DOCSLIB.ORG

The Security Reference Architecture for Blockchains

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Security Reference Architecture for Blockchains 1 The Security Reference Architecture for Blockchains: Towards a Standardized Model for Studying Vulnerabilities, Threats, and Defenses Ivan Homoliak∗y Sarad Venugopalan∗ Daniel¨ Reijsbergen∗ Qingze Hum∗ Richard Schumi∗ Pawel Szalachowski∗ ∗Singapore University of Technology and Design yBrno University of Technology Abstract—Blockchains are distributed systems, in which secu- Although some standardization efforts have already been rity is a critical factor for their success. However, despite their undertaken, they are either specific to a particular platform [1] increasing popularity and adoption, there is a lack of standard- or still under development [2], [3]. Hence, there is a lack ized models that study blockchain-related security threats. To fill this gap, the main focus of our work is to systematize and of platform-agnostic standards in blockchain implementation, extend the knowledge about the security and privacy aspects of interoperability, services, and applications, as well as the blockchains and contribute to the standardization of this domain. analysis of its security threats [4], [5]. All of these areas are We propose the security reference architecture (SRA) for challenging, and it might take years until they are standardized blockchains, which adopts a stacked model (similar to the and agreed upon across a diverse spectrum of stakeholders. ISO/OSI) describing the nature and hierarchy of various security and privacy aspects. The SRA contains four layers: (1) the In this work, we aim to contribute to the standardization of network layer, (2) the consensus layer, (3) the replicated state security threat analysis. We believe that it is critical to provide machine layer, and (4) the application layer. At each of these blockchain stakeholders (developers, users, standardization layers, we identify known security threats, their origin, and bodies, regulators, etc.) with a comprehensive systematization countermeasures, while we also analyze several cross-layer depen- of knowledge about the security and privacy aspects of today’s dencies. Next, to enable better reasoning about security aspects of blockchains by the practitioners, we propose a blockchain-specific blockchain systems. version of the threat-risk assessment standard ISO/IEC 15408 In this work, we aim to achieve this goal, with a particular by embedding the stacked model into this standard. Finally, we focus on system design and architectural aspects. We do not provide designers of blockchain platforms and applications with a limit our work to an enumeration of security issues, but design methodology following the model of SRA and its hierarchy. additionally, discuss the origins of those issues while listing possible countermeasures and mitigation techniques together with their potential implications. As our main contribution, I. INTRODUCTION we propose the security reference architecture (SRA) for The popularity of blockchain systems has rapidly increased blockchains, which is based on models that demonstrate the in recent years, mainly due to the decentralization of control stacked hierarchy of different threat categories (similar to the that they aim to provide. Blockchains are full-stack distributed ISO/OSI hierarchy [6]) and is inspired by security modeling systems in which multiple layers, (sub)systems, and dynamics performed in the cloud computing [7], [8]. As our next contri- interact together. Hence, they should leverage a secure and bution, we enrich the threat-risk assessment standard ISO/IEC resilient networking architecture, a robust consensus protocol, 15408 [9] to fit the blockchain infrastructure. We achieve this arXiv:1910.09775v3 [cs.CR] 28 Oct 2020 and a safe environment for building higher-level applica- by embedding the stacked model into this standard. tions. Although most of the deployed blockchains need better This paper is based on our previous work outlining the scalability and well-aligned incentives to unleash their full security reference architecture [10]. We substantially modify potential, their security is undoubtedly a critical factor for and extend it by the following: their success. As these systems are actively being developed • We provide a theoretical background related to the and deployed, it is often challenging to understand how secure security reference architecture and the environment of they are, or what security implications are introduced by some blockchains, their types, failure models, consensus pro- specific components they consist of. Moreover, due to their tocols, design goals, and means to achieve these goals. complexity and novelty (e.g., built-in protocol incentives), • For each layer, we model particular attacks or their cate- their security assessment and analysis requires a more holistic gories through vulnerability/threat/defense graphs, while view than in the case of traditional distributed systems. we provide reasoning about several important relations and causalities in these graphs. © 2020 IEEE. Personal use of this material is permitted. Permission from • We modify and significantly extend the application layer, IEEE must be obtained for all other uses, in any current or future media, where we propose a novel functionality-oriented catego- including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers rization, as opposed to the application-domain-oriented or lists, or reuse of any copyrighted component of this work in other works. categorizations presented in related work [11], [12]. 2 75 75 • We extend and revise the consensus layer by mining-pool- 61 specific attacks, time-spoofing attacks, and we provide a 60 59 60 more fine-grained categorization. 46 47 45 43 45 42 • For each layer, we present an incident table that lists and 38 29 29 briefly describes examples of attacks that have occurred 30 30 26 Total #References 17 Total #References worldwide: either caused by malicious parties or by 15 15 9 researchers who demonstrated their practical feasibility. 0 0 • In the lessons learned, we describe the hierarchy of RSM RSM Survey Survey Network Network security dependencies among particular categories, based Consensus Consensus on which, we propose a methodology for designers of App. (Ecosystem)App. (High-Level) App. (Ecosystem)App. (High-Level) blockchain platforms and applications. (a) All references (b) Academic references The rest of the paper is organized as follows: We de- Figure 1: Blockchain-specific references per category. scribe the scope and methodology of our research as well as 58 25 60 Network quantitative analysis of the included literature in Section II. Consensus In Section III, we summarize the background on blockchain 20 RSM App. (Ecosystem) 40 37 systems. Next, in Section IV we introduce the security ref- 15 App. (High-Level) erence architecture whose layers are discussed in the follow- 29 Survey 23 10 up sections. In detail, Section V deals with the security and 20 11 12 privacy of the network layer, Section VI focuses on the 8 5 Total # Academic References 3 consensus layer, Section VII overviews the replicated state 1 1 machine layer, and Section VIII with Section IX describe 0 0 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 applications built on top of the blockchain. In Section X, (a) #References per year (b) #References per year/category we elaborate on lessons learned and propose a methodology for designers of blockchain-based solutions. We discuss the Figure 2: Blockchain-specific academic references over time. limitations of our work in Section XI and we compare our research to related work in Section XII. Finally, we conclude blockchain infrastructure and outside of the extra infrastructure the paper in Section XIII. required for certain blockchain-based applications. Out-of- scope examples are remote exploitation of arbitrary devices (e.g., covert mining/crypto-jacking [14]) and issues related to II. METHODOLOGY &SCOPE using blockchain explorers (e.g., spoofing attacks, availability In contrast to conventional survey approaches, such as issues). Examples of vulnerabilities that we assume only grounded theory for rigorous literature review [13], we do tangentially are semantic bugs and programming errors in not sample included research from existing databases queried the infrastructure of the blockchains – we assume that core with specific terms. Instead, we study and analyze security- blockchain infrastructure is implemented correctly, uses secure oriented literature for vulnerabilities and threats related to cryptographic primitives, and provides expected functionality. the blockchain infrastructure. The literature that we select as the input mainly covers existing blockchain-oriented surveys A. Quantitative Analysis as well as various conferences and journals in security and distributed computing. Moreover, we include other materials For a quantitative summary of the literature, we considered published in preprints, whitepapers, products’ documentation, only the references from the main sections that correspond to and forums, which are also related. particular layers of the proposed stacked model (i.e., Section V We aim to consolidate the literature, categorize found vul- to Section IX) and related work (Section XII). We excluded nerabilities and threats according to their origin, and as a references from other sections and the references on the result, we create four main categories (also referred to as examples of incidents
