Spoof Detection Using Multiple COTS Receivers in Safety Critical Applications

While the GPS is well known to be an accurate provider of position information across the globe, its low power level makes it susceptible to spoong. Given its status as the primary (perhaps only) provider of position in many safety critical applications, this susceptibility is of great concern. Several possible methods to detect a spoong event at a single GPS receiver have been proposed in the literature. We note, however, that almost all of this prior work has been on the conceptual level; there has been very little analysis of the resulting detection performance. Recognizing that redundant equipment may already exist for some users, we have proposed to detect spoong by comparing the position solutions from two or more COTS receivers mounted on the same platform (ION ITM, Jan. 2013). The concept is that the existence of a spoofer would make the statistical relationship of the observed positions dierent than it would be during normal, nonspoofed, operation. The primary advantage of such an approach is that its implementation does not require receiver hardware modication or even access to software GPS methods; a separate processor could easily monitor the positions generated by each of the receivers and decide spoof versus no spoof. Our earlier paper initiated a performance analysis of the approach; this paper continues and extends the investigation

A Multiple COTS Receiver GNSS Spoof Detector -- Extensions

Spoofing refers to the intentional (and considered malicious) interference to a GNSS user\u27s inputs so as to distort the derived position information. A variety of approaches to detect spoofing have been proposed in the literature. Much of this prior work has focused on the conceptual level with limited analysis of the resulting detection performance, and/or has proposed fundamental redesign of the receiver itself. Little eort has been directed towards using existing, commercial-off-the-shelf (COTS) stand-alone receiver technology to perform spoof detection. At ION ITM 2013 these authors proposed a simple spoof detection concept based on the use of multiple COTS receivers and analyzed the performance of several ad hoc detection algorithms from a Neyman-Pearson perspective assuming Gaussian statistics. At ION GNSS+ 2013, by restricting attention to a horizontal platform and assuming an independent measurement error model, we were able to develop the optimum Neyman-Pearson hypothesis test. That paper also included an analysis of performance, yielding closed form expressions for the false alarm and detection probabilities and an optimization of the performance over the locations of the receivers\u27 antennae. This current works extends the earlier results by considering more realistic statistical models, considers the processing of several sequential outputs from the receivers and addresses 3-D receiver antennae patterns

Client and consultant engagement in public sector IS projects

Engagement between clients and consultants has been identified as important in public sector IT projects. However, current literature is not clear what constitutes engagement, and how this is related to other concepts such as cooperation and collaboration. This study proposes a model of engagement based on a range of related extant literature. Five case studies of IT projects in the public sector in the UK are analysed in order to empirically validate and extend the proposed model. The validated model suggests that engagement can be understood as three conditions (environment, participants, expertise) and three behaviours (sharing, sense-making and adapting) that dynamically interact in self-reinforcing cycles. The model represents a starting point for academics interested in the future development of a theory of engagement and is of value to practising managers and consultants in either a diagnostic or prescriptive mode to increase the effectiveness of their joint IT endeavours

Multi-Constellation GNSS: New Bounds on DOP and a Related Satellite Selection Process

GPS receivers convert the measured pseudoranges from the visible GPS satellites into an estimate of the position and clock offset of the receiver. For various reasons receivers might only track and process a subset of the visible satellites. It would be desired, of course, to use the best subset. In general selecting the best subset is a combinatorics problem; selecting m objects from a choice of n allows for n m potential subsets. And since the GDOP performance criterion is nonlinear and non-separable, finding the best subset is a brute force procedure; hence, a number of authors have described sub-optimal algorithms for choosing satellites. This paper revisits this problem, especially in the context of multiple GNSS constellations, for the GDOP and PDOP criteria. Included are a discussion of optimum constellations (based upon parallel work of these authors on achievable lower bounds to GDOP and PDOP), musings on how the non-separableness of DOP makes it impossible to rank order the satellites, and a review/discussion of subset selection algorithms. Our long term goal is the development of better selection algorithms for multi-constellation GNSS

