The OSNMA protocol discussed is based on Timed Efficient Stream Loss-Tolerant Authentication (TESLA):
> This document introduces Timed Efficient Stream Loss-tolerant Authentication (TESLA). TESLA allows all receivers to check the integrity and authenticate the source of each packet in multicast or broadcast data streams. TESLA requires no trust between receivers, uses low-cost operations per packet at both sender and receiver, can tolerate any level of loss without retransmissions, and requires no per-receiver state at the sender. TESLA can protect receivers against denial of service attacks in certain circumstances. Each receiver must be loosely time-synchronized with the source in order to verify messages, but otherwise receivers do not have to send any messages. TESLA alone cannot support non-repudiation of the data source to third parties.
* A. Perrig, R. Canetti, J. Tygar and D. Song, “Efficient Authentication and Signing of Multicast Streams over Lossy Channels,” IEEE Symposium on Security and Privacy, pp. 56-73, May 2000.
> Military solutions will fall back to inertial, celestial or optical guidance, and people using GPS for navigation will at worst show up where they need to be somewhat later than planned.
The US Navy re-started celestial navigation a few years ago:
For those wanting to invest (substantially) more time, the two videos by "Tippecanoe Boats" are slightly rambling at times, but he does lay things out pretty well by the end of it (second is largely examples):
>> Military solutions will fall back to inertial, celestial or optical guidance, and people using GPS for navigation will at worst show up where they need to be somewhat later than planned.
> The US Navy re-started celestial navigation a few years ago:
Also, the SR-71, B-1, and B-2 and other aircraft have automated celestial navigation systems to provide corrections to their INSs:
Honestly, for military applications, GPS seems to be mainly useful for bad weather and providing navigation to the smallest units (and I'd think a small unit would be able fall back to a map and compass).
These military instructional videos are so great. They explain a lot of concepts very clearly. Nowadays videos seem to be more casual, with more focus on practice than understanding the theory.
The article addresses that scenario, and confirms that using multiple receivers would allow you to reliably detect spoofing. They'd report the same location but a slightly different time.
So if I understand this right the signature is 32bits times 24 times 15 per full frame?
After the fact, why exactly can I not precalculate my spoofed data stream?
I just need to spend:
3*2^31*24*15*(spoof_seconds/30) ops (on average)?
(assuming 3 streams for position data)
Sure, not cheap, but hardly hard even for even a hobbyist.
So ~2^45 ops to spoof 10 minutes of data? That's doable.
Is my math off?
I have more faith in the direction finding aspects. Here's from the article, an understatement of the year:
> To beat these simple tricks, a spoofer will need to have multiple transmitters that actually show the same parallax as the actual satellites. However, you can only do this by placing your transmitters next to the satellites - in space. This raises the bar significantly.
Some people say that there isn't much open literature on GPS anti-spoofing, but there are many patents filed by the likes of Lockheed-Martin, Boeing, BAE, etc.
I find the multiple antenna answers interesting.
For instance, one of the easier attack scenarios against an airplane is to have a directional antenna on the ground. Because airplanes broadcast their GPS position via ADS-B, you could also know that you'd succeeded.
In a case like that, however, the radio signal from the ground would be stronger than the signal from the sky and it would be obvious what was going on, unless the attacker managed to get the power level just right.
With multiple receivers you also will see very different results with spoofing than with a real signal. For instance if you had a receiver at the front of the airplane and one at the back of the airplane, the time delay for all the fake satellites would be the same (they all come from the same place) whereas the time delays (e.g. position) would be noticeably different from real sats.
if an attacker knows that the plane has two antennas, and their exact locations, he/she can generate the "correct" signals at each plane antenna with two attacker antennas and lots of math.
Getting their exact locations is simplified by the fact the location is being transmitted by ADS-B...
> Because airplanes broadcast their GPS position via ADS-B, you could also know that you'd succeeded.
If the GPS is integrated with inertial navigation systems, the effect of GPS spoofing on the computation of the position (that could be observed by ADS-B) might prove tricky to anticipate.
Is there any cheap, open source alternative to GPS for navigation? I'm thinking of an electronic sextant (or star tracker) for rough position estimation, with a few km accuracy.
I'm somewhat annoyed at the accelerometer/gyroscopes that are available to the public, it is like they are all gimped to prevent you from building a weapons guidance system.
For instance, the Wiimote doesn't have the dynamic range to handle the highest accelerations you can generate waving your arms, which makes it hard to use that kind of thing for athletic training.
[+] [-] throw0101a|5 years ago|reply
> This document introduces Timed Efficient Stream Loss-tolerant Authentication (TESLA). TESLA allows all receivers to check the integrity and authenticate the source of each packet in multicast or broadcast data streams. TESLA requires no trust between receivers, uses low-cost operations per packet at both sender and receiver, can tolerate any level of loss without retransmissions, and requires no per-receiver state at the sender. TESLA can protect receivers against denial of service attacks in certain circumstances. Each receiver must be loosely time-synchronized with the source in order to verify messages, but otherwise receivers do not have to send any messages. TESLA alone cannot support non-repudiation of the data source to third parties.
* https://tools.ietf.org/html/rfc4082
* A. Perrig, R. Canetti, J. Tygar and D. Song, “Efficient Authentication and Signing of Multicast Streams over Lossy Channels,” IEEE Symposium on Security and Privacy, pp. 56-73, May 2000.
[+] [-] oritsnile|5 years ago|reply
[+] [-] throw0101a|5 years ago|reply
The US Navy re-started celestial navigation a few years ago:
* https://www.npr.org/2016/02/22/467210492/u-s-navy-brings-bac...
This (1960s?) US government produced (45m) video video gives a pretty good overview:
* https://www.youtube.com/watch?v=UV1V9-nnaAs
For those wanting to invest (substantially) more time, the two videos by "Tippecanoe Boats" are slightly rambling at times, but he does lay things out pretty well by the end of it (second is largely examples):
* https://www.youtube.com/watch?v=-ARXW8InStY
* https://www.youtube.com/watch?v=yu5R5mrrGB0
[+] [-] ardy42|5 years ago|reply
> The US Navy re-started celestial navigation a few years ago:
Also, the SR-71, B-1, and B-2 and other aircraft have automated celestial navigation systems to provide corrections to their INSs:
https://www.thedrive.com/the-war-zone/17207/sr-71s-r2-d2-cou...
Honestly, for military applications, GPS seems to be mainly useful for bad weather and providing navigation to the smallest units (and I'd think a small unit would be able fall back to a map and compass).
[+] [-] PaulHoule|5 years ago|reply
https://en.wikipedia.org/wiki/Joint_Direct_Attack_Munition
The INS doesn't need to be terribly high performance because it only needs to work for the time it takes a bomb to fall from the sky.
[+] [-] matheusmoreira|5 years ago|reply
[+] [-] knorker|5 years ago|reply
Can I not just run two GNSS receivers 10 meters apart (on a ship), and if they report as having the same position, then I know someone is spoofing?
It should be really hard to beamform the spoofing to spoof two different locations, at least from a distance because of the precise angles needed.
Yes, this assumes that my real GNSS signal is good enough that they normally are 10M apart.
[+] [-] jaywalk|5 years ago|reply
[+] [-] PaulHoule|5 years ago|reply
[+] [-] knorker|5 years ago|reply
After the fact, why exactly can I not precalculate my spoofed data stream?
I just need to spend:
(assuming 3 streams for position data)Sure, not cheap, but hardly hard even for even a hobbyist.
So ~2^45 ops to spoof 10 minutes of data? That's doable.
Is my math off?
I have more faith in the direction finding aspects. Here's from the article, an understatement of the year:
> To beat these simple tricks, a spoofer will need to have multiple transmitters that actually show the same parallax as the actual satellites. However, you can only do this by placing your transmitters next to the satellites - in space. This raises the bar significantly.
[+] [-] MauranKilom|5 years ago|reply
[+] [-] PaulHoule|5 years ago|reply
I find the multiple antenna answers interesting.
For instance, one of the easier attack scenarios against an airplane is to have a directional antenna on the ground. Because airplanes broadcast their GPS position via ADS-B, you could also know that you'd succeeded.
In a case like that, however, the radio signal from the ground would be stronger than the signal from the sky and it would be obvious what was going on, unless the attacker managed to get the power level just right.
With multiple receivers you also will see very different results with spoofing than with a real signal. For instance if you had a receiver at the front of the airplane and one at the back of the airplane, the time delay for all the fake satellites would be the same (they all come from the same place) whereas the time delays (e.g. position) would be noticeably different from real sats.
[+] [-] londons_explore|5 years ago|reply
Getting their exact locations is simplified by the fact the location is being transmitted by ADS-B...
[+] [-] Thervicarl|5 years ago|reply
If the GPS is integrated with inertial navigation systems, the effect of GPS spoofing on the computation of the position (that could be observed by ADS-B) might prove tricky to anticipate.
[+] [-] MayeulC|5 years ago|reply
[+] [-] PaulHoule|5 years ago|reply
For instance, the Wiimote doesn't have the dynamic range to handle the highest accelerations you can generate waving your arms, which makes it hard to use that kind of thing for athletic training.
[+] [-] aaron695|5 years ago|reply
[+] [-] henriklied|5 years ago|reply