Mobile Security Fall 2015

Similar documents
Security of Global Navigation Satellite Systems (GNSS) GPS Fundamentals GPS Signal Spoofing Attack Spoofing Detection Techniques

GLOBAL POSITIONING SYSTEMS

Entity Tracking and Surveillance using the Modified Biometric System, GPS-3

MOBILE COMPUTING 1/28/18. Location, Location, Location. Overview. CSE 40814/60814 Spring 2018

GPS: The Basics. Darrell R. Dean, Jr. Civil and Environmental Engineering West Virginia University. Expected Learning Outcomes for GPS

Time Firewall: Securing the GNSS receivers against Spoofing/Jamming. Shemi Prazot AccuBeat

GLOBAL POSITIONING SYSTEMS

Mobile Positioning in Wireless Mobile Networks

GPS/QZSS Signal Authentication Concept

Channel Modeling ETIN10. Wireless Positioning

Public or Private (2)

The GLOBAL POSITIONING SYSTEM James R. Clynch February 2006

Prof. Maria Papadopouli

IoT. Indoor Positioning with BLE Beacons. Author: Uday Agarwal

GPS Global Positioning System

Agenda Motivation Systems and Sensors Algorithms Implementation Conclusion & Outlook

IOT GEOLOCATION NEW TECHNICAL AND ECONOMICAL OPPORTUNITIES

A Review of Vulnerabilities of ADS-B

IoT Wi-Fi- based Indoor Positioning System Using Smartphones

Jamming and Spoofing of GNSS Signals An Underestimated Risk?!

DEFINING THE FUTURE OF SATELLITE SURVEYING WITH TRIMBLE R-TRACK TECHNOLOGY

S a t e l l i t e T i m e a n d L o c a t i o n. N o v e m b e r John Fischer VP Advanced R&D

The Global Positioning System

GPS and Recent Alternatives for Localisation. Dr. Thierry Peynot Australian Centre for Field Robotics The University of Sydney

GBAS FOR ATCO. June 2017

Ensuring Robust Precision Time: Hardened GNSS, Multiband, and Atomic Clocks. Lee Cosart WSTS 2018

GPS Milestones, cont. GPS Milestones. The Global Positioning Sytem, Part 1 10/10/2017. M. Helper, GEO 327G/386G, UT Austin 1. US GPS Facts of Note

MOBILE COMPUTING 1/29/18. Cellular Positioning: Cell ID. Cellular Positioning - Cell ID with TA. CSE 40814/60814 Spring 2018

Digital Surveillance Devices?

Digital surveillance devices?

Surviving and Operating Through GPS Denial and Deception Attack. Nathan Shults Kiewit Engineering Group Aaron Fansler AMPEX Intelligent Systems

Introduction to the Global Positioning System

Localization: Algorithms and System

GNSS Technologies. GNSS integration with other positioning methods

Wireless Network Security Spring 2016

Tracking New Signals from Space GPS Modernization and Trimble R-Track Technology

Protection Augmentation Toughness and Alternatives of GNSS. Melaha 2016 Concord Al-Salam Hotel Cairo, April 25,2016 Refaat Rashad

The Next Generation of Secure Position, Navigation and Timing Technology

Global Navigation Satellite Systems (GNSS)Part I EE 570: Location and Navigation

Jager UAVs to Locate GPS Interference

SMART RFID FOR LOCATION TRACKING

HOW TO RECEIVE UTC AND HOW TO PROVE ACCURACY

36. Global Positioning System

What is a GPS How does GPS work? GPS Segments GPS P osition Position Position Accuracy Accuracy Accuracy GPS A pplications Applications Applications

Proceedings of Al-Azhar Engineering 7 th International Conference Cairo, April 7-10, 2003.

Power Utilities Mitigating GPS Vulnerabilities and Protecting Power Utility Network Timing

Future Dual Systems for Landing. The DGNSS PALS opportunity Marco Donfrancesco Intelligence & Cyber EW Sales & Mktg

CARRIER PHASE VS. CODE PHASE

Wireless Network Security Spring 2015

Introduction. Global Positioning System. GPS - Intro. Space Segment. GPS - Intro. Space Segment - Contd..

NR402 GIS Applications in Natural Resources

V2X-Locate Positioning System Whitepaper

Location Tracking. Current Technologies 1/19/2011. Not one, single technology Convergence of several technologies. Systems for

Cooperative navigation: outline

LOCALIZATION WITH GPS UNAVAILABLE

GNSS RFI/Spoofing: Detection, Localization, & Mitigation

Lecture-1 CHAPTER 2 INTRODUCTION TO GPS

King AbdulAziz University. Faculty of Environmental Design. Geomatics Department. Mobile GIS GEOM 427. Lecture 3

Next Generation Positioning Infrastructure

GNSS Threats at Airports and detecting them

Location, Location, Location

Global Positioning Systems (GPS) Trails: the achilles heel of mapping from the air / satellites

An Introduction to Airline Communication Types

Understanding GPS: Principles and Applications Second Edition

Future GNSS: Improved Signals and Constellations

The Case for Recording IF Data for GNSS Signal Forensic Analysis Using a SDR

Localization in WSN. Marco Avvenuti. University of Pisa. Pervasive Computing & Networking Lab. (PerLab) Dept. of Information Engineering

