By Jordan Britt, David Bevly, and Christopher Rose
Nearly half of all highway fatalities occur from unintended lane departures, which comprise approximately 20,000 deaths annually in the United States. Studies have shown great promise in reducing unintended lane departures by alerting the driver when they are drifting out of the lane. At the core of these systems is a lane detection method typically based around the use of a vision sensor, such as a lidar (light detection and ranging) or a camera, which attempts to detect the lane markings and determine the position of the vehicle in the lane. Lidar-based lane detection attempts to detect the lane markings based on an increase in reflectivity of the lane markings when compared to the road surface reflectivity. Cameras, however, attempt to detect lane markings by detecting the edges of the lane markings in the image. This project seeks to compare two different lane detection techniques-one using a lidar and the other using a camera. Specifically, this project will analyze the two sensors’ ability to detect lane markings in varying weather scenarios, assess which sensor is best suited for lane detection, and determine scenarios where a camera or a lidar is better suited so that some optimal blending of the two sensors can improve the estimate of the position of the vehicle over a single sensor.
Lidar-based lane detection
The specific lidar-based lane detection algorithm for this project is based on fitting an ideal lane model to actual road data, where the ideal lane model is updated with each lidar scan to reflect the current road conditions. Ideally, a lane takes on a profile similar to the 100-averaged lidar reflectivity scans seen in Figure 1 with the corresponding segment. Figure 1. Lidar reflectivity scan with corresponding lane markings.
Note that this profile has a relatively constant area bordered by peaks in the data, where the peaks represent the lane markings and the constant area represents the surface of the road. An ideal lane model is generated with each lidar scan to mimic this averaged data, where averaging the reflectivity directly in front of the vehicle generates the constant portion and increasing the average road surface reflectivity by 75 percent mimics the lane markings. This model is then stretched over a range of some minimum expected lane width to some maximum expected lane width, and the minimum RMSE between the ideal lane and the lidar data is assumed to be the area where the lane resides. For additional information on this method, see Britt, Rose & Levy, September 2011.
Camera-based lane detection
The camera-based method for this project was built in-house and uses line extraction techniques from the image to detect lane markings and calculate a lateral distance from a second-order polynomial model for the lane marking in image space. A threshold is chosen from the histogram of the image to compensate for differences in lighting, weather, or other non-ideal scenarios for extracting the lane markings. The thresholding operation converts the image into a binary image, which is followed by Canny edge detection. The Hough transform is then used to extract the lines from the image, fill in holes in the lane marking edges, and exclude erroneous edges. Using the slope of the lines, the lines are divided into left or right lane markings. Two criteria based on the assumption that the lane markings do not move significantly within the image from frame to frame are used to further exclude non-lane marking lines in the image. The first test checks that the slope of the line is within a threshold of the slope of the near region of the last frame’s second-order polynomial model. The second test uses boundary lines from the last frame’s second-order polynomial to exclude lines that are not near the current estimate of the polynomial. second-order polynomial interpolation is used on the selected lines’ midpoint and endpoints to determine the coefficients of the polynomial model, and a Kalman filter is used to filter the model to decrease the effect of erroneous polynomial coefficient estimates. Finally, the lateral distance is calculated using the polynomial model on the lowest measurable row of the image (for greater resolution) and a real-distance-to-pixel factor. For more information on this camera-based method, see Britt, et al.
Figure 2. Camera-based lane detection (green-detected lanes,blue-extracted lane lines, red-rejected lines).
Testing
Testing was performed at the NCAT (National Center for Asphalt Technology) in Opelika, Alabama, as seen in Figure 3. This test track is very representative of highway driving and consists of two lanes bordered by solid lane markings and divided by dashed lane markings. The 1.7-mile track is divided into 200-foot segments of differing types of asphalt with some areas of missing lane markings and other areas where the lanes are additionally divided by patches of different types and colors of asphalt.
Figure 3. NCAT Test Facility in Opelika, Alabama.
A precision survey of each lane marking of the test track as well as precise vehicle positions using RTK GPS were used in order to have a highly accurate measurement of the ability of the lidar and camera to determine the position of the vehicle in the lane. Testing occurred only on the straights, and the performance was analyzed on the ability of the lidar and camera to determine the position of the lane using metrics of mean absolute error (MAE), mean square error (MSE), standard deviation of error (σerror), and detection rate. The specific scenarios analyzed included varying speeds, varying lighting conditions (noon and dusk/ dawn), rain, and oncoming traffic. Table 1 summarizes the results for these scenarios. For additional results, please see [8].
Scenario
MAE(m)
MSE(m)
σerror (m)
%Det
Lidar
Noon Weaving
0.1818
0.1108
0.3076
98
Camera
Noon Weaving
0.1077
0.0511
0.2246
80
Lidar
Dusk 45mph
0.0967
0.0176
0.1245
100
Camera
Dusk 45mph
0.2021
0.0592
0.2433
57
Lidar
Medium Rain
0.1046
0.0177
0.1314
65
Camera
Medium Rain
0.0885
0.0101
0.0635
91
Lidar
Low Beam, Night
0.0966
0.0159
0.1215
99
Camera
Low Beam, Night
0.1182
0.0185
0.0762
84
Table 1. Lidar and camera results for various environments.
Additional testing on the effects of oncoming traffic at night was examined by parking a vehicle on the test track at a known location with the headlights on. Figure 4 shows the lateral error with respect to closing distance where a positive closing distance indicates driving at the parked vehicle, and a negative closing distance indicates driving away from the vehicle. Note that the camera does not report a solution at -200 m, which is due to track conditions and not the parked vehicle.
Figure 4. Error vs. Closing Distance.
Based on these findings it would appear that the camera provided slightly more accurate measurements than the lidar while having a decrease in detection rate. Additionally the camera performed well in the rain where the lidar experienced decreased detection rates.
References
Frank S. Barickman. Lane departure warning system research and test development. Transportation Research Center Inc., (07-0495), 2007.
J. Kibbel, W. Justus, and K. Furstenberg. using multilayer laserscanner. In Proc. Lane estimation and departure warning Proc. IEEE Intelligent Transportation Systems, pages 607 611, September 13 15, 2005.
P. Lindner, E. Richter, G. Wanielik, K. Takagi, and A. Isogai. Multi-channel lidar processing for lane detection and estimation. In Proc. 12th International IEEE Conference on Intelligent Transportation Systems ITSC ’09, pages 1 6, October 4 7, 2009.
K. Dietmayer, N. Kämpchen, K. Fürstenberg, J. Kibbel, W. Justus, and R. Schulz. Advanced Microsystems for Automotive Applications 2005. Heidelberg, 2005.
C. R. Jung and C. R. Kelber, “A lane departure warning system based on a linear-parabolic lane model,” in Proc. IEEE Intelligent Vehicles Symp, 2004, pp. 891–895.
C. Jung and C. Kelber, “A lane departure warning system using lateral offset with uncalibrated camera,” in Intelligent Transportation Systems, 2005. Proceedings. 2005 IEEE, sept. 2005, pp. 102 – 107.
A. Takahashi and Y. Ninomiya, “Model-based lane recognition,” in Proc. IEEE Intelligent Vehicles Symp., 1996, pp. 201–206.
Jordan Britt, C. Rose, & D. Bevly, “A Comparative Study of Lidar and Camera-based Lane Departure Warning Systems,” Proceedings of ION GNSS 2011, Portland, OR, September 2011.
European Commission Vice President Antonio Tajani announced in London that the consortium led by OHB System AG and Surrey Satellite Technology Ltd. (SSTL) will build a further eight satellites for the European Union’s Galileo satellite navigation program under the supervision of the European Space Agency.
The new contract will see SSTL continuing its role as payload prime, assembling, integrating and testing the navigation payloads in the UK, whilst OHB System, as the prime contractor, builds the eight satellite platforms and executes the final integration of all the satellites in Germany. The SSTL-OHB partnership is already building fourteen satellites for the Galileo program and will draw on its heritage and experience to produce the additional satellites to demanding schedules.
Matt Perkins, SSTL Group CEO commented “SSTL has played a key role in the development of the Galileo program for nine years and we have the commitment, experience and track record to deliver this substantial contract. We are delighted to have been selected with our partner, OHB, to continue to play our part in building Europe’s operational navigation system.”
SSTL is assembling the Galileo program payloads at its recently opened purpose-built Kepler technical facility in Guildford, UK. Under the contract, SSTL is fully responsible for the construction and test of the navigation payloads. SSTL will manufacture the electrical harnesses and the electronics to interface the navigation payload with the satellite platform. The remaining payload equipment will be externally procured by SSTL from European and other suppliers. SSTL’s payload solution is based on European-sourced atomic clocks, navigation signal generators, high power travelling wave tube amplifiers and antennas and will provide all of Galileo’s services.
Galileo is Europe’s own Global Navigation Satellite System (GNSS), providing real-time positioning, navigation and timing services with unrivalled accuracy and integrity. It will be interoperable with the American GPS system and Russia’s GLONASS system.
The Full Operational Capability phase of the Galileo program is managed and fully funded by the European Union. The Commission and ESA have signed a delegation agreement by which ESA acts as design and procurement agent on behalf of the Commission. The views expressed in this Press Release can in no way be taken to reflect the official opinion of the European Union and/or ESA. “Galileo” is a trademark subject to OHIM application number 002742237 by EU and ESA.
Ashton Carter, U.S. deputy secretary for Defense, and John Porcari, deputy secretary for Transportation, have written an official letter to the assistant secretary of Commerce stating that “there appear to be no practical solutions or mitigations that would permit the LightSquared broadband service.” Carter and Porcari are co-chairs of the National Executive Committee for Space-Based Positioning, Navigation, and Timing. This represents the strongest intra-government statement to date on the issue.
Their letter further states that “both LightSquared’s original and modified plans for its proposed mobile network would cause harmul interference to many GPS receivers. Additionally, an analysis by the Federal Aviation Administration has concluded that the LightSquared proposals are not compatible with several GPS-dependent aircraft safety-of-flight systems.”
“No additional testing is warranted at this time,” the authors conclude.
They further propose to “draft new GPS spectrum interference standards that will help inform future proposals for non-space, commercial uses in the bands adjacent to the GPS signals.”
No response has emerged from either the Federal Communications Commission or the National Telecommunications and Information Administration, the two bodies charged with making a determination on the issue. But the letter appears to signal a coming end to a conflict that has occupied many, and tied up many resources and consumed many millions of dollars, for the past year.
One source commented off the record that “Our hope is this will be the end of the matter, and the FCC will withdrawal its initial approval and inform LSQ they must seek the 500 MHz in a different portion of the spectrum.”
Second Galileo IOV Satellite Transmits
On January 17, the E1 signal of the Galileo Flight Model 2 satellite (FM2, also known as GSAT0102) was successfully acquired and tracked by the researchers of the Navigation, Signal Analysis and Simulation (NavSAS) group at Politecnico di Torino / Istituto Superiore Mario Boella. The signal was received with a non-directive GNSS antenna, a commercial narrowband E1 RF front-end, and the N-GENE software receiver developed by the NavSAS lab.
Other research facilities and advanced GNSS companies around the world have also reported reception of a signal from this, the second in-orbit validation Galileo satellite, launched on October 21, 2011. The first IOV satellite, Galileo-ProtoFlight Model (PFM) began broadcasting in December.
FM2 currently transmits a Galileo Open Service signal on the E1 band using the Code Number 12 of the Galileo Interface Control Document (ICD). Acquisition and tracking results are reported in Figures 1, 2, and 3. The signal was received with a C/N0 of approximately 46.4 dBHz and a Doppler frequency shift equal to –2595 Hz.
Both Galileo craft were in view on January 17. Figure 4 shows both the estimated Doppler and C/N0 profiles obtained from multiple measurements performed on the same time interval.
As a final step, the demodulation of the E1b data channel has also been performed, checking the navigation messages for both the satellites. It has been noticed that, at the moment, the navigation messages present only two types of page: reserved (word type field with value 63) and type 0 (spare). Type 0 words have valid Week Number and Time Of Week fields. On the other hand, both the satellites broadcast a valid secondary code on their E1c pilot channels, compliant with the Galileo ICD.
— Fabio Dovis
FIGURE 1. Search space of the successful acquisition of the Galileo FM2 satellite (PRN 12).
FIGURE 2. Peak obtained acquiring the Galileo FM2 satellite.
FIGURE 3. Estimated C/N0 and correlation values obtained tracking the PRN 12.
FIGURE 4. Estimated Doppler and C/N0 profiles along multiple measurements performed on January 17.
More GPS III Birds, Launch, Checkout Awarded
The U.S. Air Force awarded Lockheed Martin a $238 million contract for production of the third and fourth satellites in the next-generation GPS III constellation.
In May 2008, the Air Force awarded Lockheed Martin an initial contract to design, develop and build the first two GPS III satellites. The contract also includes options for up to 10 additional spacecraft. With the most recent award, the GPS III team is now on contract to deliver four GPS III space vehicles, with the first launch scheduled in 2014. The Air Force has plans to build up to 32 GPS III satellites.
The Air Force also signed a $21.5 million contract with Lockheed Martin to provide a launch and checkout capability (LCC) to command and control all GPS III satellites from launch through early on-orbit testing.
The LCC will be integrated into the Raytheon-developed Next Generation Operational Control System (OCX). It includes trained satellite operators and engineering solutions in partnership with OCX to support launch, early orbit operations, and checkout of all GPS III satellites before the spacecraft are turned over to Air Force Space Command for operations.
“Achieving initial launch capability in 2014 is critical to introducing new GPS capabilities on time and will enable the GPS III program to continue its production pace, maximize efficiencies and reduce long term costs for the GPS enterprise as a whole,” said Col. Bernard Gruber, director of the GPS Directorate. “LCC will ensure we can launch in 2014, effectively closing the time gap between GPS III and the Next Generation Operational Control System.”
Lockheed Martin is the GPS III prime contractor with teammates ITT Exelis, General Dynamics, Infinity Systems Engineering, Honeywell, ATK, and other subcontractors.
Increase Proposed for GLONASS
A December 27 meeting in Moscow heard a proposal to expand the GLONASS constellation to 30 satellites and six orbital planes, among five other modernization options. The Presidium of the TsNIImash Council (Central Research Institute of Machine Building) is the arm of Roscosmos, the Russian federal space agency, responsibale for civil aspects of GLONASS.
The other options include adding one more satellite to each of the existing three planes, but that would involve rephasing almost all of the operating satellites, which could cause problems. Adding three new planes to the constellation, each with two satellites, is the leading option, and will be considered in detail over the next few months.
It is not clear how the present GLONASS frequency-division multiple-access (FDMA) channel spectrum could handle 30 satellites. It appears that the current arrangement can only handle a maximum of 28 satellites. The concept would need support from the Russian Defense Ministry among others to go ahead.
Incomplete Compass ICD Released
China announced the official start of Compass operational positioning, navigation, and timing services to China and surrounding areas and released a test version of an interface control document (ICD) on December 27. The ICD is available in both Chinese and English in PDF format from the system’s website, www.beidou.gov.cn.
The nine-page test ICD is incomplete. It only describes the basics of the coordinate and time systems and the basic characteristics of the open service B1 signal transmitted as the in-phase component on the 1561.098 MHz carrier frequency, including the ranging codes assigned to different satellites. There is no discussion of the details of the navigation message or associated algorithms.
A spokesperson stated that the test version is being released to stimulate research and development work and promote applications as soon as possible, and that some aspects of the transmitted signals are not yet finalized or “cured” and that is why they are not discussed in the test ICD.
Leap Second
The International Earth Rotation and Reference Systems Service (IERS) announced that a positive leap second will be introduced into Coordinated Universal Time (UTC) at the end of June 2012. UTC will be retarded by 1.0 second so that the sequence of dates of the UTC markers will be:
2012 June 30 23h 59m 59s
2012 June 30 23h 59m 60s
2012 July 01 0h 0m 0s
UTC and all time scales based on UTC will be affected by this adjustment. However, GPS will not be adjusted physically. For GPS, the leap second correction contained within the UTC data of subframe 4, page 18 of the navigation message transmitted by satellites will change.
Before the leap second: GPS-UTC = +15s (that is, GPS is ahead of UTC by 15 seconds).
After the leap second: GPS-UTC = +16s (GPS will be ahead by 16 seconds).
Meanwhile, the International Telecommunication Union postponed until 2015 a vote on a proposal to do away with leap seconds completely.
