The cryptographic protocols which could secure global positioning systems (GPS) are well known and relatively easy to implement.
Following yesterday's report that a major GPS flaw exists, that could see ships and planes being vulnerable to terrorist hacks, Ian Farquhar, a security researcher who previously worked for RSA Security, says there are already two ways to protect against GPS spoofing attacks.
"Firstly, the existing P(Y) code, and secondly, a new one being introduced at the moment, called the M-code. Both are part of the GPS protocol, and both are only available to the US military and its allies. Details about them are not available to the public."
Farquhar says the military has known how insecure commercial GPS is for years. A US Military video from 2007 actively discourages its personnel from using commercial GPS due to its inherently insecure nature.
"People like me have been saying for years that GPS is spoofable and there is evidence that the intelligence agencies and military have the capability. But until people demonstrate it, our advice is easy to ignore. We also need the legal system to understand that this sort of research and development is legitimate and very valuable, and [it should] not respond to commercial pressures to silence research that is 'inconvenient'."
Farquhar cited a recent example, in which the High Court banned a publication of a car hacking paper, although the research was legitimate, and showed how the researcher cracked the algorithm behind Megamos Crypto, the system used by several luxury car brands to verify the identity of keys used to start the ignition.
Back in time
The development of GPS kicked off in 1973. In 1993, the US Department of Defence (DoD) declared initial operational capability, and declared full operational capability in 1995.
"To most people, GPS appeared in the mid to late '90s with the first generation of car satnavs, but in reality, it had been in development for over two decades at that point. In fact, the first 'Navstar' (the original name of GPS) concept meeting was Labour Day 1973, so in September this year GPS will be 40 years old."
Farquhar says it is unclear whether the US DoD ever considered GPS for non-military use in the early days. "It seems to have been in the plans based on some comments from documents back then, but they seem to have wanted to keep control of it by licensing. On 1 September 1983, a Korean Airliner flight KAL007 wandered into Soviet airspace, and was shot down with 269 men, women and children on board who were killed."
He says conspiracy theories are still rife about this today, particularly when considering former US president Richard Nixon was supposed to have been on board but pulled out at the last minute.
"However, the fact remains that the airliner was clearly where it should not have been. On 16 September that year, Ronald Reagan announced that GPS would be made available for civilian use to prevent this from happening ever again."
At this stage, GPS technology was in its infancy, and still a decade from even initial operational capability, illustrating Reagan's forward thinking.
GPS was invented by the US military, and is a major asset to it. "Once it was opened to unrestricted civilian use, the military mind-set saw this asset being given to enemies. It became a big threat, as by using GPS, even third-world nations could conceivably build a guided bomb or mortar which would land within five to 10 meters of its target," says Farquhar.
Securing the tech
To counteract this, the military introduced two codes. "The first - the one almost everyone uses - is called the Coarse/Acquisition (C/A) code. There is another called the P(Y) code, which is encrypted and available to the US military and allies only. We know very little about the P(Y) code. The P(Y) code would not be infected by recent demonstrations of GPS spoofing; however, the C/A code would.
"So yes, secure GPS does exist, and is already being used by the military. But you and I can't use it.
"In the '90s, the US DoD introduced a feature called 'Selective Availability' on the C/A code. This deliberately introduced errors into the C/A code only, which meant the accuracy was only within about 100m. This was to ensure that, while the military's bombs have highly accurate P(Y) code, the adversaries got the inaccurate C/A code which would put the bomb an average of 50m away. Apparently this was good enough.
"However, the P(Y) code was problematic, because it needed special military class receivers that cost tens of thousands of dollars each. The US military found itself turning C/A off during certain conflicts, so that it could use commercial GPS receivers, because they did not have enough military units. Soldiers were also not too keen on the military units, as they were often old, bulky and not very user-friendly in typical military hardware fashion.
"Even worse, the military receivers need to have the cryptographic key loaded into them, which not only introduced massive operational challenges, but the key needed to be updated every few weeks, which compounded the problem," explains Farquhar.
"In 2000, C/A was turned off. It was stated at the time that the US government had the ability to turn it back on in certain areas. Logically, the appearance of the Russian GLONASS - which the Russians have cleverly pushed into consumer GPS chipsets via a tariff arrangement on end-user hardware which supports GPS but not GLONASS - makes it fairly pointless. Europe (GALILEO), China (COMPASS) and India also have positioning systems in various versions of deployment and availability."
New protocol
Farquhar says what should also be considered, is that a lot of organisations use GPS not only for location, but also for timing, as GPS provides a reliable time source.
"Consider the security issues of being able to spoof someone's clock. Think authentication processes, or trading floor issues. High frequency trading places value on microseconds, so if you can move some organisation's clock by spoofing its GPS time sources, could you fraud the trades? It's certainly conceivable."
Over and above spoofing, GPS is fairly easy to jam, and a quick search on the Internet will reveal many Web sites where GPS jammers can be bought, although they are illegal in many countries.
Farquhar says the new M-code GPS protocol is being deployed by the US military. "Not a lot is known about it. It does claim to greatly increase military (hence M-code) GPS security, although I don't know what features it has.
"The reality is that civilian users need integrity. We need to know that the GPS signal we are receiving came from the satellite and not from some attacker. The cryptographic protocols are available, and easy to implement at the receiver end, although changes to the satellites and GPS protocol would be needed."
Farquhar hopes this recent research will spur the US government to introduce some of those changes in the GPS modernisation programme, so that civilian users will not have to worry about these sorts of attacks.
He says, for possible attacks, the airliner issue shouldn't be overplayed. "Airliners don't rely solely on GPS, but have a range of sensors to give their flight computers situational awareness. In fact, it's a pity that Air France Flight 447 didn't rely more on GPS, as its one would surely have shown the airliner was dropping from the sky. However, as the computer was facing a bunch of inconsistent readings from other sensors, this wasn't communicated to the pilots and everyone on that flight died.
"However, I don't want to downplay this research. We need more applied research like this."
Share