SAN JOSE – After testifying before Congress about security vulnerabilities in civil GPS systems last week, Todd Humphreys is convinced the industry needs a new approach to plugging holes in what he calls “the most popular unauthenticated protocol in the world.”
“There’s a way to add backward-compatible authentication like digital watermarks to GPS signals, and last week I had my best shot at convincing lawmakers to fix the problem at the signal source,” said Humphreys who directs the Radionavigation Laboratory at the University of Texas at Austin.
“I don’t think I will even pursue that anymore because I got a strong sense it is a non-starter,” Humphreys said in an interview with EE Times. “No one wants to touch the signals broadcast from the satellites even though all we are asking is to define a new message,” he added.
Only 15 of the 62 possible GPS messages are currently defined. Humphreys and other GPS security experts recommend defining two messages that could automatically authenticate GPS signals.
Even if the U.S. government had the will to make the technical changes, it could take more than five years to implement, Humphreys said. That’s too late given a Congressional mandate opening up the use of civilian drones in the U.S. in 2015.
Humphreys went to Washington DC hoping lawmakers would embrace the cryptographic solution developed in his lab. “We spent two years writing that paper and wanted to hand it to lawmakers as a template free of charge to implement--it will work fairly well,” he said.
The problem is that hackers can readily spoof civil GPS signals. Humphreys’ lab has shown how hackers can use faked GPS signals to take over operation of a drone aircraft, a power grid or a cellular network.
“I don’t want to be an alarmist, but to me it defies reason that we would continue to develop around unauthenticated civilian GPS protocols,” he said. “It seems to be a fairly significant vulnerability like leaving the back door to your house open—the odds are nothing will happen, but you won’t feel good about it,” he said.
Technology advances have created a lot of concern over its security. Thanks for sharing! GPS security hack would allow be a bridge of personal location and information. However, as far as GPS security is concern, there cannot be firewall barrier as GPS devices will need to access satellite for location information, making GPS security hack prevention more difficult. GPS security will become a concern when hackers interfere with the signals from the satellite. As a result, this will make location determination inaccurate.
Yes, having a tight beam in the receive antenna, to receive signals only from azimuths and elevations that are known to be valid, is a technique to mitigate spoofing vulnerability. But it seems to me that adding in authentication, in a backward compatible way, is such a no-brainer that I can't fathom why anyone would be dragging his feet on making this decision.
It should not matter what the schedule for allowing drones is. Authentication is something that will have benefits in the long term. You can't think just 5 years into the future.
How accurately can GPS antennas determine where the signal is coming from? Since GPS receivers know (or can know if properly programmed) exactly where in the sky satellites are at a given moment, they could ignore signals coming from the wrong place.
Simply insuring a signal is coming from above the horizon would require spoofers to be airborne. Not a huge hurdle, admittedly, but at least it's an improvement.
It might also be getting whatever information they can from GLONASS as a sanity check. This further complicates things for spoofers by requiring them to spoof it as well.
Even if the satellites aren't programmed to use an authenticated source, perhaps urban areas should use one or more fixed ground sources, as with differential GPS? Those could be authenticated and unspoofable, and at least allow receivers to know when someone is trying to spoof them and go into a failsafe mode (i.e., over places like NYC or DC leave the critical areas and start circling over water or farmland until operators can take over)
The solar maximum which starts next year will further complicate the reliability (and security?) of space-based networks like GPS. This will be the first real test of the ability of GPS electronics to withstand the effects of increased solar radiation. My advice: Buy a road atlas!
Join our online Radio Show on Friday 11th July starting at 2:00pm Eastern, when EETimes editor of all things fun and interesting, Max Maxfield, and embedded systems expert, Jack Ganssle, will debate as to just what is, and is not, and embedded system.