In principle, all systems based on the processing of GPS signals are susceptible to manipulative attacks. © RUB, Marquard

IT Security Protecting aircraft and drones from cyber-attacks

The widely used navigation system GPS is susceptible to cyber-attacks. This is an increasing danger, particularly for aviation.

A new technology that detects manipulations in the GPS system has been developed by an international research team with the participation of the Bochum-based Horst Görtz Institute for IT Security (HGI). It is particularly interesting for aviation, where attackers could lead aircraft off course with fake signals. The new system continuously monitors the airspace, detects fake GPS signals and even locates attackers. In May 2018, the prototype will be presented by the scientists in San Francisco at the IEEE Symposium on Security and Privacy the world’s leading conference on cyber security.

This may affect smartphones and navigation devices in the car, but also drones, ships or even aircraft.

—
Kai Jansen

“In principle, systems based on the processing of GPS signals are susceptible to manipulative attacks. This may affect smartphones and navigation devices in the car, but also drones, ships or even aircraft”, explains Kai Jansen, who is completing his doctorate at the HGI’s Chair of Information Security. “Particularly threatening are criminal attacks in aviation as the consequences can be catastrophic here, for example because they result in the safety distance between two aircraft not being met, which may culminate in collisions.”

Locating attackers

A new system called Crowd-GPS-Sec is supposed to solve the problem. It continuously monitors the position signals that aircraft and drones send regularly for the purpose of air traffic control. Novel algorithms analyse both the timing and content of the signals. If an attacker transmits interfering signals, the system detects this within a maximum of two seconds. It is also able to locate the attacker’s position in less than 15 minutes, to a precision of 150 meters.

Crowdsourcing is the key to success

The name Crowd-GPS-Sec is no coincidence. The system is based on crowdsourcing and currently uses the Open Sky Network platform: Many volunteers operate sensors that receive the signals emitted by aircraft and make this data available online. Every private individual can participate, the more people join in, the better the coverage. “The platform works much like popular flight trackers that allow you to track the position of aircraft live”, explains Jansen.

The results by Kai Jansen and colleagues wil be presented at the world’s leading conference on cyber security in May 2018. © RUB, Marquard

The crowdsourcing-based system has two advantages compared to previously proposed solutions: For one, no new monitoring infrastructure is required. Secondly, the GPS receivers in aircraft or drones do not need to be modified for the new protection to take effect.

On the project

The project, which was coordinated by the Bochum-based HGI, also included the University of Kaiserslautern, the Armasuisse Science and Technology Centre of the Swiss Federal Department of Defence, Civil Protection and Sport, the ETH Zurich and the New York University Abu Dhabi. Kai Jansen was funded through the industrial project Sys-Kit.

Original publication

Kai Jansen, Matthias Schäfer, Daniel Moser, Vincent Lenders, Christina Pöpper, Jens Schmitt: Crowd-GPS-Sec: Leveraging Crowdsourcing to Detect and Localize GPS Spoofing Attacks, 39^th IEEE Symposium on Security and Privacy (SP ’18), San Francisco, USA, 2018

Links

Original paper for download