SlideShare a Scribd company logo

GNSS Receivers and the Cyber Threat

S
Sailaja Tennati

Today’s satellite navigation systems rely on constellations of satellites operating in medium earth orbits in several orbital planes. Each satellite broadcasts a signal containing orbital data and the precise time at which the signal was broadcast. The precise time is generated by a very accurate atomic clock on board the satellite. A satellite navigation receiver is able to determine its position very accurately from this information, if it is receiving signals from four or more satellites simultaneously. There are two types of satellite navigation system currently deployed – Regional Satellite Systems (RSS) or Global Navigation Satellite Systems (GNSS). A cyber attack on the GNSS system could exploit the RF channels used by Receivers for GNSS signal reception, alternatively it could also (at least as easily) exploit the channel used by a Positioning, Navigation and Timing (PNT) system to report its position. Once it is understood that the evolution of GNSS threats does not only have clear parallels with the way that IP threats have evolved, but shares many of the features of a connected network, it can be seen that many of the lessons learned by the Information Security community apply equally as well to the GNSS community.

Technology
1 of 5
Download to read offline
1 INTRODUCTION Today’s satellite navigation systems rely on constellations of satellites operating in medium earth orbits in several orbital planes. Each satellite broadcasts a signal containing orbital data and the precise time at which the signal was broadcast. The precise time is generated by a very accurate atomic clock on board the satellite. A satellite navigation receiver is able to determine its position very accurately from this information, if it is receiving signals from four or more satellites simultaneously. There are two types of satellite navigation system currently deployed – Regional Satellite Systems (RSS) or Global Navigation Satellite Systems (GNSS). GNSS constellations currently deployed include: • GPS - US system that became globally operational in 1994 and comprises up to 32 satellites deployed in 6 orbital planes • GLONASS – Russian Federation System comprising up to 31 satellites • Beidou – Chinese system comprising 15 satellites currently with 20 additional satellites planned. Currently Beidou is an RSS but is planned to be a full GNSS by 2020 • Galileo – European Union system planning to deploy 30 satellites in medium earth orbit in three orbital planes. Given our reliance on Global Navigation Satellite Systems (GNSS), in particular GPS, it is not surprising that its vulnerabilities are attracting a great deal of attention. In the past year there have been a number of well publicized incidents which have largely confirmed the theoretical and experimental work that predicted the vulnerabilities of GNSS. It is perhaps striking to review the evolution of threats to GNSS with the way threats in the Internet Protocol (IP) world developed. In a paper at ENC 2014 in Rotterdam, Theunissen [1] provided a compelling insight into the parallels between the manner in which IP threats have developed and the evolution of both jamming and spoofing attacks against GNSS. Theunissen argued that GNSS could reasonably expect the number of attacks against it to increase in the same manner that the number of internet hacking attacks has done in recent years, and that some of those attacks will likely become better organized. It is certainly becoming easier to mount attacks against GPS using jammers (as there are many sources of low cost jammers available to purchase online) or spoofers. Whilst it has often been stated that GNSS spoofing is too difficult and too expensive to undertake easily, this turns out not to be the case – in [2], Ghaddar et al demonstrated that GPS spoofing can be undertaken with an inexpensive Software Defined Radio (SDR). The authors stated that the aim of their project was “to prove that GPS is vulnerable to spoofing using commercial portable software radio platforms (e.g. NI-USRP 2920). In other words, we will use the NI- USRP 2920 to transmit GPS signals that override the actual satellite signals carrying a fake location of the GPS receiver.” The low signal strength of GNSS signals when received on the ground, is the reason that GNSS is vulnerable to attacks using the RF channel either to jam or spoof the target receiver. Sometimes the receiver is subject to unintended jamming or spoofing. TV transmitter harmonics can cause accidental jamming of GPS signals whereas a GPS repeater broadcasting on a GPS frequency could cause a nearby GNSS receiver to report an incorrect position. Consideration of the whole GNSS System as a whole, including ground stations, satellite uplinks and downlinks, augmentation systems and datalinks, is instructive as it allows us to see that in fact jamming and spoofing events are actually cyber-events, with GNSS jamming (if it causes receivers to cease functioning altogether) being the equivalent of a Denial of Service (DoS) event. In the event that multiple jammers, spoofers, or a combination of both are used, the attack would be equivalent to a Distributed Denial of Service (DDoS) attack. A cyber attack on the GNSS system could exploit the RF channels used by Receivers for GNSS signal reception, alternatively it could also (at least as easily) exploit the channel used by a Positioning, Navigation and Timing (PNT) system to report its position. In [3] Balduzzi showed how hackers could take advantage of the Automatic Identification System (AIS) employed by many vessels. As the datalink employed by AIS is unencrypted, the attacks that the author described are relatively straightforward to implement and in some cases could produce exactly the same results as a spoofing attack on the GNSS RF signal channel. Once it is understood that the evolution of GNSS threats does not only have clear parallels with the way that IP threats have evolved, but shares many of the features of a connected network, it can be seen that many of the lessons learned by the Information Security community apply equally as well to the GNSS community. GNSS Receivers and the Cyber –Threat: Lessons from the Information Security Community Guy Buesnel, David DeSanto, Spirent Communications
2 THE GNSS COMMERCIAL MARKET The use of GNSS has become almost pervasive in many sectors with the global installed base of GNSS devices passing 2 billion devices in 2013 and predicted to reach 7 billion units by 2022, an almost four-fold increase that would equate to almost one for every single person on the planet [4]. GNSS is already used by critical infrastructure such as utility providers, financial, transport sectors to provide timing or positional data and growth in new and market spaces such as the Intelligent Transport sector will use GNSS to provide data for use in safety critical applications. In all of these market segments the security of GNSS is of high importance as a hacking attack could achieve more than just reputational damage. In all of the applications where 4-dimensional information is required to enable system operation, the use of precise timing from GNSS will be essential for time stamping of transactions and significant damage could occur if incorrect time information is propagated. GNSS THREATS The GLONASS outage that occurred in April 2014 is an event that deserves some attention. In April 2014 (01 April) the entire GLONASS constellation commenced the transmission of incorrect broadcast messages. The messages were highly inaccurate (up to 200km). Whilst two of the satellites were corrected within an hour, the problem persisted much longer for the other orbiting satellites and problems lasted into 02 April. Many GPS + GLONASS Receivers were affected, in one way or another, with some systems completely failing to track both GLONASS and GPS satellites. Other GPS+ GLONASS Receivers were unaffected and continued to track normally. The reason for the failure is still unclear but has been attributed to incorrect software being uploaded to the GLONASS satellites. Whilst this event was attributable to human error, it is also clear that such an event could be caused by a malicious attack, which would probably require insider knowledge to carry out. The consequence of this event was a DDoS which affected many GNSS Receivers that used GLONASS satellites in their PNT solution. GPS jamming has become prevalent recently with many reports from Europe and around the world suggesting that the use of cigarette lighter type jammers in vehicles to avoid tracking has become widespread. Whilst these trackers are often advertised as having very limited range (in the order of 2m or so), this is for saturating the GPS Receiver input with RF interference so that it ceases to function. However many of the effects caused by jamming are more subtle. The output of hazardously misleading information and the fact that detection systems are able to pick up signals from the jammer at considerably greater distances tends to suggest that the ranges at which these small, portable jammers can cause disruption to GNSS receivers is much greater than the figure that is quoted in their specification. Whilst no instance of a deliberate spoofing attack has been confirmed thus far (excluding for demonstration or experimental purposes), it should be noted that there have been instances of unintended spoofing being reported. Unintended transmission of incorrect GNSS signals can occur with use of a GNSS Repeater or similar which is radiating at a higher power level than the authentic GNSS signals. This can cause a GNSS receiver to lock onto the incorrect signals and report the position of the repeater as being the user position. Use of GPS repeaters in unsuitable locations, such as for production tests in an open workshop, have been reported to these authors. The risk is not just that GNSS interference could extend outside the building and affect users, but that a GPS receiver could be spoofed and tricked into reporting an incorrect position. Whilst there has been no official confirmation of a deliberate spoofing attack so far, [6] presented an interesting account of the Global Fishing Watch project. Global Fishing watch has been set-up to monitor illegal fishing boats globally and in real time. In this article it is claimed that there has been a 59% increase in the number of ships transmitting incorrect positioning over the past two years. An example is shown where a Satellite AIS Receiver, with a receiver footprint covering the Atlantic Ocean, is receiving data from two ships in the Pacific Ocean. As it is physically impossible for transmissions from AIS transponders in the Pacific Ocean to be received by this satellite, it is clear that they are spoofing their position in some manner. The author of the article believed that false navigational data had been entered into these ships’ AIS transmitter; however it is equally possible that the GPS receiver itself had been spoofed. EVOLUTION OF EXPLOITS AND VULNERABILITIES IN THE INFORMATION SECURITY COMMUNITY There has been much debate within the Information Security community for the past twenty years on how exploits targeting vulnerabilities within products were disclosed. Initially, these exploits were kept hidden and only shared amongst groups of hackers or security researchers. With the birth of online forums like Bugtraq [7], the world of full disclosure was born. These online forums allowed the creators of exploits of various levels of maliciousness to post their findings along with sample code for the users of the Internet to access. This allowed everyone from security researchers and enterprise administrators along with hackers to access details about vulnerabilities within applications and critical systems. Also, with this new level of unprecedented access, security researchers and hackers alike could earn levels of credibility for their findings. This validation continued the cycle with more and more public disclosure of vulnerabilities and the birth of additional online outlets for release of exploit content including mailing lists like the full disclosure mailing list in July 2002 [8]. With the proliferation of available exploit content along with information on its intended target, proof-of-concept (PoC) code started becoming the basis of more advanced tools including automation of attacks targeting these vulnerable targets lowering the bar for entry into the world of exploitation. The best definition of full disclosure comes from Jay Heiser in “Exposing Infosecurity Hype” [9] where he stated “The term ‘full disclosure’ is marvelously ambiguous,
