RTK-GNSS augmentation data spoofing
P.M. van Tol (TU Delft - Civil Engineering & Geosciences)
Christiaan Tiberius – Mentor (TU Delft - Mathematical Geodesy and Positioning)
P.J.G. Teunissen – Mentor (TU Delft - Mathematical Geodesy and Positioning)
P. H.A.J.M. van Gelder – Graduation committee member (TU Delft - Safety and Security Science)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
The use of Global Navigation Satellites Systems is increasing rapidly. More and more applications use positioning and/or timing information form a Global Navigation Satellite System (GNSS). Also more and more people and applications rely on high-precision positioning based on GNSS. The high-precision solution of GNSS is achieved with the use of example augmentation data. For example real-time kinematic (RTK)-GNSS enables centimetre-level positioning. Commonly the augmentation data is sent with the use of internet. At the moment an unsecure internet link is used to sent this augmentation data from the reference station to the user. The aim of this study was to find out if it is possible to manipulate the augmentation data for DGNSS using a cyber attack without being detected, and what the consequences could be for the final estimated parameters of interest. The parameters of interest can be the position and/or the timing. The augmentation data is sent using the Networked Transport of RTCM via Internet Protocol (NTRIP). What is found is that this is an unsecure connection. For an attacker it is possible to use a man-in-the middle attack, where the augmentation data is sent from the reference station, via the hacker, to the user. The data is not encrypted and therefore it is possible for the hacker to see and alter the data. Based on a man-in-the-middle attack this study found that it is possible to manipulate the DGNSS augmentation data, without detection. The model that is used to manipulate the augmentation data is based on a Single Point Positioning model. As long as the manipulation is in the range of the design matrix of the used model, it is not detectable. This means that the manipulation only contributes to the so called influential bias and not, or minimal, to the testable bias. As the name suggest, the result of this manipulation is that the final solution is manipulated due to the effect in the influential bias, and without detection since the testable bias is not changed. GNSS processing is based on non-linear observation equations. This means that those models are linearised before the final solution is estimated based on the least squares estimation. The effect of this non-linearity is minimal, but it means that a (very) small part of the manipulation contributes to the testable bias. This study points out that this small increase of the testable bias is insignificant when the observations are tested based on an overall model test and the w-test. The conclusion of this study is that it is possible to spoof the augmentation data when NTRIP is used to sent the augmentation data. Furthermore, the consequence of augmentation data spoofing is that it can be exactly manipulated by the hacker, based on a certain direction and distance, as long as the magnitude of the manipulation is in the order of 2 to 3 meter.