Category: Defense

  • Microsemi enhances SyncServer S600 server for Ethernet networks, satellite uplinks

    Microsemi Corporation is offering new hardware and software options for its SyncServer S600 series of time servers and instruments. The enhancements improve time synchronization over enterprise Ethernet networks and supply timing signals for improved military radar operations and satellite uplink communications.

    “The SyncServer S600 series provides highly accurate, reliable and secure time for a variety of applications, not the least of which are the extremely precise low phase noise 10-MHz signals used in military radars and satellite uplinks,” said Paul Skoog, senior product line manager at Microsemi. “We’re committed to helping our customers improve the performance of their systems by improving the performance of ours. These high-quality timing signals enable radars to track difficult targets as well as to improve the quality and data throughput of satellite communications systems.”

    Enterprise and financial customers also look to the SyncServer S600 series to meet the timing and synchronization needs of their rapidly evolving networks, particularly for compliance purposes such as the European MiFID II directive, which specifies highly stringent time accuracy requirements for stock trading systems.

    Also applicable for laboratories and test and measurement companies, this latest release of Microsemi’s S600 hardware and software includes support for the IEEE 1588 multiport, multi-profile Precision Time Protocol (PTP), which allows the S600 to operate as an independent grandmaster clock on each Ethernet port — delivering cost savings and network deployment flexibility to customers. This is coupled with a new 10GbE interface to easily interoperate with a wider variety of network and stock trading topologies.

    The newly enhanced SyncServer S600 and S650 can be equipped with two 10 GbE Ethernet small form-factor pluggable (SFP+) ports for customers needing to maximize PTP grandmaster performance in a cost-effective 1 rack unit (1U) chassis.

    In addition, the S650 can measure the accuracy of PTP hardware slaves that are synchronized to the S650 grandmaster by way of a new external 1 pulse per second measurement option.

    The combination of these devices’ new hardware and software features support Microsemi’s expanding leadership position as a cost-effective enterprise PTP grandmaster provider delivering accurate and reliable time to critical systems.

    Microsemi’s SyncServer S600 series meets the time and frequency requirements of multiple vertical markets, particularly the global military radar market, which is estimated to reach $10 billion by 2024 with a compound annual growth rate of 2.6 percent between 2016 and 2024 according to market research firm Variant Market Research.

    The firm also identifies how radar in military applications is widely used for air traffic control, early warning detection of missiles, navigation at sea and surveillance of air and ground. The versatile SyncServer S600 series meets the needs of today’s demanding timing requirements and scales to meet the needs of the future.

  • DARPA sprints toward unmanned air and ground swarming

    DARPA sprints toward unmanned air and ground swarming

    DARPA’s OFFensive Swarm-Enabled Tactics (OFFSET) program envisions future small-unit infantry forces using small unmanned aircraft systems (UAS) or small unmanned ground systems (UGS) in swarms of 250 robots or more to accomplish diverse missions in complex urban environments.

    By leveraging and combining emerging technologies in swarm autonomy and human-swarm teaming, the program seeks to enable rapid development and deployment of breakthrough capabilities to the field.

    DARPA has awarded Phase 1 contracts to teams led by Raytheon BBN Technologies and Northrop Grumman Corporation.

    Image: DARPA
    Image: DARPA

    Swarm Tactics. Both teams will serve as a swarm systems integrators tasked with designing, developing and deploying an open architecture for swarm technologies in physical and virtual environments.

    Each system would include an extensible game-based architecture to enable design and integration of swarm tactics, a swarm tactics exchange to foster community interaction, immersive interfaces for collaboration among teams of humans and swarm systems, and a physical testbed to validate developed capabilities.

    The teams will be responsible for experimentation and systems-integration efforts for realizing swarm capabilities, including producing tactics and technologies to test on its respective architecture.

    Swarm Sprints. DARPA also aims to engage with a wider developer and user audience through rapid technology-development and integration efforts called swarm sprints. Participants in these experiments — sprinters — can work with one or both integration teams and each other to create and test their own novel swarm tactics and enabling technologies.

    Roughly every six months, DARPA plans to solicit proposals from potential sprinters, with each swarm sprint focusing on one of five thrust areas: swarm tactics, swarm autonomy, human-swarm teaming, virtual environment and physical testbed.

    The end of each sprint would coincide with physical and virtual capability-based experiments designed to test and assess integration of the thrust-specific OFFSET technologies. The experiments would also provide direct engagement between DARPA, the teams and sprinters, and warfighters who could help further tailor OFFSET capabilities to meet real-world operational needs.

    “The swarm sprints are empirical experiments designed to accelerate our understanding of what swarms can do in urban environments,” said Timothy Chung, program manager in DARPA’s Tactical Technology Office. “By having swarm sprints at regular intervals, we’re able to ensure that we’re keeping up with the latest technologies — and are in fact helping inform and advance those technologies — to better suit the needs of the OFFSET program. Given the wide range of capabilities that we’re interested in, we’re looking for wherever those innovative solutions are going to come from, whether they be small businesses, academic institutions or large corporations.”

