Connected and autonomous vehicle (CAV) GPS: Attacks and using defensive AI implementation
Charles Parker, II & Nik Upton
Charles Parker, II; MBA/MSA/JD/LLM/PhD
The connected vehicle is presently on the road in several different models from the various vehicle manufacturers. The functionality includes many aspects that have been designed to improve the user experience (UX) and have been shown to indeed accomplish this. As time has passed, the associated technology has also improved, as evidenced by the connected vehicle advancing to the autonomous stage. While this is not yet a fully functioning vehicle for the masses at this junction, this new form is actively being tested and is in a limited scope use in certain locations, such as the University of Michigan-Ann Arbor with a limited number of buses (Phelan, 2018) and shuttles (Carney, 2018) for the University students utilize for transportation, along with limited bus routes in other areas.
One of the primary requirements for the autonomous drive (AD) vehicles is for the vehicle to be fully aware of its geographic location at all times. This is an absolute requirement as the vehicle needs to be actively engaged with driving on the road and not driving on inappropriate areas or unintended objects, including persons, or off of the intended driving area, e.g. a cliff. This would prove to be disastrous for the object or person being struck by the AD vehicle, the driver and vehicle occupants, and the vehicle. To ensure the appropriate driving procedures are implemented, one application is the use of global navigation satellite systems (GNSS) within the vehicle modules. This would work to pinpoint the vehicle's location in relation to the road, landmarks, or area in which it is driving. Without this and other mechanisms in place, the result would be difficult to fully imagine. To complicate matters, dependent on the physical structures proximate to the vehicle, the precise vehicle location may be affected by the number of satellites the vehicle is receiving the signals from, the ionosphere, and the environment (e.g. tall buildings surrounding the vehicles, as encountered in large cities).
GPS/GNSS is not a new technology. This was engineered and implemented over 44 years ago by the military and has been in use since in varying capacities. This has been in use for navigation by the government, including the military, and private industry for decades (Warner, & Johnston, n.d.). Although initiated by the military, the civilian applications have grown much more in use (van Niekerk, & Combrinck, 2012). This includes buses, taxes, delivery vehicles, emergency vehicles, civilian vehicles, marine traffic, and air traffic. This was allowed for civilian use in the 1980's and uses at least 24 satellites in determining the vehicle's location (Garmin, n.d.; Kyes & Ravikumar, 2017). The GNSS works, in short, by interpreting the ephemeris data, or orbital information from the satellite(s), to determine the receiver's location. GNSS is better known by several acronyms, dependent on the country of origin. The examples of this include this being known as Galileo in the European Union (EU), GLONASS in Russia, BEIDOU in China, IRNSS/NABIC in India, GPS in the U.S., and soon QZSS in Japan.
Over time, the technology utilized with the GPS/GNSS has improved and evolved (Schmidt, Radke, Camtepe, Foo, & Ren, 2016). This has been achieved through more advanced equipment and communication methods. At this point, the process provides the receiver's position within one meter (Parkinson, Ward, Wilson, & Miller, 2017) dependent on several factors.
Clearly, this functionality is a requirement for safe operations. Without this system in place, robust and tested, there would be rather significant and immediate issues. As this is pertinent, GPS/GNSS has become an attack vector. The attackers are able to create new and adjust prior methods to attack these units. The equipment used for the attacks cost is not prohibitive and the units are not excessively large or cumbersome (Schmidt, Radke, Camtepe, Foo, and Ren, 2016). To further complicate the situation and environment, the units used to attack GPS and counterfeit the GPS signals are relatively easy to assemble (Humphreys, 2012). For a few hundred USD (Gowand, 2017; SWLING, 2018; Alongi, 2018), any person is able to perfectly spoof the GPS signal to indicate the specific geographic point is anywhere on the globe. Proof of concept (PoC) tests have been clearly shown to spoof a GPS signal for an object in Michigan to be falsely located in Russia, above the Chernobyl reactor. While clearly is not plausible, the counterfeit data indicates otherwise to the vehicle’s GPS.