UNIT 1 - introduction to GPS

EE 570: Location and Navigation

Primer on GPS Operations

RESPONSE TO THE HOUSE OF COMMONS TRANSPORT SELECT COMMITTEE INQUIRY INTO GALILEO. Memorandum submitted by The Royal Academy of Engineering

Applying Defence-in-depth to counter RF interferences over GNSS

Technology Talk Bulletin

The Effect of Radio Frequency Interference on GNSS Signals and Mitigation Techniques Presented by Dr. Tarek Attia

Smartphone Positioning and 3D Mapping Indoors

GNSS Training for ITS Developers. Characterisation of EGNSS performances in relationship with the application requirements

Evaluating OTDOA Technology for VoLTE E911 Indoors

High Precision GNSS in Automotive

High Precision Urban and Indoor Positioning for Public Safety

Indoor Positioning by the Fusion of Wireless Metrics and Sensors

ECS455: Chapter 4 Multiple Access

Case sharing of the use of RF Localization Techniques. Dr. Frank Tong LSCM R&D Centre LSCM Summit 2015

Enhancing Bluetooth Location Services with Direction Finding

Introduction to the Global Positioning System

Alternative Positioning, Navigation and Timing (APNT) for Performance Based Navigation (PBN)

DYNAMICALLY RECONFIGURABLE SOFTWARE DEFINED RADIO FOR GNSS APPLICATIONS

matthew ahrens* December, 12th, 2014

Canadian Coast Guard Review to Implement a Resilient Position, Navigation and Timing Solution for Canada. Mariners Workshop January 31 st, 2018

Assessing the likelihood of GNSS spoofing attacks on RPAS

Pixie Location of Things Platform Introduction

THE IMPLEMENTATION OF INDOOR CHILD MONITORING SYSTEM USING TRILATERATION APPROACH

Benefits and Limitations of New GNSS Signal Designs. Dr. A. J. Van Dierendonck AJ Systems, USA November 18, 2014

GLOBAL POSITIONING SYSTEMS. Knowing where and when

Location Based Technologies

GNSS MONITORING NETWORKS

Module Introduction. Purpose The intent of this module is to provide you with an overview of the Global Positioning System.

The topic we are going to see in this unit, the global positioning system, is not directly related with the computer networks we use everyday, but it

Boeing Timing & Location

GPS Modernization and Program Update

Integrated GPS/TOA Navigation using a Positioning and Communication Software Defined Radio

Transcription:

Mobile Security Fall 2015 Patrick Tague #8: Location Services 1

Class #8 Location services for mobile phones Cellular localization WiFi localization GPS / GNSS 2

Mobile Location Mobile location has become a critical element of smartphone usage One of the major differentiators from laptops Enables a wealth of new services (location-based services) How does it work? 3

Device Localization How does a device figure out its location? Another device/system tells it Ex: cell provider tells the device where it is Another device/system provides reference points that allow it to estimate a location Ex: GPS It learns from a set of known landmarks I just took a picture of the statue of liberty...where am I? It figures it out using other information 4

Relative Localization Each localizing device collects geometric relationships relative to several reference points (xi,yi) Local presence I can hear you, so I must be near (x,y) (x,y) Rx signal strength Time of flight RSS = R distance d Time t distance d (x,y) Time t2-t1 Angle of arrival distance d (x,y) (x2,y2) (x1,y1) (x,y) Time-difference Connectivity (x1,y1) (x2,y2) q1 q2 5

Location from Cell Towers 6

Trilateration Requirements: At least three reference points Reference points with known location Line-of-sight communication 7

More Trilateration GPS WiFi Bluetooth 8

You Mean Triangulation? Trilateration Using 3 or more distance measurements to identify a point Triangulation Uniquely defining a triangle from two angle measurements and a known length 9

Triangulation Requirements: At least two angle measurements At least one known distance Ability to measure angle-of-arrival (not as easy as it sounds) Line of sight 10

Triangulation v. Trilateration Trilateration Receiver (e.g., phone) is locating itself based on measurements from several transmitters (e.g., cell towers) with known locations Triangulation Two receivers (e.g., cell towers) are locating a transmitter (e.g., phone) by measuring angle-of-arrival of transmitted signal Requires special hardware or really fancy software 11

Fingerprinting 12

Fingerprinting Advantages Resistant to multipath and attenuation Disadvantages Requires data collection / site survey 13

Crowd-Sourced WiFi Fingerprints WiFi fingerprinting can be done at large scale by recording which WiFi networks (SSID+MAC) are nearby (maybe +RSSI) Location service providers such as Skyhook can take this info, look up the networks in a giant database, and perform trilateration for you 14

Location from Sensors Many sensors on the phone can be helpful in determining location, especially due to mobility Dead reckoning Advantage: Needs no infrastructure Disadvantage: Error accumulates over time 15

Let's focus on GPS, arguably the most prominent location source for smartphones 16

