16. Scott Presntation - Stanford Universityweb.stanford.edu/...presentation_files/16-Scott...©...

Preview:

Click to see full reader

Citation preview

© Logan Scott / LS Consulting 1 14 November 2012

!"#$%&'"(()*+

#,$-!.'",/

!! !"#$%&#'()#*%+#,-#.)#/&%#01(2-3#(4#5)2-#67-)#*%+89-#

:%4#;)<&7-9-#(4#;11#

!! !"#$%&'#(&)*$!"#+,'#$-./.$

!! ;"#/7-#=)4-9)-4##

!! 0&*,1*$2#'3$#,4$+54$6+4$-.78$

14 November 2012 © Logan Scott / LS Consulting 2

01(2-3#(4#5)2-#67-)#*%+89-#

5947%>%)(1#?-@-)3-#=)#?-A47"#B%2(4.%)#=3#0(94#%@#=C-)4.4<#

14 November 2012 © Logan Scott / LS Consulting 3

!! ;)4.3A%%@#D#09%%@#%@#B%2(4.%)#!! $%&#?%#=#E)%&#=FG#67-9-#=#/7.)H#=#;GI#!! ;)4.3A%%@#

!! $%&#?%#=#09%J-#4%#*%+#67-9-#=#;GI#!! 09%%@#%@#B%2(4.%)#

!! B%2(4.%)K/.G-#L.>)(4+9-#M1-G-)43#'()#=)21+C-"#!! '9<A4%>9(A7.2#N0L#OP#L.>)(1#L49+24+9-3#

!! 5J-91(AA.)>#L<34-G3"#N:LLQ#6.P.Q#-RB%9()Q#'(G-9(Q#=MMM#0STUU#/.G.)>#L4()C(9CQ#-42V#

!! B%2(4.%)#09%%@3#L7%+1C#,-#MA7-G-9(1#!! :--C#/.G-#MWA.9<Q#*%+#'%+1C#$(J-#X%J-C#

14 November 2012 © Logan Scott / LS Consulting 4 4

!! 67(4#&(3#47-#X%4.J(4.%)I#

! 09()H#

! LG+>>1.)>#

! ?.J-93.%)#

!! YZ[[Q[[[#A-9#

=)2.C-)4#

14 November 2012 © Logan Scott / LS Consulting 5

http://edition.cnn.com/2012/06/20/travel/yacht-sos-hoax

!! L4.)>-93#@%9#L<9.()#O-\-13I#

!! B%2(4.%)#O-349.24-CI#

!! /.G-#O-349.24-CI#

!! X%9-#N-)-9(11<Q#B%2(4.%)#

?-A-)C()4#PXL#'(A(\.1.4<#

!! O(C(9#N+.C()2-#X%C-3#

!! L-)3%9#'(A(\.1.4.-3#

14 November 2012 © Logan Scott / LS Consulting 6

!! LG(94#07%)-K/(\1-4#L-2+9.4<#'7(11-)>-3#;AA1<#4%#,%47#'.J.1#]#X.1.4(9<#^3-93#

!! '%GG-92.(1#L%@4&(9-#]#$(9C&(9-#

!! '%+)4-9@-.4#0(943#K#L+AA1<#'7(.)#=)_-24.%)#

!! P.9G&(9-#]#L%@4&(9-#^AC(4-3#

!! ^)3-2+9-C#=)@9(349+24+9-#]#$(9C&(9-#

!! :--C#4%#L-2+9-#X.11.%)3#%@#^3-93#

!! ;22.C-)43#6.11#$(AA-)#

14 November 2012 © Logan Scott / LS Consulting 7

DP Analysis

!! ;#LG(94#?-J.2-#'()#;22-33K$%1C#;#N9-(4#?-(1#%@#=)@%9G(4.%)#!! ?-4(.1-C#,(3-#X(A3#;22-33.\1-#5)1<#67-)#5:#,(3-#!! =)4-11.>-)2-#%9#X.33.%)#?(4(#;22-33.\1-#5)1<#67-)#O-1-J()4#/%#