3 and therein lies much of the problem. It essentially means to ‘widely disseminate as much information about system vulnerabilities and attack tools as possible so that potential victims are as knowledgeable as those who attack them.’” Full disclosure, by its very nature, exposed the vulnerability to the product vendor the same time it did to the enterprise as well as the community at large (which included hackers). This was very unpopular amongst some enterprises, security researchers and product vendors who did not feel that exploit code needed to be available in wide distribution to help resolve vulnerabilities. Furthermore, it was aiding someone who had more of a nefarious purpose than it was an enterprise that wanted to validate that they were protected or vulnerable. Scott Culp discussed this issue in his paper “It’s Time to End Information Anarchy” [10] and began to build upon the building blocks of what is known today as responsible disclosure. Responsible disclosure, or coordinated disclosure, builds upon the core concept that security researchers should notify product vendors like is done with full disclosure. The main difference is that this disclosure is coordinated between the discoverer of the vulnerability and the product vendor affected first. This allows the affected vendor to begin preparing a software patch or update prior to the public announcement of the vulnerability. Once a reasonable amount of time has passed, the vulnerability is announced and sometimes is accompanied by a statement by the product vendor that a fix is available immediately or will be available soon. Responsible disclosure, like full disclosure, does include its flaws. Two main criticisms involve time to announcement of the vulnerability and research compensation. With responsible disclosure, it may take the product vendor days to months to patch the vulnerability (depending on the complexity). This leads to a false sense of security for the current users of the product who do not know this vulnerability exists until it is announced. Also, there is no financial compensation for the security researcher who has decided to release this vulnerability through responsible disclosure. This has been addressed through commercial vulnerability brokers like the Zero Day Initiative (ZDI) [11] who purchases the exploit and vulnerability research from the security researcher and then follows a responsible disclosure process to coordinate and announce the vulnerability. Even with full and responsible disclosure, there are parts of the Information Security community, including product vendors and security researchers, which believe that nondisclosure is still the best policy. The belief is that keeping this information secret will protect the enterprise better than full or responsible disclosure. With nondisclosure, the product vendor can address the vulnerability and release updates without public knowledge of exploitability. Vendors who build and commercialize exploit-based solutions also favor nondisclosure. Nondisclosure gives a false sense of security as the vulnerability is not disclosed in any fashion. As it is not disclosed, this means that there is no knowledge of who knows what within the Information Security community and there may be exploits targeting vulnerabilities in which the product vendor may be unaware. Nondisclosure may, at times, be the equivalent to the ostrich sticking its head in the sand. HOW THE INFORMATION SECURITY COMMUNITY MANAGES VULNERABILITIES Regardless of the use of full or responsible disclosure, reported vulnerabilities need a system by which to track and measure items such as severity. Furthermore, there should be multiple ways for reporters to submit their found vulnerabilities. Common Vulnerabilities and Exposures (CVE) system [12] is a system maintained by the MITRE Corporation and vulnerabilities enumerated by CVE IDs are listed in multiple online repositories including the United States National Vulnerability Database (NVD) [13]. The CVE system was founded in 1999 to help bring common, standardized identifiers and metrics to vulnerabilities and exploits where initially every vendor and reporter handled everything differently. Each CVE ID provides a unique identifier, a description of the vulnerability, available PoC code when available and any pertinent resources. The CVE database is available free for public download and use. The CVE system, including its free availability, includes several other key components. It is comprised of participating CVE Numbering Authorities (CNA) which include MITRE, software vendors like Adobe, Microsoft, Cisco and Google as well as third-party coordinators including CERT/CC. It also includes a scoring system, Common Vulnerability Scoring System (CVSS), which is used for assessing the severity of the vulnerability on a scale of 0 to 10 with 7 to 10 considered high. The assessment criteria [14] measures the base metrics including the access vector, temporal metrics including the availability of exploitation techniques and environmental metrics including the collateral damage potential. MITRE outlines the CVE ID reservation process on their website [15]. The process is: • The security researcher, product vendor or incident response team requests the amount of CVE ID numbers needed • MITRE reserves the CVE ID(s), provides them to the requester and creates blank, content-free CVE ID(s) on the CVE website • The requester shares the provided CVE ID(s) with all parties involved • The requester includes the CVE ID(s) in all advisories • The requester makes the CVE ID(s) public and notifies MITRE • MITRE updates the CVE ID(s) on the CVE website to include the provided details For researchers who choose to not go through responsible disclosure and choose to pursue full disclosure, posts to forums such as Bugtraq will also receive CVE IDs. These will not go through the same coordination process listed above however will still end up within the same standardized structure the CVE system provides.
4 A POSSIBLE REPORTING FRAMEWORK FOR GNSS VULNERABILITIES Following the assertion that vulnerability disclosure is in fact the correct course of action, responsible disclosure would outline the best option for the GNSS community. This will allow security researchers and product vendors to disclose vulnerabilities publicly. There are several options on how to properly set up a reporting framework for GNSS vulnerabilities. The GNSS community can build its own solution separate from the Information Security community where it can control the reporting structure and leave the system as close to nondisclosure as possible. This may limit product vendor exposure however as outlined this leads to a false sense of security. A reporting framework that is too closed will not support a community of researchers that are trying to improve the security of the GNSS industry. A reporting framework for GNSS vulnerabilities that leverages existing vulnerability reporting systems will allow the GNSS community to follow responsible disclosure practices. This reporting framework might include the following components: • Partner with MITRE to get the GNSS community set up in the CVE system • Communicate with incident response teams like CERT/CC and provide processes for working with GNSS product vendors on vulnerability disclosure • Identify key stakeholders within the GNSS community to become CNAs • Create a website similar to Open Sourced Vulnerability Database (OSVDB) [16] dedicated to GNSS vulnerabilities managed by the GNSS community with its own identifiers LESSONS THAT GNSS COULD LEARN FROM THE INFORMATION SECURITY COMMUNITY The GNSS community needs to act to not find to itself in the same place at the Information Security community did in the early stages of vulnerability disclosure. It is very easy to default to nondisclosure however this leaves customers and product vendors exposed to unknown vulnerabilities. The GNSS community has the advantage that the Information Security community has been working through these hurdles, and continues to, for the past two decades. Below are some lessons learned which the GNSS community can leverage: • Responsible disclosure allows everyone to win • Without some form of proper disclosure, threat actors will take the known threats and use them to leverage against consumers and product vendors • Disclosure of vulnerabilities within your product does not lead to credibility issues • Time to resolution is the key • Building a community-based framework will lead to better adoption within the community The GNSS community has an opportunity to come together, learn from the Information Security Community and adopt best practices to secure its customers. REFERENCES [1] So you think you are safe, Theunissen, E, ENC 2014, Netherlands [2] Exposing GPS Vulnerabilities: Spoofing with Programmable Software Radios, Nadim Ghaddar, Marwan Mattar, Abdul-Amir Yassine, American University of Beirut, Online, https://feaapps.aub.edu.lb/feasac_submissions/fullpapers/2/66 0_Exposing%20GPS%20vulnerabilities_Spoofing%20with%2 0Programmable%20Software%20Radios.pdf [3] AIS Exposed Understanding vulnerabilities and attacks 2.0, Balduzzi, M, Wilhoit, K, Pasta, A, Trend Micro Research, Blackhat Asia 2014 [4] GNSS Market Report, Issue 3, European GNSS Agency (GSA), October 2013 [5] Jamming and Spoofing in GPS/GNSS Based Applications and Services – Threats and Counter Measures, Cuntz, M, Konovaltsev, A, Dreher, A, Meurer, M, Institute of Communications and Navigation, German Aerospace Center (DLR), Future Security: 7th Security Research Conference, Future Security 2012 [6] Spoofed Satellite Feeds Trouble Google’s Global Fishing Watch, Neal Ungerleider, Fast Feed, Online http://www.fastcompany.com/3038863/fast-feed/spoofed- satellite-feeds-trouble-googles-global-fishing-watch [7] Vulnerability Disclosure – How do we define Responsible Disclosure?, Shepherd, S., https://www.sans.org/reading- room/whitepapers/threats/define-responsible-disclosure-932 [8] Full Disclosure Mailing List – http://seclists.org/fulldisclosure/ [9] Exposing Infosecurity Hype, Heiser, J., Information Magazine, Online (from Wayback Machine), http://web.archive.org/web/20010203140700id_/http://infosec uritymag.com/articles/january01/columns_curmudgeons_corn er.shtml [10] It’s Time to End Information Anarchy, Culp, S., Microsoft TechNet, Online (from Wayback Machine), http://web.archive.org/web/20011109045330/http://www.micr osoft.com/technet/treeview/default.asp?url=/technet/columns/s ecurity/noarch.asp [11] HP TippingPoint Zero Day Initiative – http://www.zerodayinitiative.com/ [12] Common Vulnerabilities and Exposures – https://cve.mitre.org/about/index.html [13] National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) – http://nvd.nist.gov/ [14] A Complete Guide to the Common Vulnerability Scoring System Version 2.0, Mell, P., Scarfone, K., Romanosky, S., Online, https://www.first.org/cvss/cvss-guide [15] Introduction to CVE Identifier Reservation – https://cve.mitre.org/cve/cna.html [16] Open Sourced Vulnerability Database (OSVDB) – http://osvdb.org/
5 Guy Buesnel CPhys, AFRIN Market Segment Leader – Robust Positioning, Navigation and Timing Spirent Communications Guy has more than 16 years’ experience working protecting GNSS Receivers from emerging threats, having started his career as a Systems Engineer involved in developing GPS Adaptive Antenna Systems for Military Users at Raytheon Systems Limited in the UK. In 2007, Guy became European GNSS Product Line Manager at Rockwell Collins UK, responsible for UK and European GNSS Development activities, before moving to the Satellite Applications Catapult in June 2013 as Principal Satellite Navigation Systems Architect. In May 2014, Guy joined Spirent as Market Segment Manager–GNSS Vulnerabilities. Guy is responsible for developing Spirent’s approaches to Robust PNT including the development of test solutions for GNSS Jamming, Spoofing and Cyber-attack. Guy is a Chartered Physicist, a Member of the Institute of Physics and an Associate Fellow of the Royal Institute of Navigation. Guy is also a keen blues guitarist. David DeSanto Director, Product Management – Application Security Spirent Communications David is a network security professional with over 15 years of product management, security testing, software development and strategic innovation experience. At Spirent, David focuses on driving innovation by looking holistically at security testing and defining product requirements with the primary goal of making all results repeatable. David is a strong technical leader with firm understanding of TCP/IP as well as multiple layer 7 protocols including HTTP, SMTP and SIP. Prior to Spirent, David was the Director, Product Management at NSS Labs where his expertise guided the organization in creating leading security tests and solutions for enterprises, services providers and network equipment vendors. Prior to NSS, David was the Chief Innovation Strategist at ICSA Labs where he set the organization’s direction for testing Network Firewall, Web Application Firewall, Network IPS, IPSec VPN, Anti-Spam, Network Anti-Virus, Groupware Anti-Virus and other security technologies.

