Thanks to all for the very interesting info. For people interested, here's
a summary of answers and ideas:
The generally (not-US military) available C/A signal is not protected as
far as people know; in fact it seems it may be jammed rather easily,
where jamming may even mean spoofing (misleading intentionally). Phil
Karn said: "Since the C/A format is fully documented and unencrypted,
it's
actually quite simple to spoof. There are commercial GPS "satellite
simulators" on the market that do precisely this. They can make a GPS
receiver display any time and location you want. They have legitimate
uses in laboratory testing." It seems the US military have developed a
"GPS
receiver that could acquire using only on the P/Y code on the L2
carrier. This was a challenge since the P code is not only 10x the
chip rate of the C/A code, but it also repeats only once per week (as
opposed to once every millisecond for C/A). This requires a highly
stable oscillator that can run continuously and accurately in a
hand-held unit under battlefield conditions. <skip> They must have
succeeded, which is why SA [Selective Availability degradation of C/A
signal] was finally turned off." [Karn].
Some limited protection against spoofing exist in some GPS receivers
which are equipt with RAIM, a mechanism that tries to warn against
spoofing by checking for unsound changes (e.g. in location). Of course
this is not sufficient against a determined attacker (who may change
location gradually) and may fail (e.g. if RAIM is turned on only after
spoofing began). Greg Troxel said: Receiver Autonomous Integrity
Monitoring
(RAIM). This is more aimed at aircraft navigation and guarding
against failures rather than intentional jamming. By monitoring more
satellites than necessary, having an error model and perhaps coupling
with INS data, one can detect a bad satellite. However, if all
satellites were jammed and then slowly steered away, I don't see how
RAIM techniques could work.
Again from Phil: the C/A and P signal structures are fully documented
in the open
literature. See:
http://www.navcen.uscg.mil/gps/geninfo/gpsdocuments/icd200/default.htm
However, the P-code is normally XORed with a classified cryptographic
sequence, the Y-code; this is "anti spoof". As far as I can tell from
the open literature, this is conventional symmetric cryptography with
keys shared by the satellite and all "authorized" users. Security
relies entirely on the controlled distribution and physical security
of the receivers.
My comments on the protection of the P-code as described above by Phil
(and simliarly in other sources): (a) clearly this protection cannot be
applied in commercial products since it assumes globally secret codes
(b) this assumption (of global secret codes) is also not desirable (to
put it mildly) even for a military application (c) while in this special
case it may appear that encryption provides also authentication, as the
receiver does not really receive the signal but only synchronizes with
it, this is still not a sufficient protection against spoofing; it
should still be fairly easy to spoof using replay techniques; and I
think it should be possible to protect against these at least if one is
willing to have the receivers also communicate between them using radio
or wired links.
http://www.cyberlocator.com/technical.html claims to offer `location
authentication` using GPS. They don't claim to fix GPS's lack of
authentication... instead they claim they can use GPS to prove the
location of a client. I've read all the details in the site and am far
from convinced, even if one would assume the GPS signal was secure
against spoofing (which of course is not true).
http://www.certifiedtime.com argues against the use of GPS as a
timestamping means for auditing purposes. Their main argument is simply
that GPS provides time but not a way to link the time to an event
(timestamping), unless you use a special GPS receiver with built-in
timestamping function. But they also mention that GPS is easily
spoofable and that adding PKI-based authentication is difficult due to
the very limited bandwidth (50b/sec, of modulating info on the C/A
signal). They offer secure time services by operating several secure
time servers - so, they are potential customers to our proactive secure
clock synchronization protocol, to run between the servers and between
`second tier` servers (unfortunately our protocol still does not support
multi-tier time servers... there are several other aspects of practical
clock synch algorithms such as NTP which yet need to be integrated into
our protocol - work to be done - anybody interested in doing some
serious research?). That's why I've cc:ed their CTO on this message...
Some thoughts on research directions:
Can we design a way to authenticate GPS-like systems without requiring
globally shared keys? Notice, signatures are difficult at 50bps, and
also - applying authentication codes to the sequence is not necessarily
sufficient as they sequence's main function is synchronization.
Can one analyse a design which will involve communication between GPS
receivers using local (wired or radio) communication which will provide
`real` anti-spoofing (notice my criticism of the use only of encryption
of the p-code for anti-spoofing)?
Can we reverse the roles here... and use highly secure time services
(thru wired sources) to detect tampering with GPS signals (also for
location???)
It seems an interesting and challenging area.
Best Regards,
Amir Herzberg
IBM Research Lab in Haifa (Tel Aviv Office)
http://www.hrl.il.ibm.com
Best Regards,
Amir Herzberg
IBM Research Lab in Haifa (Tel Aviv Office)
http://www.hrl.il.ibm.com