'+99-)4#B%2(4.%)#!! =)4-11-24+(1#09%A-94<#;22-33#&.47#B%2(4.%)K/.G-#O-349.24.%)3#

!! B%2(4.%)#=3#0(94#%@#:L;#L-2+9.4<#0(9(C.>G3#!! `=4#.3#()#.GA%94()4#()C#J(1+(\1-#2(A(\.1.4<#4%#49(2H#47-#>-%R

1%2(4.%)#%@#G%\.1-#C-J.2-3#VVV#L+27#49(2H.)>#2()#7-1A#1%2(4-#1%34#%9#34%1-)#C-J.2-3#()C#2()#\-#+3-C#(3#A(94#%@#47-#(+47%9.a(4.%)#C-2.3.%)#A9%2-33#b47-9-#G(<#\-#C.c-9-)4#(22-33#9+1-3#C-A-)C.)>#%)#&7-47-9#+3-9#.3#.)3.C-#%9#%+43.C-#(#>.J-)#@(2.1.4<#%9#2%+)49<dVe#:L;Q#X%\.1.4<#'(A(\.1.4<#0(2H(>-Q#X(927#fg#f[SfQ#L-2+9-#h%=0#h-93.%)#SVf#

14 November 2012 © Logan Scott / LS Consulting 8

=)4-11.>-)2-#%9#X.33.%)#?(4(#;22-33.\1-#5)1<#67-)#O-1-J()4#/%#

0%1"2,$(-"%/3,4$2#"5/6$7&/

14 November 2012 © Logan Scott / LS Consulting 9

MCBH

Map View When OFF Base Map View When ON Base

"! '1%+C#L%+92-C#L-9J-93#X.>74#09%J.C-#N-%i14-9-C#/(24.2(1#^AC(4-3Q#X(A3Q#()C#=G(>-9<#

!! N-)V#E-.47#;1-W()C-9#b:L;#27.-@d#9-2-)41<#C-329.\-C#47-#1%33#%@#.)C+349.(1#.)@%9G(4.%)#

()C#.)4-11-24+(1#A9%A-94<#479%+>7#2<\-9#-3A.%)(>-#(3#j47-#>9-(4-34#49()3@-9#%@#&-(147#

.)#7.34%9<V`#

!! M34.G(4-C#h(1+-#kYT[[#\.11.%)#^L?#

14 November 2012 © Logan Scott / LS Consulting 10

American Enterprise Institute event 9 July 2012, Cybersecurity and American power video at http://www.aei.org/events/2012/07/09/cybersecurity-and-american-power/

!! 67-9-#?.C#47(4#lP.1-Q#'%GG()CQ#O-A%94Q#O-m+-34Q#

0(94n#'%G-#P9%GI#

!! :--C#4%#N-%@-)2-#L-)3.4.J-#?(4(#

!! B%2(4.%)#O-349.24#=)4-9)-4#P(2.)>#='LKL';?;#'%GG()C#]#'%)49%1#^3.)>#N-%i14-9.)>#

!! MRX(.1#()4.#LA-(9A7.37.)>#

!! h-9.@<#;.929(@4#B%2(4.%)#O-A%94.)>#

!! X()<Q#X()<#547-9#^3-#'(3-3#

© Logan Scott / LS Consulting

B%2(4.%)#O-349.24#=)4-9)-4#P(2.)>#='LKL';?;#'%GG()C#]#

Secured 5,000 HP Generator Self Destructing

Securely Under Remote Control

14 November 2012 11

!! LA-2.(14<#L-(927#

M)>.)-3#4%#P.)C#='LK

L';?;#?-J.2-3#

! 744A"KK

&&&V37%C()7mV2%GK#

! 744A"KK-9.AAV2%GK

14 November 2012 © Logan Scott / LS Consulting 12 © Logan Scott / LS Consulting 12

!! =)#47-#-<-3#%@#

^VLV#C-@-)3-#

3-29-4(9<#B-%)#0()-44(Q#.4#&(3#

`A9%\(\1<#47-#

G%34#C-349+24.J-#

(44(2H#47(4#47-#

A9.J(4-#3-24%9#7(3#3--)#4%#

C(4-Ve#

14 November 2012 © Logan Scott / LS Consulting 13 © Logan Scott / LS Consulting 13

!! `;)#(>>9-33%9#)(4.%)#%9#-W49-G.34#>9%+A#2%+1C#+3-#47-3-#H.)C3#%@#2<\-9#4%%13#4%#>(.)#2%)49%1#%@#29.4.2(1#3&.427-3Qe##

!! `/7-<#2%+1C#C-9(.1#A(33-)>-9#49(.)3Q#%9#-J-)#G%9-#C()>-9%+3Q#C-9(.1#A(33-)>-9#49(.)3#1%(C-C#&.47#1-47(1#27-G.2(13V#/7-<#2%+1C#2%)4(G.)(4-#47-#&(4-9#3+AA1<#.)#G(_%9#2.4.-3Q#%9#37+4#C%&)#47-#A%&-9#>9.C#(29%33#1(9>-#A(943#%@#47-#2%+)49<Ve#

