Protecting GPS Systems Against Spoofing and Jamming Threats

Similar documents
Time Synchronization Trends for Critical Infrastructure. Randy Brudzinski Vice President Microsemi

SyncServer S600/S650 Options, Upgrades and Antenna Accessories

Network Time Synchronization Why It is Crucial for Regulatory Compliance in Enterprise Applications

ZL70550 ADK Release Notes

TimeSource Enhanced PRTC Enhanced Primary Reference Time Clock

ENT-AN0125 Application Note PHY, Integrated PHY-Switch VeriPHY - Cable Diagnostics Feature

MAICMMC40X120 Application Note Power Core Module Mounting and Thermal Interface

MML4400 Series Datasheet RoHS-Compliant Fast Surface Mount MRI Protection Diodes

Zero Recovery Silicon Carbide Schottky Diode

Reliable and Scalable Midspan Injectors and Switches

MPS4101-6LP Datasheet 50 MHz 25 GHz RoHS-Compliant Control Device QFN SPST PIN

AC342 Application Note CQFP to CLGA Adapter Socket

GC4701-6LP Datasheet RoHS-Compliant Control Devices DC 15 GHz Surface Mount Limiter PIN Diode

UG0812 User Guide. T-Format Interface. February 2018

User Guide. PD-IM MH and PD-IM T4H Four 2-Pair Ports and Four 4-Pair Ports Evaluation Boards

Series 8 (12 Gbps) and Series 7 (6 Gbps) Technical Brief Flexible Configuration Options for Microsemi Adaptec SAS/SATA RAID Adapters

0912GN-120E/EL/EP Datasheet E-Series GaN Transistor

1214GN-50E/EL/EP Datasheet E-Series GaN Transistor Driver

Power Modules with Phase-Change Material

MIPI CSI-2 Receiver Decoder for PolarFire

Schottky Surface Mount Limiting Diode Driver RoHS Compliant

Ultrafast Soft Recovery Rectifier Diode

Control Devices Surface Mount Input-Limiting Diode Element

Reliable and Scalable Midspan Injectors and Switches

0912GN-50LE/LEL/LEP Datasheets E-Series GaN Transistor Driver

DG0723 Demo Guide SmartFusion2 Imaging and Video Kit MIPI CSI-2

MMS006AA Datasheet DC 20 GHz GaAs MMIC SP2T Non-Reflective Switch

Achieve Peak Performance

2731GN-120V Datasheet Class-AB GaN-on-SiC HEMT Transistor

Microsemi SmartFusion 2 SoC FPGA and IGLOO 2 FPGA

UG0649 User Guide. Display Controller. February 2018

Enhanced Prediction of Interconnect delays for FPGA Synthesis using MATLAB

Libero SoC v11.9 SP2 Release Notes 11/2018

DG0633 Demo Guide IGLOO2 FPGA CoreTSE MAC 1000 Base-T Loopback Demo - Libero SoC v11.7 SP2

MMA043AA Datasheet 0.5 GHz 12 GHz GaAs phemt MMIC Wideband Low-Noise Amplifier

UG0693 User Guide. Image Edge Detection. February 2018

Looking for a Swiss knife for storage ecosystem management? A comparative study of SMI-S, Redfish and Swordfish

UG0648 User Guide Motor Control Libero Project

Microsemi Adaptec Trusted Storage Solutions. A complete portfolio of 12 Gbps Host Bus Adapters, RAID Adapters, SAS Expander and Cables

Libero SoC v11.8 Service Pack 2 Release Notes 11/2017

User Guide. SparX-III PoE/PoE+ Reference Design

Understanding 802.3at. PoE Plus Standard Increases Available Power

MMA044AA Datasheet 6 GHz 18 GHz GaAs phemt MMIC Wideband Low-Noise Amplifier

Synchronizing and Securing the Enterprise Network with New Timing Technologies

PoE Midspans Harness Universal Power for Your Network. White Paper

Next Generation Power Solutions Solving Real World Interface Issues

DG0598 Demo Guide SmartFusion2 Dual-Axis Motor Control Starter Kit

UG0446 User Guide SmartFusion2 and IGLOO2 FPGA High Speed DDR Interfaces

UG0693 User Guide Image Edge Detection

Timing Constraints Editor User Guide

DG0849 Demo Guide PolarFire Dual Camera Video Kit

Spatial Debug & Debug without re-programming in Microsemi FPGAs

Power Matters. TM. Why Embedded Die? Piers Tremlett Microsemi 22/9/ Microsemi Corporation. Company Proprietary 1