  • U.S. Army solicits PNT solutions for warfighters

    U.S. Army solicits PNT solutions for warfighters

    The U.S. Army is soliciting proposals for research, development, design and testing that directly supports battlefield technologies in the area of positioning, navigation and timing (PNT).

    Broad Agency Announcement (BAA W56KGU-18-R-PN22) was issued by the U.S. Army’s Communications-Electronics Research, Development and Engineering Center (CERDEC) on Nov. 24 through FedBizOpps.gov.

    CERDEC — based at the Aberdeen Proving Ground in Maryland — aims to discover technical approaches to improve and enhance current and future land warrior capabilities, flexibility and responsiveness in line with its strategic vision for enhancing warfighter capabilities to operate in both symmetric and unsymmetrical environments.

    GPS-denied environments. “The goal is to support CERDECs Strategic Thrust for PNT by providing technical and operational capabilities that enables the soldier to continue their operations in hostile RF and GPS-denied environments,” reads the BAA. “Proposed technical approaches may apply to operations both before and after the cessation of hostilities.

    “This announcement emphasizes approaches that address the very different challenges presented by urban fighting and dramatically enhance warfighter capabilities, for example, the ability to interact, maneuver and operate under a time constrained environment. These changes should generally result in lower casualties, lower collateral damage, and the effective use of combat power.

    “The specific topics of interest revolve around the research and development of technologies may provide revolutionary improvements to the entire spectrum of PNT.”

    Soldiers with 18th Military Police Brigade, assault opposing enemy threats during an Urban Operations training at the 7th Army Training Command’s Grafenwoehr Training Area, Germany, Oct. 20, 2017. (U.S. Army photo by Spc. Javon Spence)

    CERDEC’s plan is to support multiple and potentially multiphase efforts that pursue the design, development, integration and demonstration of critical and enabling technology and system attributes pertaining to PNT. Proposed efforts will primarily be of service and material with aims at resolving technical barriers.

    Proposals. Proposals submitted should range in scope from study and analysis type work with limited data and deliverables, to larger efforts for component developments, techniques and demonstrations with breadboard or prototype-style deliverables.

    The contracts are expected to be cost-plus-fixed-fee, but can be negotiated.

  • Intelsat demonstrates mitigation of satellite signal interference

    Mitigating intentional interference for satellites is addressed in a new white paper released by Intelsat General.

    The white paper details interference mitigation on the Intelsat EpicNG platform. Intelsat General is a wholly owned subsidiary of Intelsat and operator of the worldwide Globalized Network.

    The whitepaper validates the ability of the Intelsat EpicNG platform to mitigate attempts by adversaries to intentionally interfere with signals operating on Intelsat’s multi-spot, high-frequency reuse, high-throughput satellites. This is particularly important for U.S. and allied military forces in hostile theaters throughout the globe.

    “U.S. DoD (Department of Defense) satellite communication systems are critical for collecting and disseminating video and data that give the military real-time information about a hostile environment,” said Skot Butler, president of Intelsat General. “Our Interference Resolution demonstration showcases the capability of the Intelsat EpicNG system, and its advanced digital payload, to work around efforts to interfere or jam the signals being transmitted via our satellites.”

    https://youtu.be/B0rhVk4MYY0

    Demonstration. The Interference Resolution demonstration used a remote terminal transmitting video to a hub Earth station over the Intelsat 29e satellite. During the validation process, technicians transmitted an interference signal on the same channel used to transmit the video.

    Once the interference was detected, technicians were able to reconfigure the satellite and the remote terminal, thereby re-establishing video transmissions. The reconfigurations

    • terminated the interferer at the satellite thereby clearing the downlink,
    • provided a new, interference-free uplink channel, and
    • connected the new video uplink channel to the original, now clear, downlink channel.

    Intelsat 29e, launched in January 2016, was the first of Intelsat’s fleet of high-throughput satellites. Five Intelsat EpicNG satellites are now in orbit with one more planned for launch in 2018.

  • NovAtel’s GPS anti-jam technology chosen for UK’s Type 26 frigate

    NovAtel’s GPS anti-jam technology chosen for UK’s Type 26 frigate

    NovAtel’s GPS Anti-Jam Technology (GAJT) has been selected for the United Kingdom’s Type 26 frigates to meet a requirement as part of a protected navigation system.

    The frigates are 21st-century warships that will replace the Type 23 frigate as the workhorse of the British Fleet, undertaking the Royal Navy’s three core roles — warfighting, maritime security and international engagement — on the world stage.

