Category: Uncategorized

  • Sensors in Motion Launches MEMS-Based Inertial Nav System

    Sensors in Motion Launches MEMS-Based Inertial Nav System

    SIM-MEMs-based-Inertial-Navigation-System-W
    Photo: SIM

    Sensors in Motion (SIM) has introduced  a MEMS (micro-electro-mechanical) navigation-grade inertial system (INS) that it says could transform the $8 billion/year inertial market with new products by offering price and performance specifications better than those currently available.

    The first INS devices have been delivered to the Army CERDEC Night Vision Electronic Sensors Directorate (NVESD).

    SIM, a spinout from NASA’s Jet Propulsion Laboratory and California Institute of Technology, is developing a family of high-accuracy MEMS gyroscopes, accelerometers and inertial measurement unit ( IMU) solutions. It says it has perfected unique MEMS structures using volume silicon wafer processing techniques to produce gyroscopes having ARW (angle random walk) less than 0.0035 degree/root-hour and bias instability less than 0.01 degree/hour with extraordinary vibration and temperature immunity, a performance comparable to ring laser (RLG) and fiber optic (FOG) gyros that are 20 times larger and 100 times more expensive.

    These features are mandatory for numerous applications where location is not available from GPS or vehicle position accuracy is required including autonomous vehicles, drones, mining asset tracking, dead reckoning, agricultural seed placement, oil and gas directional drilling, self-driving autos, firefighter navigation, optical image stabilization, industrial equipment azimuth, aerospace and defense products and most GPS-denied environments, in addition to new applications.

    Current devices would have a vehicle position off as much as 1 foot per second at 45 miles per hour.

    “We see this technology opening an additional $2B sensor market needing size, weight, power, cost and performance that does not exist today. “ said David Smukowski, CEO of SIM.

    With adequate resources the company says further performance gains are possible, even while shrinking the devices smaller for better economics.

  • BeiDou, Dead Reckoning Added to SiRFstarV 5ea Auto Platform

    CSR plc has released significant upgrades for the SiRFstarV 5ea automotive-grade quad-GNSS location platform. Support has been added for concurrent use of GPS and BeiDou (BDS) satellite constellations, along with major updates to the SiRFDRive software dead-reckoning algorithms. Together, these upgrades ensure that SiRFstarV 5ea offers improved automotive positioning performance meeting the requirements of OEMs across the globe.

    CSR is being acquired by Qualcomm, with the transaction expected to close by the end of the summer of 2015.

    By adding support for China’s BDS constellation to SiRFstarV 5ea’s existing GPS and GLONASS capabilities, the new software offers automotive OEMs the flexibility to perform concurrent GPS and GLONASS or GPS and BDS operations. The new BDS capability provides OEMs the opportunity to market their products to regions where BDS support is mandated and also exploit the benefits of the BDS satellite constellation which is now fully operational over China and surrounding countries. The SiRFstarV 5ea platform, which is optimized and certified for the strict requirements and life cycles of the automotive industry, is also Galileo-ready through future software upgrades.

    “Automotive OEMs from around the globe all have something to gain from the new additions to our cutting-edge SiRFstarV 5ea automotive location platform,” Anthony Murray, senior vice president, Business Group, at CSR, said. “Tier Ones and OEMs are looking to develop global platforms that can be easily configured to meet regional requirements and preferences, while Asian car manufacturers in particular have been calling for simultaneous GPS and BDS support to meet regional market needs for BDS support.”

    SiRFDRive for SiRFstarV 5ea now also includes CSR’s latest dead reckoning algorithms that work alongside concurrent GPS and GLONASS operations. The combination of increased satellite visibility and the latest dead-reckoning algorithms improves the overall performance in challenging environments such as Chicago and Tokyo by a factor of two.

    “Many Tier Ones are looking for more complete dead reckoning solutions to simplify the design process and accelerate time to market. SiRFDRive is a state-of-the-art plug-and-play solution that covers a range of end products spanning from low to high end telematics and navigation systems,” continued Murray.

    SiRFstarV 5ea is designed for automotive market AEC-Q100 qualification requirements as a standalone location engine platform. The platform provides automotive Tier One suppliers and OEMs around the world with continuous, highly accurate positioning capabilities for the next generation of in-dash navigation and telematics applications in cars, trucks and other moveable assets requiring automotive-qualified devices.

    Updated SiRFstarV 5ea evaluation kits are available now, and the SiRFstarV 5ea platform is ready for immediate integration into next generation infotainment and telematics products.

    CSR provides the following video describing SiRFDrive.

  • Denso Tests Autonomous Cars on Japan Roads

    Denso Tests Autonomous Cars on Japan Roads

    Denso-drive-test-c

    Denso Corp. began testing advanced driving support technology on a public road in Aichi Prefecture, Japan, this past June. Denso is testing automated driving scenarios in a single lane and testing automatic lane changes, as well as other driving maneuvers. Denso’s goal is to develop technologies that reduce driver workload and assist in safe driving.

    Previously, Denso tested this technology on its test course in Japan. Denso’s goal with public road testing is to identify, analyze, and solve real-life problems that don’t occur on the test course.

    Denso is conducting the field tests as part of activities led by the Vehicle Safety Technology Project Team to reduce traffic accidents. The project team is organized by the Aichi prefectural government and involves companies and organizations operating in the prefecture.

    Denso has been developing its advanced driving assistance technology to achieve safer and more reliable driving while the driver remains in control of the vehicle. Development and commercialization of this technology will help prevent traffic accidents and contribute to increasing safety of our automotive society.

    Denso Corporation, headquartered in Kariya, Aichi prefecture, Japan, is a global automotive supplier of advanced technology, systems and components in the areas of thermal, powertrain control, electronics and information and safety. Its customers include all the world’s major carmakers.

    Testing involves automated driving on a single lane.
    Testing involves automated driving on a single lane.
    Automatic lane changes are also being tested.
    Automatic lane changes are also being tested.
  • DARPA Seeks Ideas for UAS Aircraft Carrier in the Sky

    The Defense Advanced Research Projects Agency (DARPA) is asking for input on how to launch and recover multiple small unmanned air systems (UAS) from existing large aircraft, such as the C-130. It has issued a Request for Information (RFI) seeking technical, security and business insights on “aircraft carriers in the sky.”

    In DARPA’s “blended approach,” a large aircraft would host a small UAS and facilitate its operations. The agency says it would be more cost-effective for intelligence, surveillance, reconnaissance (ISR) and other missions.

    Safety is another key aspect of the project. While small UAS can reduce putting an aircraft or pilot at risk, DARPA says it may lack the speed, range and endurance of larger aircraft.

    “We want to find ways to make smaller aircraft more effective, and one promising idea is enabling existing large aircraft, with minimal modification, to become ‘aircraft carriers in the sky,’” said Dan Patt, DARPA program manager. “We envision innovative launch and recovery concepts for new UAS designs that would couple with recent advances in small payload design and collaborative technologies.”

    The RFI is calling for short responses — no more than eight pages — that must address the following three areas:

    1. System-level technologies and concepts that would enable low-cost reusable small UAS platforms and airborne launch and recovery systems that would require minimal modification of existing large aircraft types. This area includes modeling and simulation as well as feasibility analysis, including substantiating preliminary data if available.
    2. Potentially high-payoff operational concepts and mission applications for distributed airborne capabilities and architectures, as well as relative capability and affordability compared to conventional approaches (e.g., monolithic aircraft and payloads or missile-based approaches). DARPA hopes to leverage significant investments in the area of precision relative navigation, which seeks to enable extremely coordinated flight activities among aircraft, as well as recent and ongoing development of small payloads (100 pounds or less).
    3. Proposed plans for achieving full-system flight demonstrations within four years, to assist in planning for a potential future DARPA program. DARPA is interested not only in what system functionality such plans could reasonably achieve within that timeframe, but also how to best demonstrate this functionality to potential users and transition partners. These notional plans should include rough order-of-magnitude (ROM) cost and schedule information, as well as interim risk reduction and demonstration events to evaluate program progress and validate system feasibility and interim capabilities.