Recommended

Spoofing attack on PMU (Phasor measurement unit)
Spoofing attack on PMU (Phasor measurement unit)Spoofing attack on PMU (Phasor measurement unit)
Spoofing attack on PMU (Phasor measurement unit)Mohammad Sabouri
 
Introducing GPS Spoofing Attack on Power Grids and Counteract Methods
Introducing GPS Spoofing Attack on Power Grids and Counteract MethodsIntroducing GPS Spoofing Attack on Power Grids and Counteract Methods
Introducing GPS Spoofing Attack on Power Grids and Counteract MethodsSaraSiamak
 
Location in ubiquitous computing, LOCATION SYSTEMS
Location in ubiquitous computing, LOCATION SYSTEMSLocation in ubiquitous computing, LOCATION SYSTEMS
Location in ubiquitous computing, LOCATION SYSTEMSSalah Amean
 
GPS
GPSGPS
GPSbradkovach
 
Gps signal structure
Gps signal structureGps signal structure
Gps signal structureSandeep Sasidharan
 
GPS modulation/demodulation and noise
GPS modulation/demodulation and noise GPS modulation/demodulation and noise
GPS modulation/demodulation and noise syuhaimi
 
Countermeasures to GPS Spoofing
Countermeasures to GPS SpoofingCountermeasures to GPS Spoofing
Countermeasures to GPS SpoofingRoger Johnston
 
Global positioning system (GPS)
Global positioning system (GPS)Global positioning system (GPS)
Global positioning system (GPS)Gautham Reddy
 

Recommended

Spoofing attack on PMU (Phasor measurement unit)
Spoofing attack on PMU (Phasor measurement unit)Spoofing attack on PMU (Phasor measurement unit)
Spoofing attack on PMU (Phasor measurement unit)Mohammad Sabouri
 
Introducing GPS Spoofing Attack on Power Grids and Counteract Methods
Introducing GPS Spoofing Attack on Power Grids and Counteract MethodsIntroducing GPS Spoofing Attack on Power Grids and Counteract Methods
Introducing GPS Spoofing Attack on Power Grids and Counteract MethodsSaraSiamak
 
Location in ubiquitous computing, LOCATION SYSTEMS
Location in ubiquitous computing, LOCATION SYSTEMSLocation in ubiquitous computing, LOCATION SYSTEMS
Location in ubiquitous computing, LOCATION SYSTEMSSalah Amean
 
GPS
GPSGPS
GPSbradkovach
 
Gps signal structure
Gps signal structureGps signal structure
Gps signal structureSandeep Sasidharan
 
GPS modulation/demodulation and noise
GPS modulation/demodulation and noise GPS modulation/demodulation and noise
GPS modulation/demodulation and noise syuhaimi
 
Countermeasures to GPS Spoofing
Countermeasures to GPS SpoofingCountermeasures to GPS Spoofing
Countermeasures to GPS SpoofingRoger Johnston
 
Global positioning system (GPS)
Global positioning system (GPS)Global positioning system (GPS)
Global positioning system (GPS)Gautham Reddy
 
Towards categorizing the level of protection that gnss receivers provide in a...
Towards categorizing the level of protection that gnss receivers provide in a...Towards categorizing the level of protection that gnss receivers provide in a...
Towards categorizing the level of protection that gnss receivers provide in a...Simon Loe
 
GLONASS and GSM based Vehicle Tracking System
GLONASS and GSM based Vehicle Tracking SystemGLONASS and GSM based Vehicle Tracking System
GLONASS and GSM based Vehicle Tracking SystemIRJET Journal
 
Different GNSS (Global Navigation Satellite System) Receiver’s combination an...
Different GNSS (Global Navigation Satellite System) Receiver’s combination an...Different GNSS (Global Navigation Satellite System) Receiver’s combination an...
Different GNSS (Global Navigation Satellite System) Receiver’s combination an...IJMTST Journal
 
What is GNSS Simulation? And how can it reduce your time to market?
What is GNSS Simulation? And how can it reduce your time to market?What is GNSS Simulation? And how can it reduce your time to market?
What is GNSS Simulation? And how can it reduce your time to market?spirentgnss
 
body_The_Case_for_APNT_Development_for_Aviation
body_The_Case_for_APNT_Development_for_Aviationbody_The_Case_for_APNT_Development_for_Aviation
body_The_Case_for_APNT_Development_for_AviationAriel Scheirer
 
ELISEE MALABA PRESENTATION.pptx
ELISEE MALABA PRESENTATION.pptxELISEE MALABA PRESENTATION.pptx
ELISEE MALABA PRESENTATION.pptxmalabaelisee
 
Latest Advances in GPS technology Seminar report
Latest Advances in GPS technology Seminar reportLatest Advances in GPS technology Seminar report
Latest Advances in GPS technology Seminar reportMode Gautam Raj
 
ECDIS NAVIGATION 5
ECDIS NAVIGATION 5ECDIS NAVIGATION 5
ECDIS NAVIGATION 5Fercygim Bunoan
 
Sources of GPS Errors in a Glance (2016)
Sources of GPS Errors in a Glance (2016)Sources of GPS Errors in a Glance (2016)
Sources of GPS Errors in a Glance (2016)Atiqa khan
 
Gps
GpsGps
GpsAmith Kumar
 
GNSS Jamming Detection, Localization and Mitigation
GNSS Jamming Detection, Localization and MitigationGNSS Jamming Detection, Localization and Mitigation
GNSS Jamming Detection, Localization and MitigationMarco Lisi
 
GPS system and its application in mining
GPS system and its application in miningGPS system and its application in mining
GPS system and its application in miningSHUBHAM KUMAR
 
Topic for Midterm
Topic for Midterm Topic for Midterm
Topic for Midterm Arthur J Monteclaro
 
Gps
GpsGps
Gpszeaulodx
 
Perspectives and Trends of Satellite Navigation.pptx
Perspectives and Trends of Satellite Navigation.pptxPerspectives and Trends of Satellite Navigation.pptx
Perspectives and Trends of Satellite Navigation.pptxroshan375533
 
Distributed Ground Station Network @ IAC-13 (paper)
Distributed Ground Station Network @ IAC-13 (paper)Distributed Ground Station Network @ IAC-13 (paper)
Distributed Ground Station Network @ IAC-13 (paper)aerospaceresearch
 
Mobile mapping terminology
Mobile mapping terminologyMobile mapping terminology
Mobile mapping terminologyFaculty of Engineering, Alexandria University, Egypt
 
Twenty Years of Positioning
Twenty Years of PositioningTwenty Years of Positioning
Twenty Years of PositioningLENIN Quintero
 
Global Positioning System
Global Positioning SystemGlobal Positioning System
Global Positioning SystemIshwar Bulbule
 
Gps
GpsGps
GpsVivek Bajpai
 
Retail Transformation Begins with a Unified Commerce Platfrom.pdf
Retail Transformation Begins with a Unified Commerce Platfrom.pdfRetail Transformation Begins with a Unified Commerce Platfrom.pdf
Retail Transformation Begins with a Unified Commerce Platfrom.pdfSailaja Tennati
 
IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4Sailaja Tennati
 

More Related Content

Similar to GNSS Receivers and the Cyber Threat

Towards categorizing the level of protection that gnss receivers provide in a...
Towards categorizing the level of protection that gnss receivers provide in a...Towards categorizing the level of protection that gnss receivers provide in a...
Towards categorizing the level of protection that gnss receivers provide in a...Simon Loe
 
GLONASS and GSM based Vehicle Tracking System
GLONASS and GSM based Vehicle Tracking SystemGLONASS and GSM based Vehicle Tracking System
GLONASS and GSM based Vehicle Tracking SystemIRJET Journal
 
Different GNSS (Global Navigation Satellite System) Receiver’s combination an...
Different GNSS (Global Navigation Satellite System) Receiver’s combination an...Different GNSS (Global Navigation Satellite System) Receiver’s combination an...
Different GNSS (Global Navigation Satellite System) Receiver’s combination an...IJMTST Journal
 
What is GNSS Simulation? And how can it reduce your time to market?
What is GNSS Simulation? And how can it reduce your time to market?What is GNSS Simulation? And how can it reduce your time to market?
What is GNSS Simulation? And how can it reduce your time to market?spirentgnss
 
body_The_Case_for_APNT_Development_for_Aviation
body_The_Case_for_APNT_Development_for_Aviationbody_The_Case_for_APNT_Development_for_Aviation
body_The_Case_for_APNT_Development_for_AviationAriel Scheirer
 
ELISEE MALABA PRESENTATION.pptx
ELISEE MALABA PRESENTATION.pptxELISEE MALABA PRESENTATION.pptx
ELISEE MALABA PRESENTATION.pptxmalabaelisee
 
Latest Advances in GPS technology Seminar report
Latest Advances in GPS technology Seminar reportLatest Advances in GPS technology Seminar report
Latest Advances in GPS technology Seminar reportMode Gautam Raj
 
Sources of GPS Errors in a Glance (2016)
Sources of GPS Errors in a Glance (2016)Sources of GPS Errors in a Glance (2016)
Sources of GPS Errors in a Glance (2016)Atiqa khan
 
GNSS Jamming Detection, Localization and Mitigation
GNSS Jamming Detection, Localization and MitigationGNSS Jamming Detection, Localization and Mitigation
GNSS Jamming Detection, Localization and MitigationMarco Lisi
 
GPS system and its application in mining
GPS system and its application in miningGPS system and its application in mining
GPS system and its application in miningSHUBHAM KUMAR
 
Perspectives and Trends of Satellite Navigation.pptx
Perspectives and Trends of Satellite Navigation.pptxPerspectives and Trends of Satellite Navigation.pptx
Perspectives and Trends of Satellite Navigation.pptxroshan375533
 
Distributed Ground Station Network @ IAC-13 (paper)
Distributed Ground Station Network @ IAC-13 (paper)Distributed Ground Station Network @ IAC-13 (paper)
Distributed Ground Station Network @ IAC-13 (paper)aerospaceresearch
 
Twenty Years of Positioning
Twenty Years of PositioningTwenty Years of Positioning
Twenty Years of PositioningLENIN Quintero
 
Global Positioning System
Global Positioning SystemGlobal Positioning System
Global Positioning SystemIshwar Bulbule
 

Similar to GNSS Receivers and the Cyber Threat (20)

Towards categorizing the level of protection that gnss receivers provide in a...
Towards categorizing the level of protection that gnss receivers provide in a...Towards categorizing the level of protection that gnss receivers provide in a...
Towards categorizing the level of protection that gnss receivers provide in a...
 
