Previous Abstract Return to Session E3 Next Abstract

Session E3: All-source Intelligent PNT Method

Network-assistance to Improve Joint 5G and GNSS Positioning for GNSS Anti-spoofing
Katrin Dietmayer, Phuong Bich Duong, Johannes Rossouw van der Merwe, Birendra Ghimire, and Jochen Seitz, Fraunhofer Institute for Integrated Circuits IIS
Date/Time: Thursday, Sep. 22, 11:26 a.m.

Spoofing is a false transmission of global navigation satellite system (GNSS) signals, and it aims to mislead a GNSS receiver. It is a significant limitation to advanced positioning approaches. A conventional approach is to use sensor fusion with other positioning methods to detect a spoofing attack and exclude the GNSS measurements. However, the detection is not guaranteed, nor is it instant in a sophisticated spoofing attack. For example, in a coupled GNSS (absolute positioning) and inertial navigation system (INS) (relative positioning) system, the spoofer may pull the position away slowly within the drift tolerances of the INS, avoiding detection, as what is demonstrated in the famous ``Spoofing in the High Seas'' by the University of Texas Austin Radionavigation Laboratory. Another example, the sensor fusion between GNSS and a terrestrial system, the position or time difference between the navigation system results in an initial degradation of the tracking filter, and only after the measurements are significantly degraded the spoofing detection is successful. During this time, the fused position solution is severely degraded and delivers inferior results. Without any spoofing detection methods, e.g, for low size, weight, power, and cost (SWAP-C) internet of things (IOT) nodes, the GNSS receiver is helpless against an attack. Further, spoofing detection requires additional receiver complexity, which not all receivers have readily available. If the position algorithm already knows that the GNSS signals are spoofed, it can quickly switches to considering only trustworthy measurements. Conversely, it could switch back to a fused result when the GNSS signals are reliable again. With externally provided spoofing information, a trade off between performance and security can be made in favor of higher robustness. This paper evaluates the impact of GNSS spoofing on a sensor that provides 5G and GNSS fused positioning, as well as the benefits of network-assisted spoofing reporting to the same sensor.
The Third-Generation Partnership Program (3GPP) is responsible for several mobile communication systems, including 5G. Release 9 (Rel. 9) supports assistance data delivery to mobile devices to shorten the acquisition time and enable assisted-GNSS (A-GNSS). However, since then, GNSS support is improved with subsequent releases. In Release 16 (Rel. 16), 3GPP introduced signal corrections for high accuracy positioning methods, including real-time kinematic (RTK) and state-space representation (SSR). Starting with Rel. 17, the mobile communication network also supports the integrity of the positioning solutions, which indicates trust in the positioning solution given by the positioning system. It includes the reporting of interference signals and possibly spoofing signals. The network infrastructure (i.e., the base stations) together with crowd-sourcing of the user equipment (UE) allows for a particularly dense monitoring system that can quickly and dynamically detect the presence of interference or spoofers. Leveraging this information, any receiver in the vicinity of a spoofed attack may contribute to spectrum monitoring and benefit from it. This paper presents a use case where early spoofing reporting from the network can assist the fusion algorithms adapt and obtain superior performance promptly.
Sensor fusion of different navigation methods enhances the accuracy and robustness of a system by leveraging the strengths of various sensors. Therefore, it is a favored method to improve an integrated system. However, it also results in several challenges that need to be overcome. One of these occurs when measurements are erroneous or biased but correct. It results in the incorrect weighting of the measurements and potentially deteriorate the fusion process. This is expected by a spoofing attack, as the received signals are similar to the authentic ones but result in a significant position bias. The problem is particularly challenging with sophisticated spoofing attacks. The fusion algorithm tries to merge two positions that do not fit, resulting in increased uncertainty and degradation of the system. Using a multiple position algorithm (i.e., separated and joint positions) may indicate one system is biased (spoofed) and facilitate detection and exclusion, but this takes additional time. Further, advanced receiver autonomous integrity monitoring (ARAIM) can determine that several GNSS measurements are spoofed and exclude these before sensor fusion. However, the capability of the spoofer limits this compared to the GNSS receiver, i.e., how many GNSSs, signals, and frequency bands are spoofed and received.
A joint 5G and GNSS positioning is used to evaluate first the impact of spoofing on 5G/GNSS sensor fusion and second the benefit of network-assisted spoofing reporting. An outdoor test campaign obtains unspoofed real-world data from both GNSS and 5G positioning. Next, the GNSS scenario is replicated using a Spirent radio frequency constellation generator (RFCS) to emulate a spoofing attack, as unauthorized outdoor spoofing attacks are illegal and to allow controlled laboratory tests. A synchronized spoofing attack that slowly diverges the ground truth data is emulated and recorded with the same commercial of the shelf (COTS) GNSS receiver. After recording, the 5G and GNSS measurements are fused in post processing with a Kalman Filter to obtain the position, velocity and time (PVT) solution. First, we show performance with and without sensor fusion of 5G and GNSS data as a baseline. Second, the fusion results with the spoofed signals are compared to the baseline to demonstrate the influence on the positioning. Third, network-assisted spoofing reporting is emulated, which allows the sensor fusion algorithm to adapt to the spoofing situation by excluding the GNSS measurements.
During a preliminary test campaign, we recorded 5G and GNSS data (GPS L1 C/A and Galileo E1BC) on an indoor-outdoor transition track at the Fraunhofer test center in Nuremberg. The GNSS data is affected by the environment, e.g. the building, cars, and other obstacles that block the signals, causes multipath effects, and other degradations. In particular, the indoor area strongly influences the GNSS measurements and generates a large error. In post processing, we used a Kalman Filter to obtain the PVT solution. By comparing the GNSS standalone solution with the ground truth, in 90% of cases the horizontal position error was found to be less than 13.5m. Since non-line-of-sight (NLOS) signals are frequently encountered in 5G and GNSS data, a Machine Learning (ML) approach was used to filter them out. The fused 5G and GNSS solution with only line-of-sight (LOS) signals achieves significantly enhancement with a horizontal position error of less than 4.5m in 90% over the track. These tests demonstrate that the 5G and GNSS signal fusing approach improves the positioning accuracy with additional signal quality information. This motivated us to investigate the performance of 5G and GNSS positioning with GNSS spoofing and the benefits of network-assisted spoofing reporting.



Previous Abstract Return to Session E3 Next Abstract