research-article

SPREE: a spoofing resistant GPS receiver

Authors:

Aanjhan Ranganathan,

Hildur Ólafsdóttir,

Srdjan CapkunAuthors Info & Claims

MobiCom '16: Proceedings of the 22nd Annual International Conference on Mobile Computing and Networking

Pages 348 - 360

https://doi.org/10.1145/2973750.2973753

Published: 03 October 2016 Publication History

Abstract

Global Positioning System (GPS) is used ubiquitously in a wide variety of applications ranging from navigation and tracking to modern smart grids and communication networks. However, it has been demonstrated that modern GPS receivers are vulnerable to signal spoofing attacks. For example, today it is possible to change the course of a ship or force a drone to land in a hostile area by simply spoofing GPS signals. Several countermeasures have been proposed in the past to detect GPS spoofing attacks. These counter-measures offer protection only against naive attackers. They are incapable of detecting strong attackers such as those capable of seamlessly taking over a GPS receiver, which is currently receiving legitimate satellite signals, and spoofing them to an arbitrary location. Also, there is no hardware platform that can be used to compare and evaluate the effectiveness of existing countermeasures in real-world scenarios.

In this work, we present SPREE, which is, to the best of our knowledge, the first GPS receiver capable of detecting all spoofing attacks described in the literature. Our novel spoofing detection technique called auxiliary peak tracking enables detection of even a strong attacker capable of executing the seamless takeover attack. We implement and evaluate our receiver against three different sets of GPS signal traces: (i) a public repository of spoofing traces, (ii) signals collected through our own wardriving effort and (iii) using commercial GPS signal generators. Our evaluations show that SPREE constraints even a strong attacker (capable of seamless takeover attack) from spoofing the receiver to a location not more than 1 km away from its true location. This is a significant improvement over modern GPS receivers that can be spoofed to any arbitrary location. Finally, we release our implementation and datasets to the community for further research and development.

References

[1]

Ettus research llc. http://www.ettus.com/.

[2]

GSG-xx Series Multi-channel advanced GNSS simulator. http://www.spectracomcorp.com/.

[3]

Hacking A Phone's GPS May Have Just Got Easier. http://www.forbes.com/sites/parmyolson/2015/08/07/gps-spoofing-hackers-defcon/.

[4]

LabSat GPS Simulator. http://www.labsat.co.uk/.

[5]

NASA's archive of space geodesy data. http://cddis.gsfc.nasa.gov/.

[6]

NSL Primo GNSS SDR Front End. http://www.nsl.eu.com/primo.html.

[7]

SPREE Source Code. http://www.spree-gnss.ch/.

[8]

SX3 GNSS Software Receiver. http://www.ifen.com.

[9]

UT Austin Researchers Successfully Spoof an $80 million Yacht at Sea. http://news.utexas.edu/2013/07/29/ut-austin-researchers-successfully-spoof-an-80-million-yacht-at-sea.

[10]

Akos, D. M. Who's afraid of the spoofer? GPS/GNSS spoofing detection via automatic gain control (AGC). Navigation (2012).

[11]

Bastide, F., Akos, D., Macabiau, C., and Roturier, B. Automatic gain control (AGC) as an interference assessment tool. In ION GPS/GNSS 2003, 16th International Technical Meeting of the Satellite Division of The Institute of Navigation (2003).

[12]

Borre, K., Akos, D. M., Bertelsen, N., Rinder, P., and Jensen, S. H. A software-defined GPS and Galileo receiver: a single-frequency approach. Springer Science & Business Media, 2007.

[13]

Braasch, M. S. Performance comparison of multipath mitigating receiver architectures. In Proceedings of the Aerospace Conference (2001), IEEE.

[14]

Brands, S., and Chaum, D. Distance-bounding protocols. In Workshop on the theory and application of cryptographic techniques on Advances in cryptology (1993).

Digital Library

[15]

Broumandan, A., Jafarnia-Jahromi, A., Dehghanian, V., Nielsen, J., and Lachapelle, G. GNSS spoofing detection in handheld receivers based on signal spatial correlation. In Proceedings of the IEEE Position Location and Navigation Symposium (PLANS) (2012).

[16]

Farrell, J., and Barth, M. The Global Positioning System and inertial navigation. McGraw-Hill New York, 1999.

[17]

Fernández--Prades, C., Arribas, J., Closas, P., Avilés, C., and Esteve, L. GNSS-SDR: An open source tool for researchers and developers. In Proceedings of the ION GNSS Conference (2011).

[18]

Hofmann-Wellenhof, B., Lichtenegger, H., and Wasle, E. GNSS--global navigation satellite systems: GPS, GLONASS, Galileo, and more. Springer Science & Business Media, 2007.

[19]

Humphreys, T. E., Bhatti, J. A., Shepard, D. P., and Wesson, K. D. The Texas Spoofing Test Battery: Toward a standard for evaluating GNSS signal authentication techniques. In Proceedings of the ION GNSS Meeting (2012).