Small ceramic patch elements offer nearly perfect single-frequency receive characteristics and have become the standard for GPS L1 antennas. However, the new generation of GNSS receivers now being introduced track many satellites in multiple constellations. Are these narrow-band devices up to the task for wider bandwidths?
L1 Compass and GLONASS navigation signals are broadcast on frequencies close to GPS L1, but the offset exceeds the circular-response bandwidth of small patch antennas. This article discusses the nature of the defects to be expected with the use of small patches over the broader bandwidths required, and contrasts this with the higher performance of dual-feed patch antennas.
It is very difficult to evaluate the relative merits of GNSS antennas without very specialized equipment and resources. An accurate method for comparative evaluation of competing antennas is described that makes use of the C/N0 values reported by GNSS receivers.
A particular challenge facing GNSS is the threat posed by encroaching interfering signals; the LightSquared terrestrial segment signals often being quoted. Relatively simple measures are described to make GNSS antennas immune and the small resulting hit to antenna performance is quantified.
Circularly-Polarized Carrier Signals
The civilian signals transmitted from GNSS satellites are right hand circularly polarized (RHCP). This allows for arbitrary orientation of a receiving patch antenna (orthogonal to the direction of propagation) and, with a good co-polarized antenna, has the added benefit of cross polarization rejection.
For conceptualization, circularly polarized (CP) signals can be thought of as comprised of two orthogonal, linearly polarized signals offset in phase by 90 degrees, as shown in fig 1 below. With one feed defined as I (in-phase), and the other Q (quadrature), the response of the antenna will either be LHCP or RHCP depending upon the polarity of the Q signal phase relative to that of the I signal.
If a CP signal is reflected from a metallic surface (such as metalized glass), the reflected signal becomes cross-polarized, so that a reflected RHCP signal becomes LHCP, and vice-versa. Unlike the linearly polarized (LP) case, a good CP receiving antenna will reject cross-polarized signals resulting from a single reflection. In this respect, reception of CP signals by a CP antenna is considerably improved relatively to linearly polarized signals.
FIGURE 1. Graphic representation of circular polarization (from Innovation column, July 1998 GPS World).
Frequency Plans
At this time, four global navigation satellite systems (GNSS) are either in service or expected to achieve full operational capability within the next 2–3 years: GPS, of course, GLONASS, also now fully deployed, Galileo, and Compass, expected to be deployed over the next two years.
Thus the systems and signals to be considered are:
GPS-L1 at 1575.42 MHz;
GLONASS L1, specified at 1602MHz (+6, –7) × Fs, where Fs is 0.5625 MHz;
Compass at 1561 MHz;
Galileo L1 as a transparent overlay on the GPS system at 1575.42 MHz.
It has emerged that considerable accuracy and availability benefits derive from tracking a larger number of satellites from multiple constellations. Notably, STMicroelectronics has produced an excellent animation of the GPS and GLONASS constellations that shows the theoretical improvement in accuracy and fix availability that derive from simultaneously tracking GPS and GLONASS satellites in Milan, For a really interesting comparison check out www.youtube.com/watch?v=0FlXRzwaOvM.
Most GNSS chip manufacturers now have multi-constellational GNSS receiver chips or multi-chip modules at various stages of development. It is awe-inspiring that the navigational and tracking devices in our cars and trucks will in the very near future concurrently track many satellites from several GNSS constellations. Garmin etrex 10/20/30 handhelds now have GLONASS as well as GPS capability.
Small single-feed patch antennas have good CP characteristics over a bandwidth up to about 16 MHz. This format is cheap to build and provides almost ideal GPS L1 characteristics.
Multi-constellation receivers such as GPS/GLONASS require antennas with an operational bandwidth of up to 32 MHz, and up to 49 MHz to also cover Compass.
Patch Antenna Overview
The familiar patch element is a small square ceramic substrate, fully metalized on one side, acting as a ground plane, and on the other, a metalized square patch. This structure constitutes two orthogonal high-Q resonant cavities, one along each major axis. An incident circular electromagnetic wave induces a ground current and an induced voltage (emf) between the patch edge and ground plane so that at resonance, the cavity is coupled to free space by these fringing fields.
A typical low-cost GPS L1 patch is a 25 × 25 × 4 mm block of ceramic (or smaller) with a single-feed pin. Patches as small as 12 mm square can be fabricated on high-dielectric constant substrates, but at the cost of lower gain and bandwidth. The two axes are coupled either by chamfered patch corners or by offset tuning plus diagonal feed pin positions (Figure 2).
An alternate form of patch antenna has independent feeds for each axis. The feeds are combined in a network that fully isolates the two feeds. Dual-feed antennas can provide nearly ideal characteristics but are inherently more expensive to build. See Figure 3.
FIGURE 3. Dual-feed patch (left) and feed combiner (right).
Basic Performance Parameters
The factors that have a direct bearing on patch performance are:
Gain and radiation pattern;
Available signal-to-noise as a function of receiver gain and low-noise amplifier (LNA) noise figure;
Bandwidth, measured as: radiated power gain bandwidth; impedance bandwidth; or axial ratio bandwidth.
Gain and Radiation Pattern. Patch antennas are specified and usually used with an external ground plane, typically 70 or 100 millimeters (mm) square. Without an external ground plane a reasonable approximation of the radiation pattern is a circle tangential to the patch ground plane with a peak gain of about 3 dBic (dBic includes all power in a circular wave). The addition of an external ground plane increases the peak gain at zenith by up to 2 dB.
The pattern shown in Figure 4 is typical for a 25 mm patch on a 100 mm ground plane. The gain peaks just under 5 dBic, dropping to about 0 dB at an elevation angle of ±60 degrees (the horizon is 90 degrees).
FIGURE 4. Radiation pattern for 25 mm patch on 100 mm ground plane.
Table 1 tabulates approximate gain values at zenith for a range of GPS L1 patch sizes, mounted on a 100-mm ground plane, at resonance, radiated with a RHCP signals (that is, dBic).
TABLE 1. Patch size versus gain at zenith.
Clearly, gain is significantly lower for patches smaller than 25 mm square. Not illustrated here is that the bandwidths of antennas smaller than 25 mm also become too narrow for consideration for anything other than single-frequency signals such as GPS L1.
Achievable C/N0. The carrier signal-to-noise density ratio (C/N0) is a fundamental measure of signal quality and hence antenna performance. For a given receiver, if the C/N0 is degraded due to any cause, be it a poorly tuned patch or bad LNA noise figure or other, the shortfall in performance is non-recoverable.
The effective isotropic radiated power (EIRP) of the transmitted GPS L1 signal from the space vehicles is approximately 27 dBW. If D is the range to the satellite, and λ is the carrier wavelength, the free space path loss, PL, is given by
PL = [ λ / (4 × π × D)]2
The signal power received at the antenna terminals, Pr, is given by:
Pr = EIRP × Gr × PL
where Gr is the receive antenna gain.
The noise power in a 1 Hz bandwidth, N0, referred back to the antenna terminals is given by:
N0 = 10log(Te × k),
where Te is the overall system noise temperature, and k is the Boltzmann constant.
Thus C/N0, the ratio of received carrier power to noise in a 1 Hz bandwidth, referred to the antenna is
C/N0 = Pr / N0
Quantifying this calculation: For λ = 0.19 meters (corresponding to the L1 frequency), and an orbit height of 21,000 kilometers, the path loss,
PL = –182.8 dBW.
The received signal power,
Pr = EIRP(dBW) + Gr(dB)+ PL(dB)
(in dBW)
Assuming the mid-elevation antenna gain, Gr, is 3 dBic,
Pr = –152.8 dBW.
For a cascaded system such as a GPS receiver, the overall noise temperature is given by:
Te = Ts + Tlna + Tgps/Glna
where Te is the overall receiver system noise temperature, Tsis an estimate of sky-noise temperature at 1575.42 MHz, assumed to be 80 K, Tlna is the LNA noise temperature (76 K for an LNA noise figure of 1 dB), Glna is the LNA gain (631 for 28 dB gain), and Tgps is the noise temperature of the GPS receiver (636 K for 5 dB receiver noise figure).
Thus, Te = 157.1 K and N0 = –206.6 dBW.
The available ratio of received carrier power to 1 Hz noise, C/N0, referenced to the antenna is:
C/N0 = Pr/(Te × k) –
(implementation loss)
where implementation loss is an estimate of the decode implementation loss in the GPS receiver, assumed to be 2 dB (something of a fiddle factor, but reasonable!)
Thus, C/N0 = –152.8 – (–206.6) – 2 dB = 51.8 dB.
For satellites that subtend a high elevation angle, the reported C/N0 could be 2 dB higher or 53.8 dB best case.
A good circular antenna should provide C/N0 values in the range 51 dB–53 dB. This can be checked using the (NMEA) $GPGSV message output from most GNSS receivers. Comparative measurement of C/N0 provides the basis for comparative antenna evaluation as described later.
Single-Feed Bandwidth. Bandwidth of single-feed patches can be defined in several quite different ways.
Radiated power gain bandwidth: the bandwidth over which the amplitude at the terminals of the receiving antenna is not more than X dB below the peak amplitude, with an incident CP field.
Axial ratio bandwidth: the bandwidth over which the ratio of the maximum to minimum output signal powers for any two orthogonal axes is less than Y dB. This is an indicator of how well the antenna will reject cross-polarized signals.
Return loss (RL) or impedance bandwidth: that over which the feed input return loss is less than Z dB. This is very easy to measure, and gives the most optimistic bandwidth value.
The input impedance of a single-feed patch is shown in Figure 5. The rotated W-shape of the single-feed patch impedance is a result of the coupling between the two axes of the patch. The 10 dB return loss, called S11, is shown as a circle, outside of which |S11| > –10 dB.
These measures of bandwidth are shown for 25 × 25 × 4 mm and two thicknesses of 36 mm2 antennas in Table 2.
FIGURE 5. S11 for a 25 mm single-feed patch.TABLE 2. The various measures of patch bandwidth.
These different measures yield large differences in bandwidth. The merits of each depends on what is important to the user.
From a purist viewpoint, the most intuitively useful measure of bandwidth is the 0.5 dB radiated gain value. Even then, at the band edges so defined, the axial ratio for a 25 mm2 × 4 mm patch is degraded to about 5 dB, just on the negative side of ok.
As shown in Table 2, the 10 dB return loss bandwidth is comparatively wide. Figure 6 shows the EФ and Eϴ fields for a 36-mm patch a) at resonance and, b) and c), at the upper and lower –10 dB RL frequencies. At resonance the fields are equal, and the radiation is circular (add 3 dB for the CP gain). At the two 10 dB RL offset frequencies, the axial ratio is about 9 dB, with the dominant axis swapped at the band edges.
(a)
(b)
(c) FIGURE 6. (a) Realized gain patterns EФ and Eθ, single-feed at resonance, Fc. (b) realized gain patterns EФ and Eθ , single-feed, Fc+F–10 dB.
(c) realized gain patterns EФ and Eθ, single-feed, Fc-F+10dB.
As a transmitter, a 10 dB return loss would correspond to 90 percent of the energy transmitted, in this case, mostly on a single axis. By reciprocity, as a receiver, the single axis gain of the patch at the 10 dB RL frequency is higher (by about 2 dB ) than at resonance. So, if a linear response can be tolerated, the 10 dB bandwidth is a useful measure, albeit for a very non-ideal response.
Because the two axes are only balanced at resonance, single-feed patches are only truly circular at resonance. An ideal CP antenna has an equal response to a linearly polarized signal, for any rotational angle of incidence. Figure 7 shows the response of a CP antenna to a LP signal for any rotation, which is 3 dB down relative to the response to a co-polarized CP wave.
Figure 7. Perfect CP response to linearly polarized waveform.
In contrast, Figure 8 shows the responses of a single-feed patch (25 mm2 × 4 mm) as a function of field rotation with a linearlarly polarized wave. Note that, at resonance, all of the responses have the same amplitude because the patch is circular at that frequency.
Figure 8. 25-millimeter single-feed patch response to linear polarization rotation.
The responses shown above are for the following conditions:
A) single axis excitation (axis A)
B) single axis excitation (axis B)
C) equal axis excitation, antipodal
D) equal axis excitation, in-phase.
The relevance of this is that a circular polarized wave can become elliptical as a result of multipath interference. Figure 8 shows that the antenna response can be highly variable as a function of the angle of the ellipse principal axis. This is another way of looking at impaired cross-polarization rejection.
In addition, poor axial ratio results in non-equal contributions from each of EФ and Eϴ as the E vector of a linearly polarized wave is rotated. Thus an antenna with a poor axial ratio has a non-linear phase response, unlike a truly CP antenna which has an output phase that rotates proportionally with the E vector rotation.
25 mm2 patches for GPS/GLONASS applications are tuned to the mid frequency of 1590 MHz. Because the RHCP response is narrow, so is the cross polarization rejection, which is also centered at 1590 MHz, Figure 9 shows the simulated response of a single-feed 25 mm patch to co-polarized and cross polarized fields.
Figure 9. Co-polarized and cross polarized response, single-feed patch.
The cross-polarization rejection is degraded at both GPS and GLONASS frequencies, so that much of the ability of the antenna to reject reflected signals is lost.
Against these criteria, a 25 × 25 × 4 mm single-feed patch element can provide good CP performance over about 16 MHz. Of course, initial tuning tolerance must be subtracted from this. However, even within the 0.5 dB radiated gain bandwidth the axial ratio rapidly becomes degraded to about 5 dB, and at larger offsets, the patch response becomes virtually linearly polarized, with poor cross-polarization rejection and phase response. However, as a redeeming feature, the single-feed patch has a wideband frequency response albeit linearly polarized at the GPS and GLONASS frequencies (the band edges).
Dual-Feed Patches
By comparison, dual-feed patches can provide almost ideal characteristics over the bandwidth of the patch element. Figure 3 shows a typical physical configuration and a schematic representation for the feed combining network. This ensures that the two axis feeds are fully isolated from each other over all frequencies of interest. The well known 90-degree hybrid coupler provides exactly the required transfer function.
The Smith chart in Figure 10 shows the impedance of one of the two feeds (that is, one axis) and the combiner output impedance, this being just a small locus close to 50 ohms.
Figure 10. Dual-feed patch, single axis and combiner S11.
Contributions from each axis at all frequencies are theoretically identical for a perfect specimen, so that the configuration naturally has an almost ideal axial ratio (0 dB).
Gain and Radiation Pattern. At resonance, the mode of operation of the single and dual-feed patches is identical so, unsurprisingly, the gain and radiation pattern are also the same; see Figure 4.
Dual-Feed Bandwidth. The 1 dB radiation bandwidth of a dual-feed patch is just less than 1 MHz narrower than if configured as a single feed. Otherwise, the bandwidth of a dual-feed patch is simply the resonant characteristic of the cavities comprised of each axis. The allowable in-band roll-off defines the patch bandwidth, which in any event should not be worse than 1.0 dB, including initial tuning errors. The response for a 36 × 36 × 6 mm patch is shown in Figure 11.
Figure 11. Co-polarization and cross-polarization response, dual-feed patch.
Axial Ratio. Because the axial ratio of dual-feed patches is inherently good, the cross-polarization rejection is also good. The simulated cross-polarization response for the dual-feed patch is also shown in Figure 11.
In reality, small gain and phase imbalances in the printed circuit board, hybrid coupler, and patch itself will prevent the axial ratio from being perfect and cross-polarization response not quite so ideal. With good manufacturing controls, axial ratio can be held to typically better than 2 dB.
The obvious question is, since dual-feed devices have nearly ideal characteristics, why not just make a low cost small dual-feed antenna? There are three issues: The first is that the feed offsets required for a 25 mm2 patch are physically too close for two feed pins. Secondly, a dual-feed structure requires an additional relatively expensive combiner component; thirdly, sometimes, the only way to achieve the necessary bandwidth is through the considerably extended, but linearly polarized bandwidth of the single-feed patch.
That said, were it possible, it would be the ideal solution.
Comparative Performance
The C/N0 value reported in the NMEA $GPGSV message provides a simple method for comparative evaluation of GNSS antennas. The idea is to compare reported C/N0 values for a number of competing antenna types.
This requires a reference GPS receiver, a logging computer and the antennas to be evaluated, and these should be arranged so that:
The computer is set up to log the NMEA $GPGSV messages output from the receiver ($GLGSV for GLONASS).
Each antenna is placed and centered on identical ground planes (100 mm),
The antennas-under-test are not closer to each other than 0.5 meters (to ensure no coupling), and
Each antenna-under-test has a clear sight of the whole sky, and
It is possible to quickly switch the antenna connectors at the receiver.
