Threat Detection and Resilience Techniques in PRS-Assisted OTDOA 5G Positioning Systems

TL;DR

This paper presents VeriLoc, a simulation platform, and introduces three security techniques to improve the resilience of 5G PRS-based positioning against various attacks, with evaluation showing high detection rates.

Contribution

The work introduces VeriLoc for realistic channel modeling and proposes three novel security methods for enhancing 5G positioning security against spoofing, jamming, and meaconing.

Findings

Encryption and authentication schemes effectively counter spoofing and jamming.

Spatial and cross-layer mechanisms detect meaconing with over 90% accuracy.

Simulation results validate the robustness of the proposed security techniques.

Abstract

Precise positioning is a key enabler for emerging 5G applications, from autonomous transport to industrial automation. Yet the open physical layer (PL) leaves standard positioning reference signals (PRSs) vulnerable to manipulation. This work addresses the security of downlink observed time difference of arrival positioning (DL-OTDOA) through three contributions. First, we introduce VeriLoc, an open-source system-level simulator designed for realistic channel modeling and PL threat injection. Second, we propose three novel security techniques to enhance resilience and threat detection: encrypted PRS to prevent adversarial waveform synthesis, angular-based source authentication (ABSA), and a cross-layer downlink-uplink handshaking protocol to detect attacks that cannot be mitigated by encryption. Third, utilizing VeriLoc, we evaluate the proposed techniques alongside position tracking and a PRS authentication scheme, which extends the original hash-based message authentication code (HMAC) scheme design to support digital signatures. Simulation results demonstrate that while encryption, authentication schemes, and tracking robustly counter selective PRS spoofing and jamming, the proposed spatial and cross-layer mechanisms are essential for detecting meaconing, collectively maintaining attack detection rates in excess of 90% while keeping false alarm rates minimal.