SCADA, Telematics & GPS Technologies

With millions of GPS-based navigation devices on the road today, it is time someone considered the question: What if there’s an attack on the GPS network itself?

Researchers at Virginia Tech and Cornell University spent more than a year building equipment that can transmit fake GPS signals capable of fooling receivers.

“GPS is woven into our technology infrastructure, just like the power grid or the water system,” said Paul Kintner, electrical and computer engineering professor and director of the Cornell GPS Laboratory in a statement. “If it were attacked, there would be a serious impact.”

GPS is a U.S. government-built navigation system of more than 30 satellites circling earth twice a day in specific orbits. The satellites transmit signals to receivers on land, sea and in air. Based on the signals received from the satellites, devices are able to triangulate their exact positions on the globe. But if those satellite signals were wrong — or were spoofed — a GPS device might come up with the wrong location based on the signals it was receiving.

The researchers started by programming a briefcase-size GPS receiver used in the research of the uppermost part of the Earth’s atmosphere, known as ionospheric research, to send out fake signals. The phony receiver was placed in the proximity of a navigation device, where it anticipated the signal being transmitted from the GPS satellite. Almost instantly, the reprogrammed receiver sent out a false signal that the GPS-based navigation device took for the real thing.

The experiments to show the vulnerability of GPS receivers to spoofing could help devise methods to guard against such attacks, says Brent Ledvina, an assistant professor of electrical and computer engineering at Virginia Tech, and will be detailed in a research paper to be released Thursday.

“It’s almost like someone nearby is spoofing your favorite radio station by transmitting at the same frequency but higher power fooling your receiver into believing it is getting the right station,” says Ledvina.

The idea of GPS receiver spoofing has already been considered by federal authorities. In a December 2003 report, the Department of Homeland Security detailed seven countermeasures including monitoring the absolute and relative GPS signal strength, monitoring the satellite identification codes and the number of signals received and checking the time intervals between the received signals to guard against spoofs.

Still those fall short and would not have successfully fended off the signals produced by a reprogrammed receiver, said the researchers.

Instead they have suggested a few countermeasures that involve both hardware and software changes. “We have two patent applications which include a software algorithm to help make changes to how receivers react to signals,” says Ledvina.

The other patent is around the spoofer tool used, he says. “The idea is to help government and other companies use it to potentially make better receivers,” says Ledvina.

Photo: NASA

Links: HomeLandSecurity, wired

Auto theft can be very dangerous and this is a car thief that should have thought twice before stealing a bait car in Washington State. Check out this dramatic video.

A bait car, also called a decoy car, is a vehicle used by a law enforcement agency to capture car thieves. The vehicles are specially modified, with features including GPS tracking, hidden cameras that record audio, video, time, and date, which can all be remotely monitored by police. A remote controlled immobiliser (known as a “kill” device in law enforcement jargon) is installed in the vehicle that allows police to disable the engine and lock the doors.

The car is filled with valuable items and then parked in a high-vehicle theft area. In some cases, the vehicle is simply left unlocked with the keys hanging from the ignition. When the car is stolen, officers are alerted, who then send the radio signal that shuts off power to the engine and locks the doors, preventing an escape. The practice does not violate entrapment laws, since suspects are not persuaded to steal the vehicle by any means other than its availability and their own motivation.

The concept and technology was first developed by Jason Cecchettini of Pegasus Technologies and was used by the Sacramento Police Department in 1996, using Sedans like the Toyota Camry, and sports cars, such as the Honda Prelude.

The bait car is a phenomenon in the study of criminal behavior since it offers a rare glimpse into the actions and reactions of suspects before, during and after the crime. Unlike other crimes caught on surveillance cameras, suspects, at least initially, believe and react as if the crime has been wholly successful, until the bait car is apprehended by law enforcement personnel.

The largest bait car fleet in North America is operated by the Integrated Municipal Provincial Auto Crime Team (IMPACT), based in Surrey, British Columbia. Surrey was designated the “car theft capital of North America” by the Royal Canadian Mounted Police in 2002. Their program was launched in 2004, and has contributed to a 10% drop in auto thefts since then.

A LoJack is a similar technology, in that it allows a vehicle to be remotely tracked if it is stolen. These are typically installed in police vehicles.

Bait cars can be used as part of a honey trap, a form of sting operation, in which criminals not known to the police are lured into exposing themselves. Unlike a sting operation that targets a known or suspected criminal, a honey trap establishes a general lure to attract unknown criminals.

Bait cars (and the stings they are used in) have been featured in numerous documentary or reality television programs, including COPS and World’s Wildest Police Videos. They are also the exclusive focus of a 2007 Court TV (now truTV) series simply titled Bait Car.

