Professional Documents
Culture Documents
GPS INS Based On-Road Location Tracking Systems
GPS INS Based On-Road Location Tracking Systems
Abstract—Location information is critical to a wide variety location information for tracking, billing, and assigning drivers
of navigation and tracking applications. GPS, today’s de-facto to trips. Furthermore, the locations of public transport [6], [7],
outdoor localization system has been shown to be vulnerable to [8] are continuously monitored to ensure smooth and timely
signal spoofing attacks. Inertial Navigation Systems (INS) are
emerging as a popular complementary system, especially in road operation of services. With the advent of autonomous vehicles
transportation systems as they enable improved navigation and and transport systems, the dependence on location information
tracking as well as offer resilience to wireless signals spoofing is only bound to increase. The majority of above applications
and jamming attacks. In this paper, we evaluate the security rely on GPS [9], the de facto outdoor localization system in
guarantees of INS-aided GPS tracking and navigation for road use today. It is estimated that more than 8 billion GNSS1
transportation systems. We consider an adversary required to
travel from a source location to a destination and monitored by devices [10] will be in use by the year 2020.
an INS-aided GPS system. The goal of the adversary is to travel to However, it has been widely demonstrated that GPS is
alternate locations without being detected. We develop and eval- vulnerable to signal spoofing attacks. One of the main reasons
uate algorithms that achieve this goal, providing the adversary is the lack of any form of signal authentication. It is today
significant latitude. Our algorithms build a graph model for a
possible to change the course of a ship [11], force a drone to
given road network and enable us to derive potential destinations
an attacker can reach without raising alarms even with the land in a hostile area [12] or fake the current location in a road
INS-aided GPS tracking and navigation system. The algorithms navigation system [13] by simply spoofing GPS signals. The
render the gyroscope and accelerometer sensors useless as they increasing availability of low-cost radio hardware platforms
generate road trajectories indistinguishable from plausible paths make it feasible to execute such attacks with less than few
(both in terms of turn angles and roads curvature). We also
hundred dollars worth of equipment. There has been several
design, build and demonstrate that the magnetometer can be
actively spoofed using a combination of carefully controlled coils. evidences of jamming and spoofing reported in the media.
To experimentally demonstrate and evaluate the feasibility of the For example, as quoted in Gizmodo [14] “Because the toll-
attack in real-world, we implement a first real-time integrated taking for commercial trucks relies on GPS tracking, they can
GPS/INS spoofer that accounts for traffic fluidity, congestion, avoid paying through jamming. If a $45 device made your
lights, and dynamically generates corresponding spoofing signals.
daily commute free, you too might be tempted to commit a
Furthermore, we evaluate our attack on ten different cities using
driving traces and publicly available city plans. Our evaluations federal crime.” Another report [15] mentions “Gary Bojczak
show that it is possible for an attacker to reach destinations admitted buying an illegal GPS jammer to thwart the tracking
that are as far as 30 km away from the actual destination device in his company vehicle”. Several cryptographic [16],
without being detected. We also show that it is possible for [17], [18], [19] and non-cryptographic [20], [21], [22], [23],
the adversary to reach almost 60–80% of possible points within
[24], [25], [26] countermeasures have been proposed to detect
the target region in some cities. Such results are only a lower-
bound, as an adversary can adjust our parameters to spend more or mitigate signal spoofing attacks. These techniques are either
resources (e.g., time) on the target source/destination than we unreliable (e.g., large number of false alarms), effective only
did for our performance evaluations of thousands of paths. We against naive attackers or require modifications to the GPS re-
propose countermeasures that limit an attacker’s ability, without ceiver/infrastructure. Alternate localization technologies using
the need for any hardware modifications. Our system can be used
Wi-Fi or Cellular [27], [28] lack the accuracy and coverage
as the foundation for countering such attacks, both detecting and
recommending paths that are difficult to spoof. required for the mentioned applications, consume significant
amount of power and are susceptible to interference.
I. I NTRODUCTION Inertial navigation i.e., the use of sensors such as accelerom-
The ability to track one’s location is important to a wide eter, gyroscope and compass to navigate during temporary
variety of safety- and security-critical applications. For exam- GPS outages have been around for decades, specifically in
ple, logistics and supply chain management companies [1], [2], aircrafts, spacecrafts and military vehicles [29], [30], [31].
[3] that handle high-value commodities (e.g., currency notes) The advancements in sensor manufacturing technologies have
continuously monitor the locations of every vehicle in their resulted in widespread integration of these sensors into many
fleet carrying valuables to ensure their secure transportation to commonly used devices such as smart phones, tablets, fitness
the intended destination. Law enforcement officials use ankle trackers and other wearables. Many vehicle tracking and au-
bracelets [4], [5] to monitor the location of defendants or
parole and notify them if the offender strays outside an allowed 1 Global Navigation Satellite Systems (GNSS) is an umbrella term for
area. Ride-hailing applications such as Uber and Lyft use satellite based localization systems such as GPS, Galileo, Glonass etc.
along each of the three axes. The gyroscopes measure the rate
at which an object is rotating, and are used to compute the
Angle (deg)
200 X Axis
Y Axis attitude and heading of the object. The gyroscope measure-
Z Axis
ments aid the accelerometer in figuring out the orientation of
0 the object. Typically, sets of three accelerometers and three
0 200 400 gyroscopes, both orthogonally aligned, are combined into a
Time (s)
single inertial measurement unit (IMU). The setup commonly
(a) Path drift (b) Gyroscope drift contains additional analog and digital circuitry, including
conversion and calibration components. The magnetometer
Fig. 1: The constraints imposed by the road networks lead to measures the magnetic fields and thus determines the cardinal
better accuracy in tracking road applications. Blue path - route direction to which the object is pointing.
