GNSS Spoofing Detection Based on Particle Filtering

J. Nielsen, V. Dehghanian, N. Dawar

Abstract:	GNSS spoofing is an emerging potent threat that targets the generic GNSS Receiver (GR) by transmitting a set of counterfeit GNSS signals that closely match the authentic signals sourced from satellites [1-6]. The GR proceeds to compute an incorrect navigation solution based on the mix of authentic and spoofer sourced signals. The spoofing threat is particularly insidious in that the incorrect navigation solution is sufficiently plausible such that it is not easily dismissed as an outlier [3]. Hence the GR will output the navigation solution to subsequent system processing as being valid with high confidence which can result in dire consequences. The spoofing source attempts to generate signals that are sufficiently close to the authentic signals in the Code Delay Space (CDS) such that they will not be immediately rejected by the GNSS signal correlation processing of the GR. As such they will be tracked by the GR which will typically then ignore the corresponding authentic signals. In this state the spoofer can fabricate a set of signals that will eventually posit an arbitrary erroneous navigation solution. The synthesis of the spoofer signals is a delicate balance of the desired to induce sufficiently large errors in the navigation solution to be effective while being sufficiently closely matched to authentic signals such that the correlation tracking of the GR can be reliably hijacked. Effective spoofer countermeasures are currently being implemented which exploit the vulnerability of this spoofer signal. For example, monitoring the signal power of the GNSS signals to ensure a plausible received signal strength (RSS) level implies that the spoofer cannot simply overpower the GR correlation tracking [1-3]. Also assisted GPS significantly limits the CDS over which plausible GNSS signals can exist. Finally the navigation solution can be verified based on other sensory information usually from inertial sources or simply the plausibility of the navigation solution based on where the GR is believed to be located [6]. Such countermeasures force the spoofer to generate signals that are ever closer to the authentic signals in the CDS context. However, in areas of sufficient navigational uncertainty such as in urban areas, the spoofing signals can still impress variations into the navigation solution sufficient for the malicious intent. The obvious countermeasure to implement in the GR that will effectively mitigate the spoofer threat is if the authentic and spoofer sourced GNSS signals can be sorted such that the navigation solution is only based on the authentic signals. Such sorting by the GR will require considering subtle differences between the authentic and spoofer sourced signals. The scenario assumed in this paper is that of a GR located in an urban environment subjected to pairs of corresponding authentic and spoofer sourced signals that are closely matched in terms of CDS and RSS. Simultaneous Location and Mapping (SLAM) [7] processing is proposed in this paper as an algorithm that can facilitate the sorting of the authentic and spoofer signals based on the sequences of GR correlator outputs recorded as the GR is being moved, presumably by vehicle or pedestrian. SLAM was originally developed as a Bayesian algorithm for robotics applications where the objective was to simultaneously estimate the location of the robot while mapping the relative location of features of the physical environment [7, 8]. These features could be previously completely unknown or have some known attributes with any prior knowledge accounted for and utilized by the SLAM algorithm. In the spoofing mitigation context, SLAM will be used to estimate the trajectory of the GR while simultaneously mapping the location of all of the observed GNSS signals from both authentic and spoofing sources. Hence SLAM can be construed as a generalization of the traditional Bayesian tracking (Kalman filter) which estimates the GR location based on known attributes of the GNSS sources. The mapping of the GNSS sources consists of building up an estimate of the bearing and range of the source of the transmission based on a sequence of measurements with prior knowledge used as available. For instance, the GNSS source is either authentic (in which case the relative bearing is known and the range is effectively infinite) or a spoofer source (finite range with plausible bounds and unknown bearing). Various observables are used for this assessment. RSS trends of the GNSS signals over the sequence of correlator outputs is a simple observable that is surprisingly effective even in a multipath urban environment. Variation in the relative code phase over the sequence of measurements indicates the change in radial distance. Variation in carrier phase associated with the short term power spectral density of the Doppler is useful as the multipath conditions will capriciously contain segments of line of sight conditions. SLAM is a method of systematically combining the multitude of these disparate and rather innocuous observables that are weakly related to the objective of eventual spoofer discrimination. The outcome of the SLAM is essentially a probability that each of the observed GNSS signals is authentic or spoofer sourced which is built up over time as the GR is moved. The navigation solution is continuously recalculated conditioned on these probabilities. Extensive simulation activities have verified the potency of the SLAM algorithm in the context of simultaneously mapping the GNSS sources and the GR trajectory and hence the effectiveness of spoofer mitigation based on sorting authentic and counterfeit signals. A limitation in the simulation is the credibility of the multipath models which have to simultaneously represent the fading and shadowing effects of the terrestrial spoofer and satellite authentic signals. As outdoor transmission of GNSS spoofing signals is clearly not possible to facilitate such measurements, surrogate measurements of cellular sources are being used. Indications so far demonstrate the corroboration of the experimental and simulation results. The paper will provide a compilation of these observations. References [1] V. Dehghanian, J. Nielsen, and G. Lachapelle, "GNSS Spoofing Detection Based on Signal Power Measurements: Statistical Analysis," International Journal of Navigation and Observation, vol. 2012, 2012. [2] V. Dehghanian, J. Nielsen, and G. Lachapelle, "GNSS Spoofing Detection based on Receiver C/No Estimates," in GNSS 2012, Nashville, USA, 2012. [3] J. Nielsen, V. Dehghanian, and G. Lachapelle, "Effectiveness of GNSS Spoofing Countermeasure Based on Receiver CNR Measurements," International Journal of Navigation and Observation, vol. 2012, 2012. [4] T. E. Humphreys, et al., "Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer," presented at the ION GNSS Savanna, CA, 2008. [5] L. Scott, "Anti-spoofing and Authenticated Signal Architetures for Civil Navigation Systems," presented at the ION GPS/GNSS Portland, 2003. [6] L. Scott, "Location Assurance," GPS World, vol. 18, 2007. [7] H. Durrant-Whyte and T. Bailey, "Simultaneous localization and mapping: part I," Robotics & Automation Magazine, IEEE, vol. 13, pp. 99-110, 2006. [8] M. W. M. G. Dissanayake, et al., "A solution to the simultaneous localization and map building (SLAM) problem," Robotics and Automation, IEEE Transactions on, vol. 17, pp. 229-241, 2001.
Published in:	Proceedings of the 26th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2013) September 16 - 20, 2013 Nashville Convention Center, Nashville, Tennessee Nashville, TN
Pages:	2997 - 3005
Cite this article:	Nielsen, J., Dehghanian, V., Dawar, N., "GNSS Spoofing Detection Based on Particle Filtering," Proceedings of the 26th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2013), Nashville, TN, September 2013, pp. 2997-3005.
Full Paper:	ION Members/Non-Members: 1 Download Credit Sign In