    According to a news release by DARPA, technology development beyond the three areas will be considered if it supports the RFI’s goals.

    Proposals are due by 4 p.m. ET on Nov. 26, 2014, to [email protected].

  • Dark-Matter Detectives: the Clocks Aboard GPS Satellites

    “Networks of correlated atomic clocks, some of them already in existence, such as the Global Positioning System, can be used as a powerful tool to search for topological defect dark matter, thus providing another important fundamental physics application for the ever-improving accuracy of atomic clocks,” write physicists Andrei Derevianko and Maxim Pospelov in the current issue of Nature Physics journal.

    Derevianko teaches at the University of Nevada, Reno, and Pospelov at the University of Victoria and the Perimeter Institute for Theoretical Physics in Canada. Derevianko and Geoff Blewitt, director of the Nevada Geodetic Laboratory at the University of Nevada, Reno are testing this dark-matter detection theory by analyzing clock data from atomic clocks aboard GPS satellites, searching for instances where initially synchronized clocks might have become desynchronized. They expect time discrepancies between spatially separated clocks to exhibit a distinct signature, one that may reveal the nature of spatial dark matter.

    The Geodetic Lab developed and maintains the largest GPS data processing center in the world, according to a University of Nevada statement, able to process information from about 12,000 stations around the globe continuously, 24/7.

    “We know the dark matter must be there,” explains Blewitt, “because it is seen to bend light around galaxies, but we have no evidence as to what it might be made of. If the dark matter were not there, the normal matter that we know about would not be sufficient to bend the light as much as it does. That’s just one of the ways scientists know there is a massive amount of dark matter somewhere out there in the galaxy. One possibility is that the dark matter in this gas might not be made out of particles like normal matter, but of macroscopic imperfections in the fabric of space-time.”

     

    Blewitt was featured in the May 2009 issue of GPS World as a “GNSS Leader to Watch” and co-authored “The Effect of Weather Fronts on GPS Measurements,” the Innovation column of the May 1998 issue. Blewitt also gave a presentation on the topic at IGS Workshop 2014, held June 23-27 in Pasadena, Calif.

    “Despite solid observational evidence for the existence of dark matter, its nature remains a mystery,” said Derevianko. “Some research programs in particle physics assume that dark matter is composed of heavy-particle-like matter. This assumption may not hold true, and significant interest exists for alternatives.

    “Modern physics and cosmology fail dramatically in that they can only explain 5 percent of mass and energy in the universe in the form of ordinary matter, but the rest is a mystery.”

    Scientific evidence reportedly shows that dark energy constitutes about 68 percent of the mystery mass and energy. The remaining 27 percent may be dark matter, though it has never been detected or measured.

    “Our research pursues the idea that dark matter may be organized as a large gas-like collection of topological defects, or energy cracks,” Derevianko added. “We propose to detect the defects, the dark matter, as they sweep through us with a network of sensitive atomic clocks. The idea is, where the clocks go out of synchronization, we would know that dark matter, the topological defect, has passed by. In fact, we envision using the GPS constellation as the largest human-built dark-matter detector.”

  • GPS Reflections Group Honored with Water Prize

    The GPS Reflections Group of University of Colorado-Boulder has been awarded the prestigious Prince Sultan Bin Abdulaziz International Creativity Prize for Water. The prize is awarded biannually to acknowledge innovative work that contributes to the sustainable availability of water and the alleviation of the global problem of water scarcity.

    The awards will be presented in a ceremony in Riyadh, Saudi Arabia, on December 16, concurrently with the 6th International Conference on Water Resources and Arid Environments (ICWRAE 6), December 16-18, 2014.

    Professors Kristine Larson and Eric Small developed a new method to measure water at the Earth’s surface. The research team discovered that standard geodetic GPS instruments are sensitive to hydrological influences. They subsequently developed a cost-effective technique, GPS Interferometric Reflectometry (GPS-IR), to measure soil moisture, snow depth, and vegetation water content around GPS antennas. GPS-IR has the advantage of relying on an existing GPS infrastructure installed by surveyors and geoscientists that covers an increasingly large portion of the global surface.

    Larson has written for GPS World magazine (see Innovation: How Deep Is That White Stuff?), and her team’s sea-level work has been reported here before.

    Larson and Small collaborated with scientists at the University Corporation for Atmospheric Research and the National Atmospheric and Oceanic Administration, also in Boulder.

    The team uses the GPS-IR technique to analyze data streams from existing GPS networks in near real-time. Data from hundreds of operational GPS sites are downloaded and processed, yielding estimates of hydrologic variables within 24 hours.

    Scientists and government agencies can access this information at the team’s web portal and use the data to improve monitoring and forecasting of hydrologic variables.

  • Report Looks at China, Global GNSS Industry over a Decade

    A new market research report by WhaTech examines the global and Chinese GNSS industry, covering the decade 2009-2019. The report “Discover latest trends in Global and Chinese GNSS system industry, 2009-2019” analyzes quantitatively the global and Chinese GNSS market of 2009-2014 by calculating the main economic parameters of each company. The data is broken down by company, country, and application. The report also estimates future market development in the coming period of 2014-2019.

    In its first segment, the report reviews basic GNSS information including its classification, application and manufacturing technology. It then explores top global and Chinese manufacturers of GNSS systems, listing their product specification, capacity, production value, and market share. The report then analyzes the upstream raw materials, downstream clients, and current market dynamics of the GNSS industry.

    The report concludes with proposals for a new GNSS industry project before evaluating its feasibility. Overall, the report provides an in-depth insight to the global and China GNSS industry covering important parameters, according to WhaTech.

    Table Of Contents

    Chapter One: Introduction of GNSS System Industry

    Chapter Two: Manufacturing Technology of GNSS System

    Chapter Three: Analysis of Global Key Manufacturers (Including Company Profile, Product Specification, 2009-2014 Production Information etc.)

    Chapter Four: 2009-2014 Global and China Market of GNSS System

    Chapter Five: Market Status of GNSS System Industry

    Chapter Six: Market Forecast of 2014-2019 Global and China GNSS System Industry

    Chapter Seven: Analysis of GNSS System Industry Chain

    Chapter Eight: Global and China Economic Impact on GNSS System Industry

    Chapter Nine: Market Dynamics and Policy of GNSS System Industry

    Chapter Ten: Proposals for New Project

     

  • Satellite Images Shed Light on Impact of Syrian Conflict

    Syria-remote-sensing-night-light

    The ongoing Syrian crisis, which broke out in April 2011, has been a severe humanitarian disaster, with more than 190,000 deaths since the start of the conflict. However, evaluating the ongoing crisis in Syria is challenging, because reliable and comprehensive witness reports are hard to gather in a warzone. Therefore, satellite images, as one of the few sources of objective information, are potentially of great importance.

    In their recent study published in International Journal of Remote Sensing, Xi Li and Deren Li analyzed the effect of the Syrian crisis on levels of night-time light as a means of evaluating and monitoring the conflict. By comparing the levels of light in March 2011 and February 2014 (see Figure 1), they found that in all of the provinces, the levels of night-time light had declined sharply following the breakout of the conflict. Indeed, in most provinces, the level of night-time light decreased by more than 60 percent.

