DHS publishes resources for safeguarding against GPS hacking

The best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews Apple Podcasts or PodcastOne.

Imagine if the global positioning system was hacked in any way. From the Waze app in your pocket to the operation of naval stores, you can say that we will have big problems. Now some technical riots in the Science and Technology Directorate of the Ministry of National Security have invented what they call Library for the integrity of positioning, navigation and time to protect yourself from someone trying to cheat GPS. For more information on what this is about, talk to technical manager Ernest Wong Federal driving with Tom Temin.

Available Volume: Mr. Wong, I’m glad you’re at work.

Ernest Wong: Good morning, Tom, thank you for accepting me.

Available Volume: Now we are talking about counterfeiting, unlike what I said maybe, about hacking and there is a difference. Tell us what it is.

Ernest Wong: Yes And that’s a good question. For starters, perhaps the best way to make a distinction would be to compare it to GPS jamming. And if you throw in buckets, jamming will be considered a denial, while replacement will be considered fraud. So if you’re in a vehicle with vehicle navigation, when you get stuck, you know what’s going on, you lose your GPS position, and you realize you have to go to find alternative ways to find out where you are and how you’re there. When you get a fake, it’s all about cheating. So if someone has to deceive you, they will tell you that you are in a position you are not in or that it is time not to. So instead of making this turn for maybe half a mile, you can do it for 50 feet. So when you make decisions about wrong information, it can have consequences.

Available Volume: And how do people mislead what a GPS signal is? How do you deal with this?

Ernest Wong: So technology is getting pretty easy these days, before it was more of an emerging threat, I guess. But now, as technology evolves and knowledge grows, it is quite affordable. So with probably about $ 500 you can get a software-defined radio. And the code is also available there on GitHub and other open source repositories.

Available Volume: Okay, so you’ve developed something called the PTN Integrity Library. Tell us what it is and then maybe how it works.

Ernest Wong: Sure. If you are trying to protect yourself from GPS tampering, one of the first things you should be able to do is recognize that this is happening. So, the PNT Integrity Library is a set of fake detectors, so basically sensors and there are different ways to detect it. So with this PNT Integrity Library, the hardware manufacturer, for example, can use those open source algorithms that are free to use in GitHub that we have published in CISA’s GitHub. And if they had to use these algorithms and provide a complete solution to detect GPS tampering.

Available Volume: What is this about the false signal that is different from the GPS signal? Is this the direction it’s coming from because GPS is coming from space?

Ernest Wong: Yes, so there are many different ways to detect GPS forgery if we want to get a little into it. So the first thing you mentioned definitely has one of these indicators in terms of what the arrival angle is. Often a spoofer is usually closer to the ground. So you can find out by the angle, you can find out by the power levels as well as the consistency checks. If someone tries to withdraw from your position at a certain speed, you may be in a place with a fixed infrastructure, you should not move. So you can do different types of consistency checks to look for only these types of anomalies.

Available Volume: And this library as a whole then, where does it live in a system? Where do you put it? How do you install it? How do you use it?

Ernest Wong: There are two ways to use this. And this is primarily for the industry. So end users can use it if they have the required level of refinement. And there are some current owners of structures and operators who are a little more sophisticated and have built their own systems and may not do it that way. But for the most part, we expect this to be something that manufacturers will take, and then maybe download the parts they need and include it in their GPS receivers. And these receivers, if we’re talking about critical infrastructure, they’re usually something you’d mount in a server stand. So they are quite large pieces of equipment with many components inside them. So these algorithms would go into this equipment and provide this detection capability.

Available Volume: Yes, so with regard to the armed services, for example, or the operational aspects of the Ministry of National Security, then you will have the opportunity to have this equipment. And with the changing nature of these species, I guess we can call this a cyber threat, I’m sure people who cheat are always coming up with new ways to do it. Can all this be updated as new vectors and new technologies are developed by the bad ones?

Ernest Wong: Yes, that’s a great question. And the PNT Integrity Library was created specifically to deal with these types of issues. So the integrity library is a modular API is a modular framework. So in the future, if there are new types of threats or if there are better types of detectors, people can write the code for the detector and then just put it in the API, and it’s essentially plug and play.

