Applying Defence-in-depth to counter RF interferences over GNSS IET 5th Oct. 2011 Xavier Bertinchamps - GSA
Objective of this presentation Understand Jamming threat on GNSS Propose a comprehensive strategy to counter it Describe two concepts that can help 1. The use of Public Regulated Service 2. A System-of-System designed for countering Jamming Explain how GSA would like to combine them together 2
Introduction RF interferences which might limit the use and applications of EGNOS and Galileo This is a concern for GSA Let s assume that Our modern society is severely dependent on GPS GPS is crucially threatened by Radio interferences Will be discussed later today Gordon Black: GNSS Reliance Okko Bleeker / Guy Buesnel: Anti-jam resistance and techniques 3
Two Vulnerabilities of GNSS 1. Signal is very weak at reception side Easy to jam Difficult to locate jammers 2. Signal is known and predictable, except for secure services such as PRS Easy to spoof 4
Ranking the Risks Dangerousness Spoofers High power Jammers Medium power Jammers General use of low power Jammers Few low power Jammers Today Time 5
Defence-in-depth - 1 Given the assumed 1. Criticality of GNSS 2. Jamming Threat 3. Intrinsic vulnerabilities of GNSS Only a defence-in-depth approach can mitigate the Jamming risk 6
Defence-in-depth - 2 Decision makers shall develop a policy ensuring a coordination between Prevention, Detection and Correction of potential attacks Definition of Defence-in-depth: A range of technical and non-technical security measures, organised as multiple layers of defence Deterrence and prevention Detection, characterisation and response Resilience and recovery 7
Measures Legislation Definition of the Signal Detection, location, monitoring, communication Mitigation Fall-back solutions 8
Deterrence Security measures aimed at dissuading any adversary planning to attack Law and regulations International regulations ITU Radio Regulations» States are required to have a unique national point of contact Spectrum Monitoring Handbook» Recommendations on spectrum monitoring and direction finding equipments European level Radio Spectrum Decision (RSD) 676/2002/EC of the European Parliament and of the Council of 7 March 2002 on a regulatory framework for radio spectrum policy in the European Community PRS Access rules» Requires to establish a point of contact for assisting in reporting detected potentially harmful electromagnetic interference affecting the PRS National laws 9
Prevention Security measures aimed at impeding or blocking an attack Control Access to equipment designed for or usable for Jamming and spoofing Jammers Signal repeater Signal generator Access to this equipment may require an authorisation (Licence) Use of Pseudolite 10
Detection Security measures aimed at discovering the occurrence of an attack Interference monitoring system EGEP (European GNSS Evolutions Programme) PROTECTOR DETECTOR Receiver Signal processing PRS Receivers Crowd sourcing detection Need for an equivalent to Computer Emergency Response Team regarding GNSS jamming threat GSA s RF Threats Observatory 11
Resilience Security measures aimed at limiting impact of an attack and preventing further damage Improved performances of Signal-in-space Dual band, larger spreading code, more radiated power GPS PPS Galileo PRS Signal processing at receiver side CRPA antenna Choke-ring attenuators Signal processing Pulse blanking Hybridization 12
Recovery Security measures aimed at regaining a secure situation Fall-back solutions Traditional map/atomic clock Inertial System Other navigation system Loran-C/e-Loran, DME, ILS Other sensors Odometer Pedometer Removal of interferences by National Spectrum Agencies 13
What goes wrong Isn t it good enough? No What goes wrong? Need for a monitoring of the threats ITU spectrum Monitoring handbook is not binding Looking for weak signals that could be precursors to growing issues Need for a better assessment of our dependency to GNSS To be done at National level and European level Cross-border issues Need for a better coordination between stakeholders At crossroad between GNSS and RF Spectrum monitoring agencies EU and National responsibilities Need for proper reaction capabilities Police cannot investigate Jamming issues Spectrum monitoring agencies need support of Police forces Need for GNSS security and continuity plan 14
A possible framework for a way forward Decision No 676/2002/EC requires to establish procedures in order to facilitate policy making [ ] with the aim of optimising the use of radio spectrum and of avoiding harmful interference An incentive may arise from the International Committee on GNSS 15
What can PRS do to help IET 5th Oct. 2011
EU GNSS programmes EGNOS Galileo programme OS PRS Search and Rescue Commercial Service Safety of life 17
Why PRS? Several THREATS to GNSS services 1. Jamming + other forms of denial of service (DoS) 2. Spoofing 3. Misuse Against EU / MS interests Several NEEDS for critical applications => PRS 1. Better Continuity of Service 2. Authentication 3. Access Control 18
Jamming => Improved continuity Signal power at reception side is very low As ROM, 10mW = 10km jamming range Can be easily jammed by Non-intentional RF interference Intentional jamming Jamming is countered by Wider band CDMA Signal => PRS signal Band Diversity (L1 + E6) => PRS signal Signal processing, hybridation techniques Controlled Radiation Pattern Antenna (CRPA) Spectrum monitoring, law and enforcement PRS Access rules => PRS CMS Use of pseudolites as local augmentation 19