    GAJT-710MS

    GAJT protects GPS-based navigation and precise timing receivers from intentional jamming and accidental interference, ensuring that the satellite signals necessary to compute position and time are always available. It is a commercial off-the-shelf (COTS) product, and comes in versions suitable for land, sea, fixed installations and smaller platforms such as unmanned aerial vehicles (UAVs).

    Warships, military vehicles and platforms, networks and timing infrastructure can all benefit from the protection that GAJT provides. There is no need to replace GPS receivers already installed, because GAJT works with civil and military receivers including SAASM and M-code.

    The Type 26 frigates of the British Fleet will use NovAtel anti-jam technology. (Photo: BAE Systems)

    “The selection of GAJT for the Type 26 frigates is the result of cooperation between Drumgrange, with its proven track record for rapid realisation of demanding defence design tasks, and Forsberg Services, an established navigation systems company and NovAtel dealer whose high quality manufacturing was instrumental to the project,” said Peter Soar, business development manager for military and defence at NovAtel. “GAJT is in use operationally and has been shipped to 16 allied nations around the globe. We are grateful for the rigorous technology selection process conducted which led to this choice.”

    NovAtel’s commitment to precise, assured positioning and timing is central to the design of the GAJT antenna. The company’s lean manufacturing techniques and quality processes mean that it can ramp up quickly to meet volume requirements. Reliability is assured by NovAtel’s industry-best low return rate.

     

  • Resilient PNT threats, solutions detailed in webinar

    New details are emerging from talks among the speakers slated for this Thursday’s free webinar Resilient PNT for Military Applications.

    Virtually everyone in the industry agrees that threats to military positioning, navigation and timing (PNT) are real; the threats continue to be newly emerging, and they are growing in complexity.

    “We value the idea of open architecture and universal communications buses to make it easier to incorporate the latest in technologies in a timely manner without system redesign,” said one webinar speaker, and the other three speakers agreed.

    Though designed with military applications in mind, the webinar will provide multiple points of relevant reference for non-military users and applications as well.

    Here’s an advance peek at the topics that participants will hear in detail at 1 p.m. Eastern (10 a.m. Pacific) in Thursday’s webinar.

    Mikel Miller

    Vice President for PNT Technologies at Integrated Solutions for Systems (IS4S); Former U.S. Air Force Research Laboratory

    • Introduction to the problem
    • Situation today
    • Situation in the future (where we want to be in ~5 years?)
      • Open architecture
    • Communications problem/solutions overview
    • Cybersecurity problem/solutions overview
    • PNT problem/solutions overview
      • NetAssure introduction and details
    Excerpt from Miller’s presentation. (Credit: Mikel Miller)

    Lisa Perdue

    Product Manager and Applications Engineer, Spectracom

    • Introduce the categories of solutions – Protect, Detect, Mitigate, Test
    • Discuss several technologies in each category brief overviews
      • Protect – Antennas – AJAS and Horizon Blocking
      • Detect – receiver algorithms, multiple receiver integration, system level monitoring and alerting
      • Mitigate – Augmentations – STL and eLoran, system level mitigation
      • Test – just a reiteration that new threats are always emerging and we need to be able to test vulnerabilities to the latest emerging threats – in a timely matter
    • Discuss Layered approach that include not only the technologies, but also proper integration
    • System design to support easy addition of new technologies and advancements
      • Supporting the open architecture point that Mike made earlier
      • Victory bus

    Mike Jones

    Capability Lead for Array Processing, Roke Manor Research

    • Protect, Toughen, Augment strategy – related to the Protect, Detect, Mitigate, Test strategy introduced Lisa Perdue
    • Deeper dive and introduction into specific technologies
      • Augmented-Reality Jammer geolocation
      • Latest anti-jam antennas (I am only going to mention the fact that AJ antennas exist and their main purpose – feel free to provide more details in general or about specific antennas)
      • Anti-spoof (is this about M-Code, receiver algorithms, system algorithms, or all of these?)
      • Visual sensors
      • Inertial Sensors

    Randy Villahermosa

    Executive Director, iLAB, The Aerospace Corporation

    • Project SEXTANT: New Thinking on Alternative PNT
    • To Cope with increasing disruptiveness: Modify, Augment, Substitute, Reach a New Paradigm
    • Major Findings: GPS is vertically integrated, with no obvious ‘Drop-In’ replacement; Novel combinations of multiple approaches is fertile ground for PNT innovation. However, many experts have been working on GPS alternatives for some time with no clear consensus crystallizing on a path forward.
    • An independent body is needed to evaluate and coordinate Alternative PNT concepts for critical functions
    • The Basis for an Alternative PNT Framework
    • Creating a PNT Ecosystem
    • Open-Source PNT
    • An Alternative PNT Assessment Workflow

    Learn more about the webinar on our Webinars page.

  • AUVSI conference targets unmanned defense market

    AUVSI conference targets unmanned defense market

    A conference aimed at military and government agency decision-makers is scheduled for Feb. 6–8.

