Geoencryption Using Loran

Di Qiu, Sherman Lo, Per Enge Stanford University

Sponsored by FAA Loran Program

04/20/23 2007 Convention and Technical Symposium - ILA-36 2

Why Geoencryption?

Unsecure world Data/Information security Piracy concern

Traditional cryptosystems have inconveniences or weaknesses

Something you know: PIN, passwords Something you have: key, smart card Something you are: biometrics

Location for Security

Universality• Do all people have it?

Collectability• How well can an identifier be captured or quantified?

Circumvention• foolproof

Uniqueness• Can people be distinguished based on an identifier?

04/20/23 2007 Convention and Technical Symposium - ILA-36 3

04/20/23 2007 Convention and Technical Symposium - ILA-36 4

---------------------------------------------------

---------------------------------------------------

Encryption and Authentication

---------------------------------------------------

---------------------------------------------------

@#)&)*+!#$N$&*&$&=W& /-!&)$#+

@#)&)*+!#$N$&*&$&=W& /-!&)$#+

Encryption

CommunicationChannel

@#)&)*+!#$N$&*&$&=W& /-!&)$#+

@#)&)*+!#$N$&*&$&=W& /-!&)$#+

---------------------------------------------------

---------------------------------------------------

Authentication

---------------------------------------------------

---------------------------------------------------

CommunicationChannel

---------------------------------------------------

---------------------------------------------------

---------------------------------------------------

---------------------------------------------------

Verify

Geoencryption

04/20/23 2007 Convention and Technical Symposium - ILA-36 5

---------------------------------------------------

---------------------------------------------------

@#)&)*+!#$N$&*&$&=W& /-!&)$#+

@#)&)*+!#$N$&*&$&=W& /-!&)$#+

Sender Receiver

geotag

Geodecryption

04/20/23 2007 Convention and Technical Symposium - ILA-36 6

---------------------------------------------------

---------------------------------------------------

Loran Receiver

FeatureExtraction

@#)&)*+!#$N$&*&$&=W& /-!&)$#+

@#)&)*+!#$N$&*&$&=W& /-!&)$#+

Verify

yes

Why Loran?

GPS• Non-stationary satellites

• High absolute accuracy, high repeatable accuracy

• Global coverage

• Low SNR– Easy to jam and spoof

– Indoor NOT capable

• Data channel

Loran• Stationary transmitters

• Low absolute accuracy, high repeatable accuracy

• Northern hemisphere

• High SNR– Hard to jam and spoof

– Indoor capable

• Data channel (eLoran)

04/20/23 2007 Convention and Technical Symposium - ILA-36 7

Security Analysis Outline

04/20/23 2007 Convention and Technical Symposium - ILA-36 8

Security

Vulnerabilities of Protocol/ImplementationI. SpoofII. ReplayIII. “Parking Lot” Attack

Tag SizeIV. Spatial decorrelation

Loran Receiver

FeatureExtraction

Loran Receiver

FeatureExtraction

d

Same tag?

Modify location parameters

Signal Authentication

TESLA – Timed Efficient Stream Loss-tolerant Authentication Authenticating message = key (K) + tag (h) Tag = MAC (Data, Key)

04/20/23 2007 Convention and Technical Symposium - ILA-36 9

MAC h’ ?= h

ELRmhKmhKmhK

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

Authentication Test

• Middletown

• Circular TESLA chain

• 50% Bandwidth

• Message subtypes– Type 1-4 (0001-0100): first 148 bits of the tag

– Type 5 (0101): last 12 bits of tag,

– Type 6-9 (0110-1001): first 148 bits of key

– Type 10 (1010): last 12 bits of key

04/20/23 2007 Convention and Technical Symposium - ILA-36 10

0010 0011 0100 0101 0111 1000 1001 1010

tag key

0001 0110

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

Authentication Test Result

04/20/23 2007 Convention and Technical Symposium - ILA-36 11

< 50%

> 50%

> 80%

> 90%

> 95%

> 99%

>99.999%

Longitude (deg)

Latit

ude

(deg

)

Authentication Probablity as a Function of User Location

-130 -125 -120 -115 -11032

34

36

38

40

42

44

46

48

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

Loran Certified Receiver

04/20/23 2007 Convention and Technical Symposium - ILA-36 12

NavigationReceiver

Signal Authentication

Module

GeotagGeneration

Module

LocationVerification

Decryption

Original file

Tamper ResistantLoran input

@#)&)*+!#$N$&*&$&=W& /-!&)$#+

@#)&)*+!#$N$&*&$&=W& /-!&)$#+

File input

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

Replay Modified Location Information

Parking Lot Attack

04/20/23 2007 Convention and Technical Symposium - ILA-36 13

False Accept Rate (FAR): % of unauthorized persons accepted in error

False Reject Rate (FRR): % of authorized persons who are incorrectly denied acceptance

Trade off between FAR and FRR

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

Data Collection

04/20/23 2007 Convention and Technical Symposium - ILA-36 14

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

FAR & FRR Estimation

04/20/23 2007 Convention and Technical Symposium - ILA-36 15

Experimental Analysis

0 10 20 30 40 50 60 70

-90

-70

-50

-30

-10

10

Time

Rel

ativ

e T

DO

A (

m)

George

user

attacker

0 10 20 30 40 50 60 70

-90

-70

-50

-30

-10

10

Time

Rel

ativ

e T

DO

A (

m)

George

user

attacker

Grid interval size

Analytic Analysis

user attacker

FRR

FAR

Grid Size

FAR = Q(interval size, , distance)

FRR = Q(interval size, )

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

Receiver Operating Curve

04/20/23 2007 Convention and Technical Symposium - ILA-36 16

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 10

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

False Accept Rate of Attacker

Fal

se R

ejec

t R

ate

of

Use

rTime Difference

George

Middletown

Grid Size

BetterPerformance

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

Spatial Decorrelation

High spatial decorrelation is preferred.

Evaluation functions Distance measure Error rates measure - FAR Information measure - relative entropy D(p||q) Dependence measure - correlation coefficient

04/20/23 2007 Convention and Technical Symposium - ILA-36 17

distance

highlow

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

Test Locations

04/20/23 2007 Convention and Technical Symposium - ILA-36 18

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

False Accept Rate- Different Stations

04/20/23 2007 Convention and Technical Symposium - ILA-36 19

0 5 10 15 20 25 300

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Distance (m)

Mat

chin

g R

ate

(FA

R)

TD

George, Grid Size 15m

Middletown, Grid Size 3mSearchlight, Grid Size 15m

Station SNR (dB)

Fallon 21

George 6

Middletown 32

Searchlight 8

High SNR results in high spatial decorrelation.

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

Decorrelation DistanceFAR < 0.01

04/20/23 2007 Convention and Technical Symposium - ILA-36 20

Decorrelation distance is 18 meters for Middletown.

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

0 5 10 15 20 25 300

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Distance (m)

Mat

chin

g R

ate

(FA

R)

TD

Middletown, Grid Size 3m

e-0.2445d

False Accept Rate- Different Location Parameters

04/20/23 2007 Convention and Technical Symposium - ILA-36 21

0 5 10 15 20 25 300

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Distance (m)

Mat

chin

g R

ate

(FA

R)

Middletown

TD, Grid Size 3m

ECD, Grid Size 150nsSNR, Grid Size 5dB

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

TDOA/TOA > ECD > SNR

Geotag Size

04/20/23 2007 Convention and Technical Symposium - ILA-36 22

Parameter Entropy (bits)

TDOA 15.5

ECD 6.0

SNR 4.3

25.8 bits

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

811 km

Information measure Entropy

Key/Geotag size Station coverage Information density Spatial decorrelation

Conclusion

Defeated vulnerabilities of geoencryption protocol and implementation

Signal authentication & certified receiver Spatial decorrelation of Loran location parameters

Geotag size from Middletown is 26 bits At least 226 trials of different locations to break it

How to increase geotag size? Look into more parameters Fuzzy extractor

04/20/23 2007 Convention and Technical Symposium - ILA-36 23

Acknowledgement

The authors would like to thank Ben Peterson, Kirk Montgomery, Jim Shima and USCG for their help during the research.

