Guardian Positioning System (GPS) for Location Based Services

TL;DR

This paper investigates vulnerabilities in smartphone-based location services, demonstrating the effectiveness of spoofing attacks and proposing an extended RAIM framework that enhances detection accuracy by leveraging multiple sources of positioning data.

Contribution

It introduces an extended RAIM framework that combines onboard sensors, terrestrial infrastructure, and GNSS to improve spoofing attack detection on smartphones.

Findings

GNSS spoofing attacks succeed despite multiple positioning sources

Wi-Fi spoofing combined with GNSS jamming is highly effective

Proposed RAIM framework improves detection accuracy by 24-58%

Abstract

Location-based service (LBS) applications proliferate and support transportation, entertainment, and more. Modern mobile platforms, with smartphones being a prominent example, rely on terrestrial and satellite infrastructures (e.g., global navigation satellite system (GNSS) and crowdsourced Wi-Fi, Bluetooth, cellular, and IP databases) for correct positioning. However, they are vulnerable to attacks that manipulate positions to control and undermine LBS functionality -- thus enabling the scamming of users or services. Our work reveals that GNSS spoofing attacks succeed even though smartphones have multiple sources of positioning information. Moreover, that Wi-Fi spoofing attacks with GNSS jamming are surprisingly effective. More concerning is the evidence that sophisticated, coordinated spoofing attacks are highly effective. Attacks can target GNSS in combination with other positioning methods, thus defenses that assume that only GNSS is under attack cannot be effective. More so, resilient GNSS receivers and special-purpose antennas are not feasible on smartphones. To address this gap, we propose an extended receiver autonomous integrity monitoring (RAIM) framework that leverages the readily available, redundant, often so-called opportunistic positioning information on off-the-shelf platforms. We jointly use onboard sensors, terrestrial infrastructures, and GNSS. We show that our extended RAIM framework improves resilience against location spoofing, e.g., achieving a detection accuracy improvement of up to 24-58% compared to the state-of-the-art algorithms and location providers; detecting attacks within 5 seconds, with a low false positive rate.