Secure navigation and timing without local storage of secret keys

Wesson, Kyle D.

27 June 2014

Civil Global Navigation Satellite System (GNSS) signals are broadcast unencrypted worldwide according to an open-access standard. The virtues of open-access and global availability have made GNSS a huge success. Yet the transparency and predictability of these signals renders them easy to counterfeit, or spoof. During a spoofing attack, a malefactor broadcasts counterfeit GNSS signals that deceive a victim receiver into reporting the spoofer-controlled position or time. Given the extensive integration of civil GNSS into critical national infrastructure and safety-of-life applications, a successful spoofing attack could have serious and significant consequences. Unlike civil GNSS signals, military GNSS signals employ symmetric-key encryption, which serves as a defense against spoofing attacks and as a barrier to unauthorized access. Despite the effectiveness of the symmetric-key approach, it has significant drawbacks and is impractical for civil applications. First, symmetric-key encryption requires tamper-resistant receivers to protect the secret keys from unauthorized discovery and dissemination. Manufacturing a tamper-resistant receiver increases cost and limits manufacturing to trusted foundries. Second, key management is problematic and burdensome despite the recent introduction of over-the-air keying. Third, even symmetric-key encryption remains somewhat vulnerable to specialized spoofing attacks. I propose an entirely new approach to navigation and timing security that avoids the shortcomings of the symmetric-key approach while maintaining a high resistance to spoofing. My first contribution is a probabilistic framework that develops necessary components of signal authentication. Based on the framework, I develop an asymmetric-key cryptographic signal authentication technique and a non-cryptographic spoofing detection technique, both of which operate without a secret key stored locally in a secure receiver. These anti-spoofing techniques constitute the remaining two contributions of this dissertation. They stand as viable spoofing defenses for civil users and could augment---or even replace---current and planned military anti-spoofing measures. Finally, I offer an in-depth case study of the security vulnerabilities and possible cryptographic enhancements of a modern GNSS-based aviation surveillance technology in the context of the technical and regulatory aviation environment. / text

GPS

GNSS

Security

Spoofing

A Quantitative Study of the Deployment of the Sender Policy Framework

Tan, Eunice Zsu

01 October 2018

Email has become a standard form of communication between businesses. With the prevalent use of email as a form of communication between businesses and customers, phishing emails have emerged as a popular social engineering approach. With phishing, attackers trick users into divulging their personal information through email spoofing. Thus, it is imperative to verify the sender of an email. Anti-spoofing mechanisms such as the Sender Policy Framework (SPF) have been developed as the first line of defense against spoofing by validating the source of an email as well as the presenting options of how to handle emails that fail to validate. However, deployment of SPF policies and SPF validation remains low. To understand the cost and benefit of deploying SPF, we have developed metrics to quantify its deployment and maintenance complexity through modeling. Our approach provides a way to visualize the SPF record of a given domain through the use of a graph. Using the developed model, we applied the metrics to both the current and historical SPF policy for the Alexa Top Sites for empirical study and historical trend analysis.

SPF

Spoofing

DNS

SMTP

Computer Sciences

Real-Time Detection of GPS Spoofing Attack with Hankel Matrix and Unwrapped Phase Angle Data

Khan, Imtiaj

11 1900

Cyber-attack on synchrophasor data has become a widely explored area. However, GPS-spoofing and FDIA attacks require different responsive actions. State-estimation based attack detection method works similar way for both types of attacks. It implies that using state-estimation based detection alone doesn’t give the control center enough information about the attack type. This scenario is specifically more critical for those attack detection methods which consider GPS-spoofing attack as another FDIA with falsified phase angle data. Since identifying correct attack type is paramount, we have attempted to develop an algorithm to distinguish these two attacks. Previous researchers exploited low-rank approximation of Hankel Matrix to differentiate between FDIA and physical events. We have demonstrated that, together with angle unwrapping algorithm, low-rank approximation of Hankel Matrix can help us separating GPS-spoofing attack with FDIA. The proposed method is verified with simulation result. It has been demonstrated that the GSA with 3 second time-shift creates a low-rank approximation error 700% higher than that of normal condition, whereas FDIA doesn’t produce any significant change in low-rank approximation error from that of normal condition. Finally, we have proposed a real-time method for successful identification of event, FDIA and GSA. / M.S. / Cyber-attack on synchrophasor data has become a widely explored area. However, GPS-spoofing and FDIA attacks require different responsive actions. State-estimation based attack detection method works similar way for both types of attacks. It implies that using state-estimation based detection alone doesn’t give the control center enough information about the attack type. This scenario is specifically more critical for those attack detection methods which consider GPS-spoofing attack as another FDIA with falsified phase angle data. Since identifying correct attack type is paramount, we have attempted to develop an algorithm to distinguish these two attacks. Previous researchers exploited low-rank approximation of Hankel Matrix to differentiate between FDIA and physical events. We have demonstrated that, together with angle unwrapping algorithm, low-rank approximation of Hankel Matrix can help us separating GPS-spoofing attack with FDIA. The simulation result verifies the next chapter discusses our proposed algorithm on GPS-spoofing attack detection and its ability to distinguish this type of attack from conventional FDIA. The proposed method is verified with simulation result. It has been demonstrated that the GSA with 3 second time-shift creates a low-rank approximation error 700% higher than that of normal condition, whereas FDIA doesn’t produce any significant change in low-rank approximation error from that of normal condition. Finally, we have proposed a real-time method for successful identification of event, FDIA and GSA.