04/20/23 2007 Convention and Technical Symposium - ILA-36 24

Backup Slides

04/20/23 2007 Convention and Technical Symposium - ILA-36 25

Demodulation Performance

04/20/23 2007 Convention and Technical Symposium - ILA-36 26

-2 0 2 4 6 8 1010

-7

10-6

10-5

10-4

10-3

10-2

10-1

100

SNR(dB)

Pro

ba

bili

ty E

rro

r R

ate

PPM 32 Level

Analytical

Simulated

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

Message Loss

04/20/23 2007 Convention and Technical Symposium - ILA-36 27

0 0.05 0.1 0.15 0.2 0.2510

-40

10-35

10-30

10-25

10-20

10-15

10-10

10-5

100

Average Packet Loss

Mes

sage

Los

s

Analytical Message Loss vs. Packet Loss

jnjn

tj

ppj

nfailuredecordererror

)1()_/Pr(

1

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

Authentication Performance

SNR Bandwidth

04/20/23 2007 Convention and Technical Symposium - ILA-36 28

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

<20

>20

>30

>40

>50

>60

>70

Longitude (deg)

La

titu

de

(d

eg

)

Middletown Coverage

-150 -140 -130 -120 -110 -100

25

30

35

40

45

50

55

60

TESLA Segment

Data

Authentication(320 bits)

320/37 9 Loran messages50% BW 18 Loran messages

Authentication probability is proportional to SNR & BW.

TDOA Data

04/20/23 2007 Convention and Technical Symposium - ILA-36 29

0 10 20 30 40 50 60 70-100

-50

0

50

Time

Rel

ativ

e T

DO

A (

m)

Middletown

Test Location 1

Test Location 2

0 10 20 30 40 50 60 70-100

-50

0

50

Time

Rel

ativ

e T

DO

A (

m)

GeorgeTest Location 1

Test Location 2

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

Distribution of Quantized TDOA- Grid Size 20m, Station George

04/20/23 2007 Convention and Technical Symposium - ILA-36 30

PDF

04/20/23 2007 Convention and Technical Symposium - ILA-36 31

0 10 20 30 40 50 60 70-100

-80

-60

-40

-20

0

20

Time

Rel

ativ

e T

DO

A (

m)

George

user

attacker

-150 -100 -50 0 50 1000

0.01

0.02

0.03

0.04

0.05

0.06

TD (m)

PD

F

George

user

attacker

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 10

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

False Accept Rate of Attacker

Fal

se R

ejec

t R

ate

of

Use

rTime Difference

George

Middletown

Receiver Operating Curve

04/20/23 2007 Convention and Technical Symposium - ILA-36 32

Grid Size

BetterPerformance

TDOA Measurements

04/20/23 2007 Convention and Technical Symposium - ILA-36 33

I. SpoofII. ReplayIII. Parking lotIV. Spatial decorr.

-5 0 5 10 15 20 25 30 35-100

-50

0

50

100

150

200

250

300

Distance (m)

Rel

ativ

e T

DO

A M

ean

s (m

)Middletown

Decorrelation Distances- Different Parameters

04/20/23 2007 Convention and Technical Symposium - ILA-36 34

0 5 10 15 20 25 300

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Distance (m)

Mat

chin

g R

ate

(FA

R)

Middletown

TD, Grid Size 3m

ECD, Grid Size 150nsSNR, Grid Size 5dB

Relative Entropies

04/20/23 2007 Convention and Technical Symposium - ILA-36 35

0 5 10 15 20 25 30-5

0

5

10

15

20

Distance (m)

D(p

||q

) (b

its)

TD

George

Middletown

Searchlight