Daniel Moser
Vincent Lenders
ABSTRACT
Attacker models are the cornerstone of any security assessment. As attacker's capabilities evolve over time, it is key to re-evaluate periodically if attacker models that were deemed unrealistic in the past might not pose a possible threat today. In this work, we evaluate the threat of wireless radio signal cancellation attacks in the face of recent advancements in software-defined radio attacker capabilities. Unlike classical radio interference or jamming attacker models which add noise to the legitimate communication, signal cancellation attacks aim at interfering destructively with the legitimate signal in order to remove those signals from the spectrum. While signal cancellation attacks were deemed unrealistic in the analogue domain, we analyse the system requirements to perform such attacks digitally using SDRs and evaluate the feasibility to launch such attacks against wireless communication systems such as GPS. Our evaluation reveals that signal cancellation attacks that manage to attenuate up to 40 dB of the signal at the receiver are feasible over the air. We further show that even complex CDMA signals such as GPS can be attenuated by 30 dB, even below a receiver's noise floor. These results indicate that digital signal cancellation attacks - especially against systems like GPS - should not be considered impossible per se, but deserve consideration when assessing the threat of attacks on wireless communication systems.
- J.P. Barboux. 1994. Practical Real Time Kinematic Applications of GPS. Proceedings of DSNS 94, London, UK (1994).Google Scholar
- Dinesh Bharadia, Emily McMilin, and Sachin Katti. 2013. Full Duplex Radios. In Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM (SIGCOMM '13). ACM, New York, NY, USA, 375--386. Google ScholarDigital Library
- Y. R. Chien. 2015. Design of GPS Anti-Jamming Systems Using Adaptive Notch Filters. IEEE Systems Journal 9, 2 (June 2015), 451--460.Google ScholarCross Ref
- T. C. Clancy. 2011. Efficient OFDM Denial: Pilot Jamming and Pilot Nulling. In 2011 IEEE International Conference on Communications (ICC). 1--5.Google Scholar
- B. DeBruhl and P. Tague. 2013. How to jam without getting caught: Analysis and empirical study of stealthy periodic jamming. In 2013 IEEE International Conference on Sensing, Communications and Networking (SECON). 496--504.Google Scholar
- Philip K. Dick. 1968. Do Androids Dream Of Electric Sheep? Ballantine Books.Google Scholar
- Ettus Research. 2019. X300/X310 - Ettus Knowledge Base. https://kb.ettus.com/X300/X310#Option:_GPS_Disciplined.2C_Oven-Controlled_Oscillator_.28GPSDO.29 Accessed 2019-01-20.Google Scholar
- Yanming Feng and Jinling Wang. 2008. GPS RTK performance characteristics and analysis. Journal of Global Positioning Systems 7, 1 (2008), 1--8.Google ScholarCross Ref
- C. Fernández-Prades, J. Arribas, P. Closas, C. Avilés, and L. Esteve. 2011. GNSS-SDR: An Open Source Tool For Researchers and Developers. In Proc. of the ION GNSS 2011 Conference. Portland, Oregon.Google Scholar
- Nirnimesh Ghose, Loukas Lazos, and Ming Li. 2017. HELP: Helper-Enabled In-Band Device Pairing Resistant Against Signal Cancellation. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 433--450. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/ghose Google ScholarDigital Library
- Shyamnath Gollakota, Haitham Hassanieh, Benjamin Ransford, Dina Katabi, and Kevin Fu. 2011. They Can Hear Your Heartbeats: Non-invasive Security for Implantable Medical Devices. In Proceedings of the ACM SIGCOMM 2011 Conference (SIGCOMM '11). ACM, New York, NY, USA, 2--13. Google ScholarDigital Library
- Alan Grant, Paul Williams, Nick Ward, and Sally Basker. 2009. GPS Jamming and the Impact on Maritime Navigation. Journal of Navigation 62, 2 (2009), 173--187.Google ScholarCross Ref
