Top

Published in:

2016 | OriginalPaper | Chapter

16. Cyber Threats to Position and Timing Data and Their Impact on Safety and Security

Author : Erik Theunissen

Published in: NL ARMS Netherlands Annual Review of Military Studies 2016

Publisher: T.M.C. Asser Press

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Since the introduction of the Global Positioning System (GPS), many civil and military applications have become dependent on the continuous availability of GPS-derived position and timing information. Examples comprise financial transaction systems, electrical power grids and combat management systems. Both in the communication and navigation domain, security vulnerabilities exist that threaten the information continuity and integrity. This chapter starts with examples of applications of which safety depends on information security, in particular the integrity of the position and/or timing information provided by GPS or comparable satellite-based systems. Based on similarities in the proliferation of threats to information availability and integrity on the Internet, it is illustrated that legislation alone is not enough to mitigate the safety related risk. For the near term, solutions such as the use of existing dissimilar systems as a backup for applications that cannot afford a loss of position and timing information are proposed. For the long-term, potential solutions based on the use of encryption and authentication techniques are discussed.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Improving the Management Control Mix for Safety and Security

next chapter Spanish Security Forces, Anti-terrorism and the Internal and External Security of Spain, 1959–1992

http://rntfnd.org/2016/01/28/gps-anomaly-official-usaf-statement/.

ICAO 1995.

RTCA 1997.

SESAR Consortium 2009.

JPDO 2010.

GNSS is used as a container term for GPS, Galileo and other space-based positioning systems.

AIS transceivers provide own ship and shore-based monitoring stations with information about the locations of other AIS equipped vessels.

In the communication domain, information security aims to achieve confidentiality, integrity, and availability. A container term used for activities related to dealing with threats in this domain is Cybersecurity.

Bellovin 1989.

Shimomura and Markoff 1996.

GPS Risk Assessment Study Final Report, Jan. 1999.

USCG Safety Alert 01–16, Jan. 19, 2016.

Tippenhauer et al. 2011.

Scott 2003.

Humpreys et al. 2009.

Wevers 2015.

Kunkel 2009.

Haines 2012.

Costin and Francillon 2012.

For non-IT specialists this translates to: “anyone using the default password will have full control over the system and can read, modify and add to all stored information”.

McCallie 2011.

Schafer et al. 2013.

Strohmeier et al. 2014.

Pierpaoli et al. 2015.

Parkinson 2014.

Van Willigen et al. 2014.

Griffioen and Oonincx 2013.

Scott 2003.

Finke et al. 2013.

Mode 5 is the most recent implementation of the Identification Friend or Foe system used by military aircraft. Level 2 refers to a class of messages.

McCallie 2011.

Strohmeier et al. 2014.

Strohmeier et al. 2015.

Ghose and Lazos 2015.

Monteiro et al. 2015.

Goward 2014.

Mendez and Work 2015.

Federal Funding Opportunity 2016.

Bellovin SM (1989) Security problems in the TCP/IP protocol suit. Comput Commun Rev 19:32–48CrossRef

Costin A, Francillon A (2012) Ghost in the air (traffic): on insecurity of ADS-B protocol and practical attacks on ADS-B devices. In: Black Hat conference, July 21–26, Las Vegas, NV

Federal Funding Opportunity 2016-NIST-SBIR-01. U.S. Department of Commerce, National Institute of Standards and Technology

Finke C, Butts, J, Mills R (2013) ADS-B encryption. Confidentiality in friendly skies. In: Proceedings of the Eight Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW), January 8–10, Oak Ridge, TN

Ghose N, Lazos L (2015) Verifying ADS-B navigation information through doppler shift measurements. In: Proceedings of the 34th Digital Avionics Systems Conference, 13–17 September, Prague

Goward DA (2014) Position, navigation, and timing (PNT) governance—required improvements. In: Proceedings of the European Navigation Conference, April 15–17, Rotterdam

GPS Risk Assessment Study Final Report, January 1999 M8A01 Revised. The John Hopkins University—Applied Physics Laboratory, Laurel, MD

