Spirent’s SimSAFE Fights Signal Vulnerability

Spirent’s SimSAFE Fights Signal Vulnerability.

By Tracy Cozzens

Spirent Communications now offers SimSAFE, a software solution that simulates legitimate GNSS constellations along with spoofed or hoax signals to evaluate receiver resilience and help develop counter measures.

Hoax or spoofing attacks work by mimicking genuine GNSS signals, which mislead GNSS receivers.  The military and critical infrastructure — such as wireless networks, banking, and utilities — are especially interested in being able to detect and reject spoofing attacks.

“GNSS signal vulnerability is becoming a significant issue,” said John Pottle, marketing director of Spirent’s Positioning Division.  “The industry is beginning to talk more about vulnerability and how we actually think about categorizing the threat — what approaches are there to evaluate performance in the presence of interference signals? If you’re a developer, what approaches are there to clean up your performance? You’ll see us at Spirent being quite a bit more vocal about these areas in the coming months.”

SimSAFE was developed in conjunction with Qascom, a small organization of half a dozen GNSS signal security and authentication experts headed by Oscar Pozzobon, who served as the chief solutions architect for SimSAFE. Pozzobon contributed his knowledge of GNSS security and vulnerabilities, which were then integrated into the SimSAFE system.

SimSAFE provides a means of emulating a spoofing attack, and then monitoring a receiver under attack to evaluate mitigation strategies and countermeasures.

“SimSAFE really gets into details on how a receiver reacts in the presence of the hoax signals,” Pottle said. “By really understanding that, really getting into how is the receiver is acting and reacting, you can understand better how your receiver is likely to behave, and tune it up.”

The SimSAFE laboratory-based test solution is fully controllable, so that users can evaluate a receiver’s response to a wide range of spoofing attacks. As Pottle put it, when fed both authentic and spoofed signals, “What’s the receiver going to see? It’s going to see the authentic signals, it’s going to see a couple of spoofed signals. And you can play around with the spoofed signals — that’s the controllable bit. While this is happening, the detector module within SimSAFE monitors and reports the receiver’s response to the attacks. At its most simple, that’s the power of SimSAFE.”

SimSAFE is aimed not only at receiver developers, a core audience of Spirent’s, but at anyone trying to build a system that may be subject to intentional interference, such as in the military or critical infrastructure. “Those people are starting to ask questions about what should I be worried about? What kind of an attack might I be open to? How can I be sure, if I’ve got a choice of three or four receivers, that I’m going to choose one that meets my needs in terms of resilience to intentional interference?” Pottle said. “Our belief is that SimSAFE will allow people to evaluate different receivers and strategies for mitigating spoofing attacks, and therefore help them to build the right level of resilience in their systems.”

SimSAFE is available in two variants. SimSAFE Simulated uses the simulator for all signals, both satellite and spoofed, using one or more channels for the spoofed signal.

Instead of a simulator, SimSAFE Live pulls authentic signals from sky with an antenna, so the user has the full power of the simulator to generate a much broader range of spoofing attacks. “The clever bit is aligning the spoofed signal with the real signal, getting the timing and frequency synced up,” Pottle said.

Spirent is also working on other technologies to mitigate spoofing, including work with interference signals from ground-based transmitters, adaptive antenna lab-based tests, and integration with inertial sensors, such as in military jets.

SimSAFE’s signal control capabilities.