The method is to connect each antenna in sequence for 15 seconds or so, and to log NMEA data during that time. The antenna connector substitution should be slick, so that the receiver quickly re-acquires, and to validate the assumption of a quasi-stationary constellation.
Each NMEA $GPGSV message reports C/N0, at the antenna, for up to 4 satellites in view. The best reported average C/N0 value for specific satellites 49 dB and above are the values of interest. The winner is the highest reported C/N0 value for each constellation.
This sequence should be repeated a few times to get the best estimate. The important parameter is the difference between the reported C/N0 and the receiver acquisition C/N0 threshold. If the acquisition C/N0 threshold is –30 dB, an antenna that yields –49 dB C/N0 has a 19 dB margin, while an antenna that yields 52 dB has a 22 dB margin — a big difference.
Immunity to LightSquared
Much has been written regarding the threat of the prospective terrestrial segment that the LightSquared L-band communication system poses for GPS (and GNSS in general), which mostly is true. On the other hand, front-end protection for GNSS antennas is a relatively simple, inexpensive addition. The performance cost (in addition to a very small dollar cost increment) is an unavoidable but relatively small sensitivity hit. Note that L-band augmentation systems, other than WAAS and compatible systems, face a more difficult problem.
This is not just a LightSquared issue. In several corners of the world, transmission of high-level signals are permitted that have the potential to interfere with GPS either by source distortion or inter-modulation within the GPS antenna front end itself.
The primary hazard is saturation of the first stage of what is usually a two stage LNA. So, the only way to protect against this is a pre-filter, as shown in Figure 12.
FIGURE 12. Pre-filtered antenna architecture.
There is a trade-off between the slope and corner frequency of the pre-filter out-of-band rejection and its associated insertion loss. The table below shows the response with a wider filter with an insertion loss of 1 dB, the second a more aggressive filter with a 2.5 dB insertion loss (IL).
Table 3 shows overall noise figure including and excluding sky noise. Sky-noise temperature is used here as a catchall that includes true sky-noise, thermal noise (the antenna can partially see the local environment), plus similar factors. The value used is arguable, but experience indicates this is a reasonable number.
The existence of sky noise limits the lowest available noise figure and sets the effect of a pre-filter in the correct context. In any event addition of a quite adequate pre-filter against a 1536 MHz signal can be achieved with less than 1 dB impact on received C/N0.
TABLE 3. Rejection and noise figure for pre-filtered antenna.
Putting It All Together
Small (25 mm2 × 4 mm) single-feed patches are only truly circularly polarized at resonance but do have good CP characteristics over a bandwidth of about 16 MHz, and almost perfect for GPS L1. The pre-dominance of this format for GPS L1 is fully justified.
However, when used to receive wider bandwidth signals such as GPS/GLONASS, single-feed patch antennas suffer from a litany of minor flaws, most particularly poor axial ratio and poor cross-polarization rejection.
On the other hand, the coupling that happens in single-feed antennas results in a very wide 10 dB return loss bandwidth but at the band edges (where the GNSS signals are) they are virtually linearly polarized.
There is no doubt that the performance of small single-feed patches for bandwidths such as those required for GPS/GLONASS coverage is marginal. However, to no small extent, the sensitivity of modern receiver chips is so good that marginal antenna performance can often be accommodated, at least from a basic operational viewpoint. The receiver bails out the antenna.
However, the end result must be degraded GNSS reception. If the application cannot tolerate reduced GNSS availability or accuracy because of marginal antenna performance the choice should be a dual-feed patch type. This will present the GNSS receiver with more consistent signals levels and phase responses and less interference. The end result should be faster acquisition, and realization of the improvement in horizontal dilution of precision (HDOP) that GPS/GLONASS offers.
The reported values of C/N0 in the $GPGCV NMEA message provides a simple and sensitive means to comparatively evaluate antenna performance.
A not insignificant consideration is that the antenna is usually a very visible part of a bigger system, and unavoidably represents the quality of the user equipment. In that case, the antenna housing robustness and appearance may also be a criterion to maintain the image of the end product.
The final point is that introduction of pre-filters into active GNSS is a good idea, whose time has come. This provides protection against the well known bug-a-boo, but also protects against known interference in other parts of the world.
Acknowledgments
I would like to acknowledge the assistance of Inpaq Technologies (Suzhou) Ltd., for provision of patch samples and technical support; Rony Amaya, adjunct research professor, Carleton University, Ottawa, for discussions and assistance in preparing this article; and STMicroeletronics for permission to cite the GPS+GLONASS demonstration video.
Gyles Panther is president and CTO of Tallysman Wireless (www.tallysman.com) and has an honors degree in applied physics from City University, London. He has worked in the fields of RF and satellite communications for more than 20 years. As CTO of a precursor company he was the principal engineer for the development of a wide-area Canadian differential GPS corrections system (CDGPS) receiver. Tallysman is a new start-up specializing in high-performance GNSS antennas and systems.
Perhaps you don’t track suspected criminals in your spare time, nor do you design or supply a GNSS product that does so. Still, the fresh Supreme Court ruling on GPS use for this purpose reverberates for you, in ways yet unknown. The most interesting part of the court’s ruling pops up in a somewhat open-ended “what if” comment concerning future issues that at least one justice thinks the court should address.
GPS trackers are a form of search, and police must obtain a search warrant to use them, the court unanimously ruled. This comes as a setback to government and police agencies who increasingly rely on GPS surveillance. Justice Scalia said the government’s installation of a GPS device to monitor a vehicle’s movements constitutes a search and violates the Fourth Amendment’s protection against unreasonable search and seizure.
Justice Samuel Alito further said the court should address how expectations of privacy affect whether warrants are required for remote surveillance using electronic methods that do not require the police to install equipment, such as GPS tracking of mobile telephones. “If long-term monitoring can be accomplished without committing a technical trespass — suppose for example, that the federal government required or persuaded auto manufacturers to include a GPS tracking device in every car — the court’s theory would provide no protection,” Alito wrote.
This, or its exact counterpart, has already occurred in cell phones: government-mandated location technology embedded in all devices, over a sliding timescale that comes to maturity, or full application, fairly soon.
The words “no protection” in Justice Alito’s opinion appear to state that personal cell-phone records are open season to government investigators. Such has already been the case in a number of instances.
Murkier than government use — if such a concept is conceivable — is commercial use of a consumer’s location data. In other words, privacy. This issue has been raised since GPS-enabled phones were first theorized, and since the very whisper of the first location-based service, but it has never been fully or adequately addressed by anyone in industry or government.The notion of “granting permission” to use one’s location data, in order to benefit from services thus provided, still seems unresolved to me.
Presumably, we are all waiting around for a test case, such as that of the Jeep owner in the Supreme Court just now. With LBS poised — same as it ever was — on the brink of widespread acceptance, it might benefit everyone if such a case came sooner rather than later.
Javad Ashjaee, president and CEO of JAVAD GNSS, invites engineers “who want to roll up their sleeves” to a working session at his company’s San Jose, California facility on Tuesday, January 17, to “find solutions and discuss technical details” related to the LightSquared/GPS conflict. The invitation comes at the end of a lengthy statement, “A Technical Story of a Bad Filter and a Good Filter — Which Turned Political!,” downloadable as a PDF from the company’s website.
“I have been reflecting on events related to the GPS interference issue and LightSquared. What I discovered revealed the root of this problem, and as I will describe in this paper, it is entirely caused by poor design of GPS receivers The problem can be solved easily and with existing technology. In fact, it already has been solved.
[ . . . . ] “In order to defend the GPS system and provide technical data, I started my own investigation of the problem. I soon realized that my own company had a fundamental problem in the first stage of our antenna system. It was allowing other radio energies into the receiver in addition to the Global Navigation Satellite System (GNSS) signals. I recognized that the flaw in our filter system would degrade the performance of our GNSS receivers whether LightSquared’s system is deployed or not.
“As an engineer, I always strive to innovate my products and took it upon myself to see if we could develop a device that filters out as much noise as possible from the adjacent band without affecting the integrity of the GNSS signals. Unfortunately, this was never a priority in our industry – we always used filters that offered little protection against interference. I soon drew the conclusion that the standard operating procedure resulted in degraded performance.
[ . . . . ] “Our challenge is to build the best filter that keeps the GNSS signals intact and blocks unwanted signals as much as possible. In other words, make the side slopes, or skirts, of a filter as steep as possible. How difficult it is to build such a filter? How much would it cost?
[ . . . . ] “If we build better filters and better GNSS receivers, both general purpose users and high-precision users of GNSS will get improved results. In addition, the Figure 5 [all figures are shown in the downloadable PDF at JAVAD GNSS website] filter will protect the receiver from hearing LightSquared signals. This is shown in Figure 7, below. The GPS and GLONASS signals are shown in green. Our new steep-skirt filter is shown in grey, and the LightSquared signals are pink. Note that this new filter completely blocks out the LightSquared signals without reducing the signal strength of GNSS signals.”
[ . . . . ] “The reaction from many of my industry peers to my scientific analysis was decidedly unscientific. My pure technical findings were tagged as hostile, harsh, disrespectful, political, self-serving and betraying. I ask my critics: How in the world could I possibly want to cause harm to GNSS systems that I have worked so hard in the past 30 years to improve?
If GNSS system receives any harm, my company and I are among the first to feel the damage!
“I’m not a stranger to controversy, so I chose to ignore them. I received similar personal attacks for ten years when I was working on GLONASS. Déjà vu!
[ . . . . ] “This technical matter has a lot of lawyers, lobbyists and spin doctors involved, but it’s the engineers who have the ability to solve this problem.
No matter what happens to LightSquared, I am determined to build a better filter system for our GNSS receivers and offer better products to surveyors worldwide, and if we can accomplish this while facilitating a better RTK network, all the more reason.
I would like to invite engineers who want to roll up their sleeves and find solutions and discuss technical details to join me and several of my peers on Tuesday, January 17, 2012 in my San Jose facility. Please RSVP to javad at javad dot com.”
GALILEO PROTOFLIGHTMODEL satellite began transmitting E1 and E5 signals in early December. ESA reports them well within power and shape specifications, and suited for interoperability with GPS.
The Galileo ProtoFlightModel (PFM) in-orbit validation (IOV) satellite GSAT0101 began transmitting E1 signals on December 10 using the E11 ranging code, and E5 signals early on December 14. Launched at the same time, Flight Model 2 (FM2), GSAT0102, has not yet started transmitting navigation signals. Several companies and laboratories around the world immediately began processing the PFM signals. This story briefly aggregates their reports.
The European Space Agency (ESA) proudly released a statement: “Europe’s Galileo system has passed its latest milestone, transmitting its very first test navigation signal back to Earth. [. . . . ] The turn of Galileo’s main L-band (1200-1600 MHz) antenna came on the early morning of Saturday 10 December. A test signal was transmitted by the first Galileo satellite in the E1 band, which will be used for Galileo’s Open Service once the system begins operating in 2014. [. . . . ]
“The signal power and shape was well within specifications. The shape is especially important because its modulation is carefully designed to enable interoperability with the L1 band of U.S. GPS navigation satellites: Galileo and GPS can indeed work together as planned.
“The test campaign is concentrating on the first satellite for the reminder of the year, with the focus moving to the second Galileo satellite from the start of 2012. The plan is to complete In-Orbit Testing by next spring.
“The next pair of Galileo In-Orbit Validation satellites will also be launched next year, to form the operational nucleus of the full Galileo constellation. Meanwhile the next batch of Galileo satellites are currently being manufactured for launch in 2014.”
Thales Avionics. Thales Avionics has developed a Galileo receiver capable of processing the Open Service, Commercial Service, and Safety of Life service of the Galileo constellation.
Figure 1 shows a screenshot of the Thales Avionics receiver interface program, highlighting the L1 signal energy (top right) and the pilot secondary code (bottom). The satellite Doppler and C/N0 values have been recorded and are provided in Figure 2.
Figure 1. Screen of Thales Avionics receiver interface highlighting L1 signal energy (top right) and the pilot secondary code (bottom). (Click to enlarge).
Figure 2. Satellite doppler and C/N0 values from the Thales Avionics receiver.
Thales has developed a coherent processing of the Galileo E5 AltBOC(15,10) signal compatible with hardware architecture designed for independent processing of both E5a and E5b. This processing is fully compatible with the mismatch between the two RF channels on E5a and E5b, thanks to real-time calibration based on satellite signals. This processing only requires software implementation, without additional recurrent costs. The technique is relevant for future receivers operating in the E5 band, in order to significantly enhance the accuracy, with respect to thermal noise and multi-path, and to improve the cycle slip probability.
CONGO. Several COoperative Network for GIOVE Observation (CONGO) stations, including one at the University of New Brunswick, are tracking both the E1 and E5 signals. Figure 3 shows C/N0 values collected at UNB.
Figure 3. C/N0 values in dB-Hz of PFM 1-Hz data collected at the University of New Brunswick, on December 10. Time axis runs for 24 hours starting at 01:00 UTC. Receiver is a Javad Delta-G2T. JAVAD GNSS. On December 12, JAVAD GNSS announced that it has tracked the Galileo in-orbit validation satellite, temporarily designated PRN-11.
“An important point is that we tracked it with our units that are already in the market,” said Javad Ashjaee, CEO. “This is not a lab tests. Our customers can track it too.”
Figure 4 shows the company’s tracking results of PRN-11: plots of pseudorange (in chips), doppler (in Hz), and SNR (relative number).
Figure 4. JAVAD GNSS tracking results of Galileo PRN-11 for now, plots of pseudorange (in chips), doppler (in Hz), and SNR (relative number).
Calgary PLAN Group. The University of Calgary sent a detailed report. (See Figure 5 and next item.)
Figure 5. Raw correlator values for the E1 B/C, E5aI/Q and E5bI/Q signals. The bit periods can be clearly seen on E1B, E5aI and E5bI. The secondary code can be observed on E1C while the pilot signal can be seen on singals E5aQ and E5bQ. (From the Calgary Report.)
Galileo E1 and E5: the Calgary Report
By James T. Curran and Aiden Morrison
Researchers in the Position, Location and Navigation (PLAN) Group at the University of Calgary recorded E1 and E5 data using a single dual-channel front-end and subsequently acquired and tracked E1 B/C, E5a and E5b signals in the early morning of December 15.
Using a dual channel front-end designed in-house, a Novatel GPS-703-GGG antenna and a laptop computer, IF data was collected to examine these new signals. This data was processed by GSNRx, a reconfigurable a multi-system, multi-frequency software receiver developed by the PLAN Group.
At approximately 03:20 MST (UTC – 7:00) more than 20 GNSS satellites were visible from a rooftop mounted antenna. Having reconfigured the front-end to accommodate the E5 band, IF data was collected which included Galileo E1 B/C and E5 A/B, GIOVE-B E1 B/C and E5a, GPS L1 C/A and L5, and GLONASS L1 C/A. Following some last-minute modifications to GSNRx to include the Galileo E5b signals, the samples were processed, simultaneously tracking GPS and Galileo on both the L1/E1 and L5/E5 frequencies and GLONASS on L1.
A subset of the raw correlator values for the E1 B, E1 C, E5a I and E5a Q signals are shown in Figure 5 above. Note that the E1 C values have been offset by -2.0×105 for clarity. A data-rate of 250 symbol/s is clearly visible on the E1 B and E5b signals while a 50 symbol/s stream can be observed on the E5a I signal. The 25 chip secondary code is also evident on E1 C at a rate of 250 chip/s.
All six components of the Galileo-PFM signals shown above (transmitted on PRN 11) were tracked independently and their signal modulations were found to agree with the Galileo Open Service ICD. A trace of the measured carrier-to-noise floor ratios for the Galileo signals is shown in Figure 6. As indicated by the ICD, the E5b signals were observed at 2 dB lower power than the E1 B and C signals. The E5a signals, however, were expected to be received at the same power as E5b and yet were observed at approximately 4 dB lower power. This is believed to be a combination of the antenna and IF filtering within the front-end as the E5a center frequency is located relatively near the pass-band edge of both. This front-end was initially designed for 40 MHz bandwidth, but used in this experiment at 50 MHz, as will be discussed later.
Figure 6. C/N0 for Galileo-PFM signals.
