kth.sePublications
Change search
Link to record
Permanent link

Direct link
Publications (9 of 9) Show all publications
Spanghero, M., Geib, F., Panier, R. & Papadimitratos, P. (2024). Uncovering GNSS Interference with Aerial Mapping UAV. In: Uncovering GNSS Interference with Aerial Mapping UAV: . Paper presented at IEEE Aerospace Conference (AeroConf), Yellowstone Conference Center in Big Sky, Montana March 2-9, 2024. Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>Uncovering GNSS Interference with Aerial Mapping UAV
2024 (English)In: Uncovering GNSS Interference with Aerial Mapping UAV, Institute of Electrical and Electronics Engineers (IEEE) , 2024Conference paper, Published paper (Refereed)
Abstract [en]

Global Navigation Satellite System (GNSS) receivers provide ubiquitous and precise position, navigation, and time (PNT) to a wide gamut of civilian and tactical infrastructures and devices. Due to the low GNSS received signal power, even low-power radiofrequency interference (RFI) sources are a serious threat to the GNSS integrity and availability. Nonetheless, RFI source localization is paramount yet hard, especially over large areas. Methods based on multi-rotor unmanned aerial vehicles (UAV) exist but are often limited by hovering time, and require specific antenna and detectors. In comparison, fixed-wing planes allow longer missions but are more complex to operate and deploy. A vertical take-off and landing (VTOL) UAV combines the positive aspects of both platforms: high maneuverability, and long mission time and, jointly with highly integrated control systems, simple operation and deployment. Building upon the flexibility allowed by such a platform, we propose a method that combines advanced flight dynamics with high-performance consumer receivers to detect interference over large areas, with minimal interaction with the operator. The proposed system can detect multiple interference sources and map their area of influence, gaining situational awareness of poor GNSS quality or denied environments. Furthermore, it can estimate the relative heading and position of the interference source within tens of meters. The proposed method is validated with real-life measurements, successfully mapping two interference-affected areas and exposing radio equipment causing involuntary in-band interference.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2024
National Category
Telecommunications Signal Processing
Research subject
Aerospace Engineering
Identifiers
urn:nbn:se:kth:diva-346348 (URN)10.1109/AERO58975.2024.10521434 (DOI)2-s2.0-85193856727 (Scopus ID)
Conference
IEEE Aerospace Conference (AeroConf), Yellowstone Conference Center in Big Sky, Montana March 2-9, 2024
Funder
Swedish Foundation for Strategic Research, RIT17-0005
Note

Part of ISBN 979-8-3503-0462-6

QC 20240515

Available from: 2024-05-13 Created: 2024-05-13 Last updated: 2024-06-12Bibliographically approved
Spanghero, M. & Papadimitratos, P. (2023). Detecting GNSS misbehavior leveraging secure heterogeneous time sources. In: IEEE/ION Position, Location and Navigation Symposium (PLANS), Monterey, California, April 24-27, 2023: . Paper presented at IEEE/ION Position, Location and Navigation Symposium (PLANS), Monterey, California, April 24-27, 2023. Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>Detecting GNSS misbehavior leveraging secure heterogeneous time sources
2023 (English)In: IEEE/ION Position, Location and Navigation Symposium (PLANS), Monterey, California, April 24-27, 2023, Institute of Electrical and Electronics Engineers (IEEE), 2023Conference paper, Published paper (Refereed)
Abstract [en]

Civilian Global Navigation Satellite Systems (GNSS)vulnerabilities are a threat to a wide gamut of critical systems.GNSS receivers, as part of the encompassing platform, can leverage external information to detect GNSS attacks. Specifically, cross-checking the time produced by the GNSS receiver against multiple trusted time sources can provide robust and assuredPNT. In this work, we explore the combination of secure remote,network-based time providers and local precision oscillators. This multi-layered defense mechanism detects GNSS attacks that induce even small time offsets, including attacks mounted in cold start. Our system does not require any modification to the current structure of the GNSS receiver, it is agnostic to the satellite constellation and the attacker type. This makes time-based data validation of GNSS information compatible with existing receivers and readily deployable.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2023
National Category
Signal Processing Communication Systems Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:kth:diva-326762 (URN)10.1109/PLANS53410.2023.10140008 (DOI)001022344800114 ()2-s2.0-85162923832 (Scopus ID)
Conference
IEEE/ION Position, Location and Navigation Symposium (PLANS), Monterey, California, April 24-27, 2023
Funder
Swedish Foundation for Strategic Research
Note

