May 2 2019
Researchers at the Southwest Research Institute have created a cybersecurity system to investigate for vulnerabilities in automated vehicles and other technologies using GPS receivers for navigation, positioning, and timing.
This is a legal way for us to improve the cyber resilience of autonomous vehicles by demonstrating a transmission of spoofed or manipulated GPS signals to allow for analysis of system responses.
Victor Murray, Head, Cyber Physical Systems Group, Intelligent Systems Division, of SwRI
GPS spoofing is a vicious attack that spreads spurious signals to mislead GPS receivers, while GPS manipulation alters a real GPS signal. GPS satellites that orbit the Earth identify physical locations of GPS receivers integrated into everything from smartphones to aircraft and ground vehicles.
SwRI developed the new tool to fulfill federal regulations of the United States. Earlier, it was challenging to investigating for GPS vulnerabilities in a mobile environment since federal law forbids over-the-air re-transmission of GPS signals without prior authorization.
The spoofing test system from SwRI positions a physical component on or in line with the GPS antenna of a vehicle and a ground station remotely controlling the GPS signal. Upon receiving the actual GPS signal from an on-vehicle antenna, the system processes it and inserts a spoofed signal. Then, the spoofed signal is broadcast to the GPS receiver on the vehicle. This enables the spoofing system to exercise complete control over the GPS receiver.
By investigating the system by using it on an automated vehicle on a test track, engineers could modify the course of the vehicle by 10 m, thereby effectively making it drive off the road. It was also possible to force the vehicle to turn early or late.
“Most automated vehicles will not rely solely on GPS because they use a combination of sensors such as lidar, camera machine vision, GPS and other tools,” stated Murray. “However, GPS is a basis for positioning in a lot of systems, so it is important for manufacturers to have the ability to design technology to address vulnerabilities.”
SwRI designs automotive cybersecurity solutions on embedded systems and the Internet of things (IoT) technology that feature sensors and networks. Autonomous and connected vehicles are susceptible to cyber threats since they receive and broadcast signals for positioning and navigation.
The new system was created via SwRI’s internal research program. Upcoming related study will be to investigate the role of GPS spoofing in aircraft and drones.