As a journalist at iTnews:
Researchers have developed a portable Global Positioning System (GPS) spoofing device in a bid to explore aspects of civilian spoofing and how such attacks may be thwarted.
By providing researchers with information about which aspects of spoofing are most easily implemented, the project could allow device manufacturers to prioritise their spoofing defences.
Spoofing is a term used to describe the transmission of fake signals that navigation devices accept as authentic signals from GPS satellites.
As GPS devices become more pervasive in home and business use, spoofing could have a serious impact -- for example, through large enterprises such as utility companies that use GPS in their core operations.
“A spoofed GPS device can be tricked into computing the wrong position or time,” said Brent Ledvina, an assistant professor of electrical and computer engineering at Virginia Tech who conducted the research in collaboration with Cornell University.
“This can be devastating for some receivers and a nuisance for others,” he said.
The research was presented at the Institute of Navigation GNSS conference in Georgia last month, after more than a year of equipment building and experimentation.
While GPS spoofing has attracted some U.S. government attention during the past half-decade, manufacturers have yet to address these security concerns, Ledvina said.
“Currently, GPS receiver equipment manufacturers do not have spoofing on their
radar,” Ledvina told iTnews.
“[Cornell researcher] Todd Humphreys and I talked with the leading receiver manufacturers at the Institute of Navigation conference … and not a single individual we spoke with was knowledgeable of the topic.”
“That doesn't mean these companies are not interested or concerned, per se, but their representatives at this conference certainly were not,” he said.
Ledvina expects most current GPS receivers to be vulnerable to spoofing attacks, with the yet-to-be verified exception of multi-antenna receivers that use special signal processing.
The researchers have proposed two software modifications that they expect to make receivers less vulnerable to spoofing by changing how they react to signals.
They have filed a provisional patent application for the technology and are in discussion with ‘a couple’ of companies about commercialisation.
However, Ledvina expects the only long-term solution to come from encrypting signals broadcast by the GPS satellite constellation by adding an authentication signal.
“The truth is there is no perfect solution for a stand-alone, single-antenna receiver that does not use any type of authentication,” he told iTnews.
“It would most likely take a long time [for authentication signals to be added] because the signal specifications for the broadcast GPS signals are difficult to modify, and satellites on orbit today have a long lifetime.”
“Note that adding an authenticating signal is not a technical issue; it's more of a political issue,” he said.