14 November 2012 © Logan Scott / LS Consulting 14

14 November 2012 © Logan Scott / LS Consulting 15

techtripper.com/worlds-first-3d-printed-racing-car-can-pace-at-140-kmh/

Printed Body with Sharkskin Pattern and Advanced Air Intake Baffles

Printed Upper & Lower Receiver

Printed Upper & Lower Printed Upper & Lower Receiver

Direct Metal Laser Sintering to additively manufacture fully dense metal parts

89:/;<=/>:':-?:2/

0&/@A&(/B%:/

<"-%(/"1/C(($'D/-%/C/E"%#/

F9$-%G/

14 November 2012 © Logan Scott / LS Consulting 16 © Logan Scott / LS Consulting 16

“It worked as promised, but it made my GPS go

haywire” One

NO RF EXPERTISE

REQUIRED

!! 9:*$,1,+5;$:2<$+*=$2>?$(#&@#=$A1'#$,"+*$.8;BBB$61C*,#'3#&,$2&(61$*#,D1'E$61AF1*#*,($+*=$5+G#5(H#?5o#09-33#O-1-(3-#

14 November 2012 © Logan Scott / LS Consulting 17

Source: <http://www.usedcisco.com/press-my-esm_used_cisco_identifying_fake_chisco.aspx> Source: <http://www.usedcisco.com/press-my-esm_used_cisco_identifying_fake_chisco.aspx>

61AF1*#*,($+*=$5+G#5(H

"! 89:/=,$2(/<9"%:/0&/

@A&(/B%:/<"-%(/"1/

C(($'D/-%/C/E"%#/F9$-%G/

=11+G.)(4.)>#47-#'%)2-A4#

14 November 2012 © Logan Scott / LS Consulting 18

* But a Not So Good Navigation System

!! M)29<A4#LA9-(C#LA-249+G#:(J.>(4.%)#L.>)(13#

!! M)29<A4#LA9-(C.)>#L-m+-)2-Q#'7()>.)>#47-#E-<#5)2-#MJ-9<#T#X.)+4-3#

!! 5)1<#'%)49%1#L->G-)4#]#LA(2-#L->G-)4#$%1C#O-(1R4.G-#E-<3Q#:5/#/$M#^LMO#M!^=0XM:/#

!! O-1-(3-#E-<3#4%#/7-#0+\1.2#T#G.)+4-3#1(4-9#

!! /7.3#.3#:%4#47-#L(G-#(3#'+99-)4#N-)-9(4.%)#X.1.4(9<#L.>)(13#67-9-#E-<3#;9-#O-1-(3-C#;A9.%9.#()C#$(J-#4%#,-#$-1C#.)#/(GA-9#O-3.34()4Q#L-2+9-#L4%9(>-#