Microsemi Corporation: CN18002

VSC8254, VSC8257, and VSC Timestamp Out-of- Sync (OOS) Summary

Microsemi Secured Connectivity FPGAs

UG0850 User Guide PolarFire FPGA Video Solution

UG0644 User Guide. DDR AXI Arbiter. February 2018

MPS2R Datasheet 100 MHz 6 GHz 40 W RoHS-Compliant Monolithic SPDT PIN Switch

Programming and Debug Tools PolarFire v2.0 Release Notes 11/2017

Using SMR Drives with Smart Storage Stack-Based HBA and RAID Solutions

MPLAD36KP14A MPLAD36KP400CA

MPLAD18KP7.0A MPLAD18KP200CA

DSP Flow for SmartFusion2 and IGLOO2 Devices - Libero SoC v11.6 TU0312 Quickstart and Design Tutorial

CoreSMIP v2.0. Handbook

ZL ZL30260-ZL30267 and ZL40250-ZL30253 Evaluation Software User Manual. November 2015

CoreConfigMaster v2.1. Handbook

Surface Mount 18,000 W Transient Voltage Suppressor

Microsemi System Products

Microsemi System Products

Microsemi Optical Transport Networking (OTN) Processors ECI and Microsemi Partnership

CoreMDIO_APB v2.0. Handbook

CoreResetP v7.0. Handbook

Core1553BRT v4.2 Release Notes

Microsemi IP Cores Accelerate the Development Cycle and Lower Development Costs

Field-Proven, Interoperable & Standards-Compliant Portfolio

Mixed Signal ICs for Space

UG0725 User Guide PolarFire FPGA Device Power-Up and Resets

Field-Proven, Interoperable, and Standards-Compliant Portfolio

PowerDsine Products Catalog

Reliability Monitoring and Outgoing Quality Report Q ESC Division. May 2018

PowerDsine Product Catalog

1588 Timestamp Out-of-Sync (OOS) Summary

SmartFusion2, IGLOO2, and RTG4 Designing with Blocks for Libero SoC v11.8 in the Enhanced Constraint Flow User Guide

Building High Reliability into Microsemi Designs with Synplify FPGA Tools

The Case for Midspans vs. Switches for PoE Deployment

CoreHPDMACtrl v2.1. Handbook

Best in Class. High Security and Capacity

SmartTime Static Timing Analyzer User Guide SmartFusion2, IGLOO2, RTG4, and PolarFire

CoreGPIO v3.1. Handbook

Surface-Mount 36,000 W Transient Voltage Suppressor

SmartFusion2 SoC FPGA Demo: Code Shadowing from SPI Flash to SDR Memory User s Guide

CoreAHBtoAPB3 v3.1. Handbook

AC412 Application Note IGLOO2 FPGA Flash*Freeze Entry and Exit - Libero SoC v11.8

SmartTime Static Timing Analyzer for Libero SoC v11.8 in the Enhanced Constraint Flow SmartFusion2, IGLOO2, and RTG4 User Guide

SyncServer S600 High-Performance, Enhanced Security Network Time Server

SyncServer S250 S250 NETWORKING EXCELLENCE. Examples of Network Timing Configurations

Huawei Enterprise S2700 Series Switches

IPS-1 Robust and accurate intrusion prevention

ProASIC PLUS SSO and Pin Placement Guidelines

Transcription:

BlueSky GPS Firewall Protecting GPS Systems Against Spoofing and Jamming Threats Protect Existing GPS Systems Secure Firewall Overlay Network Management System Deployment Secure Operations Features and Services

Protect Existing GPS Systems The BlueSky GPS Firewall Protects Existing GPS Systems Today and is Field Upgradeable to Address Future Incidents GPS revolutionized the world with its ability to provide an accurate, reliable, and cost-effective positioning, navigation, and timing (PNT) service with global coverage. Its rapid adoption and widespread proliferation enhances our way of life, but has also led to a dependency on GPS to maintain that way of life. Critical infrastructure sectors such as wireline and wireless networks, power grids, data centers, and emergency services now depend on PNT information delivered by GPS. Features Identifies and protects GPS systems from spoofing and jamming Integrates seamlessly between existing GPS antenna and GPS system Compatible with any GPS antenna that receives the L1 frequency Optional 1PPS and 10 MHz timing reference inputs for extended holdover Applications Wireline and wireless networks Utility and power grids Power-over-Ethernet (PoE) simplifies deployment by powering the firewall from the Ethernet interface Remote CLI in addition to secure and easy-to-use web interface Enterprise data centers Transportation networks The BlueSky GPS Firewall embedded software is field upgradeable Seamless integration with TimePictra provides end-to-end management of 10s, 100s, or 1,000s of units from a single server Emergency services Secure Firewall Overlay The BlueSky GPS Firewall solves the problem of protecting already deployed systems by providing a cost-effective overlay solution installed between existing GPS antennas and GPS systems. Similar to a network firewall, the BlueSky GPS Firewall protects systems inside the firewall from untrusted sky-based signals outside the firewall. Contained within the BlueSky GPS Firewall is a software engine that analyzes the GPS signal. GPS signal data is received and evaluated from each satellite to ensure compliance with GPS standards along with analyzing received signal characteristics. This information is used by the firewall to block anomalous GPS signals and provide a hardened GPS signal output to downstream GPS systems. Management of wide-scale deployment of the BlueSky GPS Firewall units is simplified using Microsemi s TimePictra management system. TimePictra enables a regional, national, or global view of your PNT infrastructure to provide early alerting to threats before your PNT network is affected. 2