FDIA

GPS-spoofing

PMU

Unwrapped

Hankel matrix

A software defined GPS signal simulator design

Pan, Zhenhe

17 March 2014

The Global Positioning System (GPS) signal simulator plays a critical role in developing and testing GPS receivers. Unfortunately, very few commercial GPS signal simulators are user-friendly for security researchers because they fail to generate abnormal GPS signals, which are fundamentally important. In this thesis, we develop a cost efficient software defined GPS signal simulator. To reduce the design complexity, we make some reasonable assumptions about the GPS system. This simulator is able to generate clean GPS signals, as well as polluted GPS signals by jamming, multi-path, and spoofing interferences. In addition to simulating GPS signals for a single stand alone antenna, our simulator is also able to simulate GPS signals for multiple antennas, simultaneously. These features of the simulator will immensely help the security researchers in the GPS community. / Master of Science

GPS simulator

software defined

GPS interference

spoofing

Defending Against GPS Spoofing by Analyzing Visual Cues

Xu, Chao

21 May 2020

Massive GPS navigation services are used by billions of people in their daily lives. GPS spoofing is quite a challenging problem nowadays. Existing Anti-GPS spoofing systems primarily focus on expensive equipment and complicated algorithms, which are not practical and deployable for most of the users. In this thesis, we explore the feasibility of a simple text-based system design for Anti-GPS spoofing. The goal is to use the lower cost and make the system more effective and robust for general spoofing attack detection. Our key idea is to only use the textual information from the physical world and build a real-time system to detect GPS spoofing. To demonstrate the feasibility, we first design image processing modules to collect sufficient textual information in panoramic images. Then, we simulate real-world spoofing attacks from two cities to build our training and testing datasets. We utilize LSTM to build a binary classifier which is the key for our Anti-GPS spoofing system. Finally, we evaluate the system performance by simulating driving tests. We prove that our system can achieve more than 98% detection accuracy when the ratio of attacked points in a driving route is more than 50%. Our system has a promising performance for general spoofing attack strategies and it proves the feasibility of using textual information for the spoofing attack detection. / Master of Science / Nowadays, people are used to using GPS navigation services in their daily lives. However, GPS can be easily spoofed and the wrong GPS information will mislead victims to an unknown place. There are some existing methods that can defend GPS spoofing attacks, but all of them have significant shortcomings. Our goal is to design a novel system, which is cheap, effective, and robust, to detect general GPS spoofing attacks in real-time. In this thesis, we propose a complete system design and evaluations for performance. Our system only uses textual information from the real physical world and virtual maps. To get more accurate textual information, we use state of the art techniques for image processing and text recognition. We also use a neural network to help with detection. By testing with datasets in two cities, we confirm the promising performance of our system for general GPS spoofing attack strategies. We believe that textual information can be further developed in the Anti-GPS spoofing systems.