14 November 2012 © Logan Scott / LS Consulting 19

!! LA9-(C#LA-249+G#L.>)(13#;9-#$.CC-)#,-1%&#47-#:%.3-#()C#

(9-#$(9C#4%#P%9>-#6.47%+4#E-<3#

!! '()#L-)C#O(&#;K?#3(GA1-3#4%#%47-9#B%2(4.%)3#,-@%9-#E-<3#

;9-#O-1-(3-C#b`!&A#$I$J16+,&1*$K&)*+,C'#Hd#

! '%GG+).2(4.%)3#B.)H3#'()F4#P%9>-#B%2(4.%)#L.>)(4+9-#

!! 5)2-#E-<3#(9-#O-1-(3-CQ#L%@4&(9-#M)4.4.-3#2()#'%GA+4-#L-)C-9F3#B%2(4.%)#()C#/.G-#

!! L-2+9-#E-<#L4%9(>-#=3#:%4#:--C-C#=)#47-#^3-9#L->G-)4#

!! =4#=3#^3(\1-#=)#B-33#L-2+9-C#M)J.9%)G-)43#

14 November 2012 © Logan Scott / LS Consulting 20

!! ^3-9#L->G-)4#'()F4#?%#;)<47.)>#&.47#47-#L.>)(1#MW2-A4#L4%9-#=4#%9#L-)C#=4#M13-&7-9-#

^)4.1#/7-#E-<3#;9-#O-1-(3-C#

!! :(J.>(4.%)#L%1+4.%)3#$(J-#+A#4%#(#T#G.)+4-#?-1(<#

14 November 2012 © Logan Scott / LS Consulting 21

09(24.2(\1-#;)4.#LA%%@#]#09%%@#%@#B%2(4.%)#

14 November 2012 © Logan Scott / LS Consulting 22

!! X%C-9).a-C#L.>)(13#$(J-#/&%#'7())-13#

!! 0.1%4#'7())-1#b/9(2H.)>Q#^)(c-24-Cd#

!! X%C.i-C#?(4(#'7())-1#b[Vp#C,#L:O#B%33d#

!! '9<A4%>9(A7.2#6(4-9G(9H.)>#6.47#LA9-(C#LA-249+G#L-2+9.4<#'%C-#bLLL'd##

!! T[#\A3#?(4(#&.47#'9<A4%>9(A7.2#?(4(#L.>).)>#

14 November 2012 © Logan Scott / LS Consulting 23

!! ===F/8-,:/H"7/<$((:2%/0&/C!&"/I:(:2,-%:J/KL/=::J/M$!A:/!! NOP/===F/=A4&(-(A(-"%/1"2/ENFI/I$($/F9$%%:!/C(/N.OQ*/6'9-7R&:'"%J/<S/F"J:/>$(:/

© Logan Scott / LS Consulting 24

Watermark Generating Key

Cipher Stream Generator

Spread Spectrum Security Code

(SSSC) &

Time Hopping (TH) Pattern

Seed Value

Normal L1CDi Signal Flow per IS-GPS-800

10 msec

10% Duty Factor Time Hopped SSSC

Normal L1CDi Signal Flow per IS-GPS-800

10 msec

14 November 2012

Normal L1CNormal L1CNormal L1CNormal L1CDiIS-GPS-800

Signal Flow per IS-GPS-800

Signal Flow per IS-GPS-800

Signal Flow per IS-GPS-800

Signal Flow per Signal Flow per Normal L1CNormal L1CNormal L1CNormal L1CNormal L1CDiIS-GPS-800

Signal Flow per IS-GPS-800

Signal Flow per IS-GPS-800

Signal Flow per Signal Flow per Signal Flow per

Type 2 Format

!! ;11#'(3-3#!! SVT#\.4#;?'Q#0fqr[s#

!! rVT#X$a#0(33\()C#

!! S[[#G3-2#,1%2H3.a-#

14 November 2012 © Logan Scott / LS Consulting 25

Tx:L1CD Rx:L1CD

Tx:L1CD with 10% SSSC Rx:L1CD

Tx:L1CD with 10% SSSC Rx:SSSC Down 10 dB

Need Cipher Seed Unmodified Signal

14 November 2012 © Logan Scott / LS Consulting 26

Pcorrect=1 (Have the Key)

Pcorrect=0.9 (19 dBiC Spoof Gain)

Pcorrect=0.8 (16 dBiC Spoof Gain)

"! ;11#'(3-3#

"! SVT#\.4#;?'Q#0fqr[s#

"! rVT#X$a#0(33\()C#

"! S[[#G3-2#,1%2H3.a-#

Peak SNR =0 dB wrt Expected Value

Peak SNR =-2 dB wrt Expected Value

Peak SNR =-6 dB wrt Expected Value

!! E"'$(-"%/=-#%$(A2:/-&/TN)O/U4L(://VS",-%$!W/

!! I-?:2&:/82A&(/6"J:!&/C2:/<"&&-4!:/

© Logan Scott / LS Consulting

RF Front End & Downconversion A/D

Communi-cations

Interface

Secure Server(s) •!Ephemeris / Symbol Stream •!Watermark Generating Keys

•!5 minutes/SV

GPS Receiver

Or Control Segment

Location Signature Stream Is Sent Before

Watermark Keys Are Published

Authenticatable GPS Signals

"! E"'$(-"%/CA(9:%(-'$(-"%/B4X:'(/

"! S"/>Y/S::J:J/

"! F$%/K:/C!!/=RZ/

"! [/"2/)/=M/&"!A(-"%/

"! E"'$!5/>:,"(:5/"2/F!"AJ/K$&:J/

Local GPS Receiver (Optional in Some Cases)

TGHU 307703 0 22G1

Extend ICD-GPS-870?

