Telecoms, Datacoms, Wireless, IoT


Security – the next frontier in GPS

25 March 2020 Telecoms, Datacoms, Wireless, IoT

After decades of improvements in satellite-based timing and positioning accuracy, market expectations are moving towards increased robustness and security. Our response: the u-blox M9 and u-blox F9 platforms.

Back in 2016, global navigation satellite system (GNSS) receivers were being spoofed by an unexpected cohort of users: Pokémon Go players. By tricking their smartphones into believing that they were moving around, these players had found a way to win points – and online prestige – without even getting off their seats. Even though it posed little threat, the story made headlines. If kids could so easily spoof a GNSS receiver to cheat on a computer game, well, so could anyone else. It wasn’t news, but now it was clearer than ever: satellite-based positioning had a security problem.

Fortunately, it was a security problem that left most end users unaffected. But as GNSS receivers are relied on in a growing number of business- and mission-critical use cases, e.g. to synchronise cellular base station networks and smart grids, enable pay-for-use road tolling, or track vehicle fleets, finding ways to subvert them has become a business of its own, with significant financial rewards for the spoofers and economic consequences for the spoofed. It is, therefore, no surprise that customer focus is shifting from accuracy – a problem that has largely been solved – to increased robustness and security.

A vast threat space


A GNSS receiver’s position and timing output can only be as good as the signals it receives at the antenna. Unfortunately, jamming and spoofing receivers has never been so easy. RF jammers – available online – can drown out weak GNSS signals in a sea of noise, interrupting service. It’s a strategy fishing vessels have used to hide illegal expeditions into protected waters. Uber drivers on the way to lucrative locations such as airports have used GNSS spoofers to get to the front of the queue by making it look like they were already there. And the list of scenarios goes on...

The GNSS receiver itself presents a second vulnerability. Many commercial drones are programmed not to take off in or fly into no-fly zones. By breaking into the GNSS receiver’s firmware, these restrictions can potentially be removed. But that isn’t all. Malicious users can change other device configurations, e.g. via the debugging interface, to circumvent legal restrictions or deliberately manipulate receiver performance, modify the firmware, or access sensitive data.

And finally, time and position data determined by the receiver can be spoofed during transmission in a man-in-the-middle attack, either on its way from the GNSS receiver to a host device, or from the host device to the cloud. This threatens data confidentiality and integrity, as the data can be sniffed to extract sensitive information or replaced by false data.

u-blox M9 and F9 tackle each of these attack surfaces

Robustness and security were front and centre on our minds in developing u-blox M9 standard precision and u-blox F9 high precision positioning platforms. Leveraging advances in GNSS satellite signals, RF signal processing, embedded software development and data encryption, u-blox M9 and F9 tackle GNSS security from the antenna all the way up to the cloud.

By concurrently tracking multiple GNSS constellations across a wider range of frequency bands, our u-blox M9 and F9 receivers increase the level of sophistication required to spoof unnoticed. Consistency checks between the various inputs help catch spoofing attempts. And improved hardware and software filtering help mitigate unwanted in- and out-of-band interference to improve GNSS performance.

To ensure that the GNSS receiver’s firmware is not tampered with, a secure boot procedure validates firmware images at boot time so that only original firmware runs on the device. An irreversible configuration lock protects devices from being doctored once deployed. And, finally, host message authentication secures the interface between the GNSS receiver and the host, while SSL/TLS protects data as it is sent from the host to the cloud.

With the many security features they offer, u-blox M9 and F9 GNSS receivers are designed to fend off a variety of malicious attacks on mass market compatible GNSS solutions. But as the truism goes: there is no such thing as 100% security. Investing in trusted positioning technology is a vital step towards closing in on the 100% mark. But it is only one step in a broader process.

Optimising security requires considering security across all aspects of the product’s development and deploying, from sourcing and design to implementation and operation. It comes at a cost. But regardless of the use case you are targeting, with robustness and security moving from being a differentiator to a minimum requirement, being ahead of competition today will pay off in the long run.




Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Connectivity for IoT devices with SoftSIM
Otto Wireless Solutions Telecoms, Datacoms, Wireless, IoT
IoT device vendors are facing more and more complex cellular connectivity issues these days. Manufacturing is often outsourced to third-party factories and finished devices are being distributed to many ...

Read more...
High-power GaN RF amplifier
RFiber Solutions Telecoms, Datacoms, Wireless, IoT
The CHA7618-99F is a three-stage GaN high-power amplifier (HPA) in the frequency band 5,5-18 GHz. This United Monolithic Semiconductors HPA typically provides 10 W of output power allied with 20% of power-added ...

Read more...
ExpressLink modules for secure connectivity to AWS Cloud
RF Design Telecoms, Datacoms, Wireless, IoT
u-blox has announced two new modules designed to enable Amazon Web Services (AWS) cloud services for device and fleet management out of the box: the NORA-W2 AWS IoT ExpressLink Wi-Fi module and the SARA-R5 ...

Read more...
Cellular antenna for 4G/LTE and 5G NR
iCorp Technologies Telecoms, Datacoms, Wireless, IoT
Antenova’s new ‘Affini’ (part number SRFL064) is a flexible printed circuit (FPC) antenna for the LTE, 4G and 5G NR networks in global markets. This antenna covers all main 4G bands plus 617-698 MHz which ...

Read more...
Passive MMIC diplexer
RF Design Telecoms, Datacoms, Wireless, IoT
The MDPX-0710 from Marki Microwave is a passive MMIC diplexer with passbands from DC to 7 GHz (low band) and 10 to 26,5 GHz (high band). It has an insertion loss of less than 0,9 dB within its passbands ...

Read more...
Embedded GNSS antenna with integrated LNA
RF Design Telecoms, Datacoms, Wireless, IoT
The HC990EXF from Tallysman is an extended-filter embedded GNSS helical antenna. This RHCP (right-hand circular polarised) antenna provides a peak gain of 3 dBi at full bandwidth and has an axial ratio ...

Read more...
Wireless asset tag supporting Quuppa RTLS
EBV Electrolink Telecoms, Datacoms, Wireless, IoT
onsemi unveiled a new system solution that overcomes the main challenges associated with developing asset tracking tags. Battery life has been a major obstacle to asset tag adoption, particularly within ...

Read more...
Wi-Fi SoCs with USB interface
iCorp Technologies Telecoms, Datacoms, Wireless, IoT
USB (Universal Serial Bus) is an industry standard that enables communication between a host controller and peripherals or other devices. A USB interface is integrated into Espressif Systems’ ESP32-S ...

Read more...
RS-485/422 differential transceivers
Hi-Q Electronics Telecoms, Datacoms, Wireless, IoT
Renesas has expanded its RS-485/422 portfolio with the RAA78815x family of 5 V differential transceivers with electrical fast transient (EFT) immunity of ±5000 V and ESD protection up to ±16 000 V, making ...

Read more...
NB-IoT roll-out will rapidly increase adoption
Flickswitch Telecoms, Datacoms, Wireless, IoT
In today’s ever-evolving world, catching the IoT wave is critical. Surveys show that four out of five businesses are investing in IoT, however, there are always questions when it comes to delivering long-term ...

Read more...