Detection, countermeasures and demonstration of dangerous spoofing attacks
Attacks on global navigation satellite system (GNSS) receivers using interference signals can have serious consequences because many devices, including navigation systems in cars, watches and mobile phones, rely on the time and positioning data provided by the integrated GNSS receiver.
The researchers on the Detection, Countermeasures and Demonstration of GNSS Spoofing (DECODE) project are developing algorithms and electronics able to detect signals from spoofers which initially appear to be normal GNSS signals. Advances in the detection of such interference signals will therefore be important in ensuring the reliability of GNSS-based systems.
When is it spoofing?
Nowadays data from GNSS signals are used in various applications, for example in synchronising time in bank transfers and mobile telephone networks, as well as in navigating autonomous vehicles. Interference attacks on GNSS signals have potentially serious consequences as the technologies relying on these signals are becoming increasingly important to our society. Spoofing attacks are particularly dangerous, imitating real GNSS signals in order to deliberately manipulate the position and timing information calculated by the GNSS receiver.
GPS or Galileo: signals must be received from a minimum of four satellites in order to completely determine the position. In contrast, a spoofing signal from a terrestrial transmitter imitates the constellation of the satellites and their changes over time in order to deceive a GNSS receiver’s positioning and timing information. The result is that almost all receivers within range of an interference transmitter are manipulated and irritated, with the aim of making the systems they serve susceptible to subsequent attacks and manipulation.
DECODE, simulation and detection of spoofing attacks
The DECODE project is a cooperative venture between TeleConsult Austria GmbH (TCA) and the Institute of Electronic Engineering at FH JOANNEUM. Its aim is to develop algorithms and electronics for detecting and mitigating the damage caused by spoofing attacks. GNSS attacks must first be simulated and reproduced in various spoofing scenarios in order to be able to detect such attacks and to analyse their impact on GNSS-based devices and applications. The first tests of this type are undertaken in an isolated environment – in a shielded anechoic chamber – to prevent interference with any GNSS-based systems nearby. The tests use a terrestrial COTS-GNSS transmitter developed by FH JOANNEUM and TCA (COTS is the abbreviation for commercial off-the-shelf.)
The COTS transmitter is intended to demonstrate that it is possible to carry out spoofing attacks using off-the-shelf hardware and software. Although this requires expert knowledge, it is alarming to consider how easily a GNSS interference transmitter can be built.
Generating a spoofing attack with constant position
The first tests involved manipulating the detected position of a GNSS receiver and simulating a corresponding satellite constellation. A uBlox EVK-6T type receiver was positioned in the shielded anechoic chamber at FH JOANNEUM and the generated spoofing signal was emitted in the chamber and successfully detected by the GNSS receiver.
Spoofing attacks with changing position
The tests went on to imitate a moving position, emitting a generated signal within the shielded chamber. The simulated linear change in position was precisely tracked and measured by the receiver. That means the COTS transmitter can be used to imitate complex spoofing scenarios with constantly changing position and time information. The reproducible performance of these and similar spoofing attacks is the essential basis for subsequently developing algorithms to detect these attacks.
Detecting spoofers is the first step required in order to eliminate the negative impacts of these transmitters, and ultimately to significantly increase the reliability of GNSS applications. In a first step, state-of-the-art algorithms for spoofer detection will be examined and the most promising algorithms will be further evolved in order to investigate, implement and test new methods of detection. This should enable devices to continue normal operations even when the GNSS signals are subjected to targeted interference attacks.
Future tests should demonstrate the extent of spoofing attacks, also outside the anechoic chamber, and provide information about the possible presence of a spoofing transmitter.
At the end of the project the developed algorithms will be evaluated, representing the first step from pure detection to mitigation of the interference attacks. A further project result will be a design for a future device for reliable detection of GNSS spoofers.