Publicerad den Lämna en kommentar

Research Roundup: Combatting jamming and spoofing

Image: MF3d/E+/Getty Images

Image: MF3d/E+/Getty Images

Of the hundreds of papers researchers presented at 2020’s annual Institute of Navigation (ION) GNSS+ conference, which took place virtually Sept. 21–25, the following six focused on combating jamming and spoofing. The papers are available at

Using Direction of Arrival

The author presents a scheme to combine multiple measurements for GNSS spoof detection for safety-of-life applications. The author’s algorithm combines both independent and correlated direction of arrival measurements that result in an analytic solution for the detection threshold, which can be computed online by the receiver. The scheme is validated for correlated azimuth measurements with data recorded by a dual-polarization antenna mounted on a C12 aircraft in flight, and applied to data from a live spoofing event. Results show an increase in detections of 47% using just two sequential measurements, with equal robustness for false alerts compared to snapshot-based detection. The results also show using sequential spoof detection is a powerful way to improve the detection capability of an anti-spoof defense, costing only added computational complexity while introducing a timely component to the detection.

Citation. Rothmaier, Fabian; “Optimal Sequential Spoof Detection Based on Direction of Arrival Measurements.”

Using Neural Networks

Spoofing attacks are difficult to model and counteract. Data-driven schemes become useful if enough training data is available. This article explores such an approach using the cross-ambiguity function delay/Doppler map as input to a deep neural network for classification purposes. Several neural network models are trained, and their performance compared for detection and false-alarm probabilities. Results are promising, particularly with more complex neural networks, which are able to capture the nature of spoofing attacks. The method operates on a per-satellite basis.

Citation. Borhani-Darian, Parisa; Li, Haoqing; Wu, Peng; Closas, Pau; “Deep Neural Network Approach to Detect GNSS Spoofing Attacks.”

Using Networks for Timing

Information cross-validation can be a powerful tool to detect manipulated, dubious GNSS timing data. Opportunistic time providers, Wi-Fi beacons and dedicated timing infrastructures provide largely available, precise sources of time information. A promising approach is to leverage time obtained over networks to which a mobile device can connect, and detect discrepancies between the GNSS-provided time and the network time. The paper investigates different options to secure augmentation time information, notably Network Time Security (NTS) and modified Wi-Fi beacons to support authentication. This scheme requires limited overhead, does not disrupt the normal operation of the Wi-Fi access points, and can be readily deployed.

Citation. Spanghero, Marco; Zhang, Kewei; Papadimitratos, Panagiotis; “Authenticated Time for Detecting GNSS Attacks.”

Using Cooperative Positioning

This paper highlights possible metrics to be checked to identify malicious attacks to the positioning and navigation systems in mass-market connected devices. The network-based exchange of GNSS data — such as GNSS raw measurements recently disclosed in Android smart devices — could offer the possibility to compare or combine such metrics to better identify spoofing and meaconing attacks.

This paper provides experimental tests and analysis toward devising an anti-spoofing strategy in connected GNSS devices. Included are a classical spoofing approach (simplistic RF attack) and its effects on the raw GNSS observables. With two synchronized devices in a cooperative framework, possible metrics are highlighted to identify a spoofing attack to one of the devices by observing anomalies.

Also included is work on simulated meaconing of an already-developed collaborative positioning framework based on the exchange of raw GNSS measurements through the network. The different approaches of an attack to the framework are laid down, and the anomalies to be considered to detect an attack in a network of cooperating devices are presented.

This paper represents a part of a larger goal to develop an anti-spoofing detection and coping mechanism in connected commercial GNSS devices.

Citation. Rustamov, Akmal; Gogoi, Neil; Minetto, Alex; Dovis, Fabio; “GNSS Anti-Spoofing Defense Based on Cooperative Positioning.”

Using OSNMA in the GIANO GNSS receiver

In recent years, the awareness about jamming and spoofing risks has been increasing, particularly in the timing community because they may cause the disruption of critical services and infrastructures in the telecommunication, energy and finance sectors, which rely on GNSS timing to operate. To overcome these hazards, the European GNSS Agency (GSA) has funded the development of timing receivers for professional applications, with the aim to address specifically the above vulnerabilities, improving the receiver’s robustness and the accuracy and reliability of time transfer.

In this context, the GIANO (Galileo-based timing receiver for critical infrastructures robustness) project consortium, coordinated by Thales Alenia Space Italy and with the support of Deimos Engenharia S.A. (Portugal), the Space Research Centre PAS in Poznan (Poland), Piktime System SP. Zoo (Poland) and Business Integration Partner S.p.A. (Italy), has been awarded a contract in the framework of the GSA’s “Fundamental Elements” program to develop a timing receiver for critical infrastructure applications. Besides the implementation of some interference and spoofing detection and mitigation techniques, the GIANO receiver makes use of Galileo’s authentication service OSNMA (Open Service Navigation Message Authentication), which can be employed as an added defense against some types of spoofing.

OSNMA exploits the TESLA (Time Efficient Stream Loss-tolerant Authentication) scheme, which is a protocol based on the transmission of message authentication codes generated with a key broadcast with some delay. The receiver authenticates the satellite messages through a digital signature algorithm and a public key known by the receivers, which also validates the root key of the TESLA chain, and through message authentication codes (MAC) used to authenticate specific fields of the navigation message. The receiver will also support public key renewals over the air.

This paper presents the OSNMA implementation within GIANO receiver, including the cryptographic operations required. The GIANO OSNMA capability will be extensively tested and validated with the support of the European Commission Joint Research Centre (Ispra, Italy).

Citation. Catalano, Valeria; Prata, Ricardo; Carvalho, Filipe; Nunes, Rui; Marradi, Livio; Franzoni, Gianluca; Puccitelli, Marco; Campana, Roberto; Gioia, Ciro; “Galileo OSNMA Preliminary Implementation in the GIANO GNSS Receiver.”

Using Chimera Authentication

Chimera is a signal authentication enhancement suitable for protecting the L1C GPS signal. As specified by the acronym itself (chips-message robust authentication), Chimera is based on the insertion of authentication features both at the message and spreading code levels. The data are digitally signed, while the spreading code is protected by the insertion of cryptographically generated punctures.

The Chimera interface specification document was made public in 2019, while its first transmission is expected to be broadcast from the Navigation Technology Satellite 3 (NTS-3) satellite, set for launch in 2023.

This paper describes the software implementation of the functions required to enable a GNSS software receiver to elaborate the Chimera authentication service. It includes a description of the development work and a detailed software profiling analysis, allowing for evaluation of the additional computational burden required by the Chimera verification and useful for providing important guidelines for receiver implementation.

Citation. Gamba, Micaela Troglia; Nicola, Mario; Motella, Beatrice; “GPS Chimera: A Software Profiling Analysis.”

Lämna ett svar