Load more

Recommended publications
  • Introducing Ethereum and Solidity Foundations of Cryptocurrency and Blockchain Programming for Beginners
    C. Dannen Introducing Ethereum and Solidity Foundations of Cryptocurrency and Blockchain Programming for Beginners ▶ First book on the market that teaches Ethereum and Solidity for technical thinkers of all types ▶ Written by a technology journalist trained in breaking down technical concepts into easy-to-understand prose ▶ Updates you on the last three years of progress since Bitcoin became popular - a new frontier replete with opportunity for new products and services Learn how to use Solidity and the Ethereum project – second only to Bitcoin in market capitalization. Blockchain protocols are taking the world by storm, and the Ethereum project, with its Turing-complete scripting language Solidity, has rapidly become a front-runner. This book presents the blockchain phenomenon in context; then situates Ethereum in a world pioneered by Bitcoin. 1st ed., XXI, 185 p. 34 illus., 31 illus. in color. A product of Apress See why professionals and non-professionals alike are honing their skills in smart contract patterns and distributed application development. You'll review the fundamentals of programming and networking, alongside its introduction to the new discipline of crypto- Printed book economics. You'll then deploy smart contracts of your own, and learn how they can serve as a back-end for JavaScript and HTML applications on the Web. Softcover ISBN 978-1-4842-2534-9 Many Solidity tutorials out there today have the same flaw: they are written for“advanced” ▶ 44,99 € | £39.99 JavaScript developers who want to transfer their skills to a blockchain environment. ▶ *48,14 € (D) | 49,49 € (A) | CHF 53.50 Introducing Ethereum and Solidity is accessible to technology professionals and enthusiasts of “all levels.” You’ll find exciting sample code that can move forward real world assets in both the academic and the corporate arenas.
    [Show full text]
  • Beauty Is Not in the Eye of the Beholder
    Insight Consumer and Wealth Management Digital Assets: Beauty Is Not in the Eye of the Beholder Parsing the Beauty from the Beast. Investment Strategy Group | June 2021 Sharmin Mossavar-Rahmani Chief Investment Officer Investment Strategy Group Goldman Sachs The co-authors give special thanks to: Farshid Asl Managing Director Matheus Dibo Shahz Khatri Vice President Vice President Brett Nelson Managing Director Michael Murdoch Vice President Jakub Duda Shep Moore-Berg Harm Zebregs Vice President Vice President Vice President Shivani Gupta Analyst Oussama Fatri Yousra Zerouali Vice President Analyst ISG material represents the views of ISG in Consumer and Wealth Management (“CWM”) of GS. It is not financial research or a product of GS Global Investment Research (“GIR”) and may vary significantly from those expressed by individual portfolio management teams within CWM, or other groups at Goldman Sachs. 2021 INSIGHT Dear Clients, There has been enormous change in the world of cryptocurrencies and blockchain technology since we first wrote about it in 2017. The number of cryptocurrencies has increased from about 2,000, with a market capitalization of over $200 billion in late 2017, to over 8,000, with a market capitalization of about $1.6 trillion. For context, the market capitalization of global equities is about $110 trillion, that of the S&P 500 stocks is $35 trillion and that of US Treasuries is $22 trillion. Reported trading volume in cryptocurrencies, as represented by the two largest cryptocurrencies by market capitalization, has increased sixfold, from an estimated $6.8 billion per day in late 2017 to $48.6 billion per day in May 2021.1 This data is based on what is called “clean data” from Coin Metrics; the total reported trading volume is significantly higher, but much of it is artificially inflated.2,3 For context, trading volume on US equity exchanges doubled over the same period.