To improve their trade and services, spoofing research also is on-going (Schmidt, Radke, Camtepe, Foo, & Ren, 2016), to ensure the optimal attacks are available and robust. This is a natural progression in the attack and defense cycle. Based on this troubling information, the remediation objectives and plan should be analyzed and created now to avoid the potential issues in the future. Without this actively and directly in place, the implementation of AD vehicles would be problematic at best, and a disaster in implementation as the vehicle's GPS may indicate the equipment is several miles or continents away from the accurate location.
Research Problem
As noted, spoofing the GPS signal in order to trick the AD vehicle into accepting its location is different than it actually is has been shown to be inexpensive and not difficult to emulate. This has been due in part to the popularity of GPS creating a more transparent architecture for the attackers to research and analyze (Parkinson, Ward, Wilson, & Miller, 2017). The GPS spoofing works by deceiving the GPS receiver by broadcasting the GPS signal for the false location (Zhan, & Zhu, 2017). This fraudulent GPS signal is received and deemed as authentic, although incorrect. The GPS spoofing can be very simple to implement (Aloni, 2018). The attacker simply implements a software defined radio (SDR) and antenna, which are not excessively costly items, and the software, which is open source. To expand the range and number of vehicles potentially affected, the attackers may also use an amplifier, which also is easily secured and integrated into the attack platform. To further complicate the GPS spoofing attack for the defensive teams and engineers involved with these vehicles, the attackers are not required to be present or proximate to the vehicle to affect the attack (Fan, Zhang, Trinkle, Dimitrovski, Song, & Li, 2015).
There have already been extensive field tests for GPS spoofing completed by researchers (Fan, Zhang, Trinkle, Dimitrovski, Song, & Li, 2015). A recent lab test in September 2018 indicated a perfectly viable GPS spoofed signal received over a quarter mile from the GPS spoofing equipment with an adequate signal strength to be received and utilized by the target party’s vehicle. This was accomplished with a minor signal amplifier. With a greater level of amplification, which is not an issue or complicated process, the spoofed GPS signal could have easily reached over a mile. These tests have unequivocally indicated the traditional defensive mechanisms are unable to prevent the GPS spoofing attacks.
The underlying issue involves the GPS function itself. This is problematic due to many issues inherent to its processes and operations (Parkinson, Ward, Wilson, & Miller, 2017). The standard defense is to increase the number of satellites being monitored by the module. In theory, this would provide better coverage for the AD vehicle. This was potentially a mild remediation until this defense was overcome by additional and stronger GPS signals and a greater number of spoofed GPS sources (i.e. more than one module spoofing the GPS signals) (Parkinson, Ward, Wilson, & Miller, 2017).
The GPS spoofing attack targets may be divided into two separate types. These are focused on the target as being static or dynamic (Montgomery, Humphreys, & Ledvina, 2009). The static target is fixed, much like a building or other permanent site. The dynamic target, however, involves the target moving and being mobile. This would be the case with marine vessels on the lakes or oceans, aircrafts, vehicles, or other targets which are not stationary. Notably, another dynamic target would be the UAV or drones (Kerns, Shpeard, Bhatti, & Humphreys, 2014). These are both viable targets for the GPS spoofing attack.
As noted, the attacker may simply use an SDR to affect the GPS spoofing attack. Another form of viable attack tools are the GPS jammers (Montgomery, Humphreys, & Ledvina, 2009), which are easily procured and utilized. These units are also inexpensive, sold by many vendors, and have been proven to be very effective. The GPS jammer attack is effective in an inverse manner to a typically described GPS attack. Instead of providing a false location, the receiving unit is flooded with GPS signals. The module received such a mass of signals, that it may not differentiate the true signal among the many.
With the ease of securing the GPS spoofing equipment in its various forms, the attacks being rather successful, lack of the need to be proximate to the target (Fan, Zhang, Trinkle, Dimitrovski, Song, & Li, 2015), and many other factors, this technology has the direct potential to be a detriment to the target's operations, i.e. AD vehicle, and persons involved. As the geographic impact area for GPS spoofing is rather extensive with the described equipment, the defenses and remediations need to be researched, tested, and implemented. Any delay in this has the potential to delay AD vehicles, and have a distinct negative impact on all other vehicles and modes of transportation using any form of GPS.
Significance of the Research
GPS use is widespread in consumer and commercial vehicles, marine vessels, aircraft, and virtually all other vehicles in use today manufactured in the last decade in various capacities. This expansive implementation is only going to increase as the AD vehicles are in use at greater levels, and other modes of transportation become autonomous to a greater extent. The thought experiment and proof of concept (PoC) testing to date has shown the GPS spoofing effects can be significantly serious and effect vast numbers of people immediately (Humphreys, 2015b) given the affected area. There have also been field tests with GPS spoofing (Fan, Zhang, Trinkle, Dimitrovski, Song, & Li, 2015). Beginning in at least 2001, the federal government has noted there is an issue with GPS spoofing and its potential for detrimental effects to those within the affected geographic area. In 2001, the U.S. Department of Transportation analyzed the infrastructure utilized by the different modes of transportation (Montgomery, Humphreys, & Ledvina, 2009), which noted the vulnerabilities with civil GPS disruption.
Until 2015, GPS spoofing, while an issue, did not have the opportunity for widespread abuse as this presently does. Granted, this was a possibility, however, did not garner a significant amount of attention or use. In 2015 at a hacker's convention, this changed. The presenter shown the ease needed to affect this attack (Goward, 2017; DefCON, 2015).
The research and subsequent remediation protocols will secure the GPS against known and potential future unknown attacks, as the defensive measures will be forward-looking and encompass many more forms of defense than what has been nominally put into place. These measures, as noted, are extensive and when used in conjunction, further reduce the opportunity for a successful GPS spoofing attack on the targeted mode of transportation.
While this may appear to be ethereal and an esoteric exercise, there allegedly have been successful GPS spoofing attacks located outside of the lab and PoC testing in the real world. One of which allegedly occurred in December 2011 when Iranian forces may have spoofed the GPS signal to disable a drone (Psiaki, & Humphreys, 2016). There have also been potential incidences in the Korean peninsula and Ukraine. A notable alleged incident occurred with GPS interference regarding shipping in the Black Sea. Over an extended period of time, the ship's GPS indicated the location was at an airport several miles inland, while the ship was 25 miles off-shore (Gowand, 2017). The implications for this form of attack are rather significant for several industries, most of which have not fully considered this as an attack vector.
Research Questions
This timely topic requires additional research with an AD vehicle in the field in order to test the proposed defenses. The defenses have been noted to be relevant, and in some cases used in other applications, however, these need to be physically tested with a robust environment in conjunction with the AD vehicle to ensure the robust-nature of the equipment and defense posture. The hypothesis is the defenses, as follows, will make a difference in the mode of transportation being able to detect the GPS spoofing attack and the defenses in place are effective in defeating the GPS spoofing attack.
Proposed Defenses
There are a number of workable defenses to the GPS attacks within the environment. These defensive measures, while viable on certain levels, are not all on the same level of applicability or functionality. These are however noted to present an extensive list of defenses available.
Defenses Requiring Further Research and Testing
There are defensive measures available for defending against GPS spoofing, which are completely operationally viable and fiscally responsible. These options weigh the robust value of the defense, balancing the expense involved. Granted there are GPS spoofing defenses available which are quite expensive, however, if these are not fiscally viable, the use case for these is moot.
The first option considered is frequency hopping (Leek, 2013; Gabay, 2015). Certainly, the attacker has fully read and digested the specification sheets for the varying GPS models. These detail the modules mechanics, and the bandwidth used. These are available from various sources. When the GPS uses only one signal bandwidth, the attacker has a predictable vector of attack. With frequency hopping, the attack vector changes per the proposed convention in use by the manufacturer. This additional layer of complexity would be difficult with today's level of technology in place to successfully attack. To adjust the attack to mirror the frequencies would be problematic for the attacker in that the timing and frequency would have to be known and a script coded to accommodate this given the precise nature for the process. Although encapsulated in this section, this task would be substantial.