estimate with road constraints. Green path - no constraints. One of the main drawbacks of low-cost inertial sensors
(e.g., MEMS [45]) is that the process of dead reckoning in
general, results in a build-up of errors over the course of the
and data structure. A GPS signal spoofing attack is a physical- measurement. Since the position, velocity, and attitude updates
layer attack in which an attacker transmits specially crafted are products of single or double integration of raw inertial
radio signals that are identical to authentic satellite signals. sensor readings, the errors propagate and affect the final
In a signal spoofing attack, the objective of an attacker may position, velocity and attitude estimates. For example, due to
be to force a target receiver to (i) compute a false geographic the single integration performed on angular rate measurements,
location, (ii) compute a false time or (iii) disrupt the receiver a constant gyroscope bias will produce a linearly growing
by transmitting unexpected data. Today, with the increasing angular error, the gyro noise will produce a ‘random walk’
availability of low-cost radio hardware platforms [42], [43] growing with the square root of time. The double integration
and open source GPS signal generation software [44], it is required to transform the accelerometer output to position
feasible to execute GPS spoofing attacks with less than $100 produces a quadratically growing position error and a second-
of equipment. GPS signal generators can be programmed to order ‘random walk’, for a constant accelerometer bias and
transmit radio frequency signals corresponding to a static posi- white noise respectively. In numerical terms, a 25 μm2 s−1
tion (e.g., latitude, longitude and elevation), or simulate entire accelerometer bias (≈ 245 μg) of a navigation grade sensor
trajectories. For example, an attacker can spoof the navigation would produce a 1.59 km position error in one hour. The
route of a vehicle carrying high-value items and hijack it to aggravation of sensor errors becomes critical to aviation and
arbitrary locations without raising alarms. The operators of maritime applications as the vehicles have more degrees of
ride hailing services can fake the route taken. Furthermore, freedom to move. However, on road, the vehicles are limited
GPS spoofing attacks can delay or even prevent emergency by the available road networks and are therefore severely
support services from reaching intended destinations. constrained in their possible trajectories. Figure 1 illustrates
how the bias errors affect the final position estimates in a
C. Inertial Sensors Aided Navigation and Tracking
road navigation scenario (with motion constraints) and aerial
The need to operate effectively in scenarios where GPS (without any motion constraints). These constraints imposed
is inaccessible, unreliable or potentially jammed or spoofed inherently by the road networks has led to the emergence
by adversaries has led to the increased interest in building of using inertial sensors to complement GPS navigation and
complementary navigation solutions and spoofing detection tracking solutions. Moreover, the inertial sensors are largely
techniques. Several countermeasures and alternative localiza- immune to jamming which makes them invaluable to the safety
tion techniques have been proposed. Of them, inertial sensors and security-critical applications described previously.
are emerging as a popular choice for two main reasons. First,
inertial measurements are not affected by wireless jamming III. S POOFING INS- AIDED L OCALIZATION S YSTEMS
and are therefore resilient to denial of service attacks. Second, In this section, we demonstrate spoofing attacks on road
their widespread availability in majority of modern smart- navigation and tracking applications that rely on both GPS
phones makes them easy to deploy and integrate into existing and the inertial sensors for the localization. To the best of our
navigation and tracking infrastructure without the need any knowledge, this is the first demonstration of spoofing attacks
hardware or software modifications to the GPS receiver. on GPS/INS localization systems.
Inertial navigation is the process of integrating the readings
of select sensors such as accelerometers, gyroscopes, and A. System and Attacker Model
magnetometer into a complete three-dimensional position, Our attack is independent of how the GPS/INS system is
velocity, and orientation solution. Inertial navigation systems deployed i.e., it can either be an app on a trusted smartphone
are classified as dead-reckoning, since the estimation process or a specialized tracking device (e.g., ankle monitors) installed
is iterative and uses prior information i.e., calculating from on the entity of interest. The main objective of the monitoring
some previously known navigation solution. Accelerometers system is to keep track of the location and navigation routes of
measure both gravitational and non-gravitational acceleration the entities. We assume an attacker capable of generating and
transmitting fake GPS signals corresponding to any location
or navigation route of his choice using tools such as gps-sdr-
sim [44]. The goal of the attacker is to spoof his location and
navigation trajectory without being detected. For example, the
attacker can try to deviate from an assigned navigation route
and reach as far away as possible from the intended destination
before an anomaly is detected and an alarm raised. At that
moment, the adversary’s location remains undetermined. Al-
ternately, the attacker starts and ends at the intended locations,
however using a different route than the one being reported
to the monitoring station. We assume an attacker with full
physical access to the entity being tracked and is aware of
the GPS/INS system deployed for monitoring. For this work,
we assume that the tracking device itself is tamper-proof. For
example, the attacker can be a driver of a cargo company (or
a hijacker) who has full access to the vehicle. He regularly
drives this vehicle to transport high-value goods, and is aware
of the GPS and INS based tracking system employed by the
company. However, he cannot modify the software on the Fig. 2: A spoofed path example in Manhattan and the escape
smartphone or physically tamper the tracking device. destinations generated for that single spoofed path. Our algo-
rithms generate 100 distinct spoofed paths for a given start
B. Overview of the Attack and end location, allowing an adversary to undetectably reach
The primary objective of the attacker is to fake the reported an even larger set of escape destinations.
navigation route without raising suspicion. Note that simply
spoofing GPS signals is not sufficient as the INS measurements
will indicate discrepancies between the reported GPS location path generated between two end points in Manhattan (green
and the inertial estimates. In order to successfully execute the line from green marker to red marker) and the destinations
attack, it is now necessary for the attacker to identify and spoof of the escape paths (red points) generated for this particular
navigation paths that have similar distances, road curvature, spoofed path. Finally, the attack is executed by spoofing the
and turn angles to minimize the discrepancies between the tracking device to report the spoofed path while the attacker
INS and GPS estimates. Our system, which we refer to as actually drives the escape path.
ESCAPE, exploits the regular patterns that exist in many
C. Internals of ESCAPE
cities’ road networks and identifies navigation paths that are
similar to the route that is reported to the monitoring center. ESCAPE consists of three main building blocks: (i) graph
As a result, the inconsistencies between the INS and GPS constructor, ii) spoofed paths generator and (iii) escape paths
estimates are negligible and the attack is successfully executed. generator. The graph constructor generates directed graphs
The attack begins with the attacker providing the start and based on the road network present in the geographic area
end points of the assigned trip to ESCAPE. ESCAPE computes of interest. Our attack does not enforce any limits on the
two sets of paths: (i) spoofed paths and (ii) escape paths. The geographic area. As the name suggests, the spoofed and escape
spoofed paths are a set of paths that exist between the start paths generator blocks are responsible for computing and
and end points of the trip. These are the paths that the attacker identifying spoofed and escape paths for the attacker.
