The GPS Assimilator Upgrading Receivers Via Benign Spoofing
Total Page:16
File Type:pdf, Size:1020Kb
The GPS Assimilator Upgrading Receivers via Benign Spoofing Interference, jamming, and spoofing are increasing the GNSS user community’s concerns about the security and reliability of their receivers. Although solutions are being proposed for future equipment designs that can process multiple signals from multiple GNSS systems, this article introduces a method for upgrading existing GPS user equipment to improve accuracy, robustness, and resistance to spoofing. TODD E. HUMPHREYS, JAHSHAN A. BhattI ers to improve satellite availability and especially for timing synchronization THE UNIVERSITY OF TEXAS AT AUSTIN robustness against signal interference. — and the potential for financial gain or Major commercial GNSS receiver causing high-profile mischief make civil BRENT M. LEDVINA manufacturers already have product GNSS jamming and spoofing a gather- COHERENT NAVIGATION roadmaps in place that anticipate these ing threat. Since the publication of the demands. Manufacturers realize that U.S. Department of Transportation’s they will be at a competitive disadvan- Volpe Report on GPS dependence nearly hat will GNSS receivers look tage relative to their peers if they only a decade ago, GNSS security researchers like five years from now? offer a subset of available GNSS signals have repeatedly warned that civil GPS The answer, of course, to sophisticated users. “Why should I is not yet secure, and that users trust its Wdepends on the application. have to choose between signals? ” their signals at their peril. Mass-market receivers used in applica- customers will complain, “I’d like all of As Professor David Last commented tions that do not require precision posi- them!” at a recent conference on GNSS security, tioning and timing (hand-held units for Then there is the issue of GNSS secu- “Navigation is no longer about how to hikers, for example) will likely remain rity. At one time, perhaps 20 years ago measure where you are accurately. That’s simple, single-frequency L1 C/A-code– or more, computer users were largely easy. Now it’s how to do so reliably, safe- based GPS devices. unconcerned with the security of their ly, robustly.” On the other hand, a growing seg- personal computers. That time has Secure positioning, navigation, and ment of military and civilian GNSS passed. As any victim of a computer timing (PNT) will require use of all users will demand greater accuracy and virus knows, firewalls, anti-virus soft- available means: inertial navigation sys- reliability from their receivers than can ware, and protocols for secure data tems, stable frequency sources, multiple be offered by single-frequency GPS. They transfer are no longer optional, but antennas, and cryptographic authenti- will want multi-frequency GNSS devices required. cation. Product designers and system to combat ranging errors due to iono- Likewise, the deepening dependence integrators will also want to exploit all spheric delay, and multi-system receiv- of the civil infrastructure on GNSS — radio frequency signals from which PNT 50 InsideGNSS JUNE 2010 www.insidegnss.com information can be extracted — includ- GPS and other observables. The spoofer tight coupling between the GPS receiver ing non-GNSS signals and signals never is described in a paper by T. E. Hum- and the oscillator that it disciplines, the intended to be used for PNT. phreys et alia (2008) listed in Additional GPS receiver component cannot be eas- In short, PNT devices in critical Resources near the end of this article. ily swapped with a modern, secure ver- applications five years from now will Our benign spoofing technique is sion. likely be remarkably capable and secure embodied in a device, called the GPS Phasor Measurement Units (PMUs). Also devices that adhere to an all-signals-in- Assimilator, whose output is injected known as synchrophasors, these devices view, all-available-means philosophy. directly into the radio frequency (RF) couple a GPS receiver to power measure- Meanwhile, however, the over- input of existing GPS equipment to ment equipment in order to simultane- whelming majority of GNSS receivers immediately “robustify” the equipment ously obtain the phasor values of voltag- — even those in critical applications against GPS outages and interference. es and currents at particular instants of — are simple L1 C/A-based devices that This article describes the GPS Assimi- time. Although now used primarily for fail when signals are blocked or jammed, lator’s design and operation and reports monitoring, these devices are expected complaining, “Need clear view of sky.” the preliminatry performance results of to see widespread future application in Moreover, no commercially available a prototype model. closed-loop control systems