The use of in the minimum at least two antennas is a viable defensive measure (Gabay, 2015). This is beneficial for several reasons, including ease of use and fiscal considerations. Even when two antennas are not a substantial distance apart, these will receive slightly different authentic GPS signals. When the counterfeit GPS signal is received, both antennas would receive exactly the same signal. This quick and easy test would alert the vehicle of the GPS spoofing attack and take appropriate measures. These measures would include returning to trusted GPS signals from trusted satellites. This would include using the L1 and L2 bands.
In addition, the module may use drift monitoring as a plausibility or reality test (Psiaki, & Humphrey, 2016). This would analyze the present signal and attempt to detect any anomalous changes in the GPS receiver's position or clock fix. The attempted GPS spoofing attack would cause the GPS receiver's clock to indicate an error as the clock would be changing too rapidly, such as in the case in which one minute the module is in Grosse Pointe Park, MI, and the next in Lansing, MI or Montana. Clearly, this is not possible. There would be a small margin of error built in. This is however not what the attacker is seeking to accomplish.
The module may also be reviewing the GPS signals for signal geometry based attacks. The module would need to monitor the direction of arrival of the signals by considering the received direction vectors (Psiaki, & Humphreys, 2016). In the authentic GPS signal use case, the direction vectors would be distributed across the sky. With the counterfeit GPS signal, this would not be the case as the signal origination would be terrestrial and the vectors would not be from the sky or distributed.
This was also researched in focusing on the hardware, as the antenna itself would be used to distinguish the direction of the signal arriving at the antenna (Stanford University Engineering, n.d.). The test itself in this particular detection method is relatively simple. Clearly, the angle for the GPS should be relatively steep, as the signal is being sent by satellites orbiting the earth. If the angle were to be, for example, 30 degrees, there is an issue that would need to be resolved. The vehicle would not use this signal as one of the GPS signals it would be utilized for the location. This aspect was also researched as the angle of arrival (AOA) would be detected and analyzed as a method of detecting counterfeit GPS (Montgomery, Humphreys, & Ledvina, 2009).
Marshall (2018) recognized the usefulness of the time aspect and location alterations in the GPS signals as potential spoofing defenses. The algorithm utilized with this was engineered to mitigate the effects of spoofed GPS attacks by detecting the counterfeit GPS time and location signals. The algorithm estimates the clock bias and drift of the GPS receiver along with the possible attack and detects if these are not relatively the same, accounting for a slight margin of error. This defense, along with the rest, is implemented in real-time. This was also researched by Khalajmehrabadi, Gatsis, Akopian, & Taha (2018) and Stanford University Engineering (n.d.).
The Spectral Subtraction (SS) model has also been proposed (Collins, Anderson, & Wyglinski, 2016). This model has its roots in audio processing. The model uses a baseline of frequency-domain noise measured with the GPS signal is not present. The next signal measurement is done with the authentic GPS signal. The signal, with this specific test or the others, focused on the signal strength detection and comparison, at this point would need to be clean (Humphreys, 2012). This aspect is simple, inexpensive, and quickly implemented. The baseline is deducted from the secondary measurement with the authentic GPS signal to arrive at the expected authentic GPS signal strength. This estimated signal strength is then used to measure against subsequent signals to gauge the authenticity, both with and without the baseline. When the attacker is attempting to provide the module with a counterfeit GPS signal, the general use case involves using a vastly greater signal, amplified to achieve this state. This method would detect this and would not use the counterfeit GPS signal.
