Use of supervised machine learning for GNSS signal spoofing detection with validation on real-world meaconing and spoofing data : part I

The vulnerability of the Global Navigation Satellite System (GNSS) open service signals to spoofing and meaconing poses a risk to the users of safety-of-life applications. This risk consists of using manipulated GNSS data for generating a position-velocity-timing solution without the user's system being aware, resulting in presented hazardous misleading information and signal integrity deterioration without an alarm being triggered. Among the number of proposed spoofing detection and mitigation techniques applied at different stages of the signal processing, we present a method for the cross-correlation monitoring of multiple and statistically significant GNSS observables and measurements that serve as an input for the supervised machine learning detection of potentially spoofed or meaconed GNSS signals. The results of two experiments are presented, in which laboratory-generated spoofing signals are used for training and verification within itself, while two different real-world spoofing and meaconing datasets were used for the validation of the supervised machine learning algorithms for the detection of the GNSS spoofing and meaconing

Signal processing techniques for GNSS anti-spoofing algorithms

The Global Navigation Satellite Systems (GNSS) usage is growing at a very high rate, and more applications are relying on GNSS for correct functioning. With the introduction of new GNSSs, like the European Galileo and the Chinese Beidou, in addition to the existing ones, the United States Global Positioning System (GPS) and the Russian GLONASS, the applications, accuracy of the position and usage of the signals are increasing by the day. Given that GNSS signals are received with very low power, they are prone to interference events that may reduce the usage or decrease the accuracy. From these interference, the spoofing attack is the one that has drawn major concerns in the GNSS community. A spoofing attack consist on the transmission of GNSS-like signals, with the goal of taking control of the receiver and make it compute an erroneous position and time solution. In the thesis, we focus on the design and validation of different signal processing techniques, that aim at detection and mitigation of the spoofing attack effects. These are standalone techniques, working at the receiver’s level and providing discrimination of spoofing events without the need of external hardware or communication links. Four different techniques are explored, each of them with its unique sets of advantages and disadvantages, and a unique approach to spoofing detection. For these techniques, a spoofing detection algorithm is designed and implemented, and its capabilities are validated by means of a set of datasets containing spoofing signals. The thesis focuses on two different aspects of the techniques, divided as per detection and mitigation capabilities. Both detection techniques are complementary, their joint use is explored and experimental results are shown that demonstrate the advantages. In addition, each mitigation technique is analyzed separately as they require specialized receiver architecture in order to achieve spoofing detection and mitigation. These techniques are able to decrease the effects of the spoofing attacks, to the point of removing the spoofing signal from the receiver and compute navigation solutions that are not controlled by the spoofer and lead in more accurate end results. The main contributions of this thesis are: the description of a multidimensional ratio metric test for distinction between spoofing and multipath effects; the introduction of a cross-check between automatic gain control measurements and the carrier to noise density ratio, for distinction between spoofing attacks and other interference events; the description of a novel signal processing method for detection and mitigation of spoofing effects, based on the use of linear regression algorithms; and the description of a spoofing detection algorithm based on a feedback tracking architecture

A Testbed for Developing and Evaluating GNSS Signal Authentication Techniques

An experimental testbed has been created for developing and evaluating Global Navigation Satellite System (GNSS) signal authentication techniques. The testbed advances the state of the art in GNSS signal authentication by subjecting candidate techniques to the strongest publicly-acknowledged GNSS spoofing attacks. The testbed consists of a real-time phase-coherent GNSS signal simulator that acts as spoofer, a real-time softwaredefined GNSS receiver that plays the role of defender, and post-processing versions of both the spoofer and defender. Two recently-proposed authentication techniques are analytically and experimentally evaluated: (1) a defense based on anomalous received power in a GNSS band, and (2) a cryptographic defense against estimation-and-replay-type spoofing attacks. The evaluation reveals weaknesses in both techniques; nonetheless, both significantly complicate a successful GNSS spoofing attackAerospace Engineering and Engineering Mechanic

GNSS Signal Authentication via Power and Distortion Monitoring

We propose a simple low-cost technique that enables civil Global Positioning System (GPS) receivers and other civil global navigation satellite system (GNSS) receivers to reliably detect carry-off spoofing and jamming. The technique, which we call the Power-Distortion detector, classifies received signals as interference-free, multipath-afflicted, spoofed, or jammed according to observations of received power and correlatio n function distortion. It does not depend on external hardware or a network connection and can be readily implemented on many receivers via a firmware update. Crucially, the detector can with high probability distinguish low-power spoofing from ordinary multipath. In testing against over 25 high-quality empirical data sets yielding over 900,000 separate detection tests, the detector correctly alarms on all malicious spoofing or jamming attack s while maintaining a <0.5% single-channel false alarm rate.Aerospace Engineering and Engineering Mechanic

An autonomous GNSS anti-spoofing technique

open3siIn recent years, the problem of Position, Navigation and Timing (PNT) resiliency has received significant attention due to an increasing awareness on threats and the vulnerability of the current GNSS signals. Several proposed solutions make uses of cryptography to protect against spoofing. A limitation of cryptographic techniques is that they introduce a communication and processing computation overhead and may impact the performance in terms of availability and continuity for GNSS users. This paper introduces autonomous non cryptographic antispoofing mechanisms, that exploit semi-codeless receiver techniques to detect spoofing for signals with a component making use of spreading code encryption.openCaparra, Gianluca; Wullems, Christian; Ioannides, Rigas T.Caparra, Gianluca; Wullems, Christian; Ioannides, Rigas T

Location Estimation and Recovery using 5G Positioning: Thwarting GNSS Spoofing Attacks

The availability of cheap GNSS spoofers can prevent safe navigation and tracking of road users. It can lead to loss of assets, inaccurate fare estimation, enforcing the wrong speed limit, miscalculated toll tax, passengers reaching an incorrect location, etc. The techniques designed to prevent and detect spoofing by using cryptographic solutions or receivers capable of differentiating legitimate and attack signals are insufficient in detecting GNSS spoofing of road users. Recent studies, testbeds, and 3GPP standards are exploring the possibility of hybrid positioning, where GNSS data will be combined with the 5G-NR positioning to increase the security and accuracy of positioning. We design the Location Estimation and Recovery(LER) systems to estimate the correct absolute position using the combination of GNSS and 5G positioning with other road users, where a subset of road users can be malicious and collude to prevent spoofing detection. Our Location Verification Protocol extends the understanding of Message Time of Arrival Codes (MTAC) to prevent attacks against malicious provers. The novel Recovery and Meta Protocol uses road users' dynamic and unpredictable nature to detect GNSS spoofing. This protocol provides fast detection of GNSS spoofing with a very low rate of false positives and can be customized to a large family of settings. Even in a (highly unrealistic) worst-case scenario where each user is malicious with a probability of as large as 0.3, our protocol detects GNSS spoofing with high probability after communication and ranging with at most 20 road users, with a false positive rate close to 0. SUMO simulations for road traffic show that we can detect GNSS spoofing in 2.6 minutes since its start under moderate traffic conditions