Previous Abstract Return to Session A5 Next Abstract

Session A5: Integrity and Assurance

Detection and Localization of an Adversarial GPS Interference Source Based on Clock Signatures
Joseph Smith, Joshua Wood, and Scott Martin, Auburn University; Connor Brashar, Sandia Nation Laboratories
Location: Ballroom E
Date/Time: Wednesday, Aug. 25, 4:45 p.m.

The Global Positioning System (GPS) has long been used for providing an affordable and accurate position solution in applications ranging from autonomous vehicles to fleet tracking. The design of GPS satellites and the use of highly stable atomic clocks resulted in GPS Time (GPST) becoming a standard reference for various communication systems. As GPS and other Global Navigation Satellite Systems (GNSS) become more commonplace, methods of denying accurate use have evolved as well. Jamming and spoofing can disrupt operation of GPS by obscuring satellite signals and replacing them with inauthentic signals. One recent incident of large scale spoofing is the Black Sea incident described in [1]. Various research groups have worked on methods to detect and mitigate the effects of jamming and spoofing on GPS receivers using methods such as signal quality monitoring (SQM) or multisensory integration techniques [2]. Once a spoofing attack has been detected it can be further mitigated if the source of the inauthentic signal is localized.
This paper focuses on the development and testing of spoofing detection and localization techniques that rely only on clock deviations to identify threat signals. The quality of the receiver clock has a significant impact on the performance of the receiver tracking loops. Low quality clocks have frequency instabilities that inherently limit the sensitivity of the receiver to slow growing errors. Some stable clocks provide better frequency stabilities but have a higher white phase noise that can induce false detections. Because of these trends, various detection methods are tested with four types of receiver and transmitter clocks of varying quality. Detection methods that rely on receiver location or expected geometry to identify spoofing are not considered here.
The two most effective detection methods evaluated are innovation filtering and multiple receiver measurement variance. Both methods implement Kalman filters to calculate residuals for both clock bias and clock drift. Multiple Kalman filter implementation were developed to estimate clock drift with either Doppler or time differenced carrier phase measurements. The innovation filtering method uses measurement from a single receiver and declares a fault when a residual of the Kalman filter is outside of a threshold value derived from the residual covariance. In another implementation, detection of the transmitter is performed using an ensemble of receiver clocks by calculating residual variance for multiple networked receivers. The sampled residual variance is calculated and compared against the residual covariance predicted by the Kalman filter to determine if there is a fault.
The quality of a detection method is based on the percentage of detections and the percentage of false alerts. Results from innovation filtering with difference carrier measurements resulted in similar detection percentages but higher false alert percentages when evaluating the clocks that are more stable but have a higher white phase noise. The Doppler tests for innovation filtering had similar detection rates when detecting lower quality transmitter clocks with minimal false alerts, but it proved to be ineffective at detecting clocks that are equal or more stable than the receiver clock. Multiple receiver detection had the highest detection percentages of all detection methods tested while keeping a minimal false detection percentages. The effect of the higher white phase noise on the difference carrier phase method causing more false alerts is still present when using multiple receivers but the false alert percentage is lower.
The transmitter clock bias and clock drift are estimated using a dead reckoning algorithm that stores the calculated receiver clock bias and drift from the previous update and dead reckons these values once a fault is detected. After detection, a captured state vector is calculated for all receivers in the network using the navigation measurement updates including the dead reckoned values. The estimated clock bias is then saved as a pseudorange consisting of the range between receiver and transmitter and the transmitter clock bias. The localizer algorithm uses the ensemble of receivers and the estimated pseudoranges to create a least squares position solution that calculates the 3-D position and the transmitter clock bias.
The clock based anti-spoofing algorithm was tested with four receiver and transmitter clocks of varying quality to assess the relation of clock quality and localization accuracy. Algorithm verification was first done in simulation to calculate estimated ranges. The results from the range estimation testing were used with different simulated receiver geometries to test the localization portion of the algorithm. The accuracy of the range estimation and localizer are both assessed by the accuracy of the transmitter position estimation.
[1] https://www.gpsworld.com/spoofing-in-the-black-sea-what-really-happened/
[2] M. L. Psiaki and T. E. Humphreys, “GNSS Spoofing and Detection,” Proc. IEEE, vol. 104, no. 6, pp. 1258–1270, Jun. 2016, doi: 10.1109/JPROC.2016.2526658.



Previous Abstract Return to Session A5 Next Abstract