Links: News10, BaitCar, BSM Wireless

When engineers tackle a project that uses ZigBee communications they may get a surprise. Unlike point-to-point communications, ZigBee involves a network that can establish nodes, repeaters and complex mesh topologies. The proper test tools–often called “sniffers”–help engineers diagnose ZigBee-network problems that could otherwise turn into nightmares.

Microchip Technology includes the ZENA Wireless Network Analyzer with its PICDEM Z demonstration kit so engineers can see what goes on among ZigBee devices. The ZENA tool also can sniff and decode Microchip’s MiWi protocol that, like ZigBee, uses IEEE 802.15.4 radios. According to Steve Bible, an applications engineering manager at Microchip, ZENA time stamps packets and displays them in a graphical format. ”

The screen shows the destination and source addresses, the payload and the data,” explained Bible. “We add some color coding and provide data as hexadecimal values. Users also see a received signal strength indication, or RSSI–an uncalibrated relative value.”
…

“ZigBee and IEEE 802.15.4 technologies require a shift in how we analyze and manage ad-hoc wireless networks,” said Matt Perkins, VP of technology development at Awarepoint, a supplier of wireless asset-tracking systems. “An analyzer should take time-sliced snapshots of network traffic, ‘mine’ the traffic for metrics such as throughput, bottlenecks and end-to-end delays, and presents information in a concise graphical form.”

Source: Freaklabs

It’s an old issue but still got a kind of relations to our days of life.

Another highlight for us at CCC was [Karsten Nohl] and [Henryk Plötz] presenting how they reversed Philips crypto-1 “classic” Mifare RFID chips which are used in car keys, among other things. They analyzed both the silicon and the actual handshaking over RF. Looking at the silicon they found about 10K gates. Analyzing with Matlab turned up 70 unique functions. Then they started looking “crypto-like” parts: long strings of flip-flops used for registers, XORs, things near the edge that were heavily interconnected. Only 10% of the gates ended up being crypto. They now know the crypto algorithm based on this analysis and will be releasing later in the year.

The random number generator ended up being only 16-bit. It generates this number based on how long since the card has been powered up. They controlled the reader (an OpenPCD) which lets them generate the same “random” seed number over and over again. This was actually happening on accident before they discovered the flaw.

One more broken security-through-obscurity system to add to the list. For more fun, watch the video of the presentation.

Source: Hackaday

In a move toward controlling datacenter energy consumption, Microsoft is deploying sensors that will trace work distribution to help plot for optimization

To better control energy consumption in its datacenters, Microsoft has deployed 2,000 internally built temperature and humidity sensors in several of its facilities.

The sensors use ZigBee wireless technology to transmit the data to databases that analyze the information. Data-center administrators can look at a graphical image of the datacenter that is color-coded based on temperature and at a glance see areas that are getting hot.

Ultimately, Microsoft would like to be able to distribute computational load in the datacenters based on the temperature of servers, and it is beginning to work on such a system, said Jie Liu, a Microsoft researcher working on the deployment. He showed off the devices and a view of the database at the annual Microsoft Research Faculty Summit in Redmond, Washington, on Tuesday.

Source: InfoWorld

It’s every nerd’s fantasy — a “smart house” that knows when you left the lights on and turns them off, adjusts the heat and A/C according to the outside temperature, closes the blinds in the afternoon sun and reminds you to get milk at the store.

It may sound like something out of a 1980s sci-fi movie, but it’s not as far-fetched as you think. In fact, home automation is a burgeoning market with all sorts of toys available.

For most part, it’s a playground limited to a few lucky dot-com millionaires. If you happen to have sold YouTube for a billion dollars, just find a contractor who specializes in this stuff and pretty soon an automated voice will announce when the milk is low.

Fortunately, the rest of us aren’t completely left out of the home automation fun. But this stuff gets pretty geeky pretty fast, and it definitely helps to have some background knowledge about electronics and networking before diving in.

Source: Bored IT

Smart home, or intelligent homes, technology is no longer just for the technophile hobbyist. It’s right on the cusp of becoming mainstream.

Of course, some of this stuff has been around since the 1970s in the form of X10, the industry standard for TV remote controls.

But new wireless standards (like Insteon, ZigBee, and Z-Wave) and cheaper chipsets have enabled two-way, low-cost communication between devices.

Source: Gulf News

BAE Systems, under an agreement with Micromem Applied Sensor Technologies Inc., will co-produce nano-sensor technology that will leverage both companies’ expertise for use in military, commercial, and homeland security applications.

