Previous Abstract Return to Session D1b Next Abstract

Session D1b: NAVWAR: Situational Awareness

Spoofing Detection in NovAtel’s OEM7 Receivers
Sandy Kennedy, Ali Broumandan, Thomas Taylor, Michael Ritter, NovAtel, Inc.
Location: Ballroom B
Date/Time: Tuesday, Aug. 24, 2:10 p.m.

The objective of this work is to demonstrate the efficacy of the spoofing detection built into NovAtel’s OEM7 receivers. Spoofing has been a well-known threat in military applications since GPS was invented, but in only in recent years have attacks on commercial activities materialized. It will be shown that a GNSS receiver designed for precision applications can be extremely aware of anomalies in the RF environment it is operating in. For appropriate and effective mitigation actions to be taken, either by the user or within the receiver’s own operations, the spoofing detection functionality must be reliable and correct. The tolerance for false detection of spoofing is extremely low, since an “accusation” of spoofing is a serious one, suggesting a malicious actor is nearby and possibly leading the receiver to ignore genuine, and useful, signals. Factors like receiver dynamics and high multipath levels cannot be allowed to trigger a false indication, and on the other hand, a sophisticated spoofer cannot be allowed to slip by.
Realistic spoofing scenarios and their features are characterized. This characterization is based on spoofing/authentic relative signal power, the synchronicity of spoofing signals to those of authentic ones and the availability of both spoofing and authentic signals. Then, various detectors addressing different spoofing scenarios are defined using metrics at different layers of the GNSS receiver, at different points in the signal processing chain.
An on-board, real-time spoofing detection unit is implemented in the firmware of NovAtel’s OEM7 generation of receivers and subjected to a series of spoofing attacks to demonstrate the spoofing detection performance. These tests demonstrate spoofing attacks of different types implemented with relatively expensive, purpose built HW like a GNSS hardware simulator, and with relatively inexpensive equipment like a SW defined radio or delay modules. Test conditions include stationary and kinematic trajectories, with high and low multipath conditions. Differences between single frequency (GPS L1 C/A) and multi-frequency, multi-constellations receiver configurations are also shown.
The significance of this work is showing that realistic spoofing attacks can be reliably detected, even on open signals tracked by a single antenna input receiver, in typical operating conditions. Additionally, the benefit of a multi-frequency multi-constellation receiver over a single frequency receiver is shown.



Previous Abstract Return to Session D1b Next Abstract