ATIS Briefing March 21, 2017 Economic Critical Infrastructure and its Dependence on GPS.

Similar documents
Power Matters. Time Interfaces. Adam Wertheimer Applications Engineer. 03 November Microsemi Corporation.

NMI's Role and Expertise in Synchronization Applications

Timing & Synchronisation

Smart Meter connectivity solutions

Why Industry Needs Time A Power Industry Case Study

Ensuring Robust Precision Time: Hardened GNSS, Multiband, and Atomic Clocks. Lee Cosart WSTS 2018

Does Anyone Really Know What Time It Is? Dr. Michael L. Cohen, MITRE October 15, 2013

Business Opportunity. The wave is coming. The Opportunity. Time Synchronization as a first-order concept You take care of it, or you will pay for it!

ITU-T G.8272/Y.1367 (01/2015) Timing characteristics of primary reference time clocks

Our Cyber Security History and Future

Influence of GPS Measurements Quality to NTP Time-Keeping

Wireless InterOp Architecture and Design. Robert Burchard

Sandboxing Wireless/RF Vulnerability Research of Connected Systems

Time Firewall: Securing the GNSS receivers against Spoofing/Jamming. Shemi Prazot AccuBeat

Wide-Area Time Distribution with PTP Using Commercial Telecom Optical Fiber

PERFECT TIMING CRAIG PREUSS, P.E. HOW IEEE STANDARD PC IMPACTS SUBSTATION AUTOMATION

Optimal Clock Synchronization in Networks. Christoph Lenzen Philipp Sommer Roger Wattenhofer

Ron Turner Technical Lead for Surface Systems. Syracuse, NY. Sensis Air Traffic Systems - 1

Today's Lecture. Clocks in a Distributed System. Last Lecture RPC Important Lessons. Need for time synchronization. Time synchronization techniques

Chapter 1 Introduction

MOTOBRIDGE IP INTEROPERABILITY SOLUTION

Introduction. Time Alignment Background in Wireless Infrastructure. AN-1031 Application Note

2.6.1: Program Outcomes

Evaluation of timing GPS receivers for industrial applications

Results from a GPS Timing Criticality Assessment

Clock Synchronization

Digital GPS Repeaters for Wireless Network Timing

Security in Sensor Networks. Written by: Prof. Srdjan Capkun & Others Presented By : Siddharth Malhotra Mentor: Roland Flury

The study of Fuzzy theory applied to cool guys looking for beautiful girl

MAPS for LCS System. LoCation Services Simulation in 2G, 3G, and 4G. Presenters:

IOT GEOLOCATION NEW TECHNICAL AND ECONOMICAL OPPORTUNITIES

LOCALIZATION AND ROUTING AGAINST JAMMERS IN WIRELESS NETWORKS

GNSS VULNERABILITY AND CRITICAL INFRASTRUCTURE

Feasibility Studies of Time Synchronization Using GNSS Receivers in Vehicle to Vehicle Communications. Queensland University of Technology

3 Phase Power Quality Analy er

CS649 Sensor Networks IP Lecture 9: Synchronization

An Experiment Study for Time Synchronization Utilizing USRP and GNU Radio

TEPZZ _7 8Z9A_T EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (51) Int Cl.: G01S 5/06 ( ) G01S 5/02 (2010.

Timing & Synchronisation

SECTION GPS WIRELESS CLOCK SYSTEMS

The FEI-Zyfer Family of Modular, GPS-Aided Time & Frequency Systems

Chapter 2 Distributed Consensus Estimation of Wireless Sensor Networks

Syed Obaid Amin. Date: February 11 th, Networking Lab Kyung Hee University

Experience with Radio Navigation Satellite Service (RNSS)

Capability Statement

Modernized LORAN-C Timing Test Bed Status and Results

TCG 02-G FULL FEATURED SATELLITE CLOCK KEY FEATURES SUPPORTS

Synchronization Requirements of 5G and Corresponding Solutions. Dr. Han Li, China Mobile San Jose,

Cricket: Location- Support For Wireless Mobile Networks

LoRaWAN. All of the gateways in a network communicate to the same server, and it decides which gateway should respond to a given transmission.