14 November 2012 27

N.! F"!!:'(/<2:'"22:!$(-"%/CRI/=$,7!:&/!! Y"2/E"'$(-"%/<2""15/6A&(/=:%J/("/Q%J/<$2(L/K:1"2:/;:%:2$(-%#/U:L/0&/>:!:$&:J/

Q.! Z$(:2,$2D/;:%:2$(-%#/U:L/K:'",:&/C?$-!$4!:/VA7/("/)/,-%A(:&/!$(:2W/

*.! ;:%:2$(:/=72:$J/=7:'(2A,/=:'A2-(L/F"J:/V===FW/>:1:2:%':/=-#%$!/$%J/I:&72:$J/<2:?-"A&!L/F"!!:'(:J/CRI/=$,7!:&/

[.! 01/I"%\(/I:(:'(/=:'A2-(L/=72:$J-%#/F"J:/$(/F"22:'(/<"]:2/E:?:!/^/F"J:/<9$&:5/I"%\(/M$!-J$(:/=-#%$!/

). ! 01/=::/F2"&&/8$!D/8:2,&5/I"%\(/M$!-J$(:/=-#%$!/

© Logan Scott / LS Consulting 28 14 November 2012

© Logan Scott / LS Consulting 29

User Segment

Time

Frame 1 Frame 2

Signing Algorithm (Could also be Public)

Private Key (Known Only to CS & SS)

Frame N (Signature in Subframe 3, Page 8

Or Spares)

Authentication Algorithm

Authentication Flag

Public Key (Known to Everyone)

Digital Signature

Space Segment

14 November 2012

User Segment

Use As SSSC Watermark Key

=-#%$!/

6-%-,A,/=7""1:2/

C%(:%%$/;$-%_/

C&&"'-$(:J/

C%(:%%$/I-$,:(:2/

C&&"'-$(:J/Q`&-J:J/

*JK/K:$,]-J(9/

ENFI/

EQF6/E)0/

EN/=ZCC=/

QN/JK-F/

QN/JK-F/Qa/JK-F/

Qa/JK-F/

Qab/

*[b/a*b/

[cb/

Nd/J:#2::&/

Nd/J:#2::&/NO/J:#2::&/

NO/J:#2::&/

© Logan Scott / LS Consulting 30

† Gain Required for Spoofer to Read True SSSC and Generate False SSSC Bursts

With Correlation within 1 dB of True SSSC Bursts

14 November 2012

!! X.).G+G#LA%%@-9#

?-1(<##

!! ?-4-9G.)-C#,<#Lh#&.47#X(W.G+G#,-)4#0.A-#

0(47#B-)>47#J3V#?.9-24#

0(47#B-)>47#

!! N-%G-49<#?-A-)C()4#

14 November 2012 © Logan Scott / LS Consulting 31

Target GPS

Spoofer or

Forger

Bent Pipe

SVi SVk

<2"e-,-(L/0&/0,7"2($%(G/

14 November 2012 © Logan Scott / LS Consulting 32

+

«

"! B%2(1#B%2(4.%)#;+47-)4.2(4.%)#5\_-24#"! /(GA-9#O-3.34()2-#

"! /0X#'(A(\.1.4<#"! /.G-#E--A.)>#]#/.G-#L4(GA.)>#"! '%GA+4.)>#M)>.)-#

+ : Even Better

"! O-G%4-#B%2(4.%)#

;+47-)4.2(4.%)#5\_-24#

Small Sequestration

Delay

!! P(34#E-<3#O-1-(3-C#6.47#f#L-2%)C#O-)-&(1#O(4-#!! 5\4(.)-C#J.(#=)4-9)-4#5:B*#b='?RN0LRUt[I#()C#547-93d#

!! 09%J.C-3#B%&#B(4-)2<Q#L7%94#?+9(4.%)#09%%@3#%@#B%2(4.%)#&.47#P(34#^AC(4-#O(4-#

!! ;.929(@4Q#^;h3Q#/.G.)>#

!! L1%&#E-<3#O-1-(3-C#6.47#T#X.)+4-#O-)-&(1#O(4-#!! E-<3#/9()3G.44-C#,<#L(4-11.4-#

!! L+AA%943#;+4%)%G%+3#'7-2H.)>#&.47%+4#L-A(9(4-#'%GG+).2(4.%)3#'7())-1#

© Logan Scott / LS Consulting 33

Normal L1CDi Signal Flow per IS-GPS-800

10 msec

5% Fast Key / 5% Slow Key Duty Factor Time Hopped SSSC

Normal L1CDi Signal Flow per IS-GPS-800

10 msec

14 November 2012

Type 3 Format

14 November 2012 © Logan Scott / LS Consulting 34

+

«

"! B%2(1#B%2(4.%)#

;+47-)4.2(4.%)#5\_-24#

"

