16. Scott Presntation - Stanford Universityweb.stanford.edu/...presentation_files/16-Scott...© Logan Scott / LS Consulting "!"!"!"!"!

© Logan Scott / LS Consulting 1 14 November 2012

!"#$%&'"(()*+

#,$-!.'",/

!! !"#$%&#'()#*%+#,-#.)#/&%#01(2-3#(4#5)2-#67-)#*%+89-#

:%4#;)<&7-9-#(4#;11#

!! !"#$%&'#(&)*$!"#+,'#$-./.$

!! ;"#/7-#=)4-9)-4##

!! 0&*,1*$2#'3$#,4$+54$6+4$-.78$

14 November 2012 © Logan Scott / LS Consulting 2

01(2-3#(4#5)2-#67-)#*%+89-#

5947%>%)(1#?-@-)3-#=)#?-A47"#B%2(4.%)#=3#0(94#%@#=C-)4.4<#


!! ;)4.3A%%@#D#09%%@#%@#B%2(4.%)#!! $%&#?%#=#E)%&#=FG#67-9-#=#/7.)H#=#;GI#!! ;)4.3A%%@#

!! $%&#?%#=#09%J-#4%#*%+#67-9-#=#;GI#!! 09%%@#%@#B%2(4.%)#

!! B%2(4.%)K/.G-#L.>)(4+9-#M1-G-)43#'()#=)21+C-"#!! '9<A4%>9(A7.2#N0L#OP#L.>)(1#L49+24+9-3#

!! 5J-91(AA.)>#L<34-G3"#N:LLQ#6.P.Q#-RB%9()Q#'(G-9(Q#=MMM#0STUU#/.G.)>#L4()C(9CQ#-42V#

!! B%2(4.%)#09%%@3#L7%+1C#,-#MA7-G-9(1#!! :--C#/.G-#MWA.9<Q#*%+#'%+1C#$(J-#X%J-C#

14 November 2012 © Logan Scott / LS Consulting 4 4

!! 67(4#&(3#47-#X%4.J(4.%)I#

! 09()H#

! LG+>>1.)>#

! ?.J-93.%)#

!! YZ[[Q[[[#A-9#

=)2.C-)4#


http://edition.cnn.com/2012/06/20/travel/yacht-sos-hoax

!! L4.)>-93#@%9#L<9.()#O-\-13I#

!! B%2(4.%)#O-349.24-CI#

!! /.G-#O-349.24-CI#

!! X%9-#N-)-9(11<Q#B%2(4.%)#

?-A-)C()4#PXL#'(A(\.1.4<#

!! O(C(9#N+.C()2-#X%C-3#

!! L-)3%9#'(A(\.1.4.-3#


!! LG(94#07%)-K/(\1-4#L-2+9.4<#'7(11-)>-3#;AA1<#4%#,%47#'.J.1#]#X.1.4(9<#^3-93#

!! '%GG-92.(1#L%@4&(9-#]#$(9C&(9-#

!! '%+)[email protected]#0(943#K#L+AA1<#'7(.)#=)_-24.%)#

!! P.9G&(9-#]#L%@4&(9-#ÂC(4-3#

!! ^)3-2+9-C#=)@9(349+24+9-#]#$(9C&(9-#

!! :--C#4%#L-2+9-#X.11.%)3#%@#^3-93#

!! ;22.C-)43#6.11#$(AA-)#


DP Analysis

!! ;#LG(94#?-J.2-#'()#;22-33K$%1C#;#N9-(4#?-(1#%@#=)@%9G(4.%)#!! ?-4(.1-C#,(3-#X(A3#;22-33.\1-#5)1<#67-)#5:#,(3-#!! =)4-11.>-)2-#%9#X.33.%)#?(4(#;22-33.\1-#5)1<#67-)#O-1-J()4#/%#