DI-6X. LXI solution class A and B compliant for multipurpose enviroments. Digital Instruments S.r.l.

Mobile Security Fall 2015

Non-Packet Time-of-Day Distribution

TCG 02-G FULL FEATURED SATELLITE CLOCK KEY FEATURES SUPPORTS

Source: CERN, ÖAW

Raveon Technologies Corporation iot.raveon.com

BROADSHIELD CAPABILITIES OVERVIEW. Beyond the Frontier

10EC81-Wireless Communication UNIT-6

Microwave Radio Rapid Ring Protection in Pubic Safety P-25 Land Mobile Radio Systems

Web of Things for Connected Vehicles. Soumya Kanti Datta Communication Systems Department

Breaking Through RF Clutter

Fundamentals of Precision Time Protocol. Rudy Klecka Cisco Systems. October 14, 2015

Surviving and Operating Through GPS Denial and Deception Attack. Nathan Shults Kiewit Engineering Group Aaron Fansler AMPEX Intelligent Systems

AN EDUCATIONAL GUIDE HOW RPMA WORKS A WHITE PAPER BY INGENU

SST Expert Testimony Common Questions and Answers

Kalibre/Genesis Manager of Managers. Integrated Fault & Performance Monitoring for Public Safety Communications Networks

Study and Simulation of Phasor Measurement Unit for Wide Area Measurement System

DYNAMIC BANDWIDTH ALLOCATION IN SCPC-BASED SATELLITE NETWORKS

Chapter 2 Overview. Duplexing, Multiple Access - 1 -

CURRENT ACTIVITIES OF THE NATIONAL STANDARD TIME AND FREQUENCY LABORATORY OF THE TELECOMMUNICATION LABORATORIES, CHT TELECOM CO., LTD.

HOW TO RECEIVE UTC AND HOW TO PROVE ACCURACY

Meeting the Communication. Control

Industrial Automation

GPS-free Geolocation using LoRa in Low-Power WANs. Bernat Carbonés Fargas, Martin Nordal Petersen 08/06/2017

Communications Sector. Use of Positioning, Navigation and Timing (PNT) Services

ASTRA: ACTIVE SHOOTER TACTICAL RESPONSE ASSISTANT ECE-492/3 Senior Design Project Spring 2017

A Review of Vulnerabilities of ADS-B

EverBlu. Wireless fixed data collection system

Training for New Technologies

(some) Device Localization, Mobility Management and 5G RAN Perspectives

Differential and Rubidium-Disciplined Test Results from an Iridium-Based Secure Timing Solution

Real-Time Spectrum Management for Wireless Networks

ANSI. Release

Energy Sector. Use of Positioning, Navigation and Timing (PNT) Services

Achieving Network Consistency. Octav Chipara

INTERNATIONAL TELECOMMUNICATION UNION. SERIES G: TRANSMISSION SYSTEMS AND MEDIA, DIGITAL SYSTEMS AND NETWORKS Design objectives for digital networks

SG-IOT SMART WIRELESS. for Lighting Controls 2019 CATALOG.

Cambium PMP 450 Series PMP 430 / PTP 230 Series PMP/PTP 100 Series Release Notes

Distributed Slap Jack

time sync in ITU-T Q13/15: G.8271 and G

Specifying GPS Disciplined Oscillators

Free space loss: transmitting antenna: signal power P snd receiving antenna: signal power P rcv distance: d frequency: f.

NETWORK CONNECTIVITY FOR IoT. Hari Balakrishnan. Lecture #5 6.S062 Mobile and Sensor Computing Spring 2017

Clock Synchronization

Implementing Dijkstra s algorithm for vehicle tracking in adverse geographical condition.

UTILIZATION OF AN IEEE 1588 TIMING REFERENCE SOURCE IN THE inet RF TRANSCEIVER

T200, PTP/IEEE 1588 Grandmaster Clock and

Single Frequency Networks: SynchroCast

PUBLICATIONS BY THE STAFF Springer Vol 32, Issue 2, Dec Ms.S.Sujatha

Measuring Time Error. Tommy Cook, CEO.

Transcription:

ATIS Briefing March 21, 2017 Economic Critical Infrastructure and its Dependence on GPS. Briefing question: If it s critical, then why isn t it uniformly monitored to detect bad actor jamming and spoofing activities? PRESENT ED B Y PAT R I CK DIAMOND, PRINCIPAL, DIAMOND CONSULT ING SUPPORTED B Y AT IS MEMBER COMTECH T E L E COMMUNICATIONS CORP. C O N T E N T A N D T O P I C N O T A F F I L I AT E D W I T H AT I S

DHS recently identified these 13 economic areas as Critical Infrastructure Space Applications Precision Agriculture Surveying & Mapping Power Grids Air Traffic Control Petroleum Industry Supply Chains Transit Operations Shipping & Maritime Applications Financial Markets Emergency Services Industrial Control Telecom

The phrase Critical Infrastructure has many connotations. Today s briefing will consider this in the context of its economic criticality. We won t discuss in detail atomic clocks, satellite operations, IEEE 1588 or any other mechanism for network transfer of time. We will ask the question, If these economic segments are truly critical why aren t they monitored? We will discuss an idea for monitoring these critical infrastructure applications using an out of band and non-intrusive technique. We will discuss the 1 pulse per second signal derived from GPS. It is noted 1pps is used to create the paper time scale UTC, Universally Coordinated Time: it s used to synchronize frequency and phase of radio s in mobile wireless networks, it s used in power grids to align synchro-phasers and many more critical application-specific needs for time and phase. It is assumed the geographic diameter of a jamming or spoofing event is approximately 10 miles.

How do we rationally segregate economical Critical Infrastructure segments? What is characteristically unique about the economic Critical Infrastructure segments? Air Traffic Control, Space Applications, Transportation Infrastructure and Emergency Services are primarily within the government domain. The remaining Infrastructure segments are almost exclusively within the public commercial/industrial domain. They all take advantage of the same free GPS signals, using generally the same equipment. With the highly diverse application performance needs, disjointed operation, different ownership and control systems, how could these end points be uniformly and effectively monitored?

The only common characteristic of these Critical Infrastructure endpoints is 1pps. While the 1pps signal is used differently, it is commonly presented at each end point. The critical component of this signal is the extreme precision of the period between 1pps signals with the time or phase alignment capability of less than 1µS. This deterministic periodicity has enabled highly disparate geographic locations to be synchronized in phase and/or time. In a jamming or spoofing action, this precise period between 1pps signals is corrupted. Can this corruption be uniformly measured and monitored to detect a bad actor attack? I believe it can!

1pps is an electrical signal when output from GPS Receivers. The 1pps signal is not of specific interest here, but rather the period between them. This period is the fundamental value used by economic Critical Infrastructure applications. This 1pps signal is in the frequency domain, and the period between them is in the time domain. Here we care about the time domain. A well-known method of measuring time domain intervals is using time stamps. This is basically a period counter that logs the counts between frequency events, producing a numeric representation of this period. The best known method for producing, measuring and managing these period counts is found in IEEE 1588: Precision Time Protocol.

What if it were possible to correlate the periods between 1pps signals on a wide scale? I will discuss such a capability in clearly understandable detail. This methodology is currently in a theoretic state; however, numerous experts in the time synchronization industry have peer reviewed the theory and agree it is viable. The individual elements of this technique are well understood and off the shelf. In-use techniques for capture and transfer of time periods are borrowed and implemented. Time synchronization algorithms are not implemented.

