-
Extending RAIM with a Gaussian Mixture of Opportunistic Information
Authors:
Wenjie Liu,
Panos Papadimitratos
Abstract:
GNSS are indispensable for various applications, but they are vulnerable to spoofing attacks. The original receiver autonomous integrity monitoring (RAIM) was not designed for securing GNSS. In this context, RAIM was extended with wireless signals, termed signals of opportunity (SOPs), or onboard sensors, typically assumed benign. However, attackers might also manipulate wireless networks, raising…
▽ More
GNSS are indispensable for various applications, but they are vulnerable to spoofing attacks. The original receiver autonomous integrity monitoring (RAIM) was not designed for securing GNSS. In this context, RAIM was extended with wireless signals, termed signals of opportunity (SOPs), or onboard sensors, typically assumed benign. However, attackers might also manipulate wireless networks, raising the need for a solution that considers untrustworthy SOPs. To address this, we extend RAIM by incorporating all opportunistic information, i.e., measurements from terrestrial infrastructures and onboard sensors, culminating in one function for robust GNSS spoofing detection. The objective is to assess the likelihood of GNSS spoofing by analyzing locations derived from extended RAIM solutions, which include location solutions from GNSS pseudorange subsets and wireless signal subsets of untrusted networks. Our method comprises two pivotal components: subset generation and location fusion. Subsets of ranging information are created and processed through positioning algorithms, producing temporary locations. Onboard sensors provide speed, acceleration, and attitude data, aiding in location filtering based on motion constraints. The filtered locations, modeled with uncertainty, are fused into a composite likelihood function normalized for GNSS spoofing detection. Theoretical assessments of GNSS-only and multi-infrastructure scenarios under uncoordinated and coordinated attacks are conducted. The detection of these attacks is feasible when the number of benign subsets exceeds a specific threshold. A real-world dataset from the Kista area is used for experimental validation. Comparative analysis against baseline methods shows a significant improvement in detection accuracy achieved by our Gaussian Mixture RAIM approach. Moreover, we discuss leveraging RAIM results for plausible location recovery.
△ Less
Submitted 5 February, 2024;
originally announced February 2024.
-
Radio Frequency Fingerprinting via Deep Learning: Challenges and Opportunities
Authors:
Saeif Al-Hazbi,
Ahmed Hussain,
Savio Sciancalepore,
Gabriele Oligeri,
Panos Papadimitratos
Abstract:
Radio Frequency Fingerprinting (RFF) techniques promise to authenticate wireless devices at the physical layer based on inherent hardware imperfections introduced during manufacturing. Such RF transmitter imperfections are reflected into over-the-air signals, allowing receivers to accurately identify the RF transmitting source. Recent advances in Machine Learning, particularly in Deep Learning (DL…
▽ More
Radio Frequency Fingerprinting (RFF) techniques promise to authenticate wireless devices at the physical layer based on inherent hardware imperfections introduced during manufacturing. Such RF transmitter imperfections are reflected into over-the-air signals, allowing receivers to accurately identify the RF transmitting source. Recent advances in Machine Learning, particularly in Deep Learning (DL), have improved the ability of RFF systems to extract and learn complex features that make up the device-specific fingerprint. However, integrating DL techniques with RFF and operating the system in real-world scenarios presents numerous challenges, originating from the embedded systems and the DL research domains. This paper systematically identifies and analyzes the essential considerations and challenges encountered in the creation of DL-based RFF systems across their typical development life-cycle, which include (i) data collection and preprocessing, (ii) training, and finally, (iii) deployment. Our investigation provides a comprehensive overview of the current open problems that prevent real deployment of DL-based RFF systems while also discussing promising research opportunities to enhance the overall accuracy, robustness, and privacy of these systems.
△ Less
Submitted 15 April, 2024; v1 submitted 25 October, 2023;
originally announced October 2023.
-
Probabilistic Detection of GNSS Spoofing using Opportunistic Information
Authors:
Wenjie Liu,
Panos Papadimitratos
Abstract:
Global Navigation Satellite Systems (GNSS) are integrated into many devices. However, civilian GNSS signals are usually not cryptographically protected. This makes attacks that forge signals relatively easy. Considering modern devices often have network connections and onboard sensors, the proposed here Probabilistic Detection of GNSS Spoofing (PDS) scheme is based on such opportunistic informatio…
▽ More
Global Navigation Satellite Systems (GNSS) are integrated into many devices. However, civilian GNSS signals are usually not cryptographically protected. This makes attacks that forge signals relatively easy. Considering modern devices often have network connections and onboard sensors, the proposed here Probabilistic Detection of GNSS Spoofing (PDS) scheme is based on such opportunistic information. PDS has at its core two parts. First, a regression problem with motion model constraints, which equalizes the noise of all locations considering the motion model of the device. Second, a Gaussian process, that analyzes statistical properties of location data to construct uncertainty. Then, a likelihood function, that fuses the two parts, as a basis for a Neyman-Pearson lemma (NPL)-based detection strategy. Our experimental evaluation shows a performance gain over the state-of-the-art, in terms of attack detection effectiveness.
△ Less
Submitted 9 May, 2023;
originally announced May 2023.
-
Using Mobile Phones for Participatory Detection and Localization of a GNSS Jammer
Authors:
Glädje Karl Olsson,
Sara Nilsson,
Erik Axell,
Erik G. Larsson,
Panos Papadimitratos
Abstract:
It is well known that GNSS receivers are vulnerable to jamming and spoofing attacks, and numerous such incidents have been reported in the last decade all over the world. The notion of participatory sensing, or crowdsensing, is that a large ensemble of voluntary contributors provides measurements, rather than relying on a dedicated sensing infrastructure. The participatory sensing network under co…
▽ More
It is well known that GNSS receivers are vulnerable to jamming and spoofing attacks, and numerous such incidents have been reported in the last decade all over the world. The notion of participatory sensing, or crowdsensing, is that a large ensemble of voluntary contributors provides measurements, rather than relying on a dedicated sensing infrastructure. The participatory sensing network under consideration in this work is based on GNSS receivers embedded in, for example, mobile phones. The provided measurements refer to the receiver-reported carrier-to-noise-density ratio ($C/N_0$) estimates or automatic gain control (AGC) values. In this work, we exploit $C/N_0$ measurements to locate a GNSS jammer, using multiple receivers in a crowdsourcing manner. We extend a previous jammer position estimator by only including data that is received during parts of the sensing period where jamming is detected by the sensor. In addition, we perform hardware testing for verification and evaluation of the proposed and compared state-of-the-art algorithms. Evaluations are performed using a Samsung S20+ mobile phone as participatory sensor and a Spirent GSS9000 GNSS simulator to generate GNSS and jamming signals. The proposed algorithm is shown to work well when using $C/N_0$ measurements and outperform the alternative algorithms in the evaluated scenarios, producing a median error of 50 meters when the pathloss exponent is 2. With higher pathloss exponents the error gets higher. The AGC output from the phone was too noisy and needs further processing to be useful for position estimation.
△ Less
Submitted 3 May, 2023;
originally announced May 2023.
