U.S. House of Representatives Committee on Homeland Security; Subcommittee on Oversight, Investigations, and Management; Hearing, July 19, 2012: Using Unmanned Aerial Systems Within the Homeland: Security Game Changer?
Testimony by Todd E. Humphreys, Ph.D.; Assistant Professor, Cockrell School of Engineering, The University of Texas at Austin. [Excerpted. Prof. Humphreys is a co-author of the article “Drone Hack” in the August issue of GPS World.].
The vulnerability of civil GPS to spooﬁng has serious implications for civil unmanned aerial vehicles (UAVs), as was recently illustrated by a dramatic remote hijacking of a UAV at White Sands Missile Range.
Hacking a UAV by GPS spooﬁng is but one expression of a larger problem: insecure civil GPS technology has over the last two decades been absorbed deeply into critical systems within our national infrastructure. Besides UAVs, civil GPS spooﬁng also presents a danger to manned aircraft, maritime craft, communications systems, banking and ﬁnance institutions, and the national power grid.
Constructing from scratch a sophisticated GPS spoofer like the one developed by the University of Texas is not easy. It is not within the capability of the average person on the street, or even the average Anonymous hacker. But the emerging tools of software-deﬁned radio and the availability of GPS signal simulators are putting spoofers within reach of ordinary malefactors.
There is no quick, easy, and cheap ﬁx for the civil GPS spooﬁng problem. What is more, not even the most eﬀective GPS spooﬁng defenses are foolproof. But reasonable, cost-eﬀective spooﬁng defenses exist which, if implemented, will make successful spooﬁng much harder.
I recommend that for non-recreational operation in the national airspace civil UAVs exceeding 18 lbs be required to employ navigation systems that are spoof-resistant.
More broadly, I recommend that GPS-based timing or navigation systems having a non-trivial role in systems designated by DHS as national critical infrastructure be required to be spoof-resistant.
Finally, I recommend that the DHS commit to funding development and implementation of a cryptographic authentication signature in one of the existing or forthcoming civil GPS signals.
Complete testimony (PDF) covers:
- The potential vulnerabilities of U.S. national transportation, communications, banking and finance, and energy distribution infrastructure;
- What does it take to build a spoofer? Buy a spoofer?
- Range and required knowledge of target.
- Fixing the problem:
- Jamming-to-noise sensing defense;
- Defense based on SSSC or NMA on WAAS signals;
- Multi-system multi-grequency defense;
- Single-antenna defense;
- Defense based on spread-spectrum security codes on L1C;
- Defense based on navigation message authentication on L1C, L2C, or L5;
- Correlation prole anomaly defense;
- Multi-antenna defense;
- Defense based on cross-correlation with military signals.