofing countermeasures. Homeland Security Journal.

Brasil