-
Participatory Sensing for Localization of a GNSS Jammer
Authors:
Glädje Karl Olsson,
Erik Axell,
Erik G. Larsson,
Panos Papadimitratos
Abstract:
GNSS receivers are vulnerable to jamming and spoofing attacks, and numerous such incidents have been reported worldwide in the last decade. It is important to detect attacks fast and localize attackers, which can be hard if not impossible without dedicated sensing infrastructure. The notion of participatory sensing, or crowdsensing, is that a large ensemble of voluntary contributors provides the m…
▽ More
GNSS receivers are vulnerable to jamming and spoofing attacks, and numerous such incidents have been reported worldwide in the last decade. It is important to detect attacks fast and localize attackers, which can be hard if not impossible without dedicated sensing infrastructure. The notion of participatory sensing, or crowdsensing, is that a large ensemble of voluntary contributors provides the measurements, rather than relying on dedicated sensing infrastructure. This work considers embedded GNSS receivers to provide measurements for participatory jamming detection and localization. Specifically, this work proposes a novel jamming localization algorithm, based on participatory sensing, that exploits AGC and C/N_0 estimates from commercial GNSS receivers. The proposed algorithm does not require knowledge of the jamming power nor of the channels, but automatically estimates all parameters. The algorithm is shown to outperform similar state-of-the-art localization algorithms in relevant scenarios.
△ Less
Submitted 29 April, 2022;
originally announced April 2022.
-
Secure Estimation and Zero-Error Secrecy Capacity
Authors:
Moritz Wiese,
Tobias J. Oechtering,
Karl Henrik Johansson,
Panos Papadimitratos,
Henrik Sandberg,
Mikael Skoglund
Abstract:
We study the problem of securely estimating the states of an unstable dynamical system subject to nonstochastic disturbances. The estimator obtains all its information through an uncertain channel which is subject to nonstochastic disturbances as well, and an eavesdropper obtains a disturbed version of the channel inputs through a second uncertain channel. An encoder observes and block-encodes the…
▽ More
We study the problem of securely estimating the states of an unstable dynamical system subject to nonstochastic disturbances. The estimator obtains all its information through an uncertain channel which is subject to nonstochastic disturbances as well, and an eavesdropper obtains a disturbed version of the channel inputs through a second uncertain channel. An encoder observes and block-encodes the states in such a way that, upon sending the generated codeword, the estimator's error is bounded and such that a security criterion is satisfied ensuring that the eavesdropper obtains as little state information as possible. Two security criteria are considered and discussed with the help of a numerical example. A sufficient condition on the uncertain wiretap channel, i.e., the pair formed by the uncertain channel from encoder to estimator and the uncertain channel from encoder to eavesdropper, is derived which ensures that a bounded estimation error and security are achieved. This condition is also shown to be necessary for a subclass of uncertain wiretap channels. To formulate the condition, the zero-error secrecy capacity of uncertain wiretap channels is introduced, i.e., the maximal rate at which data can be transmitted from the encoder to the estimator in such a way that the eavesdropper is unable to reconstruct the transmitted data. Lastly, the zero-error secrecy capacity of uncertain wiretap channels is studied.
△ Less
Submitted 14 July, 2017; v1 submitted 16 December, 2016;
originally announced December 2016.
-
Uncertain Wiretap Channels and Secure Estimation
Authors:
Moritz Wiese,
Karl Henrik Johansson,
Tobias J. Oechtering,
Panos Papadimitratos,
Henrik Sandberg,
Mikael Skoglund
Abstract:
Uncertain wiretap channels are introduced. Their zero-error secrecy capacity is defined. If the sensor-estimator channel is perfect, it is also calculated. Further properties are discussed. The problem of estimating a dynamical system with nonstochastic disturbances is studied where the sensor is connected to the estimator and an eavesdropper via an uncertain wiretap channel. The estimator should…
▽ More
Uncertain wiretap channels are introduced. Their zero-error secrecy capacity is defined. If the sensor-estimator channel is perfect, it is also calculated. Further properties are discussed. The problem of estimating a dynamical system with nonstochastic disturbances is studied where the sensor is connected to the estimator and an eavesdropper via an uncertain wiretap channel. The estimator should obtain a uniformly bounded estimation error whereas the eavesdropper's error should tend to infinity. It is proved that the system can be estimated securely if the zero-error capacity of the sensor-estimator channel is strictly larger than the logarithm of the system's unstable pole and the zero-error secrecy capacity of the uncertain wiretap channel is positive.
△ Less
Submitted 1 May, 2016;
originally announced May 2016.