    AUVSI Unmanned Systems – Defense. Protection. Security. (USDPS) will highlight what’s next for the defense, protection and security industries. The conference has been reimagined to include more opportunities to learn from industry and government thought-leaders and shop for the latest technology, said AUVSI.

    Expanded focus beyond the military includes government agencies such as Homeland Security, Interior, Justice, Energy, the FBI and  NOAA, as well as other public safety agencies.

    Thought leaders and subject matter experts from the military, government agencies and public safety outlets will provide details and insight on investments, innovation and sustainment, including what’s next with artificial intelligence and cybersecurity.

    More than 50 companies will be on site to provide military and government agencies with an inside view of new technologies and trends.

    In addition, a public safety educational lineup defines how to best use unmanned systems for explosive ordinance disposal and HAZMAT applications, addresses the counter-UAS threat at home and abroad, and provides insight on how disaster and emergency responders are using unmanned systems.

    The conference will take place at the  Gaylord National Resort & Convention Center in National Harbor, Maryland. Those registering before Nov. 19 can take advantage of advanced rates.

  • Resilient PNT for defense highlighted in Nov. 16 webinar

    As a U.S. military system, GPS provides all the PNT capabilities they need for defense — until it doesn’t.

    Though the accuracies are great and the encrypted signal is resistant to spoofing, its weak signal is very susceptible to jamming. GPS World will host a webinar Nov. 16 to examine ways to augment GPS/GNSS to add resiliency so critical military systems have assured PNT. Registration is free.

    Speaker Mikel Miller — Air Force officer (ret.), chief scientist for PNT and instructor — said, “As military operations have evolved over time, three critical technologies have become foundational in synchronized, precision military operations: resilient PNT, resilient communications and resilient cyber. A system-of-systems architecture that integrates and optimizes these three technologies is required to provide trusted and resilient PNT information in GNSS denied/degraded environments.”

    Sponsored by precision time company Spectracom, the webinar takes place Nov. 16 at 1 p.m. EST / 10 a.m. PST / 7 p.m. (1900h) Central European Time.

    Read about the speakers and their topics below.

    Lisa Perdue
    Product Manager and Applications Engineer, Spectracom
    Perdue is an expert in testing critical GPS and GNSS systems. She has trained hundreds of engineers and technicians who are responsible for high-reliability positioning, navigation and timing (PNT) applications. She took a lead role in the development of the first GNSS Vulnerability Test System and speaks widely on the topic at many industry conferences. Perdue is Spectracom product manager at Orolia, where she directs the organization’s GNSS simulation activities and contributes to its entire portfolio of resilient PNT solutions. She has more than 15 years of navigation and RF systems experience, which includes 10 years of service with the U.S. Navy, where she was a certified master training specialist.

    Mike Jones
    GPS World contributing editor for Defense; Capability Lead for Array Processing, Roke Manor Research
    Jones leads the Array Processing group at Roke Manor Research, where he is also a senior consultant engineer. He has an exceptionally broad skill base encompassing sensing, communications, navigation and electronic warfare, and has particular specialist interest in GNSS adaptive antenna systems and direction-finding technology. He has detailed technical knowledge of adaptive antenna GPS systems and was jointly responsible for the development of a number of navigation protection systems using interference cancellation, adaptive beamforming and direction finding. His work is in service on a variety of MoD and DoD airborne platforms around the world. He specializes in the simulation, modeling and hardware implementation of advanced signal processing algorithms, and has led a number of FPGA and ASIC designs for radar, GPS and communications systems. He is also a Fellow of the Royal Institute of Navigation.

    Mikel Miller
    Vice President for PNT Technologies at Integrated Solutions for Systems (IS4S); Former U.S. Air Force Research Laboratory
    Miller is building a broad, multi-disciplinary research and development group at IS4S, focused on aspects of PNT and autonomous system science and technology. He began his career as a satellite systems engineer assigned with the U.S. Air Force, holding numerous test, research and development, and program management positions. After earning his Ph.D., he served as an assistant professor of electrical engineering at the Air Force Institute of Technology until his retirement from the Air Force as a lieutenant colonel in 2003. Most recently, he served as the chief scientist for PNT Technologies for the Air Force Research Lab Sensors Directorate. He has authored/co-authored more than 65 journal articles, technical papers and documents, as well as a NATO handbook on navigation technologies. He is a Fellow and past president of the Institute of Navigation (ION) and a past chairman of the Joint Service Data Exchange.

    Randy Villahermosa
    Executive Director, iLAB, The Aerospace Corporation
    Villahermosa will speak on research concepts in complementary PNT, including open-source frameworks and the potential role of signals-of-opportunity navigation.

     

    ____________________________________________________________________

    Alan Cameron, Moderator
    Editor-In-Chief and Publisher, GPS World
    Alan Cameron is editor-in-chief and publisher of GPS World magazine, where he has worked since 2000. He also writes the monthly GNSS Design & Test newsletter.

