Spoof Detection Using Multiple COTS Receivers in Safety Critical Applications

P.F. Swaszek, R.J. Hartnett

Abstract: The Global Positioning System is well known to be an accurate provider of position and timing information across the globe. As such, it is commonly used to locate and navigate vessels in various transportation modes (e.g. land vehicles, boats and ships, and aircraft). Because of high signal availabilities, capable/robust receivers, and a well-populated satellite constel-lation, operators typically believe that the location information provided by their GPS receivers is correct. Researchers (who are arguably a more skeptical group) often think more about the integrity of location information, and are interested in how a receiver might calculate its measure of integrity, or even how one or more receivers might be used to determine if position information is legitimate, or “spoofed.” Here, spoofing refers to intentional (and considered malicious) interference to a GPS user’s inputs so as to distort that position information. Depending upon the cargo and/or mission of the transport, calculation of user position in the presence of one or more “spoofers” can provide hazardously misleading information, possibly resulting in disastrous consequences in safety critical applications. One way to detect a spoofing event is to use some sort of Ground-Based Augmentation System (GBAS), however such detection methods inherently require external ground-based infrastructure. A second option would be to enhance an existing receiver with additional signal processing capability (such as searching for a vestigial peak in the correlator output). However, while these techniques are intellectually stimulating, they are less appropriate for use in a cock-pit (where receiver certification is an issue), or perhaps where the cost of new equipment is a significant issue. Technical discussions on spoof detection can vary widely based upon the assumed capabilities and a priori knowledge of the spoofer. In 2003 Warner and Johnston suggested several possible methods to detect a spoofing event at a single GPS receiver: monitoring the power levels of the GPS signals (absolute, relative, and across satellites), checking that the constella-tion itself is correct for the given time (e.g. number and IDs of the satellites), testing the accuracy of the clock component, and even checking against some non-GNSS source (e.g. an IMU). Since then various authors have experimented with spoof-ing and suggested detectors including correlating the P(Y) code at the RF level, looking for vestigial peaks in the correlator outputs, comparing to trusted reference signals, and using antenna arrays to spatially identify signals. Much of this prior work has focused on the conceptual level with limited analysis of the resulting detection performance, and/or has proposed fundamental redesign of the receiver itself. Unfortunately, little work has been directed towards using existing commercial off-the-shelf (COTS) “stand-alone” receiver technology to perform spoof detection. Recently, at the ION’s ITM in January 2013, we proposed a simple spoofing detection concept based on the use of mul-tiple COTS receivers and attempted to assess its performance under nominal assumptions on the signal environment. Specifically, the detector monitors the GPS signals using not one, but two or more receivers with their antennas at known relative positions. With no spoofer present, each antenna would receive a unique RF signal consistent with its position in space. Under the assumption that the spoofer is present, and has only one broadcast antenna, during a spoofing event these multiple receivers will receive nearly identical spoofer RF signals. The presence of spoofing is thus discernible from the near equivalence of the receivers’ receptions. While one could compare these multiple receptions at the RF level, we proposed comparing the position solutions across receivers, declaring a spoofing event if the resulting position solutions are too close to each other as compared to the known, relative locations of the antennas. The primary advantage of such an approach is that an implementation of the hypothesis test does not require receiver hardware modification (hence, no recertification is necessary) or even access to software GPS methods; a separate processor could easily monitor the positions generated by each of the receivers and decide spoof or no spoof. Our January 2013 work developed several different detection algorithms (based on differences in the knowledge of the receivers’ locations; e.g. known, relative position with and without orientation information) and analyzed each detector from a Neyman-Pearson perspective assuming Gaussian statistics. The current paper extends this initial work in the following ways: • Better statistical models – our initial work assumed statistical independence of the observations for mathematical simplicity and was justified from some simple lab testing using a GPS reradiator. We revisit this modeling, with bet-ter lab testing combining both nominal and spoofer signals. • More receivers – our initial work focused on just two receivers; we did include a single, simple example with three receivers. Here we consider cases of 3 and 4 receivers with relative positions relevant to common vehicle configura-tions. • Sequential processing – our initial work could be called a “snapshot” method, only looking at the positions from the multiple receivers at one instant of time. In our initial lab testing we noted significant similarity of the receivers’ po-sition errors under spoofing as a function of time, so in this paper we develop sequential tests that exploit these inter-receiver correlations. As is common in sequential tests, a decision of “I don’t know yet” requesting additional data could be quite effective, especially for closely spaced receivers. • Moving platforms – our initial work assumed a static platform which eliminated issues with unsynchronized (in time) position estimates. Here we expand our initial analysis to moving vehicles and time offsets between receivers, noting its equivalence to spoofing detection schemes based on comparing sequential positions of a vehicle with a single receiver traversing a known trajectory.
Published in: Proceedings of the 26th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2013)
September 16 - 20, 2013
Nashville Convention Center, Nashville, Tennessee
Nashville, TN
Pages: 2921 - 2930
Cite this article: Swaszek, P.F., Hartnett, R.J., "Spoof Detection Using Multiple COTS Receivers in Safety Critical Applications," Proceedings of the 26th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2013), Nashville, TN, September 2013, pp. 2921-2930.
Full Paper: ION Members/Non-Members: 1 Download Credit
Sign In