Stars Can Tell

A Robust Method to Defend against GPS Spoofing Attacks using Off-the-shelf Chipset

Shinan Liu*, Xiang Cheng*, Hanchao Yang, Yuanchao Shu, Xiaoran Weng, Ping Guo, Kexiong (Curtis) Zeng, Gang Wang, Yaling Yang

Spoofing GPS signals is easy, cheap, and dangerous

It is possible to spoof a GPS receiver to arbitrary location and time.

Existing works have demonstrated GPS spoofing attacks in various applications, including diverting a luxury yacht from Monaco to Greece, attacking the road navigation system (also check our previous work published at USENIX Security'18!), and manipulating self-driving cars.


An example of low-cost GPS spoofer

(cheapest can be as low as $40 in total!)

Here, GPS receiver = smartphone, blockage = human body


NonSpoofing VS Spoofing

(Signals spread, angles different VS Signals align, angles same)

GPS Receiver + Blockage + Rotation = Spoofing Detector !

Our novel anti-spoofing techniques aim to achieve both high robustness and low cost.

The key idea is to measure and analyze GPS signals to derive the angle-of-arrival (AoA), because attackers cannot (easily) emulate the physical AoA of GPS signals from tens of GPS satellites around Earth simultaneously.

Unlike traditional methods that requires expensive hardware such as large antenna-arrays (thousands of dollars), our idea is to place a signal-blocking shield on one side of the GPS receiver while rotating the GPS receiver with the shield.

In this way, we are able to get AoA by synthesizing a directional antenna-array using omnidirectional antennas on commercial devices like smartphones.


FIVE different algorithms

on TWO attacker models

We propose five software-based methods (check our paper for technical details!) to detect spoofing attacks that work for off-the-shelf GPS chipsets.

We evaluate our defense against a real spoofer in various field experiments (in both open air and urban canyon environments). Our method achieves a high accuracy (95%~100%) in 5 seconds.

Then we implement an adaptive attack, assuming the attacker becomes aware of our defense method. We study this adaptive attack and use enhancement methods (taking the rotation speed as the "secret key") to fortify the defense.

ROC curve for different methods on spoofing and adaptive spoofing attacks

Yes, we Open Sourced the analysis pipeline!

MATLAB Analysis pipeline

We implemented 5 defense methods and the whole analysis pipeline (including plots and metrics). Please contact the authors for code.

It also contains 10 NonSpoofing data samples as a motivating example.

GNSS Logger

We customized the GNSS Logger from Google to better support the logging process.

Future development is also planned, which might support real-time analysis and defense.

Click here to download the released apk.

Dataset

To facilitate further investigation, we also open source the collected dataset (using blockage and rotation) in various settings: open air / urban canyon, human body / metal blockage.

Click here to download the dataset.

BIBTEX


@inproceedings{liu2021stars,

title = {Stars Can Tell: A Robust Method to Defend against GPS Spoofing using Off-the-shelf Chipset },

author = {Liu, Shinan and Cheng, Xiang and Yang, Hanchao and Shu, Yuanchao and Weng, Xiaoran and Guo, Ping and Zeng, Kexiong (Curtis) and Wang, Gang and Yang, Yaling},

booktitle = {Proceedings of the 30th USENIX Security Symposium (USENIX Security 21)},

year = {2021}

}