Location-independent GNSS Relay Attacks: A Lazy Attacker’s Guide to Bypassing Navigation Message Authentication

Motallebighomi, Maryam and Sathaye, Harshad and Singh, Mridula and Ranganathan, Aanjhan
(2023) Location-independent GNSS Relay Attacks: A Lazy Attacker’s Guide to Bypassing Navigation Message Authentication.
In: 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2023), May 29 - June 01, 2023, Surrey, UK.
Conference: UNSPECIFIED

[img] Text
motallebighomi23-gnssrelay.pdf
Download (1MB)

Abstract

In this work, we demonstrate the possibility of spoofing a GNSS receiver to arbitrary locations without modifying the navigation messages. Due to increasing spoofing threats, Galileo and GPS are evaluating broadcast authentication techniques to validate the integrity of navigation messages. Prior work required an adversary to record the GNSS signals at the intended spoofed location and relay them to the victim receiver. Our attack demonstrates the ability of an adversary to receive signals close to the victim receiver and in real-time generate spoofing signals for an arbitrary location without modifying the navigation message contents.We exploit the essential common reception and transmission time method used to estimate pseudorange in GNSS receivers, thereby potentially rendering any cryptographic authentication useless. We build a proof-of-concept real-time spoofer capable of receiving authenticated GNSS signals and generating spoofing signals for any arbitrary location and motion without requiring any high-speed communication networks or modifying the message contents. Our evaluations show that it is possible to spoof a victim receiver to locations as far as 4000 km away from the actual location and with any dynamic motion path. This work further highlights the fundamental limitations in securing a broadcast signaling-based localization system even if all communications are cryptographically protected.

Item Type: Conference or Workshop Item (A Paper) (Paper)
Divisions: Mridula Singh (MSi)
Conference: UNSPECIFIED
Depositing User: Mridula Singh
Date Deposited: 12 Jun 2023 10:44
Last Modified: 12 Jun 2023 10:44
Primary Research Area: NRA4: Secure Mobile and Autonomous Systems
URI: https://publications.cispa.saarland/id/eprint/3965

Actions

Actions (login required)

View Item View Item
CISPA is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.