Location Spoofer is Not Necessarily RF, It May Be a Cyber Entity

+ : Even Better

"! O-G%4-#B%2(4.%)#

;+47-)4.2(4.%)#5\_-24#

Aircraft Location

Signature

Command & Control Location

Signature

=L&(:,/ F-?-!/CA(9:%(-'$(-"%/=($(A&/

:`E"2$%/ ?-G%)349(4-C#'(A(\.1.4<#b/MLB;#09%4%2%1dQ#

6(4-9G(9H-C#00X#G(<#\-#A%33.\1-#@%9#09%%@#%@#B%2(4.%)#

;$!-!:"/V3fW/ '%GG-92.(1#L-9J.2-3#bMgd#]#L(@-4<#%@#B.@-#bMT\d#&.11#$(J-#L.>)(1#

;+47-)4.2(4.%)#]#0%33.\1<#09%%@#%@#B%2(4.%)#

F",7$&&/V<>FW/ *-3Q#III#

;!"%$&&/V>A&&-$%W/ ^)H)%&)Q#:%4#0(94#%@#'+99-)4#'(A(\.1.4<#L-4#\+4#'?X;#J-93.%)3#

&%+1C#A9-3-)4#G%C-9).a(4.%)#%AA%94+).4<##

;<=/Vf=W/ '+99-)41<#:%4#0(94#%@#01())-C#'(A(\.1.4<#L-4Q#0%33.\1-#@%9##

`:.\\1-3e#L(4-11.4-3#

14 November 2012 35 © Logan Scott / LS Consulting

!! /7-<#;9-#(#?.>.4(1#'%GA%)-)43#bP0N;Id#

!! '%C-#N-)-9(4.%)#=43-1@#=3#:%4#;11#47(4#/.G-#'9.4.2(1#

!! /7-#5+4A+4#B(427#=3#67(4#=3#/.G-#'9.4.2(1#

!! '()#L&.427#5PP#6(4-9G(9H#=)3-94.%)#

14 November 2012 © Logan Scott / LS Consulting 36

Code Generator

Output Latch

Code Clock

To Transmitter Modulation

Chip needs to be ready “sometime” before latch clock

!! !"#!$#!%&'(")*"#!! <M8/0&/$/F2-(-'$!/^/B1(:%/H-JJ:%/3!:,:%(/"1/F-?-!/0%12$&(2A'(A2:/

!! 892:$(/=A21$':/0&/3e7$%J-%#/^/f&:2/F",,A%-(L/-&/E$2#:!L/f%$]$2:&/!! g<2""1/"1/E"'$(-"%/^/8-,:b/F$7$4-!-(L/0&/C%/f%,:(/S::J/

!! ;<=/,$L/4:/E"'D:J/"A(/"1/0%(:2%$(-"%$!/6$2D:(&/

!! !"#!$#+'),-.#!! <U0/C772"$'9/I":&/SB8/>:hA-2:/f&:2/3hA-7,:%(/("/H"!J/=:'2:(&/

!! 6-%"2/0,7$'(/B%/>:':-?:2&/(9$(/Z$%(/("/CA(9:%(-'$(:/

!! S"/0,7$'(/"%/>:':-?:2&/89$(/I"/S"(/Z$%(/("/CA(9:%(-'$(:/!! =(2"%#/=-#%$!/0%/=7$':/CA(9:%(-'$(-"%/0&/<"&&-4!:/1"2/E)05/EQF65/ENFI/$%J/

EN/ZCC=/

!! /.*.0"#!$#!%%.12)".#!! I"/S"(/S::J/YA!!/F"%&(:!!$(-"%5/3?:%/B%:/=M/F$%/<2"?-J:/=-#%-i'$%(/

E"'$(-"%/C&&A2$%':/;$-%/!! <"&&-4!:/>:?:%A:/=(2:$,/1"2/;<=/

© Logan Scott / LS Consulting 37 14 November 2012

!! <"!-'L/>:'",,:%J$(-"%&/SV! /%&(9C3#(#L%+)C#:(4.%)(1#0%1.2<#@%9#'.J.1#B%2(4.%)#()C#/.G-#;33+9()2-u#0+44.)>#47-#0.-2-3#/%>-47-9Q#=)3.C-N:LL#