Rethinking Star Selection in Celestial Navigation

In celestial navigation the altitude (elevation) angles to multiple celestial bodies are measured; these measurements are then used to compute the position of the user on the surface of the Earth. Methods described in the literature include the classical “altitude-intercept” algorithm as well as direct and iterative least-squares solutions for over determined situations. While it seems rather obvious that the user should select bright stars scattered across the sky, there appears to be no established results on the level of performance that is achievable based upon the number of stars sighted nor how the “best” set of stars might be selected from those visible. This paper addresses both of these issues by examining the performance of celestial navigation noting its similarity to the performance of GNSS systems; specifically, modern results on GDOP for GNSS are adapted to this classical celestial navigation problem

APNT for GNSS Spoof Detection

Global Navigation Satellite Systems (GNSS) are well known to be accurate providers of position, navigation, and time (PNT) information across the globe. With capable receivers and well-populated satellite constellations, GNSS users typically believe that the position and time information provided by their GNSS receiver is perfectly accurate. More sophisticated users look beyond accuracy and are also concerned with the integrity of the GNSS information. Advances in electronics technology have enabled the creation of malicious RF interference of GNSS signals. Inexpensive jamming devices overpower or distort the GNSS receivers input so as to completely deny the GNSS user of PNT information. A second threat to GNSS integrity is spoofing, the creation of counterfeit GNSS signals. This type of attack is considered more dangerous than a jamming attack since an erroneous PNT solution is often worse than no solution at all. The detection of spoofing is the subject of this paper. A variety of approaches have been proposed in the literature to recognize spoofing; many of these are based on the RF signal alone, including multi-antenna and multi-receiver methods. Another class of spoof detection algorithm is to compare the GNSS result to data from another, non-GNSS (hence, non-spoofed) sensor. In this paper we imagine that the trusted signal is the output of an Alternative PNT (APNT) receiver. APNT refers to stand alone, non-GNSS systems that are intended to provide PNT information during periods in which GNSS is unavailable The wide recognition of the vulnerabilities of the GPS in the Volpe report spurred the search for APNT systems; examples include the development of eLoran in the U.S. and Europe, general work on signals of opportunity ranging, DME-DME positioning, and, quite recently, R-Mode in Europe (we note that none of these systems is currently operational). The intent is that an integrated receiver, either loosely or tightly coupled, would merge the two systems’ observables to yield the best PNT information possible; in practice, since the APNTs’ solutions are typically of lower accuracy than the GNSS solutions, the combined result is nearly equal to the GNSS-alone solution. The goal of this paper is to show that these APNT solutions should be used at ALL times; as a substitute for GNSS PNT when GNSS is unavailable and as an integrity check (e.g. spoof detector) when GNSS is available. At a cursory level spoof detection using APNT appears simple; just compare the two position outputs to see if they are close. This paper looks deeper, considering the questions: How can we use the time estimates to detect position spoofing? How close is close enough in this context? What is the probability of error in the decision? How do the geometries of both systems impact the test itself and its resulting performance? What happens if the receivers are providing different information

GNSS Spoof Detection Using Passive Ranging

Advances in electronics technology have enabled the creation of malicious RF interference of GNSS signals. For example jamming completely denies the GNSS user of position, navigation, and time (PNT) information. While a serious concern when we expect PNT at all times, current generation GNSS receivers often warn the user when PNT is unavailable. A second threat to GNSS integrity is spoofing, the creation of counterfeit GNSS signals with the potential to confuse the receiver into providing incorrect PNT information. This type of attack is considered more dangerous than a jamming attack since erroneous PNT is often worse than no solution at all. A variety of approaches have been proposed in the literature to recognize spoofing and can vary widely based upon the assumed capabilities and a priori knowledge of the spoofer. One method is to compare the GNSS result to data from a non-GNSS sensor. At the January 2016 ION ITM these authors developed and analyzed a spoof detection algorithm based upon measurements from an active ranging system (distances, but no heading). This paper expands the class of signals viable for this spoofing detection approach to passive ranging; equivalently, to range measurements which depend upon knowledge of precise time (effectively pseudoranges)