Secure Firewall Overlay Microsemi s BlueSky GPS Firewall is deployed in-line between an existing GPS antenna and GPS receiver system. The BlueSky GPS Firewall analyzes incoming GPS signals from the antenna to identify anomalous or spoofed GPS signals. When anomalous signal conditions are detected, the BlueSky GPS Firewall blocks the unwanted signals and prevents them from propagating to downstream GPS systems. This isolates and protects downstream GPS systems from harmful GPS signals outside the firewall. The BlueSky GPS Firewall installs in a standard 19-inch rack and can be placed near the GPS receiver system or near the point at which the GPS antenna cable enters the building. Power for the GPS antenna is provided by the BlueSky GPS Firewall using a software configurable setting for 0, 5, or 12 VDC. Thus, nearly all currently deployed GPS antennas are supported without modifying the existing installation. Power for the BlueSky GPS Firewall is provided by Powerover-Ethernet (PoE) on the management port. This enables current PoE deployments to integrate seamlessly with the BlueSky GPS Firewall while only requiring a small PoE midspan device for installations that need to power the BlueSky GPS Firewall from AC. GPS Antenna Coax GPS Firewall Coax Ethernet/Management port with Power-over-Ethernet (PoE) GPS Receiver Transportation Communications Critical Infrastructure Enterprise Power Utility 3

Network Management Timing and synchronization are increasingly important to the operation of critical infrastructure sectors. A comprehensive view of an operator s time and frequency systems is paramount to identifying and localizing issues, taking corrective actions, and ensuring continued operations. The BlueSky GPS Firewall contains a client application that integrates seamlessly with Microsemi s TimePictra management system. TimePictra is a web-based management system for time, frequency, and synchronization of network elements. It features a modular architecture that scales and evolves to address new or changing operational requirements. When using TimePictra to manage a deployment of the BlueSky GPS Firewall, users have centralized control and visibility of their network to ensure their enterprise is operating properly. Within TimePictra, the BlueSky GPS Firewall is managed as a network element similar to other Microsemi products. This includes auto discovery and alarm reporting, SV tracking details, latitude and longitude for mapping, remote control, and the ability to upgrade anomaly detection criteria or the entire BlueSky client. TimePictra The BlueSky GPS Firewall provides users control from a web-based graphical interface and the ability to update data validation rules For small-scale deployments, the BlueSky GPS Firewall provides an intuitive, web-based GUI where TimePictra may not be the right management solution. This GUI provides the same status and controls available through TimePictra and includes the ability to remotely update the BlueSky client application and anomaly detection criteria. As with any network connected device, network security is critical to ensuring continued operations. The BlueSky GPS Firewall utilizes the following latest security measures and protocols to protect against network intrusion. Management: CLI over SSHv2, secure web-based management (HTTPS/SSL), and TimePictra support x.509 Certificate support, Radius, LDAP, TACACS+ IPv4, IPv6 (future), DHCP, remote syslog logging TimePictra manages the BlueSky GPS Firewall and other Microsemi synchronization products 4

System Deployment The BlueSky GPS Firewall protects downstream users by monitoring the data contained within the GPS signals along with the GPS signal characteristics. When a GPS incident is detected, the BlueSky GPS Firewall alerts users of the condition and takes appropriate action to prevent the GPS signal from propagating to downstream users, effectively creating the BlueSky environment for users regardless of current live-sky GPS conditions. Hardened GPS Hardened GPS is the most secure GPS output because it provides a synthesized GPS signal isolated from the live-sky environment. The hardened GPS output is not a copy of the live-sky GPS signal and is only loosely based on information received from the live-sky signal. Thus, a secure BlueSky GPS environment is created. When GPS incidents are detected by the BlueSky GPS Firewall, the hardened GPS output continues to be available. Downstream users can continue to use the hardened GPS signal during times of GPS jamming or GPS spoofing without impacting their system performance. The hardened GPS output provides a synthesized version of the GPS L1 signal. Because the GPS L1 signal is supported by all current and foreseeable GPS based systems, it provides backward compatibility while also being future-proof. Validated GPS The Validated GPS output provides a copy of the actual GPS signal being analyzed by the firewall. When anomalous conditions are detected, the firewall turns the validated GPS output off to protect users from potentially corrupted GPS signals. Once conditions are deemed safe, the validated GPS output is turned back on. Validated GPS includes copies of the L1, L2, and L5 signals on a single output. This enables downstream systems that use multiple GPS frequencies (such as SAASM or M-code) to use the BlueSky GPS Firewall to provide an additional layer of protection. Also, mobile platforms can use the validated GPS signal without degrading the accuracy of their PNT solution. Holdover GPS Antenna 10 MHz 1PPS BlueSky GPS Firewall Autonomous Timescale GPS Signal Synthesizer BlueSky Software Engine GPS Reception On/Off Switch Hardened GPS Output When GPS deemed non-compliant, continues to provide output using holdover Validated GPS Output When GPS deemed non-compliant, output interrupted Atomic Reference External input capability from an atomic reference (10 MHz or 1PPS input) enables users to enhance the performance of the BlueSky GPS Firewall. Adding an atomic reference enables the BlueSky GPS Firewall to enhance its GPS event detection capabilities while also extending its ability to provide accurate time (using the hardened GPS output) during live-sky GPS incidents (or jamming). All downstream systems inherit the performance of the atomic reference being utilized by the BlueSky GPS Firewall. 5

Secure Operations Similar to network security threats, new GPS errors are on the rise and Microsemi is continuously tracking GPS signal manipulation including spoofing threats, jamming incidents, multipath signal interference, space weather, and many other issues that can create GPS signal anomalies, disruptions, and outages. At the core of the BlueSky GPS Firewall is a programmable anomaly detector that validates the GPS subframes for spoofing incidents based on defined data validation rules. A wide range of rules have already been built into the BlueSky GPS Firewall to detect suspicious time and position inconsistencies. As with traditional security firewalls, new validation rules are dynamically loaded into the BlueSky GPS Firewall as new threats are identified. The BlueSky GPS Firewall utilizes complementary algorithms based on fundamental observables and expected values to establish a layered defense in securing GPS signals. This provides protection against currently conceived threats and enables security updates to protect against future threats to maintain an evolving, secure system. Data Validator The BlueSky GPS Firewall analyzes all data received from a GPS signal and validates that it complies with GPS standards and expected values. Otherwise, the signal is deemed to be noncompliant and actions are taken to prevent its dissemination to downstream systems. A standard set of data validation rules are included on the BlueSky GPS Firewall. They are based upon IS-GPS-200H. However, they are updatable by the user to provide any additional checks a user may want to implement based upon their knowledge of the live-sky GPS environment. Time Waits for No Man Nor does it speed up. Unique to Microsemi s BlueSky GPS Firewall is the deployment of an autonomous timescale. An autonomous timescale is crucial to detecting anomalous GPS events because it provides an independent means of validating time from external sources (such as GPS). It enables a user to optimize the BlueSky GPS Firewall to achieve their cost and performance requirements. Signal Characteristics Most GPS attacks are precipitated by a knock-off event that forces GPS systems to momentarily lose lock on actual GPS signals and then replace those signals with spoofed GPS signals. The BlueSky GPS Firewall identifies potential knock-off events by analyzing incoming GPS signal power in conjunction with other indicators that detect the presence of potentionally corrupted GPS transmissions. Hosted Applications In addition to updating its data validation rules as threats evolve, the BlueSky GPS Firewall can host third-party applications to enable entities (government or private) to develop applications hosted on the BlueSky GPS Firewall that address their unique needs and protects their proprietary information. Updates to GPS Data Validation Rules Microsemi s experts are recognized leaders in the field of time and frequency synchronization. Similar to network security threats, new GPS errors are on the rise and Microsemi is continuosly tracking GPS signal activity. Microsemi s worldwide deployment of atomic clocks and GPS systems are used as a reference frame to continuously analyze GPS data for changes including spoofing threats, jamming attacks, multipath signal interference, atmospheric activity, and any other effect that degrades GPS performance. New GPS data validation rules can be deployed using either Microsemi s TimePictra management software or the BlueSky GPS Firewall s secure web-based interface. 6

