Table of Contents
Fetching ...

Guardian Positioning System (GPS) for Location Based Services

Wenjie Liu, Panos Papadimitratos

TL;DR

The Guardian Positioning System advances secure location estimation by extending receiver autonomous integrity monitoring (RAIM) to combine GNSS, opportunistic ranging (Wi‑Fi, cellular, GeoIP, Bluetooth), and onboard sensors. The core method generates numerous subsets of distance estimates, computes intermediate positions for each subset, and fuses them with motion data to form a probabilistic likelihood that flags attacks when inconsistencies arise. Through two datasets—real-world Jammertest 2024 and a coordinated lab attack—the approach demonstrably improves detection accuracy (up to 58% in the challenging dataset) and reduces detection latency (to about 4–5 seconds) compared with baseline methods, without requiring specialized hardware. The work highlights significant practical impact for mobile devices and security-sensitive applications by enabling robust, cross-source spoofing detection on off-the-shelf hardware.

Abstract

Location-based service (LBS) applications proliferate and support transportation, entertainment, and more. Modern mobile platforms, with smartphones being a prominent example, rely on terrestrial and satellite infrastructures (e.g., global navigation satellite system (GNSS) and crowdsourced Wi-Fi, Bluetooth, cellular, and IP databases) for correct positioning. However, they are vulnerable to attacks that manipulate positions to control and undermine LBS functionality -- thus enabling the scamming of users or services. Our work reveals that GNSS spoofing attacks succeed even though smartphones have multiple sources of positioning information. Moreover, that Wi-Fi spoofing attacks with GNSS jamming are surprisingly effective. More concerning is the evidence that sophisticated, coordinated spoofing attacks are highly effective. Attacks can target GNSS in combination with other positioning methods, thus defenses that assume that only GNSS is under attack cannot be effective. More so, resilient GNSS receivers and special-purpose antennas are not feasible on smartphones. To address this gap, we propose an extended receiver autonomous integrity monitoring (RAIM) framework that leverages the readily available, redundant, often so-called opportunistic positioning information on off-the-shelf platforms. We jointly use onboard sensors, terrestrial infrastructures, and GNSS. We show that our extended RAIM framework improves resilience against location spoofing, e.g., achieving a detection accuracy improvement of up to 24-58% compared to the state-of-the-art algorithms and location providers; detecting attacks within 5 seconds, with a low false positive rate.

Guardian Positioning System (GPS) for Location Based Services

TL;DR

The Guardian Positioning System advances secure location estimation by extending receiver autonomous integrity monitoring (RAIM) to combine GNSS, opportunistic ranging (Wi‑Fi, cellular, GeoIP, Bluetooth), and onboard sensors. The core method generates numerous subsets of distance estimates, computes intermediate positions for each subset, and fuses them with motion data to form a probabilistic likelihood that flags attacks when inconsistencies arise. Through two datasets—real-world Jammertest 2024 and a coordinated lab attack—the approach demonstrably improves detection accuracy (up to 58% in the challenging dataset) and reduces detection latency (to about 4–5 seconds) compared with baseline methods, without requiring specialized hardware. The work highlights significant practical impact for mobile devices and security-sensitive applications by enabling robust, cross-source spoofing detection on off-the-shelf hardware.

Abstract

Location-based service (LBS) applications proliferate and support transportation, entertainment, and more. Modern mobile platforms, with smartphones being a prominent example, rely on terrestrial and satellite infrastructures (e.g., global navigation satellite system (GNSS) and crowdsourced Wi-Fi, Bluetooth, cellular, and IP databases) for correct positioning. However, they are vulnerable to attacks that manipulate positions to control and undermine LBS functionality -- thus enabling the scamming of users or services. Our work reveals that GNSS spoofing attacks succeed even though smartphones have multiple sources of positioning information. Moreover, that Wi-Fi spoofing attacks with GNSS jamming are surprisingly effective. More concerning is the evidence that sophisticated, coordinated spoofing attacks are highly effective. Attacks can target GNSS in combination with other positioning methods, thus defenses that assume that only GNSS is under attack cannot be effective. More so, resilient GNSS receivers and special-purpose antennas are not feasible on smartphones. To address this gap, we propose an extended receiver autonomous integrity monitoring (RAIM) framework that leverages the readily available, redundant, often so-called opportunistic positioning information on off-the-shelf platforms. We jointly use onboard sensors, terrestrial infrastructures, and GNSS. We show that our extended RAIM framework improves resilience against location spoofing, e.g., achieving a detection accuracy improvement of up to 24-58% compared to the state-of-the-art algorithms and location providers; detecting attacks within 5 seconds, with a low false positive rate.
Paper Structure (38 sections, 7 equations, 10 figures, 1 algorithm)

This paper contains 38 sections, 7 equations, 10 figures, 1 algorithm.

Figures (10)

  • Figure 1: applications have ranging information with anchor positions from and network infrastructures.
  • Figure 2: Left: Wi-Fi spoofing attack with jamming; right: coordinated location spoofing.
  • Figure 3: Left: Wi-Fi spoofing attack with jamming manipulates the application in the upper left corner (dark green pin) to the position at the bottom right (purple pin). Right: coordinated spoofing attack manipulates the network-based (purple circle with pin), (light green circle with pin), and fused (blue circle with pin) positions, deviating from Europe to Hong Kong.
  • Figure 4: A driving trace, positions, and network-based positions. The red dotted line frames the attacked area. The network signals are not specifically attacked.
  • Figure 5: The placement of the devices used for the coordinated location spoofing in NSS lab environment.
  • ...and 5 more figures