kth.sePublications
Change search
Refine search result
1 - 9 of 9
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Hylamia, Sam
    et al.
    KTH.
    Spanghero, Marco
    KTH.
    Varshney, Ambuj
    Uppsala University, Uppsala, Sweden.
    Voigt, Thiemo
    Uppsala University and RISE SICS, Uppsala and Stockholm, Sweden.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Security on harvested power2018In: WiSec 2018 - Proceedings of the 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Association for Computing Machinery, Inc , 2018, p. 296-298Conference paper (Refereed)
    Abstract [en]

    Security mechanisms for battery-free devices have to operate under severe energy constraints relying on harvested energy. This is challenging, as the energy harvested from the ambient environment is usually scarce, intermittent and unpredictable. One of the challenges for developing security mechanisms for such settings is the lack of hardware platforms that recreate energy harvesting conditions experienced on a battery-free sensor node. In this demonstration, we present an energy harvesting security (EHS) platform that enables the development of security algorithms for battery-free sensors. Our results demonstrate that our platform is able to harvest sufficient energy from indoor lighting to support several widely used cryptography algorithms.

  • 2.
    Lenhart, Malte
    et al.
    KTH.
    Spanghero, Marco
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS.
    Relay/replay attacks on GNSS signals2021In: WiSec 2021 - Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Association for Computing Machinery (ACM) , 2021, p. 380-382Conference paper (Refereed)
    Abstract [en]

    Global Navigation Satellite Systems (GNSSs) are ubiquitously relied upon for positioning and timing. Detection and prevention of attacks against GNSS have been researched over the last decades, but many of these attacks and countermeasures were evaluated based on simulation. This work contributes to the experimental investigation of GNSS vulnerabilities, implementing a relay/replay attack with off-the-shelf hardware. Operating at the signal level, this attack type is not hindered by cryptographically protected transmissions, such as Galileo's Open Service Navigation Message Authentication (OS-NMA). The attack we investigate involves two colluding adversaries, relaying signals over large distances, to effectively spoof a GNSS receiver. We demonstrate the attack using off-the-shelf hardware, we investigate the requirements for such successful colluding attacks, and how they can be enhanced, e.g., allowing for finer adversarial control over the victim receiver. 

  • 3. Lenhart, Malte
    et al.
    Spanghero, Marco
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS.
    Papadimitratos, Panos
    Distributed and Mobile Message Level Relaying/Replaying of GNSS Signals2022In: The International Technical Meeting of the The Institute of Navigation, Institute of Navigation , 2022Conference paper (Refereed)
    Abstract [en]

    With the introduction of Navigation Message Authentication (NMA), future Global Navigation Satellite Systems (GNSSs) prevent spoofing by simulation, i.e., the generation of forged satellite signals based on publicly known information. However, authentication does not prevent record-and-replay attacks, commonly termed as meaconing. Meaconing attacks are less powerful in terms of adversarial control over the victim receiver location and time, but by acting at the signal level, they are not thwarted by NMA. This makes replaying/relaying attacks a significant threat for current and future GNSS. While there are numerous investigations on meaconing attacks, the vast majority does not rely on actual implementation and experimental evaluation in real-world settings. In this work, we contribute to the improvement of the experimental understanding of meaconing attacks. We design and implement a system capable of real-time, distributed, and mobile meaconing, built with off-the-shelf hardware. We extend from basic distributed meaconing attacks, with signals from different locations relayed over the Internet and replayed within range of the victim receiver(s). This basic attack form has high bandwidth requirements and thus depends on the quality of service of the available network to work. To overcome this limitation, we propose to replay on message level, i.e., to demodulate and re-generate signals before and after the transmission respectively (including the authentication part of the payload). The resultant reduced bandwidth enables the attacker to operate in mobile scenarios, as well as to replay signals from multiple GNSS constellations and/or bands simultaneously. Additionally, the attacker can delay individually selected satellite signals to potentially influence the victim position and time solution in a more fine-grained manner. Our versatile test-bench, enabling different types of replaying/relaying attacks, facilitates testing realistic scenarios towards new and improved replaying/relaying-focused countermeasures in GNSS receivers.

  • 4.
    Spanghero, Marco
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS.
    Geib, Filip
    Wingtra AG, Zürich, Switzerland.
    Panier, Ronny
    Wingtra AG, Zürich, Switzerland.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS.
    Uncovering GNSS Interference with Aerial Mapping UAV2024In: Uncovering GNSS Interference with Aerial Mapping UAV, Institute of Electrical and Electronics Engineers (IEEE) , 2024Conference paper (Refereed)
    Abstract [en]

    Global Navigation Satellite System (GNSS) receivers provide ubiquitous and precise position, navigation, and time (PNT) to a wide gamut of civilian and tactical infrastructures and devices. Due to the low GNSS received signal power, even low-power radiofrequency interference (RFI) sources are a serious threat to the GNSS integrity and availability. Nonetheless, RFI source localization is paramount yet hard, especially over large areas. Methods based on multi-rotor unmanned aerial vehicles (UAV) exist but are often limited by hovering time, and require specific antenna and detectors. In comparison, fixed-wing planes allow longer missions but are more complex to operate and deploy. A vertical take-off and landing (VTOL) UAV combines the positive aspects of both platforms: high maneuverability, and long mission time and, jointly with highly integrated control systems, simple operation and deployment. Building upon the flexibility allowed by such a platform, we propose a method that combines advanced flight dynamics with high-performance consumer receivers to detect interference over large areas, with minimal interaction with the operator. The proposed system can detect multiple interference sources and map their area of influence, gaining situational awareness of poor GNSS quality or denied environments. Furthermore, it can estimate the relative heading and position of the interference source within tens of meters. The proposed method is validated with real-life measurements, successfully mapping two interference-affected areas and exposing radio equipment causing involuntary in-band interference.

    Download full text (pdf)
    Aeroconf_MSGPP_24
  • 5.
    Spanghero, Marco
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS.
    Detecting GNSS misbehaviour with high-precision clocks2021In: Proceedings WiSec 2021 - Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Association for Computing Machinery (ACM) , 2021, p. 389-391Conference paper (Refereed)
    Abstract [en]

    To mitigate spoofing attacks targeting global navigation satellite systems (GNSS) receivers, one promising method is to rely on alternative time sources, such as network-based synchronization, in order to detect clock offset discrepancies caused by GNSS attacks. However, in case of no network connectivity, such validation references would not be available. A viable option is to rely on a local time reference; in particular, precision hardware clock ensembles of chip-scale thermally stable oscillators with extended holdover capabilities. We present a preliminary design and results towards a custom device capable of providing a stable reference, with smaller footprint and cost compared to traditional precision clocks. The system is fully compatible with existing receiver architecture, making this solution feasible for most industrial scenarios. Further integration with network-based synchronization can provide a complete time assurance system, with high short- and long-term stability. 

  • 6.
    Spanghero, Marco
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Communication Systems, CoS. KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS.
    Detecting GNSS misbehavior leveraging secure heterogeneous time sources2023In: IEEE/ION Position, Location and Navigation Symposium (PLANS), Monterey, California, April 24-27, 2023, Institute of Electrical and Electronics Engineers (IEEE), 2023Conference paper (Refereed)
    Abstract [en]

    Civilian Global Navigation Satellite Systems (GNSS)vulnerabilities are a threat to a wide gamut of critical systems.GNSS receivers, as part of the encompassing platform, can leverage external information to detect GNSS attacks. Specifically, cross-checking the time produced by the GNSS receiver against multiple trusted time sources can provide robust and assuredPNT. In this work, we explore the combination of secure remote,network-based time providers and local precision oscillators. This multi-layered defense mechanism detects GNSS attacks that induce even small time offsets, including attacks mounted in cold start. Our system does not require any modification to the current structure of the GNSS receiver, it is agnostic to the satellite constellation and the attacker type. This makes time-based data validation of GNSS information compatible with existing receivers and readily deployable.

