Authenticated time for detecting GNSS attacks

by   M. Spanghero, et al.

Information cross-validation can be a powerful tool to detect manipulated, dubious GNSS data. A promising approach is to leverage time obtained over networks a mobile device can connect to, and detect discrepancies between the GNSS-provided time and the network time. The challenge lies in having reliably both accurate and trustworthy network time as the basis for the GNSS attack detection. Here, we provide a concrete proposal that leverages, together with the network time servers, the nearly ubiquitous IEEE 802.11 (Wi-Fi) infrastructure. Our framework supports application-layer, secure and robust real time broadcasting by Wi-Fi Access Points (APs), based on hash chains and infrequent digital signatures verification to minimize computational and communication overhead, allowing mobile nodes to efficiently obtain authenticated and rich time information as they roam. We pair this method with Network Time Security (NTS), for enhanced resilience through multiple sources, available, ideally, simultaneously. We analyze the performance of our scheme in a dedicated setup, gauging the overhead for authenticated time data (Wi-Fi timestamped beacons and NTS). The results show that it is possible to provide security for the external to GNSS time sources, with minimal overhead for authentication and integrity, even when the GNSS-equipped nodes are mobile, and thus have short interactions with the Wi-Fi infrastructure and possibly intermittent Internet connectivity, as well as limited resources.




Protecting GNSS-based Services using Time Offset Validation

Global navigation satellite systems (GNSS) provide pervasive accurate po...

Practical quantum multiparty signatures using quantum key distribution networks

Digital signatures are widely used for providing security of communicati...

A Context-Aware Information-Based Clone Node Attack Detection Scheme in Internet of Things

The rapidly expanding nature of the Internet of Things (IoT) networks is...

CARE: Lightweight Attack Resilient Secure Boot Architecturewith Onboard Recovery for RISC-V based SOC

Recent technological advancements have proliferated the use of small emb...

BLINDTRUST: Oblivious Remote Attestation for Secure Service Function Chains

With the rapidly evolving next-generation systems-of-systems, we face ne...

Toward Taming the Overhead Monster for Data-Flow Integrity

Data-Flow Integrity (DFI) is a well-known approach to effectively detect...

Active Connectivity Fundamentals for TSCH Networks of Mobile Robots

Time Slotted Channel Hopping (TSCH) is a medium access protocol defined ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.