Assessing GNSS Receiver Vulnerability in Controlled But Realistic Conditions

Assessing GNSS Receiver Vulnerability in Controlled But Realistic Conditions
GSS8000

At a time when more and more services rely on GNSS for timing, navigation, or location comes the burgeoning realisation that unencrypted, civilian GNSS is vulnerable to accidental interference or malicious meddling.

That the hoaxing of GPS receivers is a reality and not a distant science-fiction threat has been underlined in a typically 21st century way, by disclosures on social media such as youtube.

At a time when more and more services rely on GNSS for timing, navigation, or location comes the burgeoning realisation that unencrypted, civilian GNSS is vulnerable to accidental interference or malicious meddling.

That the hoaxing of GPS receivers is a reality and not a distant science-fiction threat has been underlined in a typically 21st century way, by disclosures on social media such as youtube.

So, is this vulnerability an inherent flaw in the system or can robustness now be built in retrospectively? Of course, the system’s architects and founders had anticipated issues of vulnerability and had, for their target user group at least, designed in solutions which allow suitably equipped receivers to distinguish between genuine and hoax signals.

But what protects the vast majority of civil users using the unencrypted C/A code? Are all receivers bound to be equally subject to spoofing? How much impact does the design of the receiver have on its vulnerability?

Well, it turns out that the answer is quite a lot. The way that a receiver processes the data it receives from the satellites, the strategies it employs to acquire and then track the signals can have a crucial impact on how “naïve” or “cynical” the receiver is when tasked with sorting out the hoax from the genuine signals.

And so the GNSS system specifier and in turn the GNSS receiver designer have another set of compromises to define. A receiver that is too “suspicious” may reject valid PVT solutions whilst one that makes too many assumptions may be fast but vulnerable to hoaxing. The challenge now is to evaluate in a quantitative way the vulnerability of a receiver design to allow different mitigation techniques to be characterised both in terms of their efficacy and their impact on other performance parameters, such as time to first fix and sensitivity.

A leader in the field of GNSS signal security and authentication is Qascom of Italy. Qascom has developed techniques for assessing receiver response to malicious interference (or spoofing) making use of one or more Spirent simulators. Oscar Pozzobon of Qascom noted that Spirent were the clear choice of simulator to work with both because of the enormously powerful remote command capability and their widespread use in the industry.

Following initial successful implementations of a test bed using Spirent simulators (see ION 2012 proceedings), it seemed natural for Spirent and Qascom to work together in bringing a spoofing test bed to a wider group of users. The result is expected to be available before the end of this year and will allow users to reproduce controlled, simulated spoofing signal conditions on a device under test whilst simultaneously monitoring the receiver’s responses. Spoofing attacks consisting of multiple-phases (e.g., jam then swipe-off) can be implemented in a simulator representing the spoofer whilst a second simulator represents the genuine GNSS signal.

By clever use of the powerful multi-path tools within the simulator it is even possible to represent both the “genuine” and the “hoax” GNSS signal within a single GSS8000 chassis.

Finally, the system will allow alignment of a simulated spoofer to live-sky signals to allow a test of the vulnerability of a receiver with real world signals but in a conducted rather than radiated environment, thus avoiding the need for expensive, inconvenient, and very public test range trials.

In much the same way as anti-virus procedures and good practice regarding potentially malicious software are now a part of everyday life, so proper GNSS design will in the future incorporate mitigation techniques and good practices established to reduce vulnerability to hoaxers.

The solution will allow testing of anti-spoofing algorithms that will certainly be integrated in all future safety and financial critical GNSS applications, providing the baseline for GNSS receiver security certifications

Related Articles

Image