QC 20230517

Available from: 2023-05-10 Created: 2023-05-10 Last updated: 2023-07-31Bibliographically approved
Lenhart, M., Spanghero, M. & Papadimitratos, P. (2022). Distributed and Mobile Message Level Relaying/Replaying of GNSS Signals. In: The International Technical Meeting of the The Institute of Navigation: . Paper presented at International technical Meeting of the Institute of Navigation. Institute of Navigation
Open this publication in new window or tab >>Distributed and Mobile Message Level Relaying/Replaying of GNSS Signals
2022 (English)In: The International Technical Meeting of the The Institute of Navigation, Institute of Navigation , 2022Conference paper, Published paper (Refereed)
Abstract [en]

With the introduction of Navigation Message Authentication (NMA), future Global Navigation Satellite Systems (GNSSs) prevent spoofing by simulation, i.e., the generation of forged satellite signals based on publicly known information. However, authentication does not prevent record-and-replay attacks, commonly termed as meaconing. Meaconing attacks are less powerful in terms of adversarial control over the victim receiver location and time, but by acting at the signal level, they are not thwarted by NMA. This makes replaying/relaying attacks a significant threat for current and future GNSS. While there are numerous investigations on meaconing attacks, the vast majority does not rely on actual implementation and experimental evaluation in real-world settings. In this work, we contribute to the improvement of the experimental understanding of meaconing attacks. We design and implement a system capable of real-time, distributed, and mobile meaconing, built with off-the-shelf hardware. We extend from basic distributed meaconing attacks, with signals from different locations relayed over the Internet and replayed within range of the victim receiver(s). This basic attack form has high bandwidth requirements and thus depends on the quality of service of the available network to work. To overcome this limitation, we propose to replay on message level, i.e., to demodulate and re-generate signals before and after the transmission respectively (including the authentication part of the payload). The resultant reduced bandwidth enables the attacker to operate in mobile scenarios, as well as to replay signals from multiple GNSS constellations and/or bands simultaneously. Additionally, the attacker can delay individually selected satellite signals to potentially influence the victim position and time solution in a more fine-grained manner. Our versatile test-bench, enabling different types of replaying/relaying attacks, facilitates testing realistic scenarios towards new and improved replaying/relaying-focused countermeasures in GNSS receivers.

Place, publisher, year, edition, pages
Institute of Navigation, 2022
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:kth:diva-323284 (URN)10.33012/2022.18227 (DOI)2-s2.0-85147930155 (Scopus ID)
Conference
International technical Meeting of the Institute of Navigation
Note

QC 20230130

Available from: 2023-01-24 Created: 2023-01-24 Last updated: 2023-06-08Bibliographically approved
Spanghero, M. & Papadimitratos, P. (2022). High-precision Hardware Oscillators Ensemble for GNSS Attack Detection. In: IEEE Aerospace Conference Proceedings: . Paper presented at IEEE Aerospace. Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>High-precision Hardware Oscillators Ensemble for GNSS Attack Detection
2022 (English)In: IEEE Aerospace Conference Proceedings, Institute of Electrical and Electronics Engineers (IEEE) , 2022Conference paper, Published paper (Refereed)
Abstract [en]

A wide gamut of important applications rely on global navigation satellite systems (GNSS) for precise time and positioning. Attackers dictating the GNSS receiver position and time solution are a significant risk, especially due to the inherent vulnerability of GNSS systems. A first line of defense, for a large number of receivers, is to rely on additional information obtained through the rich connectivity of GNSS enabled platforms. Network time can be used for direct validation of the GNSS receiver time; but this depends on network availability. To allow attack detection even when there are prolonged network disconnections, we present a method based on on-board ensemble of reference clocks. This allows the receiver to detect sophisticated attacks affecting the GNSS time solution, independently of the specific attack methodology. Results obtained with Chip-Scale Oven Compensated Oscillators (CS-OCXO) are promising and demonstrate the potential of embedded ensembles of reference clocks, detecting attacks causing modifications of the receiver time offset as low as 0.3 mus, with half the detection latency compared to related literature. 