The signal strength also was researched as a viable defense (Warner & Johnston, n.d.). The absolute GPS signal strength was monitored and recorded as the average signal strength over time. This would be compared with the expected signal strength based on prior active recordings as the vehicle were to leave the manufacturing facility and within the first few days of operation. In the case where the signal strength would be significantly greater than this expected amount, as with a terrestrial spoofed GPS signal, the system would detect an issue and not use that particular satellite or set of satellites for the location. This test format also analyzed the relative GPS signal from one data point to the next. Any large or significant change in the relative signal strength would indicate a counterfeit signal to be managed. This aspect is used more as a plausibility check for the signal. This secondary test may also be used to monitor the heading, vehicle speed, and other aspects.
Kerns, Shepard, Bhatti, and Humphreys (2014) researched the monitoring of the signal strength. With this research also, when the GPS signal power within the bandwidth is significantly great than what is expected under quiescent conditions, there is an indication of an issue, which needs to be addressed.
Defenses of Marginal Value
As noted, not all defensive measures have the same ability to defend against the GPS spoofing attacks. One defensive avenue may be to increase the power of the authentic GPS signal (Leek, 2013). Although in theory, this is an acceptable alternative, there are issues. In the case where the GPS transmitter is terrestrially based and the target or mode of transportation under study is very localized, this may be a viable option. This is however not the case, would not be workable, and would however be problematic.
Another option considered would be directional signals (Leek, 2013). For the same rationale as for the alternative of increasing the power of the authentic GPS signal, this is problematic. In a very select and static geographic boundary, this may be workable. This is however not the use case.
A cumbersome, problematic method would be encryption based defenses (Psiaki, & Humphreys, 2016). This would encrypt portions or entirety of the authentic GPS signals. The industry standard encryption would certainly be workable from the view of this not being able to be broken within a remotely timely manner by any attacker. This is one of the strongest defenses. With the encryption utilized, the transmitter GPS satellite and GPS receiver would have copies of the key, and work through the usual decryption process. The issue with this method is it is cumbersome, requires a secure method to distribute the keys to both the module and satellite and is not timely in the operation of the vehicle in many circumstances.
Defense in Depth
The GPS spoofing attack is unfortunately easily accomplished and done so with little expense. There is a bit of expertise required in the initial set-up, however, there are tutorials to assist with this.
Although the defenses assuredly would be of great benefit individually to securing the GPS function of the vehicle, the issue presents itself of the person attacking the vehicle. With only one form of security with the vehicle in place for this function, the attacker would need to defeat only one defense to successfully attack the vehicle. To provide a defense in depth, much like with the enterprise, there would need to be in place more than one defensive measure. This would add the extra layer of complexity needed to dissuade attackers. As each layer is included in the defense, the complexity, time, and effort requirements also increase substantially. This decreases the group of attackers willing to research and reverse engineer the processes for a successful attack.
To summarize the defenses, there are as viable defenses frequency hopping, implementation of multiple antennas, monitoring time and location drift, signal geometry/angle of arrival (AOA), and GPS monitoring. These defenses require varying levels of cost and effort to implement. These do however provide the viable defense in depth needed for the GPS signals and AD vehicle to ensure any issues are minimal at the most. The combinations of these would not add a significant level of processing time or weight to the vehicle. As an example, the AOA may be incorporated into the system along with monitoring the drift and signal strength. In the alternative, as an example, the addition of another antenna may be utilized along with AOA. These are merely two of the possible, viable combinations which could be implemented with a not significant level of cost or processing usage (e.g. power and time).
ML and AI INTEGRATION
The defensive measures, while pertinent and needed for future production and AD vehicles, have the distinct possibility of not only repelling nearly all of the attacks but also acting in a more intuitive manner to increase the connectivity with the user and vehicle, along with improving the user experience. Instead of merely monitoring the situation and resisting the attack, the module would be able to not only note the attack but also react to the attack and mold an approved response. The module would not simply repel the attack due to the form and protocols in place but recognize the issue, report this, and gather data or information as needed to alert the third party this is occurring and the metadata associated with the attack.