[20]

Kong, S.-H. Statistical analysis of urban GPS multipaths and pseudo-range measurement errors. IEEE Transactions on Aerospace and Electronic Systems (2011).

[21]

Kuhn, M. G. An asymmetric security mechanism for navigation signals. In Information Hiding (2005).

Digital Library

[22]

Ledvina, B. M., Bencze, W. J., Galusha, B., and Miller, I. An in-line anti-spoofing device for legacy civil GPS receivers. In Proceedings of the International Technical Meeting of the Institute of Navigation (2010).

[23]

Lehner, A., and Steingass, A. The land mobile satellite navigation multipath channel--a statistical analysis. In Proceedings of the 2nd Workshop on Positioning, Navigation and Communication (WPNC) & 1st Ultra-Wideband Expert Talk (UET) (2005).

[24]

Lo, S. C., and Enge, P. K. Authenticating aviation augmentation system broadcasts.

[25]

Manandhar, D., Shibasaki, R., and Torimoto, H. GPS reflected signal analysis using software receiver. Journal on Positioning (2006).

[26]

Misra, P., and Enge, P. Global Positioning System: Signals, Measurements and Performance Second Edition. Lincoln, MA: Ganga-Jamuna Press, 2006.

[27]

Montgomery, P. Y., Humphreys, T. E., and Ledvina, B. M. Receiver-autonomous spoofing detection: Experimental results of a multi-antenna receiver defense against a portable civil GPS spoofer. In Proceedings of the ION International Technical Meeting (2009).

[28]

Nighswander, T., Ledvina, B. M., Diamond, J., Brumley, R., and Brumley, D. GPS software attacks. In Proceedings of the ACM Conference on Computer and Communications Security (2012).

Digital Library

[29]

Papadimitratos, P., and Jovanovic, A. GNSS-based Positioning: Attacks and countermeasures. In Proceedings of the IEEE Military Communications Conference, MILCOM. (2008).

[30]

Phelts, R. E. Multicorrelator techniques for robust mitigation of threats to GPS signal quality. PhD thesis, Stanford University, 2001.

[31]

Psiaki, M. L., O'Hanlon, B. W., Bhatti, J. A., Shepard, D. P., and Humphreys, T. E. Civilian GPS spoofing detection based on dual-receiver correlation of military signals. Institute of Navigation GNSS (ION GNSS) (2011).

[32]

Psiaki, M. L., Powell, S. P., and O'Hanlon, B. W. GNSS spoofing detection using high-frequency antenna motion and carrier-phase data. In Proceedings of the ION GNSS+ Meeting (2013).

[33]

Tippenhauer, N. O., Pöpper, C., Rasmussen, K. B., and Capkun, S. On the requirements for successful GPS spoofing attacks. In Proceedings of the 18th ACM Conference on Computer and communications security (2011).

Digital Library

[34]

Titterton, D., Weston, J., et al. Strapdown Inertial Navigation Technology. 2nd Edition. IET, 2004.

[35]

Warner, J. S., and Johnston, R. G. GPS spoofing countermeasures. Homeland Security Journal (2003).

[36]

Wendel, J., Meister, O., Schlaile, C., and Trommer, G. F. An integrated GPS/MEMS-IMU navigation system for an autonomous helicopter. Aerospace Science and Technology (2006).

[37]

Wesson, K., Rothlisberger, M., and Humphreys, T. Practical cryptographic civil GPS signal authentication. Journal of Navigation (2012).

[38]

Wesson, K., Shepard, D., Bhatti, J., and Humphreys, T. E. An evaluation of the vestigial signal defense for civil GPS anti-spoofing. In Proceedings of the ION GNSS Meeting (2011).

Cited By

Zhang QMao ZFawaz KAlmgren M(2024)Stealthy Data Fabrication in Collaborative Vehicular PerceptionProceedings of the Sixth Workshop on CPS&IoT Security and Privacy10.1145/3690134.3694822(142-149)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3690134.3694822
Han XXiong JShen WWei MZhao SLu ZLiu Y(2024)The Perils of Wi-Fi Spoofing Attack Via Geolocation API and its DefenseIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3352981(1-17)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3352981
Devkota BSaunders LDhakal RKandel L(2024)GPS Spoofing Detection with a Random Forest Multiclass ClassifierMILCOM 2024 - 2024 IEEE Military Communications Conference (MILCOM)10.1109/MILCOM61039.2024.10773678(202-208)Online publication date: 28-Oct-2024
https://doi.org/10.1109/MILCOM61039.2024.10773678
Show More Cited By

Index Terms

SPREE: a spoofing resistant GPS receiver

Recommendations

A Practical GPS Location Spoofing Attack in Road Navigation Scenario
HotMobile '17: Proceedings of the 18th International Workshop on Mobile Computing Systems and Applications

High value of GPS location information and easy availability of portable GPS signal spoofing devices incentivize attackers to launch GPS spoofing attacks against location-based applications. In this paper, we propose an attack model in road navigation ...
AuthGPS: Lightweight GPS Authentication against GPS and LTE Spoofing (poster)
MobiSys '19: Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services

While GPS (Global Positioning System) navigation and GPS based autonomous car driving techniques are mature, the security of GPS signal has not been a primary system concern. In fact, it has been shown that an ordinary GPS can be easily spoofed by a low-...
Efficacy of Asynchronous GPS Spoofing Against High Volume Consumer GNSS Receivers
Q2SWinet '22: Proceedings of the 18th ACM International Symposium on QoS and Security for Wireless and Mobile Networks

The vulnerability of the Global Positioning System (GPS) against spoofing is known for quite some time. Also, the positioning and navigation of most semi-autonomous and autonomous drones are dependent on Global Navigation Satellite System (GNSS) ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

MobiCom '16: Proceedings of the 22nd Annual International Conference on Mobile Computing and Networking

October 2016

532 pages

ISBN:9781450342261

DOI:10.1145/2973750

General Chairs:
Yingying Chen
Stevens Institute of Technology
,
Marco Gruteser
Rutgers University
,
Program Chairs:
Y. Charlie Hu
Purdue University, USA
,
Karthik Sundaresan
NEC Labs Princeton, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

MobiCom'16

MobiCom'16: The 22nd Annual International Conference on Mobile Computing and Networking

October 3 - 7, 2016

New York, New York City

Acceptance Rates

MobiCom '16 Paper Acceptance Rate 31 of 226 submissions, 14%;

Overall Acceptance Rate 440 of 2,972 submissions, 15%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

55
Total Citations
View Citations
1,205
Total Downloads

Downloads (Last 12 months)87
Downloads (Last 6 weeks)13

Reflects downloads up to 24 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhang QMao ZFawaz KAlmgren M(2024)Stealthy Data Fabrication in Collaborative Vehicular PerceptionProceedings of the Sixth Workshop on CPS&IoT Security and Privacy10.1145/3690134.3694822(142-149)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3690134.3694822
Han XXiong JShen WWei MZhao SLu ZLiu Y(2024)The Perils of Wi-Fi Spoofing Attack Via Geolocation API and its DefenseIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3352981(1-17)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3352981
Devkota BSaunders LDhakal RKandel L(2024)GPS Spoofing Detection with a Random Forest Multiclass ClassifierMILCOM 2024 - 2024 IEEE Military Communications Conference (MILCOM)10.1109/MILCOM61039.2024.10773678(202-208)Online publication date: 28-Oct-2024
https://doi.org/10.1109/MILCOM61039.2024.10773678
Wei XMa JSun C(2024)A Survey on Security of Unmanned Aerial Vehicle Systems: Attacks and CountermeasuresIEEE Internet of Things Journal10.1109/JIOT.2024.342911111:21(34826-34847)Online publication date: 1-Nov-2024
https://doi.org/10.1109/JIOT.2024.3429111
Foruhandeh MYang HCheng XStavrou AWang HYang Y(2024)All in one: Improving GPS accuracy and security via crowdsourcingComputer Networks10.1016/j.comnet.2024.110775254(110775)Online publication date: Dec-2024
https://doi.org/10.1016/j.comnet.2024.110775
Spravil JHemminghaus Cvon Rechenberg MPadilla EBauer J(2023)Detecting Maritime GPS Spoofing Attacks Based on NMEA Sentence Integrity MonitoringJournal of Marine Science and Engineering10.3390/jmse1105092811:5(928)Online publication date: 26-Apr-2023
https://doi.org/10.3390/jmse11050928
Srimoungchanh BMorris JDavidson DEskicioglu RHuang PPatwari N(2023)Practical Software Defense for GPS Spoofing on a Hobby UAVProceedings of the First International Workshop on Security and Privacy of Sensing Systems10.1145/3628356.3630119(37-43)Online publication date: 12-Nov-2023
https://dl.acm.org/doi/10.1145/3628356.3630119
Motallebighomi MSathaye HSingh MRanganathan ABoureanu ISchneider SReaves BTippenhauer N(2023)Location-independent GNSS Relay Attacks: A Lazy Attacker's Guide to Bypassing Navigation Message AuthenticationProceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3558482.3590186(365-376)Online publication date: 29-May-2023
https://dl.acm.org/doi/10.1145/3558482.3590186
Pöllny OHeld AKargl F(2023)Survey of Air, Sea, and Road Vehicles Research for Motion Control SecurityIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2023.326445324:7(6748-6763)Online publication date: Jul-2023
https://doi.org/10.1109/TITS.2023.3264453
Chae MPark SChoi SChoi C(2023)Commercial Fixed-Wing Drone Redirection System using GNSS DeceptionIEEE Transactions on Aerospace and Electronic Systems10.1109/TAES.2023.3264193(1-15)Online publication date: 2023
https://doi.org/10.1109/TAES.2023.3264193
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

EPUB

View this article in ePub.

Media

Figures

Other

Tables

View Table of Contents