X(>(a.)-Q#L-A4-G\-9K524%\-9#f[Sf#

!! F2L7("#2$79-'/=-#%$!/CA(9:%(-'$(-"%/SV! ;)4.RLA%%i)>#]#;+47-)4.2(4-C#L.>)(1#;927.4-24+9-3#@%9#'.J.1#:(J.>(4.%)#L<34-G3Q#=5:#N:LL#f[[Z#

fV! BS'#L7%+1C#=)2%9A%9(4-#'9<A4%>9(A7.2#;+47-)4.2(4.%)#P-(4+9-3Q##X(<#f[[g#'%GG-)43#%)#='?RN0LRU[[#

ZV! '.J.1.()#N0L#L.>)(1#.)#LA(2-#M)7()2-G-)43#@%9#;)4.LA%%i)>#()C#B%2(4.%)#;+47-)4.2(4.%)Q#A9-3-)4-C#(4#o:'#f[SSQ#

fU#o+)-Q#f[SS#

rV! B%2(4.%)#L.>)(4+9-3"#09%J.)>#B%2(4.%)#4%#L-2%)C#0(94.-3#&.47%+4#O-m+.9.)>#/9+34#Sf#o+)-#f[SfQ#o:'#f[Sf#

!! @$,,:2/E"'$(-"%/g@jNNb/SV! opSS"#/7-#'(3-#@%9#P(34#o(GG-9#?-4-24.%)#()C#B%2(4.%)#^3.)>#'9%&C3%+92.)>#;AA9%(27-3Q#A(A-9#A9-3-)4-C#(4#

=5:RN:LLRf[SSQ#L-A4-G\-9#f[RfZQ#f[SS#

!! >:':-?:2/F:2(-i'$(-"%/SV! O-2-.J-9#'-94.i2(4.%)"#X(H.)>#47-#N:LL#M)J.9%)G-)4#$%34.1-#4%#o(GG-93#]#LA%%@-93Q#A9-3-)4-C#:%J#pQ#f[SS#4%#

0:/#Mv'5X#;,V#;J(.1(\1-#(4##744A"KK&&&VA)4V>%JK(CJ.3%9<Kf[SSKSSK32%44VAC@#

fV! B-J-1#S#?9(@4#LA-2.i2(4.%)#A%34-C#(4"##744A"KK1%>()V32%44V7%G-V2%G2(34V)-4Kk1%>()V32%44K#

14 November 2012 © Logan Scott / LS Consulting 38

© Logan Scott / LS Consulting 39 14 November 2012

!! N-)V#b9-4d#X.27(-1#hV#$(<C-)Q#09.)2.A(1Q#/7-#'7-94%c#

N9%+Aw#

!! `0(94#%@#%+9#2<\-9#A%1.2<#A9%\1-G#.3#.43#)-&)-33#()C#%+9#@(G.1.(9#-WA-9.-)2-#.)#A7<3.2(1#3A(2-#C%-3#)%4#-(3.1<#49()3@-9#

4%#2<\-93A(2-V#'(3+(11<#(AA1<.)>#&-11RH)%&)#2%)2-A43#@9%G#

A7<3.2(1#3A(2-#1.H-#C-4-99-)2-Q#&7-9-#(449.\+4.%)#.3#

(33+G-CQ#4%#2<\-93A(2-#&7-9-#(449.\+4.%)#.3#@9-m+-)41<#,"#$

F'1G5#A;$&($+$'#6&F#$31'$3+&5C'#4H$

14 November 2012 © Logan Scott / LS Consulting 40

† Testimony before House Permanent Select Committee on Intelligence, Chairman Mike Rogers (R-Mich), Cyber Threats and Ongoing Efforts to Protect the Nation Oct 4, 2011.

14 November 2012 © Logan Scott / LS Consulting 41

March 23, 2012: Apple Loses $50 Billion

Market Valuation In 5 Minutes

Although we do not believe significant market data delays were the primary factor in causing the events of May 6, our analyses of that day reveal the extent to which the actions of market participants can be influenced by uncertainty about, or delays in, market data. SEC, Findings Regarding the Market Events of May 6, 2010

May 6, 2010

http://kelloggfinance.files.wordpress.com/2010/05/chart_dow_dip2-top1.gif?w=475&h=246

!! :-&3#34%9<#&(3#(24+(11<#g#<-(93#%1CQ#@9%G#f[[fQ#\+4#&(3#4.G-#34(GA-C#(3#2+99-)4#

!! ^;B#C9%AA-C#tgs#@9%G#YSfVZ[#4%#YZ#.)#(#G(44-9#%@#k#Z#G.)+4-3#

14 November 2012 © Logan Scott / LS Consulting 42

Stock Chart from: Berger et al., Rumors in Financial Markets 1 December 2010

14 November 2012 © Logan Scott / LS Consulting 43 14 November 2012 © Logan Scott / LS Consulting

Graphic from: Economist, 4 August 2012

!! M^#-WA-24-C#4%#9-m+.9-#3.>)(1#(+47-)4.2(4.%)#.)#49()3A%94(4.%)#3-24%93V#!! N(1.1-%#'%GG-92.(1#L-9J.2-3#b'Ld#L.>)(1#$(3#;+47-)4.2(4.%)#

