Advanced simulation software developed via an ESA project is now helping to extend cybersecurity to the crucial sphere of satellite navigation.
New commercial receivers and related products can now be rigorously tested to pinpoint any vulnerability to counterfeit satnav signals – known as spoofing – so that countermeasures can then be developed.
The potential of spoofing was demonstrated in dramatic fashion in 2012, when University of Texas researchers used fake satnav signals generated with low-cost hardware to take control of a flying drone, forcing it downwards by misleading it on its actual location.
“Reducing vulnerability to spoofing is very important,” explains Massimo Crisci, heading ESA's Navigation Systems and Techniques section. “In everyday life we are increasingly reliant on Global Navigation Satellite System (GNSS) in all kinds of ways, beyond simple navigation.
“GNSS time signals are used to synchronise financial, power and communication networks, for example. They are also set to underpin critical operations such as fleet management, road tax or tolling, along with ‘safety-of-life’ systems such as air traffic guidance.”
The new SimSAFE suite of software allows new products or systems to be evaluated against spoofing. Adding up to around 60 000 lines of code developed over two years of work, SimSAFE can precisely simulate intentional interference attacks along with ‘genuine’ signals from virtual satnav constellations.
A prototype version of the software was first put to use by ESA’s Navigation Laboratory for its existing satnav simulator test rack, which had been supplied by simulation specialist Spirent Communication in the UK.
“This simulator is typically used to recreate signals from multiple GNSS constellations along with additional terrestrial inputs such as 3G or wifi signals often used by receivers,” adds Massimo.
“With spoofing an issue of increasing concern in the civilian domain, we decided we needed this new suite for our internal test purposes.”
Encrypted governmental or military-grade satnav signals are resilient against spoofing, but their access is strictly controlled by definition. Civilian signals are indeed at risk however, Massimo adds: “Simulation systems such as this one allows us to test out solution strategies.
“That might involve adding an authentication code, for example – currently being looked at for Galileo’s Commercial Service – or monitoring the evolution of the signal over time to check if it is real or not.
“Signals from an actual satellite would shift their source over time, for instance, and exhibit telltale Doppler shifting.”
ESA turned to a small Italian company called Qascom, founded a decade ago by a small group of engineers with experience in both satnav and security systems.
The company had begun developing the simulator internally before being contracted by ESA for its further development.
“The result worked well, “adds Massimo. “In fact, Spirent was sufficiently impressed by the work that Qascom did that the companies got in touch and have now concluded a partnership agreement to develop the offering further and offer laboratory test solutions for testing the resilience of receivers to spoofing attacks.”
“We envisage at least three types of customer for our SimSAFE software,” comments Oscar Pozzobon of Qascom.
“First are the GNSS receiver developers, wanting to check for any product vulnerabilities. Then there are developers of applications whose systems are based around GNSS, such as road tolling. They might want to look at countermeasures above the level of the receiver chip.
“Finally, there are governmental entities or agencies who might not be producing physical products but are tasked with writing regulations or technical standards – they can be guided in their work by simulated scenarios.”
A second simulator product called QA707 has also spun-out from the same activity. A radio GNSS signal simulator that works with ordinary computer equipment rather than expensive simulator systems, QA707 is aimed at smaller businesses or university departments.
“Our cooperation with ESA has been very valuable,” Mr Pozzobon concludes. “The kind of research and development the Agency supports lets us peer more than 10 years into the future, looking at the kind of issues that are going to become important to our industry down the line.”