     

     

  • Spoofing in the Black Sea: What really happened?

    Spoofing in the Black Sea: What really happened?

    We’ve heard a lot in the news recently about GPS spoofing, mostly centred on the story of ship spoofing in the Black Sea. Between June 22-24, a number of ships in the Black Sea reported anomalies with their GPS-derived position, and found themselves apparently located at an airport.

    What happened is open to educated conjecture. In this column, I’ll briefly cover the history of spoofing, its basic techniques, some spoofing tests that we conducted, and then return to the infamous Black Sea incident.

    As part of my day-to-day work in navigation warfare, I do a fair amount of work in defensive anti-spoofing. Naturally, in order to test anti-spoof technology, it is necessary to also perform spoofing. It’s a delicate subject and, as with any topic involving defense or national security or critical infrastructure, there’s a balance to strike between responsible disclosure, how much information is released into the public domain, and so on.

    In this article, I will stick firmly to information available in the public domain, lest I be accused of proliferating the threat, but this still gives us enough material to tiptoe around the subject for the benefit of our readers. I could have included more details about the spoofing attacks, but was advised to hold some back — it makes governments nervous. You can read some of the background in an excellent article by Norwegian broadcaster NRK and a Resilient Navigation and Timing Foundation press release. Similar GPS anomalies still continue to occur at various locations.

    Let’s start with basic spoofing background, and we’ll return to the Black Sea incident at the end of the article.

    A brief history of spoofing

    Spoofing isn’t a new threat — it’s been around for decades. But only in recent years has it received so much public attention. As with jamming and anti-jamming technology, and most other topics in the GPS domain, spoofing finds its roots back in the days of Cold War radar. In those times, it was often known as “deception jamming,” where you would transmit fake radar returns to paint an incorrect picture on your adversary’s radar screen.

    When GPS came along, it was understood at the time that the C/A code would be vulnerable to spoofing. It’s an open code, so anyone is free to reproduce it. That is, after all, what a GPS simulator is: a GPS spoofer. We legitimately test our GPS receivers by fooling them with fake signals from a GPS simulator.

    Of course, this is precisely why legacy GPS satellites also transmit the military P(Y)-code, and continue to do so. The P-code offers improved accuracy, and some other benefits, but more importantly, it is modulated with the W encryption sequence to give us the encrypted P(Y)-code. Ever since the anti-spoofing module was set to the “on” state, unless you have the key, you are unable to directly spoof the P(Y)-code. (You can still perform a meaconing attack, though, where you simply record the transmitted satellite signals and retransmit them again. Although this kind of attack can’t be used to impose a particular scenario on a GPS receiver, it might still cause havoc in unwary receivers).

    So. in the early days it can be argued that the spoofing threat was solved. It wasn’t until GPS became ubiquitous in the commercial and civilian domain that spoofing really raised its head again. The fact that the vast majority of GPS receivers in the world relied solely on the unencrypted C/A code became a cause for concern — especially where those GPS receivers were essential to critical infrastructure.

    The threat of GPS spoofing was discussed at many conferences and behind many closed doors and, although most people agreed that spoofing was a theoretical threat, some people argued that in reality it was “simply too hard” to conduct a realistic spoofing attack. And therefore we should not worry ourselves about it.

    It wasn’t until a couple of high-profile demonstrations were carried out by the University of Texas Radionavigation Laboratory that spoofing became front-page news once again. In 2012, the lab staff carried out an exercise at White Sands Missile Range where a GPS-guided drone was spoofed from a distance. The drone was fooled into thinking its altitude was increasing, causing it to compensate by dropping straight down. Then in 2013, the same team demonstrated how an $80 million yacht could be steered off course by means of a spoofing attack.

    These exercises publicly demonstrated that spoofing was indeed a real threat, and could be done. But many people still believed that it was very hard to build the complex equipment necessary to perform the attack, and thus spoofing was out of reach for most potential criminals or terrorists.

    Fast forward another two or three years, to when a new mobile phone game appeared. Pokemon GO became the game craze of the moment, where players would travel around the country with their phones, getting points by collecting creatures in an augmented reality world. It didn’t take long for people to dream up new ways of earning points in the game, without having to go to the effort of traveling around the world.

    What if you could make your phone think it was somewhere else, without ever having to leave your bedroom? And thus, bizarrely, it was a mobile phone game that brought GPS spoofing into the mainstream.

    The rise of the low-cost software-defined radio (SDR) has enabled “spoofing for everyone.” Today, the tool of choice for the casual user is often the HackRF or bladeRF. Couple small SDRs that cost around $200 with open-source GPS simulation software, and you have a basic spoofer. Plenty of websites detail how to perform basic spoofing, and at hacker gatherings, people can present how they spoofed a drone. These may not be the most sophisticated setups, but it’s good enough to do the job in many cases. With a better setup, which I won’t describe here, it’s possible to achieve a much more realistic attack, which will fool even the most shrewd and wary GPS receivers.

    Spoofing basics

    Let’s take a quick look at what it means to spoof GPS. A receiver searches for a satellite over a two-dimensional surface to find a correlation peak, and it must examine a range of Doppler frequencies and code offsets. An example is shown in Figure 1. Once the receiver finds the peak, the satellite is acquired, and it will then track the satellite as it moves and can demodulate the navigation data message.

    When a spoofer comes along, it tries to recreate this peak. By doing so, and usually with little more power than the real satellites, the receiver will begin to track the spoofed signal. Once the spoofed signal is being tracked, the spoofer can begin to manipulate reality by slowly modifying the properties of the signal.

    Figure 1. GPS correlation surface. (Image: Michael Jones)

    A poor spoofer doesn’t always align itself very well with reality, which essentially creates a second peak on the correlation surface. But a gullible receiver can still be fooled by this, and may lock on to false peaks.

    The reality of spoofing and anti-spoofing

    To understand the reality of spoofing and anti-spoofing, we carried out outdoor experiments at one of the Roke Manor trials areas (thanks go to my colleague Mike Wells for letting me use some of his results here).

    In the first experiment (Figure 2), we spoof a commercially available mass-market receiver. The receiver is outside, reporting its correct location at Roke Manor. When we commence the spoofing attack, we are able to take control of the receiver. Once captured, we can then make the receiver appear to follow an arbitrary course. Here we make it wander off into the forest, spelling the word “roke” as it goes.

    Figure 2. Spoofed GPS receiver appears to follow a course, whilst in reality being stationary. (Image: Michael Jones)

    In the next experiment (Figure 3), we place a conventional anti-jam antenna (a CRPA) on the receiver. What we observe, as you might expect, is that the basic CRPA offers no protection against the spoofing attack.

    Figure 3. A GPS receiver is still successfully spoofed when protected by a conventional CRPA. (Image: Michael Jones)

    Now let’s make the experiment more interesting. We’ll move away from the basic commercial receiver, and replace it with a unit that contains not only a GPS receiver, but also a 3-axis accelerometer, 3-axis gyro, 3-axis magnetometer and a barometric sensor. An Extended Kalman Filter (EKF) performs an optimal fusion of the various sensors to yield the position solution.

    The result, when we again try our spoofing attack, is shown in Figure 4. In short, the receiver is still successfully spoofed, despite the additional sensor inputs it offers.

    Figure 4. A GPS receiver with integrated inertial sensors is still spoofed. (Image: Michael Jones)

    Before everyone gets too depressed by the ease at which GNSS, and even GNSS fused with other sensors, can be spoofed, there are answers to this problem. Some decent, modern GNSS receivers contain a whole host of algorithms for detecting and ignoring spoof signals. The issue is that many legacy receivers are still in the field, and these can be extremely vulnerable indeed.

    Another option is to use a more advanced CRPA, which offers anti-spoof capabilities. These adaptive antennas are able to correlate on the spoof signals, and then remove them based on direction of arrival. So, in our final experiment here, we use our commercial mass-market receiver again, and protect it with an anti-spoofing CRPA.

    The result is shown in Figure 5. You can see that the receiver is briefly spoofed, and starts to wander off course. When the anti-spoof is enabled and kicks in, the position quickly drifts back to the true location and stays there. Good job.

    Figure 5. With an anti-spoof CRPA, the GPS receiver detects the spoofer and quickly returns to its true location. (Image: Michael Jones)

    Back to the Black Sea

    Let’s finish by returning to the hot topic of the day. Did spoofing occur in the Black Sea back in June? Or was it a different form of interference? Could it have been a low-level jamming incident, causing the GPS receivers to report misleading information?

    Without resorting to SIGINT (signals intelligence) data, and basing this discussion solely on public domain information and anecdotal evidence, I would say this was almost certainly a spoofing incident. A number of factors lead to this conclusion, and I’ll share some of them.

    • Firstly, it didn’t happen to one ship – it happened to over 20 separate vessels. So it wasn’t a malfunctioning GPS unit; it was an external incident of some kind.
    • Secondly, a large number of ships in the area reported identical or very close locations. This is a symptom of a large-scale spoofing attack. If it was a low-level jamming attack, then any misleading positions reported by vessels would typically have some randomness to them.
    • Thirdly, ships reported that their positions would periodically “jump” from the true location to the incorrect location. Again, this is very typical behavior in some spoofing experiments: For various reasons, GPS receivers may temporarily lose lock on a spoof set of satellites, and then reacquire  the real ones, and vice versa. This causes the characteristic random flipping between two well-defined locations.

    If we accept that a GPS spoofing attack did occur, it brings us to the million-dollar question.

    Who did the spoofing, and why?

    What I’ll do here is a bit of a lightweight analysis exercise using public information and basic physics, and you can formulate your own conclusions.