P-(4+9-3#

!! ;+47-)4.2(4.%)#E-<3#6.11#\-#`P%9#P--e#!! ?-#@(24%#9-m+.9-G-)4#4%#+3-#N(1.1-%#

!! L-11#;+47-)4.2(4.%)#E-<3#%)#;G(a%)Q#./+)-3#-42V#!! '%GG-92.(1#O-4(.1-93#7(J-#?.349.\+4.%)#'7())-13#.)#01(2-#!! =33+-#.3#%)-#%@#'%GA1.()2-Q#)%4#L-2+9.4<#!! =@#S[s#%@#+3-9F3#27-(4u#47(4#G-()3#p[s#A(.C#

!! /7-9-#=3#;13%#;)%47-9#'%)49%1#L->G-)4#,+3.)-33#=)#B%&#B(4-)2<#B%2(4.%)#;+47-)4.2(4.%)#

14 November 2012 © Logan Scott / LS Consulting 44

!! ===F/F$%/C!&"/H$?:/F2L7("/F"%(2"!!:J/<9$&:/F",7"%:%(/

!! F$%/8-,:/6A!(-7!:e/8L7:/N/R/8L7:/Q/KA2&(-%#/

14 November 2012 © Logan Scott / LS Consulting 45

Cipher Stream Generator

L1CD Code Generator

Select

PN Code Clock

Timing Time Hop Selection

Cipher Stream

IS-GPS-800 Stream

100 sps Data Symbols

BPSK -> BOC Squarewave

Cipher Seed

The SSSC Code

;V! '()#L-1-24#0(47#&.47#X.).G+G#L-m+-349(4.%)#?-1(<#

,V! '()#,%+)C#/(9>-4#O-2-.J-9F3#B%2(4.%)#,(3-C#%)#O-1(4.J-#L-m+-349(4.%)#?-1(<3#

!! -V>V#Z#C-1(<3#2()#2%GA+4-#Z?#1%2(4.%)#

14 November 2012 © Logan Scott / LS Consulting 46

Target GPS

Spoofer or

Forger

Bent Pipe

SVi SVk

Authenti-cator “Y”

Authenti-cator “X”

Secure Timing

© Logan Scott / LS Consulting 47 14 November 2012

© Logan Scott / LS Consulting 48 14 November 2012

© Logan Scott / LS Consulting 49 14 November 2012

© Logan Scott / LS Consulting 50

0

5

10

15

20

25

30

35

40

45

50

0

10

20

30

40

50

60

10 12 14 16 18 20 22 24 26 28 30

Circular Aperture Diameter (inches)

Two Sided 3 dB Beamwidth (degrees)

Peak Gain (dBiC)

L1 Antenna Characteristics (80% Aperture Efficiency)

Two Sided 3 dB Beamwidth (Degrees) Aperture Width(inches)

14 November 2012

© Logan Scott / LS Consulting 51

Nominal L1CD C/No with 0dBiC Gain

Towards SV is ~ 40 dB-Hz

14 November 2012

CN0 Estimation Accuracy.xlsx

-4.0

-3.0

-2.0

-1.0

0.0

1.0

2.0

3.0

4.0

20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

C/N

o Es

timat

ion

Erro

r (dB

wrt

Tru

th)

C/No (dB-Hz)

50.0% High 50.0% Low 90.0% High 90.0% Low 99.0% High 99.0% Low

Coherent Receiver: 1 msec SSSC Burst every 0.010 sec (DF=10.0%) , 0.20 sec Collection Interval

Recommended

Keynes Presntation
Documents
SoftTechnics Presntation
Documents
DISC Presntation
Business
Boxing Presntation
Documents
Media presntation
Entertainment & Humor
Presntation 2
Technology
Rock:folk presntation
Education
Tariq presntation
Technology
Presntation 5
Documents
Monry4mobile presntation
Business
Japan Presntation
Documents
Pli Presntation
Economy & Finance
BCRW Presntation
Self Improvement
Ipo Presntation
Documents
Virtual Presntation
Education
KM PRESNTATION
Documents
Evaporator Presntation
Documents
presntation end
Documents
Presntation Extr
Documents
WorldCom presntation
Documents