Without regard to the chosen defense in depth, the integrated AI would have a protocol in place to defend the vehicle and by extension the user(s). The AI system would continuously be monitoring the system and the data generated from its operations. This function would work within the logging workflow. In the instance of an unusual data point as compared to recent prior data points or the trend, the system would note this immediately. Not every data point would be perfect, as noted there is an acceptable, yet slight, margin of error at this point. If this were to continue at the one or two sequential data points, this would be indicative of a system failure or an attack. Either one of these is problematic at best and has to be remediated in an exceptionally timely manner. The GPS system would be triggered to contact the central system node. This feature acts to report an issue and to correlate potential anomalous and attack activities with other modules, and metadata.
Per the OEM, standards, and requirements, well before deployment, there would be in place a criticality scale for these events. Based on the placement of the issue on the criticality scale, the AI system would react accordingly. This may include simply asking the driver to verify an estimated location or a landmark the vehicle would be approaching (e.g. the AI system pardoning itself for an interrupting the human and asking if the vehicle is approaching the FCA corporate headquarters during a drive on I-75 in Auburn Hills, MI) or letting the driver know they may need to take control over the vehicle operations temporarily.
Based on where the issue is placed on the scale by the AI module, there may be other events that need to occur, such as the log being uploaded by the OEM or another designated party immediately in comparison to daily or weekly.
The possible combinations for the noted defenses are rather substantial. To test each of these combinations would prove to be rather exhaustive, time-consuming, and costly in terms of the direct and indirect labor, exclusive of the time element. If time and expense were not to be presented as an issue, certainly each of these could be tested at length. This would however not be an efficient or optimal use of resources.
An option not requiring a significant number of modules or equipment would incorporate these factors focused on more the processing of the data. With the first noted option, the hardware added to the vehicle would be an altimeter. The data processing software would include the GPS monitoring, time and location drift, and in the instance when the hardware had the capacity, adding in the signal geometry/angle of arrival. These would add a sufficient number of layers to the defense in depth to increase the effort and time requirements to a sufficient level, while adding in an exponential layer of complexity, to deter most attackers.
If, in the specific use case for the OEMs, the altimeter would not be within a workable solution, an alternative piece of equipment would be the incorporation of at least two antennas. This, while accumulating the other processing factors, still provides for the more than adequate vehicle cybersecurity protection.
Data Flows
While a data flow for each of the use cases could be generated, the exercise would indeed be expansive. The data for the applied use cases would be analyzed and compared to prior authenticated data to verify if the present data is authentic or counterfeit. An example of this would involve GPS monitoring and ancillary, related monitoring.
As the vehicle nears the end of the manufacturing line, during the final stages of production, the vehicle would be wheeled or driving outside of the manufacturing facility. The vehicle would acquire the authentic signal strength to record the estimated baseline GPS signal strength. Later after the vehicle is sold, during the vehicle operations, this would be receiving GPS signals. The module would monitor the signal strength, location, altitude, and time. During this time the data would be added to the data set already recorded. The module would measure the signal strength. This would provide a plausibility test. The signal strength should be relatively the same as the original baseline amount. This would be checked periodically as each signal is received. The signal strength would also be checked against the receipt GPS signal coverage, within the last day. Lastly, the actual location would be compared with the recent past location to ensure the vehicle is actually at or near the estimated location. The users are constrained by the laws of physics. A spoofed GPS signal may place the vehicle in Texas when this actually was in Flint thirty seconds prior.
In the case there is an issue with the GPS, the follow-up action would be determined by the OEM. This may manifest itself in the form of leaving a message for the user, OEM, or other predetermined action.
With the location, time, and altitude, these are also monitored and checked with a plausibility test. Time follows a linear path. This is easily analyzed and checked with a simple algorithm. If the time were to not align to where it should be (e.g. too far behind or ahead of where it should be), there is an indication of an attack or an issue with the vehicle. In either circumstance, this would need to be reviewed by the appropriate persons (i.e. the dealership). The test for the altitude also is relatively simple. At this junction, there are no flying vehicles. If the vehicle is located, per the data, 300 meters above where the ground actually is, there is an issue that needs to be resolved.
