Using a GNSS Spoofing Test Bed to Evaluate the Effects of Replica GPS Signals on Timing Receivers

Guy Buesnel, Fabio Simon-Galabadon, Tim Frost

Abstract:	The vulnerability of Global Navigation Satellite Systems to spoofing attacks along with potential mitigation strategies has been the subject of discussion in many industry segments where the delivery of precise timing is of high importance. Whilst several high-profile examples of GPS position spoofing have been presented, the effect and impact of faked GNSS signals on timing systems is less well appreciated. The authors are aware of the effects on GNSS timing applications of natural and intentional disruption to signals. Recent events have shown the GNSS community that the replication of GNSS signals requires less expertise than was previously the case. Some of the myths around GNSS spoofing – including the difficulty of replicating GPS signals and the high cost of equipment– will be shown not to be significant barriers and the need to understand the response of GNSS receivers and systems in the commercial sector to this type of threat is therefore of greater significance. This paper documents the results of experiments during summer 2015 when several representative commercial timing receivers were tested on a GPS spoofing test-bed and subjected to some example attack vectors. It also highlights the fact that protection techniques against such attacks exist today and could be implemented in many systems. An introduction to the known vulnerabilities of GNSS is presented with an emphasis on the effects of Radio Frequency Interference (RFI) spoofing and cyber-attacks relevant to users of timing systems. Real, published instances of commercial segment GPS spoofing and hacking are reviewed along with the authors’ insights into the actual and expected evolution of relevant threat vectors and approaches to identify, flag and mitigate risk to timing systems. The set-up and operation of the spoofing test-bed used to conduct tests is explained and the results of the testing campaign are presented along with a detailed analysis of the behavior of the systems under test. It will be shown that when signal disruption is introduced, the effects on a timing receiver could be unpredictable and lead to unexpected system behavior. The need to test the response of GNSS timing receivers and systems in the presence of realistic threats will be shown to be an important step in risk reduction. The authors discuss the relevance and implications of their results for timing systems in use today and share their thoughts and ideas on achieving improved levels of robustness in Timing systems that use GNSS. A selection of potential mitigation techniques that are applicable to timing systems will be presented - this will include the use of complementary Positioning, Navigation and Timing Systems such as e-LORAN, GNSS Receiver Integrity checks, receiver power level detection, position checking, and time comparison with alternate timing sources. Finally the authors will present their ideas for future work. The limitations of the experiments will be discussed and causes for some of the unpredictable behavior of the units under test will be advanced as well as proposed approaches for gaining a deeper understanding of some of the observed behavior of the timing receivers that were tested.
Published in:	Proceedings of the 47th Annual Precise Time and Time Interval Systems and Applications Meeting January 25 - 28, 2016 Hyatt Regency Monterey Monterey, California
Pages:	68 - 73
Cite this article:	Buesnel, Guy, Simon-Galabadon, Fabio, Frost, Tim, "Using a GNSS Spoofing Test Bed to Evaluate the Effects of Replica GPS Signals on Timing Receivers," Proceedings of the 47th Annual Precise Time and Time Interval Systems and Applications Meeting, Monterey, California, January 2016, pp. 68-73. https://doi.org/10.33012/2016.13149
Full Paper:	ION Members/Non-Members: 1 Download Credit Sign In