Spoofing in aviation: security threats on GPS and ADS-B systems

Dejan V. Kožović; Dragan Ž.  Đurđević

doi:10.5937/vojtehg69-30119

Dejan V. Kožović BEN AIR, Beograd, Republika Srbija https://orcid.org/0000-0002-7816-1248
Dragan Ž. Đurđević Megatrend Univerzitet, Fakultet civilne avijacije, Beograd, Republika Srbija https://orcid.org/0000-0002-3551-7662

DOI: https://doi.org/10.5937/vojtehg69-30119

Ključne reči: ADS-B, avijacija, GPS, radio-frekvencijske interferencije, spufing, antispufing

Sažetak

Uvod/cilj: U radu su ukratko opisana nedavna istraživanja u oblasti GPS i ADS-B spufinga/antispufinga. Ovi sistemi, koji se oslanjaju na tehnologiju satelitskog pozicioniranja, mogu biti meta spufing napada čiji je cilj generisanje pogrešnog pozicioniranja ili vremenskog određenja, tako što se u prijemnik „žrtve” ubacuju lažni signali. Naime, napadač pokušava da ubaci lažne informacije u sisteme koji, na primer, omogućavaju navigaciju aviona ili dronova radi otmice ili distrakcije bezbednosti/sigurnosti u nadzoru vazdušnog prostora. Zbog toga su neophodni novi koncepti navigacije i ATC-a.

Metode: Primenom naučnog pristupa prezentovana je evaluacija GPS i ADS-B spufinga/antispufinga. Navedeno je kako spufing utiče na sajber bezbednost vazduhoplovnog sistema.

Rezultati: Na osnovu korišćene metodološke analize objašnjen je značaj proučavanja spufinga/antispufinga u avijaciji.

Zaključak: Iako spufing GNSS sistema predstavlja potencijalnu pretnju, njegova tehnička izvodljivost je realna, a potencijal veliki jer je fleksibilniji i jeftiniji zbog vrlo brzog napretka SDR tehnologija. Realan rizik predstavljaju potencijalni spufing napadi koji bi se mogli ostvariti iz vazdušnog prostora, uz korišćenje dronova/UAV. Međutim, primenom različitih antispufing tehnika prijemnici avionskog sistema mogu detektovati spufing. Zbog mogućih sofisticiranijih oblika spufing napada, međunarodne organizacije, poput ICAO, proaktivno se bave povećanjem otpornosti GPS i ADS-B sistema na spufing.

Reference

Alghamdi, F., Alshrahani, A. & Hamza, N. 2018. Effective security techniques for automatic dependent surveillance-broadcast (ADS-B). International Journal of Computer Applications, 180(26), pp.23-28 [online]. Available at: https://www.ijcaonline.org/archives/volume180/number26/alghamdi-2018-ijca-916598.pdf [Accessed: 25 December 2020].

Ali, B.S. 2016. System specifications for developing an automatic dependent surveillance-broadcast (ADS-B) monitoring system. International Journal of Critical Infrastructure Protection, 15, pp.40-46. Available at: https://doi.org/10.1016/j.ijcip.2016.06.004.

Berz, G. 2018. GNSS spoofing and aviation: an evolving relationship. Inside GNSS, 25 September [online]. Available at: https://insidegnss.com/gnss-spoofing-and-aviation-an-evolving-relationship/ [Accessed: 25 December 2020].

Betz, J.W. 2002. Binary offset carrier modulations for radionavigation. Navigation, 48(4), pp.227-246. Available at: https://doi.org/10.1002/j.2161-4296.2001.tb00247.x.

Borowski, H., Isoz, O., Eklof, F.M., Lo, S. & Akos, D. 2012. Detecting false signals with automatic gain control. GPS World, 1 April [online]. Available at: https://www.gpsworld.com/detecting-false-signals-automatic-gain-control-12804/ [Accessed: 1 April, 2012].

Chan-Tin, E., Heorhiadi, V., Hopper, N., Kim, Y. 2011. The frog-boiling attack: limitations of secure network coordinate systems. ACM Transactions on information and system security (TISSEC), 14(3), pp.1-26. Available at: https://doi.org/10.1145/2043621.2043627.

Costin, A. & Francillon, A. 2012. Ghost in the air (traffic): on insecurity of ads-b protocol and practical attacks on ads-b devices. In: BLACKHAT 2012, Las Vegas, NV, USA, July 21-26 [online]. Available at: https://www.eurecom.fr/publication/3788 [Accessed: 25 December 2020].

Enea, G. & Porretta, M. 2012. A comparison of 4D-trajectory operations envisioned for NextGen and SESAR, some preliminary findings. In: Proceedings of the 28th International Congress of Aeronautical Sciences (ICAS), Brisbane, Australia, pp.1-14, September 23-28 [online]. Available at: https://www.icas.org/ICAS_ARCHIVE/ICAS2012/PAPERS/310.PDF [Accessed: 25 December 2020].

-EUROCONTROL. 2011. Coding rules for "Reserved Expansion Field" for ASTERIX Category 021. Apendix A [online]. Available at: https://www.eurocontrol.int/sites/default/files/2019-06/appendixcat021pt12aed11.pdf [Accessed: 25 December 2020].

-EUROCONTROL. 2019. EVAIR safety bulletin 20 (summer seasons and full years 2013-2017), Brussels, Belgium [online]. Available at: https://www.eurocontrol.int/publication/eurocontrol-voluntary-atm-incident-reporting-evair-safety-bulletin-20 [Accessed: 25 December 2020].

-FAA. 2010. Automatic dependent surveillance broadcast (ADS-B) out performance requirements to support air traffic control (ATC) service (final rule). 14 CFR Part 91, Federal Register, 75(103), pp.30160-30195 [online]. Available at: https://www.govinfo.gov/content/pkg/FR-2010-05-28/pdf/2010-12645.pdf [Accessed: 25 December 2020].

Finke, C., Butts, J., Mills, R. & Grimaila, M. 2013. Enhancing the security of aircraft surveillance in the next generation air traffic control system. International Journal of Critical Infrastructure Protection, 6(1), pp.3-11. Available at: https://doi.org/10.1016/j.ijcip.2013.02.001.

Ghose, N. & Lazos, L. 2015. Verifying ADS-B navigation information through Doppler shift measurements. In: IEEE/AIAA 34th Digital Avionics Systems Conference (DASC), Praue, pp.4A2-1-4A2-11, September 13-17. Available at: https://doi.org/10.1109/DASC.2015.7311412.

Hegarty, C.J., Ligler, G.T., Alexander, K., Chesto, L., Moses, H., Wichgers, J.M., Enge, P., Erlandson, B., Van Dierendonck, A.J., Azoulai, L., Kalyanaraman, S., Heppe, S., Lee, J.C., Wesson, K. & Studenny, J. 2015. RTCA SC-159: 30 Years of Aviation GPS Standards. In: Proceedings of the 28th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2015), Tampa, FL, pp.877-896, September 14-18 [online]. Available at: https://www.ion.org/publications/abstract.cfm?articleID=13133 [Accessed: 25 December 2020].

Hegarty, C., Odeh, A., Shallberg, K., Wesson, K., Walter, T. & Alexander, K. 2018. Spoofing detection for airborne GNSS equipment. In: Proceedings of 31st International Technical Meeting of The Satellite Division of the Institute of Navigation (ION GNSS+ 2018), Miami, FL, pp.1350-1368, September 24-28. Available at: https://doi.org/10.33012/2018.16008.

Horton, E. & Ranganathan, P. 2018. Development of a GPS spoofing apparatus to attack a DJI matrice 100 quadcopter. Journal of Global Positioning Systems, 16(art.number:9). Available at: https://doi.org/10.1186/s41445-018-0018-3.

Humphreys, T.E., Ledvina, B.M., Psiaki, M.L., O'Hanlon, B.W. & Kintner, P.M. 2008. Assessing the spoofing threat: development of a portable GPS civilian spoofer. In: Proceedings of the 21st International Technical Meeting of the Satellite Division of the Institute of Navigation (ION GNSS 2008), Savanna, pp.2314-2325, September 16-19 [online]. Available at: https://gps.mae.cornell.edu/humphreys_etal_iongnss2008.pdf [Accessed: 25 December 2020].