    Notably, the authors also found that the number of internally displaced persons (IDPs) from each province showed a linear correlation with the level of night-light loss. This relationship between the number of displaced persons and the drop in night-time light levels may allow for the quantitative estimation of the number of IDPs from other areas of conflict, such as Iraq, where the activities of Islamic State are causing significant civil unrest.

    To find out more, access the full article online, free of charge.

  • Trimble Releases SketchUp 2015 for Intuitive Information Modeling Process

    Trimble V10 Export to SketchUp
    Trimble V10 Export to SketchUp.

    Trimble has released SketchUp 2015, the latest version of its 3D modeling software for architects, engineers, design and construction professionals. The release marks Trimble’s second update to the SketchUp software this year and underscores the company’s continued focus on enhancing the platform to make SketchUp faster, more user-friendly and reliable, Trimble said.

    The announcement was made at Trimble Dimensions.

    With a SketchUp user community expanding by more 30 million unique activations in the past year, enhancements to SketchUp 2015 have been designed to deepen and enrich the user experience, while keeping it intuitive. New features make it easier and faster to create, access, share and collaborate on 2D drawings and 3D models, Trimble said.

    SketchUp 2015 offers 64-bit support for Windows or Mac, while IFC file import capabilities allows back-and-forth sharing of IFC files between SketchUp Pro and any other application.

    “For the second release of SketchUp this year, we set out to make enhancements to the platform that might seem simple, but go a long way toward making SketchUp more enjoyable and impactful for our user community,” said John Bacus, director of SketchUp product management at Trimble. “For example, as interoperability continues to be the cornerstone of collaboration among architecture, engineering and construction professionals, the IFC file import is an important addition because it opens up the options for professionals to participate in the information modeling process, sharing files with ease, regardless of the software program.”

    Fast, Flexible and Powerful

    • 64-bit Support: In addition to continued support for 32-bit systems, SketchUp Pro 2015 is available in a 64-bit version for Windows and Mac. Trimble also now offers cross-platform support for all licenses, along with cloud-based license management and checkout capabilities for network licenses.
    • IFC Import: In addition to export, SketchUp Pro users can now share models between Building Information Modeling (BIM) tools and apply industry standard types that stay with the model as it travels with SketchUp 2015’s new IFC file import.
    • Ruby API and Extension Warehouse Enhancements: A variety of improvements to SketchUp’s Ruby API (application programming interface) and to the Extension Warehouse of SketchUp plug-ins and add-ons makes it easier than ever for developers to build and share great new tools. Developers can now access and modify information modeling classifications via the Ruby API.
    • Faster Core: Models render faster with core modeling performance improvements including faster explode, intersect and Fast Styles.

    More Easy-to-Use Tools

    • Professional Drafting: Using SketchUp’s LayOut 2D drawing and documentation tool, users can manage drawings more easily and display more data from their information models, applying object classifications in SketchUp and easily accessing that info in LayOut using an enhanced annotation tool.  
    • Modeling Tools: With the addition of a 3-point Arc tool, users can now draw arced edges four different ways. A new Rotated Rectangle tool allows for drawing precise rectangles unbound by default axes.
    • Expanded 3D Warehouse: New models of popular brand-name building products are added to 3D Warehouse every day, greatly expanding SketchUp’s free content offering. With over 2.5 million models, 3D Warehouse offers SketchUp users a vast array of free models to choose from. A new “Likes” feature lets users tell the world when they’ve found a great model.  

    SketchUp 2015 also facilitates collaboration with data and files from other Trimble products.

    • As a “Trimble Connected” product, SketchUp Pro 2015 leverages the new Trimble Connect collaboration environment for design, engineering and construction projects. Based on recently acquired Gehry Technologies’ GTeam™ software, Trimble Connect enables teams to access and manage project data via a cloud platform. A Trimble Connect extension is available in the Extension Warehouse.
    • SketchUp Pro 2015 also supports 3D CAD and BIM services for mechanical, electrical and plumbing (MEP) contractors through the new Trimble MEPdesigner for SketchUp platform, which enables contractors to quickly and easily migrate from a 2D to 3D work environment.  
    • Calibrated panoramic photos can be loaded directly into SketchUp 2015 from the Trimble V10 Imaging Rover to quickly model as-built conditions.

    Every SketchUp 2015 download starts with a 30-day trial of Pro features. Pro licenses can be used on a Mac or a PC.

  • GNSS Lies, GNSS Truth

    GNSS Lies, GNSS Truth

    whiterose_fromthumphreys_opener
    Photo: Mark L. Psiaki, Brady W. O’Hanlon, Steven P. Powell, Jahshan A. Bhatti, Todd E. Humphreys, and Andrew Schofield

    Spoofing Detection with Two-Antenna Differential Carrier Phase

    By Mark L. Psiaki, Brady W. O’Hanlon, Steven P. Powell, Jahshan A. Bhatti, Todd E. Humphreys, and Andrew Schofield

    A new method detects spoofing attacks that are resistant to standard RAIM technique and can sense an attack in a fraction of a second without external aiding. The signal-in-space properties used to detect spoofing are the relationships of the signal arrival directions to the vector that points from one antenna to the other. A real-time implementation succeeded against live-signal spoofing attacks aboard a superyacht, the White Rose of Drachs shown above, cruising in international waters.

    Read more about “Red Team, White Team, Blue Team” below.

    Concerns about spoofing of open-service GNSS signals inspired early work on simple receiver-autonomous integrity monitoring (RAIM) methods based on the consistency of the navigation solution. Work on new classes of defense techniques began in earnest after the demonstration of a powerful spoofer that is undetectfable by simple pseudorange-based RAIM methods. There has been a sense of urgency to solve the spoofing problem since the Iranians captured a classified U.S. drone in 2011 and made unsubstantiated claims to have spoofed its GPS. Two dramatic field demonstrations of the spoofer developed by author Humphreys and colleagues at the University of Texas, Austin, heightened interest in spoofing detection: one involved deception of a small airborne unmanned autonomous vehicle (UAV), causing it to dive towards the ground; another sent a superyacht off course without raising any alarms on its bridge.

    One class of spoofing detection methods uses encrypted signals, their known relationships to the open-service signals, and after-the-fact availability of encryption information. Such techniques require a high-bandwidth communication link between the potential victim of a spoofing attack and a trusted source of after-the-fact encryption information, and may involve significant latency between attack and detection.

    Another class of methods uses advanced RAIM-type techniques. Instead of considering only pseudorange consistency, these RAIM techniques examine additional signal characteristics such as absolute power levels, distortion of the PRN code correlation function along the early/late axis, the possible existence of multiple distinct correlation peaks in signal-acquisition-type calculations, and other signal or receiver characteristics. Such methods are relatively simple to implement because they do not require much additional hardware, if any, but some of these strategies can have trouble distinguishing between multipath and spoofing or between jamming and spoofing.

    A third class proposes the addition of Navigation Message Authentication bits. These are encrypted parts of the low-rate navigation data message. Such techniques require modification of the navigation data message and can allow long latencies between the onset of a spoofing attack and its detection. 

    A fourth class exploits the differing signal-in-space geometry of spoofed signals in comparison to true GNSS signals. All spoofed signals typically arrive from the same direction, but true signals arrive from a multiplicity of directions. Some of these methods use receiver antenna motion to achieve direction-of-arrival sensitivity. Others use an array of two or more receiver antennas. 