GPS Spoofing

Location Verification

System Design

GNSS Signal Processing Techniques for Spoofing Resiliency

Esswein, Michael Craig

03 November 2023

Global Navigation Satellite Systems (GNSS) for vehicle navigation and timing are widely relied upon by many users in a variety of different sectors such as transit, financial, military, and many others. There are a number of ways for an agent to purposefully degrade a GNSS user's navigation performance. One such attack is a spoofing attack where the agent transmits signals with the same signal structure as GNSS signals, but they are modified to produce an incorrect navigation solution. Resiliency to these attacks is important for GNSS navigation. Two methods for GNSS resiliency are explored in this dissertation. The first method uses a Controlled Reception Pattern Antenna and receiver in order to obtain direction of arrival estimates of all visible signals and their computed pseudoranges. Two contributions were produced for this method. The first contribution is an optimization of a DoA cost metric that use DoA estimates along with known GNSS ephemerides to distinguish authentic signals from spoofed signals. The second contribution of this work is a combined DoA/pseudorange cost metric to improve the classification of authentic signals from spoofed signals as well as improve its robustness to multi-transmitter spoofing attacks. The second method uses a method known as Chimera, which involves authenticating the civilian L1C GPS signal using a digital signature in the navigation message and punctures in the spreading code. This method can be used to distinguish authentic and spoofed signals, however, a delay between the time the signal is tracked by the receiver and the time when it can be determined authentic is inherent in Chimera and degrades navigation performance. This delay can range from 2 seconds to 3 minutes. Four additional contributions have been made in support of Chimera. The first Chimera contribution is the design and evaluation of a navigation system for Chimera using a tightly coupled GPS/INS extended SRIF that accounts for the Chimera authentication delays. The second Chimera contribution is an investigation into staggering of the authentication times of the GPS satellites in order to improve navigation results. The third Chimera contribution is the development of a RMS or maximum steady-state position error metric to compare the accuracy achieved by different authentication group designs when used in conjunction with the previously discussed filter from the first Chimera contribution. The fourth Chimera contribution investigates different authentication group designs to find groups that will produce low value metrics. These investigations included local authentication group optimization, synthesizing a global design using local designs, and the effects of time and IMU grade. Each of these contributions has a significant impact on improving either the resilience of a GPS receiver to spoofing or the navigation accuracy of a GPS receiver that is inherently resilient to spoofing. / Doctor of Philosophy / Global Positioning System (GPS) navigation and timing plays a pivotal role in a variety of different sectors such as transit, financial, military, and many others. There have been instances where a signal is purposefully generated to look similar to a GPS signal in order to mislead a GPS user of their true position, velocity, and timing. This type of attack is known as a spoofing attack. This dissertation discusses two methods to identify these spoofed signals so that they are not used to disrupt nominal navigation and timing. The first method uses multiple GPS antennas to determine the direction of all visible signals. This dissertation provides an algorithm to distinguish the authentic GPS signals from the spoofed signals using the determined signal directions. The second method is for the GPS satellites to watermark the GPS signal they transmit, using modern encryption techniques, to be able to authenticate incoming signals. This method, however, produces a delay between when the signal is received by a GPS user and when it can be deemed authentic. This delay is a problem for navigation. This dissertation develops techniques for dealing with this delay by incorporating an Inertial Measurement Unit (IMU). This dissertation also proposes the idea to stagger the time that the digital signature, which is needed for signal verification, is sent from different GPS satellites. Lastly, this dissertation investigates how different staggered groupings of GPS satellites improve navigation performance and provides a metric for quantifying the navigation performance of different groupings. Overall, the dissertation's contributions to the first method improve the resilience of a receiver to spoofing attacks while the contributions to the second method improve navigation performance of an inherently resilient method.

GNSS

Spoofing

Chimera

CRPA

GPS/INS

Distributed denial of service attacks : Protection, Mitigation, and Economic Consequences