- Todd Humphreys. 2017. Springer Handbook of Global Navigation Satellite Systems. Springer International Publishing, Cham, 469--503.Google Scholar
- IGS. {n. d.}. IGS Products - GPS Satellite Ephemerides / Satellite & Station Clocks. http://www.igs.org/products. Accessed: 2016-12--7.Google Scholar
- osqzss. 2018. Software-Defined GPS Signal Simulator. https://github.com/osqzss/gps-sdr-sim Accessed 2019-01-20.Google Scholar
- M. Petracca, M. Vari, F. Vatalaro, and G. Lubello. 2012. Performance evaluation of GSM robustness against smart jamming attacks. In 2012 5th International Symposium on Communications, Control and Signal Processing. 1--6.Google Scholar
- Christina Pöpper, Nils Ole Tippenhauer, Boris Danev, and Srdjan Capkun. 2011. Investigation of Signal and Message Manipulations on the Wireless Channel. In Proceedings of the 16th European Conference on Research in Computer Security (ESORICS'11). Springer-Verlag, Berlin, Heidelberg, 40--59. http://dl.acm.org/citation.cfm?id=2041225.2041229 Google ScholarDigital Library
- M. L. Psiaki and T. E. Humphreys. 2016. GNSS Spoofing and Detection. Proc. IEEE 104, 6 (June 2016), 1258--1270.Google ScholarCross Ref
- Aanjhan Ranganathan, Hildur Ólafsdóttir, and Srdjan Capkun. 2016. SPREE: A Spoofing Resistant GPS Receiver. In Proceedings of the 22Nd Annual International Conference on Mobile Computing and Networking (MobiCom '16). ACM, New York, NY, USA, 348--360. Google ScholarDigital Library
- J.S. Subirana, J.M.J. Zornoza, M. Hernández-Pajares, European Space Agency, and K. Fletcher. 2013. GNSS Data Processing. ESA Communications.Google Scholar
- US Department of Defence. 2008. GPS SPS Performance Standard. Online: https://www.gps.gov/technical/ps/2008-SPS-performance-standard.pdf.Google Scholar
- David L. M. Warren and John F. Raquet. 2003. "Broadcast vs. precise GPS ephemerides: a historical perspective". GPS Solutions 7, 3 (2003), 151--156.Google ScholarCross Ref
- Kyle D. Wesson, Jason N. Gross, Todd E. Humphreys, and Brian L. Evans. 2017. GNSS Signal Authentication via Power and Distortion Monitoring. arXiv:arXiv:1702.06554Google Scholar
- Matthias Wilhelm, Ivan Martinovic, Jens B. Schmitt, and Vincent Lenders. 2011. Reactive Jamming in Wireless Networks: How Realistic is the Threat?. In Proceedings of the Fourth ACM Conference on Wireless Network Security (WiSec '11). ACM, New York, NY, USA, 47--52. http://dl.acm.org/authorize?431905 Google ScholarDigital Library
- L. Xiao, T. Chen, J. Liu, and H. Dai. 2015. Anti-Jamming Transmission Stackelberg Game With Observation Errors. IEEE Communications Letters 19, 6 (June 2015), 949--952.Google ScholarCross Ref
- Wenyuan Xu, Ke Ma, W. Trappe, and Yanyong Zhang. 2006. Jamming sensor networks: attack and defense strategies. IEEE Network 20, 3 (May 2006), 41--47. Google ScholarDigital Library
- S. Yubo, Z. Kan, Y. Bingxin, and C. Xi. 2010. A GSM/UMTS Selective Jamming System. In 2010 International Conference on Multimedia Information Networking and Security. 813--815. Google ScholarDigital Library
Recommendations
Defense against Primary User Emulation Attacks in Cognitive Radio Networks
Cognitive radio (CR) is a promising technology that can alleviate the spectrum shortage problem by enabling unlicensed users equipped with CRs to coexist with incumbent users in licensed spectrum bands while causing no interference to incumbent ...
Impact of Off-Sensing Attacks in Cognitive Radio Networks
GLOBECOM 2017 - 2017 IEEE Global Communications ConferenceCognitive Radio (CR) is a promising solution to solve the spectrum scarcity problem. It enables opportunistic access to the available licensed spectrum for secondary users (SUs). However, CR networks (CRNs) possess security vulnerabilities and are ...
Comments