Research to detect GPS spoofing
When a person types a location in their phone, they expect the GPS to identify the quickest route to get them where they want to go. Unfortunately, GPS is vulnerable to spoofing, where an attacker mimics the authentic signal, causing the receiver to compute a different position or timing solution. A team of GPS researchers is working to improve technology so it can monitor when this occurs.
“GPS has an open signal structure so the signals can be mimicked or regenerated,” said Sriramya Bhamidipati, a second-year PhD student working under CSL’s Grace Gao, an assistant professor in the Dept. of Aerospace Engineering at the University of Illinois at Urbana-Champaign “When this happens the spoofing attacker is generating false signals. If the receiver can’t detect if they’re accurate, the receiver can think the false signals are the accurate ones which can give power to the attacker to manipulate the receiver.”
One application of GPS is to provide timing for phasor measurement units, or PMUs. In a power grid situation where multiple receivers are working together, GPS timing is accurate to the hundredth nanosecond. Any changes can have an impact on the power grid synchronization.
This means if an attacker spoofed a collection of PMUs, the unit readings of a substation would be off, thereby ruining the synchronization of the entire system and potentially tripping substations into turning off.
In order to detect these miniscule differences before they have a big impact, the group had to determine a baseline for measurement.
“You have so many devices that are widely dispersed (across the North American continent) and you need to authenticate all of them,” said Tara Mina, second-year MS student in electrical and computer engineering. “We want to create an efficient way to authenticate every device in the network, by comparing signals from within the network itself.”
The group’s research leverages the existing power grid communication structure, allowing them to first compare GPS signals within regional collections of receivers, where communication resources are abundant. They can then efficiently cross-validate the results with representative signals from the more distant sites.
By analyzing the various signals within a geographic area, the group could create a representative signal for that region that could then be compared to other networks to determine spoofing. Once they had a number of regional networks in North and South America, they needed to test their theory that they could use their data to determine spoofing.
The researchers joined in on a government-sponsored live-sky spoofing event to collect data during a realistic spoofing attack. GPS signals were simultaneously recorded in seven locations; one in the Western US that was the spoofed location, three other sites across the United States and three sites in South America. The group compared results from all the locations and were able to detect the spoofing attack at the Western U.S. receiver location, while simultaneously authenticating the GPS signals received at the six other network sites.
“We validated our algorithm using the live spoofing data,” Bhamidipati said. “The correlation peaks of the majority of the regions were high and the western US one showed it was being spoofed.”
Moving forward the group would like to consider the effect of adding more PMUs to their regional representative calculations and improve processing time so stakeholders can be quickly alerted of spoofing activity.
This work is funded by Department of Energy and Department of Homeland Security.