designed civil GNSS receiver, as far as we are to increase the carrying capacity of the aware, incorporates even rudimentary Documenting the Need power distribution grid. defenses against spoofing. Consider three examples of existing The widespread installed base of Will these receivers be considered devices for which Assimilator augmen- PMUs (in Texas alone there are more obsolete in the near future as new equip- tation is potentially preferable to replace- than 8,000 installed today) represents ment that incorporates multiple signals, ment. a considerable investment. Unfortu- GNSS systems, and security measures Time Reference Receivers. These devic- nately, like time reference receivers, reaches the market? Perhaps. And per- es, which typically cost several thousand the embedded GPS receivers in PMUs haps the prudent course of action is to dollars apiece, couple a GPS receiver to a are easily spoofed. Timing errors lead replace them with secure and reliable stable oven-controlled crystal oscillator to phasor angle errors, and, when these modern devices. (OCXO) or atomic frequency reference. reach several degrees (~100 microsec- A decision to replace existing receiv- Timing receivers are used extensively onds), they could destabilize closed- ers, however, cannot be made lightly. in telecom networks; in particular, the loop control of transient swings, ulti- The millions of deployed GNSS receiv- IS-95 CDMA-based digital cellular stan- mately damaging critical components ers in operation around the globe today dard and its progeny require each base of the power grid. represent an enormous investment in station to be synchronized with a GPS Embedded Military GPS Receivers. equipment and training. Moreover, in receiver so that the timing of transmis- Unsurprisingly, GPS receivers find wide- many cases the GNSS receiver is only sions can be controlled to better than 10 spread use in armed forces worldwide. an embedded subcomponent of a larger microseconds. Several hundred thousand devices have PNT-reliant system. It may be inconve- Modern GNSS time reference receiv- been procured by the U.S. Department nient, unsafe, or expensive to replace ers easily meet this requirement. They of Defense and foreign military sales these embedded devices with modern are also capable of extended (24–36 customers over the last five years — a counterparts. Nonetheless, the vulner- hours) “holdover mode” operation in substantial collective investment. A large ability of existing receivers, embedded case of signal blockage or jamming. fraction of military-grade GPS receivers and otherwise, to signal obstruction, Nonetheless, recent experiments with are used as embedded receivers, being jamming, and spoofing, and their inabil- a popular time reference receiver model coupled to targeting, tracking, and com- ity to make use of modernized GNSS at the University of Texas Radionaviga- munications equipment via well-defined signals and other signals of opportunity, tion Laboratory have revealed that these and field-tested interfaces. leaves much to be desired. receivers are easily spoofed. Within the Blockage or jamming of incoming As an alternative to replacement of span of one hour, the pulse-per-second GPS signals can render these critical existing equipment, we propose aug- output of a receiver originally locked to downstream systems inoperable. Coun- mentation. We have developed a tech- authentic GPS signals can be driven to a terintuitive as it may seem that a vehi- nique for upgrading existing GNSS user larger than 10-microsecond error with- cle-to-vehicle communications system equipment to address their shortcomings out raising any of the receiver’s internal would be disabled by GPS blockage, such without requiring hardware or software alarms. is the nature of modern dependence on modifications to the equipment. The obvious implication — that it precision navigation and timing. This technique re-purposes a portable would take a malefactor less than one Each of these example devices would civil GPS spoofer to generate “friendly” hour to render a cell-phone base sta- experience benefits in accuracy, robust- spoofing signals whose implied naviga- tion inoperable via spoofing — is cause ness, or security from coupling to a solu- tion solution is derived from a fusion of for concern. Unfortunately, due to the tion such as the GPS Assimilator. www.insidegnss.com JUNE 2010 InsideGNSS 51 gps AssIMILATOR GPS Galileo Digital Signal Processor Iridium Multi-System Embedded Synthesized Receiver Module GPS RF Nav. & Timing RF Signals Target GPS Front-End Fusion Module Signal Anti-Spoofing Simulator Receiver Bank Module (A) Anti- GPS, Galileo, Iridium, GLONASS, Spoofing eLORAN,Compass, cell telephone Module (B) signals, etc. Baseband PVT data (e.g., INS, keyboard, time source) FIGURE 1 Block diagram