Eklund, Martin, Ståhlberg, Patrik

January 2015

Distributed Denial of Service attacks is a problem that constantly threatens companies that rely on the internet for major parts of their business. A successful DDoS attack that manages to penetrate a company’s network can lead to devastating damages in the form of lost income, reduced productivity, increase in costs, and damage to the company’s image and reputation. The different DDoS attacks are many and of different character and often Offer different parts of the network, which makes it very difficult to defend against. It is also very clear that DDoS attacks are increasing in both numbers and size every year. From our experiments we have proven that anyone with little knowledge and limited resources can perform DDoS attacks that will make a website unavailable. This fact should cause companies that base their business on the internet, aware that they are likely to someday be subject to a DDoS attack. From our research we have found a variety of different DDoS solutions on the market that promise to offer protection. Many of which claim to protect against all different types of DDoS attacks. In practice it is impossible to find something that guarantees 100% safety. According to earlier research in the field, there are many different ways of protecting a network against DDoS attacks, e.g. via Software Defined Networking, Hop-Count Filtering, or Kill-bots. Our own tests show that a virtual firewall can offer protection against DDoS attacks on a low scale, but that such a solution has a number of weaknesses. If the firewall does protect the website, the attacker could instead shift to attacking the firewall itself. Our research also shows that the most common motives behind DDoS attacks are criminal purposes. Criminals use DDoS attacks to earn money by offering directed DDoS attacks against websites or by trying to blackmail companies into paying a fee for not being attacked. We have also seen that the economic consequence of DDoS attacks are devastating if not handled with a sufficiently fast response. After investigating the e-commerce company CDON.com we learned that they could potentially lose roughly 36 410 SEK per minute when a DDoS attack is underway against them. In today’s business climate it is important for companies to be able to rely on the internet for their activity and for customers to have easy access to the company’s products and services. However, companies’ websites are being attacked and thus these companies need an explicit plan of how to mitigate such attacks. / Distributed Denial of Service (DDoS) attacker är ett problem som ständigt hotar företag, som förlitar sig till internet för centrala delar av sin verksamhet. En DDoS-attack som lyckas penetrerar ett företags nätverk kan medföra förödande skador i form av förlorade intäkter, minskad produktivitet, ökade kostnader samt skada på företagets rykte/varumärke. DDoS-attackerna är många och av olika karaktär, som attackerar olika delar av ett företags nätverk, vilket leder till att det är svårt att effektivt skydda sig mot DDoS-attacker. Det står också klart att DDoS-attacker ökar både till antalet och storleksmässigt för varje år som går. Utifrån våra egna experiment har vi kunnat bevisa att vem som helst med små medel och begränsade kunskaper kan utföra en DDoS-attack som sänker en webbsida. Ett faktum som gör att alla företag vars verksamhet är baserad på internet bör räkna med att de någon gång bli utsatta för en DDoS-attack. Utifrån våra undersökningar kan vi se att det finns en uppsjö av olika DDoS-skydd på marknaden, skydd som hanterar några problem som DDoS-attacker medför, men det finns inga kompletta skydd som kan garantera 100 % säkerhet. Utifrån tidigare forskning på området framgår det att det finns många olika sätt att skydda sig mot DDoS-attacker, t.ex. genom Software Defined Networks, Hop-Count Filtering eller Kill-bots. Våra egna tester visar på att en virtuell brandvägg kan vara ett sätt att skydda sig mot DDoS-attacker, men testerna visar också att en sådan lösning inte heller är säker då man kan förstöra åtkomsten till webbsidan genom att överbelasta brandväggen.<p> Undersökningen visar också att ett av de vanligaste motiven bakom DDoS-attacker är kriminella ändamål. Kriminella som använder DDoS-attacker för att tjäna pengar genom att erbjuda riktade DDoS-attacker mot websidor eller genom försök att utpressa till betalning med DDoS-attacker som ett hot. Vi har kommit fram till att de ekonomiska konsekvenserna av DDoS-attacker kan vara ödestigna för företag om det inte hanteras i tid. Genom våra egna beräkningar har vi visat att e-handelsföretaget CDON.com riskerar att förlora ca 36 415,90 kr per minut som en DDoS-attack pågår mot företaget. Anledningen till av vi valt att ägnad denna uppsats åt DDoS-problemet, är den skrämmande ökningen av DDoS-attacker som man kan se sker årligen. Attackerna blir flera, de ökar storleksmässigt och de blir allt mer sofistikerade. Attackerna utförs också tillsynes omotiverat i vissa fall, men också välplanerade attacker utförs för att skada företag ekonomiskt. I dagens företagsklimat är det viktigt att företaget har möjlighet att använda sig av internet för att driva verksamheten och göra det enkelt för kunder att ta del av företagets produkter/tjänster. Att företags webbsidor blir utslagen på grund av en DDoS-attacker är idag en verklighet, och en tydlig plan för att hur man ska hantera en sådan incident bör finns på plats inom företag.

DDoS

Zombie

Botnet

Botmaster

Spoofing

DDoS

Zombie

Botnet

Botmaster

Spoofing

Communication Systems

Kommunikationssystem

Design and Evaluation of a New Authentication Mechanism for Validating the Sender of an Email

