ACL-Rover: Autonomic Computing Lab GPS-guided Rover

A Testbed to Study GPS Security for Unmanned and Autonomous Vehicles

IMG-2584

Fig. 1: ACL-Rover testbed

Global Positioning System (GPS), one of the most popular and relied Global Navigation Satellite Systems (GNSSs) is used by millions of Unmanned and Autonomous Vehicle for outdoor navigation. Civilian GPS being unencrypted, is always an easy attack surface for intruders to attack any autonomous system. Recently, Machine Learning based GPS Intrusion Detection Systems have grown popularity due to their high attack detection accuracy and effectiveness. But all Machine Learning based implementations used data collected from simulated environments (MATLAB, Gazebo etc.) which do not reflect a real-life attack scenario. Motivated by these limitations, in my research I am introducing a real-world dataset with normal vehicle data and GPS spoofing attack data collected using an Autonomous Rover testbed.

Hardware Architecture of ACL-Rover

I built the rover from scratch using commonly used electronics. A list of parts include: 

1. Pixhawk/ PX4 flight controller,
2. Neo M8N GPS receiver with Digital Compass,
3. RC car chassis (used a 1/12th scale truck),
4. Raspberry Pi 4B – to process the GPS spoofing attack,
5. HackRF One Software Defined Radio to transmit the GPS spoofing attack.

An architecture of the ACL-Rover hardware setup is given below:

Fig. 2: ACL-Rover Architecture

Data Collection

Fig. 3: Data Collection (The Fun Part!)

To me, the most fun as well as challenging part of the research was the data collection. I chose this beautiful wide and empty field at the University of Arizona campus where my vehicle can receive uninterrupted stream of GPS information from satellites. Normal data collection was fun, all I had to do is to upload a mission to the vehicle and watch it follow its path. The challenge comes in attack data collection! First, when I spoof the vehicle during autonomous operation, it gets out of control. Second, each time I spoof, the vehicle looses all its authentic GPS locks and never goes back to normal autonomous operation. After I read a bit about the GPS receivers, I figured out that most of the commercial GPS receivers need assistance from other sources to get a GPS position during cold start. For example, our cellphones use wifi and network towers to know location in GPS denied environment; therefore it always remains locked to its current location. So I had to find a way to assist my GPS receiver to get back to a normal GPS lock each time I performed GPS spoofing attack. I used u-center software to assist the receiver and cold-start it after each attack.