Skip to main content

2016 | OriginalPaper | Buchkapitel

16. Cyber Threats to Position and Timing Data and Their Impact on Safety and Security

verfasst von : Erik Theunissen

Erschienen in: NL ARMS Netherlands Annual Review of Military Studies 2016

Verlag: T.M.C. Asser Press

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Since the introduction of the Global Positioning System (GPS), many civil and military applications have become dependent on the continuous availability of GPS-derived position and timing information. Examples comprise financial transaction systems, electrical power grids and combat management systems. Both in the communication and navigation domain, security vulnerabilities exist that threaten the information continuity and integrity. This chapter starts with examples of applications of which safety depends on information security, in particular the integrity of the position and/or timing information provided by GPS or comparable satellite-based systems. Based on similarities in the proliferation of threats to information availability and integrity on the Internet, it is illustrated that legislation alone is not enough to mitigate the safety related risk. For the near term, solutions such as the use of existing dissimilar systems as a backup for applications that cannot afford a loss of position and timing information are proposed. For the long-term, potential solutions based on the use of encryption and authentication techniques are discussed.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Fußnoten
2
ICAO 1995.
 
3
RTCA 1997.
 
4
SESAR Consortium 2009.
 
5
JPDO 2010.
 
6
GNSS is used as a container term for GPS, Galileo and other space-based positioning systems.
 
7
AIS transceivers provide own ship and shore-based monitoring stations with information about the locations of other AIS equipped vessels.
 
8
In the communication domain, information security aims to achieve confidentiality, integrity, and availability. A container term used for activities related to dealing with threats in this domain is Cybersecurity.
 
9
Bellovin 1989.
 
10
Shimomura and Markoff 1996.
 
11
GPS Risk Assessment Study Final Report, Jan. 1999.
 
12
USCG Safety Alert 01–16, Jan. 19, 2016.
 
13
Tippenhauer et al. 2011.
 
14
Scott 2003.
 
15
Humpreys et al. 2009.
 
16
Wevers 2015.
 
17
Kunkel 2009.
 
18
Haines 2012.
 
19
Costin and Francillon 2012.
 
20
For non-IT specialists this translates to: “anyone using the default password will have full control over the system and can read, modify and add to all stored information”.
 
21
McCallie 2011.
 
22
Schafer et al. 2013.
 
23
Strohmeier et al. 2014.
 
24
Pierpaoli et al. 2015.
 
25
Parkinson 2014.
 
26
Van Willigen et al. 2014.
 
27
Griffioen and Oonincx 2013.
 
28
Scott 2003.
 
29
Finke et al. 2013.
 
30
Mode 5 is the most recent implementation of the Identification Friend or Foe system used by military aircraft. Level 2 refers to a class of messages.
 