Griffioen JW, Oonincx PJ (2013) Suitability of low-frequency navigation systems for artillery positioning in a GNSS denied environment. J Navig 66:35–48CrossRef

Haines B (2012). Hackers + airplanes. No good can come of this. Defcon 20, July 26–29, Las Vegas, NV

Humpreys TE, Ledvina BA, Psiaki ML, O’Hanlon BW, Kitner Jr PM (2009) Assessing the spoofing threat. GPS World 20:28–38

ICAO (1995) Report of the special communications/operations divisional meeting, Document 9650

JPDO (2010) Concept of operations for the next generation air transportation system, Version 3.1

Kunkel R (2009) Air traffic control: insecurity and ADS-B. Defcon 17, July 30–August 2, Las Vegas, NV

McCallie DL (2011) Exploring potential ADS-B vulnerabilities in the FAA’s NEXTGEN air transportation system. Air Force Institute of Technology, AFIT/IWC/ENG/11-09

Mendez VM, Work RO (2015) Letter to the Honorable John Garamendi, U.S. House of Representatives. http://rntfnd.org/wp-content/uploads/DSD-and-Dep-DOT-reply-to-Mr.-Garamendi.pdf

Monteiro M, Barreto A, Kacem T, Carvalho J, Wijesekera, D, Costa P (2015) Detecting malicious ADS-B broadcasts using wide multilateration. In: Proceedings of the 34th Digital Avionics Systems Conference, 13–17 September, Prague

Parkinson B (2014) Assured PNT—assured world economic benefits. Keynote address at the European Navigation Conference, 15–17 April, Rotterdam

Pierpaoli P, Egerstedt M, Rahmani A (2015) Altering UAV flight path by threatening collision. In: Proceedings of the 34th Digital Avionics Systems Conference, 13–17 September, Prague

RTCA (1997) Minimum aviation system performance standards: required navigation performance for area navigation

Schafer M, Lenders V, Martinovic I (2013) Experimental analysis of attacks on next generation air traffic communication. In: Applied cryptography and network security. Springer, pp 253–271

Scott L (2003) Anti-spoofing and authenticated signal architectures for civil navigation systems. In: Proceedings of the ION GPS/GNSS Conference, 9–12 September, Portland, OR

SESAR Consortium (2009) European air traffic management master plan, 1st edn

Shimomura T, Markoff J (1996) Takedown: the pursuit and capture of Kevin Mitnick. America’s Most Wanted Computer Outlaw. Hyperion

Strohmeier M, Lenders V, Martinovic I (2014) On the Security of the Automatic Dependent Surveillance-Broadcast Protocol

Strohmeier M, Martinovic I, Fuchs M, Schäfer M, Lenders V (2015) Opensky: a Swiss army knife for Air Traffic Security. In: Proceedings of the 34th Digital Avionics Systems Conference, 13–17 September, Prague

Tippenhauer NO, Pöpper, C, Rasmussen KB, Čapkun S (2011) On the requirements for successful GPS spoofing attacks. In: Proceedings of the 18th ACM Conference on Computer Communications and Security, October 17–21, Chicago, Il

Van Willigen D, Kellenbach R, Dekker C, van Buuren W (2014) eDLoran—next generation of differential Loran. In: Proceedings of the European Navigation Conference, 15–17 April, Rotterdam

Vulnerability Assessment of the Transportation Infrastructure Relying on the Global Positioning System—Final Report, 29 August 2001. John A. Volpe National Transportation Systems Center

Wevers D (2015) GPS Spoofing—a systematic analysis of GPS spoofing: enablers, capabilities and requirements. BSc thesis

Title: Cyber Threats to Position and Timing Data and Their Impact on Safety and Security
Author: Erik Theunissen
Publisher: T.M.C. Asser Press
Book: NL ARMS Netherlands Annual Review of Military Studies 2016
Print ISBN: 978-94-6265-134-0

Electronic ISBN: 978-94-6265-135-7

Copyright Year: 2016
DOI: https://doi.org/10.1007/978-94-6265-135-7_16