    Let’s start by placing a ship, located in the Black Sea at 44°14.0’N 037°43.1E, which is the actual position of one of the reported spoofed vessels. For this example, I have placed a representative GPS antenna on the ship’s mast, with its antenna pattern shown.

    Figure 6. Victim ship in the Black Sea, with GPS antenna pattern shown. (Image: Michael Jones)

    To get a rough handle on the scenario, consider the possible propagation of the spoofing signal. As a first-order approximation, let’s assume a standard 4/3 Earth refraction model, with obstruction by terrain. That’s a reasonable assumption at this frequency: Any obscuration by terrain will block the spoof signal. Let’s also initially assume that our GPS antenna on the ship is mounted 38 meters above sea level, and our spoofing equipment is mounted on a mast 20 meters aboveground. From this information, we can plot a map of possible spoofer locations for this particular incident (Figure 7).

    Figure 7. Possible spoofing source locations. (Image: Michael Jones)

    The first thing we might conclude from this is that the spoofing indeed originates from Russian territory, close to the Black Sea coast. To spoof the ship from further afield would require a much higher antenna, or even an airborne antenna. Which, of course, is possible, but then we would also expect vessels over a much wider area to report interference.

    To me, it’s fairly conclusive that spoof GPS signals are being transmitted from this area, to make GPS receivers in the area think they are at an airport. The final question is: “Why would someone do this?” To answer this question, we must resort to educated speculation. Why would you want to spoof GPS receivers into thinking they are at an airport?

    There’s one explanation that fits very nicely: drone defense. Many drones, especially those operated by casual users, have geofencing rules that prevent flights over airports and other restricted areas. So, if you were trying to perform aerial surveillance of the Russian border, your drone may suddenly think it was over an airport, and take action accordingly. The action taken depends, of course, on how the drone is programmed, but often includes “land immediately” or “return to launch point.” Certainly some of the drones we operate will immediately attempt to land if they find themselves in restricted airspace.

    So if your drones are falling into the sea, you now have one idea why.

  • Orolia’s VersaPNT helps soldiers navigate battlefields without GPS

    Orolia’s VersaPNT helps soldiers navigate battlefields without GPS

    Orolia, through its Spectracom brand, has launched VersaPNT. VersaPNT provides virtually failsafe battlefield navigation, even in GPS-denied environments, to protect critical networks with Assured PNT technology, the company said.

    The new, ground, air or sea vehicle-mounted solution is designed for military environments, with a ruggedized, compact, low-power and lightweight form factor.

    Today, military vehicles are portable networks, providing seamless connections with U.S. headquarters, regional command posts and individual soldiers. Remote areas are challenging environments for military networks, and enemy forces are jamming, spoofing and disrupting operations.

    “VersaPNT provides continuous mission assurance and C4ISR support, even in hostile environments,” said Rohit Braggs, Orolia vice president, PNT networks and sources. “This innovative technology solution protects critical networks for complex military and homeland security land, air and sea operations.”

    Every minute counts on the battlefield, and VersaPNT provides critical decision support with real-time situational awareness to facilitate a rapid response, according to the company. This lifesaving technology can also help keep soldiers and civilians out of harm’s way, while ensuring continuous tracking of friendly and enemy forces.

    VersaPNT provides essential command and control, navigation, communication and electronic intelligence support for U.S. and allied military, homeland security, first responder, civilian agency, special operations and intelligence missions.

    Demonstrations are available at the AUSA Annual Meeting, Orolia Booth #2944.

  • Microsemi’s BlueSky GPS Firewall protects critical infrastructure

    Microsemi’s BlueSky GPS Firewall protects critical infrastructure

    Microsemi Corporation, a provider of semiconductor solutions, today announced its new approach to protecting critical infrastructure against GPS spoofing and jamming threats.

    The BlueSky GPS Firewall is designed to provide security protection for GPS-delivered position, navigation and timing (PNT) data. It can be deployed in-line between any standard GPS antenna and stationary GPS receiver to provide protection against GPS signal incidents, both intentional or accidental, before they enter a GPS receiver system.

    Microsemi is making BlueSky GPS Firewall Evaluation kits available in advance of its full production release, both in response to the growing number of GPS incidents and their potential threat to critical infrastructure, and to assist customers in rapid adoption.

    BlueSky GPS Firewall filters the GPS signal in real time, removing anomalies before the signal is consumed by the downstream GPS receiver. This creates an intelligent and secure barrier against jamming and spoofing, and prevents the GPS receiver from being impacted by such incidents.

    Deployment of the BlueSky GPS Firewall does not require any new cabling or alteration of the pre-existing antenna installation and is interoperable with standard GPS receivers. Additionally, the BlueSky GPS Firewall incorporates an Ethernet interface for remote management and monitoring and includes a secure web interface that any browser can use for configuration and set-up of the device.