    The most powerful of these detection strategies exploit models of the effects on carrier-phase data of antenna motion or antenna-array geometry. This knowledge may be partial because an unknown antenna-array attitude may need to be determined as part of the detection calculation. Their power derives from the high degree of accuracy with which a typical GNSS receiver can measure beat carrier phase.

    Goals. This research follows on moving-antenna/carrier-phase-based spoofing detection work. One of our goals has been to remove the necessity for moving parts by using two antennas and processing their carrier-phase data. 

    A second goal has been to achieve real-time operation. An earlier prototype moving-antenna system (see “GNSS Spoofing Detection,” GPS World, June 2013) used post-processing and completed its spoofing detection calculations days or weeks after the recording of wide-band RF data during live-signal attacks. 

    A third goal has been to test this system against actual live-signal spoofing attacks to prove its real-time capabilities and evaluate its performance during the two phases of an attack: the initial signal capture and the post-capture drag-off to erroneous position and timing fixes.

    Two-Antenna System Architecture

    The system consists of two GNSS patch antennas, GPS receiver hardware and software, and spoofing detection signal-processing hardware and software. Figure 1 shows two versions. The left-hand version connects its two patch antennas to an RF switch. The single analog RF output of the switch is input to a GNSS receiver that is standard in all respects, except for two features. First, it controls the RF switch or, at least, has access to the switching times. Second, it employs a specialized phase-locked loop (PLL) that can track the beat carrier phase of a given signal through the phase jumps that occur at the switching times. The right-hand version connects each antenna to an independent GPS receiver, likely connected to a common reference oscillator.

    Figure 1. Two configurations:, the RF-switched-signal/single-receiver configuration (left) and the two-receiver configuration (right).
    Figure 1. Two configurations:, the RF-switched-signal/single-receiver configuration (left) and the two-receiver configuration (right).

    The last element of each system is a spoofing detection signal-processing unit. Its inputs are the single-differenced beat carrier phases of all tracked signals, with differences taken between the two antennas. In the switched antenna system, each difference is deduced by the specialized PLL. In the two-receiver system, the single-differences are calculated explicitly from each receiver’s beat carrier-phase observables.

    Except for the final spoofing detection unit, the two-receiver system on the right-hand side of Figure 1 is already available commercially. Typical applications are CDGPS-based attitude/heading determination. Thus, this is the easiest version to implement.

    This system could include more than two antennas. A multi-antenna system could have a dedicated RF front-end and a dedicated set of receiver channels for each antenna, as on the right of Figure 1. Alternatively, a multi-antenna system could include an RF switch between any one of the multiple antennas at the command of the receiver. The latter design would entail a slight modification to the specialized PLL to track multiple independent phase jumps for the independent antenna switches.

    Principles. The principles used to detect spoofing can be understood by considering and comparing the signal-in-space and antenna geometries shown in Figure 2, the two-antenna system and three GNSS satellites for a typical non-spoofed case, and Figure 3, a spoofed case. The salient difference is that the different GNSS signals arrive from different directions for the non-spoofed case, namely rs and rs-2 . They all arrive from the same direction, the direction of the spoofer rs-sp, for the spoofed case. For detection purposes, the important geometric feature is the projection of each direction of arrival onto the known separation vector between the two antennas, bBA. This projection has a direct effect on the beat carrier-phase difference between the two antennas. In the non-spoofed case, this effect will vary between the different received signals in ways consistent with the attitude of the vector. In the spoofed case, all of these carrier-phase differences will be identical. The spoofing detection algorithm decides between two hypotheses about the carrier-phase differences, one conjecturing a diversity consistent with authentic signals and the other conjecturing the sameness that is characteristic of spoofed signals.

    Figure 2. Geometry of two-antenna spoofing detection system and GNSS satellites for non-spoofed case.
    Figure 2. Geometry of two-antenna spoofing detection system and GNSS satellites for non-spoofed case.
    Figure 3. Spoofed-case geometry of two-antenna spoofing detection system and GNSS spoofer.
    Figure 3. Spoofed-case geometry of two-antenna spoofing detection system and GNSS spoofer.

    Hypothesis Test

    The PDF paper on which this article is based presents the non-spoofed and spoofed signal models that form the basis of a hypothesis test, develops optimal estimation algorithms that fit the observed differential beat carrier phases to the two models, and shows how these estimates and their associated fit error costs can be used to develop a sensible spoofing detection hypothesis test. Download the PDF here.

    Offline and Live-Signal Testing

    We tested a prototype version of the two-antenna system as depicted on the righthand side of Figure 1. The antennas connect to two independent RF front-ends that run off of the same reference oscillator. These RF front-ends provide input to two independent receivers that track each signal using a delay-lock loop (DLL) and a PLL. Figures 4 and 5 show system elements: two GPS patch antennas mounted on a single ground plane with a spacing of 0.14 meters, two RF front-ends — universal software radio peripherals (USRPs) — with a common ovenized crystal oscillator. Digital signal-processing functions are implemented in real-time software radio receivers (SWRX) running in parallel on a Linux laptop, written in C++. Spoofing detection calculations are performed on the same laptop using algorithms encoded in Matlab.

    Figure 4. The two antennas of the prototype spoofing detection system mounted on a common ground plane.
    Figure 4. The two antennas of the prototype spoofing detection system mounted on a common ground plane.
    Figure 5. Signal processing hardware of the prototype spoofing detection system.
    Figure 5. Signal processing hardware of the prototype spoofing detection system.

    A key feature of this architecture is the ability of its real-time software radios’ C++ code to call the spoofing detector’s Matlab tic function and to pass carrier-phase and other relevant data to the tic function. This feature served to shorten the implementation and test cycle for the prototype system by eliminating the need to translate the original Matlab versions of the spoofing detection algorithms into C++. This enabled rapid re-tuning and redesign of the spoofing detection calculations, exploited during the course of live-signal testing.

    The Matlab package displays real-time signal authentication information. Figure 6 shows the version of the display used for this study’s culminating live-signal tests. All displays are updated in real time. The upper left, upper right, and lower left plots scroll along their horizontal time axes to keep the most recent 4.5 minutes of data available. The lower right compass updates each time a new spoofing detection calculation is performed. The green dots in the upper left plot indicate that the time between spoofing detections, Δtspf  , is nominally 1 second, though sometimes the gap is longer due to lack of a sufficient number of validated single-differenced carrier phases to carry out the calculation. Thus, the nominal update time for all of the plots in this display is 1 second. Faster updates are possible with the Matlab software, but Δtspf was deemed sufficiently fast for this study’s experiments.

    The most important panel in Figure 6 is the upper left spoofing detection statistic time history. The magenta plus signs on the plot show the spoofing detection threshold chosen for this case, γth. The computed γ values are plotted as green o’s if they lie above γth and as red asterisks if they lie below. If γ is above γth, the message “GPS Signals Authenticated” is displayed on the plot; if below, the message switches to the spoofing alert: “GPS SPOOFING ATTACK DETECTED!” 

    Figure 6. Spoofing detector real-time display. Clockwise from top left: the spoofing detection statistic time history γ(t); four diagnostic time histories that include time histories of the number of satellites used for spoofing detection L(t) (blue asterisks), their corresponding GDOP(t) values (magenta o’s), the time increment between spoofing detection tests Δtspf(t) (green dots), and the compass heading ψ(t) as determined from the two-antenna non-spoofed-case solution (black dots); Compass display; and time history of GPS PRN number availability.
    Figure 6. Spoofing detector real-time display. Clockwise from top left: the spoofing detection statistic time history γ(t); four diagnostic time histories that include time histories of the number of satellites used for spoofing detection L(t) (blue asterisks), their corresponding GDOP(t) values (magenta o’s), the time increment between spoofing detection tests Δtspf(t) (green dots), and the compass heading ψ(t) as determined from the two-antenna non-spoofed-case solution (black dots); Compass display; and time history of GPS PRN number availability.