-ICAO. 2018. Concept of Operations (CONOPS) for Dual-Frequency Multi-Constellation (DFMC) Global Navigation Satellite System (GNSS) [online]. Available at: https://www.icao.int/Meetings/anconf13/ [Accessed: 25 December 2020]

-ICAO. 2006. Annex 10 to the Convention on International Civil Aviation. Aeronautical Telecommuncations, 1(Radio Navigation Aids), Sixth Edition [online]. Available at: https://www.theairlinepilots.com/forumarchive/quickref/icao/annex10.1.pdf [Accessed: 25 December 2020].

Jafarnia-Jahromi, A., Broumandan, A., Nielsen, J. & Lachapelle, G. 2012. GPS vulnerability to spoofing threats and a review of antispoofing techniques. International Journal of Navigation and Observation, art.ID:127072. Available at: https://doi.org/10.1155/2012/127072.

-John A. Volpe National Transportation Systems Center. 2001. Vulnerability assessment of the transportation infrastructure relying on the global positioning system. Final Report, pp.6-88, August 29, ES3 [online]. Available at: https://rntfnd.org/wp-content/uploads/Vople_vulnerability_assess_2001.pdf [Accessed: 25 December 2020].

Kožović, D. & Đurđević, D. 2019. Syber security in aviation. Megatrend revija, 16(2), pp.39-56 (in Serbian). Available at: https://doi.org/10.5937/MegRev1902039K.

Leonardi, M., Piracci, E. & Galati, G. 2017. ADS-B jamming mitigation: a solution based on a multichannel receiver. IEEE Aerospace and Electronic Systems Magazine, 32(11), pp.44-51 Available at: https://doi.org/10.1109/MAES.2017.160276.

Magiera, J. & Katulski, R. 2015. Detection and mitigation of GPS spoofing based on antenna array processing. Journal of Applied Research and Technology, 13(1), pp.45-57. Available at: https://doi.org/10.1016/S1665-6423(15)30004-3.

Morales-Ferre, R., Richter, P., Falletti, E., de la Fuente, A. & Lohan, E.S. 2020. A survey on coping with intentional interference in satellite navigation for manned and unmanned aircraft. IEEE Communications Surveys&Tutorials, 22(1), pp.249-291. Available at: https://doi.org/10.1109/COMST.2019.2949178.

Nguyen, T.X. 2004. Evaluation of a mobile phone for aircraft GPS interference. Langley Research Center, Hampton, Virginia [online]. Available at: https://ntrs.nasa.gov/api/citations/20040040193/downloads/20040040193.pdf [Accessed: 25 December 2020].

Nicola, M., Falco, G., Morales-Ferre, R., Lohan, E-S., Fuente, A. de la & Falletti, E. 2020. Collaborative solutions for interference management in GNSS-based aircraft navigation. Sensors, 20(15), pp.4085-4108 Available at: https://doi.org/10.3390/s20154085.

Psiaki, M.L., O'Hanlon, B.W., Bhatti, J.A., Shepard, D.P. & Humphreys, T.E. 2011. Civilian GPS Spoofing Detection Based on Dual-Receiver Correlation of Military Signals. In: Proceedings of ION GNSS 2011, Portland, pp.2619-2645. September 20-23 [online]. Available at: https://gps.mae.cornell.edu/Paper_E4_2_ION_GNSS_2011b.pdf [Accessed: 25 December 2020].

Sabatini, R., Moore, T., Ramasamy, S. 2017. Global navigation satellite systems performance analysis and augmentation strategies in aviation. Progress in Aerospace Sciences, 95, pp.45-98. Available at: https://doi.org/10.1016/j.paerosci.2017.10.002.

Sathaye, H., Schepers, D., Ranganathan, A. & Noubir, G. 2019. Wireless attacks on aircraft instrument landing systems. In: 28th USENIX Security Symposium, Santa Clara, CA, USA, pp.1-16. August 14-16 [online]. Available at: https://www.usenix.org/conference/usenixsecurity19/presentation/sathaye [Accessed: 25 December 2020].

Schäfer, M., Lenders, V. & Martinovic, I. 2013. Experimental analysis of attacks on next generation air traffic communication. In: Jacobson, M., Locasto, M., Mohassel, P. & Safavi-Naini, R. (Eds.) Applied Cryptography and Network Security. ACNS 2013. Lecture Notes in Computer Science, 7954. Springer, Berlin, Heidelberg. Available at: https://doi.org/10.1007/978-3-642-38980-1_16.

Schäfer, M., Lenders, V. & Schmitt, J. 2015. Secure track verification. In: Proceedings of the 2015 IEEE Symposium on Security and Privacy, San Jose, CA, USA, pp.199-213, July 20. Available at: https://doi.org/10.1109/SP.2015.20.

Schäfer, M, Leu, P., Lenders, V. & Schmitt, J. 2016. Secure motion verification using the Doppler effect. In: Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec'16), Darmstadt, Germany, pp.135-145, July. Available at: https://doi.org/10.1145/2939918.2939920.

Simsky, M. 2019. What is spoofing and how can you ensure GPS security? Aerospace testing international, 30 October [online]. Available at: https://www.aerospacetestinginternational.com/features/what-is-spoofing-and-how-can-you-ensure-gps-security.html [Accessed: 25 December 2020].

-SkyBrary. 2020. Airborne Separation Assurance Systems (ASAS) [online]. Available at: https://www.skybrary.aero/index.php/Airborne_Separation_Assurance_Systems_(ASAS) [Accessed: 25 December 2020].

Spilker, J.J., Axelrad, P., Parkinson B.W. & Enge, P. 1996. Global positioning system: theory and applications, Volume 1. Washington DC: American Institute of Aeronautics and Astronautics. Available at: https://doi.org/10.2514/4.866388. ISBN: 978-1-56347-106-3.

Steindl, E., Dunkel, W., Hornbostel, A., Haettich, C. & Remi, P. 2013. The impact of interference caused by GPS repeaters on GNSS receivers and services. In: European Navigation Conference (ENC) GNSS 2013, Wien, April 22-25 [online]. Available at: https://elib.dlr.de/84739/ [Accessed: 25 December 2020].

Tippenhauer, N.O., Pöpper, C., Rasmussen, K.B. & Capkun, S. 2011. On the requirements for successful GPS spoofing attacks. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, Chicago, Illinois, USA, pp.75–86. October 17-21. Available at: https://doi.org/10.1145/2046707.2046719.

Turner, M., Wimbush. S., Enneking, C. & Konovaltsev, A. 2020. Spoofing detection by distortion of the correlation function. In: 2020 IEEE/ION Position, Location and Navigation Symposium (PLANS), Portland, Oregon, USA, pp.566-574. April 20-23. Available at: https://doi.org/10.1109/PLANS46316.2020.9110173.

Wang, J., Zou, Y. & Ding, J. 2020. ADS-B spoofing attack detection method based on LSTM. Journal Wireless Communications and Networking, art.number:160. Available at: https://doi.org/10.1186/s13638-020-01756-8.

Warner, J.S. & Johnston, R.G. 2002. A simple demonstration that the global positioning system (GPS) is vulnerable to spoofing. Journal of Security Administration, 25(2), pp.19-27 [online]. Available at: https://permalink.lanl.gov/object/tr?what=info:lanl-repo/lareport/LA-UR-03-2384 [Accessed: 25 December 2020].

Ying, X., Mazer, J., Bernieri, G., Conti, M., Bushnell, L. & Poovendran, R. 2019. Detecting ADS-B spoofing attacks using deep neural networks. In: IEEE Conference on Communications and Network Security (CNS), Washington DC, USA, June 10-12. Available at: https://doi.org/10.1109/CNS.2019.8802732.

Spufing u avijaciji: bezbednosne pretnje po GPS i ADS-B sisteme

Sažetak

Reference

Vojnotehnički glasnik omogućava otvoreni pristup i, u skladu sa preporukom CEON-a, primenjuje Creative Commons odredbe o autorskim pravima:

Autori koji objavljuju u Vojnotehničkom glasniku pristaju na sledeće uslove: