Mitre’s new Time Anomaly Detection Appliqué (TADA) protects modern digital systems from spoofing attacks that can corrupt time source signals.
Successful spoofing attacks could result in navigational systems going haywire and grounding airplanes, jumbling of buying and selling orders, a shutdown of the stock market, or power-grid failures. Infrastructure and defense systems often rely on GPS’s unencrypted position, navigation, and timing (PNT) signal as their source of accurate time, accurate to about 14 nanoseconds.
The TADA system detects and, for certain users, mitigates timing attacks. “Almost every system has a need for precise and accurate time,” said Darrow Leibner, the Mitre TADA project lead. “Because GPS is accurate and ubiquitous, users have gotten away from implementing other time-keeping methods. That’s where the potential vulnerability comes in.”
TADA is designed to provide a cost-effective, reliable, and easy-to-use method for protecting GPS receivers against spoofing attacks. The system defends against spoofing by continuously comparing a trusted input, such as a known frequency or location, with those provided by the GPS receiver. When a difference between these two inputs is detected, TADA alerts the user to the suspected PNT anomaly.
For a trusted input, TADA uses an atomic clock frequency. For each second measured by the incoming GPS timing signal, TADA counts the number of frequency cycles generated by a Cesium clock. If the incoming GPS signal is valid, TADA will count exactly the expected number of Cesium frequency cycles. If TADA measures a higher or lower number of timing signals than expected, it will display the difference. A difference outside the acceptable margin of error will prompt TADA to alert its users that the GPS timing signal is possibly being spoofed.
In the same way it uses a trusted time source, TADA can also use a known location to detect a spoofing attack. To do this, the user inputs the location of a GPS receiver antenna into TADA. TADA monitors the reported position for any changes. Any reported change of the stationary location would most likely be due to spoofing attack and prompt an alert to the user. Once alerted by TADA to a spoofing attack, users can quickly switch to existing backup systems.
“This is not the invention of the lightbulb,” Leibner said. “Rather, it’s a clever use of existing technologies packaged in such a way that users obtain a greatly increased level of protection for a minimum of investment. None of the TADA components on their own are brilliant. But as one manufacturer said after seeing a detailed description of TADA, ‘It’s brilliantly simplistic.’”
The next stage in TADA’s development is to provide it with the capability to not only detect spoofing attacks, but to mitigate its effects and pinpoint their origin. Mitre will also continue to advocate that to bolster the nation’s infrastructure defenses against spoofing, TADA-like monitoring techniques be included within commercial product design.
Adapted from an article by The MITRE Corporation.