    Download full text (pdf)
    fulltext
  • 7.
    Spanghero, Marco
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS.
    Papadimitratos, Panos
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Software and Computer systems, SCS.
    High-precision Hardware Oscillators Ensemble for GNSS Attack Detection2022In: IEEE Aerospace Conference Proceedings, Institute of Electrical and Electronics Engineers (IEEE) , 2022Conference paper (Refereed)
    Abstract [en]

    A wide gamut of important applications rely on global navigation satellite systems (GNSS) for precise time and positioning. Attackers dictating the GNSS receiver position and time solution are a significant risk, especially due to the inherent vulnerability of GNSS systems. A first line of defense, for a large number of receivers, is to rely on additional information obtained through the rich connectivity of GNSS enabled platforms. Network time can be used for direct validation of the GNSS receiver time; but this depends on network availability. To allow attack detection even when there are prolonged network disconnections, we present a method based on on-board ensemble of reference clocks. This allows the receiver to detect sophisticated attacks affecting the GNSS time solution, independently of the specific attack methodology. Results obtained with Chip-Scale Oven Compensated Oscillators (CS-OCXO) are promising and demonstrate the potential of embedded ensembles of reference clocks, detecting attacks causing modifications of the receiver time offset as low as 0.3 mus, with half the detection latency compared to related literature. 

  • 8.
    Spanghero, Marco
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Communication Systems, CoS.
    Zhang, Kewei
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Communication Systems, CoS.
    Authenticated time for detecting GNSS attacks2020In: Proceedings of the 33rd International Technical Meeting of the Satellite Division of the Institute of Navigation, ION GNSS+ 2020, Institute of Navigation , 2020, p. 3826-3834Conference paper (Refereed)
    Abstract [en]

    Information cross-validation can be a powerful tool to detect manipulated, dubious GNSS data. A promising approach is to leverage time obtained over networks a mobile device can connect to, and detect discrepancies between the GNSS-provided time and the network time. The challenge lies in having reliably both accurate and trustworthy network time as the basis for the GNSS attack detection. Here, we provide a concrete proposal that leverages, together with the network time servers, the nearly ubiquitous IEEE 802.11 (Wi-Fi) infrastructure. Our framework supports application-layer, secure and robust real time broadcasting by Wi-Fi Access Points (APs), based on hash chains and infrequent digital signatures verification to minimize computational and communication overhead, allowing mobile nodes to efficiently obtain authenticated and rich time information as they roam. We pair this method with Network Time Security (NTS), for enhanced resilience through multiple sources, available, ideally, simultaneously. We analyze the performance of our scheme in a dedicated setup, gauging the overhead for authenticated time data (Wi-Fi timestamped beacons and NTS). The results show that it is possible to provide security for the external to GNSS time sources, with minimal overhead for authentication and integrity, even when the GNSS-equipped nodes are mobile, and thus have short interactions with the WiFi infrastructure and possibly intermittent Internet connectivity, as well as limited resources.

  • 9.
    Zhang, Kewei
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Communication Systems, CoS. KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Spanghero, Marco
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Communication Systems, CoS.
    Papadimitratos, Panagiotis
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Communication Systems, CoS.
    Protecting GNSS-based Services using Time Offset Validation2020In: 2020 IEEE/ION Position, Location and Navigation Symposium, PLANS 2020, 2020, p. 575-583Conference paper (Refereed)
    Abstract [en]

    Global navigation satellite systems (GNSS) provide pervasive accurate positioning and timing services for a large gamut of applications, from Time based One-Time Passwords (TOPT), to power grid and cellular systems. However, there can be security concerns for the applications due to the vulnerability of GNSS. It is important to observe that GNSS receivers are components of platforms, in principle having rich connectivity to different network infrastructures. Of particular interest is the access to a variety of timing sources, as those can be used to validate GNSS-provided location and time. Therefore, we consider off-the-shelf platforms and how to detect if the GNSS receiver is attacked or not, by cross-checking the GNSS time and time from other available sources. First, we survey different technologies to analyze their availability, accuracy and trustworthiness for time synchronization. Then, we propose a validation approach for absolute and relative time. Moreover, we design a framework and experimental setup for the evaluation of the results. Attacks can be detected based on WiFi supplied time when the adversary shifts the GNSS provided time, more than 23.942 μs; with Network Time Protocol (NTP) supplied time when the adversary-induced shift is more than 2.046 ms. Consequently, the proposal significantly limits the capability of an adversary to manipulate the victim GNSS receiver.

    Download full text (pdf)
    fulltext
1 - 9 of 9
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf