Tackling Insecurity in GNSS

Concerns over the potential threats to Global Navigation Satellite Systems (GNSS) have become more high profile in the last year, as efforts in connected transportation have accelerated significantly. Signal jamming and spoofing, as well as software hacking, by both malicious actors and security researchers have brought to light the need to tackle GNSS security.

In a webinar demonstration earlier this year on July 11, security researchers at Regulus Cyber showcased how to spoof signals from the GNSS and effectively disrupt the automatic navigation system of a Tesla Model 3. By tampering with the Navigate on Autopilot (NOA) feature, the researchers were able to waive confirmation requirements for lane changes, activating turn signals, and changing direction. The attack enables extreme deceleration and acceleration, rapid lane changing, unnecessary signaling, driving instability, and attempts to exit the highway at incorrect locations. This demo is one of many in the connected car scene, which has been under the increasing scrutiny of many security researchers.

The dependence on GNSS is growing significantly, and not just in the connected car scene. Sectors such as logistics and transportation (fleet management and telematics), commercial aviation, container ports and maritime, are increasingly reliant and therefore vulnerable to GNSS threats. GNSS spoofing, jamming, Radio Frequency (RF) interference, and hacking are serious issues for the future of the transportation industry.

In the maritime space, a group of 14 organizations forming the Resilient Navigation and Timing (RNT) Foundation petitioned the U.S. Coast Guard to raise the issue of GNSS jamming with the International Maritime Organization (IMO). The Foundation raised concerns over the increased acts of GNSS spoofing and blocking in the Black Sea and eastern Mediterranean between 2016 and 2018. The IMO has made Electronic Chart Display and Information System (ECDIS) mandatory on larger commercial and passenger vessels, which leverages GNSS. As such, GNSS security has become a high priority for the industry.

The European Space Agency (ESA) launched a number of new initiatives from their Navigation Innovation and Support Program (NAVISP) to counter jamming and spoofing efforts, especially with the recent advances with Europe’s Galileo GNSS in the commercial market. The ESA has been calling for ‘innovative concepts, techniques, technologies and systems linked to the Positioning, Navigation, and Timing (PNT) sector, along the entire value chain’ that can work in combination with GNSS components. These proposals are set to be implemented via competitive tenders.

In parallel to these efforts, the European Global Satellite Navigation Systems Agency (GSA) has set up the Galileo Authenticated Robust Timing System (GEARS) project for the development of a timing system to validate GNSS signals and protect the Galileo system from GNSS threats. The idea is to provide accurate and robust time in GNSS-challenged environments. It further aims to provide a backup signal and timing reference should the Galileo system be unavailable.

In fact, Orolia, a PNT solutions provider, was recently selected by the GSA to develop a resilient time and frequency server to protect critical GNSS-reliant systems. The GSA awarded the firm $1.8 million (1.7 million Euros) under the GEARS project. Orolia’s time server will use the Galileo navigation data authentication signal in combination with its interreference detection and mitigation capabilities to increase jamming resistance. Orolia recently upgraded its product portfolio through the Skydel acquisition, which allowed it to add new PNT capabilities including testing and simulation protocols, additional customized signals, and vulnerability assessments for military and commercial applications. The firm will collaborate with four other European partners (FDC France, Netherlands Aerospace Center, National Land Survey of Finland — Finnish Geospatial Research Institute, and NavCert Germany) over the course of the next two years to develop an appropriate prototype that incorporates security and robustness for Galileo’s timing receivers.

The railway sector is another industry that is looking to GNSS. The GSA is also behind the ERSAT project, co-funded with the ESA and the Italian Space Agency, to demonstrate the capability of satellite-based positioning embedded within the European Rail Traffic Management System (ERTMS) ecosystem. The goal is to activate the first commercial line by end of 2020, and this will mean that the GNSS must be resilient. GNSS is a highly-prioritized area for the railway sector in Europe, and a number of projects, in addition to ERSAT, are looking to advance satellite usage: System Suitability Study for Train Positioning (STEMS) using GNSS in ERTMS, System for Vehicle-Infrastructure Interaction Assets Health Status Monitoring (SIA) project, Satellite Technology for Advanced Railway Signaling (STARS) project, X2RAIL2 (developing four key technologies in the field of railway signaling and automation systems leveraging GNSS). As such, GNSS resilience and security is a primary concern for the railway sector.

Ultimately, it will be through tenders for market solutions such as those offered by Orolia, that threats to the GNSS can be minimized, whether for connected cars, ships, trains, or aircraft. Other commercial actors in the space include France Development Conseil (with their hardened satnav module DRACONAV to thwart jamming and spoofing), Intecs Solutions (which developed G-Passion, a software-defined radio to analyze Galileo signals and determine authenticity), SINTEF (and its Advanced Radio Frequency Interference Detection, Alerting, and Analysis System), Helix Technologies (with its compact helical antennas, built around a dielectric ceramic core, primarily for driverless cars that aims to reduce interference and multipath issues), Spirent (which offers PNT threat testing solutions), Qascom (GNSS anti-spoof solutions), Regulus (with its Pyramid GNSS), among others. VS