GLONASS and GSM based Vehicle Tracking System
GLONASS and GSM based Vehicle Tracking SystemGLONASS and GSM based Vehicle Tracking System
GLONASS and GSM based Vehicle Tracking System
 
Different GNSS (Global Navigation Satellite System) Receiver’s combination an...
Different GNSS (Global Navigation Satellite System) Receiver’s combination an...Different GNSS (Global Navigation Satellite System) Receiver’s combination an...
Different GNSS (Global Navigation Satellite System) Receiver’s combination an...
 
What is GNSS Simulation? And how can it reduce your time to market?
What is GNSS Simulation? And how can it reduce your time to market?What is GNSS Simulation? And how can it reduce your time to market?
What is GNSS Simulation? And how can it reduce your time to market?
 
body_The_Case_for_APNT_Development_for_Aviation
body_The_Case_for_APNT_Development_for_Aviationbody_The_Case_for_APNT_Development_for_Aviation
body_The_Case_for_APNT_Development_for_Aviation
 
ELISEE MALABA PRESENTATION.pptx
ELISEE MALABA PRESENTATION.pptxELISEE MALABA PRESENTATION.pptx
ELISEE MALABA PRESENTATION.pptx
 
Latest Advances in GPS technology Seminar report
Latest Advances in GPS technology Seminar reportLatest Advances in GPS technology Seminar report
Latest Advances in GPS technology Seminar report
 
ECDIS NAVIGATION 5
ECDIS NAVIGATION 5ECDIS NAVIGATION 5
ECDIS NAVIGATION 5
 
Sources of GPS Errors in a Glance (2016)
Sources of GPS Errors in a Glance (2016)Sources of GPS Errors in a Glance (2016)
Sources of GPS Errors in a Glance (2016)
 
Gps
GpsGps
Gps
 
GNSS Jamming Detection, Localization and Mitigation
GNSS Jamming Detection, Localization and MitigationGNSS Jamming Detection, Localization and Mitigation
GNSS Jamming Detection, Localization and Mitigation
 
GPS system and its application in mining
GPS system and its application in miningGPS system and its application in mining
GPS system and its application in mining
 
Topic for Midterm
Topic for Midterm Topic for Midterm
Topic for Midterm
 
Gps
GpsGps
Gps
 
Perspectives and Trends of Satellite Navigation.pptx
Perspectives and Trends of Satellite Navigation.pptxPerspectives and Trends of Satellite Navigation.pptx
Perspectives and Trends of Satellite Navigation.pptx
 
Distributed Ground Station Network @ IAC-13 (paper)
Distributed Ground Station Network @ IAC-13 (paper)Distributed Ground Station Network @ IAC-13 (paper)
Distributed Ground Station Network @ IAC-13 (paper)
 
Mobile mapping terminology
Mobile mapping terminologyMobile mapping terminology
Mobile mapping terminology
 
Twenty Years of Positioning
Twenty Years of PositioningTwenty Years of Positioning
Twenty Years of Positioning
 
Global Positioning System
Global Positioning SystemGlobal Positioning System
Global Positioning System
 
Gps
GpsGps
Gps
 

More from Sailaja Tennati

Retail Transformation Begins with a Unified Commerce Platfrom.pdf
Retail Transformation Begins with a Unified Commerce Platfrom.pdfRetail Transformation Begins with a Unified Commerce Platfrom.pdf
Retail Transformation Begins with a Unified Commerce Platfrom.pdfSailaja Tennati
 
IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4Sailaja Tennati
 
Spirent Accelerating SDN and NFV Deployments
Spirent Accelerating SDN and NFV DeploymentsSpirent Accelerating SDN and NFV Deployments
Spirent Accelerating SDN and NFV DeploymentsSailaja Tennati
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Sailaja Tennati
 
Spirent's Study on Battery life Competition: Samsung S5 vs. S4
Spirent's Study on Battery life Competition: Samsung S5 vs. S4Spirent's Study on Battery life Competition: Samsung S5 vs. S4
Spirent's Study on Battery life Competition: Samsung S5 vs. S4Sailaja Tennati
 
Spirent: Datum User Experience Analytics System
Spirent: Datum User Experience Analytics SystemSpirent: Datum User Experience Analytics System
Spirent: Datum User Experience Analytics SystemSailaja Tennati
 
DevOps Continuous Testing and LaaS – The Perfect Match for SDN
DevOps Continuous Testing and LaaS – The Perfect Match for SDNDevOps Continuous Testing and LaaS – The Perfect Match for SDN
DevOps Continuous Testing and LaaS – The Perfect Match for SDNSailaja Tennati
 
Best Practices for Accelerating Continuous Testing
Best Practices for Accelerating Continuous TestingBest Practices for Accelerating Continuous Testing
Best Practices for Accelerating Continuous TestingSailaja Tennati
 
DevOps – what is it? Why? Is it real? How to do it?
DevOps – what is it? Why? Is it real? How to do it?DevOps – what is it? Why? Is it real? How to do it?
DevOps – what is it? Why? Is it real? How to do it?Sailaja Tennati
 
Case Study - Implementing DevOps for a complex hardware/software-based networ...
Case Study - Implementing DevOps for a complex hardware/software-based networ...Case Study - Implementing DevOps for a complex hardware/software-based networ...
Case Study - Implementing DevOps for a complex hardware/software-based networ...Sailaja Tennati
 
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOps
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOpsDevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOps
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOpsSailaja Tennati
 
Ensuring the User Experience for Global Mobile Device Launches
Ensuring the User Experience for Global Mobile Device LaunchesEnsuring the User Experience for Global Mobile Device Launches
Ensuring the User Experience for Global Mobile Device LaunchesSailaja Tennati
 
Testing Network Routers for Extreme Scale and Performance
Testing Network Routers for Extreme Scale and Performance Testing Network Routers for Extreme Scale and Performance
Testing Network Routers for Extreme Scale and Performance Sailaja Tennati
 
Spirent 400G Ethernet Test Solution - A Technical Overview
Spirent 400G Ethernet Test Solution - A Technical OverviewSpirent 400G Ethernet Test Solution - A Technical Overview
Spirent 400G Ethernet Test Solution - A Technical OverviewSailaja Tennati
 
ICSA Presents: Scalable Performance Testing - How Spirent Makes That Possible
ICSA Presents: Scalable Performance Testing - How Spirent Makes That PossibleICSA Presents: Scalable Performance Testing - How Spirent Makes That Possible
ICSA Presents: Scalable Performance Testing - How Spirent Makes That PossibleSailaja Tennati
 
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013Sailaja Tennati
 
App-Aware Security Testing with Spirent Avalanche NEXT
App-Aware Security Testing with Spirent Avalanche NEXTApp-Aware Security Testing with Spirent Avalanche NEXT
App-Aware Security Testing with Spirent Avalanche NEXTSailaja Tennati
 
The VoLTE User Experience--Better or Worse
The VoLTE User Experience--Better or WorseThe VoLTE User Experience--Better or Worse
The VoLTE User Experience--Better or WorseSailaja Tennati
 
Advanced Security Testing in the Age of Cyber War
Advanced Security Testing in the Age of Cyber WarAdvanced Security Testing in the Age of Cyber War
Advanced Security Testing in the Age of Cyber WarSailaja Tennati
 

More from Sailaja Tennati (20)

Retail Transformation Begins with a Unified Commerce Platfrom.pdf
Retail Transformation Begins with a Unified Commerce Platfrom.pdfRetail Transformation Begins with a Unified Commerce Platfrom.pdf
Retail Transformation Begins with a Unified Commerce Platfrom.pdf
 
IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4
 
Spirent Accelerating SDN and NFV Deployments
Spirent Accelerating SDN and NFV DeploymentsSpirent Accelerating SDN and NFV Deployments
Spirent Accelerating SDN and NFV Deployments
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter
 
Spirent's Study on Battery life Competition: Samsung S5 vs. S4
Spirent's Study on Battery life Competition: Samsung S5 vs. S4Spirent's Study on Battery life Competition: Samsung S5 vs. S4
Spirent's Study on Battery life Competition: Samsung S5 vs. S4
 
Spirent: Datum User Experience Analytics System
Spirent: Datum User Experience Analytics SystemSpirent: Datum User Experience Analytics System
Spirent: Datum User Experience Analytics System
 
DevOps Continuous Testing and LaaS – The Perfect Match for SDN
DevOps Continuous Testing and LaaS – The Perfect Match for SDNDevOps Continuous Testing and LaaS – The Perfect Match for SDN
DevOps Continuous Testing and LaaS – The Perfect Match for SDN
 
Best Practices for Accelerating Continuous Testing
Best Practices for Accelerating Continuous TestingBest Practices for Accelerating Continuous Testing
Best Practices for Accelerating Continuous Testing
 
DevOps – what is it? Why? Is it real? How to do it?
DevOps – what is it? Why? Is it real? How to do it?DevOps – what is it? Why? Is it real? How to do it?
DevOps – what is it? Why? Is it real? How to do it?
 
Case Study - Implementing DevOps for a complex hardware/software-based networ...
Case Study - Implementing DevOps for a complex hardware/software-based networ...Case Study - Implementing DevOps for a complex hardware/software-based networ...
Case Study - Implementing DevOps for a complex hardware/software-based networ...
 
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOps
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOpsDevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOps
DevOps Summit 2015 Presentation: Continuous Testing At the Speed of DevOps
 
VoLTE Testing Explained
VoLTE Testing ExplainedVoLTE Testing Explained
VoLTE Testing Explained
 
Ensuring the User Experience for Global Mobile Device Launches
Ensuring the User Experience for Global Mobile Device LaunchesEnsuring the User Experience for Global Mobile Device Launches
Ensuring the User Experience for Global Mobile Device Launches
 
Testing Network Routers for Extreme Scale and Performance
Testing Network Routers for Extreme Scale and Performance Testing Network Routers for Extreme Scale and Performance
Testing Network Routers for Extreme Scale and Performance
 
Spirent 400G Ethernet Test Solution - A Technical Overview
Spirent 400G Ethernet Test Solution - A Technical OverviewSpirent 400G Ethernet Test Solution - A Technical Overview
Spirent 400G Ethernet Test Solution - A Technical Overview
 
ICSA Presents: Scalable Performance Testing - How Spirent Makes That Possible
ICSA Presents: Scalable Performance Testing - How Spirent Makes That PossibleICSA Presents: Scalable Performance Testing - How Spirent Makes That Possible
ICSA Presents: Scalable Performance Testing - How Spirent Makes That Possible
 
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013
Spirent Communications - Networking Field Day Presentation 6 - Sept. 2013
 
App-Aware Security Testing with Spirent Avalanche NEXT
App-Aware Security Testing with Spirent Avalanche NEXTApp-Aware Security Testing with Spirent Avalanche NEXT
App-Aware Security Testing with Spirent Avalanche NEXT
 
The VoLTE User Experience--Better or Worse
The VoLTE User Experience--Better or WorseThe VoLTE User Experience--Better or Worse
The VoLTE User Experience--Better or Worse
 
Advanced Security Testing in the Age of Cyber War
Advanced Security Testing in the Age of Cyber WarAdvanced Security Testing in the Age of Cyber War
Advanced Security Testing in the Age of Cyber War
 