As a foundry and business development partner with Micromem Applied Sensor Technologies, BAE Systems’ Microelectronics Center in Nashua, NH, will further develop Micromem designs and manufacturability for advanced magnetic random-access memory (MRAM) products. The goal is to bring the designs to maturity and begin production of gallium arsenide-based nano-sensors that offer features such as very high-speed and low-power capability, radiation-hardness, and overall robustness.

“Foundry facilities are very expensive, and development work on new products is highly capital-intensive,” said Gino Manzo, foundry director at BAE Systems in Nashua. “This arrangement will advance technology and design maturity for products developed by Micromem by giving both companies the means to produce devices for a wide range of commercial and military uses.”

Micromem Applied Sensor Technologies’ patented submicron nano-sensor, based on MRAM technology, also can be designed for use in highly accurate magnetometers—instruments used to measure the strength and/or direction of magnetic fields—and for threat-detection solutions for defense and homeland security.

About BAE Systems
BAE Systems is the premier global defense and aerospace company delivering a full range of products and services for air, land and naval forces, as well as advanced electronics, information technology solutions and customer support services. With 97,500 employees worldwide, BAE Systems’ sales exceeded £15.7 billion (US $31.4 billion) in 2007.

Source: Sensors

ABB has developed a top-of-the-range wireless motion detector that does not consume mains electricity and is powered – for a remarkable 5-7 years - by just three standard 1.5 volt alkaline batteries.

Launched to widespread industry acclaim in Germany in 2007, the new Busch-Watchdog wireless motion detector breaks new ground in energy-efficient and cost-effective building surveillance technology.

Powered by just three inexpensive AAA alkaline batteries (the sort commonly used in portable electronic devices like digital cameras, MP3-players and remote TV controls), the new motion detector uses an innovative design to eliminate the need for costly wiring and reduce power consumption to uniquely low levels.

Battery lifespan can be extended even more - to 10 years - by using lithium iron disulfide cells instead of standard alkaline batteries.

Industry benchmark

ABB developed the product in collaboration with Busch-Jaeger and MEMS Inc, a Swiss-based company founded by former ABB engineers. Busch-Jaeger is an ABB company and a world-leading brand in low voltage building installation products and solutions. Its range of Busch-Watchdog motion detectors is widely considered the benchmark in detection capability, reliability and esthetic appeal.

Equipped with an exceptionally powerful lens and broad range of functionality, the Busch-Watchdog detects any moving object within an unparalleled 16 meters of the detector. Unrestricted by power connections, the new wireless variant brings complete freedom of placement to users. It can be attached to a building, garage, perimeter wall, porch or ceiling.

The innovation is based on low power-consuming components and embedded system technologies in three interconnected modules compromising sensors, radio communications and microcontrollers.

The microcontroller supports several power-down modes that allow the detector to go into various states of ‘sleep’ during daylight, gradually waking up as the light fades. Full recovery is instantaneous (a few microseconds) if a moving object is detected.

Busch-Watchdog wireless motion detector is one of several wireless products in the Busch-Jaeger portfolio.

More depth review about this article

Selective Availability

The most relevant factor for the inaccuracy of the GPS system is no longer an issue. On May 2, 2000 5:05 am (MEZ) the so-called selective availability (SA) was turned off. Selective availability is an artificial falsification of the time in the L1 signal transmitted by the satellite. For civil GPS receivers that leads to a less accurate position determination (fluctuation of about 50 m during a few minutes). Additionally the ephemeris data are transmitted with lower accuracy, meaning that the transmitted satellite positions do not comply with the actual positions. In this way an inaccuracy of the position of 50 – 150 m can be achieved for several hours. While in times of selective availability the position determination with civil receivers had an accuracy of approximately 10 m, nowadays 20 m or even less is usual. Especially the determination of heights has improved considerably from the deactivation of SA (having been more or less useless before).

The reasons for SA were safety concerns. For example terrorists should not be provided with the possibility of locating important buildings with homemade remote control weapons. Paradoxically, during the first gulf war in 1990, SA had to be deactivated partially, as not enough military receivers were available for the American troops. 10000 civil receivers were acquired (Magellan and Trimble instruments), making a very precise orientation possible in a desert with no landmarks.

Meanwhile SA is permanently deactivated due to the broad distribution and world wide use of the GPS system.

The following two graphs show the improvement of position determination after deactivation of SA. The edge length of the diagrams is 200 m, the data were collected on May 1, 2000 and May 3, 2000 over a period of 24 h each. While with SA 95 % of all points are located within a radius of 45 m, without SA 95 % of all points are within a radius of 6.3 m.

Plot of the position determination with and without SA
(Diagram from http://www.igeb.gov/sa/diagram.shtml (page no longer available)
With friendly permission of Dr. Milbert (NOAA))

(more…)