Detecting GNSS Attacks on Smartphones
Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
There has been a significant growth in Location-Based Services (LBS) on mobileapplications. These applications provide service to users based on theirgeographical locations. Emergency services, tracking, navigation, advertisingand social networking are examples of them. As the majority of today’s mobilephones are equipped with GPS receivers, GPS positioning has become one ofthe primary methods for obtaining users’ location. Moreover, GPS providesaccurate time service and many applications specially for time synchronizationare relying on GPS. Despite the good accuracy it provides, security is notconsidered from scratch in civilian GPS and its signals are weak, vulnerable tospoofing and prone to jamming. As it has become a more and more valuableresource, malicious agents have also become keener to identify and abuse theweaknesses in order to interrupt users or commit fraud. That is why therehave been continuous alerts about insecurity in civilian GPS in scholarly andacademic publications. A considerable amount of research has been conductedto tackle the problem of insecurity in GPS, but proposed solutions need eitherfundamental changes in GPS signal structure or more sophisticated types ofreceivers. As changes in GPS signal structure need time, money and politicalwill, this work works on a method to detect spoofing of GPS signals based onthe current GPS signal structure and receivers on mobile phones. We crosscheckpositioning and time information by comparing it with other sourcesof information. GPS positioning data are compared with the user’s positionderived from Wi-Fi positioning and cell positioning and the distance betweenthose is shown to the user. The system also keeps the recent distances and ifthose positions are moving away from each other, it notifies the user about thissuspicious behaviour. Regarding verification of the GPS time, it is comparedwith a time server on the internet. An Android application was designed anddeveloped to implement this method. Then experimental evaluations wereperformed in the urban area of the city of Stockholm. Results show that thesystem can perform positioning with mean value of 50 meter accuracy anddetect simulated spoofing attack. Moreover, it detects the suspicious behaviourif the calculated position and GPS position are gradually moving away fromeach other.
Place, publisher, year, edition, pages
2013. , 82 p.
EES Examensarbete / Master Thesis, XR-EE-LCN 2013:013
Electrical Engineering, Electronic Engineering, Information Engineering
IdentifiersURN: urn:nbn:se:kth:diva-137109OAI: oai:DiVA.org:kth-137109DiVA: diva2:678010
2013-07-31, 11:00 (English)