GPS Global Position System was developed by the US DoD initially in the 1970s and completely operational in 1994 Similar to other systems deployed by Russia, EU, China, India, and others Satellites broadcast current time and location to allow any receiver on Earth to localize 17

Things using GPS GPS is used for: Automobile navigation (and autonomous driving) Mobile geo-location (for LBS, etc.) Livestock / wildlife tracking Aircraft and ship navigation and autopilot Power grid synchronization Financial transactions & trading Telecom system operations... 18

So, how does GPS actually work? 19

GPS Signals GPS satellites send several different signals On the L1 band (1575.42 MHz), coarse-acquisition (C/A) signal, encrypted precision (P(Y)) signal, L1 civilian (L1C) and military (M) codes On the L2 band (1227.60 MHz), P(Y) code, L2C and M Three other bands (L3, L4, L5) used for other purposes Nuclear detonation detection, atmospheric correction, civilian safety-of-life 20

Multilateration GPS satellites serve as mobile reference points for Earth-based receivers All satellites have high-precision, tightly synchronized clocks and precisely known locations Each receiver hears a coordinate and timestamp from each transmitter, measures the distance based on the transmission time d 2 fro m (x 2,y 2,z ) Dist d fr om (x,y 1 1 1,z ) @ t 1 1 m fro t d3 @ 3 ) st Di y,z 3, 3 (x 3 Dis t 2 @ t 2 21

Measuring Distance Dist d1 from (x1,y1,z1) @ t1 How to measure distance from the satellite? Well, distance = speed of light * time, so just measure time... 22

Receiver Timing Dist d1 from (x1,y1,z1) @ t1 Satellites themselves use atomic clocks to maintain ground truth Receivers have to synchronize with the satellites Remember, 1ns time error 1ft distance error With clever processing, an extra satellite signal provides required synchronization 3 satellites for space, 4 for space+time 23

Errors Errors arise for many different reasons Scattering through Earth's atmosphere, reflection off buildings, time sync errors, etc. Much of this can be handled by incorporating proper models in the distance estimation process But, no longer just distance = rate * time Some receivers get diversity from using military & civilian signals 24

Military v. Civilian GPS Civilian GPS uses an unencrypted and unauthenticated signal for location and time synchronization Military GPS devices can be keyed to use an encrypted and authenticated signal for high assurance location and timing Military GPS requires key management, often in the form of manually entering long keys into handsets Use of the military signal can provide much higher accuracy, error correction, etc. 25

Military GPS Rumors Since manual key management is often an impediment to mission-critical activities, there have been reports that a large number of soldiers use GPS in civilian mode 26

Selective Availability When GPS was originally designed, it was intended to provide coarse-grained location for civilians and fine-grained location for military Does anyone remember when GPS accuracy was 30-50 meters and that was good enough for most things? Selective Availability was eliminated around 2000 to provide higher accuracy for civilian applications Usually, we can get ~10 meter accuracy 27

Differential GPS For applications that require even better accuracy Differential GPS uses an additional signal sent from a ground station to compensate for errors in data sent by satellites E.g., DGPS stations can send difference between location claimed by satellite and its observed location Accuracy of ~10cm can be achieved using DGPS Appropriate for autonomous / swarm vehicle applications 28

What are the possible security issues with GPS? 29

Jamming GPS is based on wireless communication, so it's subject to interference GPS signals can be as quiet as -160dBm (10-19W) Jamming is pretty easy 30

Replay Attacks Replay of GPS transmissions would involve stale timestamps and location information The content of the message would be good But the time sync step would fail and most likely give unreasonable results Unless the timing is precisely controlled...more in a minute 31

GPS Spoofing Instead of replaying old GPS signals, fabricate new ones and pretend to be a satellite Spoofing leverages lack of authentication in civilian GPS signals Provides invalid information to the receiver to force it to compute an incorrect location Two types of spoofers have been demonstrated al n g i s g n i Spoof 32

Timed Replay as Spoofer Humphreys et al. built a spoofer (see [Humphreys et al., ION GNSS 2008]) It receives signals, analyzes them, and replays them after a precise delay The delay affects the distance measurement, thereby affecting the location result Precise control of delay allows gradual error accumulation or drifting, so detection is difficult 33

Many More Attacks GPS receivers are also vulnerable to a number of signal- and software-based attacks e.g., Middle-of-the-Earth attack See [Nighswander et al., CCS 2012] 34

How could you protect against these GPS attacks / threats... 35

without replacing or upgrading the satellite systems? 36

Deployment Constraints Because of the deployment cost, upgrading or replacing satellites is not really an option Maybe very slowly over time, but not any time soon So authentication is out GPS receivers have to respect what the GPS transmitters are sending even if they cannot authenticate them 37

Alternatives Several defense / mitigation strategies have been proposed by the GNSS community Modifying GPS receivers to use multiple antennas to verify angle of arrival consistency Augment receiver software to compare changes in location over time Incorporate sensor data (GPS says you're moving but gyro says you're not?) Incorporate other GNSS systems for diversity 38

What about Privacy? Location privacy is a huge problem We'll talk about it more a bit later in the semester 39

Oct 13 & 15: SoW Presentations Oct 20: NFC & Mobile Payment 40

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback