Distributed Relay/Replay Attacks on GNSS Signals

Sammanfattning: In modern society, Global Navigation Satellite Systems (GNSSs) are ubiquitously relied upon by many systems, among others in critical infrastructure, for navigation and time synchronization. To overcome the prevailing vulnerable state of civilian GNSSs, many detection schemes for different attack types (i.e., jamming and spoofing) have been proposed in literature over the last decades. With the launch of Galileo Open Service Navigation Message Authentication (OS­NMA), certain, but not all, types of GNSS spoofing are prevented. We therefore analyze the remaining attack surface of relay/replay attacks in order to identify a suitable and effective combination of detection schemes against these. One shortcoming in the evaluation of countermeasures is the lack of available test platforms, commonly limiting evaluation to mathematical description, simulation and/or test against a well defined set of recorded spoofing incidents. In order to allow researchers to test countermeasures against more diverse threats, this degree project investigates relay/replay attacks against GNSS signals in real­world setups. For this, we consider colluding adversaries, relaying/replaying on signal­ and on message­level in real­time, over consumer grade Internet, and with Commercially off the Shelf (COTS) hardware. We thereby highlight how effective and simple relay/replay attacks can be on existent and likely on upcoming authenticated signals. We investigate the requirements for such colluding attacks and present their limitations and impact, as well as highlight possible detection points.