    The other three panels proved helpful in diagnosing system performance. A low L value (near 4) or a high GDOP value in the upper right panel indicated poorer reliability of the spoofing detection calculations. A correct compass heading in the absence of spoofing provided a check on the system. During spoofing attacks, the compass heading became jumpy, thereby providing another possible indicator of inauthentic signals.

    The vertical scale of the lower left panel lists the possible GPS PRN numbers. The presence of a green or red dot at the level corresponding to a given PRN number indicates that one or both receivers is seeing something from that satellite at the corresponding time. If the dot is red, then the returned data are incomplete or are deemed to be insufficiently validated for use in the spoofing detection calculation. If the dot is green, then the data from that PRN have been used in the detection that has been carried out at that time.

    Another feature of the prototype spoofing detection system is its ability to record the wide-band RF data from its two antennas. For each spoofing scenario, the raw samples from both USRPs were recorded while the real-time software receiver was performing its signal-processing operations and while the real-time spoofing detector was doing its calculations. These recorded data streams will allow off-line analysis and testing of a re-tuned or completely redesigned spoofing detection system.

    Red Team Receiver/Spoofer. The UT Austin spoofer’s attack strategy overlays the spoofed signal on top of the true signals, ramps up the power to capture the receiver tracking loops, and finally drags the pseudorange, beat carrier phase, and carrier Doppler shift off from their true values to spoofed values. Figure 7 shows the pseudorange part of a spoofing attack: cross-correlation of the receiver’s PRN code replica with the total received signal (blue solid curve); the receiver’s early, prompt, and late correlations (red dots); and the spoofer signal (black dash-dotted curve). In the top plot, the spoofer has zero power, and the receiver sees only the true signal. The second and third plots show the spoofer ramping up its power while maintaining its false signal in alignment with the true signal. The spoofer power in the middle/third plot is sufficient to capture control of the three red dots of the receiver’s DLL. In the fourth and fifth plots, the spoofer initiates and continues a pseudorange drag-off, an intentional falsification of the pseudorange as measured by the victim receiver’s DLL.

    Figure 7. Receiver/spoofer attack sequence as viewed from a channel’s code offset cross-correlation function. Spoofer signal: black dash-dotted curve; sum of spoofer and true signals: blue solid curve; receiver early, prompt, and late correlation points: red dots.
    Figure 7. Receiver/spoofer attack sequence as viewed from a channel’s code offset cross-correlation function. Spoofer signal: black dash-dotted curve; sum of spoofer and true signals: blue solid curve; receiver early, prompt, and late correlation points: red dots.

    The spoofer performs drag-off simultaneously on all spoofed channels in a vector spoofing attack that maintains consistency of all spoofed pseudoranges. After the initiation of drag-off, the victim receiver computes a wrong position, a wrong true time, or both, but the residual pseudorange errors in its navigation solution remain small. Therefore, this type of attack is not detectable by traditional pseudorange-based RAIM calculations.

    The receiver spoofer hardware consists of a GNSS reception antenna, the receiver spoofer signal-processing unit, and the spoofer transmission antenna (Figure 8). 

    Figure 8a. Receiver/spoofer hardware: GPS reception antenna on ship’s rear upper deck.
    Figure 8a. Receiver/spoofer hardware: GPS reception antenna on ship’s rear upper deck.
    Figure 8b. Receiver/spoofer hardware: directional transmission antenna pointed at the ship’s GPS antenna and the detector antenna pair near the defended ship’s antenna. The orientation of the spoofing transmission antenna, combined with its remote location from the receiver/spoofer’s reception antenna, ensured that the spoofer did not self-spoof.
    Figure 8b. Receiver/spoofer hardware: directional transmission antenna pointed at the ship’s GPS antenna and the detector antenna pair near the defended ship’s antenna. The orientation of the spoofing transmission antenna, combined with its remote location from the receiver/spoofer’s reception antenna, ensured that the spoofer did not self-spoof.
    Figure 8c. Receiver/spoofer hardware: spoofer electronics, located amidships.
    Figure 8c. Receiver/spoofer hardware: spoofer electronics, located amidships.

    The receiver/spoofer requires tuning of its transmission power levels. If the power is too high, its spoofing attacks will be too obvious. A very high transmitted power could also saturate the front-end electronics of the intended victim, causing it to jam the system rather than spoof it. If transmitted power is too low, it will not capture the victim’s tracking loops, and its spoofing attack will fail. The proper power level depends on the gain patterns of the spoofer transmission antenna and the victim receiver antenna and on their relative geometry.

    Attack Test Scenarios. Three sets of tests were conducted to develop and evaluate the spoofing detection system. The first tests started by recording wideband RF GPS L1 data using USRPs. These data were post-processed in two software receivers that recorded the outputs of their signal tracking loops. Afterwards, the Matlab spoofing detection calculations were run using the recorded tracking loop data as inputs. These preliminary tests at Cornell and Austin proved the efficacy of the spoofing detection algorithms. They did not, however, test system performance during the transition from non-spoofed to spoofed signals that takes place at the initiation of a spoofing attack.

    The second set of tests was carried out using the first real-time version of the system, after the Matlab spoofing detection calculations were repackaged into a tic function and linked to the C++ real-time software receivers. This set of tests also was unable to probe the system’s performance at the onset of a spoofing attack, before the signal drag-off.

    The final set of tests was conducted aboard the White Rose of Drachs in the Mediterranean’s international waters. 

    The power adjustment tests on June 27 needed a means to decide whether a given attack had captured the tracking loops of the ship’s GPS receiver. The strategy for confirming capture was to perform a noticeable drag-off after the initial attack. We settled on a vertical drag-off as providing the most obvious indication of a successful capture. Successful attacks dragged the receiver’s reported altitude as high as 5,000 meters.

    The tests that evaluated spoofer and spoofing detector antenna placements relative to the ship’s GPS antenna were also important to achieving sensible results. Various placements were tried. The most successful relative geometry is depicted in Figure 8.

    The placement of the detector antennas relative to the defended antenna is atypical of likely real-world detection scenarios. It is expected that a real-world spoofing detector will be integral with the defended GNSS receiver.

    The culminating live-signal attack involved a 50-minute spoofing scenario in which the attacker took the ship — apparently — from the Adriatic to the coast off of Libya. The scenario’s long distance and short duration required a mid-course speed in excess of 900 knots. This spoofing scenario was designed in the simplest possible way, by taking a straight-line course in WGS-84 Cartesian coordinates from the true location to the spoofed location off of Libya. This course took the spoofed yacht position across the Italian and Sicilian land masses and below the Earth’s surface to a maximum depth of more than 23 kilometers.

    Obviously, the White Rose was physically unable to execute this maneuver. Its crew would not have needed spoofing detection to realize that its GPS receiver was returning false readings. The main points of this last test were to dramatize the potential errors that can be caused by a spoofer and to check whether the spoofing detector could continue to function under these drastic conditions.

    Figure 9 highlights this unusual scenario with two displays from the ship’s bridge, photographed during the attack. The GPS display shows the speed, 621 kn (knots), and the altitude, 7376 m. The chart display shows the yacht on (or rather, below) dry land and halfway across the “insole” of Italy’s boot. It also shows a tremendously long velocity vector, extending beyond the chart.