Recently uploaded

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 

GNSS Receivers and the Cyber Threat

  • 1. 1 INTRODUCTION Today’s satellite navigation systems rely on constellations of satellites operating in medium earth orbits in several orbital planes. Each satellite broadcasts a signal containing orbital data and the precise time at which the signal was broadcast. The precise time is generated by a very accurate atomic clock on board the satellite. A satellite navigation receiver is able to determine its position very accurately from this information, if it is receiving signals from four or more satellites simultaneously. There are two types of satellite navigation system currently deployed – Regional Satellite Systems (RSS) or Global Navigation Satellite Systems (GNSS). GNSS constellations currently deployed include: • GPS - US system that became globally operational in 1994 and comprises up to 32 satellites deployed in 6 orbital planes • GLONASS – Russian Federation System comprising up to 31 satellites • Beidou – Chinese system comprising 15 satellites currently with 20 additional satellites planned. Currently Beidou is an RSS but is planned to be a full GNSS by 2020 • Galileo – European Union system planning to deploy 30 satellites in medium earth orbit in three orbital planes. Given our reliance on Global Navigation Satellite Systems (GNSS), in particular GPS, it is not surprising that its vulnerabilities are attracting a great deal of attention. In the past year there have been a number of well publicized incidents which have largely confirmed the theoretical and experimental work that predicted the vulnerabilities of GNSS. It is perhaps striking to review the evolution of threats to GNSS with the way threats in the Internet Protocol (IP) world developed. In a paper at ENC 2014 in Rotterdam, Theunissen [1] provided a compelling insight into the parallels between the manner in which IP threats have developed and the evolution of both jamming and spoofing attacks against GNSS. Theunissen argued that GNSS could reasonably expect the number of attacks against it to increase in the same manner that the number of internet hacking attacks has done in recent years, and that some of those attacks will likely become better organized. It is certainly becoming easier to mount attacks against GPS using jammers (as there are many sources of low cost jammers available to purchase online) or spoofers. Whilst it has often been stated that GNSS spoofing is too difficult and too expensive to undertake easily, this turns out not to be the case – in [2], Ghaddar et al demonstrated that GPS spoofing can be undertaken with an inexpensive Software Defined Radio (SDR). The authors stated that the aim of their project was “to prove that GPS is vulnerable to spoofing using commercial portable software radio platforms (e.g. NI-USRP 2920). In other words, we will use the NI- USRP 2920 to transmit GPS signals that override the actual satellite signals carrying a fake location of the GPS receiver.” The low signal strength of GNSS signals when received on the ground, is the reason that GNSS is vulnerable to attacks using the RF channel either to jam or spoof the target receiver. Sometimes the receiver is subject to unintended jamming or spoofing. TV transmitter harmonics can cause accidental jamming of GPS signals whereas a GPS repeater broadcasting on a GPS frequency could cause a nearby GNSS receiver to report an incorrect position. Consideration of the whole GNSS System as a whole, including ground stations, satellite uplinks and downlinks, augmentation systems and datalinks, is instructive as it allows us to see that in fact jamming and spoofing events are actually cyber-events, with GNSS jamming (if it causes receivers to cease functioning altogether) being the equivalent of a Denial of Service (DoS) event. In the event that multiple jammers, spoofers, or a combination of both are used, the attack would be equivalent to a Distributed Denial of Service (DDoS) attack. A cyber attack on the GNSS system could exploit the RF channels used by Receivers for GNSS signal reception, alternatively it could also (at least as easily) exploit the channel used by a Positioning, Navigation and Timing (PNT) system to report its position. In [3] Balduzzi showed how hackers could take advantage of the Automatic Identification System (AIS) employed by many vessels. As the datalink employed by AIS is unencrypted, the attacks that the author described are relatively straightforward to implement and in some cases could produce exactly the same results as a spoofing attack on the GNSS RF signal channel. Once it is understood that the evolution of GNSS threats does not only have clear parallels with the way that IP threats have evolved, but shares many of the features of a connected network, it can be seen that many of the lessons learned by the Information Security community apply equally as well to the GNSS community. GNSS Receivers and the Cyber –Threat: Lessons from the Information Security Community Guy Buesnel, David DeSanto, Spirent Communications
  • 2. 2 THE GNSS COMMERCIAL MARKET The use of GNSS has become almost pervasive in many sectors with the global installed base of GNSS devices passing 2 billion devices in 2013 and predicted to reach 7 billion units by 2022, an almost four-fold increase that would equate to almost one for every single person on the planet [4]. GNSS is already used by critical infrastructure such as utility providers, financial, transport sectors to provide timing or positional data and growth in new and market spaces such as the Intelligent Transport sector will use GNSS to provide data for use in safety critical applications. In all of these market segments the security of GNSS is of high importance as a hacking attack could achieve more than just reputational damage. In all of the applications where 4-dimensional information is required to enable system operation, the use of precise timing from GNSS will be essential for time stamping of transactions and significant damage could occur if incorrect time information is propagated. GNSS THREATS The GLONASS outage that occurred in April 2014 is an event that deserves some attention. In April 2014 (01 April) the entire GLONASS constellation commenced the transmission of incorrect broadcast messages. The messages were highly inaccurate (up to 200km). Whilst two of the satellites were corrected within an hour, the problem persisted much longer for the other orbiting satellites and problems lasted into 02 April. Many GPS + GLONASS Receivers were affected, in one way or another, with some systems completely failing to track both GLONASS and GPS satellites. Other GPS+ GLONASS Receivers were unaffected and continued to track normally. The reason for the failure is still unclear but has been attributed to incorrect software being uploaded to the GLONASS satellites. Whilst this event was attributable to human error, it is also clear that such an event could be caused by a malicious attack, which would probably require insider knowledge to carry out. The consequence of this event was a DDoS which affected many GNSS Receivers that used GLONASS satellites in their PNT solution. GPS jamming has become prevalent recently with many reports from Europe and around the world suggesting that the use of cigarette lighter type jammers in vehicles to avoid tracking has become widespread. Whilst these trackers are often advertised as having very limited range (in the order of 2m or so), this is for saturating the GPS Receiver input with RF interference so that it ceases to function. However many of the effects caused by jamming are more subtle. The output of hazardously misleading information and the fact that detection systems are able to pick up signals from the jammer at considerably greater distances tends to suggest that the ranges at which these small, portable jammers can cause disruption to GNSS receivers is much greater than the figure that is quoted in their specification. Whilst no instance of a deliberate spoofing attack has been confirmed thus far (excluding for demonstration or experimental purposes), it should be noted that there have been instances of unintended spoofing being reported. Unintended transmission of incorrect GNSS signals can occur with use of a GNSS Repeater or similar which is radiating at a higher power level than the authentic GNSS signals. This can cause a GNSS receiver to lock onto the incorrect signals and report the position of the repeater as being the user position. Use of GPS repeaters in unsuitable locations, such as for production tests in an open workshop, have been reported to these authors. The risk is not just that GNSS interference could extend outside the building and affect users, but that a GPS receiver could be spoofed and tricked into reporting an incorrect position. Whilst there has been no official confirmation of a deliberate spoofing attack so far, [6] presented an interesting account of the Global Fishing Watch project. Global Fishing watch has been set-up to monitor illegal fishing boats globally and in real time. In this article it is claimed that there has been a 59% increase in the number of ships transmitting incorrect positioning over the past two years. An example is shown where a Satellite AIS Receiver, with a receiver footprint covering the Atlantic Ocean, is receiving data from two ships in the Pacific Ocean. As it is physically impossible for transmissions from AIS transponders in the Pacific Ocean to be received by this satellite, it is clear that they are spoofing their position in some manner. The author of the article believed that false navigational data had been entered into these ships’ AIS transmitter; however it is equally possible that the GPS receiver itself had been spoofed. EVOLUTION OF EXPLOITS AND VULNERABILITIES IN THE INFORMATION SECURITY COMMUNITY There has been much debate within the Information Security community for the past twenty years on how exploits targeting vulnerabilities within products were disclosed. Initially, these exploits were kept hidden and only shared amongst groups of hackers or security researchers. With the birth of online forums like Bugtraq [7], the world of full disclosure was born. These online forums allowed the creators of exploits of various levels of maliciousness to post their findings along with sample code for the users of the Internet to access. This allowed everyone from security researchers and enterprise administrators along with hackers to access details about vulnerabilities within applications and critical systems. Also, with this new level of unprecedented access, security researchers and hackers alike could earn levels of credibility for their findings. This validation continued the cycle with more and more public disclosure of vulnerabilities and the birth of additional online outlets for release of exploit content including mailing lists like the full disclosure mailing list in July 2002 [8]. With the proliferation of available exploit content along with information on its intended target, proof-of-concept (PoC) code started becoming the basis of more advanced tools including automation of attacks targeting these vulnerable targets lowering the bar for entry into the world of exploitation. The best definition of full disclosure comes from Jay Heiser in “Exposing Infosecurity Hype” [9] where he stated “The term ‘full disclosure’ is marvelously ambiguous,