Innovation
The connected vehicle, relative to the industry, is newer and the AD vehicle is currently being designed. At this stage, the focus has been on the operations, receiving, and analyzing data. The cybersecurity features have not been overly scrutinized. This new application of security, as it relates to the GPS defenses, would add cybersecurity to the GPS monitoring system. This would monitor and analyze the GPS traffic, from the chosen sources, to secure the vehicle and user(s) in the vehicle during operations.
At this time, the cybersecurity for GPS is not being applied to a sufficient level. As the AD vehicles continue to be engineered, this aspect of cybersecurity will need to be addressed.
Discussion
The connected vehicle has been in production and driven by consumers and in commercial applications for over a decade. The next iteration of paradigm shift is with the AD vehicle. This is not if, but when these vehicles will be in full production and on the various roadways through the U.S. and other countries. As these vehicles are autonomous, there has to be a rather significant set of safety features in place to ensure the safety of not only the drivers and occupants of the vehicle, however the others also on the roadway.
One aspect to focus on is the GPS for the vehicle. In the case where the GPS data is not reflective of the vehicle’s actual location, there is the potential for a disaster. The security measures noted to provide a sufficient defense in depth, while not over-burdening the vehicle or the computer processors in the modules. While this is only one set of security features, this is merely one piece of the overall cybersecurity for the vehicle.
References
Aloni, P. (2018, January 16). New defenses sought against cyberattacks. Retrieved from http://newsstand.clemson.edu/mediarelations/new-defenses-sought-against-cyberattacks
Carney, S. (2018, June 4). MCity driverless shuttle launches on U-M's north campus. Retrieved from https://news.engin.umich.edu/2018/06/mcity-driverless-shuttle-launches-on-u-ms-north-campus/
Clemson University. (2018, January 17). New defenses sought against GPS spoofing attacks. Retrieved from https://phys.org/news/2018-01-defenses-sought-gps-spoofing.html
Collins, T., Anderson, C., & Wyglinksi, A. (2016). Implementation and analysis of spectral subtraction in deterministic wide-band anti-jamming scenarios. Wireless Communications & Mobile Computing, 16(18), 3201-3211. doi:10.1002/WCM.2751
DefCON. (2015). Using GPS spoofing to control time. Retrieved from https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Karit-ZX-Security-Using-GPS-Spoofing-To-Control-Time.pdf
Fan, Y., Zhang, Z., Trinkle, M., Dimitrovski, A.D., Song, J.B., & Li, H. (2015). A cross-layer defense against GPS spoofing attacks on PMUs in smart grids. IEEE Transactions on Smart Grid, 6(6), 2659-2668. doi:10.1109/TSG.2014.2346088
Gabay, J. (2015, September 3). Jamming and anti-jamming technologies for RF links. Retrieved from https://www.digikey.com/en/articles/techzone/2015/sep/jamming-and-anti-jamming-technologies-for-rf-links
Garmin. (n.d.). About GPS. Retrieved from https://www8.garmin.com/aboutGPS
Gowand, D. (2017, August 22). GPS spoofing incident points to fragility of navigation satellites-"National defense". Retrieved from https://rntfnd.org/2017/08/23/gps-spoofing-incident-points-to-fragility-of-navigation-satellites-national-defense/
Humphreys, T. (2012, July 18). Statement on the vulnerability of civil unmanned aerial vehicles and other systems to civil GPS spoofing. Retrieved from http://rnl.ae.utexas.edu/images/stories/files/papers/Testimony-Humphreys.pdf
Humphreys, T. (2015b, June 11). Toughening techniques for GPS receivers: Navigating message authentication. Retrieved from https://www.gps.gov/governance/advisory/meetings/2015-06/
Kerns, A.J., Shepard, D.P., Bhatti, J.A., & Humphreys, T.E. (2014). Unmanned aircraft capture and control via GPS spoofing. Journal of Field Robotics, 3(4), 617-636. Retrieved from http://rnl.ae.utexas.edu/images/stories/files/papers/unmannedCapture.pdf
Khalajmehrabadi, A., Gatsis, N., Akopian, D., & Taha, A.F. (2018). Real-time rejections and mitigation of time synchronization attacks on the global positioning system. IEEE Transactions on Industrial Electronics, 65(8), 6425-6435. doi:10.1109/TIE.2017.2787581
Kyes, J., & Ravijumar, A. (2017, October 26). What is GPS? Retrieved from https://www.geotab.com/blog/what-is-gps/
Leek, T. (2013, August 23). Strategies against jamming attacks? Retrieved from https://security.stackexchange.com/questions/41094/strategies-against-jamming-attacks
Marshall, P. (2018, March 20). Patching security holes in GPS, computer timing. Retrieved from https://gcn.com/articles/2018/03/20/gps-spoofing-defense.aspx
Montgomery, P.Y., Humphreys, T.E., & Ledvina, B.M. (2009, March/April). A multi-antenna defense: Receiver-autonomous GPS spoofing detection. Inside GNSS, 40-46.
