Hardening of GNSS based trackers Final Report An Exploratory Research Project on options concerning more resilient position reporting devices U. Kröner, C. Bergonzi, J. Fortuny-Guasch, R. Giuliani, F. Littmann, D. Shaw, D. Symeonidis EUR 24390 EN - 2010 The mission of the JRC-IPSC is to provide research results and to support EU policy-makers in their effort towards global security and towards protection of European citizens from accidents, deliberate attacks, fraud and illegal actions against EU policies. European Commission Joint Research Centre Institute for the Protection and Security of the Citizen Contact information Address: TP 051, Joint Research Centre, Via E. Fermi 2749, 21027 Ispra (VA), Italy E-mail: [email protected] Tel.: +39 0332 78 6719 Fax: +39 0332 78 9658 http://ipsc.jrc.ec.europa.eu/ http://www.jrc.ec.europa.eu/ Legal Notice Neither the European Commission nor any person acting on behalf of the Commission is responsible for the use which might be made of this publication. Europe Direct is a service to help you find answers to your questions about the European Union Freephone number (*): 00 800 6 7 8 9 10 11 (*) Certain mobile telephone operators do not allow access to 00 800 numbers or these calls may be billed. A great deal of additional information on the European Union is available on the Internet. It can be accessed through the Europa server http://europa.eu/ JRC 58733 EUR 24390 EN ISBN 978-92-79-15878-0 ISSN 1018-5593 doi:10.2788/97633 Luxembourg: Publications Office of the European Union © European Union, 2010 Reproduction is authorised provided the source is acknowledged Printed in Italy Hardening of GNSS based trackers Table of Contents LIST OF FIGURES ................................................................................................................................................................... 5 LIST OF TABLES ..................................................................................................................................................................... 6 INTRODUCTORY CHAPTER................................................................................................................................................ 7 ABSTRACT................................................................................................................................................................................ 7 INTRODUCTION......................................................................................................................................................................... 7 WHY SECURITY IN THE CONTEXT OF GNSS TRACKERS IS IMPORTANT ................................................................................... 8 The VMS regulatory environment as a special case.......................................................................................................... 8 Modern VMS devices and their abuse potential: A fisheries perspective......................................................................... 9 AN ABSTRACT GNSS-BASED TRACKER .................................................................................................................................10 A FORMALISATION OF VULNERABILITIES AND DEFENCES......................................................................................................11 RECENT IMPROVEMENTS REGARDING VMS DEVICE SECURITY IN EU MEMBER STATES .....................................................13 PARALLELS BETWEEN THE VMS DEVICES AND THE AIS TRANSPONDERS ............................................................................15 PARALLELS WITH THE EUROPEAN DIGITAL TACHOGRAPH ....................................................................................................18 CHAPTER I: DEFENDING AGAINST FAKE GNSS SIGNALS.....................................................................................21 CHAPTER INTRODUCTION.......................................................................................................................................................21 Scope.................................................................................................................................................................................21 A layman’s overview of GNSS..........................................................................................................................................21 Options for attacking a GNSS receiver............................................................................................................................24 Options for defending a GNSS receiver...........................................................................................................................33 With prohibitive costs, nearly all GNSS receiver defences can be overcome.................................................................68 EXPLORE THE POSSIBILITIES OF USING GALILEO ENCRYPTED GNSS SIGNALS .....................................................................71 Using the Open Service (OS) ...........................................................................................................................................71 Using the Commercial Service (CS) ................................................................................................................................72 Using the Public Regulated Service (PRS) ......................................................................................................................73 Using other Galileo Services............................................................................................................................................74 Conclusion on the use of Galileo encrypted signals........................................................................................................74 POSSIBILITIES IN USING GPS SIGNAL SIMULATORS ...............................................................................................................74 CHAPTER II: PHYSICAL SECURITY...............................................................................................................................77 PROTECTING SMALL VOLUMES AGAINST PHYSICAL INTRUSION ............................................................................................77 Why physical security in the context of GNSS trackers is important..............................................................................77 What is wrong with existing seals?..................................................................................................................................78 Passive and active monitoring seals ................................................................................................................................78 Defending against tracker removal..................................................................................................................................79 The RFID bolt seal ...........................................................................................................................................................80 An industry standard active volume enclosing seal.........................................................................................................82 “Mechanical anti-evidence seals”...................................................................................................................................84 The “time trap” seal.........................................................................................................................................................86 The “tie dye” seal.............................................................................................................................................................88 A challenge-response seal with some “time trap” features ............................................................................................89 Active monitoring using permanent magnets and magnetometers..................................................................................95 Surrounding the tracker’s electronics with potting material ..........................................................................................95 CONCLUSIONS ON PHYSICAL SECURITY .................................................................................................................................97 CHAPTER III: DEFENDING AGAINST SIDE CHANNEL ATTACKS........................................................................98 EMANATIONS SECURITY ........................................................................................................................................................98 SIDE CHANNEL ATTACKS........................................................................................................................................................99 OPERATION OUTSIDE OF TEMPERATURE OR VOLTAGE SPECIFICATIONS ..............................................................................100 OPTIONS CONCERNING CONDUCTED INTERFACES................................................................................................................101 Definition and background.............................................................................................................................................101 Wrapping the conducted data interface inside of the protected volume.......................................................................102 Securing external physical data interfaces....................................................................................................................102