Security Group

Secure location and positioning systems

Contact: Dr Markus Kuhn

Authentication of navigation signals

Global satellite navigation (GPS, GLONAS, Galileo) is now a critical infrastructure for many aspects of society. But existing services lack the signal-integrity protection necessary to protect mass-market applications against spoofing attacks. We propose a new type of signal-authentication mechanism that could be added to future navigation systems, such as Galileo or next generation GPS. Its steganographic transmission scheme protects not only the transmitted data (which can be accomplished with well-known digital-signature and stream-authentication algorithms), but also the nanosecond-accuracy relative arrival times of signals from different satellites, the critical information from which receivers determine their position.

The proposed solution features the same asymmetric-security property that made digital-signature technology so useful: the ability to verify a signal does not lead to the ability to spoof it. This is of particular importance in civilian mass-market applications in which the person in possession of the receiver has an incentive to manipulate its reading. Examples include GPS-based road toll, pay-as-you-drive car insurance schemes, or offender-tagging systems.

The only alternative is symmetric encryption of the spreading sequences and key management through tamper-resistant subscriber modules. The conditional access industry has already gained two decades of experience in a very similar broadcast-encryption application, namely satellite pay-TV, where also very limited bandwidth is available for key management involving millions of subscribers. Rather than a durable solution, tamper-resistant hardware continues to be a rather active battlefield between pay-TV operators and crackers.

• Markus G. Kuhn: An Asymmetric Security Mechanism for Navigation Signals, 6th Information Hiding Workshop, 23-25 May 2004, Toronto, Canada, Proceedings, LNCS 3200, pp. 239-252, Springer-Verlag.
• Markus G. Kuhn: Positioning Security – from electronic warfare to cheating RFID and road-tax systems. Invited talk, escar – Embedded Security in Cars, 4th Workshop, 14–15 November 2006, Berlin.

We also proposed a number of other measures that do not require modification of existing satelite broadcast signals and that can help a navigation receiver to distinguish between genuine and signals. Some of these make it substantially more difficult to synthesize a fake satnav signal that will pass as authentic:

• Markus G. Kuhn: Signal authentication in trusted satellite navigation receivers. In Ahmad-Reza Sadeghi, David Naccache (eds): Towards Hardware-Intrinsic Security, Springer, 2010, ISBN 978-3-642-14451-6, pp 331–348.

Distance-bounding protocols against relay attacks

Authentication of humans is commonly based on either something you have (e.g., smartcard), something you know (e.g., password), something you are (e.g., biometric feature), or where you are (e.g., at your telephone at home). Authentication tokens, such as smartcards and RFID tags, are increasingly used to authorize financial transactions or gain access to buildings and services. Modern authentication tokens are very difficult to copy thanks to their cryptographic challenge-response schemes. However, many applications implicitly assume that completing such an authentication protocol implies that the token is physically present. Relay attacks, in which challenge-response data is forwarded by an attacker over a substantial distance via radio, violate this assumption. They can be a concern in real-world applications, as our demonstrations on RFID access control systems and Chip & PIN (EMV) terminals illustrate.

Distance-bounding protocols are special challenge-response authentication protocols optimized such that the message round-trip time is minimized and made particularly robust against manipulation. We have proposed a new distance-bounding protocol whose low implementation complexity and high resilience against bit errors make it particular well-suited for RFID tokens. We are in the process of implementing a number of distance-bounding extensions to commonly used interface standards, starting with ISO 7816 smartcards and ISO 14443 proximity cards.

Distance-bounding protocols have very different requirements on the underlying physical communication layer, therefore in their implementation, great attention has to be paid to all layers of the protocol stack, down to the physical representation of individual bits. Our distance-bounding research brings together the abstractions of cryptographic protocols with the gory details of modern digital communication signals.

• Gerhard P. Hancke, Markus G. Kuhn: An RFID Distance Bounding Protocol. IEEE SecureComm 2005, Athens, Greece, 5-9 September 2005, IEEE Computer Society, pp. 67-73, ISBN 0-7695-2369-2.
• Jolyon Clulow, Gerhard P. Hancke, Markus G. Kuhn, Tyler Moore: So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks. European Workshop on Security and Privacy in Ad-Hoc and Sensor Networks (ESAS), Hamburg, Germany, 20-21 September 2006, LNCS 4357.
• Gerhard P. Hancke: Practical attacks on proximity identification systems. IEEE Symposium on Security and Privacy, Oakland, 2005.
• Gerhard P. Hancke: A practical relay attack on ISO 14443 proximity cards, February 2005.
• Saar Drimer, Steven J. Murdoch: Keep your enemies close: Distance bounding against smartcard relay attacks. (submitted to USENIX Security 2007)