Sakamuri, Sai

01 March 2005

A new authentication mechanism for validating the source of messages over the Internet is designed and evaluated. This mechanism is applied to email and is called Email++. Email++ prevents identity forging (spoofing) and tampering of email contents. By preventing identity forging, Email++ can reduce the amount of spam received and limit the spread of viruses like Melissa, Love Bug, Bagle Worm, and Killer Resume. Email++ validates both the sender and the receiver of an email by confirming the senders identity with the domain mail server that delivered the email for the sender, and authenticates the receiver with hash value comparisons. Email++ enables payment mechanisms, including micro-cash, and challenge response schemes that use puzzle solving. MD5 hash signatures generated both at the sender and the receiver locations are used for validating the senders identity and for making email tamper resistant in the network. An out-of-band TCP connection established between the sender and the receiver is used as a communication channel for validating the sender as well as the senders email server. The information needed for establishing an out-of-band TCP connection is obtained by querying the DNS (Domain Naming System), instead of using email headers from the received mail, which are susceptible to spoofing. The Email++ technique is compared with existing anti spam and anti-spoof techniques like SPF, Yahoo Domain Keys, Microsoft Sender ID, TEOS and PGP. The Email++ specification is evaluated by developing both Email++ client and Email++ server programs in C language and using Sendmail 8.12 as the mail server. The performance of Email++ is compared with standard SMTP protocol implementation of Sendmail 8.12. Several factors are considered in evaluating the performance. CPU demand, memory demand, bandwidth demand, email latency, and extra DNS load are measured for both email sender and the receiver. The performance evaluation results show that Email++ adds an extra CPU demand of about 11%. The extra memory required by Email++ is nearly 3%. The bandwidth demand of Email++ is around 15% greater than the standard SMTP for sending 500 emails of 3.5KB each. Extra load on DNS increases by one connection for every incoming mail at the receiver.

Spam

Smtp

Sender payment

Networks

Spoofing

American Studies

Arts and Humanities

Design of Lightweight Alternatives to Secure Border Gateway Protocol and Mitigate against Control and Data Plane Attacks

Israr, Junaid

01 May 2012

Border Gateway Protocol (BGP) is the backbone of routing infrastructure in the Internet. In its current form, it is an insecure protocol with potential for propagation of bogus routing information. There have been several high-profiles Internet outages linked to BGP in recent times. Several BGP security proposals have been presented in the literature; however, none has been adopted so far and, as a result, securing BGP remains an unsolved problem to this day. Among existing BGP security proposals, Secure BGP (S-BGP) is considered most comprehensive. However, it presents significant challenges in terms of number of signature verifications and deployment considerations. For it to provide comprehensive security guarantees, it requires that all Autonomous Systems (ASes) in the Internet to adopt the scheme and participate in signature additions and verifications in BGP messages. Among others, these challenges have prevented S-BGP from being deployed today. In this thesis, we present two novel lightweight security protocols, called Credible BGP (C-BGP) and Hybrid Cryptosystem BGP (HC-BGP), which rely on security mechanisms in S-BGP but are designed to address signature verification overhead and deployment challenges associated with S-BGP. We develop original and detailed analytical and simulation models to study performance of our proposals and demonstrate that the proposed schemes promise significant savings in terms of computational overhead and security performance in presence of malicious ASes in the network. We also study the impact of IP prefix hijacking on control plane as well as data plane. Specifically, we analyze the impact of bogus routing information on Inter-Domain Packet Filters and propose novel and simple extensions to existing BGP route selection algorithm to combat bogus routing information.

BGP

security

RPKI

IP spoofing

S-BGP

C-BGP

Design of Lightweight Alternatives to Secure Border Gateway Protocol and Mitigate against Control and Data Plane Attacks

Israr, Junaid

01 May 2012

Border Gateway Protocol (BGP) is the backbone of routing infrastructure in the Internet. In its current form, it is an insecure protocol with potential for propagation of bogus routing information. There have been several high-profiles Internet outages linked to BGP in recent times. Several BGP security proposals have been presented in the literature; however, none has been adopted so far and, as a result, securing BGP remains an unsolved problem to this day. Among existing BGP security proposals, Secure BGP (S-BGP) is considered most comprehensive. However, it presents significant challenges in terms of number of signature verifications and deployment considerations. For it to provide comprehensive security guarantees, it requires that all Autonomous Systems (ASes) in the Internet to adopt the scheme and participate in signature additions and verifications in BGP messages. Among others, these challenges have prevented S-BGP from being deployed today. In this thesis, we present two novel lightweight security protocols, called Credible BGP (C-BGP) and Hybrid Cryptosystem BGP (HC-BGP), which rely on security mechanisms in S-BGP but are designed to address signature verification overhead and deployment challenges associated with S-BGP. We develop original and detailed analytical and simulation models to study performance of our proposals and demonstrate that the proposed schemes promise significant savings in terms of computational overhead and security performance in presence of malicious ASes in the network. We also study the impact of IP prefix hijacking on control plane as well as data plane. Specifically, we analyze the impact of bogus routing information on Inter-Domain Packet Filters and propose novel and simple extensions to existing BGP route selection algorithm to combat bogus routing information.

BGP

security

RPKI

IP spoofing

S-BGP

C-BGP