will generate fake GPS signals and spoof the receiver to report 1) Graph Constructor: The paths for an area G are
to the monitoring center. These should be plausible paths for generated from a directed graph GG = (V, E). We chose
the source and destination locations. For every spoofed path, OpenStreetMap [46] as the map provider as it has accurate
ESCAPE computes a set of escape paths which the attacker road information for major cities of the world along with
can use to deviate from the intended course while executing various meta-data such as types of roads and buildings. Each
the spoofing attack. In other words, a spoofed path is the route geographic area can be represented as G = (A, C, θ, ϑ), where
that is reported to the monitoring center and the escape path A is a set of atomic sections and C = {χ = (s, s )|s, s ∈ A}
is the true route taken by the attacker to reach an alternate is a set of connections where χ indicates a connection between
destination. The attacker then picks an escape path that enables two atomic sections s and s . We define an atomic section
him to reach his intended location. The intended location can as a section of road between two intersections, such that it
either be a point far away from the assigned destination (to buy preserves the road’s curvature but does not contain turns or
the adversary some time) or just a diversion before reaching sharp curves. A connection is an intersection connecting two
the assigned destination. The selected escape path corresponds atomic sections. These connections may extend the same road
to a spoofed path which the attacker can use to generate or may turn into another road. The turn angle associated with
spoofing signals. Figure 2 illustrates an example of a spoofed a connection χ is given by the function θ(χ) and the atomic
Input: G = (V, E), Loc(s), Loc(d), NP
Output: S = {p1 , . . . , pNP }
V3
V8
V4
1 Initialization : S ← ∅; p ← [ ]; v ← ∅
2 s ← getSourceV ertex(Loc(s))
3 d ← getDestinationV ertex(Loc(d))
V5
V1
V9
V6
4 GenerateSpoofedPaths(s, d)
5 S ← selectT opP aths(S, NP )
(a) Example Road Network 6 function GenerateSpoofedPaths(s, d):
V3 V4 V8 7 p ← p + [s]
8 v ← v ∪ {s}
V1 V2 V7 9 if s = d then
10 S ← S ∪ {p}
V5 V6 V9 11 else
12 for e ∈ V such that (s, e) ∈ E do
(b) The Graph Representation 13 if e ∈ v and F ilter(s, e, p) passed then
Fig. 3: Sample road and corresponding graph representation. 14 p.score ← p.score ∗ Score(s, e, p)
15 GenerateSpoofedPaths (e, d)
16 end
section’s curvature is given by the function ϑ(s) as defined in 17 p ← p − [s]
Equation 1. We represent each atomic section s by a vertex 18 v ← v − {s}
v ∈ V and each connection χ by an edge e ∈ E. Figure 3
Algorithm 1: Spoofed Paths Algorithm
shows an example road network and the corresponding
graph construction. A default speed limit is assigned to each
atomic section based on the road type in OpenStreetMap.
For example, a ‘motorway’ symbolizes interstates in the of the graph. When such paths are found, they increase the
USA that have speed limits ≈ 65mph. The length, speed likelihood of finding similar paths to other destinations in the
limit, and geographic coordinates of the atomic section s graph. To this extent, we implement a scoring scheme that
are stored as attributes of the corresponding vertex v. The analyses the road curvature and turn angles of the geographic
length and speed limit are used to calculate the fastest time area and maximizes the score of paths that contain curvature
of travel between the end points. It is important to note that and turns having a higher probability of occurrence. The
this is a one time initialization step for every geographic area. path search algorithm is implemented as a modified Depth
First Search (DFS) algorithm. A typical DFS implementation
2) Spoofed Paths Generator: Spoofed paths generator computes a single path between a given source and destination.
searches and compiles possible paths between the source and This limits an attacker’s ability to generate multiple spoofed
destination points assigned to a specific trip. The spoofed paths paths between these end points. We extend the basic DFS
are defined as a set of N routes S = {S1 , . . . , SN } such algorithm to compute all plausible non-cyclic paths between
that Si has a higher likelihood of spoofing than Sj , where the source and destination. A path is plausible if it is within
i < j and Si , Sj ∈ S. Each route Si contains a list of 20% of the shortest path. To scale the algorithm to large graphs
geographic coordinates starting and ending at the input source (typical for large cities), we incorporate filtering and scoring
and destination. Given the geographic area of the attacker, functions in order to speed up computation by eliminating
the algorithm generates paths that maximize the probability unlikely paths and pruning low scoring paths at every iteration.
of finding similar road curvature and turn angles in other The spoofed paths generator algorithm (Algorithm 1) takes
sections of the area. Therefore, it maximizes the number of as input a graph G = (V, E), the source Loc(s) and desti-
escape paths. It leverages the fact that urban areas have regular nation Loc(d) geographic coordinates, and a count of output
patterns where most roads typically run straight and turn paths NP . The algorithm outputs a set of spoofed paths S
angles are at right angles. This is achieved by implementing sorted by the path score. The algorithm starts by initializing
a scoring scheme that ranks paths containing such regular the current path p and a set of visited vertices v (line 1). It uses
patterns higher than other non-regular paths between the same the attacker’s source s and destination d vertices as parameters
source and destination. Figure 4 shows the curvature and turn to GenerateSpoofedPaths to recursively compute the
angle distribution for Manhattan and provides an intuition for output paths (lines 2 – 4). In the end, these paths are sorted by
our approach. We note that most turn angles are 90◦ which score and the top NP paths are saved as the final set of spoofed
implies that given a path with all ≈ 90◦ turns, the probability paths S (line 5). Inside the GenerateSpoofedPaths
of finding another path with similar turn angles will be high. function, the algorithm adds the vertex s to the current path p
The idea underlying the spoofed paths generator is to find and the visited set v (lines 7 – 8) and adds this path p to the
paths that contain attributes likely to be found in other sections output set S when the destination vertex is found (lines 9 – 10).
the path, the probability P (ϑ(ŝ), θ(χ̂)) is obtained from the
25000 8000
table P (G). Note that, owing to the algorithm construction, all
20000
6000 connecting edges have equal probability of occurrence and are
Counts
Counts
15000 independent of the current path. Therefore, the score at each
4000
10000 vertex is multiplied with the previous path score to calculate
5000 2000 the compound probability of all vertices in the path. The final
0 0
path score is calculated as
0 20 40 60 50 100 150
Curvature (deg) Turn Angle (deg)
M
score = P (ϑ(si ), θ(χi )). (2)
(a) Curvature Distribution (b) Turn Distribution i=1
Fig. 4: Curvature and Turn Distribution for Manhattan. Filtering: The algorithm is designed to generate all paths
between the input source and destination. For a large graph,
the number of possibilities can be in the order of billions
Otherwise, the algorithm traverses the path’s outgoing edges
making this search very inefficient. To scale the computation,
e such that (s, e) ∈ E. During this traversal (lines 12 – 16),
the algorithm uses the following filters to speed-up the search
filtering is applied to prune edges that are unlikely to occur
of plausible paths, while enabling ranking. Given the current
(line 13) and a scoring function is applied to rank remaining
path p, source s, edge e and destination d, the algorithm
edges (line 14). The filtering and scoring methodology are
filters the edge when the path’s distance summed with the
described next. The GenerateSpoofedPaths function is
euclidean distance between the edge and destination exceeds
recursively invoked for each outgoing edge e (line 15). Note
a maximum allowed distance, i.e., d(p) + d(c, d) > F ∗ d(PI )
that, in the end, the source s vertex is removed from the current
where d(.) denotes the distance of a path and PI denotes
path p and visited set v to backtrack and proceed with the
the shortest time path between the source and destination.
depth-first search (lines 17 – 18).
For this work, we set F = 1.2 to only allow paths that
Scoring: Recall that all the vertices of the graph G = (V, E) are similar in distance to the computed shortest path. The
are atomic sections, and the edges connect two atomic sections algorithm also maintains the best N paths at all times, and
(c.f. Section III-C). The turn angle of an edge χ = (s, s ), any new path p having a worse score is filtered. For our
where (s, s ) ∈ E, is given by the function θ(χ) and the evaluation, we chose N = 100 in order to determine the
curvature of an atomic section s is given by the function ϑ(s). attack efficiency in many cities for many paths (the algorithm
This curvature ϑ(s) can be computed from the geographic runs in around 1 minute for each source/destination pair).
coordinates of the atomic section. Let B = {B1 , . . . , BN } However, a determined attacker with sufficient resources
denote the set of bearings computed from N geographic can easily use a larger N to increase the count of spoofed
coordinates. Let B0 be the bearing of an imaginary line paths. Furthermore, the adversary will only be interested in a
connecting the first and last geographic coordinates of this single source/destination pair of locations on each instance
atomic section. The curvature ϑ(s) of this atomic section is of the attack, and can therefore take more time to derive
calculated as the normalized absolute difference of all bearings the largest set possible of spoofed and escape paths. The
in B from the reference bearing B0 , i.e., shortest path PI is also bounded by a rectangle (with added
N padding of m = 1000 meters) such that all edges outside the
|Bi − B0 |
ϑ(s) = i=1 . (1) rectangle become out of scope. Note that the above algorithm
N parameters are tunable and set to conservative values in this
The set of all road curvatures ϑ = {ϑ(s )|∀s ∈ V } and turn work. We believe that the attack performance can substantially
angles θ = {θ(χ )|∀χ ∈ E} represents the road structure improve when these parameters are tuned more aggressively,
of the geographic area. Figure 4 shows these attributes for e.g., setting F = 1.5 and N = 1000 (large values of N are
Manhattan. Note that most of the calculated curvature values very reasonable when focusing on a single source/destination).
are 0◦ and most turn angles are at 90◦ . This is typical of
Manhattan and other cities synonymous with grid-like road 3) Escape Paths Generator: The idea behind the escape
structures. To use this information for scoring, a probability paths generator is to find all the paths an attacker can travel
distribution table is precomputed for the area. This table can to reach different destinations without raising alarms. To avoid
be represented as P (G) = {P (c, t)|c ∈ ϑ, t ∈ θ}, where each detection, all computed paths must have similar accelerometer
entry is the probability of occurrence of a specific curvature and gyroscope patterns to spoofed paths. The escape paths
and turn (angles rounded to the nearest integer) combination. corresponding to a spoofed path Si are a set of M routes
A path on the graph with M vertices can be represented Ei = {Ei1 , . . . , EiM } such that Eij = Si , but semantically
using each vertex’s curvature and the next edge’s turn angle, similar to Si , for any Eij ∈ Ei . The paths are semantically
i.e., p = [(c1 , t1 ), . . . , (cM −1 , tM −1 ), (cM , 0)], where ci ∈ ϑ similar when they have similar distances, road curvature and
and ti ∈ θ. In the beginning, the path is initialized to a turn angles. These paths start at the input source, but end at
score of 1. For each vertex ŝ and edge χ̂ = (ŝ, s ) added to different destinations from the intended destination.
Input: G = (V, E), SI Filtering: In this algorithm, we represent the input spoofed
Output: NP , E = {p1 , . . . , pNP } path by SI = {(dI , ϑI , θI )} where dI and ϑI denote the set
1 Initialization : E ← ∅; NP ← 0; p ← [ ]; v ← ∅ of distances and road curvatures between intersections and θI
2 s ← getSourceV ertex(SI ) denotes the turn angles at the intersections. We first present
3 t ← getT urnsCount(SI ) the idea of filtering using just turn angles θI , and later expand
4 GenerateEscapePaths(s, t) the discussion to include distances dI and road curvatures ϑI .
Let θI = {θ(χ1 ), . . . , θ(χK )} be the derived turn angles of
5 function GenerateEscapePaths(s, t): the spoofed path, where K is the number of intersections.
6 p ← p + [s] A turning connection χ = (s, e) in the escape path, where
7 v ← v ∪ {s} (s, e) ∈ E, is valid for an intersection k ∈ K when the turn
8 if len(p.turns) > t then angle difference is below a set threshold value Tθ , i.e., |θ(χk )−
9 return θ(χ )| ≤ Tθ . The parameter Tθ depends on the noise sensitivity
10 if len(p.turns) = t then of the gyroscope sensor.
11 E ← E ∪ {p} The filter for distances dI is similar to turn angles. Let dI =
12 NP ← NP + 1 {d1 , . . . , dK+1 } be the derived distances of the spoofed path
traveled between K intersections. For an intersection k ∈ K,
13 for e ∈ V such that (s, e) ∈ E do dk represents the path’s distance from the previous intersection
14 if e ∈ v and F ilter(s, e, p, SI ) passed then k − 1, i.e., dk = d(k) − d(k − 1) where d(.) denotes the total
15 p.curve ← updateCurvature(s, e, p) distance of the spoofed path at a given intersection. Note that
16 p.turns ← updateT urns(s, e, p) k = 0 is the source of the path and k = K+1 is the destination
17 p.score ← p.score ∗ Score(s, e, p, SI ) of the path. A connection χ in the escape path is valid for
18 GenerateEscapePaths (c, t) intersection k when its path distance from previous intersection
19 end k − 1 is between a range defined by the k th intersection of
20 p ← p − [s] the spoofed path, i.e., dk ∗ Td1 ≤ d’(k) − d’(k − 1) ≤ dk ∗
21 v ← v − {s} Td2 . Here, d’(.) denotes the distance of the escape path at an
Algorithm 2: Escape Paths Algorithm intersection. The above parameters Td1 and Td2 depend on the
noise sensitivity of the accelerometer sensor.