Available Volume: Okay. And there’s something else you’ve developed called the Epsilon Algorithm Suite. And what is it, how does it relate to the library?

Ernest Wong: These are two sets of detection kits or detection algorithms. The PNT Integrity Library is a bit more busy, which requires more information in the system. The Epsilon algorithms are really more than those sequence checks I’ve talked about. And so you can potentially place this on a device that would be almost like an additional device after your equipment. So instead of replacing your, perhaps your PNT device, which can be quite expensive in critical operations, they run thousands of dollars. It is possible to simply have this additional device that accepts the output of the PNT or GPS system, and essentially acts as a filter to notify you when something is wrong. So it requires less information, it is easier to integrate.

Available Volume: And going back to the integrity library, as you mentioned, it’s on GitHub. So you follow the open source model when you develop this and run it. Can other developers, for example from other branches of government, such as the intelligence community or the Ministry of Defense, also be able to develop and work on this and contribute to this in this open source model?

Ernest Wong: Yes, if they wanted to. So it is available on the CISA GitHub page. There is also a link to the S&T PNT program page, where there will be links to the two GitHub repositories. And if people want to contribute code, it’s hosted on GitHub itself. So it works just like any other repository, where people can send proposed code changes, and then repository supporters can view and accept it or not.

Available Volume: And by the way, have there been cases of GPS tampering so far? Or is this just potential for now?

Ernest Wong: This is always a good question. This always appears. And especially in the last two years, there have been a growing number of public reports from industrial trade magazines, academic publications, and we now see little in major newspapers like the New York Times and other fake events that are reported around the world. For example, the most common force we see, the most famous, I would say, is in the maritime industry. Many seagoing ships operating around the Black Sea experience a lot of GPS interference as well as GPS tampering. This is quite well known. We have also seen reports of GPS tampering in the Middle East, mainland China and Iran. And it’s a little disturbing that the frequency increases quite quickly and they become quite high. As for the internal market, it is a little harder to know about these things because counterfeiting is harder to detect. Silencing is quite easy because it has a very high power. As for the forgery, it is certainly low power. And if you’re not looking for it, you may not see it. But we’ve seen a few examples of what can happen when you have GPS forgery.

Available Volume: And is replacement the biggest threat to GPS? You mentioned there is jamming and there is forgery and I don’t know what else. But what is the biggest threat to the GPS system and the ability to use it?

Ernest Wong: GPS tampering is definitely an issue. But I would say that the biggest threat to GPS habits is really ourselves and how we use technology. And like any other technology, we often take it for granted. So, GPS is a great technology and is generally used everywhere. Within critical infrastructure, in energy networks and the communications sector, in many places that we are not aware of and do not have to use in a secure way. So I think the biggest problem is that we need to raise awareness about these issues and try to think about how we use GPS more deliberately and use them in ways that are sustainable so that they can withstand recovery and to work through this type of threats.

Available Volume: Yes, so the library you’ve developed needs to go wider than just Garmin, as well as the military and the places you think about first.

Ernest Wong: Yes, so although these libraries are definitely one of the tools we release, not the only resource we release. So a few months ago, in December 2020, we also released the Resilient PNT Conformance Framework. And this is basically the second half of the decision. These detectors, these algorithms that we present, are important to find out if you are experiencing an anomaly, but once you find out that there is a problem, what do you do about it? If it’s just vehicle navigation, it’s not a big deal in terms of maybe stopping on the map and moving on, or maybe wasting some time navigating. But when it comes to the electricity grid or the communications sector, they can’t stop, can they? They have to keep going, they have to keep working. So, this sustainable PNT compliance framework is more about how to build sustainable equipment and be able to withstand that kind of attack and keep working through it and recovering? So, this is really the second piece of the decision. And this is something we have provided to the industry, this is a document published online on our S&T website. And is designed to facilitate the development and adoption of resilient PNT equipment.

Available Volume: Okay, get this library to check it out. Ernest Wong is the Technical Manager in DHS’s Science and Technology Directorate. Thank you so much for joining me.

Ernest Wong: Thanks for including me.