Other forms of DoS Need for improved continuity for PRS applications translates into two kind of measures 1. Measures on Galileo infrastructure assets, as a general rule Benefits to all Galileo services Redundancy of assets Deployment of ground infrastructure on areas controlled by MS Commitment of MS/third states to protect Galileo as a Critical Infrastructure GSMC, as centre for monitoring the Security of Galileo Joint-action capabilities 2. Additional measures specifically designed to support PRS in case of direct attack E.g. PRS Access rules will request PRS Participants as well as non-participant MS to report of electromagnetic interference affecting the PRS 20
Spoofing => Authentication GNSS signals can be generated and radiated so to make receivers calculate wrong PVT GNSS spoofers are on-the-market This is essentially a GNSS signal generator Or a record and replay device Attacks on Time servers have been demonstrated Spoofing is countered by crypto techniques Crypto Key must be protected 21
Misuse => Access control Satellite navigation is a force multiplier Provides more efficiency to command, control, communication and intelligence Improves accuracy of weapons When national security is threatened, it may be necessary to deny adversaries from any GNSS capability Access to GNSS is controlled by Local jamming of all but controlled services Navwar Access to PRS need crypto Key Key dissemination is controlled PRS Key is protected => PRS Security Module Access to PRS equipment and technology CMS Export control 22
So, what is PRS? - 1 PRS is a signal Wide band / Two bands signals so as to be more resistant to unintentional interference and bad propagation conditions Better continuity of service Bring also better accuracy Separate band in RF spectrum with respect to other services Possibility to deny other GNSS services by jamming while enabling PRS Encrypted ranging codes and data Protection against spoofing Access Control mechanisms 23
What is PRS? - 2 PRS is a Security Module (PRS SM) Cryptographic unit to be embedded within a PRS Receiver Protect cryptographic algorithm and key material from tamper attacks Embed other security measures Information assurance on PVT 24
What is PRS? 3 PRS Signal-in-Space Galileo Satellites Galileo Uplink Stations POC Platform (MS Staff) Galileo Control Centre (Operations Staff) Galileo Security Centres POC Platform (MS Staff) POC Platform (MS Staff) Galileo Operations (ESA/Operator) PRS Security Management (GSA Staff) EU Member States & Authorised PRS Participants User Communities (e.g. Police) Users (PRS Receivers) 25
On-going perspectives on PRS: Use of Secondary Channel - 1 Objective to adapt to PRS on-going convergence between Navigation and Communication TETRA standards Location Information Protocol (LIP) Assisted-GPS, Net Assist Protocol (NAP) EGNOS Data Access Service (EDAS) Provides EGNOS augmentation data on-line RFC for assisted GNSS over the Internet 26
On-going perspectives on PRS: Use of Secondary Channel - 2 Galileo Constellation Other GNSS Constellation PRS SIS GNSS Signal Uplink Station PMR Link TETRA/PRS Receiver Base Station Base Station Base Station Base Station Network Control Centre Switch Centre Switch Centre Galileo Control Centre (Operations Staff) Galileo Security Centre (GSA Staff) POC Platform (MS Staff) TETRA Core Netwok User Control Centre PRS Assistance Server Control Centre Staff (Dispatchers etc) TETRA Network MS / PRS Participant 27
Expected benefits On-going perspectives on PRS: Use of Secondary Channel 3 PRS Management operation transparent to users Key management Accounting Access control + all benefits as for other Assisted GNSS Reduction of cost, size, power consumption Better performances Acquisition Tracking + Convergence of services Tracking 28
What goes wrong PRS is not bullet-proof against jamming Galileo itself is not bullet-proof Need for a detection and response capability = JIMS 29
Introduction to the PROTECTOR study IET 5th Oct. 2011
Definition PROTECTOR PRS and Operational Tool to Evaluate and Counteract Threats Originating from Radio-sources Definition of the means to protect European GNSS against RF interferences Price = 1M Duration 18 months Final Acceptance Review 4 Oct. 2011 31
Consortium organisation 32
How JIMS works JIMS System-of-Systems RIMS CPF GSS GMS MCC EGNOS Galileo GCC GSMC EC & Council GSA EU JIMS Entity European Monitoring Entities EUROPEAN MEANS PRS link non-prs link PRS PoC User Group PRS User Non-PRS User Spectrum Monitoring Agency National Monitoring Entities NATIONAL MEANS 33
How MS Spectrum agencies would be part of JIMS 34
How EU means may contribute to JIMS 35
How PRS Rx may contribute to JIMS - 1 PRS participants will have to comply with Common Minimum Standards Requires to establish a point of contact for assisting in reporting detected potentially harmful electromagnetic interference affecting the PRS PRS receivers could be used by MS to detect, characterise and localise interferences Similar concept to Crowd-sourcing as proposed by Logan Scott PRS Secondary Channel can also be used to warn PRS users about interferences sources and to activate specific signal processing counter-measures 36
How PRS Rx may contribute to JIMS 2 37
Conclusion: synergies between JIMS and PRS JIMS and PRS need each other PRS needs JIMS to increase availability JIMS needs the input from PRS receivers Thank you. 38