W i d e A r e a N e t w o r k Critical Infrastructure 1pps Monitoring System Block Diagram 1pps period reference GPS assured timing master reference & 1pps period master GPS Quality timing reference Long range radio always available CI Master Control Server CI Monitor Node communications protocol CI monitor node communications protocol Local CI monitor node Long range radio always available 1pps Critical Infrastructure system Being backed up

What is the principal operational characteristic of the CI 1pps period monitoring methodology? The ultimate goal of the monitoring system is to detect when a UUT is being jammed or spoofed. This detection process will measure the rate of change of the period samples. The technique is to collect 1pps period samples from the target community of CI end points. Samples from each end point will be continuously collected at ~1 second intervals. These samples will be mathematically combined to compute the standard deviation rate of change across the entire community. This computed standard deviation rate of change will be compared to an assured 1pps measured period. A modified form of the Kalman linear quadratic estimation method will process the samples for outliers from the standard deviation value. These outliers will be considered as potential jamming or spoofing candidates.

What is the performance goal of the CI 1pps monitoring methodology? The phase and time performance targets for the economic Critical Infrastructure applications are quite diverse. It is important to keep in mind the reason for this monitoring and detection technique is to locate CI end points under jamming or spoofing attack. The 1pps time period change detection threshold target is 1µS from the computed standard deviation value. This 1µS change could occur from sample to sample, which more than likely would indicate a jamming event, or potentially a receiver failure. The 1µS change could be an accumulated value occurring over several samples which could indicate a spoofing event. In this case it is reasonable to increase the sample rate to compute a pattern of change and establish an early potential fault flag of this end point. Real-time comparison of the computed deviation to an assured 1pps period value will eliminate erroneous results.

What is the system architecture for CI 1pps period monitoring methodology, server? The heart of the system is a series of high performance commercial grade cloud servers with open system OS and virtual machine capability. Co-located with each server is an assured GPS system with long term holdover, greater than 72hrs. Each server would be backed up by 2 other servers. The period sample database for each would be constantly mirrored to the backups. It is estimated each server could simultaneously support 1500 CI end points. The computation applications would be written in the Python programming language to assure portability to other open OS systems. Code obfuscation techniques would be employed to prevent bad actor hacking. Typical data transfer packet size estimated at 64 bytes.

What is the system architecture for CI 1pps period monitoring methodology, CI node? Each CI end point would have a CI monitoring node to measure the 1pps signal period and produce a 64-bit time stamp with 4nS granularity. Each CI monitoring node would have 2 mechanisms for transfer of period time stamps to servers. The there are 3 transfer technology candidates. Wide area packet ethernet for those CI locations with backhaul connectivity. IoT 50Kbs Unlicensed band radio for all locations, for building penetration to inbuilding systems and alternate route for backhaul failure. NB-LTE for outdoor CI locations without backhaul connectivity.

What is the reporting method for CI 1pps period monitoring? The objective for this system is to monitor and detect jamming and spoofing events regardless of the CI end point. In order for this to be accomplished, the CI stakeholders need to have an incentive to participate in the program. This universal monitoring can be accomplished through creating a location database of each CI end point being monitored. The benefit to each CI stakeholder is a uniform method of notification of jamming and spoofing attacks in real time, to include the locations being attacked. The benefit to the DHS is immediate notice of the physical locations jamming and spoofing attacks are occluding in real time. All participants would have secure gateway access to the servers monitoring their CI end points. The open system architecture offers a near unlimited set of context syntax for easy integration into stakeholders current monitor and control systems.

What is the objective for today s CI 1pps period monitoring system briefing? It is understood this is a new and unique idea for monitoring and detecting of GPS CI jamming and spoofing attacks. The genesis of this idea is a universal recognition of GPS CI end points vulnerability to jamming and spoofing attacks. The motivation for this idea sharing is a common need amongst vulnerable CI stakeholders both government and commercial. The pretext of the system design is non-intrusive to the CI systems and an out of band secure method of monitoring and detecting attacks. Our goal today is to stimulate the CI stakeholder community to indepth topical discussion on this idea and any others these discussions may spawn.

Thank you for taking the time to listen to this presentation. Hopefully it stimulated thought on Critical Infrastructure vulnerability protection techniques. We look forward to your comments.

Sponsored by For more information, contact Sameer Vuyyuru Sameer.Vuyyuru@comtechtel.com

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback