AuthGPS

Abstract

While GPS (Global Positioning System) navigation and GPS based autonomous car driving techniques are mature, the security of GPS signal has not been a primary system concern. In fact, it has been shown that an ordinary GPS can be easily spoofed by a low-cost, open-source based software defined radio (SDR) system such as bladeRF and HackRF [3, 4] which can cause serious complications to the navigation system of the car especially for self-driving cars which are driven based on the information from sensors, cameras, and GPS. In this work, we design a new GPS authentication system called lightweight authentication GPS (AuthGPS) to authenticate GPS signal against GPS spoofing and LTE base station broadcast message spoofing. In the past, there have been many successful attempts on GPS spoofing which resulted in shifting the destination of the car to the spoofer's desired location. In a case where the car is connected to the Internet via LTE network, the navigation system can find out if the GPS is spoofed by acquiring the correct GPS satellite information from LTE base stations' location information. However, a skillful attacker can spoof the LTE base station signals [7] as well using another SDR which will produce spoofed LTE base station information. Hence giving wrong information about GPSinformation according to the will of the attacker. Currently, there are defense methods against the GPS spoofing [6]. One of them is signal-processing-based methods. By monitoring unusual or unreasonable signal changes at GPS receivers, GPS spoofing attack can be detected. Received Power Monitoring (RPM) looks at all the received amplitude and automatic gain control (AGC) setpoint [1]. The receiver will sense drastic power jump if a spoofing attack occurs. However, an overly powerful spoofing attack with noise is not detectable in the case of this mechanism. Another way to detect spoofing is the symmetric-key encryption mechanism of GPS signals. According to previous research [2], encrypted precision code for anti-spoofing referred to as P(Y) code, might not be able to be spoofed. A spoofing attack can be detected by calculating cross-correlation between spoofed coarse/acquisition code, referred to as C/A code, and P(Y) code. Unfortunately, this P(Y) code is only for military purpose while the C/A code can be publicly accessible. This method requires knowledge of specific key which is not revealed to the public to decrypt P(Y) code. Monitoring the direction of arrival of the signals can be one of the methods [6]. A GPS receiver measures the direction-of-arrival vector with more than 3 antennas. Even though this signal-geometrybased system with multiple antennas makes GPS robust, an attacker can spoof signals from multiple directions, which is more difficult to detect the spoofing. The idea here is to develop a system that can discriminate the spoofed signal without complex computation or heavy message exchange. An important component of AuthGPS is a verification of valid GPS satellite information via LTE base stations' location information. We propose 6-digit one-time password-based authentication system in this paper.