[time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

[Tim Shoppa]

In some sense the "jump everyone to the airport 32km away" is a
too-simplistic case because it's too easy to detect.

Let's just arbitrarily place 100nanoseconds as the threshold for detectable
time jump indicating that you're being spoofed. Yes modern timing receivers
do better than that all the time but navigation receivers are not timing
receivers.

The spoofing transmitter would need to know the single target's
3-dimensional location to 100 feet, to avoid detection of a spoofing
attempt, then. This seems possible or even likely, especially in the case
of a spoofing demonstration with slow seagoing vessels, or maybe even road
vehicles known to be traveling on a given highway combined with other
roadside sensors.

After the spoofer had acquired the spoofing target that way, giving it a
false (but not inconceivable) course to the wrong location seems possible.
If you know something about the craft's ability for inertial guidance you
would keep your fake course within those parameters.

So it all gets much easier ifyou can set up the local detection net at key
locations that a spoofing target is likely to travel through. A narrow
strait or a highway intersection. It all gets much harder when you have
multiple targets in your field of view that you want to spoof especially if
you can't follow them closely.

But maybe as long as all the GPS manufacturers are focusing on low
time-to-first-fix, the target GPS will always be too willing to believe a
completely arbitrary location. Us time-nuts don't mind surveying for days.
Real GPS positioining users want the answer much more quickly!

Tim N3QE



On Mon, Aug 14, 2017 at 12:51 PM, Attila Kinali <attila at kinali.ch> wrote:

> On Mon, 14 Aug 2017 12:09:43 -0400
> Tim Shoppa <tshoppa at gmail.com> wrote:
>
> > I think if you are only trying to spoof a single receiver it would be
> > possible to walk a spoofed time/space code in a way that time moved
> without
> > so obvious of a discontinuity. I'm sure there would be effects a time-nut
> > could notice still.
>
> Not really. Unless you have a multi-antenna setup (see jim's email),
> you have nothing to compare the signal to. Even an ideal reference
> clock in your GPS receiver does not help, as the attacker could be
> tracking you in such a way that you will never see a discontinuity
> in time or position and that all the other sanity checks you do
> still don't show anything.
>
> With a two antenna setup, you can already check whether the phases
> add up to what you expect them to be, given your position relative
> to the satellites position. You do not need 3 antennas as a potential
> attacker can spoof the phase of some satellites correctly, but not
> of all at the same time. This at least gives you a spoof/no-spoof signal.
>
> With an antenna array you can do some masking of spoofers (ie placing
> a null where the spoofer comes from). But this increases the cost and
> complexity of the system super-linear with the number of antennas.
> Maybe one way to do it, would be to use a single receiver with a stable
> reference clock and switch between antennas in short succession. Ie similar
> to how the early single channel GPS receivers worked, but for antennas
> instead of SVs. But I have no idea how easy/difficult this would be
> to do and how well it would work against spoofers.
>
>                                 Attila Kinali
> --
> It is upon moral qualities that a society is ultimately founded. All
> the prosperity and technological sophistication in the world is of no
> use without that foundation.
>                  -- Miss Matheson, The Diamond Age, Neil Stephenson
> _______________________________________________
> time-nuts mailing list -- time-nuts at febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> and follow the instructions there.
>