The filter for road curvature ϑI is more complex than turn
angles and distances. The reason is that, given an intersection
Given a spoofed path, the escape paths algorithm (Algo- k ∈ K, the distance dk and turn angle θ(χk ) are scalars
rithm 2) generates a set of escape paths with similar distances, while ϑ(sk ) is a vector that must be derived from bearings of
road curvatures and turn angles to the spoofed path. The the road segment sk between intersections k − 1 and k. Two
algorithm is similar to that of the spoofed paths generator. different vectors of bearings Bk and B for road segments sk
The main differences being that the algorithm uses each and s , respectively, cannot be compared directly as they may
spoofed path SI generated in the previous stage as input, where be of different lengths and in different orientations, e.g., Bk
SI ∈ S, and outputs a set of escape paths E. Also, the escape may be directed north when B is directed east. Our idea of
paths generator algorithm uses the turn count in the spoofed calculating the road curvature similarity, denoted by C(sk , s ),
path as a parameter to GenerateEscapePaths (lines 3 – is to translate these bearings to the same size N using linear
4) and checks whether the desired turn count has been reached interpolation, convert the interpolated bearings to curvature,
for the escape path under consideration (lines 10 – 12). and then compare the curvatures. Let BIk and BI represent
The deviations from the spoofed paths (to avoid INS de- the interpolated bearings for Bk and B , respectively. The cur-
tection) can be determined by analyzing the noise sensitivity vature of a road segment s with M bearings B = [b1 , . . . , bM ]
of the inertial sensors used for tracking. We demonstrate that can be derived by subtracting successive bearings for all the
commodity accelerometers and gyroscopes present challenges bearings in B, i.e., ϑ(s) = [(b2 − b1 ), . . . , (bM − bM −1 )]. Let
in accurately calculating the distances, road curvature and ϑ(sk ) and ϑ(s ) be the curvatures derived from BIk and BI ,
turn angles which can allow an attacker to travel to multiple respectively. The curvature similarity of the two segments can
destinations without detection. We show that magnetometers then be represented as:
are easily spoofed rendering them incapable of detecting
C(sk , s ) = {|ck − c | ∀ck ∈ ϑ(sk ), ∀c ∈ ϑ(s )}. (3)
anomalies in the heading direction of the vehicle. Our analysis
of the accelerometer and gyroscope noise and the potential of A connection χ in the escape path is valid for intersection
magnetometer spoofing are reported in Section IV-A. Unlike k when the maximum curvature similarity value is below a
the spoofed paths generator algorithm that ranked paths by set threshold value Tϑ , i.e., max(C(sk , s )) ≤ Tϑ . Like turn
score, the escape paths computed by this algorithm always filtering, this parameter Tϑ also depends on the gyroscope
have a score of 1. The intuition is that all paths that pass noise sensitivity.
the algorithm’s filters are certain to avoid detection by INS To avoid detection, the above discussed constraints must
tracking systems. hold for all K intersections of the escape path. Therefore, an
true acceleration experienced by the device on the x, y and z
250 125
200 100
axis, and nt is an unknown noise quantity caused by several
factors. For example, the sensors have an inherent bias due
Counts
Counts
150 75
Counts
2000
4000
distances between intersections using accelerometer data for
2000
1000 each sensor path in the data-set, and compare it to the actual
0 0
distances obtained from OpenStreetMap. To reduce the impact
0 10 20 30 40 0 50 100 150
Curvature Errors (deg) Bearing Errors (deg) of noise, we perform the calibration and rotation techniques
described in [47] before calculation. We also average multiple
(c) Curvature errors (d) Bearing errors samples together to further reduce the impact from noise.
Fig. 5: Sensor error distributions measured in real experiments. As distances may significantly vary between intersections,
we represent the distance error as a ratio of the derived
accelerometer distances to the actual distances. More precisely,
escape path is considered valid if and only if all the following if ds is a vector of N derived accelerometer distances and
conditions are met. da is a vector of N actual distances, then errors ea can be
represented as a vector ea = [(ds1 /da1 ), . . . , (dsN /daN )].
|θ(χk ) − θ(χ )| ≤ Tθ , ∀ k = 1, . . . , K Figure 5a shows the distribution of the errors ea . Note that the
dk ∗ Td1 ≤ d’(k) − d’(k − 1) ≤ dk ∗ Td2 , ∀ k = 1, . . . , K + 1 desired value for an error should be near 1, however, we see
max(C(sk , s )) ≤ Tϑ , ∀ k = 1, . . . , K + 1 large variations ranging between 0.1 to 5. This indicates that
the accelerometer sensor is unsuitable for distance calculation
and enables an attacker to travel much larger distances than the
IV. ATTACK I MPACT: I MPLEMENTATION AND E VALUATION intended path. Recall that the escape paths generator algorithm
In this section, we present the implementation of our attack uses parameters Td1 and Td2 to filter connections of the escape
and evaluate its effectiveness in various cities across the globe. paths based on distances (Section III-C3). These parameters
First, we evaluate the accuracy of inertial sensors and derive are chosen from the error distribution ea such that the allowed
realistic noise threshold settings for ESCAPE algorithm. Then, range is based on the 75th percentile of the distribution, i.e.,
we describe the details of our experimental setup and the Td1 = 0.2 and Td2 = 3.3.
methodology. Finally, we present the results of our evalua- 2) Gyroscope and Magnetometer Accuracy: The gyroscope
tion using two metrics, (i) displacement from the assigned sensor can be used to measure the turn angles and the curvature
destination and (ii) coverage area of the escape paths. of the path. This data can also be represented as the vector
g = [(g1 + n1 ), . . . , (gT + nT )], where gt is the rate of angular
A. Accuracy of Inertial Sensors change experienced by the device on the x, y and z axis, and
The sensor data for evaluating the noise sensitivity of nt is an unknown noise quantity. In this case, however, the
accelerometers and gyroscopes was obtained from an open impact of nt is not as significant as accelerometers and the
dataset [47]. This dataset comprises of accelerometer, gyro- measurements are closer to the actual values.
scope and magnetometer samples recorded from ≈ 140 real We are interested in finding the turn angle errors and
driving experiments in the cities of Boston and Waltham, MA, the curvature errors calculated from the gyroscope data, in
USA. The sensor samples were collected on 4 smart phones comparison to the actual values derived from OpenStreetMap.
(HTC One M7, LG Nexus 5, LG Nexus 5X, and Samsung S6). To calculate the turn errors, we use a similar approach to [47]
The GPS traces for these routes were also recorded for ground in that we define a turn error as the absolute difference between
truth comparison. The work focused specifically on gyroscope the gyroscope derived turn angle and the actual turn angle.
noise during turns. We extend that work to also include noise However, we are interested in the overall error distribution for
sensitivity when distance is calculated from the accelerometer all the phones instead of individual phones. Figure 5b shows
sensor, as well as when road curvature is calculated from the the distribution of the turn angle errors for all the turns in the
gyroscope sensor. data-set. The distribution reaffirms that the gyroscope is much
1) Accelerometer Accuracy: The accelerometer sensor can more accurate than the accelerometer where 75% of the turn
be used to calculate the distance traveled for a path. This data errors are within 5.5◦ .
can be represented as a vector a = [(a1 + n1 ), . . . , (aT + To calculate the curvature errors, recall our technique for
nT )] sampled at discrete time intervals t ∈ T , where at is the calculating curve similarity C(sk , s ) for two road segments
Bearings (deg)
200
0
0 50 100 150
Time (s)
coordinates of the end points were retrieved, and (iii) the
Percent of Curves (Cumulative)
Percent of Routes (Cumulative)
100
Magnetometer
SF
0
0
Spoofer
0 10 20 30 40 50 5 10 15 20
Displacement (km) Distance (km)
100 100
Percent of Coverage (M ean)
Atlanta
40 Beijing
Boston 80 80
Chicago
30
Percentage
Percentage
Frankfurt
60 60
Houston
20 London
Manhattan 40 40
Paris
10 SF Reference Reference
20 GPS Path Errors
20 GPS Path Errors
0 Sensor Path Errors Sensor Path Errors
0 0
0 5 10 15 20 0 5 10 15 −40 −20 0 20 40
Route Distances (km) Accelerometer Errors (m) Turn Angle Errors (deg)
Fig. 11: Attacker’s mean coverage area with 95% confidence (a) Distance calculation errors (b) Turn angle errors
interval for different route distances. 100 100
80 80
Percentage
Percentage
60 60
routes computed in our evaluation, up to 82% of final escape
destinations were located even beyond the area of interest used 40 40
that a variety of commercial GPS receivers were vulnerable
Percent of Routes (Cumulative)
80 Atlanta 80 Atlanta
and in some cases even caused permanent damage to the
Beijing
Boston
Beijing
Boston
receivers. Zeng et al. [54] explored the feasibility of stealthily
60 60
Chicago
Frankfurt
Chicago
Frankfurt
spoofing GPS-based road navigation systems. The attacker
40 40
Houston
London
Houston
London
generates fake GPS signals that closely resembles the shape
Manhattan Manhattan
20 Paris
20 Paris of a route shown on the navigation software. The goal of the
SF SF
0 0 attack is to fooling the user to drive a route that looks similar
0 5 10 15 0 5 10 15
Displacement (km) Displacement (km)
to the original path. The success of the attack depends on the
user’s ability to match the navigation instructions with their
(a) Military-grade sensors (b) Secure Path Selection surroundings (e.g., street names). The attack further exploits
Fig. 13: Displacement error comparison between using mili- the limited area of focus that first-person views of majority of
tary grade sensors and our secure path selection algorithm. navigation system provide. The ESCAPE attack proposed in
this paper makes no such assumption and succeeds against an
autonomous system that keeps track of a vehicle’s movement
if there exists some potential for spoofing in this path, the patterns using both GPS and inertial sensors. In fact, Zeng
escape routes can be known well in advance and appropriate et al.’s [54] propose the use of inertial navigation sensors
countermeasures can be taken to prevent it. Recall that the as a countermeasure against their attack. In general, several
attack algorithm searches for navigation routes with a high countermeasures were proposed against GPS spoofing attacks
probability of occurrence in other sections of the road network that are both cryptographic [16], [17], [18], [19] and non-
(c.f., Section III-C2). The final path score was calculated cryptographic [20], [21], [22], [23], [24], [25], [26] to detect
using Equation (2). For generating secure paths that are or mitigate GPS signal spoofing attacks. These techniques
more resilient to spoofing, the are either unreliable (e.g., large number of false alarms),
algorithm
M
simply negates this
path score, i.e., score = − i=1 P (ϑ(si ), θ(χi )). This has effective only against naive attackers or required modifications
the effect of assigning the highest score to paths containing to the GPS receiver/infrastructure itself. Alternate localization
unique road curvature and turn angles with low probability of technologies using WiFi or cellular networks [27], [28] lack
occurrence. If we choose the count of output paths NP as 1, in the accuracy and coverage required for the above mentioned
some instances, a path with unique curvature and turns only in applications and are vulnerable to jamming attacks [55], [56],
the beginning or towards the end of the path can get chosen. [57], [58], [59]. In the context of on-road navigation and
This could allow the attacker to achieve higher displacement tracking, using data from inertial sensors [29], [30], [31]
than other potential paths, which is undesirable. To mitigate alongside GPS is emerging as a popular choice for applications
this, the algorithm sets NP as 100 and chooses the path that where spoofing and jamming are a threat. The absence of any
outputs the least number of spoofable paths. In other words, communication between the inertial sensors and the external
the application or service provider (e.g., logistics company) world for estimating the location makes it robust to signal
can assign “secure navigation routes” that are hard to fake spoofing and jamming attacks. Many works [36], [37], [38],
because of unique road characteristics. Figure 13b shows the [39], [40], [41], [60] analyze and show that inertial sensors are
results of evaluations for all cities using the same parameters as promising for detection and mitigation of GPS spoofing at-
the original simulations, albeit the scoring method. Comparing tacks. Many commercial-off-the-shelf GPS/INS products [32],
with the original simulations, we see the attacker significantly [33], [34], [35] are available and used in many civilian and
limited in the amount of alternate routes available to him. military applications. Recently, analog attacks have also been
demonstrated on inertial sensors. WALNUT [61] shows how
VI. R ELATED W ORK analog acoustic injection attacks can affect the digital integrity
In 2001, the Volpe report [49] first identified malicious of a capacitive MEMS accelerometer. Son et al. [62] showed
interference with the civilian GPS signal as a serious prob- that acoustic interference on MEMS gyroscopes in drones can
lem. Following this several researchers have demonstrated the cause them to crash. Shoukry et al. [63] demonstrate how to
insecurity of GPS-based navigation by diverting the course of deliver fake readings to an anti-lock braking system via the
a yacht [11], forcing drones [12] to land in a hostile area and magnetic wheel speed sensors using electro magnetic inter-
taking over navigation systems of transportation trucks [24] ference in an automotive setting. In this paper, we show that
using spoofed GPS signals. In addition to commercial GPS magnetometers are vulnerable to electromagnetic interference
simulators [50], [51], it is today possible to build low-cost attacks and an attacker can precisely control its output. Given
GPS signal spoofers that generate GPS signals for any chosen the emergence of GPS/INS solutions, we believe our work
trajectory or navigation route using existing public reposi- emphasizes fundamental security limitations of GPS/INS for
tories [44] and less than $300 [43] of hardware equipment. road navigation and tracking applications.