The software receiver was once again reconfigured, this time to produce signal correlator values spaced along a delay of approximately 700 m and 70 m for the E1 A/B and E5 A/B signals, respectively, such that the cross-correlation of the received and local-replica PRN sequences could be examined. The signals were tracked for 10 seconds and the 1 ms correlator values averaged, to produce estimates of the code cross-correlation function. The characteristic ripple of the CBOC modulation on E1 B/C can be seen in Figure 7 (left), particularly on the right-most ascending feature of the envelope. Likewise, the alt-BOC cross-correlation of E5a Q in Figure 7 (right) is as expected. It is noted that the E5a I signal has suffered some distortion due to the filtering effects mentioned above.
Figure 7. Measured cross-correlation functions for the Galileo PFM E1 B and C signals (left) and E5a I and E5b I signals (right).
For details of the PLAN group’s front-end, a flexible GNSS signal capture tool, and other specifics on the process employed, see the full-length article.
GPS III Testbed Sat Delivered
Lockheed Martin delivered the the GPS III Non-Flight Satellite Testbed (GNST), the program’s pathfinder spacecraft, to its Denver-area facility. The pathfinder will now undergo final assembly, integration, and test activities.
The GNST is a full-sized, flight equivalent prototype of a GPS III satellite used to identify and solve development issues prior to integration and test of the first space vehicle. According to the company, the approach reduces risk, improves production predictability, increases mission assurance and lowers overall program costs. In Denver, the GNST will be mated with its core structure, navigation payload, and antenna elements before completing pathfinding activities and checkout of environmental test facilities. The GNST will then be shipped to Cape Canaveral Air Force Station, Fla., for pathfinding activities at the launch site.
GPS III satellites, when launched as scheduled to being in 2014, will replace aging on-orbit GPS satellites to deliver better accuracy and improved anti-jamming power, while enhancing spacecraft design life and adding a new civil signal designed to be interoperable with international global navigation satellite systems.
In parallel with the GNST, progress on the first space vehicle is progressing on schedule. Lockheed Martin received the core structure for the first GPS III satellite in Stennis, Mississippi, on August 4, and is now integrating the space vehicle’s flight propulsion subsystem. The integrated core propulsion module will be shipped to the GPF in the summer of 2012 and will then undergo final assembly, integration and test in order to meet its planned 2014 launch.
The GPS III team is led by the GPS Directorate at the U.S. Air Force Space and Missile Systems Center. Lockheed Martin is the GPS III prime contractor with teammates ITT, General Dynamics, Infinity Systems Engineering, Honeywell, ATK and other subcontractors.
Drone Downed
Press reports speculate that GPS spoofing was used to get the RQ-170 Sentinel Drone to land in Iran. According to an Iranian engineer quoted in a Christian Science Monitor story, “By putting noise [jamming] on the communications, you force the bird into autopilot. This is where the bird loses its brain.” At that point, the drone relies on GPS signals to get home. By spoofing GPS, Iranian engineers were able to get the drone to “land on its own where we wanted it to, without having to crack the remote-control signals and communications.”
“The GPS navigation is the weakest point,” the Iranian engineer told the Monitor, giving a detailed description of Iran’s electronic ambush of the highly classified pilotless aircraft.
In 2011, the U.S. Air Force awarded two $47 million contracts to BAE Systems and Northrop Grumman for development of a navigation warfare sensor to replace military GPS receivers on aircraft and missiles, and designed to maintain freedom of action under extreme GPS countermeasures.
GLONASS Fully Operational
For the first time in more than 15 years, GLONASS is fully operational, with 24 satellites in their designated orbital slots, set healthy, and providing world coverage.
GLONASS 744, an M-class satellite and one of three launched from Baikonur on 4 November, was set healthy December 8, bringing the number of healthy operating satellites to the full complement of 24.
GLONASS briefly achieved a 24-satellite constellation in early 1996 but it degraded rapidly due to Russia’s economic difficulties following the break-up of the Soviet Union coupled with the short lifetime of the GLONASS satellites. Since 2002, the GLONASS constellation has slowly but surely been rebuilt with the Russian government’s commitment to provide a global positioning and navigation system comparable to that of GPS.
Luch SBAS. Roscosmos also launched the Luch-5A geostationary relay satellite on December 11.
Luch-5A is the first in a series of new data relay satellites designed to rebuild the Luch Multifunctional Space Relay System, which had ceased operating by 1998. Among other functions, 5A hosts a wideband satellite-based augmentation system (SBAS) transponder.
The SBAS transponder will transmit correction and integrity data for GLONASS and GPS on the GPS L1 frequency with a C/A pseudorandom noise code to be assigned by the GPS Directorate. The data will be provided by the System for Differential Correction and Monitoring or SDCM, which uses a ground network of monitoring stations on Russian territory as well as some overseas stations.
As the SDCM primary service area is Russian territory, the main lobe of the SBAS antenna beam will be directed to the north with an angle of 7 degrees relative to the direction to the equator. Transmitted power of 60 watts will give a signal power level at Earth’s surface roughly equal to that of GLONASS and GPS signals, about –158 dBW.
The current international SBAS data format has a limited capability for broadcasting corrections for both GLONASS and GPS satellites combined. There is space for only 51 satellites, insufficient for the current number of satellites on orbit. As a result, studies are being carried out in an attempt to resolve this problem. One option is to use a dynamic satellite mask, where an SDCM satellite would only broadcast corrections and integrity data for those GLONASS and GPS satellites in view of users in the territory of the Russian Federation.
Luch-5A is the first of three MSRS/SDCM satellites. Luch-5B will be launched in 2012 into a slot at 95 degrees east longitude and Luch-4, in 2014, into a slot at 167 degrees east longitude.
Beidou Launch Fills Regional Nav System
The Beidou-2/Compass IGSO-5 (fifth inclined geosynchonous orbit) satellite was launched on December. According to a Chinese government announcement, this launch completes the construction of the basic regional navigation system for service to China and will be operational by the end of the year. However, completion of the Phase II development, to provide service to the Asia/Pacific region, will require further satellite launches in 2012. Phase III global coverage, with a 30-satellite system, will be achieved by 2020 according to the Beidou website.
The GNSS community outside China still awaits a Compass interface control document (ICD), which has been promised by the end of 2012.
LightSquared Incompatibility Declared
U.S. government tests conducted in November showed that 75 percent of GPS receivers examined were interfered with at a distance of 100 meters from a LightSquared (LS)base station. The report states that “No additional testing is required to confirm harmful interference exists,” and “Immediate use of satellite service spectrum for terrestrial service not viable because of system engineering and integration challenges.”
The tests showed interference by the LS Low 10 terrestrial signal with an overwhelming majority of general-purpose GPS receivers. Data from LS handsets was collected, analysis is underway, but no results were given. Wideband and military receivers were tested, but neither specifications nor results were presented; a classified session was convened for that purpose.
Of the 92 receivers for which full data sets were compiled, 75 percent of them failed a 1db test, showing harmful interference at 100 meters from a LS base station. These 69 receivers failed at a broadcast level of around -15dBm from the LS transmitter.
In a December 7 filing with the FCC, LightSquared further revised its public plans to say that it would “limit its power on the ground when transmitting in the lower 10 MHz from 1526-1536 MHz to no more than –30 dBm until January 1, 2015, –27 dBm until January 1, 2017, and –24 dBm thereafter.” According to test data, at –30 dBm, approximately 17 percent of GPS receivers would be disrupted; at –27 dBm, 25 percent; at –24 dBm, 36 percent. Proceeding with this scenario would require the assumption that the FCC, or indeed anyone, believes anything that LightSquared says at any given instant, for any given duration.
By Ryan H. Mitch, Ryan C. Dougherty, Mark L. Psiaki, Steven P. Powell, Brady W. O’Hanlon, Jahshan A. Bhatti, and Todd E. Humphreys
GPS jamming is a continuing threat. A detailed understanding of how the available jammers work is necessary to judge their effectiveness and limitations. A team of researchers from Cornell University and the University of Texas at Austin reports on their analyses of the signal properties of 18 commercially available GPS jammers.
INNOVATION INSIGHTS by Richard Langley
GPS IS AT WAR. It is a major asset for United States and allied military forces in a number of operating theaters around the world in both declared and undeclared conflicts. But GPS is at war on the domestic front, too — at war against a proliferation of jamming equipment being marketed to cause deliberate interference to GPS signals to prevent GPS receivers from computing positions to be locally stored or relayed via tracking networks.
There have been many notable examples of deliberate jamming of GPS receivers. Many more likely go undetected each day. In 2009, outages of a Federal Aviation Administration reference receiver at Newark Liberty International Airport close to the New Jersey Turnpike were traced to a $33, 200 milliwatt GPS jammer in a truck that passed the airport each day. The driver was reportedly arrested and charged. In July 2010, two truck thieves in Britain were jailed for 16 years. They used GPS jammers to prevent the trucks from being tracked after the thefts. And in Germany, some truck drivers have been using jammers to evade the country’s GPS-based road-toll system.
The U.S. and some foreign governments have enacted laws to prohibit the importation, marketing, sale or operation of these so-called personal privacy devices. Nevertheless, a certain number of jammers are in the hands of individuals around the world and they continue to be available from manufacturers and suppliers in certain countries. So, GPS jamming is a continuing threat both at home and abroad and a detailed understanding of how the available jammers work is necessary to judge their effectiveness and limitations. This information will also help in developing countermeasures that could be incorporated into GPS receivers to limit the impact of jammers.
Jammers constitute an enemy force, and as the Chinese General Sun Tzu stated in the Art of War more than 2,000 years ago, battles will be won by knowing your enemy. In the last verse of Chapter Three, he states:
So it is said that if you know your enemies and know yourself, you can win a hundred battles without a single loss.
If you only know yourself, but not your opponent, you may win or may lose.
If you know neither yourself nor your enemy, you will always endanger yourself.
In this month’s column, a team of researchers from Cornell University and the University of Texas at Austin reports on their analyses of the signal properties of 18 commercially available GPS jammers. The enemy has been exposed.
The Global Positioning System has become increasingly incorporated into civilian infrastructure. The increase in GPS-integrated systems has caused a proportional increase in the vulnerability of these systems to jamming and interference. The interests of individuals or groups willing to break the law may be served by interfering with the normal operation of GPS-enabled systems. As a result, in recent years many GPS jamming devices have become available for purchase over the Internet. These relatively cheap devices, some costing less than an inexpensive GPS receiver, pose a significant risk to the normal operation of many systems reliant on GPS.
Many types of intentional radio frequency (RF) interference exist, including tones, swept waveforms, pulses, narrowband noise, and broadband noise. There are a number of methods for mitigating the effects of jamming and interference, and additional methods exist to locate the sources of the interference. Mitigation and location methods can be improved by use of a priori information about the interference source. This article provides such a priori information for a set of jammers and assesses their threats. Its results are based on two tests. The first test records raw RF data from a selection of jammers and analyzes it using fast Fourier transform (FFT) spectral methods. The second test evaluates the effective range of a subset of the GPS jammers using a commercial off-the-shelf (COTS) receiver.
The article presents results based on 18 civil GPS jammers. There are other types of GPS jammers for sale that were not tested. Furthermore, civil jammer behavior and design is likely to evolve over time. In this article, we draw conclusions based on only the jammers that we tested.
Overview of Civil GPS Jammers
Devices that claim to jam or “block” GPS signals are widely available through a number of websites and online entities. The cost of these devices ranges from a few tens of dollars to several hundred. Their price does not seem to correlate with the claims made by the purveyors of these devices regarding the features and effectiveness of the product in question. Effective ranges from a few meters to several tens of meters are advertised, but the actual effective ranges are significantly greater. Claimed and true power consumptions range from a fraction of a watt to several watts.
We grouped the GPS jammers we examined in this article into three categories based on morphology. The first is a group of jammers designed to plug into an automotive 12-volt auxiliary power supply outlet (cigarette lighter socket); this class of jammer is referred to in the remainder of this article as Group 1. The second category contains those jammers that are both powered by an internal rechargeable battery and that have an external antenna connected via an SMA connector; these jammers are referred to as Group 2. The jammers in Group 3 are disguised as cell phones; they have batteries but no external antennas. Figure 1 shows an example of a device from each of Groups 1–3.
Figure 1. Three jammers are depicted, from left to right Jammers 1, 5, and 15 from Groups 1, 2, and 3, respectively.
All 18 jammers broadcast power at or near the L1 carrier frequency, six broadcast power at or near the L2 carrier frequency, and none broadcast power at or near the L5 carrier frequency. Some of the jammers also broadcast power at frequencies outside of the GPS bands, typically cellular phone or Wi-Fi bands, but those frequencies are outside the scope of this article. Results in this article are for the current power levels broadcast in the GPS L1 and L2 bands, but examination of power levels in non-GPS bands indicate that many of these devices could be easily modified to broadcast much more power in the GPS bands.
The jammer antennas have been removed in most of the testing for this article, but their use in a real-world scenario will modify the jammer behavior. The antennas used by Group 1 and Group 2 jammers are loaded monopole antennas, while those used by the Group 3 jammers are electrically short helical antennas that have approximately the same gain pattern as the loaded monopoles. These antennas broadcast linearly polarized radiation, as opposed to the right-hand circular polarization of GPS signals. The polarization mismatch will cause some loss in received power at a right-hand circularly polarized GPS receiver antenna.
Jammer Signal Characteristics Test
The goal of the first set of tests was to record complex samples of the jamming signals and to derive the jammer characteristics from these data. A two-step procedure was used to collect useful data. The first step used a spectrum analyzer to find the frequency range of the jamming signal near L1 and L2. The second step used this frequency information to set the center frequency of a general-purpose RF digitization and signal storage device with a 12-drive RAID storage array. Offline analyses were then conducted on the recorded data.
The test procedure was as follows. For the first two groups, the jammer was placed inside an RF-shielded test enclosure shown in Figure 2, to prevent any signal leakage, and its SMA signal output port was connected to the relevant data collection device using a shielded coaxial cable. The signal had to pass from the inside to the outside of the RF enclosure using the built-in coaxial feed-through. Note, therefore, that no jammer signal radiation occurred for Group 1 and 2 jammers even inside the RF enclosure. The enclosure was used primarily as a precaution.
Figure 2. RF-shielded test enclosure. Jammers were operated inside the enclosure to prevent emission of their RF signals.
None of the Group 3 jammers had external antennas. Therefore, they were allowed to radiate in the RF enclosure using their internal antennas. To capture the signal, a receiving patch antenna with active amplification was placed in the RF enclosure, and the antenna output was connected to the relevant RF recording device via the enclosure’s coaxial feed-through. The jammer and receiving antenna were separated by about 14 centimeters. The patch antenna field-of-view center was pointed directly at the jammer. The jammer was oriented such that the axis of its helical antenna was pointing perpendicular to the line from the receiving antenna to the jammer.
Jammer Signal Characteristics Test Results
Although 18 jammers were tested, only a representative subset is discussed here. The signals were analyzed using FFT spectral methods and measurements of in-band power. Figure 3 displays the results of this analysis for a typical jammer from Group 1.
The top plot of Figure 3 graphs frequency on the vertical scale versus time on the horizontal scale. The bottom plot graphs power on the vertical scale versus time on the horizontal scale. Each vertical slice of the recorded RF data plot is a single FFT frequency spectrum. It covers 62.5 MHz centered on the L1 band and has a resolution of approximately 1 MHz. The relative power spectral density of each slice is indicated by color. The time axes of both plots span 80 microseconds.
Figure 3. Jammer 4 power spectral density versus time, with color indicating relative power (top plot) and power versus time in a 62.5-MHz band centered at the L1 carrier frequency (bottom plot).
The upper plot of Figure 3 is clearly that of a linear frequency modulation interspersed with rapid resets — a series of linear chirps. Each sweep takes nine microseconds and spans a range of about 14 MHz. This range includes the civil L1 GPS band. The center frequency is depicted by the horizontal red line in the top plot. The power is about 20 milliwatts and remains fairly constant over the sweep.
Three of the Group 1 jammers appeared to be of the same model and one was slightly different. All of them broadcast power only at L1. Despite their similarities in external appearance, the three jammers of the same model exhibited markedly different signal properties. These differences will be presented later in terms of tabulated frequency modulation characteristics and in-band power levels.
One of the Group 2 jammers was unusual in two respects, as illustrated in Figure 4. This figure plots the L2 spectrum whose center is indicated by the horizontal red line in the top plot. The first obvious difference from Figure 3 is that the frequency modulation in time is a triangular wave instead of a sawtooth. Additionally, the modulation frequency is very high in comparison to all the other jammers; its period is only about 1 microsecond. Note that the horizontal scale of this figure spans only 8 microseconds, that is, 10 times less than in Figure 3.
The other Group 2 jammers tended to broadcast sawtooth frequency modulations as in Figure 3. They all broadcast jamming power at L1. Of course, the jammer depicted in Figure 4 broadcast power at L2 as well. Only one other Group 2 jammer had L2 jamming capability. Two of the jammers suffered from poor design of their L1 frequency modulation schemes: they placed no jamming power closer than 4.6 MHz away from the nominal L1 carrier frequency.
Figure 4. Jammer 10 power spectral density versus time (top plot), with resolution of about 3 MHz and color indicating relative power, and power versus time (bottom plot) in a 62.5-MHz band centered at the L2 carrier frequency.
Another unusual frequency modulation was encountered in a Group 3 jammer. The L1 results for this jammer are depicted in Figure 5. It seems to show a linear-type frequency modulation distorted by sudden frequency jumps, as seen in the upper plot of the figure. Despite its irregular nature, this waveform maintains its jamming efficacy.
Figure 5. Jammer 15 power spectral density versus time, with color indicating relative power (top plot) and power versus time in a 62.5-MHz band centered at the L1 carrier frequency (bottom plot). Note the additional frequency jumps in the sweep pattern.
All four jammers in Group 3 broadcast power at L1, L2, and additional frequency bands. Three of the jammers appeared to be of the same model, while a fourth was different. Jammers in this group normally use a standard sawtooth frequency modulation. Figure 5 represents the exception.
Additional types of distortion from the nominal sawtooth frequency modulation have been observed in some of the jammers. Discussion of each additional variation has been omitted here for the sake of brevity. See the authors’ companion conference paper, listed in the Further Reading sidebar for more details.
Frequency Modulation Periods and Ranges. The frequency modulation characteristics of all 18 jammers are listed in Table 1. The first two columns identify each jammer by group number and jammer number. The sweep period and frequency range for the L1 sweep are shown in the third and fourth columns. The two numbers in the fourth column are the upper and lower bounds of the jamming tone sweep range in megahertz above and below the L1 carrier frequency. For instance, the period between resets of the linear frequency modulation of Jammer 1 is 26 microseconds and the tone sweeps from 25.4 MHz below L1 to 31.3 MHz above L1. The fifth and sixth columns are analogous to the third and fourth columns, but for jamming in the L2 band, with entries only for those jammers that broadcast in this band.
The sweep periods were calculated using four contiguous sweeps from near the beginning of each data set and another four sweeps 30 seconds later. The sweep periods exhibited standard deviations of less than 1 microsecond. The reported sweep ranges are the minimum and maximum frequency observed in the same data used to calculate sweep periods. The sweep ranges changed by as much as 2.5 MHz between sweeps.
One can make a number of observations based on Table 1. First, as mentioned previously, jammers which appeared to be of the same model exhibited significant variations in sweep behavior. For instance, Jammers 1, 3, and 4 appeared to be of the same models, yet Jammer 1 has a sweep period nearly three times as long as Jammers 3 and 4. It also has a sweep range four times as wide. Second, some individual jammers were exceptional. For example, Jammer 10 has a sweep period nearly 10 times shorter than any other jammer, and its L1 sweep range exceeded the 62.5 MHz bandwidth recorded by the RF sampling equipment. The sweep range of Jammer 16 also exceeded the sampled bandwidth, though its sweep period was not exceptional. Jammers 12 and 13 do not sweep through the L1 carrier frequency, as indicated by the negative signs in the fourth column of Table 1. Jammer 17 suffered from the same problem, but for both L1 and L2.
Table 1. Frequency characteristics of GPS jammers.
In-Band Jammer Power Levels. The GPS signal is spread over several megahertz by the pseudorandom noise (PRN) codes that modulate the L1 or L2 carrier waves. Different GPS receivers exploit this spreading by processing more or less of the full bandwidth. The RF power of the GPS jamming signal within different bands centered at L1 is an important concern because different receiver RF front-end bandwidths may allow different total amounts of jammer power to pass through them. For example, a C/A-code receiver with a 2-MHz RF front-end bandwidth will pass 10 dB less jammer power than will a 20-MHz bandwidth RF front end of a P(Y)-code receiver if the jammer in question spreads its power evenly over the 20-MHz band centered at the L1 carrier frequency. If the jammer power is concentrated in a 2-MHz range, however, then both receiver front ends will pass equal total jammer power.
To determine the power in different bandwidths, the raw data were filtered to pass only the bandwidths of interest. The data were digitally filtered using a finite input response (FIR) equiripple band-pass filter, providing 60 dB of attenuation at 2 MHz past the roll-off frequency. Note that a real GPS receiver will probably not have analog filter frequency roll offs as sharp as those used in our work.
Table 2 presents the results of this study. It reports power measurements averaged over 15 milliseconds in three different bandwidths: 2, 20, and 50 MHz, all centered at the nominal L1 or L2 carrier frequency. The table also indicates whether each jammer broadcasts power at frequencies other than the GPS frequencies. No power data is given for the non-GPS frequencies because they are not the focus of this article.
A number of observations can be drawn from Table 2. First, there is a large variation in broadcast power among jammers, with Group 2 jammers being on average more powerful. Specifically, Jammer 11 is the most powerful, broadcasting more than a watt in the GPS bands! Second, jammers of the same model broadcast roughly the same amount of power despite the differences in sweep behavior mentioned above. For instance, Jammers 1, 3, and 4 broadcast roughly the same amount of power, and Jammers 15, 17, and 18 do so as well. Third, the poor frequency plans of Jammers 12, 13, and 17 are apparent in the power measurements. These jammers did not sweep a tone through L1 or L2, and effectively no power was measured in the 2-MHz band centered on the L1 or L2 carrier frequencies.
Table 2. Jammer power levels in frequency bands of interest.
Although not shown in the tables, Jammers 12, 13, and 14 exhibited periodic variations in broadcast power. Their peak-to-peak power varies as a sawtooth wave with period approximately 15 milliseconds and amplitude on the order of 10 percent of the total broadcast power.
The measured power values in Table 2 for jammers of Groups 1 and 2 were derived using direct cable connections. Thus, they report the total power into the transmitting antenna. The power received at a GPS receiver’s RF front end will be affected by any antenna inefficiency, the antenna gain pattern, and the space loss, among other effects.
In contrast, the power reported for Group 3 jammers includes all of those effects for the given test configuration. Specifically, the receiving antenna picked up only a fraction of the radiated power because the receiving antenna subtended only a fraction of the 4π steradians around the transmitting antenna. Also, the power that was received was boosted by the receiving antenna’s active low-noise amplifier. Finally, the radiation environment inside the RF enclosure is uncertain, and the enclosure constrains the separation of the antennas to be on the order of one wavelength, thereby giving rise to near-field effects. Therefore, the indicated power levels for the Group 3 jammers do not constitute measures of absolute power. The tabulated power levels for Group 3 jammers are included primarily for purposes of comparison within the group.
Maximum Effective Range Test
The goal of the second set of tests was to determine the effective ranges of the GPS jammers when interfering with a COTS receiver. A constraint on this test was that it could not broadcast harmful radiation to the environment. Ideally, the jammers and a receiver would be taken outside and tested with all antennas attached. However, this type of test would possibly interfere with other equipment and is illegal in the United States. A close approximation to this scenario can be constructed using a high-fidelity simulated GPS signal, a commercial GPS receiver, a GPS jammer in an RF enclosure, and a set of attenuators to simulate various distances. The setup for the second test is shown in the block diagram of Figure 6.
Figure 6. Block diagram of the test procedure and equipment used to determine the GPS jammers’ effective ranges.
Each range test involved running a GPS jammer inside the RF enclosure, passing its signal through the enclosure’s coaxial feed-through, and electrically combining that signal with a GPS simulator signal. The combined signal was then input to the antenna connector of the COTS GPS receiver. Attenuators were inserted in-line with the GPS jammer before it arrived at the combiner. Using this setup, two tests were conducted. The first test determined the jamming signal attenuation level necessary for continuous tacking. The second test determined the attenuation level necessary to allow the receiver to acquire the simulator signal within five minutes from a cold start. As will be shown in the next section, the resulting attenuation values can be converted into effective ranges of the jammers if one makes certain reasonable assumptions about transmitting and receiving antenna gains and path losses.
The simulator power level was set so that the power into the receiver matched that which it would receive from the actual GPS constellation through a typical roof-mounted passive patch antenna. This power level was checked by comparing the resulting C/N0 for all of the visible satellites when using the simulator against typical C/N0 values when using the roof-mounted antenna. Typical levels reported by the receiver were C/N0 = 43 dB-Hz.
Maximum Effective Range Results
The jamming signal attenuation levels resulting from the two tests are presented in Table 3. These tests were conducted on one jammer from Group 1 and three jammers from Group 2. No jammers from Group 3 were included because of the broadcast power uncertainties discussed in connection with Table 2.
The attenuation values by themselves are not very useful, but they can be converted into distance measurements with a number of assumptions. The ratio of received power to transmitted power can be expressed as
where Gt is the transmitting antenna gain, Gr is the receiving antenna gain, and the term (λ/(4πr))2 is the path loss for radiation of wavelength λ over the distance r. This equation can be solved for the range, r:
The quantity in this formula that equates to the total electrical jammer attenuation produced in each bench-top test is the product of the antenna gains and the ratio of transmitted to received power: Gt Gr(Pt ⁄Pr ).
To convert the results in Table 3 into effective ranges, the transmitting and receiving antennas can be assumed to be perfect, lossless, isotropic radiators. In this case, the gain terms, Gt and Gr , are unity. Each measured attenuation value can be converted to the unitless ratio, Pt ⁄Pr , and substituted into the equation for r. Use of this equation at the L1 carrier frequency yields the ranges in Table 4. If the range between the jammer and receiver is less than that listed in the third column of the table, then the jammer will prevent the receiver from tracking and acquiring. If the range is less than that listed in the last column but more than that listed in the third column, the receiver will continue to track but be unable to acquire. The effective ranges are at least an order of magnitude greater than the claims of the jammers’ purveyors.
Table 3. Jammer attenuation levels needed to allow COTS GPS receiver acquisition and tracking.Table 4. Ranges of jammer effectiveness against COTS GPS receiver when using lossless isotropic antennas.
Distinct scenarios with different antennas can be approximately tested using Table 3 and the range equation. For example, a patch antenna that is oriented perfectly skyward might have 10 dB of attenuation at very low elevation angles, and the jammer might have an additional 3 dB loss due to polarization mismatch. In this scenario, the effective jamming range would be factored down by 10-13/20 = 0.22. In this case, Jammer 11’s tracking interference range would be reduced from 6.1 kilometers to 1.4 kilometers. Additional jammer signal attenuation might occur if the emissions passed through the reduced RF aperture of a vehicle’s body and windows. Such an effect could be incorporated into the range equation to determine a revised effective range.
Due to the ignored losses in the real system, it would likely be safe to assume that the effective ranges of the GPS jammers would be no greater than those listed in Table 4. The ranges could potentially be greater if a high-gain receiving antenna were aimed directly at the jamming source, or if the jamming source used a high-gain transmitting antenna aimed at the receiver. None of the jammers tested employed such an antenna.
Summary and Conclusions
This article has presented the signal properties of 18 commercially available GPS jammers as determined from two types of live experimental tests. The first test examined the frequency structures and power levels of the jammer signals. It showed that all of the jammers used some sort of swept tone method to generate broadband interference. The majority of the jammers used linear chirp signals, all jammed L1, only six jammed L2, and none jammed L5. The sweep period of the jammers is about 9 microseconds on average, and they tend to sweep a range of less than 20 MHz. Some of the jammers’ sweep ranges failed to encompass the target L1 or L2 carrier frequencies.
The second test provided an estimate of four of the jammers’ effective ranges when deployed against a typical commercial receiver. An upper bound on the effective ranges was calculated for idealized, lossless, isotropic radiating and receiving antennas with matched polarizations. The weakest of the four jammers affected tracking at a range of about 300 meters and acquisition at about 600 meters, while the strongest affected tracking at a range of about 6 kilometers and acquisition at about 8.5 kilometers.
Acknowledgments
The authors thank the U.S. Department of Homeland Security for providing interference devices for testing. This article is based on the paper “Signal Characteristics of Civil GPS Jammers” presented at ION GNSS 2011, the 24th International Technical Meeting of the Satellite Division of The Institute of Navigation, Portland, Oregon, September 19–23, 2011, where it received a best-presentation-in-session award.
Manufacturers
The tests discussed in this article used an Agilent Technologies (www.home.agilent.com) model N1996A spectrum analyzer, a National Instruments PXI-5663 RF vector signal analyzer, a Ramsey Electronics model STE3000B RF shielded test enclosure, an Antcom (www.antcom.com) model 53G1215A-XT-1 patch antenna, and a NovAtel ProPakII-RT2 GPS receiver.
Ryan H. Mitch is a graduate student in the Sibley School of Mechanical and Aerospace Engineering at Cornell University, Ithaca, New York. He received his B.S. degree in mechanical engineering from the University of Pittsburgh.
Ryan C. Dougherty is a graduate student in the Sibley School. He holds a B.S. degree in aerospace engineering from the University of Southern California.
Mark L. Psiaki is a professor in the Sibley School. He received a B.A. degree in physics and M.A. and Ph.D. degrees in mechanical and aerospace engineering from Princeton University.
Steven P. Powell is a senior engineer with the GPS and Ionospheric Studies Research Group in the Department of Electrical and Computer Engineering at Cornell University. He has M.S. and B.S. degrees in electrical engineering from Cornell University.
Brady W. O’Hanlon is a graduate student in the School of Electrical and Computer Engineering at Cornell University. He received a B.S. degree in electrical and computer engineering from Cornell University.
Jahshan A. Bhatti is pursuing a Ph.D. degree in the Department of Aerospace Engineering and Engineering Mechanics at the University of Texas (UT) at Austin, where he also received his M.S. and B.S. degrees. He is a member of the UT Radionavigation Laboratory.
Todd E. Humphreys is an assistant professor in the Department of Aerospace Engineering and Engineering Mechanics at UT Austin and Director of the UT Radionavigation Laboratory. He received B.S. and M.S. degrees in electrical and computer engineering from Utah State University and a Ph.D. degree in aerospace engineering from Cornell University.
Further Reading
• Authors’ Conference Paper
“Signal Characteristics of Civil GPS Jammers” by R.H. Mitch, R.C. Dougherty, M.L. Psiaki, S.P. Powell, B.W. O’Hanlon, J.A. Bhatti, and T.E. Humphreys in Proceedings of ION GNSS 2011, the 24th International Technical Meeting of The Satellite Division of the Institute of Navigation, Portland, Oregon, September 19–23, 2011, pp. 1907–1919.
“Car Jammers: Interference Analysis” by R. Bauernfeind, T. Kraus, D. Dötterböck, B. Eissfeller, E. Löhnert, and E. Wittmann in GPS World, Vol. 22, No. 10, October 2011, pp. 28–35.
“GPS Jamming: No Jam Tomorrow” in The Economist, Technology Quarterly Special Section, Vol. 398, Issue 8724, March 12, 2011, pp. 20–21.
Modern Communications Jamming Principles and Techniques, 2nd ed., by R.A. Poisel, published by Artech House, Boston, Massachusetts, 2011.
“Jamming GPS: Susceptibility of Some Civil GPS Receivers” by B. Forssell and R.B. Olsen in GPS World, Vol. 14, No. 1, January 2003, pp. 54–58.
“A Growing Concern: Radiofrequency Interference and GPS” by F. Butsch in GPS World, Vol. 13, No. 10, October 2002, pp. 40–50.
“Interference Effects and Mitigation Techniques” by J.J. Spilker Jr. and F.D. Natali, Chapter 20 in Global Positioning System: Theory and Applications, Volume I, published by the American Institute of Aeronautics and Astronautics, Inc., Washington, D.C., 1996, pp. 717–771.
• Government Regulations and Actions Against Jammers
“The Civilian Battlefield: Protecting GNSS Receivers from Interference and Jamming” by M. Jones in Inside GNSS, Vol. 6, No. 2, March/April 2011, pp. 40–49.
By Kyle Wesson, Daniel Shepard, and Todd Humphreys
Disruption created by intentional generation of fake GPS signals could have serious economic consequences. This article discusses how typical civil GPS receivers respond to an advanced civil GPS spoofing attack, and four techniques to counter such attacks: spread-spectrum security codes, navigation message authentication, dual-receiver correlation of military signals, and vestigial signal defense. Unfortunately, any kind of anti-spoofing, however necessary, is a tough sell.