'+99-)4#B%2(4.%)#!! =)4-11-24+(1#09%A-94<#;22-33#&.47#B%2(4.%)K/.G-#O-349.24.%)3#

!! B%2(4.%)#=3#0(94#%@#:L;#L-2+9.4<#0(9(C.>G3#!! `=4#.3#()#.GA%94()4#()C#J(1+(\1-#2(A(\.1.4<#4%#49(2H#47-#>-%R

1%2(4.%)#%@#G%\.1-#C-J.2-3#VVV#L+27#49(2H.)>#2()#7-1A#1%2(4-#1%34#%9#34%1-)#C-J.2-3#()C#2()#\-#+3-C#(3#A(94#%@#47-#(+47%9.a(4.%)#C-2.3.%)#A9%2-33#b47-9-#G(<#\-#C.c-9-)4#(22-33#9+1-3#C-A-)C.)>#%)#&7-47-9#+3-9#.3#.)3.C-#%9#%+43.C-#(#>.J-)#@(2.1.4<#%9#2%+)49<dVe#:L;Q#X%\.1.4<#'(A(\.1.4<#0(2H(>-Q#X(927#fg#f[SfQ#L-2+9-#h%=0#h-93.%)#SVf#


=)4-11.>-)2-#%9#X.33.%)#?(4(#;22-33.\1-#5)1<#67-)#O-1-J()4#/%#

0%1"2,$(-"%/3,4$2#"5/6$7&/


MCBH

Map View When OFF Base Map View When ON Base

"! '1%+C#L%+92-C#L-9J-93#X.>74#09%J.C-#N-%i14-9-C#/(24.2(1#ÂC(4-3Q#X(A3Q#()C#=G(>-9<#

!! N-)V#E-.47#;1-W()C-9#b:L;#27.-@d#9-2-)41<#C-329.\-C#47-#1%33#%@#.)C+349.(1#.)@%9G(4.%)#

()C#.)4-11-24+(1#A9%A-94<#479%+>7#2<\-9#-3A.%)(>-#(3#j47-#>9-(4-34#49()3@-9#%@#&-(147#

.)#7.34%9<V`#

!! M34.G(4-C#h(1+-#kYT[[#\.11.%)#^L?#


American Enterprise Institute event 9 July 2012, Cybersecurity and American power video at http://www.aei.org/events/2012/07/09/cybersecurity-and-american-power/

!! 67-9-#?.C#47(4#lP.1-Q#'%GG()CQ#O-A%94Q#O-m+-34Q#

0(94n#'%G-#P9%GI#

!! :--C#4%#N-%@-)2-#L-)3.4.J-#?(4(#

!! B%2(4.%)#O-349.24#=)4-9)-4#P(2.)>#='LKL';?;#'%GG()C#]#'%)49%1#^3.)>#N-%i14-9.)>#

!! MRX(.1#()4.#LA-(9A7.37.)>#

!! h-9.@<#;.929(@4#B%2(4.%)#O-A%94.)>#

!! X()<Q#X()<#547-9#^3-#'(3-3#

© Logan Scott / LS Consulting

B%2(4.%)#O-349.24#=)4-9)-4#P(2.)>#='LKL';?;#'%GG()C#]#

Secured 5,000 HP Generator Self Destructing

Securely Under Remote Control

14 November 2012 11

!! LA-2.(14<#L-(927#

M)>.)-3#4%#P.)C#='LK

L';?;#?-J.2-3#

! 744A"KK

&&&V37%C()7mV2%GK#

! 744A"KK-9.AAV2%GK

14 November 2012 © Logan Scott / LS Consulting 12 © Logan Scott / LS Consulting 12

!! =)#47-#-<-3#%@#

^VLV#C-@-)3-#

3-29-4(9<#B-%)#0()-44(Q#.4#&(3#

À9%\(\1<#47-#

G%34#C-349+24.J-#

(44(2H#47(4#47-#

A9.J(4-#3-24%9#7(3#3--)#4%#

C(4-Ve#


!! `;)#(>>9-33%9#)(4.%)#%9#-W49-G.34#>9%+A#2%+1C#+3-#47-3-#H.)C3#%@#2<\-9#4%%13#4%#>(.)#2%)49%1#%@#29.4.2(1#3&.427-3Qe##

!! `/7-<#2%+1C#C-9(.1#A(33-)>-9#49(.)3Q#%9#-J-)#G%9-#C()>-9%+3Q#C-9(.1#A(33-)>-9#49(.)3#1%(C-C#&.47#1-47(1#27-G.2(13V#/7-<#2%+1C#2%)4(G.)(4-#47-#&(4-9#3+AA1<#.)#G(_%9#2.4.-3Q#%9#37+4#C%&)#47-#A%&-9#>9.C#(29%33#1(9>-#A(943#%@#47-#2%+)49<Ve#



techtripper.com/worlds-first-3d-printed-racing-car-can-pace-at-140-kmh/

Printed Body with Sharkskin Pattern and Advanced Air Intake Baffles

Printed Upper & Lower Receiver

Printed Upper & Lower Printed Upper & Lower Receiver

Direct Metal Laser Sintering to additively manufacture fully dense metal parts

89:/;<=/>:':-?:2/

0&/@A&(/B%:/

<"-%(/"1/C(($'D/-%/C/E"%#/

F9$-%G/


“It worked as promised, but it made my GPS go

haywire” One

NO RF EXPERTISE

REQUIRED

!! 9:*$,1,+5;$:2<$+*=$2>?$(#&@#=$A1'#$,"+*$.8;BBB$61C*,#'3#&,$2&(61$*#,D1'E$61AF1*#*,($+*=$5+G#5(H#?5o#09-33#O-1-(3-#


Source: <http://www.usedcisco.com/press-my-esm_used_cisco_identifying_fake_chisco.aspx> Source: <http://www.usedcisco.com/press-my-esm_used_cisco_identifying_fake_chisco.aspx>

61AF1*#*,($+*=$5+G#5(H

"! 89:/=,$2(/<9"%:/0&/

@A&(/B%:/<"-%(/"1/

C(($'D/-%/C/E"%#/F9$-%G/

=11+G.)(4.)>#47-#'%)2-A4#


* But a Not So Good Navigation System

!! M)29<A4#LA9-(C#LA-249+G#:(J.>(4.%)#L.>)(13#

!! M)29<A4#LA9-(C.)>#L-m+-)2-Q#'7()>.)>#47-#E-<#5)2-#MJ-9<#T#X.)+4-3#

!! 5)1<#'%)49%1#L->G-)4#]#LA(2-#L->G-)4#$%1C#O-(1R4.G-#E-<3Q#:5/#/$M#^LMO#M!^=0XM:/#

!! O-1-(3-#E-<3#4%#/7-#0+\1.2#T#G.)+4-3#1(4-9#

!! /7.3#.3#:%4#47-#L(G-#(3#'+99-)4#N-)-9(4.%)#X.1.4(9<#L.>)(13#67-9-#E-<3#;9-#O-1-(3-C#;A9.%9.#()C#$(J-#4%#,-#$-1C#.)#/(GA-9#O-3.34()4Q#L-2+9-#L4%9(>-#


