Commercial Flights Are Experiencing ‘Unthinkable’ GPS Attacks and Nobody Knows What to Do::New “spoofing” attacks resulting in total navigation failure have been occurring above the Middle East for months, which is “highly significant” for airline safety.
Do none of the systems, GPS, glonass etc. use encryption or authentication of any form?
Yes Galileo supports encryption. But as far as I know it’s not in use. Has been trialled only. But I know all Airbus aircraft only support GPS satellites and nothing else (yet). I assume Boeing, being American would be the same then.
As far as solutions go, an aircraft can navigate fine without GPS. It can update its position from ground navigation aids and if they are not available it can still Dead Reckon very well. The navigation error very slowly grows until it’s out of the black spot and can use GPS or navigation aid to increase its accuracy. But this navigation error on the time frame of say an hour is a matter of kilometers at most, not dozens.
The problem is with the way GPS works. Your device gets telemetry from the satellites. A fake signal can screw up the whole system.
But if they had authentication you would know that the message doesn’t come from a legitimate satélite.
If their isn’t then there’s a big problem with implementing that now, which would require a retrofit of every single GPS system currently in use and likely a replacement of all GPS satellites
Edit: I’m slightly mistaken, the military uses encryption but they don’t have that open for public use.
I would hope whoever designed the satellites had the foresight to allow remote software updates.
They’re talking about the millions of receivers around the world, not the satellites.
Nah we just need a satellite mechanic astronaut
Software updates become useless if you hit hardware limitations
you can’t have authentication in a one way system. satellites send days, planes receive it, but never send anything.
You can have a digital signature, so the recievers know it’s legit
yes of course, but that isn’t authentication.
Playing with semantics a little, it can be thought of as the satellite authenticating with the client using the signature as password.
deleted by creator
That’s not how PKI works?
Unless you know how digital signatures work better than me
You can’t copy a signature, since it is different every time the signed content is different. You need to have the correct key in order to make a valid signature.
Nope. And more importantly, it looks like nobody considered what might happen if the signal gets spoofed. The backup systems that are supposed to keep working if GPS breaks also break due to these spoofed signals.
GPS is old, the amount of data you get from the satellite is small, essentially satellite id and timestamp. If we would redesign this today, you could include a digital signature.
Sure, but… you can google this to verify … one can probably manipulate GPS by introducing delay, i.e. resend data from a sat that was hear some seconds ago. With this signal the location will be off.
But that would also mean the timestamp to be off. Just resending them would also require extremely precise timing if you want to simulate a position that is not anywhere but just a bit off the last position. Making a GPS position jumping around half the world is (comparably) easy, pushing it off for a few kilometers is much, much harder.