Researchers Working on ways to Thwart GPS Based Cyber Attacks

The vulnerability of the timekeeping function in computers is leading to more and more cyber attacks and this is now an area of growing concerns. As more homes, businesses, utilities and other critical services start using the internet and GPS functionality, the number of devices out there prone to cyber attacks is on the rise. These attacks carry the potential to expose sensitive information and even cripple basic services.

Researchers at Clemson University, are developing a technology that could defend these devices from such cyber attacks. Yongqiang Wang, an assistant Professor of Electrical and Computer Engineering, is leading a team that has received $1 million of funding from the National Science Foundation (NSF) to fortify computers and devices against cyber attacks associated with timekeeping. The goal of the researchers is to make sure the timing service is more reliable. They want to provide secure timing solutions, by securing the two most commonly used time distribution approaches, GPS receivers and NTP.

In a network where time has to be aligned, such as the internet, cellular communication networks, and power systems, if the time on one device goes wrong, then there could be catastrophic consequences. So the researchers want to provide secure timing solutions, by securing the two most commonly used time distribution approaches, GPS receivers and NTP.

Rolling back time on a computer can make it relatively easy for hackers to break open encrypted documents. They could also access accounts with login information that should be expired. Muaz Ahmad, a Master's student in Wang's lab, demonstrated how simple GPS spoofing can be. All he needed was a software-defined radio purchased on a popular shopping website for about $300. With a few taps on a keyboard, Ahmad had the software-defined radio send signals to a smart phone sitting on the desk next to him. The GPS chip in the phone interpreted the signals as GPS signals beamed from satellites.

Ahmad was able to trick the phone into thinking it was four days earlier than the actual date and that it was sitting about a mile away from its actual location. This is what they’re trying to prevent, according to Ahmad. The experiment was harmless, but GPS spoofing carries the potential for devastating consequences. The same GPS system built into smartphones and cars also helps guide ships, trucking fleets and intelligent cars. As recently as last year, GPS told two vessels that they were at Sochi Airport in Russia, but they were actually in the harbor 12 miles away.

Wang and his team plan to counteract GPS spoofing by setting up a server at Clemson University. Every 10 seconds, two GPS receivers in Clemson and Anderson will sample secret code embedded in GPS signals and upload them to the server. Users elsewhere in the United States will be able to access those samples to verify that the signals they are receiving actually come from the genuine satellite source.

Researchers plan to test their server on several battery-powered sensors that have been deployed along the Savannah River to measure flooding and water quality as part of the Intelligent River Project. At the same time, researchers will be working to defend against attacks on NTP. One of the oldest computer protocols still in use, NTP helps computer systems synchronize clocks. It's an increasingly important function as more infrastructures ranging from the power grid to water systems rely on computer networks to keep them functioning smoothly. Each system typically has facilities in different locations, and time accuracy at each location is critical, Wang said.

For example, a flood gate that opens to soon or too late could have catastrophic consequences. As crucial as it is, NTP is among the vulnerabilities in denial-of-service attacks. Those attacks flood computer systems and servers with traffic, making it difficult for legitimate users to access them. Wang and his team plan to combat NTP attacks by creating a complement to it they call "pulse synch protocol." It would be a secure way of cross-checking whether computers are closely synchronized under NTP.

The team will test its pulse synch protocol by synchronizing clocks of five weather stations deployed around Clemson's campus. The team is planning to use the research in the classroom, including a new graduate class, Secure Network Science. They also plan to start a new Creative Inquiry course aimed at undergraduates and a new cybersecurity program that will be part of the Project WISE summer camp for middle school girls.

Co-principal investigators on the grant, all from Clemson University, are Kuang-Ching K.C. Wang, Professor of Electrical and Computer Engineering; Kumar Venayagamoorthy, Professor of Electrical and Computer Engineering; and Christopher Post, Professor of Environmental Information Science.