    The BlueSky GPS Firewall includes a broad range of data validation rules based on real, live-sky GPS threats, both intentional and unintentional. Similar to network security threats, new GPS vulnerabilities are on the rise and Microsemi is continuously tracking GPS signal manipulation including spoofing threats, jamming attacks, multipath signal interference, atmospheric activity and many other issues that can create GPS signal anomalies, disruptions and outages.

    These advancements are incorporated into the software platform of the BlueSky GPS Firewall, which can be updated remotely using Microsemi’s TimePictra management system.

    GPS Dependency

    The dependency on PNT is increasingly important to critical infrastructure sectors such as telecommunications, energy, transportation, emergency services, financial services and enterprise infrastructure, and is mainly provided through GPS.

    “Worldwide critical infrastructure dependency on unprotected GPS receivers is a serious security risk. These receivers are susceptible to jamming and spoofing incidents and the industry recognizes this as an increasing threat,” said Randy Brudzinski, vice president and business unit manager of Microsemi’s Frequency and Time division. “The vast number of GPS systems already in operation means a significant investment would be required if every system was to be replaced. Microsemi’s BlueSky GPS Firewall is a cost-effective and easy-to-deploy solution to protect GPS without requiring replacement of deployed GPS systems.”

    Published best-practice documents by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) describe steps that can be taken to mitigate outages and disruptions with GPS reception. In alignment with these documents, Microsemi’s new BlueSky GPS Firewall provides critical infrastructure sectors with a first line of defense against GPS threats to help build out a secure, robust and resilient PNT platform for their infrastructures.

    According to the 2017 GNSS Market Report, Issue 5, by the European GNSS Agency, professional market segments such as maritime, rail, telecom/utility/enterprise, surveying, aviation, agriculture and drones which use GNSS devices to operate their infrastructures, enable billions of people globally to benefit from them on a day-to-day basis—whether by enjoying the produce of sustainable and cost-effective agriculture, by using efficiently coordinated transport networks, or by leveraging on GNSS-synchronized telecommunications networks. The total installed base of GNSS devices in these professional segments was estimated at 14.4 million units in 2015 and is expected to grow to 97.8 million units by 2025.

  • Comtech contracted by U.S. Army to sustain Blue Force Tracking

    Comtech contracted by U.S. Army to sustain Blue Force Tracking

    Comtech Telecommunications Corp.‘s Command & Control Technologies group — part of Comtech’s Government Solutions segment — has been awarded contract modifications totaling $4.2 million.

    The contract modifications are part of a five-year sustainment support contract for the U.S. Army’s Project Manager Mission Command (PM MC) Blue Force Tracking (BFT-1) program.

    BFT-1 is a battle command, real-time situational awareness and control system. Under the five-year BFT-1 sustainment contract, Comtech performs engineering services, satellite network operations and program management.

    A U.S. soldier preparing his Blue Force Tracker before departing Camp Victory, Iraq in 2005.
    (Photo: Petty Officer 1st Class Brien Aho, U.S. Navy)

    Comtech continues to perform engineering services, satellite network operations and program management through a Firm Fixed Price (FFP) contract with Time & Materials (T&M) and Cost Reimbursement elements. The base performance period began April 15, 2017 and ends April 14, 2018, and the contract provides for four twelve-month option periods exercisable by GSA.

    Of this amount, $3 million was received during its fourth quarter of fiscal 2017 and $1.2 million was received during its first quarter of fiscal 2018. This additional funding applies to the original award in April 2017, which today totals $7.7 million of the total potential value of the base year. These modifications fulfilled the government’s obligation to fund the Firm Fixed Price (FFP) portion of the contract.

    “We are pleased that our Army customer recognizes the value of Comtech’s services,” said Fred Kornberg, president and CEO of Comtech Telecommunications Corp. “Comtech is committed to providing the Army and its soldiers with the highest level of support to enable them to complete their missions.”

    Blue Force Tracking systems consist of a computer, used to display location information, a satellite terminal and satellite antenna, used to transmit location and other military data, a GPS receiver (to determine its own position), command-and-control software (to send and receive orders, and many other battlefield support functions) and mapping software, usually in the form of a geographic information system (GIS) that plots the BFT device on a map.

    The system displays the location of the host vehicle on the computer’s terrain-map display, along with the locations of other platforms (friendly in blue, and enemy in red) in their respective locations.

    BFT can also be used to send and receive text and imagery messages, and Blue Force Tracking has a mechanism for reporting the locations of enemy forces and other battlefield conditions (for example, the location of mine fields, battlefield obstacles or bridges that are damaged.)

    The Command & Control Technologies group is a provider of mission-critical, highly-mobile C4ISR solutions. Comtech Telecommunications Corp. designs, develops, produces and markets innovative products, systems and services for advanced communications solutions. The Company sells products to a diverse customer base in the global commercial and government communications markets.