    Figure 9a. The ship’s bridge GPS receiver display and its GPS-driven chart (Figure 9b) at two separate times during the Libya spoofing scenario.
    Figure 9a. The ship’s bridge GPS receiver display during the Libya spoofing scenario.
    Figure 9b. The ship’s bridge GPS receiver display (Figure 9a) and its GPS-driven chart at two separate times during the Libya spoofing scenario.
    Figure 9b. The GPS-driven chart during the Libya spoofing scenario.

    Spoofing Detection Test Results

    Various signal output time histories (Figure 10) illustrate the attack sequence and suggest means to evaluate the spoofing detection system. The upper panel plots the fractional portions of the two-antenna spoofing detector’s single-differenced beat carrier-phase time histories, Δϕ1BA, …, ΔϕLBA for the L = 7 tracked PRN numbers 16, 18, 21, 22, 27, 29, and 31. The middle panel plots the amplitude time history of the 100 Hz prompt [I;Q] accumulation vector for PRN 16, as received at Antenna A of the detection system. The bottom panel plots the PRN 16 carrier Doppler shift time history.

    Figure 10. Indicators of initial capture and drag-off during Libya spoofing attack, as measured by the spoofing detection receiver.
    Figure 10. Indicators of initial capture and drag-off during Libya spoofing attack, as measured by the spoofing detection receiver.

    This was a strong attack in which the spoofer power was 10.7 dB higher than the power of the real signal for PRN 16. The other spoofed signals had power advantages over their corresponding true signals that ranged from 3.3 dB to 13.6 dB, and the spoofer’s mean power advantage was 10.4 dB. Therefore, the onset of the spoofing attack at 196.1 sec is clearly indicated by the sudden jump in (I2+Q2)0.5 on the middle panel. The upper panel shows a corresponding sudden coalescing of the single-differenced beat carrier phases, which implies that the spoofing detection algorithm should have been able to detect this attack.

    The spoofer drag-off started at 321.5 sec, as evidenced by the sudden change in the slope of the carrier Doppler shift time history on the lower panel. The period after the initial attack and before the drag-off is delimited by the vertical magenta and cyan dash-dotted lines. During this interval the spoofer waited to capture the receiver’s tracking loops.

    The single-differenced phase time histories in the upper plot appear somewhat noisier during the interim pre-drag-off period of the attack than after the start of the drag-off at 321.5 sec. The grey dotted curve for PRN 27 is an exception because it becomes noisy again starting at about 450 sec due to decreased signal power. The increased noisiness of the differential phase time histories during the interim period is probably the result of interference between the true and spoofed signals, which are likely beating slowly against each other. The response of the spoofing detection algorithm during this phase is uncertain because this multipath-like beating between the two signals is not modeled.

    Figure 11 demonstrates performance of the spoofing detection algorithm for the Libya attack scenario. The upper panel of the figures is a repeat of the upper panel of the single-differenced beat carrier-phase time histories from Figure 10, except that they are plotted for a longer duration. The lower panel shows the γ(t) spoofing detection statistic time history. It plots the same information that appeared in the upper left panel of Figure 6 during the corresponding real-time detection tests. At 196 sec γ(t) is clearly above the blue dash-dotted spoofing detection threshold γth. At 196.4 sec it is clearly below γth  , which indicates a spoofing detection. It remains below γth for the duration of the attack. In this reprocessed version of the detection calculations, γ(t) has been updated at 5 Hz. Therefore, the earliest possible detection point would have been 196.2 sec, which is 0.1 sec after the onset of the attack. This point corresponds to the green dot in the lower panel of Figure 11 that lies slightly above the blue dash-dotted γth line. Theoretically, the system might have detected the attack at this time, but the finite bandwidth of the two receivers’ PLLs caused lags in the transitions of the single-differenced phases in the top plot, which led to the 0.3 sec lag in the detection of the attack. It is encouraging, however, that the spoofing detector worked well during the initial pre-drag-off phase of the attack, from 196.1 to 321.5 sec, despite the added noisiness of the single-differenced carrier phases in the top plot, likely caused by beating between the true and spoofed signals.

    Figure 11. Single-differenced carrier-phase time histories (top plot) and corresponding spoofing detection statistic time history (bottom plot) for Libya spoofing attack scenario.
    Figure 11. Single-differenced carrier-phase time histories (top plot) and corresponding spoofing detection statistic time history (bottom plot) for Libya spoofing attack scenario.

    Figure 12 plots the same quantities as in Figure 11, but for a different spoofing attack, a little less overt than the Libya attack. The power advantage of the spoofer ranged from 3.0 to 14.0 dB for the different channels with a mean power advantage = 9.2 dB. It was detected by the system, as evidenced by the convergence of the single-differenced carrier phases at the onset of the attack at 397.5 sec. The spoofing detection statistic in the bottom panel dives near to the γth detection threshold at the onset of the attack and sometimes passes below it, but it does not stay permanently below the threshold until after the time of drag-off, after 531 sec.

    Figure 12. Single-differenced carrier phase time histories (top plot) and spoofing detection statistic time history (bottom plot) for a spoofing attack with a slightly lower power advantage than the Libya attack.
    Figure 12. Single-differenced carrier phase time histories (top plot) and spoofing detection statistic time history (bottom plot) for a spoofing attack with a slightly lower power advantage than the Libya attack.

    The large oscillations of the single-differenced carrier phases during the pre-drag-off initial capture interval from 397.5 to 531 seconds is likely due to beating between the true and spoofed signals. The largest variations occur for PRNs 12 and 31, which are the ones with the lowest spoofer power advantages, 3.2 and 3.0 dB, respectively. Apparently these oscillations cause γ(t) sometimes to take on values slightly above γth during the interval 397.5 sec < t < 531 sec. Thus, the spoofing detector can experience problems in the initial phases of an attack.

    Note that the spoofer failed to capture the tracking loops of the ship’s GPS receiver. This is surprising, given the average spoofer power advantage of 9.2 dB above the true signals. We conjecture that the ship’s GPS antenna had lower gain in the low-elevation direction toward the spoofer transmission antenna than did the detector’s antennas. A lower gain would reduce the spoofer power advantage in the ship’s receiver and could explain why the spoofer failed to deceive it.

    Many additional spoofing attacks were carried out aboard the ship. The spoofing detector proved finicky. It took quite some time to get the spoofing detection two-antenna system positioned in a sensible place relative to the ship’s GPS antenna so as to be sensitive to nearly the same spoofing signals. In addition, the spoofing detector’s GPS receiver tended to lose lock at the initiation of an attack, prior to signal drag-off. This was likely caused by the large power swings of the received signals due to beating of the true signals against the spoofed signals. This problem went away at higher spoofer power levels. When lock was lost, the software receiver would attempt to re-acquire the signal. Often a reacquisition would succeed only after signal drag-off by the spoofer. Typically, the spoofing detector immediately detected the attack once it had reacquired the spoofed signals that were no longer beating against the true signals due to having been dragged sufficiently far away from them, as in Figure 7. Re-analysis of the recorded data indicated that poor PLL tuning may have caused the losses of lock during the initial attacks. Spoofing detection calculations carried out on the reprocessed data have proved more reliable when implemented with a better PLL tuning. 

    Two attacks were carried out with only a subset of the visible GPS satellites being spoofed. The first involved spoofing 7 of 9 visible satellites, and the second test spoofed only 4 of 9. The spoofing detection system had trouble maintaining signal lock during the initial part of the first attack. It subsequently reacquired signals and was able to detect the attack successfully after reacquisition. The first attack also succeeded in capturing the ship receiver’s tracking loops as evidenced by spoofing of the yacht to climb off the sea surface. The second attack, with only four spoofed satellites, was not detected by the prototype system, but it succeeded in deceiving the ship’s GPS receiver about its altitude. This latter result indicates a need to modify the detection calculations to allow for the possibility of partial spoofing. In their current form, they assume that all signals are either spoofed or authentic. Of course, in the partial spoofing case it may also be possible to use traditional pseudorange-based RAIM techniques to detect an attack.

    Possible Future Work Directions

    The tests suggest further work on the following topics,which are discussed in more detail in the PDF paper on which this article is based:

    • Improved detection during pre-drag-off initial phase of attack;
    • Detection when only a subset of signals are spoofed;
    • Advanced RAIM techniques;
    • A real-time prototype of the switched-antenna version;
    • Detection of a spoofer that uses multiple transmission antennas;
    • Reacquisition of true signals to recover from a spoofing attack.

    Conclusions

    A new prototype GNSS spoofing detection system has been developed and tested using live-signal spoofing attacks. The system detects spoofing by using differences in signal direction-of-arrival characteristics between the spoofed and non-spoofed cases as sensed by a pair of GNSS antennas. A spoofing detection statistic has been developed that equals the difference between the optimized values of the negative-log-likelihood cost functions for two data-fitting problems. One problem fits the single-differenced beat carrier phases of multiple received signals to a spoofed model in which the fractional parts of these differences are identical -— in the absence of receiver noise — because the spoofed signals all arrive from the same direction. The other problem fits the single-differenced carrier phases to a non-spoofed model. This second optimal data-fitting problem is closely related to CDGPS attitude determination. The simple difference of the two optimized cost functions equals a large positive number if there is no spoofing, but it equals a negative number if the signals are being spoofed. Monte Carlo analysis of the probability distributions of this difference under the spoofed and non-spoofed assumptions indicates that it provides a powerful spoofing detection test with a low probability of false alarm.

    A real-time version of this system has been implemented using USRPs and real-time software radio receivers, and it has been tested against live-signal spoofing attacks aboard a yacht that was cruising around Italy. Successful detections have been achieved in many spoofing attack scenarios, and detections can occur in as little as 0.4 seconds or less. One scenario spoofed the yacht’s GPS receiver into believing that it had veered off of a northwesterly course towards Venice in the Adriatic to a southwesterly course towards the coast of Libya, and at the incredible speed of 900 knots. The spoofing detector, however, warned the crew on the bridge about the attack before the yacht’s spoofed position was 50 meters away from its true position.

    The live-signal tests revealed some challenges for this spoofing detection strategy. They occur primarily during the initial attack phase, before the spoofer has dragged the victim receiver to a wrong position or timing fix. If the spoofer power is not much larger than that of the true signals, then beating occurs between the spoofed and true signals during this initial period. This beating can cause difficulties for the receiver tracking loops, making single-differenced carrier phase unavailable. Even when single-differenced phase is available, both the spoofed and non-spoofed models of this quantity can be inadequate for purposes of designing a reliable spoofing detection test.

    This article’s new two-antenna spoofing detection system has generated promising real-time results against live-signal spoofing attacks, but further developments are needed to produce a sufficiently reliable detection system for all anticipated attack scenarios. The best defense will likely employ a multi-layered approach that uses the techniques described in this paper along with advanced RAIM techniques that detect additional signal anomalies that are characteristic of spoofing.

    Acknowledgments

    The authors  (brief bios given in online version) thank the owner of the White Rose of Drachs for the loan of his vessel to conduct the live-signal GNSS spoofing detection tests reported here. The crew of the White Rose aided and supported this project in many ways.


    Red Team, White Team, Blue Team

    Background

    Before March 2013, members of the UT Radionavigation Lab and the Cornell GPS Lab didn’t know about gold-plated sinks and spiral staircases at sea. They did know something about spoofing navigation systems and detecting spoofer attacks. The UT group had hacked a helicopter drone at White Sands Missile Range in June 2012, coaxing it to dive towards the ground. The Cornell group had developed a prototype system that could reliably detect all UT Austin attacks, but it was clumsy, having an oscillating antenna and requiring hours of post-processing. 

    Andrew Schofield, master of the White Rose of Drachs, attended Todd Humphreys’ 2013 South-by-Southwest conference talk on the drone hack and challenged him to go big — bigger than a 1.3-meter drone helicopter. How about a 65-meter superyacht? The result: a summer 2013 Mediterranean cruise that produced intriguing, provocative results.

    The UT team had implemented a feedback controller for their spoofer, but they were unable to control the spoofed drone in a smooth, reliable manner. The White Rose cruise offered a chance to test a next level of sophistication: a controlled sequence of lies leading the victim on a precise course selected by the spoofer, different from the one intended by the captain.

    The UT team was able to induce inadvertent turns while the ship’s bridge thought it was steering a straight course. They could nudge the yacht onto a wrong course paralleling the desired course. The crew remained unaware of the yacht’s true course because its GPS receiver and GPS-driven charts indicated that she was on her intended route. 

    The Push for Protection

    Andrew Schofield quickly began advocating for a follow-up experiment: a UT Red Team attack against the White Rose GPS and a simultaneous Cornell Blue Team demonstration of real-time spoofing detection. 

    The Cornell Team, however, faced challenges in transitioning from its initial prototype to a more sophisticated system, one that eliminated the moving parts and that operated in real time. Team members thought they could produce the next system, but had never been quite sure they could make good on their boast. 

    Development of a second prototype system began with implementation of a new Cornell detection algorithm in Matlab. The first tests of this algorithm involved UT recording and pre-processing of transmissions in an RF chamber that housed the two antennas of Cornell’s second prototype. Cornell applied its new Matlab algorithm to these data and demonstrated off-line spoofing detection. 

    The remaining hurdle was real-time operation. The original development plan called for translation of the Matlab algorithm to C++ followed by integration with a UT Austin/Cornell real-time software radio.  It would be understatement to say that this was an ambitious task for the two-month window that remained until the White Rose cruise. 

    UT Ph.D. student Jahshan Bhatti steered the team around this hurdle by proposing the direct use of Cornell’s Matlab code in the real-time system. Prior to this, no one had realized that it could be practical to call Matlab from C++ in real time. Mark Psiaki packaged the Matlab spoofing detection software into a single tic function, Jahshan coded the calling C++/Matlab interface, and the team was on track to test spoofing detection in late June 2014.

    Spoofer, Detector Clash at Sea

    The White Rose would sail from southern France on June 26, setting a course around Italy to Venice. The Cornell Blue Team would have three full days in international waters to demonstrate and evaluate their real-time spoofng detection system. A Ph.D. graduate from UT’s Radionavigation Laboratory would operate the Red Team spoofer, aka the Texas Lying Machine.

    In preparation for the voyage, the two teams converged in the White Roses’s home port of Cap-d’Ail. They performed initial shake-down tests of their systems in port. They could not do full live-signal tests in Cap d’Ail because they were still in French territorial waters. Transmission of live spoofing signals in the GPS L1 band is permitted only in international waters, and only if conducted for scientific purposes.

    The spoofing and detection tests started in earnest on the morning of June 27 off the southern coast of Italy. The White Rose had passed through the Strait of Messina between Italy and Sicily earlier that day. The initial tests were concerned with antenna geometries and spoofer power levels. Later tests concentrated on serious deception of the White Rose regarding its true course and location.