Features and Services BlueSky GPS Firewall System Specifications GPS Antenna Input TNC(F) Antenna bias voltage 0 VDC, 5 VDC, 12 VDC (software selectable) Hardened GPS Output Output provided using holdover when GPS is non-compliant. TNC(F) Antenna bias voltage DC blocked Power 126 dbm to 96 dbm (software selectable) Satellites channels 12 Time transfer accuracy Meets or exceeds live-sky performance Validated GPS Output Output interrupted when GPS is non-compliant. TNC(F) 1PPS Input SMA(F) TTL compliant 10 MHz Input SMA(F) Level 3 dbm to 13 dbm Management, Power Interfaces, and Diagnostics Ethernet and POE RJ45 tri-mode Ethernet (10/100/1000BASE-T) with Power-over-Ethernet (PoE) per 802.3a Management CLI over SSHv2, secure webbased management (HTTPS/ SSL), and TimePictra support User Authentication x.509 Certificate support, Radius, LDAP, TACACS+ Network Interfaces IPv4, IPv6 (future), DHCP, remote syslog logging LEDs Power, GPS valid, alarm Mechanical/Environmental Size 1 U rack mount, 13 (W) 6.7 (D) 1.72 (H) Operating temperature 0 C to 50 C Operating humidity Weight 0 95% (noncondensing) 2 lbs standalone, 3 lbs with shipping package Regulatory Compliance EMC compliance FCC part 15 (Class A) Environmental compliance RoHS (6 of 6) Hardware Accessories Included Microsemi PD-3501 (single-port Power-over-Ethernet adapter) Mounting hardware for 19-inch rack BlueSky GPS Firewall Rear Panel 10 MHz input 1PPS input GPS Antenna input Hardened GPS output Reset Validated GPS output Services Microsemi provides a wide range of services. With over 40 years of designing timing systems for mission-critical applications, Microsemi has comprehensive support resources available to ensure that customers are able to use all of the features of the BlueSky GPS Firewall. Available services for the BlueSky GPS Firewall include: Site survey and verification 24/7 technical support On-site installation Training Extended hardware warranty Rapid Replacement Service 7

Microsemi s BlueSky GPS Firewall Evaluation Kit Microsemi is continually adding new products to its industry-leading portfolio. For the most recent updates to our product line and for detailed information and specifications, please call, email, or visit our website. Toll-free: 800-713-4113 sales.support@microsemi.com www.microsemi.com Microsemi Corporate Headquarters One Enterprise, Aliso Viejo, CA 92656 USA Within the USA: +1 (800) 713-4113 Outside the USA: +1 (949) 380-6100 Fax: +1 (949) 215-4996 Email: sales.support@microsemi.com www.microsemi.com 2017 Microsemi Corporation. All rights reserved. Microsemi and the Microsemi logo are registered trademarks of Microsemi Corporation. All other trademarks and service marks are the property of their respective owners. Microsemi Corporation (Nasdaq: MSCC) offers a comprehensive portfolio of semiconductor and system solutions for aerospace & defense, communications, data center and industrial markets. Products include high-performance and radiation-hardened analog mixed-signal integrated circuits, FPGAs, SoCs and ASICs; power management products; timing and synchronization devices and precise time solutions, setting the world s standard for time; voice processing devices; RF solutions; discrete components; enterprise storage and communication solutions, security technologies and scalable anti-tamper products; Ethernet solutions; Power-over-Ethernet ICs and midspans; as well as custom design capabilities and services. Microsemi is headquartered in Aliso Viejo, California and has approximately 4,800 employees globally. Learn more at www.microsemi.com. Microsemi makes no warranty, representation, or guarantee regarding the information contained herein or the suitability of its products and services for any particular purpose, nor does Microsemi assume any liability whatsoever arising out of the application or use of any product or circuit. The products sold hereunder and any other products sold by Microsemi have been subject to limited testing and should not be used in conjunction with mission-critical equipment or applications. Any performance specifications are believed to be reliable but are not verified, and Buyer must conduct and complete all performance and other testing of the products, alone and together with, or installed in, any end-products. Buyer shall not rely on any data and performance specifications or parameters provided by Microsemi. It is the Buyer s responsibility to independently determine suitability of any products and to test and verify the same. The information provided by Microsemi hereunder is provided as is, where is and with all faults, and the entire risk associated with such information is entirely with the Buyer. Microsemi does not grant, explicitly or implicitly, to any party any patent rights, licenses, or any other IP rights, whether with regard to such information itself or anything described by such information. Information provided in this document is proprietary to Microsemi, and Microsemi reserves the right to make any changes to the information in this document or to any products and services at any time without notice. MSCC-0104-BR-0106-1.00-0917

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback