GPS World

Tag: meaconing

  • Helpful techniques to mitigate the effect of GPS jamming and spoofing

    Helpful techniques to mitigate the effect of GPS jamming and spoofing

    U.S. Department of Transportation (DOT) figures show incidences of GPS signal interference, such as jamming and spoofing, have increased significantly in both North America and much of Western Europe. Both commercial and military operations are affected, and ADS-B reports from Zurich University of Applied Sciences (ZHAW) cite up to 700 global GPS spoofing and jamming incidents taking place daily.

    Events are particularly concentrated around war zones, with Lithuanian airspace alone recording more than 300 cases of GPS interference in March. The consequences have ranged from emergency diversions of civilian aircraft to, in at least one case, the downing of an aircraft. Other sectors reliant on precise timing and geolocation, such as communications and emergency services, also are being impacted.

    Of course, it’s not just navigation; and a swath of industries rely on PNT signals. This includes secure and regulatory-compliant financial transactions, power grid synchronization, asset tracking, ensuring data integrity and coordinating workloads across global telecommunications and artificial intelligence (AI) servers.

    How can PNT systems be made more resilient to this interference? What emerging technologies enable PNT systems to maintain operational capability in GPS/GNSS-denied, degraded or disrupted space operational environments (D3SOE)?

    Interference Techniques

    GPS interference comes in a wide variety of forms, and systems are susceptible because the signals from the satellites are faint by the time they reach the Earth.

    Jamming is a brute force denial of service (DoS) attack, with a device transmitting a signal on the same L1 (1575 MHz), L2 (1227 MHz) or other relevant bands as the PNT satellites. Being nearer and stronger, these signals drown out the GPS information and prevent the ability to calculate a position, simply making GPS services unavailable.

    Conversely, spoofing is a more sophisticated technique that mimics the structure of an authentic satellite signal but transmits falsified timing and positioning data. Similar to jamming, this relies on the spoofed signal being closer and more powerful than the legitimate PNT transmission and can either trick the navigation system into believing it is suddenly in a different position, or alter it slowly over time causing, for example, a ship or aircraft to deviate into an unsafe location.

    These DoS and deception techniques are the major classes, but in addition to natural and accidental man-made sources, there also are multiple variations on spoofing techniques and methodologies:

    Meaconing: Rebroadcasting of an authentic signal with a delay and shift in position to affect navigation systems.

    Replay attacks: Like meaconing, but more targeted to financial transactions, fooling GPS-based time-stamping systems into accepting fraudulent transactions.

    Data-level manipulation: Where false orbital data, clock corrections and GPS time is given in addition to the location data. These tend to be harder to detect and cause slow changes. They also can be applied to systems that rely on precise timing, such as financial networks and power grids.

    PNT Resilience

    PNT resilience standards are set out in the draft IEEE P1952 standard, which specifies technical requirements and expected behaviors for resilient PNT user equipment.

    End users can test five behavior levels, which are defined within this standard to enable users to select a level that is appropriate based on their risk tolerance, budget and application criticality.

    Photo: PNT Resilience Levels
    Photo: PNT Resilience Levels

    Level 1 represents a basic ability to detect interference such as jamming, spoofing, or other disruptions, and alert users. Level 2 enables equipment to automatically recover to normal operation when the disruption is no longer present. In level 3, the equipment can maintain acceptable performance during the disruption. This capability is fortified in level 4 by leveraging multiple diverse sources or advanced mitigation techniques. Finally, level 5 enables the equipment to verify that the time or PNT information received is accurate.

    Here in the U.S., the NIST 8323.1 Cybersecurity Framework for PNT also offers a comprehensive approach to assessing and mitigating PNT-specific cybersecurity risks. The DHS’ Resilient PNT Conformance Framework and CISA Federal PNT Services Acquisition Guidance are additionally important.

    Countering Jamming

    Traditional PNT systems are struggling to keep pace and meeting IEEE P1952 to tackle GPS interference requires a sophisticated, multi-source zero-trust architecture that never trusts, always verifies and authenticates, and goes beyond simple signal reception. For mission-critical systems, not only do threats need to be detected, but incoming data need to be validated and alternative sources for PNT incorporated, all within an intelligent sensor fusion system.

    If we look first at the DoS jamming technique, here the issue is an inability to detect the medium-Earth orbit (MEO) GPS/GNSS signal in the presence of another more powerful signal.