31
McCallie 2011.
 
32
Strohmeier et al. 2014.
 
33
Strohmeier et al. 2015.
 
34
Ghose and Lazos 2015.
 
35
Monteiro et al. 2015.
 
36
Goward 2014.
 
37
Mendez and Work 2015.
 
38
Federal Funding Opportunity 2016.
 
Literatur
Zurück zum Zitat Bellovin SM (1989) Security problems in the TCP/IP protocol suit. Comput Commun Rev 19:32–48CrossRef Bellovin SM (1989) Security problems in the TCP/IP protocol suit. Comput Commun Rev 19:32–48CrossRef
Zurück zum Zitat Costin A, Francillon A (2012) Ghost in the air (traffic): on insecurity of ADS-B protocol and practical attacks on ADS-B devices. In: Black Hat conference, July 21–26, Las Vegas, NV Costin A, Francillon A (2012) Ghost in the air (traffic): on insecurity of ADS-B protocol and practical attacks on ADS-B devices. In: Black Hat conference, July 21–26, Las Vegas, NV
Zurück zum Zitat Federal Funding Opportunity 2016-NIST-SBIR-01. U.S. Department of Commerce, National Institute of Standards and Technology Federal Funding Opportunity 2016-NIST-SBIR-01. U.S. Department of Commerce, National Institute of Standards and Technology
Zurück zum Zitat Finke C, Butts, J, Mills R (2013) ADS-B encryption. Confidentiality in friendly skies. In: Proceedings of the Eight Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW), January 8–10, Oak Ridge, TN Finke C, Butts, J, Mills R (2013) ADS-B encryption. Confidentiality in friendly skies. In: Proceedings of the Eight Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW), January 8–10, Oak Ridge, TN
Zurück zum Zitat Ghose N, Lazos L (2015) Verifying ADS-B navigation information through doppler shift measurements. In: Proceedings of the 34th Digital Avionics Systems Conference, 13–17 September, Prague Ghose N, Lazos L (2015) Verifying ADS-B navigation information through doppler shift measurements. In: Proceedings of the 34th Digital Avionics Systems Conference, 13–17 September, Prague
Zurück zum Zitat Goward DA (2014) Position, navigation, and timing (PNT) governance—required improvements. In: Proceedings of the European Navigation Conference, April 15–17, Rotterdam Goward DA (2014) Position, navigation, and timing (PNT) governance—required improvements. In: Proceedings of the European Navigation Conference, April 15–17, Rotterdam
Zurück zum Zitat GPS Risk Assessment Study Final Report, January 1999 M8A01 Revised. The John Hopkins University—Applied Physics Laboratory, Laurel, MD GPS Risk Assessment Study Final Report, January 1999 M8A01 Revised. The John Hopkins University—Applied Physics Laboratory, Laurel, MD
Zurück zum Zitat Griffioen JW, Oonincx PJ (2013) Suitability of low-frequency navigation systems for artillery positioning in a GNSS denied environment. J Navig 66:35–48CrossRef Griffioen JW, Oonincx PJ (2013) Suitability of low-frequency navigation systems for artillery positioning in a GNSS denied environment. J Navig 66:35–48CrossRef
Zurück zum Zitat Haines B (2012). Hackers + airplanes. No good can come of this. Defcon 20, July 26–29, Las Vegas, NV Haines B (2012). Hackers + airplanes. No good can come of this. Defcon 20, July 26–29, Las Vegas, NV
Zurück zum Zitat Humpreys TE, Ledvina BA, Psiaki ML, O’Hanlon BW, Kitner Jr PM (2009) Assessing the spoofing threat. GPS World 20:28–38 Humpreys TE, Ledvina BA, Psiaki ML, O’Hanlon BW, Kitner Jr PM (2009) Assessing the spoofing threat. GPS World 20:28–38
Zurück zum Zitat ICAO (1995) Report of the special communications/operations divisional meeting, Document 9650 ICAO (1995) Report of the special communications/operations divisional meeting, Document 9650
Zurück zum Zitat JPDO (2010) Concept of operations for the next generation air transportation system, Version 3.1 JPDO (2010) Concept of operations for the next generation air transportation system, Version 3.1
Zurück zum Zitat Kunkel R (2009) Air traffic control: insecurity and ADS-B. Defcon 17, July 30–August 2, Las Vegas, NV Kunkel R (2009) Air traffic control: insecurity and ADS-B. Defcon 17, July 30–August 2, Las Vegas, NV
Zurück zum Zitat McCallie DL (2011) Exploring potential ADS-B vulnerabilities in the FAA’s NEXTGEN air transportation system. Air Force Institute of Technology, AFIT/IWC/ENG/11-09 McCallie DL (2011) Exploring potential ADS-B vulnerabilities in the FAA’s NEXTGEN air transportation system. Air Force Institute of Technology, AFIT/IWC/ENG/11-09
Zurück zum Zitat Monteiro M, Barreto A, Kacem T, Carvalho J, Wijesekera, D, Costa P (2015) Detecting malicious ADS-B broadcasts using wide multilateration. In: Proceedings of the 34th Digital Avionics Systems Conference, 13–17 September, Prague Monteiro M, Barreto A, Kacem T, Carvalho J, Wijesekera, D, Costa P (2015) Detecting malicious ADS-B broadcasts using wide multilateration. In: Proceedings of the 34th Digital Avionics Systems Conference, 13–17 September, Prague