!! LA9-(C#LA-249+G#L.>)(13#;9-#$.CC-)#,-1%&#47-#:%.3-#()C#

(9-#$(9C#4%#P%9>-#6.47%+4#E-<3#

!! '()#L-)C#O(&#;K?#3(GA1-3#4%#%47-9#B%2(4.%)3#,-@%9-#E-<3#

;9-#O-1-(3-C#b`!&A#$I$J16+,&1*$K&)*+,C'#Hd#

! '%GG+).2(4.%)3#B.)H3#'()F4#P%9>-#B%2(4.%)#L.>)(4+9-#

!! 5)2-#E-<3#(9-#O-1-(3-CQ#L%@4&(9-#M)4.4.-3#2()#'%GA+4-#L-)C-9F3#B%2(4.%)#()C#/.G-#

!! L-2+9-#E-<#L4%9(>-#=3#:%4#:--C-C#=)#47-#^3-9#L->G-)4#

!! =4#=3#^3(\1-#=)#B-33#L-2+9-C#M)J.9%)G-)43#


!! ^3-9#L->G-)4#'()F4#?%#;)<47.)>#&.47#47-#L.>)(1#MW2-A4#L4%9-#=4#%9#L-)C#=4#M13-&7-9-#

^)4.1#/7-#E-<3#;9-#O-1-(3-C#

!! :(J.>(4.%)#L%1+4.%)3#$(J-#+A#4%#(#T#G.)+4-#?-1(<#


09(24.2(\1-#;)4.#LA%%@#]#09%%@#%@#B%2(4.%)#


!! X%C-9).a-C#L.>)(13#$(J-#/&%#'7())-13#

!! 0.1%4#'7())-1#b/9(2H.)>Q#^)(c-24-Cd#

!! X%C.i-C#?(4(#'7())-1#b[Vp#C,#L:O#B%33d#

!! '9<A4%>9(A7.2#6(4-9G(9H.)>#6.47#LA9-(C#LA-249+G#L-2+9.4<#'%C-#bLLL'd##

!! T[#\A3#?(4(#&.47#'9<A4%>9(A7.2#?(4(#L.>).)>#


!! ===F/8-,:/H"7/<$((:2%/0&/C!&"/I:(:2,-%:J/KL/=::J/M$!A:/!! NOP/===F/=A4&(-(A(-"%/1"2/ENFI/I$($/F9$%%:!/C(/N.OQ*/6'9-7R&:'"%J/<S/F"J:/>$(:/

© Logan Scott / LS Consulting 24

Watermark Generating Key

Cipher Stream Generator

Spread Spectrum Security Code

(SSSC) &

Time Hopping (TH) Pattern

Seed Value

Normal L1CDi Signal Flow per IS-GPS-800

10 msec

10% Duty Factor Time Hopped SSSC


10 msec

14 November 2012

Normal L1CNormal L1CNormal L1CNormal L1CDiIS-GPS-800

Signal Flow per IS-GPS-800



Signal Flow per Signal Flow per Normal L1CNormal L1CNormal L1CNormal L1CNormal L1CDiIS-GPS-800



Signal Flow per Signal Flow per Signal Flow per

Type 2 Format

!! ;11#'(3-3#!! SVT#\.4#;?'Q#0fqr[s#

!! rVT#X$a#0(33\()C#

!! S[[#G3-2#,1%2H3.a-#


Tx:L1CD Rx:L1CD

Tx:L1CD with 10% SSSC Rx:L1CD

Tx:L1CD with 10% SSSC Rx:SSSC Down 10 dB

Need Cipher Seed Unmodified Signal


Pcorrect=1 (Have the Key)

Pcorrect=0.9 (19 dBiC Spoof Gain)

Pcorrect=0.8 (16 dBiC Spoof Gain)

"! ;11#'(3-3#

"! SVT#\.4#;?'Q#0fqr[s#

"! rVT#X$a#0(33\()C#

"! S[[#G3-2#,1%2H3.a-#

Peak SNR =0 dB wrt Expected Value

Peak SNR =-2 dB wrt Expected Value

Peak SNR =-6 dB wrt Expected Value

!! E"'$(-"%/=-#%$(A2:/-&/TN)O/U4L(://VS",-%$!W/

!! I-?:2&:/82A&(/6"J:!&/C2:/<"&&-4!:/

© Logan Scott / LS Consulting

RF Front End & Downconversion A/D

Communi-cations

Interface

Secure Server(s) •!Ephemeris / Symbol Stream •!Watermark Generating Keys

•!5 minutes/SV

GPS Receiver

Or Control Segment

Location Signature Stream Is Sent Before

Watermark Keys Are Published

Authenticatable GPS Signals

"! E"'$(-"%/CA(9:%(-'$(-"%/B4X:'(/

"! S"/>Y/S::J:J/

"! F$%/K:/C!!/=RZ/

"! [/"2/)/=M/&"!A(-"%/

"! E"'$!5/>:,"(:5/"2/F!"AJ/K$&:J/

Local GPS Receiver (Optional in Some Cases)

TGHU 307703 0 22G1

Extend ICD-GPS-870?

14 November 2012 27

N.! F"!!:'(/<2:'"22:!$(-"%/CRI/=$,7!:&/!! Y"2/E"'$(-"%/<2""15/6A&(/=:%J/("/Q%J/<$2(L/K:1"2:/;:%:2$(-%#/U:L/0&/>:!:$&:J/

Q.! Z$(:2,$2D/;:%:2$(-%#/U:L/K:'",:&/C?$-!$4!:/VA7/("/)/,-%A(:&/!$(:2W/

*.! ;:%:2$(:/=72:$J/=7:'(2A,/=:'A2-(L/F"J:/V===FW/>:1:2:%':/=-#%$!/$%J/I:&72:$J/<2:?-"A&!L/F"!!:'(:J/CRI/=$,7!:&/

[.! 01/I"%\(/I:(:'(/=:'A2-(L/=72:$J-%#/F"J:/$(/F"22:'(/<"]:2/E:?:!/^/F"J:/<9$&:5/I"%\(/M$!-J$(:/=-#%$!/

). ! 01/=::/F2"&&/8$!D/8:2,&5/I"%\(/M$!-J$(:/=-#%$!/



User Segment

Time

Frame 1 Frame 2

Signing Algorithm (Could also be Public)

Private Key (Known Only to CS & SS)

Frame N (Signature in Subframe 3, Page 8

Or Spares)

Authentication Algorithm

Authentication Flag

Public Key (Known to Everyone)

Digital Signature

Space Segment

14 November 2012

User Segment

Use As SSSC Watermark Key

=-#%$!/

6-%-,A,/=7""1:2/

C%(:%%$/;$-%_/

C&&"'-$(:J/

C%(:%%$/I-$,:(:2/

C&&"'-$(:J/Q`&-J:J/

*JK/K:$,]-J(9/

ENFI/

EQF6/E)0/

EN/=ZCC=/

QN/JK-F/

QN/JK-F/Qa/JK-F/

Qa/JK-F/

Qab/

*[b/a*b/

[cb/

Nd/J:#2::&/

Nd/J:#2::&/NO/J:#2::&/

NO/J:#2::&/


† Gain Required for Spoofer to Read True SSSC and Generate False SSSC Bursts

With Correlation within 1 dB of True SSSC Bursts

14 November 2012

!! X.).G+G#LA%%@-9#

?-1(<##

!! ?-4-9G.)-C#,<#Lh#&.47#X(W.G+G#,-)4#0.A-#

0(47#B-)>47#J3V#?.9-24#

0(47#B-)>47#

!! N-%G-49<#?-A-)C()4#


Target GPS

Spoofer or

Forger

Bent Pipe

SVi SVk

<2"e-,-(L/0&/0,7"2($%(G/


+

«

"! B%2(1#B%2(4.%)#;+47-)4.2(4.%)#5\_-24#"! /(GA-9#O-3.34()2-#

"! /0X#'(A(\.1.4<#"! /.G-#E--A.)>#]#/.G-#L4(GA.)>#"! '%GA+4.)>#M)>.)-#

+ : Even Better

"! O-G%4-#B%2(4.%)#

;+47-)4.2(4.%)#5\_-24#

Small Sequestration

Delay

!! P(34#E-<3#O-1-(3-C#6.47#f#L-2%)C#O-)-&(1#O(4-#!! 5\4(.)-C#J.(#=)4-9)-4#5:B*#b='?RN0LRUt[I#()C#547-93d#

!! 09%J.C-3#B%&#B(4-)2<Q#L7%94#?+9(4.%)#09%%@3#%@#B%2(4.%)#&.47#P(34#ÂC(4-#O(4-#

!! ;.929(@4Q#^;h3Q#/.G.)>#

!! L1%&#E-<3#O-1-(3-C#6.47#T#X.)+4-#O-)-&(1#O(4-#!! E-<3#/9()3G.44-C#,<#L(4-11.4-#

!! L+AA%943#;+4%)%G%+3#'7-2H.)>#&.47%+4#L-A(9(4-#'%GG+).2(4.%)3#'7())-1#



10 msec

5% Fast Key / 5% Slow Key Duty Factor Time Hopped SSSC


10 msec

14 November 2012

Type 3 Format


+

«

"! B%2(1#B%2(4.%)#

;+47-)4.2(4.%)#5\_-24#

"