    During the tests, the UT Red team and its spoofer were situated on the White Rose Sun Deck, above and behind the bridge. The Cornell Blue team and its electronics were on the bridge with its two antennas on the roof. A walkie-talkie link between the teams provided coordination of detector operation with spoofing attacks along with feedback about spoofer and detector performance.

    Hijacked to Libya!

    For the final day of tests, Andrew Schofield suggested sending the spoofed White Rose to Libya as she cruised the Adriatic from Montenegro to Venice — a difference of 600 nautical miles. The target trip time of 50 minutes necessitated a peak speed over 900 knots (1,667 kilometers/hour) after factoring the need to limit initial acceleration and final deceleration; if too large, they might cause the victim receiver’s tracking loops to lose lock and, therefore, the spoofed signals.

    The Cornell and UT Austin teams programmed the spoofer for a trip to Libya, and they initiated the attack. The White Rose bridge soon became a scene of excitement. The ship started veering sharply to port, and its velocity vector lengthened until it literally went off the charts. The GPS receiver showed the ship hurrying towards Libya on a collision course with the back of Italy’s boot. The bridge’s GPS receiver displayed speeds that increased through 100 knots, 200 knots, 300 knots — for a yacht with a speed capability of about 15 knots.

    The Cornell detector issued a spoofing alert at the onset of the attack, long before the White Rose veered off course. After a few minutes, the detector’s continued successful operation became boring.  Of course, boring success is better than exciting failure.

    The Cornell system had not been as successful during some of the preceding attacks, and the results from the June voyage suggested avenues for improvement. If new live-signal tests become necessary to evaluate planned improvements, the Red and Blue teams stand ready for a future superyacht cruise.

    See http://blogs.cornell.edu/yachtspoof for further details.


    Mark L. Psiaki is a Professor of Mechanical and Aerospace Engineering. He received a B.A. in Physics and M.A. and Ph.D. degrees in Mechanical and Aerospace Engineering from Princeton University. His research interests are in the areas of GNSS technology and applications, spacecraft attitude and orbit determination, and general estimation, filtering, and detection.

    Brady W. O’Hanlon is a graduate student in the School of Electrical and Computer Engineering. He received a B.S. in Electrical and Computer Engineering from Cornell University. His interests are in the areas of GNSS technology and applications, GNSS security, and space weather.

    Steven P. Powell is a Senior Engineer with the GPS and Ionospheric Studies Research Group in the Department of Electrical and Computer Engineering at Cornell University. He has M.S. and B.S. degrees in Electrical Engineering from Cornell University. He has been involved with the design, fabrication, testing, and launch activities of many scientific experiments that have flown on high altitude balloons, sounding rockets, and small satellites. He has designed ground-based and space-based custom GPS receiving systems primarily for scientific applications.

    Jahshan A. Bhatti is pursuing a Ph.D. in the Department of Aerospace Engineering and Engineering Mechanics at the University of Texas at Austin, where he also received his M.S. and B.S. He is a member of the UT Radionavigation Laboratory. His research interests are in the development of small satellites, software-defined radio applications, space weather, and GNSS security and integrity.

    Todd E. Humphreys is an assistant professor in the department of Aerospace Engineering and Engineering Mechanics at the University of Texas at Austin, and Director of the UT Radionavigation Laboratory. He received a B.S. and M.S. in Electrical and Computer Engineering from Utah State University and a Ph.D. in Aerospace Engineering from Cornell University. He specializes in applying optimal estimation and signal processing techniques to problems in radionavigation. His recent focus is on radionavigation robustness and security.

    Andrew Schofield is a career Yacht Captain. After completing his degree in Applied Biology and working in the bio-science industry for a year, he left all that behind in 1991 and found a deck hand’s job on a sailing yacht in the Caribbean. Since then he has worked on various yachts in various locations. He has been Captain of the White Rose of Drachs since launch in June 2004. He is President of the Professional Yachting Association, the large yacht professional body, and focuses on the training and certification of crew. In his time at sea GPS has transformed navigation. He feels that the relevance of the work done to detect GPS spoofing cannot be overstated with regard to the safety of life at sea, and he is delighted to have facilitated the voyage during which spoofing detection was proven.

  • Trimble Updates Aerial Imaging Application

    Trimble Access Aerial Imaging 3

    Trimble has added enhancements to its Trimble Access Aerial Imaging 2.0 application to make it more robust, intuitive and easier to use. Part of the Trimble Access field software suite of applications, the Aerial Imaging application is a software tool used with the Trimble Tablet Rugged PC for planning aerial missions, performing pre-flight checks, and monitoring flights for the Trimble UX5 Aerial Imaging Rover.

    The software enhancements include a full redesign of the user interface for a streamlined workflow, and major upgrades to flight design and control. These improvements provide greater flight planning flexibility in applications such as boundary and topographic surveying, mining assessment and exploration, heavy construction modeling and much more.

    The announcement was made at Trimble Dimensions.

    Trimble Access Aerial Imaging 2.0 enhanced user interface enables Trimble UX5 pilots to prepare a flight in minutes and quickly begin collecting data, such as orthophotos, point clouds or surface models. The full interface redesign simplifies the user experience for flight planning by using a step-by-step, tabular navigation to guide the user through the flight process from planning to completion.

    Project management is also easier with new project overview thumbnails and detailed project properties. These interface enhancements are designed to save time in the field, and provide users with an optimal flight planning and monitoring experience.

    The new Trimble Access Aerial Imaging 2.0 functionality optimizes flight times and enables corridor mapping along rivers, roads, and railways that have areas not connected to each other. Pilots can now import multiple map layers, such as georeferenced background maps, ground control point locations, and areas of interest. The software also enables users to fly irregular shaped areas, cover multiple areas and heights in a single flight, and plan multiple takeoff and landing locations. Once a plan has been established, users can perform flight simulations to confirm the flight plan, give a demonstration to clients and aviation authorities, and export the flight plan to a KML file to check terrain clearances. These new enhancements benefit pilots by saving time in flight planning, increasing safety, and meeting requirements of their mission through customized planning before takeoff, Trimble said.

    New features with in flight control build an additional level of viewing options and safety for landing when air traffic or weather conditions suddenly change. Pilots can now check flight settings, view or hide map layers, adjust landing properties, select an alternative landing, and execute pre-programmed interventions while the system is in-flight.

    “Delivering the premium UAV experience for trained geospatial professionals means we need to have the most advanced flight planning and inflight control capabilities to offer, and Trimble Access Aerial Imaging 2.0 shows our commitment to doing just that,” said Phil Sawarynski, business area director of Imaging Solutions for Trimble’s Geospatial Division. “Our customers can feel confident that we are committed to providing tools to streamline flight operations and automate capabilities for safe and successful use of their Trimble UAV systems.”

    Trimble Access Aerial Imaging 2

  • The Business & Product Showcase — November 2014

    The Business section from the November 2014 issue. Download the PDF.

    Includes:

    InterGeo 2014

    Trimble Expands Portfolio for Surveyors, Adds GIS Products; Topcon Announces Geodetic Reference Receiver and Antenna; Carlson Software Introduces Surveyor2 Data Collector at InterGeo; Hemisphere GNSS Offers Survey-Grade Antennas; Sokkia Announces Next-Generation Geodetic Reference Receiver; Juniper’s Rugged Handheld Designed for Data-Collecting Efficiency

    Plus: Applanix Offers Single-Board GNSS-Inertial System for UAV Mapping; Loctronix IDS Captures Real-World GPS Jamming Interference; and Northrop Grumman Finishes Tests of Handheld Precision Targeting Device; Events