GPS spoofing has become a hot topic. At the 2011 Institute of Navigation (ION) GNSS conference, 18 papers discussed spoofing, compared with the same number over the past decade. ION-GNSS also featured its first panel session on anti-spoofing, called “Improving Security of GNSS Receivers,” which offered six security experts a forum to debate the most promising anti-spoofing technologies.
The spoofing threat has also drawn renewed U.S. government scrutiny since the initial findings of the 2001 Volpe Report. In November 2010, the U.S. Position Navigation and Timing National Executive Committee requested that the U.S. Department of Homeland Security (DHS) conduct a comprehensive risk assessment on the use of civil GPS. In February 2011, the DHS Homeland Infrastructure Threat and Risk Analysis Center began its investigation in conjunction with subject-matter experts in academia, finance, power, and telecommunications, among others. Their findings will be summarized in two forthcoming reports, one on the spoofing and jamming threat and the other on possible mitigation techniques. The reports are anticipated to show that GPS disruption due to spoofing or jamming could have serious economic consequences.
Effective techniques exist to defend receivers against spoofing attacks. This article summarizes state-of-the-art anti-spoofing techniques and suggests a path forward to equip civil GPS receivers with these defenses. We start with an analysis of a typical civil GPS receiver’s response to our laboratory’s powerful spoofing device. This will illustrate the range of freedom a spoofer has when commandeering a victim receiver’s tracking loops. We will then provide an overview of promising cryptographic and non-cryptographic anti-spoofing techniques and highlight the obstacles that impede their widespread adoption.
The Spoofing Threat
Spoofing is the transmission of matched-GPS-signal-structure interference in an attempt to commandeer the tracking loops of a victim receiver and thereby manipulate the receiver’s timing or navigation solution. A spoofer can transmit its counterfeit signals from a stand-off distance of several hundred meters or it can be co-located with its victim.
Spoofing attacks can be classified as simple, intermediate, or sophisticated in terms of their effectiveness and subtlety. In 2003, the Vulnerability Assessment Team at Argonne National Laboratory carried off a successful simple attack in which they programmed a GPS signal simulator to broadcast high-powered counterfeit GPS signals toward a victim receiver. Although such a simple attack is easy to mount, the equipment is expensive, and the attack is readily detected because the counterfeit signals are not synchronized to their authentic counterparts.
In an intermediate spoofing attack, a spoofer synchronizes its counterfeit signals with the authentic GPS signals so they are code-phase-aligned at the target receiver. This method requires a spoofer to determine the position and velocity of the victim receiver, but it affords the spoofer a serious advantage: the attack is difficult to detect and mitigate.
The sophisticated attack involves a network of coordinated intermediate-type spoofers that replicate not only the content and mutual alignment of visible GPS signals but also their spatial distribution, thus fooling even multi-antenna spoofing defenses.
Table 1. Comparison of anti-spoofing techniques discussed in this article.
Lab Attack. So far, no open literature has reported development or research into the sophisticated attack. This is likely because of the success of the intermediate-type attack: to date, no civil GPS receiver tested in our laboratory has fended off an intermediate-type spoofing attack. The spoofing attacks, which are always conducted via coaxial cable or in radio-frequency test enclosures, are performed with our laboratory’s receiver-spoofer, an advanced version of the one introduced at the 2008 ION-GNSS conference (see “Assessing the Spoofing Threat,” GPS World, January 2009).
To commence the attack, the spoofer transmits its counterfeit signals in code-phase alignment with the authentic signals but at power level below the noise floor. The spoofer then increases the power of the spoofed signals so that they are slightly greater than the power of the authentic signals. At this point, the spoofer has taken control of the victim receiver’s tracking loops and can slowly lead the spoofed signals away from the authentic signals, carrying the receiver’s tracking loops with it. Once the spoofed signals have moved more than 600 meters in position or 2 microseconds in time away from the authentic signals, the receiver can be considered completely owned by the spoofer.
Spoofing testbed at the University of Texas Radionavigation Laboratory, an advanced and powerful suite for anti-spoofing research. On the right are several of the civil GPS receivers tested and the radio-frequency test enclosure, and on the left are the phasor measurement unit and the civil GPS spoofer.
Although our spoofer fooled all of the receivers tested in our laboratory, there are significant differences between receivers’ dynamic responses to spoofing attacks. It is important to understand the types of dynamics that a spoofer can induce in a target receiver to gain insight into the actual dangers that a spoofing attack poses rather than rely on unrealistic assumptions or models of a spoofing attack. For example, a recent paper on time-stamp manipulation of the U.S. power grid assumed that there was no limit to the rate of change that a spoofer could impose on a victim receiver’s position and timing solution, which led to unrealistic conclusions.
Experiments performed in our laboratory sought to answer three specific questions regarding spoofer-induced dynamics:
How quickly can a timing or position bias be introduced?
What kinds of oscillations can a spoofer cause in a receiver’s position and timing?
How different are receiver responses to spoofing?
These questions were answered by determining the maximum spoofer-induced pseudorange acceleration that can be used to reach a certain final velocity when starting from a velocity of zero, without raising any alarms or causing the target receiver to lose satellite lock. The curve in the velocity-acceleration plane created by connecting these points defines the upper bound of a region within which the spoofer can safely manipulate the target receiver. These data points can be obtained empirically and fit to an exponential curve. Alarms on the receiver may cause some deviations from this curve depending on the particular receiver.
Figure 1 shows an example of the velocity-acceleration curve for a high-quality handheld receiver, whose position and timing solution can be manipulated quite aggressively during a spoofing attack. These results suggest that the receiver’s robustness — its ability to provide navigation and timing solutions despite extreme signal dynamics — is actually a liability in regard to spoofing. The receiver’s ability to track high accelerations and velocities allows a spoofer to aggressively manipulate its navigation solution.
Figure 1. Theoretical and experimental test results for a high-quality handheld receiver’s dynamic response to a spoofing attack. Although not shown here, the maximum attainable velocity is around 1,300 meters/second.
The relative ease with which a spoofer can manipulate some GPS receivers suggests that GPS-dependent infrastructure is vulnerable. For example, the telecommunications network and the power grid both rely on GPS time-reference receivers for accurate timing. Our laboratory has performed tests on such receivers to determine the disruptions that a successful spoofing attack could cause. The remainder of this section highlights threats to these two sectors of critical national infrastructure.
Cell-Phone Vulnerability. Code division multiple access (CDMA) cell-phone towers rely on GPS timing for tower-to-tower synchronization. Synchronization prevents towers from interfering with one another and enables call hand-off between towers. If a particular tower’s time estimate deviates more than 10 microseconds from GPS time, hand-off to and from that tower is disrupted. Our tests indicate that a spoofer could induce a 10-microsecond time deviation within about 30 minutes for a typical CDMA tower setup. A spoofer, or spoofer network, could also cause multiple neighboring towers to interfere with one another. This is possible because CDMA cell-phone towers all use the same spreading code and distinguish themselves only by the phasing (that is, time offset) of their spreading codes. Furthermore, it appears that a spoofer could impair CDMA-based E911 user-location.
Power-Grid Vulnerability. Like the cellular network, the power grid of the future will rely on accurate GPS time-stamps. The efficiency of power distribution across the grid can be improved with real-time measurements of the voltage and current phasors. Phasor measurement units (PMUs) have been proposed as a smart-grid technology for precisely this purpose. PMUs rely on GPS to time-stamp their measurements, which are sent back to a central monitoring station for processing. Currently, PMUs are used for closed-loop grid control in only a few applications, but power-grid modernization efforts will likely rely more heavily on PMUs for control. If a spoofer manipulates a PMU’s time stamps, it could cause spurious variations in measured phase angles. These variations could distort power flow or stability estimates in such a way that grid operators would take incorrect or unnecessary control actions including powering up or shutting down generators, potentially causing blackouts or damage to power-grid equipment.
Under normal circumstances, a changing separation in the phase angle between two PMUs indicates changes in power flow between the regions measured by each PMU. Tests demonstrate that a spoofer could cause variations in a PMU’s measured voltage phase angle at a rate of 1.73 degrees per minute. Thus, a spoofing attack could create the false indications of power flow across the grid. The tests results also reveal, however, that it is impossible for a spoofer to cause changes in small-signal grid stability estimates, which would require the spoofer to induce rapid (for example, 0.1–3 Hz) microsecond-amplitude oscillations in timing. Such oscillations correspond to spoofing dynamics well outside the region of freedom of all receivers we have tested. A spoofer might also be able to affect fault-location estimates obtained through time-difference-of-arrival techniques using PMU measurements. This could cause large errors in fault-location estimates and hamper repair efforts.
What Can Be Done? Despite the success of the intermediate-type spoofing attack against a wide variety of civil GPS receivers and the known vulnerabilities of GPS-dependent critical infrastructure to spoofing attacks, anti-spoofing techniques exist that would enable receivers to successfully defend themselves against such attacks. We now turn to four promising anti-spoofing techniques.
Cryptographic Methods
These techniques enable a receiver to differentiate authentic GPS signals from counterfeit signals with high likelihood. Cryptographic strategies rely on the unpredictability of so-called security codes that modulate the GPS signal. An unpredictable code forces a spoofer who wishes to mount a successful spoofing attack to either
estimate the unpredictable chips on-the-fly, or
record and play back authentic GPS spectrum (a meaconing attack).
To avoid unrealistic expectations, it should be noted that no anti-spoofing technique is completely impervious to spoofing. GPS signal authentication is inherently probabilistic, even when rooted in cryptography. Many separate detectors and cross-checks, each with its own probability of false alarm, are involved in cryptographic spoofing detection. Figure 2 illustrates how the jammer-to-noise ratio detector, timing consistency check, security-code estimation and replay attack (SCER) detector, and cryptographic verification block all work together. This hybrid combination of statistical hypothesis tests and Boolean logic demonstrates the complexities and subtleties behind a comprehensive, probabilistic GPS signal authentication strategy for security-enhanced signals.
Figure 2. GNSS receiver components required for GNSS signal authentication. Components that support code origin authentication are outlined in bold and have a gray fill, whereas components that support code timing authentication are outlined in bold and have no fill. The schematic assumes a security code based on navigation message authentication.
Spread Spectrum Security Codes. In 2003, Logan Scott proposed a cryptographic anti-spoofing technique based on spread spectrum security codes (SSSCs). The most recent proposed version of this technique targets the L1C signal, which will be broadcast on GPS Block III satellites, because the L1C waveform is not yet finalized. Unpredictable SSSCs could be interleaved with the L1C spreading code on the L1C data channel, as illustrated in Figure 3. Since L1C acquisition and tracking occurs on the pilot channel, the presence of the SSSCs has negligible impact on receivers. Once tracking L1C, a receiver can predict when the next SSSC will be broadcast but not its exact sequence. Upon reception of an SSSC, the receiver stores the front-end samples corresponding to the SSSC interval in memory. Sometime later, the cryptographic digital key that generated the SSSC is transmitted over the navigation message. With knowledge of the digital key, the receiver generates a copy of the actual transmitted SSSC and correlates it with the previously-recorded digital samples. Spoofing is declared if the correlation power falls below a pre-determined threshold.
Figure 3. Placement of the periodically unpredictable spread spectrum security codes in the GPS L1C data channel spreading sequence.
When the security-code chip interval is short (high chipping rate), it is difficult for a spoofer to estimate and replay the security code in real time. Thus, the SSSC technique on L1C offers a strong spoofing defense since the L1C chipping rate is high (that is, 1.023 MChips/second). Furthermore, the SSSC technique does not rely on the receiver obtaining additional information from a side channel; all the relevant codes and keys are broadcast over the secured GPS signals. Of course a disadvantage for SSSC is that it requires a fairly fundamental change to the currently-proposed L1C definition: the L1C spreading codes must be altered.
Implementation of the SSSC technique faces long odds, partly because it is late in the L1C planning schedule to introduce a change to the spreading codes. Nonetheless, in September 2011, Logan Scott and Phillip Ward advocated for SSSC at the Public Interface Control Working Group meeting, passing the first of many wickets. The proposal and associated Request for Change document will now proceed to the Lower Level GPS Engineering Requirements Branch for further technical review. If approved there, it passes to the Joint Change Review Board for additional review and, if again approved, to the Technical Interchange Meeting for further consideration. The chances that the SSSC proposal will survive this gauntlet would be much improved if some government agency made a formal request to the GPS Directorate to include SSSCs in L1C — and provided the funding to do so. The DHS seems to us a logical sponsoring agency.
Navigation Message Authentication. If an L1C SSSC implementation proves unworkable, an alternative, less-invasive cryptographic authentication scheme based on navigation message authentication (NMA) represents a strong fall-back option. In the same 2003 ION-GNSS paper that he proposed SSSC, Logan Scott also proposed NMA. His paper was preceded by an internal study at MITRE and followed by other publications in the open literature, all of which found merit in the NMA approach. The NMA technique embeds public-key digital signatures into the flexible GPS civil navigation (CNAV) message, which offers a convenient conveyance for such signatures. The CNAV format was designed to be extensible so that new messages can be defined within the framework of the GPS Interference Specification (IS). The current GPS IS defines only 15 of 64 CNAV messages, reserving the undefined 49 CNAV messages for future use.
Our lab recently demonstrated that NMA works to authenticate not only the navigation message but also the underlying signal. In other words, NMA can be the basis of comprehensive signal authentication. We have proposed a specific implementation of NMA that is packaged for immediate adoption. Our proposal defines two new CNAV messages that deliver a standardized public-key elliptic-curve digital algorithm (ECDSA) signature via the message format in Figure 4.
Figure 4. Format of the proposed CNAV ECDSA signature message, which delivers the first or second half of the 466-bit ECDSA signature and a 5-bit salt in the 238-bit payload field.
Although the CNAV message format is flexible, it is not without constraints. The shortest block of data in which a complete signature can be embedded is a 96-second signature block such as the one shown in Figure 5. In this structure, the two CNAV signature messages are interleaved between the ephemeris and clock data to meet the broadcast requirements.
Figure 5. The shortest broadcast signature block that does not violate the CNAV ephemeris and timing broadcast requirements. To meet the required broadcast interval of 48 seconds for message types 10, 11, and one of 30–39, the ECDSA signature is broadcast over a 96-second signature block that is composed of eight CNAV messages.
The choice of the duration between signature blocks is a tradeoff between offering frequent authentication and maintaining a low percentage of the CNAV message reserved for the digital signature. In our proposal, signature blocks are transmitted roughly every five minutes (Figure 6) so that only 7.5 percent of the navigation message is devoted to the digital signature. Across the GPS constellation, the signature block could be offset so that a receiver could authenticate at least one channel approximately every 30 seconds. Like SSSC, our proposed version of NMA does not require a receiver’s getting additional information from a side channel, provided the receiver obtains public key updates on a yearly basis.
Figure 6. A signed 336-second broadcast. The proposed strategy signs every 28 CNAV messages with a signature broadcast over two CNAV messages on each broadcast channel.
NMA is inherently less secure than SSSC. A NMA security code chip interval (that is, 20 milliseconds) is longer than a SSSC chip interval, thereby allowing the spoofer more time to estimate the digital signature on-the-fly. That is not to say, however, that NMA is ineffective. In fact, tests with our laboratory’s spoofing testbed demonstrated the NMA-based signal authentication structure described earlier offered a receiver a better-than 95 percent probability of detecting a spoofing attack for a 0.01 percent probability of false alarm under a challenging spoofing-attack scenario.
NMA is best viewed as a hedge. If the SSSC approach does not gain traction, then NMA might, since it only requires defining two new CNAV messages in the GPS IS — a relatively minor modification. CNAV-based NMA could defend receivers tracking L2C and L5. A new CNAV2 message will eventually be broadcast on L1 via L1C, so a repackaged CNAV2-based NMA technique could offer even single-frequency L1 receivers a signal-side anti-spoofing defense.
P(Y) Code Dual-Receiver Correlation. This approach avoids entirely the issue of GPS IS modifications. The technique correlates the unknown encrypted military P(Y) code between two civil GPS receivers, exploiting known carrier-phase and code-phase relationships. It is similar to the dual-frequency codeless and semi-codeless techniques that civil GPS receivers apply to track the P(Y) code on L2. Peter Levin and others filed a patent on the codeless-based signal authentication technique in 2008; Mark Psiaki extended the approach to semicodeless correlation and narrow-band receivers in a 2011 ION-GNSS paper.