Location Spoofer is Not Necessarily RF, It May Be a Cyber Entity

+ : Even Better

"! O-G%4-#B%2(4.%)#

;+47-)4.2(4.%)#5\_-24#

Aircraft Location

Signature

Command & Control Location

Signature

=L&(:,/ F-?-!/CA(9:%(-'$(-"%/=($(A&/

:È"2$%/ ?-G%)349(4-C#'(A(\.1.4<#b/MLB;#09%4%2%1dQ#

6(4-9G(9H-C#00X#G(<#\-#A%33.\1-#@%9#09%%@#%@#B%2(4.%)#

;$!-!:"/V3fW/ '%GG-92.(1#L-9J.2-3#bMgd#]#L(@-4<#%@#B.@-#bMT\d#&.11#$(J-#L.>)(1#

;+47-)4.2(4.%)#]#0%33.\1<#09%%@#%@#B%2(4.%)#

F",7$&&/V<>FW/ *-3Q#III#

;!"%$&&/V>A&&-$%W/ ^)H)%&)Q#:%4#0(94#%@#'+99-)4#'(A(\.1.4<#L-4#\+4#'?X;#J-93.%)3#

&%+1C#A9-3-)4#G%C-9).a(4.%)#%AA%94+).4<##

;<=/Vf=W/ '+99-)41<#:%4#0(94#%@#01())-C#'(A(\.1.4<#L-4Q#0%33.\1-#@%9##

`:.\\1-3e#L(4-11.4-3#

14 November 2012 35 © Logan Scott / LS Consulting

!! /7-<#;9-#(#?.>.4(1#'%GA%)-)43#bP0N;Id#

!! '%C-#N-)-9(4.%)#=43-1@#=3#:%4#;11#47(4#/.G-#'9.4.2(1#

!! /7-#5+4A+4#B(427#=3#67(4#=3#/.G-#'9.4.2(1#

!! '()#L&.427#5PP#6(4-9G(9H#=)3-94.%)#


Code Generator

Output Latch

Code Clock

To Transmitter Modulation

Chip needs to be ready “sometime” before latch clock

!! !"#!$#!%&'(")*"#!! <M8/0&/$/F2-(-'$!/^/B1(:%/H-JJ:%/3!:,:%(/"1/F-?-!/0%12$&(2A'(A2:/

!! 892:$(/=A21$':/0&/3e7$%J-%#/^/f&:2/F",,A%-(L/-&/E$2#:!L/f%$]$2:&/!! g<2""1/"1/E"'$(-"%/^/8-,:b/F$7$4-!-(L/0&/C%/f%,:(/S::J/

!! ;<=/,$L/4:/E"'D:J/"A(/"1/0%(:2%$(-"%$!/6$2D:(&/

!! !"#!$#+'),-.#!! <U0/C772"$'9/I":&/SB8/>:hA-2:/f&:2/3hA-7,:%(/("/H"!J/=:'2:(&/

!! 6-%"2/0,7$'(/B%/>:':-?:2&/(9$(/Z$%(/("/CA(9:%(-'$(:/

!! S"/0,7$'(/"%/>:':-?:2&/89$(/I"/S"(/Z$%(/("/CA(9:%(-'$(:/!! =(2"%#/=-#%$!/0%/=7$':/CA(9:%(-'$(-"%/0&/<"&&-4!:/1"2/E)05/EQF65/ENFI/$%J/

EN/ZCC=/

!! /.*.0"#!$#!%%.12)".#!! I"/S"(/S::J/YA!!/F"%&(:!!$(-"%5/3?:%/B%:/=M/F$%/<2"?-J:/=-#%-i'$%(/

E"'$(-"%/C&&A2$%':/;$-%/!! <"&&-4!:/>:?:%A:/=(2:$,/1"2/;<=/


!! <"!-'L/>:'",,:%J$(-"%&/SV! /%&(9C3#(#L%+)C#:(4.%)(1#0%1.2<#@%9#'.J.1#B%2(4.%)#()C#/.G-#;33+9()2-u#0+44.)>#47-#0.-2-3#/%>-47-9Q#=)3.C-N:LL#

X(>(a.)-Q#L-A4-G\-9K524%\-9#f[Sf#

!! F2L7("#2$79-'/=-#%$!/CA(9:%(-'$(-"%/SV! ;)4.RLA%%i)>#]#;+47-)4.2(4-C#L.>)(1#;927.4-24+9-3#@%9#'.J.1#:(J.>(4.%)#L<34-G3Q#=5:#N:LL#f[[Z#

fV! BS'#L7%+1C#=)2%9A%9(4-#'9<A4%>9(A7.2#;+47-)4.2(4.%)#P-(4+9-3Q##X(<#f[[g#'%GG-)43#%)#='?RN0LRU[[#

ZV! '.J.1.()#N0L#L.>)(1#.)#LA(2-#M)7()2-G-)43#@%9#;)4.LA%%i)>#()C#B%2(4.%)#;+47-)4.2(4.%)Q#A9-3-)4-C#(4#o:'#f[SSQ#

fU#o+)-Q#f[SS#

rV! B%2(4.%)#L.>)(4+9-3"#09%J.)>#B%2(4.%)#4%#L-2%)C#0(94.-3#&.47%+4#O-m+.9.)>#/9+34#Sf#o+)-#f[SfQ#o:'#f[Sf#

!! @$,,:2/E"'$(-"%/g@jNNb/SV! opSS"#/7-#'(3-#@%9#P(34#o(GG-9#?-4-24.%)#()C#B%2(4.%)#^3.)>#'9%&C3%+92.)>#;AA9%(27-3Q#A(A-9#A9-3-)4-C#(4#

=5:RN:LLRf[SSQ#L-A4-G\-9#f[RfZQ#f[SS#

!! >:':-?:2/F:2(-i'$(-"%/SV! O-2-.J-9#'-94.i2(4.%)"#X(H.)>#47-#N:LL#M)J.9%)G-)4#$%34.1-#4%#o(GG-93#]#LA%%@-93Q#A9-3-)4-C#:%J#pQ#f[SS#4%#

0:/#Mv'5X#;,V#;J(.1(\1-#(4##744A"KK&&&VA)4V>%JK(CJ.3%9<Kf[SSKSSK32%44VAC@#

fV! B-J-1#S#?9(@4#LA-2.i2(4.%)#A%34-C#(4"##744A"KK1%>()V32%44V7%G-V2%G2(34V)-4Kk1%>()V32%44K#



!! N-)V#b9-4d#X.27(-1#hV#$(<C-)Q#09.)2.A(1Q#/7-#'7-94%c#

N9%+Aw#

!! `0(94#%@#%+9#2<\-9#A%1.2<#A9%\1-G#.3#.43#)-&)-33#()C#%+9#@(G.1.(9#-WA-9.-)2-#.)#A7<3.2(1#3A(2-#C%-3#)%4#-(3.1<#49()3@-9#

4%#2<\-93A(2-V#'(3+(11<#(AA1<.)>#&-11RH)%&)#2%)2-A43#@9%G#

A7<3.2(1#3A(2-#1.H-#C-4-99-)2-Q#&7-9-#(449.\+4.%)#.3#

(33+G-CQ#4%#2<\-93A(2-#&7-9-#(449.\+4.%)#.3#@9-m+-)41<#,"#$

F'1G5#A;$&($+$'#6&F#$31'$3+&5C'#4H$


† Testimony before House Permanent Select Committee on Intelligence, Chairman Mike Rogers (R-Mich), Cyber Threats and Ongoing Efforts to Protect the Nation Oct 4, 2011.


