Cryptography Is Not Enough: Relay Attacks on Authenticated GNSS Signals

Civilian-GNSS is vulnerable to signal spoofing attacks, and countermeasures based on cryptographic authentication are being proposed to protect against these attacks. Both Galileo and GPS are currently testing broadcast authentication techniques based on the delayed key disclosure to validate the integrity of navigation messages. These authentication mechanisms have proven secure against record now and replay later attacks, as navigation messages become invalid after keys are released. This work analyzes the security guarantees of cryptographically protected GNSS signals and shows the possibility of spoofing a receiver to an arbitrary location without breaking any cryptographic operation. In contrast to prior work, we demonstrate the ability of an attacker to receive signals close to the victim receiver and generate spoofing signals for a different target location without modifying the navigation message contents. Our strategy exploits the essential common reception and transmission time method used to estimate pseudorange in GNSS receivers, thereby rendering any cryptographic authentication useless. We evaluate our attack on a commercial receiver (ublox M9N) and a software-defined GNSS receiver (GNSS-SDR) using a combination of open-source tools, commercial GNSS signal generators, and software-defined radio hardware platforms. Our results show that it is possible to spoof a victim receiver to locations around 4000 km away from the true location without requiring any high-speed communication networks or modifying the message contents. Through this work, we further highlight the fundamental limitations in securing a broadcast signaling-based localization system even if all communications are cryptographically protected.