    [Show full text]
  • Pwc I 2Nd Global Crypto M&A and Fundraising Report
    2nd Global Crypto M&A and Fundraising Report April 2020 2 PwC I 2nd Global Crypto M&A and Fundraising Report Dear Clients and Friends, We are proud to launch the 2nd edition of our Global Crypto M&A and Fundraising Report. We hope that the market colour and insights from this report will be useful data points. We will continue to publish this report twice a year to enable you to monitor the ongoing trends in the crypto ecosystem. PwC has put together a “one stop shop” offering, focused on crypto services across our various lines of services in over 25 jurisdictions, including the most active crypto jurisdictions. Our goal is to service your needs in the best possible way leveraging the PwC network and allowing you to make your project a success. Our crypto clients include crypto exchanges, crypto investors, crypto asset managers, ICOs/IEOs/STOs/stable and asset backed tokens, traditional financial institutions entering the crypto space as well as governments, central banks, regulators and other policy makers looking at the crypto ecosystem. As part of our “one stop shop” offering, we provide an entire range of services to the crypto ecosystem including strategy, legal, regulatory, accounting, tax, governance, risk assurance, audit, cybersecurity, M&A advisory as well as capital raising. More details are available on our global crypto page as well as at the back of this report. 2nd Global Crypto M&A and Fundraising Report April 2020 PwC 2 3 PwC I 2nd Global Crypto M&A and Fundraising Report 5 Key takeaways when comparing 2018 vs 2019 There
    [Show full text]
  • Formal Specification and Verification of Solidity Contracts with Events
    Formal Specification and Verification of Solidity Contracts with Events Ákos Hajdu Budapest University of Technology and Economics, Hungary [email protected] Dejan Jovanović SRI International, New York City, NY, USA [email protected] Gabriela Ciocarlie SRI International, New York City, NY, USA [email protected] Abstract Events in the Solidity language provide a means of communication between the on-chain services of decentralized applications and the users of those services. Events are commonly used as an abstraction of contract execution that is relevant from the users’ perspective. Users must, therefore, be able to understand the meaning and trust the validity of the emitted events. This paper presents a source-level approach for the formal specification and verification of Solidity contracts with the primary focus on events. Our approach allows the specification of events in terms of the on-chain data that they track, and the predicates that define the correspondence between the blockchain state and the abstract view provided by the events. The approach is implemented in solc-verify, a modular verifier for Solidity, and we demonstrate its applicability with various examples. 2012 ACM Subject Classification Software and its engineering → Formal methods Keywords and phrases Smart contracts, Solidity, events, specification, verification Digital Object Identifier 10.4230/OASIcs.FMBC.2020.2 Category Short Paper Related Version Preprint is available at https://arxiv.org/abs/2005.10382. Supplementary Material https://github.com/SRI-CSL/solidity 1 Introduction Ethereum is a public, blockchain-based computing platform that provides a single-world- computer abstraction for developing decentralized applications [17]. The core of such applications are programs – termed smart contracts [15] – deployed on the blockchain.
    [Show full text]
  • Markets in Crypto Assets: Mica Regulation
    February 5 2021 Digital Gold Institute: Vision R&D center of excellence focused on teaching, training, consulting, and advising about scarcity in digital domain (bitcoin and crypto-assets) and the underlying blockchain technology Bitcoin: Digital Gold Blockchain: Hype or Reality? The most successful attempt at creating scarcity Blockchain requires an intrinsic native digital in the digital realm without a trusted third party. asset to provide the economic incentives for the Bitcoin is the digital equivalent of gold, blockchain maintainers to be honest. Without disruptive for our current digital civilization and the seigniorage revenues associated to its native the future of money and finance. More a crypto- asset, a blockchain system would need to select commodity than a crypto-currency, Bitcoin aims and appoint its maintainers, ultimately resorting to be world reserve asset. to central governance. Beyond Bitcoin: Timestamping Financial Services for Crypto A timestamp demonstrates that a document The most promising field, instead of existed in a specific status prior to a given point technological applications of blockchain, is the in time. Digital data can be securely development of financial services for crypto timestamped though the attestation of its hash assets: those tools, practices, and facilities value in a blockchain transaction. What jewellery needed by institutional investors and high net is for gold, Timestamping could be for bitcoin: worth individuals. Finance might not need not essential but effective at leveraging its blockchain,
    [Show full text]
  • October 29 2020 Digital Gold Institute: Vision
    October 29 2020 Digital Gold Institute: Vision R&D center of excellence focused on teaching, training, consulting, and advising about scarcity in digital domain (bitcoin and crypto-assets) and the underlying blockchain technology Bitcoin: Digital Gold Blockchain: Hype or Reality? The most successful attempt at creating scarcity Blockchain requires an intrinsic native digital in the digital realm without a trusted third party. asset to provide the economic incentives for the Bitcoin is the digital equivalent of gold, blockchain maintainers to be honest. Without disruptive for our current digital civilization and the seigniorage revenues associated to its native the future of money and finance. More a crypto- asset, a blockchain system would need to select commodity than a crypto-currency, Bitcoin aims and appoint its maintainers, ultimately resorting to be world reserve asset. to central governance. Beyond Bitcoin: Timestamping Financial Services for Crypto A timestamp demonstrates that a document The most promising field, instead of existed in a specific status prior to a given point technological applications of blockchain, is the in time. Digital data can be securely development of financial services for crypto timestamped though the attestation of its hash assets: those tools, practices, and facilities value in a blockchain transaction. What jewellery needed by institutional investors and high net is for gold, Timestamping could be for bitcoin: worth individuals. Finance might not need not essential but effective at leveraging its blockchain,
    [Show full text]
  • How to Analyze the Cyber Threat from Drones
    C O R P O R A T I O N KATHARINA LEY BEST, JON SCHMID, SHANE TIERNEY, JALAL AWAN, NAHOM M. BEYENE, MAYNARD A. HOLLIDAY, RAZA KHAN, KAREN LEE How to Analyze the Cyber Threat from Drones Background, Analysis Frameworks, and Analysis Tools For more information on this publication, visit www.rand.org/t/RR2972 Library of Congress Cataloging-in-Publication Data is available for this publication. ISBN: 978-1-9774-0287-5 Published by the RAND Corporation, Santa Monica, Calif. © Copyright 2020 RAND Corporation R® is a registered trademark. Cover design by Rick Penn-Kraus Cover images: drone, Kadmy - stock.adobe.com; data, Getty Images. Limited Print and Electronic Distribution Rights This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited. Permission is given to duplicate this document for personal use only, as long as it is unaltered and complete. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial use. For information on reprint and linking permissions, please visit www.rand.org/pubs/permissions. The RAND Corporation is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. RAND is nonprofit, nonpartisan, and committed to the public interest. RAND’s publications do not necessarily reflect the opinions of its research clients and sponsors. Support RAND Make a tax-deductible charitable contribution at www.rand.org/giving/contribute www.rand.org Preface This report explores the security implications of the rapid growth in unmanned aerial systems (UAS), focusing specifically on current and future vulnerabilities.
    [Show full text]
  • Regulatory Implications Stripe, Uber, Spotify, Coinbase, and Xapo
    paper says that this backing separates Libra from stablecoins “pegged” to various assets or currencies. Regulatory Update The Libra Reserves will be managed by the June 24, 2019 Libra Association – an “independent” non-profit organization founded to handle In this update, we talk about Facebook’s Libra governance and operate the validator Libra whitepaper, a FINRA enforcement nodes of the Libra Blockchain. Members action for undisclosed cryptocurrency pay a $10 million membership fee that mining, and South Korean crypto exchanges changing their terms to take entitles them to one vote and liability for hacks. proportionate dividends earned from interest off the Reserves.1 Its 27 “Founding ​ Members” include Facebook through its ​ Facebook Releases Whitepaper newly-formed subsidiary Calibra (more on for its Libra Blockchain: Calibra below), Mastercard, PayPal, Visa, Regulatory Implications Stripe, Uber, Spotify, Coinbase, and Xapo. It hopes to have 100 members by Facebook’s Libra Association released its mid-2020. highly-anticipated whitepaper describing its ​ plans to create “a simple global currency Will Libra Answer Gaps in Regulation? …designed and governed as a public The paper argues that the present financial good” in order to make money transfer as system is plagued by shortfalls to which easy and cheap as sending a text message. blockchain and cryptocurrency projects According to the paper, a unit of currency have failed to provide a suitable remedy. It will be called “Libra” and built on the open asserts that many projects have attempted source Libra Blockchain (a permissioned to “bypass regulation as opposed to blockchain that may transition to a permissionless system in the future).
    [Show full text]
  • Txspector: Uncovering Attacks in Ethereum from Transactions
    TXSPECTOR: Uncovering Attacks in Ethereum from Transactions Mengya Zhang, Xiaokuan Zhang, Yinqian Zhang, and Zhiqiang Lin, The Ohio State University https://www.usenix.org/conference/usenixsecurity20/presentation/zhang-mengya This paper is included in the Proceedings of the 29th USENIX Security Symposium. August 12–14, 2020 978-1-939133-17-5 Open access to the Proceedings of the 29th USENIX Security Symposium is sponsored by USENIX. TXSPECTOR: Uncovering Attacks in Ethereum from Transactions Mengya Zhang∗, Xiaokuan Zhang∗, Yinqian Zhang, Zhiqiang Lin The Ohio State University Abstract However, greater usability also comes with greater risks. The invention of Ethereum smart contract has enabled the Two features have made smart contracts more vulnerable blockchain users to customize computing logic in transactions. to software attacks than traditional software programs. (i) However, similar to traditional computer programs, smart con- Smart contracts are immutable once deployed. This feature tracts have vulnerabilities, which can be exploited to cause is required by any immutable distributed ledgers. As a result, financial loss of contract owners. While there are many soft- vulnerabilities in smart contracts cannot be easily fixed as they ware tools for detecting vulnerabilities in the smart contract cannot be patched. (ii) Ethereum is driven by cryptocurrency; bytecode, few have focused on transactions. In this paper, many popular smart contracts also involve transfers of cryp- we propose TXSPECTOR, a generic, logic-driven framework tocurrency. Therefore, exploitation of smart contracts often to investigate Ethereum transactions for attack detection. At leads to huge financial losses. For instance, in the notorious a high level, TXSPECTOR replays history transactions and DAO attack, the attacker utilized the re-entrancy vulnerability records EVM bytecode-level traces, and then encodes the in The DAO contract and stole more than $50 million [27,42].
    [Show full text]
  • Bitcoin Microstructure and the Kimchi Premium
    Bitcoin Microstructure and the Kimchi Premium Kyoung Jin Choi∗ Alfred Lehary University of Calgary University of Calgary Haskayne School of Business Haskayne School of Business Ryan Staufferz University of Calgary Haskayne School of Business this version: April 2019 ∗Haskayne School of Business, University of Calgary, 2500 University Drive NW, Calgary, Alberta, Canada T2N 1N4. e-mail: [email protected] ye-mail: [email protected] ze-mail: [email protected] Bitcoin Microstructure and the Kimchi Premium Abstract Between January 2016 and February 2018, Bitcoin were in Korea on average 4.73% more expensive than in the United States, a fact commonly referred to as the Kimchi pre- mium. We argue that capital controls create frictions as well as amplify existing frictions from the microstructure of the Bitcoin network that limit the ability of arbitrageurs to take advantage of persistent price differences. We find that the Bitcoin premia are positively re- lated to transaction costs, confirmation time in the blockchain, and to Bitcoin price volatility in line with the idea that the delay and the associated price risk during the transaction period make trades less attractive for risk averse arbitrageurs and hence allow prices to diverge. A cross country comparison shows that Bitcoin tend to trade at higher prices in countries with lower financial freedom. Finally unlike the prediction from the stock bubble literature, the Kimchi premium is negatively related to the trading volume, which also suggests that the Bitcoin microstructure is important to understand the Kimchi premium. Keywords: Bitcoin, Limits to Arbitrage, Cryptocurrencies, Fintech 1 Introduction I think the internet is going to be one of the major forces for reducing the role of government.
    [Show full text]
  • An Email Application with Active Spoof Monitoring and Control
    2016 International Conference on Computer Communication and Informatics (ICCCI -2016), Jan. 07 – 09, 2016, Coimbatore, INDIA An Email Application with Active Spoof Monitoring and Control T.P. Fowdur, Member IEEE and L.Veerasoo [email protected] [email protected] Department of Electrical and Electronic Engineering University of Mauritius Mauritius Abstract- Spoofing is a serious security issue for email overview of some recent anti-spoofing mechanisms is now applications. Although several anti-email spoofing techniques presented have been developed, most of them do not provide users with sufficient control and information on spoof attacks. In this paper In [11], the authors proposed an anti-spoofing scheme for IP a web-based client oriented anti-spoofing email application is packets which provides an extended inter-domain packet filter proposed which actively detects, monitors and controls email architecture along with an algorithm for filter placement. A spoofing attacks. When the application detects a spoofed security key is first placed in the identification field of the IP message, it triggers an alert message and sends the spoofed header and a border router checks the key on the source message into a spoof filter. Moreover, the user who has received packet. If this key corresponds to the key of the target packet, the spoofed message is given the option of notifying the real sender of the spoofing attack. In this way an active spoof control the packet is considered valid, else it is flagged as a spoofed is achieved. The application is hosted using the HTTPS protocol packet. A Packet Resonance Strategy (PRS) which detects and uses notification messages that are sent in parallel with email different types of spoofing attacks that use up the resources of messages via a channel that has been secured by the Secure the server or commit data theft at a datacenter was proposed in Socket Layer (SSL) protocol.
    [Show full text]
  • GNSS Spoofing
    COMPANY CONFIDENTIAL NLR-CR-2019-001-PT-1-RevEd-1 | June 2019 GNSS spoofing Revised Edition CUSTOMER: Agentschap Telecom NLR – Netherlands Aerospace Centre Netherlands Aerospace Centre NLR is a leading international research centre for aerospace. Bolstered by its multidisciplinary expertise and unrivalled research facilities, NLR provides innovative and integral solutions for the complex challenges in the aerospace sector. NLR's activities span the full spectrum of Research Development Test & Evaluation (RDT & E). Given NLR's specialist knowledge and facilities, companies turn to NLR for validation, verification, qualification, simulation and evaluation. NLR thereby bridges the gap between research and practical applications, while working for both government and industry at home and abroad. NLR stands for practical and innovative solutions, technical expertise and a long-term design vision. This allows NLR's cutting edge technology to find its way into successful aerospace programs of OEMs, including Airbus, Embraer and Pilatus. NLR contributes to (military) programs, such as ESA's IXV re-entry vehicle, the F-35, the Apache helicopter, and European programs, including SESAR and Clean Sky 2. Founded in 1919, and employing some 600 people, NLR achieved a turnover of 76 million euros in 2017, of which 81% derived from contract research, and the remaining from government funds. For more information visit: www.nlr.nl COMPANY CONFIDENTIAL NLR-CR-2019-001-PT-1-RevEd-1 | June 2019 GNSS spoofing Revised Edition CUSTOMER: Agentschap Telecom AUTHOR(S): J.J.P. van Es NLR J.D. van Bruggen-van Putten NLR H.D. Zelle NLR NLR - Netherlands Aerospace Centre June 2019 | NLR-CR-2019-001-PT-1-RevEd-1 COMPANY CONFIDENTIAL No part of this report may be reproduced and/or disclosed, in any form or by any means without the prior written permission of the owner.
    [Show full text]