Lower Bounds on DOP

Code phase Global Navigation Satellite System (GNSS) positioning performance is often described by the Geometric or Position Dilution of Precision (GDOP or PDOP), functions of the number of satellites employed in the solution and their geometry. This paper develops lower bounds to both metrics solely as functions of the number of satellites, effectively removing the added complexity caused by their locations in the sky, to allow users to assess how well their receivers are performing with respect to the best possible performance. Such bounds will be useful as receivers sub-select from the plethora of satellites available with multiple GNSS constellations. The bounds are initially developed for one constellation assuming that the satellites are at or above the horizon. Satellite constellations that essentially achieve the bounds are discussed, again with value toward the problem of satellite selection. The bounds are then extended to a non-zero mask angle and to multiple constellations

Using Range Information to Detect Spoofing in Platoons of Vehicles

GNSS are well known to be accurate providers of position information across the globe. Because of high signal availabilities, capable/robust receivers, and well-populated satellite constellations, operators typically believe that the location information provided by their GNSS receiver is correct. More sophisticated users are concerned with the integrity of the derived location information. Attacks on GNSS availability and integrity are known as jamming and spoofing. Jamming involves the transmission of signals that interfere with GNSS reception so that the receiver is unable to provide a position or time solution; various methods to detect jamming, and possibly overcome it, have been considered in the literature. Spoofing is the transmission of counterfeit GNSS signals so as to mislead a GNSS receiver into reporting an inaccurate position or time. If undetected, spoofing might be much more dangerous than a jamming attack. A variety of approaches have been proposed in the literature to recognize spoofing. Of interest here are methods which compare GNSS information to measurements available from other, non-GNSS sensors. Recent ION conferences have included several examinations of combining GNSS and non-GNSS data toward spoof detection. This paper considers the use of range-only information to detect GNSS spoofing of a platoon of vehicles equipped with inter-vehicle communications: a statistical model of the problem is developed in which the spoofer is assumed to have limited geographical impact (i.e. only spoofs a subset, nominally one, of the vehicles in the platoon); under a Neyman-Pearson formulation the (generalized) likelihood ratio test to fuse the GNSS and range measurements is presented; examples are included to demonstrate the resulting performance

The Use of Bearing Measurements for Detecting GNSS Spoofing

GNSS are well known to be accurate providers of position information across the globe. Because of high signal availabilities, robust receivers, and well-populated constellations, operators typically believe that the location information provided by their GNSS receiver is correct. More sophisticated users are concerned with the integrity of the derived location information; for example, employ RAIM algorithms to address possible satellite failure modes. The most common attacks on GNSS availability and integrity are known as jamming and spoofing. Jamming involves the transmission of signals that interfere with GNSS reception so that the receiver is unable to provide a position or time solution. Various methods to detect jamming, and possibly overcome it, have been considered in the literature. Spoofing is the transmission of counterfeit GNSS signals so as to mislead a GNSS receiver into reporting an inaccurate position or time. If undetected, spoofing might be much more dangerous than a jamming attack. A typical maritime concern is a spoofer convincing a tanker traveling up a channel to a harbor that it is off track of the channel. A variety of approaches have been proposed in the literature to recognize spoofing; many of these are based on the RF signal alone as, in some sense, they are the simplest to implement. Of interest here are methods which compare GNSS information to measurements available from other, non-GNSS sensors. Examined examples include IMUs, radars, and ranges/pseudoranges from non-GNSS signals. In all cases the data from these others sensors is compared to the position information from the GNSS receiver to assess its integrity. Triangulation of position from bearing measurements is a well-known localization technique, especially for the mariner. This paper considers the use of bearing information to detect GNSS spoofing in a 2-D environment. A typical marine application is a ship entering a harbor and using an alidade to sight landmarks; for mobile, autonomous vehicles the sensor might be a camera taking a bearing to a nearby vehicle or to a signpost. This paper presents a mathematical formulation of the problem and the sensor data, develops a statistical model of the measurements relative to the GNSS position output, constructs a generalized likelihood ratio test detection algorithm based on the Neyman-Pearson performance criterion (maximizing probability of detection while bounding the probability of false alarm), and examines performance of the test, both through analysis and experimentation. A comparison to using both range and bearing is included to show the utility and limitations of bearing data to spoof detection