  • 3. 3 and therein lies much of the problem. It essentially means to ‘widely disseminate as much information about system vulnerabilities and attack tools as possible so that potential victims are as knowledgeable as those who attack them.’” Full disclosure, by its very nature, exposed the vulnerability to the product vendor the same time it did to the enterprise as well as the community at large (which included hackers). This was very unpopular amongst some enterprises, security researchers and product vendors who did not feel that exploit code needed to be available in wide distribution to help resolve vulnerabilities. Furthermore, it was aiding someone who had more of a nefarious purpose than it was an enterprise that wanted to validate that they were protected or vulnerable. Scott Culp discussed this issue in his paper “It’s Time to End Information Anarchy” [10] and began to build upon the building blocks of what is known today as responsible disclosure. Responsible disclosure, or coordinated disclosure, builds upon the core concept that security researchers should notify product vendors like is done with full disclosure. The main difference is that this disclosure is coordinated between the discoverer of the vulnerability and the product vendor affected first. This allows the affected vendor to begin preparing a software patch or update prior to the public announcement of the vulnerability. Once a reasonable amount of time has passed, the vulnerability is announced and sometimes is accompanied by a statement by the product vendor that a fix is available immediately or will be available soon. Responsible disclosure, like full disclosure, does include its flaws. Two main criticisms involve time to announcement of the vulnerability and research compensation. With responsible disclosure, it may take the product vendor days to months to patch the vulnerability (depending on the complexity). This leads to a false sense of security for the current users of the product who do not know this vulnerability exists until it is announced. Also, there is no financial compensation for the security researcher who has decided to release this vulnerability through responsible disclosure. This has been addressed through commercial vulnerability brokers like the Zero Day Initiative (ZDI) [11] who purchases the exploit and vulnerability research from the security researcher and then follows a responsible disclosure process to coordinate and announce the vulnerability. Even with full and responsible disclosure, there are parts of the Information Security community, including product vendors and security researchers, which believe that nondisclosure is still the best policy. The belief is that keeping this information secret will protect the enterprise better than full or responsible disclosure. With nondisclosure, the product vendor can address the vulnerability and release updates without public knowledge of exploitability. Vendors who build and commercialize exploit-based solutions also favor nondisclosure. Nondisclosure gives a false sense of security as the vulnerability is not disclosed in any fashion. As it is not disclosed, this means that there is no knowledge of who knows what within the Information Security community and there may be exploits targeting vulnerabilities in which the product vendor may be unaware. Nondisclosure may, at times, be the equivalent to the ostrich sticking its head in the sand. HOW THE INFORMATION SECURITY COMMUNITY MANAGES VULNERABILITIES Regardless of the use of full or responsible disclosure, reported vulnerabilities need a system by which to track and measure items such as severity. Furthermore, there should be multiple ways for reporters to submit their found vulnerabilities. Common Vulnerabilities and Exposures (CVE) system [12] is a system maintained by the MITRE Corporation and vulnerabilities enumerated by CVE IDs are listed in multiple online repositories including the United States National Vulnerability Database (NVD) [13]. The CVE system was founded in 1999 to help bring common, standardized identifiers and metrics to vulnerabilities and exploits where initially every vendor and reporter handled everything differently. Each CVE ID provides a unique identifier, a description of the vulnerability, available PoC code when available and any pertinent resources. The CVE database is available free for public download and use. The CVE system, including its free availability, includes several other key components. It is comprised of participating CVE Numbering Authorities (CNA) which include MITRE, software vendors like Adobe, Microsoft, Cisco and Google as well as third-party coordinators including CERT/CC. It also includes a scoring system, Common Vulnerability Scoring System (CVSS), which is used for assessing the severity of the vulnerability on a scale of 0 to 10 with 7 to 10 considered high. The assessment criteria [14] measures the base metrics including the access vector, temporal metrics including the availability of exploitation techniques and environmental metrics including the collateral damage potential. MITRE outlines the CVE ID reservation process on their website [15]. The process is: • The security researcher, product vendor or incident response team requests the amount of CVE ID numbers needed • MITRE reserves the CVE ID(s), provides them to the requester and creates blank, content-free CVE ID(s) on the CVE website • The requester shares the provided CVE ID(s) with all parties involved • The requester includes the CVE ID(s) in all advisories • The requester makes the CVE ID(s) public and notifies MITRE • MITRE updates the CVE ID(s) on the CVE website to include the provided details For researchers who choose to not go through responsible disclosure and choose to pursue full disclosure, posts to forums such as Bugtraq will also receive CVE IDs. These will not go through the same coordination process listed above however will still end up within the same standardized structure the CVE system provides.
  • 4. 4 A POSSIBLE REPORTING FRAMEWORK FOR GNSS VULNERABILITIES Following the assertion that vulnerability disclosure is in fact the correct course of action, responsible disclosure would outline the best option for the GNSS community. This will allow security researchers and product vendors to disclose vulnerabilities publicly. There are several options on how to properly set up a reporting framework for GNSS vulnerabilities. The GNSS community can build its own solution separate from the Information Security community where it can control the reporting structure and leave the system as close to nondisclosure as possible. This may limit product vendor exposure however as outlined this leads to a false sense of security. A reporting framework that is too closed will not support a community of researchers that are trying to improve the security of the GNSS industry. A reporting framework for GNSS vulnerabilities that leverages existing vulnerability reporting systems will allow the GNSS community to follow responsible disclosure practices. This reporting framework might include the following components: • Partner with MITRE to get the GNSS community set up in the CVE system • Communicate with incident response teams like CERT/CC and provide processes for working with GNSS product vendors on vulnerability disclosure • Identify key stakeholders within the GNSS community to become CNAs • Create a website similar to Open Sourced Vulnerability Database (OSVDB) [16] dedicated to GNSS vulnerabilities managed by the GNSS community with its own identifiers LESSONS THAT GNSS COULD LEARN FROM THE INFORMATION SECURITY COMMUNITY The GNSS community needs to act to not find to itself in the same place at the Information Security community did in the early stages of vulnerability disclosure. It is very easy to default to nondisclosure however this leaves customers and product vendors exposed to unknown vulnerabilities. The GNSS community has the advantage that the Information Security community has been working through these hurdles, and continues to, for the past two decades. Below are some lessons learned which the GNSS community can leverage: • Responsible disclosure allows everyone to win • Without some form of proper disclosure, threat actors will take the known threats and use them to leverage against consumers and product vendors • Disclosure of vulnerabilities within your product does not lead to credibility issues • Time to resolution is the key • Building a community-based framework will lead to better adoption within the community The GNSS community has an opportunity to come together, learn from the Information Security Community and adopt best practices to secure its customers. REFERENCES [1] So you think you are safe, Theunissen, E, ENC 2014, Netherlands [2] Exposing GPS Vulnerabilities: Spoofing with Programmable Software Radios, Nadim Ghaddar, Marwan Mattar, Abdul-Amir Yassine, American University of Beirut, Online, https://feaapps.aub.edu.lb/feasac_submissions/fullpapers/2/66 0_Exposing%20GPS%20vulnerabilities_Spoofing%20with%2 0Programmable%20Software%20Radios.pdf [3] AIS Exposed Understanding vulnerabilities and attacks 2.0, Balduzzi, M, Wilhoit, K, Pasta, A, Trend Micro Research, Blackhat Asia 2014 [4] GNSS Market Report, Issue 3, European GNSS Agency (GSA), October 2013 [5] Jamming and Spoofing in GPS/GNSS Based Applications and Services – Threats and Counter Measures, Cuntz, M, Konovaltsev, A, Dreher, A, Meurer, M, Institute of Communications and Navigation, German Aerospace Center (DLR), Future Security: 7th Security Research Conference, Future Security 2012 [6] Spoofed Satellite Feeds Trouble Google’s Global Fishing Watch, Neal Ungerleider, Fast Feed, Online http://www.fastcompany.com/3038863/fast-feed/spoofed- satellite-feeds-trouble-googles-global-fishing-watch [7] Vulnerability Disclosure – How do we define Responsible Disclosure?, Shepherd, S., https://www.sans.org/reading- room/whitepapers/threats/define-responsible-disclosure-932 [8] Full Disclosure Mailing List – http://seclists.org/fulldisclosure/ [9] Exposing Infosecurity Hype, Heiser, J., Information Magazine, Online (from Wayback Machine), http://web.archive.org/web/20010203140700id_/http://infosec uritymag.com/articles/january01/columns_curmudgeons_corn er.shtml [10] It’s Time to End Information Anarchy, Culp, S., Microsoft TechNet, Online (from Wayback Machine), http://web.archive.org/web/20011109045330/http://www.micr osoft.com/technet/treeview/default.asp?url=/technet/columns/s ecurity/noarch.asp [11] HP TippingPoint Zero Day Initiative – http://www.zerodayinitiative.com/ [12] Common Vulnerabilities and Exposures – https://cve.mitre.org/about/index.html [13] National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) – http://nvd.nist.gov/ [14] A Complete Guide to the Common Vulnerability Scoring System Version 2.0, Mell, P., Scarfone, K., Romanosky, S., Online, https://www.first.org/cvss/cvss-guide [15] Introduction to CVE Identifier Reservation – https://cve.mitre.org/cve/cna.html [16] Open Sourced Vulnerability Database (OSVDB) – http://osvdb.org/
  • 5. 5 Guy Buesnel CPhys, AFRIN Market Segment Leader – Robust Positioning, Navigation and Timing Spirent Communications Guy has more than 16 years’ experience working protecting GNSS Receivers from emerging threats, having started his career as a Systems Engineer involved in developing GPS Adaptive Antenna Systems for Military Users at Raytheon Systems Limited in the UK. In 2007, Guy became European GNSS Product Line Manager at Rockwell Collins UK, responsible for UK and European GNSS Development activities, before moving to the Satellite Applications Catapult in June 2013 as Principal Satellite Navigation Systems Architect. In May 2014, Guy joined Spirent as Market Segment Manager–GNSS Vulnerabilities. Guy is responsible for developing Spirent’s approaches to Robust PNT including the development of test solutions for GNSS Jamming, Spoofing and Cyber-attack. Guy is a Chartered Physicist, a Member of the Institute of Physics and an Associate Fellow of the Royal Institute of Navigation. Guy is also a keen blues guitarist. David DeSanto Director, Product Management – Application Security Spirent Communications David is a network security professional with over 15 years of product management, security testing, software development and strategic innovation experience. At Spirent, David focuses on driving innovation by looking holistically at security testing and defining product requirements with the primary goal of making all results repeatable. David is a strong technical leader with firm understanding of TCP/IP as well as multiple layer 7 protocols including HTTP, SMTP and SIP. Prior to Spirent, David was the Director, Product Management at NSS Labs where his expertise guided the organization in creating leading security tests and solutions for enterprises, services providers and network equipment vendors. Prior to NSS, David was the Chief Innovation Strategist at ICSA Labs where he set the organization’s direction for testing Network Firewall, Web Application Firewall, Network IPS, IPSec VPN, Anti-Spam, Network Anti-Virus, Groupware Anti-Virus and other security technologies.