Advanced attacks [52], [53] in which the attackers takeover
a target receiver that is already receiving navigation messages ACKNOWLEDGMENTS
from authentic satellite signals without the receiver noticing The work was partially supported by NSF grants 1740907,
any disruption or loss of navigation data. It was also shown 1643249, and 1850264.
R EFERENCES [28] N. O. Tippenhauer, K. B. Rasmussen, C. Pöpper, and S. Čapkun,
“Attacks on public wlan-based positioning systems,” in Proceedings of
[1] J. R. Coffee, R. W. Rudow, R. F. Allen, M. Billings, D. A. Dye, M. L. the 7th international conference on Mobile systems, applications, and
Kirchner, R. W. Lewis, K. M. Marvin, R. D. Sleeper, W. A. Tekniepe services. ACM, 2009.
et al., “Vehicle tracking, communication and fleet management system,” [29] D. Titterton, J. Weston et al., Strapdown Inertial Navigation Technology.
Aug. 26 2003, US Patent 6,611,755. 2nd Edition. IET, 2004.
[2] Y. A. Novik, “System and method for fleet tracking,” Jan. 15 2002, US [30] J. Farrell and M. Barth, The Global Positioning System and inertial
Patent 6,339,745. navigation. McGraw-Hill New York, 1999.
[3] “Verizon Connect Fleet Management System,” https://www. [31] J. Wendel, O. Meister, C. Schlaile, and G. F. Trommer, “An integrated
verizonconnect.com/solutions/gps-fleet-tracking-software/. GPS/MEMS-IMU navigation system for an autonomous helicopter,”
[4] “Massachusetts Probation Service’s Electronic monitoring program ,” Aerospace Science and Technology, 2006.
https://www.mass.gov/service-details/electronic-monitoring-program. [32] “KVH Systems - Using Inertial Systems to Overcome GPS Spoofing,”
[5] “Geo-Satis Electronic Monitoring Solution,” https://geo-satis.com/. https://www.kvhmobileworld.kvh.com/.
[6] “US Department of Transportation: In-vehicle Performance Moni- [33] “VectorNAV - Embedded Navigation Solutions,” https://www.vectornav.
toring and Feedback,” https://www.transportation.gov/mission/health/ com/products.
In-vehicle-Performance-Monitoring-and-Feedback. [34] “Honeywell Aerospace - Embedded GPS/INS,” https:
[7] G. Mintsis, S. Basbas, P. Papaioannou, C. Taxiltaris, and I. Tziavos, //aerospace.honeywell.com/en/products/navigation-and-sensors/
“Applications of gps technology in the land transportation system,” embedded-gps-or-ins.
European journal of operational Research, 2004. [35] “Navtech GPS soplutions,” https://www.navtechgps.com/oxts xoem
[8] “Developing GPS monitoring for the public transport fleet,” http://civitas. inseries/.
eu/measure/developing-gps-monitoring-public-transport-fleet. [36] S. Khanafseh, N. Roshan, S. Langel, F.-C. Chan, M. Joerger, and B. Per-
[9] P. Misra and P. Enge, Global Positioning System: Signals, Measurements van, “Gps spoofing detection using raim with ins coupling,” in Pro-
and Performance Second Edition. Lincoln, MA: Ganga-Jamuna Press, ceedings of the Position, Location and Navigation Symposium—PLANS,
2006. 2014.
[10] G. GSA, “Market report issue 3,” 2017, https://www.gsa.europa.eu/. [37] N. A. White, P. S. Maybeck, and S. L. DeVilbiss, “Detection of
[11] “UT Austin Researchers Successfully Spoof an $80 interference/jamming and spoofing in a dgps-aided inertial system,”
million Yacht at Sea,” http://news.utexas.edu/2013/07/29/ IEEE Transactions on Aerospace and Electronic Systems, 1998.
ut-austin-researchers-successfully-spoof-an-80-million-yacht-at-sea. [38] J.-H. Lee, K.-C. Kwon, D.-S. An, and D.-S. Shim, “Gps spoofing detec-
[12] T. Humphreys, “Statement on the vulnerability of civil unmanned aerial tion using accelerometers and performance analysis with probability of
vehicles and other systems to civil gps spoofing,” University of Texas at detection,” International Journal of Control, Automation and Systems,
Austin (July 18, 2012), 2012. 2015.
[13] K. C. Zeng, Y. Shu, S. Liu, Y. Dou, and Y. Yang, “A practical gps [39] S. Dehnie and R. Ghanadan, “Methods and systems for detecting gps
location spoofing attack in road navigation scenario,” in Proceedings spoofing attacks,” Dec. 30 2014, US Patent 8,922,427.
of the 18th International Workshop on Mobile Computing Systems and [40] R. E. Ebner and R. A. Brown, “Integrated gps/inertial navigation
Applications. ACM, 2017. apparatus providing improved heading estimates,” Aug. 12 1997, US
[14] “Jamming GPS Signals Is Illegal, Danger- Patent 5,657,025.
ous, Cheap, and Easy,” https://gizmodo.com/ [41] L. M. P. A. Serrano, C. S. Dixon, and M. J. Perren, “Receiver and
jamming-gps-signals-is-illegal-dangerous-cheap-and-e-1796778955. method for authenticating satellite signals,” Jul. 28 2011, US Patent
[15] “N.J. Man In A Jam, After Illegal GPS Device Interferes With Newark App. 12/780,337.
Liberty Operations,” https://newyork.cbslocal.com/2013/08/09/n-j- [42] “Ettus research llc,” http://www.ettus.com/.
man-in-a-jam-after-illegal-gps-device-interferes-with-newark-liberty- [43] “Hacking A Phone’s GPS May Have Just Got Easier,” http://www.forbes.
operations/. com/sites/parmyolson/2015/08/07/gps-spoofing-hackers-defcon/.