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2022
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-323283 (URN)10.1109/AERO53065.2022.9843381 (DOI)2-s2.0-85137569700 (Scopus ID)
Conference
IEEE Aerospace
Note

QC 20230214

Available from: 2023-01-24 Created: 2023-01-24 Last updated: 2023-02-14Bibliographically approved
Spanghero, M. & Papadimitratos, P. (2021). Detecting GNSS misbehaviour with high-precision clocks. In: Proceedings WiSec 2021 - Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks: . Paper presented at WiSec '21: 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Abu Dhabi, United Arab Emirates, 28 June - 2 July, 2021 (pp. 389-391). Association for Computing Machinery (ACM)
Open this publication in new window or tab >>Detecting GNSS misbehaviour with high-precision clocks
2021 (English)In: Proceedings WiSec 2021 - Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Association for Computing Machinery (ACM) , 2021, p. 389-391Conference paper, Published paper (Refereed)
Abstract [en]

To mitigate spoofing attacks targeting global navigation satellite systems (GNSS) receivers, one promising method is to rely on alternative time sources, such as network-based synchronization, in order to detect clock offset discrepancies caused by GNSS attacks. However, in case of no network connectivity, such validation references would not be available. A viable option is to rely on a local time reference; in particular, precision hardware clock ensembles of chip-scale thermally stable oscillators with extended holdover capabilities. We present a preliminary design and results towards a custom device capable of providing a stable reference, with smaller footprint and cost compared to traditional precision clocks. The system is fully compatible with existing receiver architecture, making this solution feasible for most industrial scenarios. Further integration with network-based synchronization can provide a complete time assurance system, with high short- and long-term stability. 

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2021
Keywords
Cellular radio systems, Clocks, Mobile telecommunication systems, Privacy by design, Wireless networks, Fully compatible, Global Navigation Satellite Systems, Industrial scenarios, Long term stability, Network connectivity, Preliminary design, Receiver architecture, Spoofing attacks, Global positioning system
National Category
Signal Processing Communication Systems
Identifiers
urn:nbn:se:kth:diva-310386 (URN)10.1145/3448300.3468254 (DOI)2-s2.0-85110070732 (Scopus ID)
Conference
WiSec '21: 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Abu Dhabi, United Arab Emirates, 28 June - 2 July, 2021
Note

Part of proceedings ISBN 9781450383493

QC 20220404

Available from: 2022-04-04 Created: 2022-04-04 Last updated: 2022-06-25Bibliographically approved
Lenhart, M., Spanghero, M. & Papadimitratos, P. (2021). Relay/replay attacks on GNSS signals. In: WiSec 2021 - Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks: . Paper presented at 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2021, 28 June 2021 through 2 July 2021 (pp. 380-382). Association for Computing Machinery (ACM)
Open this publication in new window or tab >>Relay/replay attacks on GNSS signals
2021 (English)In: WiSec 2021 - Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Association for Computing Machinery (ACM) , 2021, p. 380-382Conference paper, Published paper (Refereed)
Abstract [en]

Global Navigation Satellite Systems (GNSSs) are ubiquitously relied upon for positioning and timing. Detection and prevention of attacks against GNSS have been researched over the last decades, but many of these attacks and countermeasures were evaluated based on simulation. This work contributes to the experimental investigation of GNSS vulnerabilities, implementing a relay/replay attack with off-the-shelf hardware. Operating at the signal level, this attack type is not hindered by cryptographically protected transmissions, such as Galileo's Open Service Navigation Message Authentication (OS-NMA). The attack we investigate involves two colluding adversaries, relaying signals over large distances, to effectively spoof a GNSS receiver. We demonstrate the attack using off-the-shelf hardware, we investigate the requirements for such successful colluding attacks, and how they can be enhanced, e.g., allowing for finer adversarial control over the victim receiver. 

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2021
Keywords
global navigation satellite systems (GNSS), meaconing, off-the-shelf hardware, replay/relay attack, spoofing, Cellular radio systems, Mobile telecommunication systems, Privacy by design, Wireless networks, Colluding attack, Experimental investigations, Global Navigation Satellite Systems, GNSS receivers, GNSS signals, Off-the-shelf hardwares, Open services, Relaying signals, Global positioning system
National Category
Signal Processing Communication Systems Other Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:kth:diva-310385 (URN)10.1145/3448300.3468256 (DOI)2-s2.0-85110145090 (Scopus ID)
Conference
14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2021, 28 June 2021 through 2 July 2021
Note

Part of proceedings: ISBN 978-1-4503-8349-3

QC 20220404

Available from: 2022-04-04 Created: 2022-04-04 Last updated: 2023-01-18Bibliographically approved
Spanghero, M., Zhang, K. & Papadimitratos, P. (2020). Authenticated time for detecting GNSS attacks. In: Proceedings of the 33rd International Technical Meeting of the Satellite Division of the Institute of Navigation, ION GNSS+ 2020: . Paper presented at 33rd International Technical Meeting of the Satellite Division of the Institute of Navigation, ION GNSS+ 2020, 22 September 2020 through 25 September 2020 (pp. 3826-3834). Institute of Navigation
Open this publication in new window or tab >>Authenticated time for detecting GNSS attacks
2020 (English)In: Proceedings of the 33rd International Technical Meeting of the Satellite Division of the Institute of Navigation, ION GNSS+ 2020, Institute of Navigation , 2020, p. 3826-3834Conference paper, Published paper (Refereed)
Abstract [en]

Information cross-validation can be a powerful tool to detect manipulated, dubious GNSS data. A promising approach is to leverage time obtained over networks a mobile device can connect to, and detect discrepancies between the GNSS-provided time and the network time. The challenge lies in having reliably both accurate and trustworthy network time as the basis for the GNSS attack detection. Here, we provide a concrete proposal that leverages, together with the network time servers, the nearly ubiquitous IEEE 802.11 (Wi-Fi) infrastructure. Our framework supports application-layer, secure and robust real time broadcasting by Wi-Fi Access Points (APs), based on hash chains and infrequent digital signatures verification to minimize computational and communication overhead, allowing mobile nodes to efficiently obtain authenticated and rich time information as they roam. We pair this method with Network Time Security (NTS), for enhanced resilience through multiple sources, available, ideally, simultaneously. We analyze the performance of our scheme in a dedicated setup, gauging the overhead for authenticated time data (Wi-Fi timestamped beacons and NTS). The results show that it is possible to provide security for the external to GNSS time sources, with minimal overhead for authentication and integrity, even when the GNSS-equipped nodes are mobile, and thus have short interactions with the WiFi infrastructure and possibly intermittent Internet connectivity, as well as limited resources.

Place, publisher, year, edition, pages
Institute of Navigation, 2020
Keywords
Authentication, Global positioning system, IEEE Standards, Mobile security, Wi-Fi, Wireless local area networks (WLAN), Attack detection, Communication overheads, Cross validation, Internet connectivity, Real time broadcasting, Time information, Trustworthy networks, Wi-fi access points, Network security
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:kth:diva-290831 (URN)10.33012/2020.17719 (DOI)000632603503061 ()2-s2.0-85097798417 (Scopus ID)
Conference
33rd International Technical Meeting of the Satellite Division of the Institute of Navigation, ION GNSS+ 2020, 22 September 2020 through 25 September 2020
Note

QC 20210323

Available from: 2021-03-23 Created: 2021-03-23 Last updated: 2023-04-04Bibliographically approved
Zhang, K., Spanghero, M. & Papadimitratos, P. (2020). Protecting GNSS-based Services using Time Offset Validation. In: 2020 IEEE/ION Position, Location and Navigation Symposium, PLANS 2020: . Paper presented at 2020 IEEE/ION Position, Location and Navigation Symposium, PLANS 2020, Portland, OR, United States of America, 20 April - 23 April 2020 (pp. 575-583).
Open this publication in new window or tab >>Protecting GNSS-based Services using Time Offset Validation
2020 (English)In: 2020 IEEE/ION Position, Location and Navigation Symposium, PLANS 2020, 2020, p. 575-583Conference paper, Published paper (Refereed)
Abstract [en]

Global navigation satellite systems (GNSS) provide pervasive accurate positioning and timing services for a large gamut of applications, from Time based One-Time Passwords (TOPT), to power grid and cellular systems. However, there can be security concerns for the applications due to the vulnerability of GNSS. It is important to observe that GNSS receivers are components of platforms, in principle having rich connectivity to different network infrastructures. Of particular interest is the access to a variety of timing sources, as those can be used to validate GNSS-provided location and time. Therefore, we consider off-the-shelf platforms and how to detect if the GNSS receiver is attacked or not, by cross-checking the GNSS time and time from other available sources. First, we survey different technologies to analyze their availability, accuracy and trustworthiness for time synchronization. Then, we propose a validation approach for absolute and relative time. Moreover, we design a framework and experimental setup for the evaluation of the results. Attacks can be detected based on WiFi supplied time when the adversary shifts the GNSS provided time, more than 23.942 μs; with Network Time Protocol (NTP) supplied time when the adversary-induced shift is more than 2.046 ms. Consequently, the proposal significantly limits the capability of an adversary to manipulate the victim GNSS receiver.

National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:kth:diva-280850 (URN)10.1109/PLANS46316.2020.9110224 (DOI)000839298400066 ()2-s2.0-85087051578 (Scopus ID)
Conference
2020 IEEE/ION Position, Location and Navigation Symposium, PLANS 2020, Portland, OR, United States of America, 20 April - 23 April 2020
Note

Part of ISBN 978-172810244-3

QC 20230921

Available from: 2020-09-14 Created: 2020-09-14 Last updated: 2024-03-15Bibliographically approved
Hylamia, S., Spanghero, M., Varshney, A., Voigt, T. & Papadimitratos, P. (2018). Security on harvested power. In: WiSec 2018 - Proceedings of the 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks: . Paper presented at 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2018, 18 June 2018 through 20 June 2018 (pp. 296-298). Association for Computing Machinery, Inc
Open this publication in new window or tab >>Security on harvested power
Show others...
2018 (English)In: WiSec 2018 - Proceedings of the 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Association for Computing Machinery, Inc , 2018, p. 296-298Conference paper, Published paper (Refereed)
Abstract [en]

Security mechanisms for battery-free devices have to operate under severe energy constraints relying on harvested energy. This is challenging, as the energy harvested from the ambient environment is usually scarce, intermittent and unpredictable. One of the challenges for developing security mechanisms for such settings is the lack of hardware platforms that recreate energy harvesting conditions experienced on a battery-free sensor node. In this demonstration, we present an energy harvesting security (EHS) platform that enables the development of security algorithms for battery-free sensors. Our results demonstrate that our platform is able to harvest sufficient energy from indoor lighting to support several widely used cryptography algorithms.

Place, publisher, year, edition, pages
Association for Computing Machinery, Inc, 2018
Keywords
Battery-free, Embedded systems security, Energy-harvesting, Platforms, Electric batteries, Embedded systems, Energy harvesting, Mobile security, Mobile telecommunication systems, Sensor nodes, Ambient environment, Cryptography algorithms, Embedded systems securities, Hardware platform, Security algorithm, Security mechanism, Network security
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-236299 (URN)10.1145/3212480.3226105 (DOI)000456097500038 ()2-s2.0-85050910546 (Scopus ID)9781450357319 (ISBN)
Conference
11th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2018, 18 June 2018 through 20 June 2018
Funder
Swedish Foundation for Strategic Research
Note

QC 20181023

Available from: 2018-10-23 Created: 2018-10-23 Last updated: 2024-03-15Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0001-8919-0098

Search in DiVA

Show all publications