IEEE Spectrum August, 2016 - 30
GPS satellites
False GPS
signals
transmitted
by attacker
to Fool a yaCHt: In this real-time spoofing
demonstration, an attacker transmits false GPs signals
to override those the White Rose receives from GPs
satellites. the attacker adjusts the coordinates so
that the crew believes the ship has blown off course
[blue line]. When the crew resets the ship's path, they
unwittingly guide it onto a new route [red line].
False GPS coordinates
indicate ship
is off course
Fortunately, Psiaki and his students from Cornell University had been forging antispoofing defenses. In fact, Psiaki
was testing an early prototype of a spoofing detector at White
Sands at the same time that Humphreys's group attacked the
drone. The prototype successfully detected every attack, but
only after hours of off-line computation.
Could Psiaki produce a real-time version? If so, Schofield
wanted to test it on the White Rose-and soon.
T
registers these weak signals as though they were part of the
stronger, true signals transmitted by those satellites.
Then comes the delicate art of the "drag-off," in which
HeRe ARe THRee MAIN WAYS to protect against
attackers must gently override the true signals. To do this,
GPS spoofing: cryptography, signal- distortion
the spoofer's operator gradually increases the power of the
detection, and direction-of-arrival sensing. No
false GPS signals until the receiver catches onto these new
single method can stop every spoof, but Psiaki's
signals. If the signal increase is too abrupt, the receiver or
team has found that combining strategies can proeven the ship's human navigators might detect something vide a reasonably secure countermeasure that could be comamiss. Once the receiver has latched onto the false signals, mercially deployed.
the operator can adjust the spoofer and receiver to a new set
Cryptographic methods provide a way for users to authenof coordinates and leave the true signals behind.
ticate signals on the fly. In one approach, for example, civilBack on the White Rose, crew members noted the appar- ian receivers would use PRN codes that are totally or partially
ent-but not actual-3-degree leftward drift that Humphreys's unpredictable, similar to those used by the U.S. military, so a
team had fooled the ship's receivers into recording at the spoofer can't synthesize the codes ahead of time. But to verify
start of the attack. However, the shift was so slight that the each new signal, every civilian receiver would have to carry
crew assumed it was due to natural forces such as water cur- an encryption key similar to those held by military receivrents and crosswinds, so they adjusted the vessel slightly to ers, and it would be difficult to keep attackers from obtainthe right. In reality, this corrective maneuver actually took ing such widely distributed keys.
them off course.
Alternatively, a receiver could simply record the unpredictAs a result of the crew's actions, the White Rose veered a kilo- able part of the signal and wait for its sender to broadcast a
meter from its intended course, unbeknownst to Schofield, digitally signed encryption key to verify its origin. However,
before Humphreys called off the spoof about an hour later. this approach would require the U.S. Air Force to revise the
The same trick could have been executed for a ship on auto- way GPS signals are broadcast and manufacturers of civilpilot, with the navigation system performing the course cor- ian receivers to change how those devices are built. It would
rection instead of the crew.
also require a slight delay, which would mean that navigation
Schofield was dismayed, to put it mildly. He and his crew updates would not be verified instantaneously.
depend on GPS for the safety of all on board-for example, for
An easier way to protect civilians would have them
navigating away from storms and for steering clear of shal- "piggyback" off of the encrypted U.S. military signals. Already,
lows and underwater hazards at night or in fog. Although military signals can be received and recorded by a civilian
Humphreys's spoofer is too sophisticated for the average receiver even if they cannot be decrypted and used for navicomputer hacker to assemble, this technology is within reach gation. Once they record the signals, civilian receivers can
of many countries-there have been rumors of spoofing "in observe the noisy trace of a PRN code even if they can't figthe wild" by North Korea-and even some private individuals. ure out the actual code. That means these receivers could
30
|
AUG 2016
|
north AmericAn
|
SPectrUm.ieee.orG
IllustratIon by
James Provost
�
http://SPectrUm.ieee.orG
Table of Contents for the Digital Edition of IEEE Spectrum August, 2016
IEEE Spectrum August, 2016 - Cover1
IEEE Spectrum August, 2016 - Cover2
IEEE Spectrum August, 2016 - 1
IEEE Spectrum August, 2016 - 2
IEEE Spectrum August, 2016 - 3
IEEE Spectrum August, 2016 - 4
IEEE Spectrum August, 2016 - 5
IEEE Spectrum August, 2016 - 6
IEEE Spectrum August, 2016 - 7
IEEE Spectrum August, 2016 - 8
IEEE Spectrum August, 2016 - 9
IEEE Spectrum August, 2016 - 10
IEEE Spectrum August, 2016 - 11
IEEE Spectrum August, 2016 - 12
IEEE Spectrum August, 2016 - 13
IEEE Spectrum August, 2016 - 14
IEEE Spectrum August, 2016 - 15
IEEE Spectrum August, 2016 - 16
IEEE Spectrum August, 2016 - 17
IEEE Spectrum August, 2016 - 18
IEEE Spectrum August, 2016 - 19
IEEE Spectrum August, 2016 - 20
IEEE Spectrum August, 2016 - 21
IEEE Spectrum August, 2016 - 22
IEEE Spectrum August, 2016 - 23
IEEE Spectrum August, 2016 - 24
IEEE Spectrum August, 2016 - 25
IEEE Spectrum August, 2016 - 26
IEEE Spectrum August, 2016 - 27
IEEE Spectrum August, 2016 - 28
IEEE Spectrum August, 2016 - 29
IEEE Spectrum August, 2016 - 30
IEEE Spectrum August, 2016 - 31
IEEE Spectrum August, 2016 - 32
IEEE Spectrum August, 2016 - 33
IEEE Spectrum August, 2016 - 34
IEEE Spectrum August, 2016 - 35
IEEE Spectrum August, 2016 - 36
IEEE Spectrum August, 2016 - 37
IEEE Spectrum August, 2016 - 38
IEEE Spectrum August, 2016 - 39
IEEE Spectrum August, 2016 - 40
IEEE Spectrum August, 2016 - 41
IEEE Spectrum August, 2016 - 42
IEEE Spectrum August, 2016 - 43
IEEE Spectrum August, 2016 - 44
IEEE Spectrum August, 2016 - 45
IEEE Spectrum August, 2016 - 46
IEEE Spectrum August, 2016 - 47
IEEE Spectrum August, 2016 - 48
IEEE Spectrum August, 2016 - 49
IEEE Spectrum August, 2016 - 50
IEEE Spectrum August, 2016 - 51
IEEE Spectrum August, 2016 - 52
IEEE Spectrum August, 2016 - 53
IEEE Spectrum August, 2016 - 54
IEEE Spectrum August, 2016 - 55
IEEE Spectrum August, 2016 - 56
IEEE Spectrum August, 2016 - 57
IEEE Spectrum August, 2016 - 58
IEEE Spectrum August, 2016 - 59
IEEE Spectrum August, 2016 - 60
IEEE Spectrum August, 2016 - Cover3
IEEE Spectrum August, 2016 - Cover4
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1217
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1117
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1017
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0917
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0817
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0717
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0617
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0517
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0417
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0317
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0217
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0117
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1216
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1116
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1016
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0916
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0816
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0716
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0616
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0516
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0416
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0316
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0216
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0116
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1215
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1115
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1015
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0915
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0815
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0715
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0615
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0515
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0415
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0315
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0215
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0115
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1214
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1114
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1014
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0914
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0814
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0714
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0614
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0514
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0414
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0314
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0214
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0114
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1213
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1113
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1013
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0913
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0813
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0713
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0613
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0513
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0413
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0313
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0213
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0113
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1212
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1112
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1012
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0912
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0812
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0712
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0612
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0512
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0412
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0312
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0212
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0112
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1211
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1111
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1011
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0911
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0811
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0711
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0611
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0511
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0411
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0311
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0211
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0111
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1210
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1110
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1010
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0910
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0810
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0710
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0610
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0510
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0410
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0310
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0210
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0110
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1209
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1109
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1009
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0909
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0809
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0709
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0609
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0509
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0409
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0309
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0209
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0109
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1208
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1108
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1008
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0908
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0808
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0708
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0608
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0508
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0408
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0308
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0208
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0108
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1207
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1107
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1007
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0907
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0807
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0707
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0607
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0507
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0407
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0307
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0207
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0107
https://www.nxtbookmedia.com