Signal processing techniques for GNSS anti-spoofing algorithms

The Global Navigation Satellite Systems (GNSS) usage is growing at a very high rate, and more applications are relying on GNSS for correct functioning. With the introduction of new GNSSs, like the European Galileo and the Chinese Beidou, in addition to the existing ones, the United States Global Positioning System (GPS) and the Russian GLONASS, the applications, accuracy of the position and usage of the signals are increasing by the day. Given that GNSS signals are received with very low power, they are prone to interference events that may reduce the usage or decrease the accuracy. From these interference, the spoofing attack is the one that has drawn major concerns in the GNSS community. A spoofing attack consist on the transmission of GNSS-like signals, with the goal of taking control of the receiver and make it compute an erroneous position and time solution. In the thesis, we focus on the design and validation of different signal processing techniques, that aim at detection and mitigation of the spoofing attack effects. These are standalone techniques, working at the receiver’s level and providing discrimination of spoofing events without the need of external hardware or communication links. Four different techniques are explored, each of them with its unique sets of advantages and disadvantages, and a unique approach to spoofing detection. For these techniques, a spoofing detection algorithm is designed and implemented, and its capabilities are validated by means of a set of datasets containing spoofing signals. The thesis focuses on two different aspects of the techniques, divided as per detection and mitigation capabilities. Both detection techniques are complementary, their joint use is explored and experimental results are shown that demonstrate the advantages. In addition, each mitigation technique is analyzed separately as they require specialized receiver architecture in order to achieve spoofing detection and mitigation. These techniques are able to decrease the effects of the spoofing attacks, to the point of removing the spoofing signal from the receiver and compute navigation solutions that are not controlled by the spoofer and lead in more accurate end results. The main contributions of this thesis are: the description of a multidimensional ratio metric test for distinction between spoofing and multipath effects; the introduction of a cross-check between automatic gain control measurements and the carrier to noise density ratio, for distinction between spoofing attacks and other interference events; the description of a novel signal processing method for detection and mitigation of spoofing effects, based on the use of linear regression algorithms; and the description of a spoofing detection algorithm based on a feedback tracking architecture

Fast Sequence Component Analysis for Attack Detection in Synchrophasor Networks

Modern power systems have begun integrating synchrophasor technologies into part of daily operations. Given the amount of solutions offered and the maturity rate of application development it is not a matter of "if" but a matter of "when" in regards to these technologies becoming ubiquitous in control centers around the world. While the benefits are numerous, the functionality of operator-level applications can easily be nullified by injection of deceptive data signals disguised as genuine measurements. Such deceptive action is a common precursor to nefarious, often malicious activity. A correlation coefficient characterization and machine learning methodology are proposed to detect and identify injection of spoofed data signals. The proposed method utilizes statistical relationships intrinsic to power system parameters, which are quantified and presented. Several spoofing schemes have been developed to qualitatively and quantitatively demonstrate detection capabilities.Comment: 8 pages, 4 figures, submitted to IEEE Transaction

GNSS Vulnerabilities and Existing Solutions:A Review of the Literature

This literature review paper focuses on existing vulnerabilities associated with global navigation satellite systems (GNSSs). With respect to the civilian/non encrypted GNSSs, they are employed for proving positioning, navigation and timing (PNT) solutions across a wide range of industries. Some of these include electric power grids, stock exchange systems, cellular communications, agriculture, unmanned aerial systems and intelligent transportation systems. In this survey paper, physical degradations, existing threats and solutions adopted in academia and industry are presented. In regards to GNSS threats, jamming and spoofing attacks as well as detection techniques adopted in the literature are surveyed and summarized. Also discussed are multipath propagation in GNSS and non line-of-sight (NLoS) detection techniques. The review also identifies and discusses open research areas and techniques which can be investigated for the purpose of enhancing the robustness of GNSS

Radio Frequency Interference Impact Assessment on Global Navigation Satellite Systems

The Institute for the Protection and Security of the Citizen of the EC Joint Research Centre (IPSC-JRC) has been mandated to perform a study on the Radio Frequency (RF) threat against telecommunications and ICT control systems. This study is divided into two parts. The rst part concerns the assessment of high energy radio frequency (HERF) threats, where the focus is on the generation of electromagnetic pulses (EMP), the development of corresponding devices and the possible impact on ICT and power distribution systems. The second part of the study concerns radio frequency interference (RFI) with regard to global navigation satellite systems (GNSS). This document contributes to the second part and contains a detailed literature study disclosing the weaknesses of GNSS systems. Whereas the HERF analysis only concerns intentional interference issues, this study on GNSS also takes into account unintentional interference, enlarging the spectrum of plausible interference scenarios.JRC.DG.G.6-Security technology assessmen

