EU Science Hub

Hardening of civilian GNSS trackers

Civilian GNSS based near-real-time tracking systems are presently used in a number of fields, such as the fisheries Vessel Monitoring System (VMS), the maritime Automatic Identification System (AIS), the transportation of dangerous goods, in Mobile Asset Management, and in Law Enforcement. Projected toll road billing systems, ¿pay as you go¿ car insurances, and revised digital tachographs are other candidates for GNSS tracking. These devices record and report their positions. Transmissions usually occur in an expedient manner, implying near real time. The reporting intervals are determined by the application domain. The tracker sends its position messages to a public or commercial organisation that analyses such messages. Therefore, nearly all such trackers are composed of a GNSS receiver module and a wireless communications module for transmission of positions. Every such GNSS-based tracker is vulnerable to tampering, and gains from tampering depend on the application domain. This paper is concerned with surreptitious introduction of false tracking information, and the mitigation of such risk. Modelling such trackers, one identifies multiple ways that an adversary could use to introduce such false information. With sufficient development work on a Software Defined Radio (SDR) platform, an adversary could engineer an illegal civilian GPS spoofer that circumvents classical GPS receiver integrity checks. The intelligent abuse of SDR can also spoof the outgoing position message. Furthermore, trackers constitute embedded computing systems that have input/output ports, begetting vulnerability. If trackers use cryptography to authenticate their outgoing message, they can be subjected to ¿side channel attacks¿. Last but not least, it is possible to physically tamper with the tracker. Physical tampering includes breaching the housing of the tracker, and removing the tracker from the asset. Various options are reviewed to harden GNSS based trackers against diverse technological exploits. The paper assumes that an intact tracker is properly installed, and does not cover social engineering. The introductory chapter defines an abstract GNSS tracker. The first chapter investigates countermeasures to GNSS spoofing and meaconing. The second chapter discusses physical sealing vulnerabilities and mitigation. The third chapter shows how communications security can be improved, specifically for low bandwidth satellite communications. The fourth chapter explores aspects of side channel attacks and computer security. The conclusion presents possible architectures for secured GNSS trackers that could be used in some application domains.