March 23, 2012: Apple Loses $50 Billion

Market Valuation In 5 Minutes

Although we do not believe significant market data delays were the primary factor in causing the events of May 6, our analyses of that day reveal the extent to which the actions of market participants can be influenced by uncertainty about, or delays in, market data. SEC, Findings Regarding the Market Events of May 6, 2010

May 6, 2010

http://kelloggfinance.files.wordpress.com/2010/05/chart_dow_dip2-top1.gif?w=475&h=246

!! :-&3#34%9<#&(3#(24+(11<#g#<-(93#%1CQ#@9%G#f[[fQ#\+4#&(3#4.G-#34(GA-C#(3#2+99-)4#

!! ^;B#C9%AA-C#tgs#@9%G#YSfVZ[#4%#YZ#.)#(#G(44-9#%@#k#Z#G.)+4-3#


Stock Chart from: Berger et al., Rumors in Financial Markets 1 December 2010

14 November 2012 © Logan Scott / LS Consulting 43 14 November 2012 © Logan Scott / LS Consulting

Graphic from: Economist, 4 August 2012

!! M^#-WA-24-C#4%#9-m+.9-#3.>)(1#(+47-)4.2(4.%)#.)#49()3A%94(4.%)#3-24%93V#!! N(1.1-%#'%GG-92.(1#L-9J.2-3#b'Ld#L.>)(1#$(3#;+47-)4.2(4.%)#

P-(4+9-3#

!! ;+47-)4.2(4.%)#E-<3#6.11#\-#`P%9#P--e#!! ?-#@(24%#9-m+.9-G-)4#4%#+3-#N(1.1-%#

!! L-11#;+47-)4.2(4.%)#E-<3#%)#;G(a%)Q#./+)-3#-42V#!! '%GG-92.(1#O-4(.1-93#7(J-#?.349.\+4.%)#'7())-13#.)#01(2-#!! =33+-#.3#%)-#%@#'%GA1.()2-Q#)%4#L-2+9.4<#!! =@#S[s#%@#+3-9F3#27-(4u#47(4#G-()3#p[s#A(.C#

!! /7-9-#=3#;13%#;)%47-9#'%)49%1#L->G-)4#,+3.)-33#=)#B%&#B(4-)2<#B%2(4.%)#;+47-)4.2(4.%)#


!! ===F/F$%/C!&"/H$?:/F2L7("/F"%(2"!!:J/<9$&:/F",7"%:%(/

!! F$%/8-,:/6A!(-7!:e/8L7:/N/R/8L7:/Q/KA2&(-%#/


Cipher Stream Generator

L1CD Code Generator

Select

PN Code Clock

Timing Time Hop Selection

Cipher Stream

IS-GPS-800 Stream

100 sps Data Symbols

BPSK -> BOC Squarewave

Cipher Seed

The SSSC Code

;V! '()#L-1-24#0(47#&.47#X.).G+G#L-m+-349(4.%)#?-1(<#

,V! '()#,%+)C#/(9>-4#O-2-.J-9F3#B%2(4.%)#,(3-C#%)#O-1(4.J-#L-m+-349(4.%)#?-1(<3#

!! -V>V#Z#C-1(<3#2()#2%GA+4-#Z?#1%2(4.%)#


Target GPS

Spoofer or

Forger

Bent Pipe

SVi SVk

Authenti-cator “Y”

Authenti-cator “X”

Secure Timing





0

5

10

15

20

25

30

35

40

45

50

0

10

20

30

40

50

60

10 12 14 16 18 20 22 24 26 28 30

Circular Aperture Diameter (inches)

Two Sided 3 dB Beamwidth (degrees)

Peak Gain (dBiC)

L1 Antenna Characteristics (80% Aperture Efficiency)

Two Sided 3 dB Beamwidth (Degrees) Aperture Width(inches)

14 November 2012


Nominal L1CD C/No with 0dBiC Gain

Towards SV is ~ 40 dB-Hz

14 November 2012

CN0 Estimation Accuracy.xlsx

-4.0

-3.0

-2.0

-1.0

0.0

1.0

2.0

3.0

4.0

20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

C/N

o Es

timat

ion

Erro

r (dB

wrt

Tru

th)

C/No (dB-Hz)

50.0% High 50.0% Low 90.0% High 90.0% Low 99.0% High 99.0% Low

Coherent Receiver: 1 msec SSSC Burst every 0.010 sec (DF=10.0%) , 0.20 sec Collection Interval

Documents

16. Scott Presntation - Stanford Universityweb.stanford.edu/...presentation_files/16-Scott...© Logan Scott / LS Consulting "!"!"!"!"!