In the dual-receiver technique, one receiver, stationed in a secure location, tracks the authentic L1 C/A codes while receiving the encrypted P(Y) code. The secure receiver exploits the known timing and phase relationships between the C/A code and P(Y) code to isolate the P(Y) code, of which it sends raw samples (codeless technique) or estimates of the encrypting W-code chips (semi-codeless technique) over a secure network to the defending receiver. The defending receiver correlates its locally-extracted P(Y) with the samples or W-code estimates from the secure receiver. If a spoofing attack is underway, the correlation power will drop below a statistical threshold, thereby causing the defending receiver to declare a spoofing attack. Although the P(Y) code is 20 MHz wide, a narrowband civil GPS receiver with 2.6 MHz bandwidth can still perform the statistical hypothesis tests even with the resulting 5.5 dB attenuation of the P(Y) code. Because the dual-receiver method can run continuously in the background as part of a receiver’s standard GPS signal processing, it can declare a spoofing attack within seconds — a valuable feature for many applications.
Two considerations about the dual-receiver technique are worth noting. First, the secure receiver must be protected from spoofing for the technique to succeed. Second, the technique requires a secure communication link between the two receivers. Although the first requirement is easily achieved by locating secure receivers in secure locations, the second requirement makes the technique impractical for some applications that cannot support a continuous communication link.
Of all the proposed cryptographic anti-spoofing techniques, only the dual-receiver method could be implemented today. Unfortunately the P(Y) code will no longer exist after 2021, meaning that systems that make use of the P(Y)-based dual-receiver technique will be rendered unprotected, although a similar M-code-based technique could be an effective replacement. The dual-receiver method, therefore, is best thought of as a stop-gap: it can provide civil GPS receivers with an effective anti-spoofing technique today until a signal-side civil GPS authentication technique is approved and implemented in the future This sentiment was the consensus of the panel experts at the 2011 ION-GNSS session on civil GPS receiver security.
Non-Cryptographic Methods
Non-cryptographic techniques are enticing because they can be made receiver-autonomous, requiring neither security-enhanced civil GPS signals nor a side-channel communication link. The literature contains a number of proposed non-cryptographic anti-spoofing techniques. Frequently, however, these techniques rely on additional hardware, such as accelerometers or inertial measurements units, which may exceed the cost, size, or weight requirements in many applications. This motivates research to develop software-based, receiver-autonomous anti-spoofing methods.
Vestigial Signal Defense (VSD). This software-based, receiver-autonomous anti-spoofing technique relies on the difficulty of suppressing the true GPS signal during a spoofing attack. Unless the spoofer generates a phase-aligned nulling signal at the phase center of the victim GPS receiver’s antenna, a vestige of the authentic signal remains and manifests as a distortion of the complex correlation function. VSD monitors distortion in the complex correlation domain to determine if a spoofing attack is underway.
To be an effective defense, the VSD must overcome a significant challenge: it must distinguish between spoofing and multipath. The interaction of the authentic and spoofed GPS signals is similar to the interaction of direct-path and multipath GPS signals. Our most recent work on the VSD suggests that differentiating spoofing from multipath is enough of a challenge that the goal of the VSD should only be to reduce the degrees-of-freedom available to a spoofer, forcing the spoofer to act in a way that makes the spoofing signal or vestige of the authentic GPS signal mimic multipath. In other words, the VSD seeks to corner the spoofer and reduce its space of possible dynamics.
Among other options, two potential effective VSD techniques are
a maximum-likelihood bistatic-radar-based approach and
a phase-pseudorange consistency check.
The first approach examines the spatial and temporal consistency of the received signals to detect inconsistencies between the instantaneous received multipath and the typical multipath background environment. The second approach, which is similar to receiver autonomous integrity monitoring (RAIM) techniques, monitors phase and pseudorange observables to detect inconsistencies potentially caused by spoofing. Again, a spoofer can act like multipath to avoid detection, but this means that the VSD would have achieved its modest goal.
Anti-Spoofing Reality Check
Security is a tough sell. Although promising anti-spoofing techniques exist, the reality is that no anti-spoofing techniques currently defend civil GPS receivers. All anti-spoofing techniques face hurdles. A primary challenge for any technique that proposes modifying current or proposed GPS signals is the tremendous inertia behind GPS signal definitions. Given the several review boards whose approval an SSSC or NMA approach would have to gain, the most feasible near-term cryptographic anti-spoofing technique is the dual-receiver method. A receiver-autonomous, non-cryptographic approach, such as the VSD, also warrants further development. But ultimately, the SSSC or NMA techniques should be implemented: a signal-side civil GPS cryptographic anti-spoofing technique would be of great benefit in protecting civil GPS receivers from spoofing attacks.
Manufacturers
The high-quality handheld receiver cited in Figure 1 was a Trimble Juno SB. Testbed equipment shown: Schweitzer Engineering Laboratories SEL-421 synchrophasor measurement unit; Ramsey STE 3000 radio-frequency test chamber; Ettus Research USRP N200 universal software radio peripheral; Schweitzer SEL-2401 satellite-synchronized clock (blue); Trimble Resolution SMT receiver (silver); HP GPS time and frequency reference receiver.
Full results of Figure 1 experiment are given in Shepard, D.P. and T.E. Humphreys, “Characterization of Receiver Response to Spoofing Attacks,” Proceedings of ION-GNSS 2011.
NMA can be the basis of comprehensive signal authentication: Wesson, K.D., M. Rothlisberger, T. E. Humphreys (2011), “Practical cryptographic civil GPS signal authentication,” Navigation, Journal of the ION, submitted for review.
Kyle Wesson is pursuing his M.S. and Ph.D. degrees in electrical and computer engineering at the University of Texas at Austin. He is a member of the Radionavigation Laboratory. He received his B.S. from Cornell University.
Daniel Shepard is pursuing his M.S. and Ph.D. degrees in aerospace engineering at the University of Texas at Austin, where he also received his B.S. He is a member of the Radionavigation Laboratory.
Todd Humphreys is an assistant professor in the department of Aerospace Engineering and Engineering Mechanics at the University of Texas at Austin and director of the Radionavigation Laboratory. He received a Ph.D. in aerospace engineering from Cornell University.
Disaster-preparedness plans recognize the individual’s role in his or her own survival. When storms approach, have water, food, and basic survival gear on hand. It takes time for help to arrive.
The civil GPS industry faces an oncoming storm of interference, and the receiver is the first line of defense. As we integrate GPS into all facets of our lives and infrastructure, we become more subject to disruptions, both unintentional and intentional. Newark International Airport now sees several jamming events per day. In Taiwan, one airport experiences an average of 117 events per day!
How can civil PNT infrastructure be made more resilient?
Faced with jamming, spoofing, and cyber attacks, receivers must take basic precautionary measures. They must recognize jamming and spoofing attacks to avoid generating hazardously misleading outputs. Situational awareness is key. Accurate and specific alarms must be generated so users can take action and authorities can be notified. Regular threat-signature updates can improve situational awareness, much like antivirus updates on a computer. Fire alarms don’t put out fires but they do save lives and improve response time.
Twenty years ago, computers rarely had firewall or antivirus protection. As GPS becomes more deeply integrated into communications-enabled systems, its utility increases exponentially but so does its vulnerability to cyber attack. When you update your GPS software or your maps, how do you know they have not been compromised? How do you know your receiver is authentic?
Figure 1. There are demonstrated, well known attacks that can cause receivers to output misleading information without warning. Many of these attacks can be detected using simple methods. Some receivers incorporate detection and countermeasures techniques. Many don’t. Receiver certification provides GPS buyers with a starting point for selecting GPS receivers. Certified receivers can accurately report on interference so it can be located and stopped.
The U.S. Navy recently discovered counterfeit routers in several of their installations. Well-developed computer security methods such as the Trusted Platform Module found in more than 300 million computers can help secure GPS receivers without impeding innovation.
The government can also play a role in improving receivers by providing an authenticatable civil signal structure. Well-documented Public Key Infrastructure methods such as digital signing and occasional, short-spread spectrum security-code bursts can be added to the new L1C signal. Receivers voluntarily using these signal features can establish signal provenance with extremely high confidence.
The public, unclassified keys needed to process these features could be sold and used as a revenue source for the GPS system. Receivers that choose not to use these features can ignore them without adverse impact other than weaker security. The large numbers of in-theater military users who rely on civil signals would also stand to benefit.
Finally, I would note that situationally aware receivers can provide specific and detailed reports about what they see. Interference-monitoring systems such as Patriot Watch will need detailed reports to sort and associate the multitude of reports they receive into a coherent picture of what is actually happening. To provide adequate geographic coverage, interference monitoring systems will need to accept reports from diverse receiver types on an opportunistic basis. In short, they will have to rely on crowdsourcing as a major operational input.
As Brad Parkinson noted during my presentation of this material to the November 9 meeting of the National PNT Executive Committee Advisory Board (“Receiver Certification: Making the GNSS Environment Hostile to Jammers and Spoofers,” at www.pnt.gov/advisory/2011/11/), in the early days of electricity, a lot of houses burned down because of electrical problems. Underwriters Laboratories helped immensely by testing electrical equipment to make sure it was reasonably safe, and consumers looked for the UL label. A voluntary, basic receiver certification process similar to Underwriters Laboratories should be pursued to provide the user community with a basis for selecting receivers.
Logan Scott has more than 32 years of military and civil GPS systems engineering experience. At Texas Instruments, he pioneered approaches for building high-performance, jamming-resistant digital receivers. While at Omnipoint, a cellular carrier, he developed cross-system interference mitigation strategies. He holds 33 U.S. patents.
By Saeed Daneshmand, Ali Jafarnia-Jahromi, Ali Broumandan, and Gérard Lachapelle
Most anti-spoofing techniques are computationally complicated or limited to a specific spoofing scenario. A new approach uses a two-antenna array to steer a null toward the direction of the spoofing signals, taking advantage of the spatial filtering and the periodicity of the authentic and spoofing signals. It requires neither antenna-array calibration nor a spoofing detection block, and can be employed as an inline anti-spoofing module at the input of conventional GPS receivers.
GNSS signals are highly vulnerable to in-band interference such as jamming and spoofing. Spoofing is an intentional interfering signal that aims to coerce GNSS receivers into generating false position/navigation solutions. A spoofing attack is, potentially, significantly more hazardous than jamming since the target receiver is not aware of this threat. In recent years, implementation of software receiver-based spoofers has become feasible due to rapid advances with software-defined radio (SDR) technology. Therefore, spoofing countermeasures have attracted significant interest in the GNSS community.
Most of the recently proposed anti-spoofing techniques focus on spoofing detection rather than on spoofing mitigation. Furthermore, most of these techniques are either restricted to specific spoofing scenarios or impose high computational complexity on receiver operation.
Due to the logistical limitations, spoofing transmitters often transmit several pseudorandom noise codes (PRNs) from the same antenna, while the authentic PRNs are transmitted from different satellites from different directions. This scenario is shown in Figure 1. In addition, to provide an effective spoofing attack, the individual spoofing PRNs should be as powerful as their authentic peers. Therefore, overall spatial energy of the spoofing signals, which is coming from one direction, is higher than other incident signals. Based on this common feature of the spoofing signals, we propose an effective null-steering approach to set up a countermeasure against spoofing attacks. This method employs a low-complexity processing technique to simultaneously de-spread the different incident signals and extract their spatial energy. Afterwards, a null is steered toward the direction where signals with the highest amount of energy impinge on the double-antenna array. One of the benefits of this method is that it does not require array calibration or the knowledge of the array configuration, which are the main limitations of antenna-array processing techniques.
Processing Method
The block diagram of the proposed method is shown in Figure 2. Without loss of generality, assume that s(t) is the received spoofing signal at the first antenna.
Figure 2. Operational block diagram of proposed technique.
The impinging signal at the second antenna can be modeled by , where θs and μ signify the spatial phase and gain difference between the two channels, respectively. As mentioned before, the spoofer transmits several PRNs from the same direction while the authentic signals are transmitted from different directions. Therefore, θs is the same for all the spoofing signals. However, the incident authentic signals impose different spatial phase differences. In other words, the dominant spatial energy is coming from the spoofing direction. Thus, by multiplying the conjugate of the first channel signals to that of the second channel and then applying a summation over N samples, θs can be estimated as (1)
where r1 and r2 are the complex baseband models of the received signals at the first and the second channels respectively, and Ts is the sampling duration. In (1), θs can be estimated considering the fact that the authentic terms are summed up non-constructively while the spoofing terms are combined constructively, and all other crosscorrelation and noise terms are significantly reduced after filtering. For estimating μ, the signal of each channel is multiplied by its conjugate in the next epoch to prevent noise amplification. It can easily be shown that μ can be estimated as (2)
where T is the pseudorandom code period. Having and a proper gain can be applied to the second channel in order to mitigate the spoofing signals by adding them destructively as (3)
Analyses and Simulation Results
We have carried out simulations for the case of 10 authentic and 10 spoofing GPS signals being transmitted at the same time. The authentic sources were randomly distributed over different azimuth and elevation angles, while all spoofing signals were transmitted from the same direction at azimuth and elevation of 45 degrees. A random code delay and Doppler frequency shift were assigned to each PRN. The average power of the authentic and the spoofing PRNs were –158.5 dBW and –156.5 dBW, respectively.
Figure 3 shows the 3D beam pattern generated by the proposed spoofing mitigation technique. The green lines show the authentic signals coming from different directions, and the red line represents the spoofing signals. As shown, the beam pattern’s null is steered toward the spoofing direction.
Figure 3. Null steering toward the spoofer signals.
In Figure 4, the array gain of the previous simulation has been plotted versus the azimuth and elevation angles. Note that the double-antenna anti-spoofing technique significantly attenuates the spoofer signals. This attenuation is about 11 dB in this case. Hence, after mitigation, the average injected spoofing power is reduced to –167.5 dBW for each PRN. As shown in Figure 4, the double-antenna process has an inherent array gain that can amplify the authentic signals. However, due to the presence of the cone of ambiguity in the two-antenna array beam pattern, the power of some authentic satellites that are located in the attenuation cone might be also reduced.
Figure 4. Array gain with respect to azimuth and elevation.
Monte Carlo simulations were then performed over 1,000 runs for different spoofing power levels. The transmitted direction, the code delay, and the Doppler frequency shift of the spoofing and authentic signals were changed during each run of the simulation. Figure 5 shows the average signal to interference-plus-noise ratio (SINR) of the authentic and the spoofing signals as a function of the average input spoofing power for both the single antenna and the proposed double antenna processes. A typical detection SINR threshold corresponding to PFA=10-3 also has been shown in this figure.
Figure 5. Authentic and spoofed SINR variations as a function of average spoofing power.
In the case of the single antenna receiver, the SINR of the authentic signals decreases as the input spoofing power increases. This is because of the receiver noise-floor increase due to the cross-correlation terms caused by the higher power spoofing signals. However, the average SINR of the spoofing signals increases as the power of the spoofing PRNs increase.
For example, when the average input spoofing power is –150 dBW, the authentic SINR for the single-antenna process is under the detection threshold, while the SINR of the spoofing signal is above this threshold. However, by considering the proposed beamforming method, as the spoofing power increases, the SINR of the authentic signal almost remains constant, while the spoofing SINR is always far below the detection threshold.
Hence, the proposed null-steering method not only attenuates the spoofing signals but also significantly reduces the spoofing cross-correlation terms that increase the receiver noise floor. Early real-data processing verifies the theoretical findings and shows that the proposed method indeed is applicable to real-world spoofing scenarios.
Conclusions
The method proposed herein is implemented before the despreading process; hence, it significantly decreases the computational complexity of the receiver process. Furthermore, the method does not require array calibration, which is the common burden with array-processing techniques.
These features make it suitable for real-time applications and, thus, it can be either employed as a pre-processing unit for conventional GPS receivers or easily integrated into next-generation GPS receivers. Considering the initial experimental results, the required antenna spacing for a proper anti-spoofing scenario is about a half carrier wavelength. Hence, the proposed anti-spoofing method can be integrated into handheld devices.
The proposed technique can also be easily extended to other GNSS signal structures. Further analyses and tests in different real-world scenarios are ongoing to further assess the effectiveness of the method.
Saeed Daneshmand is a Ph.D. student in the Position, Location, and Navigation (PLAN) group in the Department of Geomatics Engineering at the University of Calgary. His research focuses on GNSS interference and multipath mitigation using array processing.
Ali Jafarnia-Jahromi is a Ph.D. student in the PLAN group at the University of Calgary. His research focuses on GNSS spoofing detection and mitigation techniques.
Ali Broumandan received his Ph.D. degree from Department of Geomatics Engineering, University of Calgary, Canada. He is a senior research associate/post-doctoral fellow in the PLAN group at the University.
Gérard Lachapelle holds a Canada Research Chair in wireless location In the Department of Geomatics Engineering at the University of Calgary in Alberta, Canada, and is a member of GPS World’s Editorial Advisory Board.
A one-chip multiconstellation GNSS receiver, now in volume production, has been tested in severe urban environments to demonstrate the benefits of multiconstellation operation in a consumer receiver. Bringing combined GPS/GLONASS from a few tens of thousands of surveying receivers to many millions of consumer units, starting with satnav personal navigation devices in 2011, followed by OEM car systems and mobile phones, significant shifts the marketplace. The confidence of millions of units in use and on offer should encourage manufacturers of frequency-specific components, such as antennas and SAW filters, to enter volume mode in terms of size and price.
One-chip GPS/GLONASS receiver trials in London, Tokyo, and Texas sought to demonstrate that the inclusion of all visible GLONASS satellites in the position solution, in addition to those from GPS, produces much greater availability in urban canyons, and in areas of marginal availability, much greater accuracy.
Multi-constellation receivers are needed at the consumer level to make more satellites available in urban canyon environments, where only a partial view of the sky is available and where extreme integrity is required to reject unusable signals, while continuing to operate on other signals deeply degraded by multiple reflection and attenuation. This article briefly outlines the difficulties of integrating a currently non-compatible system (GLONASS), offering an economic solution in the mass market where cost is king, but performance demands in terms of low signal, power consumption, time-to-first-fix, and availability are extreme. While the accuracy achieved is not at survey levels, we deem it sufficient to meet consumer demands even at the worst signal conditions.
The aim is to provide improved indoor and urban canyon availability for mass-market GNSS by using all available satellites; in 2011, that requires GLONASS support, as the constellation availability precedes Galileo by around three years. The aim is to overcome the hardware incompatibility issues of GLONASS, that is, its frequency division multiple access (FDMA) signal rather than the code division multiple access format used by GPS, different centre frequency, and different chipping rate, all without adding significantly to the silicon cost of the receiver chipset. This then allows a total satellite constellation of about 50 to be used at present, even before two recently launched Galileo IOV satellites.
It is expected that in benign conditions the additional satellites will give little benefit, as availability approaches 100 percent, and accuracy is excellent, with GPS alone. Though dominated by the ionosphere, using seven, eight, or nine satellites in the fix minimises the amount of error that feeds through to the final position.
In marginal conditions, where GPS can give a position, but is using 3/4/5 satellites and those are clustered in the narrow visible part of the sky resulting in poor DOP values, the increased number of satellites benefits the accuracy greatly, due to both improved DOP and multipath-error averaging. Limited satellites mean the full multipath errors map into position and are magnified by the DOP. Adding the second constellation means more clear-view satellites for accuracy, more total satellites to minimise the errors, and the errors are less magnified by the geometry due to better DOP.
In extreme conditions, where insufficient GPS satellites are seen to give a fix, the additional GLONASS satellites increase the availability to 100 percent (excluding actual tunnels).
Availability is a self-enhancing positive feedback loop… if satellites are always tracked, even if rejected on a quality basis by the RAIM/fault detection and exclusion (FDE) algorithms, then they do not need to be reacquired, so become available for use earlier. If position can be maintained, then the code phases for obstructed satellites can continue to be predicted accurately, allowing instant reacquisition after obstruction, and instant use as no code pull-in time is required. Once availability is lost, the reverse applies, as wrong position means worse prediction, longer re-acquisition, and hence again less availability.
The extra visible satellites are very significant for the consumer, particularly — as for example with self-assistance where the minimum constellation is five satellites, not three to four — to autonomously establish that all satellites are healthy using receiver-autonomous integrity monitoring (RAIM) methods. Self-assistance has further major benefits for GLONASS, in that no infrastructure is required, so there will be no delay waiting for GLONASS assistance servers to roll out. The GLONASS method of transmitting satellite orbits is also very suitable for the self-assistance algorithm, saving translation into and out of the Kepler format.
Significance of Work
Previous attempts to characterize the multi-constellation benefits in urban environments have been handicapped by the need to use professional receivers not designed for such signal conditions, and by the need to generate a separate result for each constellation or sacrifice one satellite measurement for clock control. These problems made them unrepresentative of the performance to be expected from the volume consumer device.
This new implementation is significant in being a true consumer receiver for high sensitivity, fully integrated both for measurement and for computation. Thus fully realistic trials are reported for the first time.
Background
The tests were performed on the Teseo-II single chip GNSS receiver (STA-8088). A brief history: our 2009 product Cartesio+ already included GPS/Galileo, and the digital signal processor (DSP) design has been extended to include GLONASS also for Teseo2, the 2010 product. Test results with real signal data through FPGA implementations of the baseband started in late 2009, and with the full product chip in 2010.
The architectural design showed that the silicon could be implemented with only small additional silicon area. Changes to the baseband DSP hardware and software were small and were included in the next scheduled upgrade of the chip, Teseo2. The RF chip silicon requires much greater attention, duplicating the intermediate frequency (IF) path and analog-digtal converter (ADC), with additional frequency conversion and a much wider IF filter bandwidth; however, as the RF silicon area is very small in total, even a 30 percent increase here is not a significant percentage increase on the whole chip. As the design is for an integrated single chip system (RF and baseband, from antenna to position, velocity, and timing (PVT) solution), the overall silicon area on a 65-nanometer process is very small.
Commercially, it is new to include all three constellations in a single consumer chip. Technically it is new to use a pool of constellation-independent channels for GLONASS, though standard for GPS/Galileo. Achieving this flexibility has also required new techniques to manage differing RF hardware delays, different chipping rates, in addition to the coordinated universal time (UTC) offset and geoid offset problems already well known to the surveying community.
It is also very unusual to go direct to a single-chip solution (RF+baseband+CPU) for such a major technology step. The confidence for this step comes from the provenance of the RF and the baseband, the RF being an extension of the STA5630 RF used with Cartesio+, and the baseband being significant but not major modifications of the GPS/Galileo DSP used inside Cartesio+. 5630/Cartesio+ were proven in volume production as separate chips before the single-chip three-constellation chip starts production.
The steps forward from the previous generation of hardware are on chip RF, Galileo support, GLONASS support. While Galileo can pass down the existing GPS chain, with appropriate bandwidth changes, additional changes are required for GLONASS: see Figures 1 and 2.
Figure 1. RF changes to support GLONASS.Figure 2. Baseband changes to support GLONASS.
In the RF section, the LNA, RF amp, and first mixer are shared by both paths, in order to save external costs and pins for the equipment manufacturer, and also to minimize power consumption. Then the GLONASS signal, now at around 30 MHz, is tapped off into a secondary path shown in brown, mixed down to 8 MHz and fed to a separate ADC and thus to the baseband.
In the baseband, an additional pre-conditioning path is provided, again shown in brown, which converts the 8 MHz signal down to baseband, provides anti-jammer notch filters, and reduces the sample rate to the standard 16fo expected by the DSP hardware.
The existing acquisition engines and tracking channels can then select whether to take the GPS/Galileo signal, or the GLONASS signal, making the allocation of channels to constellations completely flexible.
Less visible but very important to the system performance is the software controlling these hardware resources, first to close tracking loops and take measurements, and secondly the Kalman filter that converts the measurements to the PVT data required by the user. This was all structurally modified to support multiple constellations, rather than simply adding GLONASS, in order that future extensions of the software to other future systems becomes an evolutionary task rather than a major re-write.
The software ran on real silicon in 2010, but using signals from either simulator or static roof antennas, where accuracy and availability of GPS alone are so good that there is little room for improvement. In early 2011, prototype satnav hardware using production chips, antennas, and cases became available, making mobile field trials viable.
Actual Results
Results have already been seen from trials using professional receivers with independent GPS and GLONASS measurements. However, those tests were not representative of the consumer receiver because they are not high sensitivity; because the receivers require enough clean signal to operate a PLL, which is not realistic in a mobile city environment; and because they were creating two separate solutions, thus needing a continuous extra satellite to resolve inter-system time differences.
A 2010 simulation of visible satellites in a typical urban canyon of downtown Milan, Italy, produced the results, every minute averaged for a full 24 hours, shown in Table 1. The average number of satellites visible rises from 4.4 with GPS alone, to 7.8 for GPS+GLONASS, with the result that there are then zero no-fix samples. With GPS alone there were 380 no-fix samples, or 26 percent of the time.
Table 1. Accuracy and availability of GPS and GPS+GLONASS, averaged over 24 hours.
However, availability is not itself sufficient. Having more satellites in the same small piece of sky above the urban canyon may not be sufficient, due to geometric accuracy limitations. To study this, the geometric accuracy represented by the HDOP was also collected, and shows an accuracy 2.5 times better.
Previous studies suggested that in the particular cities tested, two to three additional satellites were available, but one of these was wasted on the clock solution. Using the high-sensitivity receiver, we expected four or five extra satellites and none wasted.
The actual results far exceeded our expectations. Firstly, many more satellites were seen, as all previous tests and simulations had excluded reflected signals. Having many more signals, the DOP was vastly improved, and the effect of the reflections on accuracy was greatly reduced, both geometrically, and by the ability of the FDE/RAIM algorithms to maintain their stability and down-weight grossly erroneous signals rather than allow them to distort the position.
The results presented here are from a fully integrated high-sensitivity receiver optimized to use signals down to very low levels, and to give a solution derived directly from all satellites in view, no matter which constellation.
This produces 100 percent availability, and much improved accuracy in the harsh city environment.
Availability
The use of high-sensitivity receivers, not dependent on phase-locked loops (PLLs) for tracking, produces 100 percent availability in modern cities, even high-rise, due to the reflective nature of modern glass in buildings, even for GPS alone. Thus some other definition of availability is required rather than “four sats available,” such as sats tracked to a certain quality level, resulting in a manageable DOP. Even DOP is difficult to assess, as the Kalman filter gives different weights to each satellite, not considered in the DOP calculation, and also uses historic position and current velocity, in addition to instantaneous measurements, to maintain the accuracy of the fix.
Figure 3 shows the availability of tracked satellites in tests in the London City financial district in May 2011.
As can be seen, there are generally seven to eight GLONASS satellites and eight to nine GPS satellites, for a total of around 16 satellites. The only period of non-availability was in a true tunnel (Blackfriars Underpass) at around time 156400 seconds. In other urban canyons, around time 158500 and 161300, individual constellations came down to four satellites, but the total never fell below eight. Note this is an old city, mainly stone, so reflections are limited compared with glass/metal buildings.
While outside tunnels, availability is 100 percent, this may be limited by DOP or accuracy. As can be seen in Figure 4 on another London test, the GNSS DOP remains below 1, as might be expected with 10–16 satellites, while GPS-only frequently exceeds four, with the effect that any distortions due to reflections and weak signals are greatly magnified, with several excursions over 10.
Figure 4. GPS-only versus combined GPS/GLONASS dilution of precision.
As the May 2011 tests had not been difficult enough to stress the GPS into requiring GNSS support, a further trial was performed in August 2011. This was in a modern high-rise section of the city, Canary Wharf, shown in Figure 5 on an aerial photograph. In addition to being high-rise, the roads are also very narrow, resulting in very difficult urban canyons. Being a modern section of the city, the buildings are generally reflective glass and metal, rather than stone, testing RAIM and FDE algorithms to the extreme.
Figure 5. GPS versus GNSS, London Canary Wharf (click to enlarge.)
This resulted in difficulty for the GPS-only solution, shown in green, especially in the covered section of the Docklands station, center-left, lower track.
Figure 6 shows the same test data displayed on truth data taken from the ordnance survey vector map data of the roads.
Figure 6. GPS versus GNSS, London Canary Wharf, on vector truth (click to enlarge.)
The blue GNSS data is then extremely good, especially on the northern (eastbound) part of the loop (UK drives on the left, thus one-way loops are clockwise).
Further tests were carried out by ST offices around the world. Figure 7 shows a test in Tokyo, where yellow is the previous generation of chip with no GLONASS, red was Teseo-II with GPS plus GLONASS.
Figure 7. Teseo-I (GPS) versus Teseo-II (GNSS) in Tokyo test.
Again, here the scenario is not sufficiently challenging to hurt the availability even of GPS alone, but the accuracy is limited.
Figure 8 gives some explanation of the accuracy problems, by showing the DOP during the test. It can be seen that Teseo-II DOP was rarely above 2, but the GPS-only version was between 6 and 12 in the difficult northern part of the test, circled for illustration.
Figure 8. DOP during Tokyo tests (click to enlarge.)
Further Tokyo tests were performed entering the narrower urban canyons in the same test area, shown in Figure 9. Blue is GPS only, red is GPS+GLONASS, and the major improvement is obvious.
Figure 9. GPS only (blue) versus GNSS (red), Tokyo.
Figure 10 uses the same color scheme to illustrate tests in Dallas, this time with a competitor’s GPS receiver versus Teseo-II configured for GPS+GLONASS, again a huge benefit.
Figure 10. GPS only (blue, competitor) versus GNSS (red), Dallas.
Other Constellations
While Teseo-II hardware supports Galileo, there are no production Galileo satellites available yet (September 2011), so the units in the field do not have Galileo software loaded.
However, the Japanese QZSS system has one satellite available, transmitting legacy GPS-compatible signals, SBAS signals, and L1C BOC signals. Teseo-II can process the first two of these, and while SBAS is no benefit in the urban canyon as the problems of reflection and obstruction are local and unmonitored, the purpose of QZSS is to provide a very high-angle satellite, so that it is always available in urban canyons.
Figure 11 shows a test in Taipei (Taiwan) using GPS (yellow) versus GPS plus one QZSS satellite in red, with the truth data shown in purple.
Figure 11. GPS only (yellow) versus GPS+QZSS(1 sat, red), truth in purple, Taipei (click to enlarge.)
Further Work
The test environment will be extended to yield quantitative accuracy results for UK tests where we have the vector truth data for the roads.
The hardware flexibility will be extended to support Compass and GPS-III (L1-C) signals, in addition to Galileo already supported. Acquisition and tracking of these signals have already been demonstrated using pre-captured off-air samples.
In 2010, the Compass spec was not available. Thus the Teseo-II silicon design was oriented to maximum flexibility in terms of different code lengths, such as BOC or BPSK, so that by using software to configure the hardware DSP functions, the greatest chance of compatibility could be achieved.
The result was only a marginal success, in that the 1561 MHz frequency of the regional Compass system can only be supported using the flexibility of the voltage-controlled oscillator and PLL, meaning that it cannot be supported at the same time as other constellations. Additionally, the code rate on the regional system is also 2 M chips/second, which is not supported, so is approximated by using alternate chips, producing serious signal loss.
So the hooks for Compass are only useful for research and software development, either for a single-constellation system, or using a separate RF front end.
The worldwide Compass signal, which is on a GPS/Galileo signal format in both carrier frequency and in code length and rate, will be directly compatible, but is not expected to be fully available until 2020.
The city environment testing will be repeated as the Galileo constellation becomes available. With 32 channels, an 11/11/10 split (GPS/Galileo/GLONASS) may be used when all three constellations are full, but for the next few years 14/8/10 satisfies the all-in-view requirements.
Conclusions
The multi-constellation receiver can include GLONASS FDMA at minimal increased cost, and with its 32 channels tracking up to 22 satellites in a benign environment, even in the harshest city environment sufficient satellites are seen for 100 percent availability and acceptable accuracy. 10–16 satellites were generally seen in the urban canyon tests. The multiplicity of measurements allows RAIM and FDE algorithms to be far more effective in eliminating badly reflected signals, and also minimizes the geometric effects of remaining distortion on the signals retained.
Acknowledgments
ST GPS products, chipsets, and software, baseband and RF are developed by a distributed team in Bristol, UK (system R&D, software R&D); Milan, Italy (silicon implementation, algorithm modelling and verification); Naples, Italy (software implementation and validation); Catania, Sicily, Italy (Galileo software, RF design and production); and Noida, India (verification and FPGA). The contribution of all these teams to both product ranges is gratefully acknowledged.
Philip Mattos received a master’s degree in electronic engineering from Cambridge University, UK, a master’s in telecoms and computer science from Essex University, and an external Ph.D. for his GPS work from Bristol University. He was appointed a visiting professor at the University of Westminster. Since 1989 he has worked exclusively on GPS implementations and associated RF front ends, currently focusing on system-level integrations of GPS, on the Galileo system, and leading the STMicroelectronics team on L1C and Compass implementation, and the creation of generic hardware to handle future unknown systems.