[16] T. E. Humphreys, “Detection strategy for cryptographic GNSS anti- [44] “Opensource software-defined GPS signal simulator,” https://github.
spoofing,” IEEE Transactions on Aerospace and Electronic Systems, com/osqzss/gps-sdr-sim.
2013. [45] G. M. Rebeiz, RF MEMS: theory, design, and technology. John Wiley
[17] M. G. Kuhn, “An asymmetric security mechanism for navigation sig- & Sons, 2004.
nals,” in Information Hiding, 2005. [46] OpenStreetMap, “OpenStreetMap Project,” https://www.openstreetmap.
[18] S. C. Lo and P. K. Enge, “Authenticating aviation augmentation system org/.
broadcasts,” 2010. [47] S. Narain, T. D. Vo-Huu, K. Block, and G. Noubir, “Inferring user
[19] K. Wesson, M. Rothlisberger, and T. Humphreys, “Practical crypto- routes and locations using zero-permission mobile sensors,” in 2016
graphic civil GPS signal authentication,” Journal of Navigation, 2012. IEEE Symposium on Security and Privacy (S&P), 2016.
[20] D. M. Akos, “Who’s afraid of the spoofer? GPS/GNSS spoofing [48] “GPS-SDR-SIM - Software-Defined GPS Signal Simulator,” https://
detection via automatic gain control (AGC),” Navigation, 2012. github.com/FrankBuss/gps-sdr-sim.
[21] A. Ranganathan, H. Ólafsdóttir, and S. Capkun, “Spree: A spoofing [49] J. A. Volpe, “Vulnerability assessment of the transportation infrastructure
resistant gps receiver,” in Proceedings of the 22nd Annual International relying on the global positioning system,” http:// www.navcen.uscg.gov/ ,
Conference on Mobile Computing and Networking. ACM, 2016. 2001.
[22] M. L. Psiaki, S. P. Powell, and B. W. O’Hanlon, “GNSS spoofing [50] “LabSat GPS Simulator,” http://www.labsat.co.uk/.
detection using high-frequency antenna motion and carrier-phase data,” [51] “GSG-xx Series Multi-channel advanced GNSS simulator,” http://www.
in Proceedings of the ION GNSS+ Meeting, 2013. spectracomcorp.com/.
[23] K. Wesson, D. Shepard, J. Bhatti, and T. E. Humphreys, “An evaluation [52] T. Nighswander, B. M. Ledvina, J. Diamond, R. Brumley, and D. Brum-
of the vestigial signal defense for civil GPS anti-spoofing,” in Proceed- ley, “GPS software attacks,” in Proceedings of the ACM Conference on
ings of the ION GNSS Meeting, 2011. Computer and Communications Security, 2012.
[24] J. S. Warner and R. G. Johnston, “GPS spoofing countermeasures,” [53] N. O. Tippenhauer, C. Pöpper, K. B. Rasmussen, and S. Capkun, “On
Homeland Security Journal, 2003. the requirements for successful GPS spoofing attacks,” in Proceedings
[25] A. Broumandan, A. Jafarnia-Jahromi, V. Dehghanian, J. Nielsen, and of the 18th ACM Conference on Computer and communications security,
G. Lachapelle, “GNSS spoofing detection in handheld receivers based on 2011.
signal spatial correlation,” in Proceedings of the IEEE Position Location [54] K. C. Zeng, S. Liu, Y. Shu, D. Wang, H. Li, Y. Dou, G. Wang, and
and Navigation Symposium (PLANS), 2012. Y. Yang, “All your GPS are belong to us: Towards stealthy manipulation
[26] A. Jafarnia-Jahromi, A. Broumandan, J. Nielsen, and G. Lachapelle, of road navigation systems,” in 27th USENIX Security Symposium
“GPS vulnerability to spoofing threats and a review of antispoofing (USENIX Security 18), 2018.
techniques,” International Journal of Navigation and Observation, 2012. [55] T. D. Vo-Huu, T. D. Vo-Huu, and G. Noubir, “Interleaving jamming in
[27] P. A. Zandbergen, “Accuracy of iphone locations: A comparison of wi-fi networks,” in Proceedings of the 9th ACM Conference on Security
assisted gps, wifi and cellular positioning,” Transactions in GIS, 2009. and Privacy in Wireless and Mobile Networks, 2016.
[56] L. Xin, D. Starobinski, and G. Noubir, “Cascading denial of service at- A PPENDIX
tacks on wi-fi networks,” in 2016 IEEE Conference on Communications
and Network Security (CNS), 2016.
[57] K. Firouzbakht, G. Noubir, and M. Salehi, “On the performance of A. In-car Experimental Setup
adaptive packetized wireless communication links under jamming,”
IEEE Transactions on Wireless Communications, 2014.
[58] ——, “On the capacity of rate-adaptive packetized wireless communica-
tion links under jamming,” in Proceedings of the Fifth ACM Conference
on Security and Privacy in Wireless and Mobile Networks, 2012.
[59] T. D. Vo-Huu, E.-O. Blass, and G. Noubir, “Counter-jamming using
mixed mechanical and software interference cancellation,” in Proceed-
ings of the Sixth ACM Conference on Security and Privacy in Wireless
and Mobile Networks, 2013.
[60] A. Mosenia, X. Dai, P. Mittal, and N. K. Jha, “Pinme: Tracking a
smartphone user around the world,” IEEE Transactions on Multi-Scale
Computing Systems, 2018.
[61] T. Trippel, O. Weisse, W. Xu, P. Honeyman, and K. Fu, “Walnut: Waging
doubt on the integrity of mems accelerometers with acoustic injection
attacks,” in Security and Privacy (EuroS&P), 2017 IEEE European
Symposium on, 2017. The photograph of our in-car integrated GPS/INS spoofer
[62] Y. M. Son, H. C. Shin, D. K. Kim, Y. S. Park, J. H. Noh, K. B. Choi,
J. W. Choi, and Y. D. Kim, “Rocking drones with intentional sound noise setup used in the evaluations. We have uploaded a video of
on gyroscopic sensors,” in 24th USENIX Security symposium, 2015. our experiment in this link https://youtu.be/Tvj8Fv5jFLw .
[63] Y. Shoukry, P. Martin, P. Tabuada, and M. Srivastava, “Non-invasive Note that parts of the video has been edited (fast forward,
spoofing attacks for anti-lock braking systems,” in International Work-
shop on Cryptographic Hardware and Embedded Systems, 2013. and parts cut) to focus the illustration on the relevant parts.