    It is possible, however, to reinforce L-band communications from GPS satellites, and look to stronger signals, notably from low-Earth orbit (LEO) satellites. While these have less accuracy for timing (GPS/GNSS: <15 ns vs 80 ns for LEO), they are significantly stronger (the Iridium LEO STL signal is 1000x stronger than GNSS) and are more resistant to jamming.

    Countering Spoofing

    In spoofing, the use of encrypted signals is vital.

    GPS signals are open, unencrypted and should not be trusted blindly, and the use of alternative cryptographically secured alternatives is essential to ensure the signal’s origin is legitimate. For example, this is implemented on both the Inmarsat GEO and Iridium LEO satellites used in VIAVI’s SecurePNT and SecureTime services.

    Sensor fusion also should be implemented to combine PNT data with information coming from onboard sensors such as inertial measurement units (IMUs) to identify inconsistencies — not just sudden large jumps but continual slight deviations.

    Beyond these, navigation message authentication can be implemented, using a public key to verify the satellite-broadcast signature and prove the location, clock corrections and status being transmitted. This is already implemented by Europe’s Galileo Open Service Navigation Message Authentication (OSNMA) and makes it very difficult to data-level spoof these satellites.

    While using receiver autonomous integrity monitoring (RAIM) techniques, calculate position with redundant satellites, excluding one satellite each time to check for consistency of results. ARAIM (advanced RAIM) uses the same technique, but applies it to multiple constellations, for example, GPS and Galileo.

    Signal liveliness/consistency checks can be particularly effective against meaconing and replay attacks. These techniques examine the Doppler shift of the signal, with satellites having predictable and specific profiles that will differ significantly when compared to a ground-transmitted signal, which will have a near-zero Doppler shift.

    Operating Under D3SOE

    The above is a summary of the types of techniques that underpin VIAVI’s SecurePNT and SecureTime services.

    SecureTime eGNSS GEO uses an encrypted L-band signal, transmitted from Inmarsat’s GEO satellites to create an enhanced timing service with GNSS authentication and anti-spoofing capabilities and provides sub-5 ns timing accuracy when installed on SecurePNT products.

    Conversely, the SecurePNT systems implement multi-source receivers for GNSS backup and multi-band GNSS with GEO-L for outdoor antennas. The PTP grandmaster uses the latest sub-microsecond accuracy PTP protocol and the traditional millisecond range accuracy Network Time Protocol (NTP) to be compatible with virtually all standard IT equipment — also implementing high-speed 25G PTP Ethernet for connection to high-performance AI data center and AI-RAN networks and financial exchanges without creating bottlenecks.

    Terrestrial sources, such as a network PTP feed and an optional atomic caesium clock, also can be used for synchronization to increase resilience in the event of a prolonged GPS outage. Nino De Falcis is an experienced business development leader with a strong background in the Global PNT market. Currently serving as the senior director of Global PNT Business Development at VIAVI Solutions since January 2024, he focuses on accelerating global business development and identifying growth opportunities.

  • Adtran launches Galileo OSNMA authentication for Oscilloquartz

    Adtran launches Galileo OSNMA authentication for Oscilloquartz

    Adtran‘s Oscilloquartz synchronization platforms now support Galileo’s Open Service Navigation Message Authentication (OSNMA). OSNMA is a GNSS authentication service designed for civilian use.

    By verifying that timing data originates from genuine Galileo satellites, OSNMA ensures authenticity and integrity at the point of reception. The new feature, available via firmware update for supported multi-band GNSS receivers, adds an extra layer of protection against spoofing and manipulation, empowering existing deployments to strengthen security without hardware changes or service disruption.

    OSNMA support from Adtran brings a new level of GNSS security to critical infrastructure. Available for multi-band GNSS receivers in the OSA 5412, OSA 5422, OSA 5430 and OSA 5440 product lines, the feature integrates with Galileo’s Open Service, using digital signatures and TESLA chain keys to authenticate navigation data. This ensures that timing and positioning information is verified as authentic and protected against spoofing or manipulation.

    Adtran’s Oscilloquartz Syncjack probing adds a second layer of defense, detecting record-and-replay attacks – also known as meaconing – by comparing GNSS signals against trusted PTP sources. This dual-layer approach helps identify subtle timing manipulations and delay attacks that traditional receivers may miss.

    “From 5G and smart power grids to financial networks and data centers, bringing authentication to GNSS is a game changer for critical infrastructure,” said Gil Biran, GM of Oscilloquartz, Adtran. “By enabling our customers to defend against sophisticated threats, including meaconing, we’re helping them achieve greater timing integrity for their networks. Existing customers can access this new GNSS security feature with a simple firmware update, helping them stay protected as threats continue to evolve.”