Montgomery, P.Y., Humphreys, T.E., & Ledvina, B.M. (2009). Receiver autonomous spoofing detection: Experimental results of a multi-antenna receiver defenses against portable civil GPS spoofer. ION 2009 International Technical Meeting, 2009, Anaheim, CA. Retrieved from https://repositoryes.lib.utexas.edu/bitstream/handle/2152/63314/multi-antenna-defense-montgomery.pdf
Parkinson, S., Ward, P., Wilson, K., & Miller, J. (2017, March). Cyber threats facing autonomous and connected vehicles: Future challenges. IEEE Transactions on Intelligent Transportation Systems, 2017(March), 1-18. doi:10.1109/TITS.2017.2665968
Phelan, M. (2018, April 13). Self-driving electric shuttle buses to begin at University of Michigan. Retrieved from https://www.freep.com/story/money/cars/mark-phelan/2018/04/13/self-driving-buses-university-michigan/509743002/
Psiaki, M.L., & Humphreys, T.E. (2016). GNSS spoofing and detection. Proceedings of the IEEE, 104(6), 1258-1270. Retrieved from http://mirror.thelifeofkenneth.com/lib/electronics_archive/GnssSpoofingAndDetection.pdf
Schmidt, D., Radke, K., Camtepe, S., Foo, E., & Ren, M. (2016). A survey and analysis of the GNSS spoofing threat and countermeasures. ACM Computing Surveys, 48(4), 64:1-13. doi:10.1145/2897166
Stanford University Engineering. (n.d.). Anti-spoofing. Retrieved from https://gps.stanford.edu/research/current-research/anti-spoofing
SWLING. (2018). Software defined radio primer part 1: Introduction to SDRs and SDR applications. Retrieved from https://swling.com/blog/2018/09/software-defined-radio-primer-part-1-introduction-to-sdrs-and-sdr-applications/
Van Niekerk, A.F., & Combrinck, L. (2012). The sue of civilian-type GPS receivers by the military and their vulnerability to jamming. South African Journal of Science; Pretoria, 108(5/6), 1-4. doi:http://dx.doi.org/10.4102/sajs.v10815/6.749
Warner, J.S., & Johnston, R.G. (n.d.). GPS spoofing countermeasures. Retrieved from https://pdfs.semanticscholar.org/ddb/89f56dd3e2ae265047822bc47cfb06815d9a.pdf
Zhang, T., & Zhu, Q. (2017, October 4). Strategic defense against deceptive civilian GPS spoofing of unmanned aerial vehicles. In: Rass S., An D., Kiekintveld, C., Fang F. Schauer S., (eds.). Decision and game theory for security. GameSec 2017. Lecture Notes in Computer Science, vol 10575. doi:https://doi.org/10.1007/978-3-319-68711-7_12. Retrieved from https://link.springer.com/chapter/10.1007/978-3-319-68711-7_12#citeas
No comments:
Post a Comment