Zurück zum Zitat Parkinson B (2014) Assured PNT—assured world economic benefits. Keynote address at the European Navigation Conference, 15–17 April, Rotterdam Parkinson B (2014) Assured PNT—assured world economic benefits. Keynote address at the European Navigation Conference, 15–17 April, Rotterdam
Zurück zum Zitat Pierpaoli P, Egerstedt M, Rahmani A (2015) Altering UAV flight path by threatening collision. In: Proceedings of the 34th Digital Avionics Systems Conference, 13–17 September, Prague Pierpaoli P, Egerstedt M, Rahmani A (2015) Altering UAV flight path by threatening collision. In: Proceedings of the 34th Digital Avionics Systems Conference, 13–17 September, Prague
Zurück zum Zitat RTCA (1997) Minimum aviation system performance standards: required navigation performance for area navigation RTCA (1997) Minimum aviation system performance standards: required navigation performance for area navigation
Zurück zum Zitat Schafer M, Lenders V, Martinovic I (2013) Experimental analysis of attacks on next generation air traffic communication. In: Applied cryptography and network security. Springer, pp 253–271 Schafer M, Lenders V, Martinovic I (2013) Experimental analysis of attacks on next generation air traffic communication. In: Applied cryptography and network security. Springer, pp 253–271
Zurück zum Zitat Scott L (2003) Anti-spoofing and authenticated signal architectures for civil navigation systems. In: Proceedings of the ION GPS/GNSS Conference, 9–12 September, Portland, OR Scott L (2003) Anti-spoofing and authenticated signal architectures for civil navigation systems. In: Proceedings of the ION GPS/GNSS Conference, 9–12 September, Portland, OR
Zurück zum Zitat SESAR Consortium (2009) European air traffic management master plan, 1st edn SESAR Consortium (2009) European air traffic management master plan, 1st edn
Zurück zum Zitat Shimomura T, Markoff J (1996) Takedown: the pursuit and capture of Kevin Mitnick. America’s Most Wanted Computer Outlaw. Hyperion Shimomura T, Markoff J (1996) Takedown: the pursuit and capture of Kevin Mitnick. America’s Most Wanted Computer Outlaw. Hyperion
Zurück zum Zitat Strohmeier M, Lenders V, Martinovic I (2014) On the Security of the Automatic Dependent Surveillance-Broadcast Protocol Strohmeier M, Lenders V, Martinovic I (2014) On the Security of the Automatic Dependent Surveillance-Broadcast Protocol
Zurück zum Zitat Strohmeier M, Martinovic I, Fuchs M, Schäfer M, Lenders V (2015) Opensky: a Swiss army knife for Air Traffic Security. In: Proceedings of the 34th Digital Avionics Systems Conference, 13–17 September, Prague Strohmeier M, Martinovic I, Fuchs M, Schäfer M, Lenders V (2015) Opensky: a Swiss army knife for Air Traffic Security. In: Proceedings of the 34th Digital Avionics Systems Conference, 13–17 September, Prague
Zurück zum Zitat Tippenhauer NO, Pöpper, C, Rasmussen KB, Čapkun S (2011) On the requirements for successful GPS spoofing attacks. In: Proceedings of the 18th ACM Conference on Computer Communications and Security, October 17–21, Chicago, Il Tippenhauer NO, Pöpper, C, Rasmussen KB, Čapkun S (2011) On the requirements for successful GPS spoofing attacks. In: Proceedings of the 18th ACM Conference on Computer Communications and Security, October 17–21, Chicago, Il
Zurück zum Zitat Van Willigen D, Kellenbach R, Dekker C, van Buuren W (2014) eDLoran—next generation of differential Loran. In: Proceedings of the European Navigation Conference, 15–17 April, Rotterdam Van Willigen D, Kellenbach R, Dekker C, van Buuren W (2014) eDLoran—next generation of differential Loran. In: Proceedings of the European Navigation Conference, 15–17 April, Rotterdam
Zurück zum Zitat Vulnerability Assessment of the Transportation Infrastructure Relying on the Global Positioning System—Final Report, 29 August 2001. John A. Volpe National Transportation Systems Center Vulnerability Assessment of the Transportation Infrastructure Relying on the Global Positioning System—Final Report, 29 August 2001. John A. Volpe National Transportation Systems Center
Zurück zum Zitat Wevers D (2015) GPS Spoofing—a systematic analysis of GPS spoofing: enablers, capabilities and requirements. BSc thesis Wevers D (2015) GPS Spoofing—a systematic analysis of GPS spoofing: enablers, capabilities and requirements. BSc thesis
Metadaten
Titel
Cyber Threats to Position and Timing Data and Their Impact on Safety and Security
verfasst von
Erik Theunissen
Copyright-Jahr
2016
DOI
https://doi.org/10.1007/978-94-6265-135-7_16