The GPS Assimilator: a Method for Upgrading Existing GPS User Equipment to Improve Accuracy, Robustness, and Resistance to Spoofing

Preprint of the 2010 ION GNSS Conference Portland, OR, September 21–24, 2010A conceptual method is presented for upgrading existing GPS user equipment, without requiring hardware or software modifications to the equipment, to improve the equipment’s position, velocity, and time (PVT) accuracy, to increase its PVT robustness in weak-signal or jammed environments, and to protect the equipment from counterfeit GPS signals (GPS spoofing). The method is embodied in a device called the GPS Assimilator that couples to the radio frequency (RF) input of an existing GPS receiver. The Assimilator extracts navigation and timing information from RF signals in its environment—including non-GNSS signals—and from direct baseband aiding provided, for example, by an inertial navigation system, a frequency reference, or the GPS user. The Assimilator optimally fuses the collective navigation and timing information to produce a PVT solution which, by virtue of the diverse navigation and timing sources on which it is based, is highly accurate and inherently robust to GPS signal obstruction and jamming. The Assimilator embeds the PVT solution in a synthesized set of GPS signals and injects these into the RF input of a target GPS receiver for which an accurate and robust PVT solution is desired. A prototype software-defined Assimilator device is presented with three example applications.Aerospace Engineerin

Development and Demonstration of a TDOA-Based GNSS Interference Signal Localization System

Background theory, a reference design, and demonstration results are given for a Global Navigation Satellite System (GNSS) interference localization system comprising a distributed radio-frequency sensor network that simultaneously locates multiple interference sources by measuring their signals’ time difference of arrival (TDOA) between pairs of nodes in the network. The end-to-end solution offered here draws from previous work in single-emitter group delay estimation, very long baseline interferometry, subspace-based estimation, radar, and passive geolocation. Synchronization and automatic localization of sensor nodes is achieved through a tightly-coupled receiver architecture that enables phase-coherent and synchronous sampling of the interference signals and so-called reference signals which carry timing and positioning information. Signal and crosscorrelation models are developed and implemented in a simulator. Multiple-emitter subspace-based TDOA estimation techniques are developed as well as emitter identification and localization algorithms. Simulator performance is compared to the CramérRao lower bound for single-emitter TDOA precision. Results are given for a test exercise in which the system accurately locates emitters broadcasting in the amateur radio band in Austin, TX.Aerospace Engineering and Engineering Mechanic

Analysis of Ionospheric Scintillations using Wideband GPS L1 C/A Signal Data

A non-real-time GPS receiver has been developed and tested for use in scintillation analysis. The receiver consists of a digital storage receiver and non-real-time software acquisition and tracking algorithms. The goal of this work is to shed light on the behavior of strongly scintillating signals: signals which cause conventional GPS receivers to lose carrier lock. The receiver collects wideband GPS L1 digital data sampled at 5.7 MHz using an RF front-end and stores it on disk for post-processing. It processes the data off-line to determine carrier signal amplitude and phase variations during scintillations. The main processing algorithms are traditional code delay and carrier frequency acquisition algorithms and special signal processing algorithms that effectively function as a delay-locked loop and phase-locked loop. The tracking algorithms use non-causal smoothing techniques in order to optimally reconstruct the phase and amplitude variations of a scintillating signal. These techniques are robust against the deep power fades and strong phase fluctuations characteristic of scintillating signals. To test the receiver, scintillation data were collected in Cauchoeira Paulista, Brazil, from December 4 to 6, 2003. The data set spans several hours and includes times when one or more satellite signals are scintillating. The smoothing algorithm has been used to determine the carrier amplitude and phase time histories of the scintillating signals along with the distortion of the pseudorandom noise (PRN) code’s autocorrelation function. These quantities provide a characterization of scintillation that can be used to study the physics of scintillations or to provide off-line test cases to evaluate a tracking algorithm’s ability to maintain signal lock during scintillations.Aerospace Engineering and Engineering Mechanic

Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer

A portable civilian GPS spoofer is implemented on a digital signal processor and used to characterize spoofing effects and develop defenses against civilian spoofing. This work is intended to equip GNSS users and receiver manufacturers with authentication methods that are effective against unsophisticated spoofing attacks. The work also serves to refine the civilian spoofing threat assessment by demonstrating the challenges involved in mounting a spoofing attack.Aerospace Engineering and Engineering Mechanic

Real-time software receiver

A real-time software receiver that executes on a general purpose processor. The software receiver includes data acquisition and correlator modules that perform, in place of hardware correlation, baseband mixing and PRN code correlation using bit-wise parallelism

GPS Software Attacks

Since its creation, the Global Positioning System (GPS) has grown from a limited purpose positioning system to a ubiquitous trusted source for positioning, navigation, and timing data. To date, researchers have essentially taken a signal processing approach to GPS security and shown that GPS is vulnerable to jamming and spoofing. In this work, we systematically map out a larger attack surface by viewing GPS as a computer system. Our surface includes higher level GPS protocol messages than previous work, as well as the GPS OS and downstream dependent systems. We develop a new hardware platform for GPS attacks, and develop novel attacks against GPS infrastructure. Our experiments on consumer and professionalgrade receivers show that GPS and GPS-dependent systems are significantly more vulnerable than previously thought. For example, we show that remote attacks via malicious GPS broadcasts are capable of bringing down up to 30 % and 20 % of the global CORS navigation and NTRIP networks, respectively, using hardware that costs about the same as a laptop. In order to improve security, we propose systems-level defenses and principles that can be deployed to secure critical GPS and dependent systems

GNSS Receiver Implementation on a DSP: Status, Challenges, and Prospects

A real-time GPS L1 C/A-code software receiver has been implemented on a Digital Signal Processor (DSP). The receiver exploits FFT-based techniques to perform autonomous acquisition down to a threshold of C/N0 = 33 dB-Hz. Efficient correlation algorithms and robust tracking loops enable the receiver to track an equivalent of 43 L1 C/A-code channels in real time with a tracking threshold of 25 dB-Hz. This accomplishment represents a milestone in an ongoing effort to develop a low-cost, flexible, and capable GNSS receiver for use as a scientific instrument and for GNSS receiver technology development. This paper reports on the current design and capability of the DSPbased receiver, provides an overview of the challenges that are particular to embedded GNSS software receiver design, and discusses the prospects of DSP-based GNSS software receivers in relation to the multiple frequencies and higher bandwidths offered by modernized GNSS.Aerospace Engineering and Engineering Mechanic