FOSTER ITS a trusted GNSS module to secure ITS application

Main title

Content

Context

GNSS is massively implemented and used in ITS applications to

serve many services. Some examples:

- Road User Charging

- eCall

- Usage Based Insurance

- Critical asset transport

- …

...but is GNSS always trustable?

Main title

Content

GNSS spoofing cookbook

Ingredients:

- 1 BladeRF from Nuand - 1 GNSS Antenna

- 1 Laptop (Core i5, USB3)

Prep: 20 min. Cook: 30 min. => Ready in 50 min.

Cost: 400 $ + Laptop

Directions:

Download the last version of GPS software defined radio simulator from

Github, compile the software on your Laptop following the README file.

Download a recent ephemeris from the International GNSS Service (IGS),

choose your location or the trajectory where you want to be/follow.

Connect the antenna to the BladeRF, connect the BladeRF to your Laptop,

launch the software.

Serve hot or iced !

1

2

3

Main title

Content

GNSS spoofing cookbook

Main title

Content

GNSS may be vulnerable What is true for IT security becomes true for GNSS….

Today it is easy to conduct cheap attacks that almost receivers are

not able to detect.

The simplest attack consists in feeding a CAN bus with false data

(technic used this summer by Miller and Valasek to mislead a

vehicle).

To guarantee security, a modern GNSS receiver should detect

and mitigate GNSS attacks and provide non repudiable data to

ITS application .

Main title

Content

FOSTER ITS GNSS module The FOSTER ITS module integrates in an unique casing a GNSS receiver, a

Secure MCU and motion sensors.

FOSTER ITS delivers a Level of Confidence (LoC) indicator rating the

probability of degraded / false PVT information thanks to:

• A Bayesian algorithm analysing the consistency between the GNSS

information and motion sensors,

• Sanity checks on the GNSS measurements ensuring genuineness (GNSS

simulator or spoofing device detection),

• Analysis of the RF signal to detect GNSS jamming/interference,

• An anti-replay mechanism.

In case of attack FOSTER ITS provides an estimated PVT based

on Dead Reckoning

FOSTER ITS provides non repudiable data to host applications

FOSTER ITS is designed to reach automotive grade and common criteria

certification

Main title

Content

FOSTER ITS GNSS module

FOSTER ITS is:

• created, designed and developed by FDC & STM

• integrated and full-scale tested by Novacom

• certification process enabled by NavCert

• challenged and tested in coop. with EC JRC GNSS Lab

FOSTER interfaces are:

• input: odometer/can bus

• output: serial, ISO7816, can bus

Main title

Content

Level of Confidence Focus on LoC indicator

The LoC is represented by a score which vary between 0 and 100 rating

each PVT solution. A score of 100 means that the PVT information is fully

trustable while a score of 0 indicates that the PVT information is totally

inconsistent and not trustable.

Main title

Content

Nominal case In nominal case (no attack), the LoC delivered by the receiver is the

following figure:

Static position and good GNSS reception

Main title

Content

Replay attack

GNSS signal was recorded and replayed

Main title

Content

Spoofing attack

Main title

Content

Conclusion

Recent events, such as the remote hacking on vehicles, highlight that

security will be a major concern in the future for the automotive industry.

GNSS signal attack is now a reality:

FOSTER ITS provides an efficient, resilient and low-cost solution.

Main title

Content

Visit us

Visit us at the European GNSS Village booth (D38)

Contact: alexandre.allien@fdc.eu