Nanosecond-Level Resilient GNSS-Based Time Synchronization in Telecommunication Networks Through WR-PTP HA

In recent years, the push for accurate and reliable time synchronization has gained momentum in critical infrastructures, especially in telecommunication networks, driven by the demands of 5G new radio and next-generation technologies that rely on submicrosecond timing accuracy for radio access network (RAN) nodes. Traditionally, atomic clocks paired with global navigation satellite systems (GNSS) timing receivers have served as grand master clocks, supported by dedicated network timing protocols. However, this approach struggles to scale with the increasing numbers of RAN intermediate nodes. To address scalability and high-accuracy synchronization, a more cost-effective and capillary solution is needed. Standalone GNSS timing receivers leverage ubiquitous satellite signals to offer stable timing signals but can expose networks to radio-frequency attacks due to the consequent proliferation of GNSS antennas. Our research introduces a solution by combining the white rabbit precise time protocol with a backup timing source logic acting in case of timing disruptive attacks against GNSS for resilient GNSS-based network synchronization. It has been rigorously tested against common jamming, meaconing, and spoofing attacks, consistently maintaining 2 ns relative synchronization accuracy between nodes, all without the need for an atomic clock

GNSS Related Threats to Power Grid Applications

As power grid environments are moving towards the smart grid vision of the future, the traditional schemes for power grid protection and control are making way for new applications. The advancements in this field have made the requirements for power grid’s time synchronization accuracy and precision considerably more demanding. So far, the signals provided by Global Navigation Satellite Systems have generally addressed the need for highly accurate and stable reference time in power grid applications. These signals however are highly susceptible to tampering as they are being transmitted. Since electrical power transmission and distribution are critical functions for any modern society, the risks and impacts affiliated with satellite-based time synchronization in power grids ought to be examined. This thesis aims to address the matter. The objective is to examine how Global Navigation Satellite Systems are utilized in the power grids, how different attacks would potentially be carried out by employing interference and disturbance to GNSS signals and receivers and how the potential threats can be mitigated. A major part of the research is done through literature review, and the core concepts and different implementations of Global Navigation Satellite Systems are firstly introduced. The literature review also involves the introduction of different power grid components and subsystems, that utilize Global Positioning System for time synchronization. Threat modeling techniques traditionally practiced in software development are applied to power grid components and subsystems to gain insight about the possible threats and their impacts. The threats recognized through this process are evaluated and potential techniques for mitigating the most notable threats are presented.Sähköverkot ovat siirtymässä kohti tulevaisuuden älykkäitä sähköverkkoja ja perinteiset sähköverkon suojaus- ja ohjausmenetelmät tekevät tilaa uusille sovelluksille. Alan kehitys on tehnyt aikasynkronoinnin tarkkuusvaatimuksista huomattavasti aikaisempaa vaativampia. Tarkka aikareferenssi sähköverkoissa on tähän saakka saavutettu satelliittinavigointijärjestelmien tarjoamien signaalien avulla. Nämä signaalit ovat kuitenkin erittäin alttiita erilaisille hyökkäyksille. Sähkönjakelujärjestelmät ovat kriittinen osa nykyaikaista yhteiskuntaa ja riskejä sekä seuraamuksia, jotka liittyvät satelliittipohjaisten aikasynkronointimenetelmien hyödyntämiseen sähköverkoissa, tulisi tarkastella. Tämä tutkielma pyrkii vastaamaan tähän tarpeeseen. Päämääränä on selvittää, miten satelliittinavigointijärjestelmiä hyödynnetään sähköverkoissa, kuinka erilaisia hyökkäyksiä voidaan toteuttaa satelliittisignaaleja häiritsemällä ja satelliittisignaalivastaanottimia harhauttamalla ja kuinka näiden muodostamia uhkia voidaan lieventää. Valtaosa tästä tutkimuksesta on toteutettu kirjallisuuskatselmoinnin pohjalta. Työ kattaa satelliittinavigointijärjestelmien perusteet ja esittelee erilaisia tapoja, kuinka satelliittisignaaleja hyödynnetään sähköverkoissa erityisesti aikasynkronoinnin näkökulmasta. Työssä hyödynnettiin perinteisesti ohjelmistokehityksessä käytettyjä uhkamallinnusmenetelmiä mahdollisten uhkien ja seurausten analysointiin. Lopputuloksena esitellään riskiarviot uhkamallinnuksen pohjalta tunnistetuista uhkista, sekä esitellään erilaisia menettelytapoja uhkien lieventämiseksi

GNSS Integrity Monitoring assisted by Signal Processing techniques in Harsh Environments

The Global Navigation Satellite Systems (GNSS) applications are growing and more pervasive in the modern society. The presence of multi-constellation GNSS receivers able to use signals coming from different systems like the american Global Positioning System (GPS), the european Galileo, the Chinese Beidou and the russian GLONASS, permits to have more accuracy in position solution. All the receivers provide always more reliable solution but it is important to monitor the possible presence of problems in the position computation. These problems could be caused by the presence of impairments given by unintentional sources like multipath generated by the environment or intentional sources like spoofing attacks. In this thesis we focus on design algorithms at signal processing level used to assist Integrity operations in terms of Fault Detection and Exclusion (FDE). These are standalone algorithms all implemented in a software receiver without using external information. The first step was the creation of a detector for correlation distortion due to the multipath with his limitations. Once the detection is performed a quality index for the signal is computed and a decision about the exclusion of a specific Satellite Vehicle (SV) is taken. The exclusion could be not feasible so an alternative approach could be the inflation of the variance of the error models used in the position computation. The quality signal can be even used for spoofinng applications and a novel mitigation technique is developed and presented. In addition, the mitigation of the multipath can be reached at pseudoranges level by using new method to compute the position solution. The main contributions of this thesis are: the development of a multipath, or more in general, impairments detector at signal processing level; the creation of an index to measure the quality of a signal based on the detector’s output; the description of a novel signal processing method for detection and mitigation of spoofing effects, based on the use of linear regression algorithms; An alternative method to compute the Position Velocity and Time (PVT) solution by using different well known algorithms in order to mitigate the effects of the multipath on the position domain

Security Evaluation of GNSS Signal Quality Monitoring Techniques against Optimal Spoofing Attacks

GNSSs have a significant impact on everyday life and, therefore, the are increasingly becoming an attractive target for illicit exploitation. As such, anti-spoofing algorithms have become an relevant research topic within the GNSS discipline. This Thesis provides a review of recent research in the field of GNSS spoofing/anti-spoofing, designs a method to generate an energy optimal spoofing signal and evaluates the performance of the anti-spoofing signal quality monitoring techniques against it

Analysis of Satellite Timing and Navigation Receiver Pseudorange Biases due to Spreading Code Puncturing and Phase Optimized Constant Envelope Transmission

There is a desire for future GPS satellites to be software-defined to enable greater operational flexibility and adapt to a variety of current and future threats. This includes implementing new modulation techniques such as phase optimized constant envelope transmission (POCET) and asymmetric signal authentication methods such as chips message robust authentication (Chimera). Any new GPS signal transmitted must be backwards compatible with the millions of receivers already in use. This thesis shows a variety of tests performed to demonstrate the effects of Chimera and POCET-enabled signals. It is shown through actual radio frequency signal generation, testing the response of current-generation high accuracy commercial off-the-shelf GPS receivers to these signals, that both Chimera and POCET, as implemented in a GPS signal constellation, are backwards compatible

GNSS Signal spoofing detection

This thesis elaborates on the implementation of spoofing detection techniques for GPS L1 C/A signals, topic which is up to the minute in the GNSS community. The interest of this topic has its origin on the fact that, currently, there is a large number of applications relying on GNSS communications. Moreover, the public character of the communication details and specifications have exposed the communications to spoofing agents, which, with a relatively cheap equipment, are capable of controlling the tracking loops of a victim receiver and, as a result, manipulate the its timing or navigation solution. In front of this issue, this project aims to contribute on the spoofing detection community by implementing, in the recognized Borre¿s GNSS receiver software, and testing some techniques. To do so, the project is organized in three sections; the preliminary study of the state of the art and the software that will be considered as the starting point, the spoofing signal analysis and the implementation of the selected spoofing detection techniques, and the result¿s evaluation