CISPA
Browse
cispa_all_3965.pdf (1.1 MB)

Location-independent GNSS Relay Attacks: A Lazy Attacker’s Guide to Bypassing Navigation Message Authentication

Download (1.1 MB)
conference contribution
posted on 2023-11-29, 18:24 authored by Maryam Motallebighomi, Harshad Sathaye, Mridula SinghMridula Singh, Aanjhan Ranganathan
In this work, we demonstrate the possibility of spoofing a GNSS receiver to arbitrary locations without modifying the navigation messages. Due to increasing spoofing threats, Galileo and GPS are evaluating broadcast authentication techniques to validate the integrity of navigation messages. Prior work required an adversary to record the GNSS signals at the intended spoofed location and relay them to the victim receiver. Our attack demonstrates the ability of an adversary to receive signals close to the victim receiver and in real-time generate spoofing signals for an arbitrary location without modifying the navigation message contents.We exploit the essential common reception and transmission time method used to estimate pseudorange in GNSS receivers, thereby potentially rendering any cryptographic authentication useless. We build a proof-of-concept real-time spoofer capable of receiving authenticated GNSS signals and generating spoofing signals for any arbitrary location and motion without requiring any high-speed communication networks or modifying the message contents. Our evaluations show that it is possible to spoof a victim receiver to locations as far as 4000 km away from the actual location and with any dynamic motion path. This work further highlights the fundamental limitations in securing a broadcast signaling-based localization system even if all communications are cryptographically protected.

History

Preferred Citation

Maryam Motallebighomi, Harshad Sathaye, Mridula Singh and Aanjhan Ranganathan. Location-independent GNSS Relay Attacks: A Lazy Attacker’s Guide to Bypassing Navigation Message Authentication. In: Conference on Wireless Network Security (WiSec). 2023.

Primary Research Area

  • Secure Connected and Mobile Systems

Name of Conference

Conference on Wireless Network Security (WiSec)

Legacy Posted Date

2023-06-12

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3965, title = "Location-independent GNSS Relay Attacks: A Lazy Attacker’s Guide to Bypassing Navigation Message Authentication", author = "Motallebighomi, Maryam and Sathaye, Harshad and Singh, Mridula and Ranganathan, Aanjhan", booktitle="{Conference on Wireless Network Security (WiSec)}", year="2023", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC