Secure location services

Technology is said to make our lives easier. We are surrounded by a collection of devices with embedded computational intelligence that assists us in our daily tasks. You can choose to have a freshly brewed coffee at the press of a button, or make your car park itself. Embedded systems are often used to provide services that are crucial to our safety and security, such as an aircraft’s autopilot or programmable logic controllers regulating industrial processes.

Technology is said to make our lives easier- Gerhard Hancke

There is an increasing number of embedded systems, used in safety and security sensitive applications, which incorporate public location information into their core functionality. Embedded systems that rely on location information are responsible for aviation and maritime navigation, emergency response and rescue operations, high-value asset or vehicle tracking, and even rail signalling and train control.

The main source of location information in these embedded systems is global navigation space systems (GNSS), such as GPS (US), GLONASS (Russia) and the forthcoming Galileo (EU) and Compass (China). The large-scale use of GNSS for position, navigation and time (PNT) data is the result of such systems’ ubiquitous availability, accuracy and the relatively low cost of use. There are numerous proposals for location-based services incorporating non-GNSS technology, which include the use of mobile network base stations or terrestrial radio (LORAN), but the issue of availability inhibits these systems reaching the scale of GNSS. For example, mobile infrastructure is generally limited to developed areas and continued operation is dependent on private enterprise, while LORAN has been largely decommissioned and it is not yet certain how widely the enhanced version (eLORAN) will be deployed.

The security of GPS became a very public matter in December 2011 when a US Sentinel UAV was captured by Iranian forces, who claimed that they had done so by manipulating the UAV’s GPS navigation system. However, the security vulnerabilities of the GPS system and the increasing reliance of sensitive applications on global positioning were issues already pointed out more than a decade before.

A decade later security vulnerabilities remain while the use of GPS in critical applications have increased dramatically, a situation affirmed in a 2011 report by the Royal Academy of Engineering emphasising the reliance on, and the vulnerabilities of, GNSS.

Technology has moved on from then and with the advent of software-defined radios the transmission of GPS signals has become significantly easier and cheaper. These days GPS signals could feasibly be received, relayed or created with open source software, such as GNU Radio, and a small, generic software radio platform such as the Ettus USRP. Although it is not as elegant an exploit, jamming is just as big a threat as meaconing and spoofing. The loss of GPS services potentially disrupt a wide range of services usually taken for granted.

Small scale GPS jammers are widely available for online purchase and marketed as personal privacy devices (PPD), which can jam both GPS and mobile communication. These products are intended for people who wish to prevent third parties from tracking them using location-based services but unfortunately such a device can just as easily be used by thieves to disable asset and vehicle tracking systems. PPDs could also unintentionally effect much more critical applications. A good example of this is a Federal Aviation Authority investigation into the reason why a GPS-based landing systems used at New Jersey’s Newark Airport suffered from periodic breaks in reception. PPDs used by truckers on the nearby freeway were eventually identified as the cause.

Redesigning GNSS to allow for secure civil location services will in all likelihood not happen anytime soon and securing civil location services does not appear to be an immediate concern. GPS III, which is scheduled for deployment in 2014, introduces a second civilian channel and a “Safety of Life” channel, alongside a backward compatible civilian channel, but none of these channels provides for any security mechanisms. GPS III does include improved anti-jamming and security measures on the military channel. Only one of Galileo’s five forthcoming services does allow for jamming resistance and encryption.

Of course, if security mechanisms were ever to be implemented on civilian channels this might adversely affect their ubiquitous usability. For example, a cryptographic solution would need a suitable key management system, which would allow for timely key distribution to both transmitters and receivers. This especially adds to the complexity and cost of the receiver, and some users with limited security needs might not be satisfied with a system where they could lose service out in the wilderness or on the ocean because their device was unable to receive a key update.

This means that the responsibility rests on systems designers to find ways to improve existing receiver architectures, hardening these against simple attacks, to take GNSS security risks into account when designing location services, and to incorporate adequate fail-safe measures, such as back-up non-GNSS solutions.

Dr Hancke will be one of the main speakers at a seminar entitled “Who is spying through the devices in your pocket?” tomorrow at 6 p.m. at the St. Martin’s Institute of IT in Ħamrun. More information is available on e-mail infodesk@stmartins.edu.

Dr Hancke is a teaching fellow within the Information Security Group, Royal Holloway, University of London.