Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Coordinated Position Falsification Attacks and Countermeasures for Location-Based Services

Wenjie Liu, Panos Papadimitratos

TL;DR

This work tackles the security of location-based services against coordinated, low-cost position spoofing. It introduces an extended RAIM framework that fuses GNSS with onboard motion data and terrestrial signals to detect inconsistencies, quantify attack likelihood, and recover accurate positions when attacks are detected. The authors develop a two-stage defense consisting of subset generation (with data cleaning and sampling) and position fusion, along with a theoretical analysis for single and multiple infrastructures. They validate the approach on a secure over-the-air testbed and real-world-like datasets, demonstrating meaningful improvements in attack detection accuracy and significant improvements in position recovery under spoofing and coordinated attacks, enabling robust protection for LBS in practice.

Abstract

With the rise of location-based service (LBS) applications that rely on terrestrial and satellite infrastructures (e.g., GNSS and crowd-sourced Wi-Fi, Bluetooth, cellular, and IP databases) for positioning, ensuring their integrity and security is paramount. However, we demonstrate that these applications are susceptible to low-cost attacks (less than $50), including Wi-Fi spoofing combined with GNSS jamming, as well as more sophisticated coordinated location spoofing. These attacks manipulate position data to control or undermine LBS functionality, leading to user scams or service manipulation. Therefore, we propose a countermeasure to detect and thwart such attacks by utilizing readily available, redundant positioning information from off-the-shelf platforms. Our method extends the receiver autonomous integrity monitoring (RAIM) framework by incorporating opportunistic information, including data from onboard sensors and terrestrial infrastructure signals, and, naturally, GNSS. We theoretically show that the fusion of heterogeneous signals improves resilience against sophisticated adversaries on multiple fronts. Experimental evaluations show the effectiveness of the proposed scheme in improving detection accuracy by 62% at most compared to baseline schemes and restoring accurate positioning.

Coordinated Position Falsification Attacks and Countermeasures for Location-Based Services

TL;DR

This work tackles the security of location-based services against coordinated, low-cost position spoofing. It introduces an extended RAIM framework that fuses GNSS with onboard motion data and terrestrial signals to detect inconsistencies, quantify attack likelihood, and recover accurate positions when attacks are detected. The authors develop a two-stage defense consisting of subset generation (with data cleaning and sampling) and position fusion, along with a theoretical analysis for single and multiple infrastructures. They validate the approach on a secure over-the-air testbed and real-world-like datasets, demonstrating meaningful improvements in attack detection accuracy and significant improvements in position recovery under spoofing and coordinated attacks, enabling robust protection for LBS in practice.

Abstract

With the rise of location-based service (LBS) applications that rely on terrestrial and satellite infrastructures (e.g., GNSS and crowd-sourced Wi-Fi, Bluetooth, cellular, and IP databases) for positioning, ensuring their integrity and security is paramount. However, we demonstrate that these applications are susceptible to low-cost attacks (less than $50), including Wi-Fi spoofing combined with GNSS jamming, as well as more sophisticated coordinated location spoofing. These attacks manipulate position data to control or undermine LBS functionality, leading to user scams or service manipulation. Therefore, we propose a countermeasure to detect and thwart such attacks by utilizing readily available, redundant positioning information from off-the-shelf platforms. Our method extends the receiver autonomous integrity monitoring (RAIM) framework by incorporating opportunistic information, including data from onboard sensors and terrestrial infrastructure signals, and, naturally, GNSS. We theoretically show that the fusion of heterogeneous signals improves resilience against sophisticated adversaries on multiple fronts. Experimental evaluations show the effectiveness of the proposed scheme in improving detection accuracy by 62% at most compared to baseline schemes and restoring accurate positioning.

Paper Structure

This paper contains 45 sections, 6 theorems, 19 equations, 11 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Location-Based Service
  4. GNSS Spoofing Attack
  5. Wireless Network Attack
  6. System and Adversary Model
  7. System Model
  8. Adversary Model
  9. Attack Description
  10. Multi-Band GNSS Spoofing
  11. Wi-Fi Spoofing with GNSS Jamming
  12. Coordinated Location Spoofing
  13. Defense Scheme
  14. Scheme Outline
  15. Subset Generation
  16. ...and 30 more sections

Key Result

Lemma 1

Suppose that $N_{\text{anc}}-N_{\text{adv}}>N_{\text{min}}$. Then, $\mathbf{p}_{\text{usr}}(t)$ can be recovered from uncoordinated spoofing.

Figures (11)

  • Figure 1: applications have ranging information with anchor positions from and network infrastructures.
  • Figure 2: Left: Wi-Fi spoofing with jamming; right: coordinated location spoofing.
  • Figure 3: The blue circle in the left screenshot indicates the actual position. The position in the right screenshot is spoofed using a Wi-Fi router with jamming. Screenshots are taken from the recorded attack demonstration video.
  • Figure 4: Coordinated attack manipulates the network-based (purple circle with pin), (green circle with pin), and fused (blue circle with pin) positions of application, deviating from KTH Kista (left) to Skalholtsgatan (right).
  • Figure 5: Generating subsets of ranging information for cross-validation.
  • ...and 6 more figures

Theorems & Definitions (12)

  • Lemma 1
  • proof
  • Proposition 1
  • proof
  • Corollary 1
  • proof
  • Lemma 2
  • proof
  • Theorem 1
  • proof
  • ...and 2 more