Tag: signal processing

Hemisphere GPS Introduces A325 GNSS Smart Antenna

Today, Hemisphere GPS introduced the A325 GNSS Smart Antenna. It incorporates professional-level centimeter and sub-meter positioning accuracy powered by Hemisphere GPS' Eclipse receiver technology and includes L-band and Bluetooth communications support. A325 is designed for a variety of applications including agriculture, construction, straddle carriers, robotics, marine, survey, and GIS, Hemisphere GPS said.

A325 accuracies are software scalable to be custom configured for the customer's specific needs and budget. Users can take advantage of free SBAS sub-meter accuracy or decimeter-level L-band support. For more precise needs such as land and hydrographic surveying, customers can activate the centimeter-level RTK feature with robust GPS and GLONASS positioning utilizing Hemisphere GPS' exclusive SureTrack technology.

Various communication options within A325 make it compatible with a range of data collectors, terminals, and software applications. With dual serial ports offering NMEA 0183, a wireless Bluetooth mode, controller area network (CAN) interface that supports NMEA 2000, and pulse outputs the A325 will quickly and easily connect to systems used by positioning, navigation, and machine control professionals, Hemisphere GPS said.

With a durable IP-69K sealed and lightweight enclosure that houses both antenna and receiver, A325 is easy to install and operate in harsh environmental conditions, the company said, and can be mounted on vehicles and backpacks. Wireless connections to a data controller make it easy to establish positions and attributes, making A325 useful for mapping municipal assets, forestry, and topographical features. The easy-to-see multi-color LED status indicator and integrated 2D tilt sensor enable offset corrections and add to the simplicity of A325.

"A325 offers customers a very versatile precision GNSS smart antenna at an amazing price," said Phil Gabriel, Vice President and General Manager, Precision Products, for Hemisphere GPS. "This enhances our GNSS receiver portfolio, allowing us to offer customers a wider range of products and solutions to meet their needs."

A325 is now available through the Hemisphere GPS Precision Products global dealer network. For more information about Hemisphere GPS' Precision Products and A325 antenna, visit www.hemispheregps.com/precision.

June 27, 2012
Innovation: Simulating GPS Signals

It Doesn’t Have to Be Expensive

By Alison Brown, Jarrett Redd, and Mark-Anthony Hutton

GNSS signal simulators can be expensive and beyond the limited budgets of many researchers. In this month’s column, we look at one company’s approach to providing GNSS signal simulation at a low cost — one that virtually any researcher can afford.

INNOVATION INSIGHTS by Richard Langley

WHY DO WE SIMULATE REALITY in mathematics, science, engineering, and other pursuits — even in our recreational activities? Well, we do it for a variety of reasons. In mathematics and science, we try to comprehend reality, which is complicated and variable and often has some degree of randomness. We build mathematical models of physical, chemical, or biological processes to better understand them or to predict a particular outcome given some initial conditions. The model may contain a stochastic component to reflect a degree of uncertainty associated with the processes. Weather forecasting is a prime example. Typically, the models are run on a computer where the model parameters and initial conditions can be readily adjusted and the varying outcomes analyzed.

Simulations of reality are often used in teaching where students can more easily grasp the behavior of complicated systems whether they be in the natural sciences or in economics or the social sciences. In medical education, simulated human patients are used initially because it is safer than having students operate on real patients. Similarly, flight simulators are used for the training of pilots because it is cheaper and safer than using real aircraft and a wide variety of “what if” scenarios can be experienced.

Simulation is used for a range of engineering activities to see how an existing system behaves under different conditions because it is faster or cheaper than performing tests in the “real world.” It can also be used to estimate how a proposed new system might behave before it becomes a reality — looking at traffic flow in road networks, for example.

We also use simulation for recreation, whether it is playing with the latest computer game or improving our swing with a golf simulator. And simulation is a mainstay of the movie industry.

But getting back to engineering and the main interest of this magazine, simulation is a useful technique in the design and operation of equipment used with global navigation satellite systems. With a radio frequency simulator, we can mimic the radio signals generated by the satellites. These devices allow us to define scenarios, including receiver trajectories, and to replay them while varying the operating parameters of the receiver. Some simulators allow us to record live signals and then to play them back under different assumed conditions.

However, such GNSS signal simulators can be expensive and beyond the limited budgets of many researchers. In this month’s column, we look at one company’s approach to providing GNSS signal simulation at a low cost — one that virtually any researcher can afford.

As the noted French sociologist and philosopher, Jean Baudrillard, pessimistically once said: “We live in a world where there is more and more information, and less and less meaning.” In the field of GNSS engineering, at least, simulation is helping to stem the tide and give us a better understanding of reality.

“Innovation” features discussions about advances in GPS technology, its applications, and the fundamentals of GPS positioning. The column is coordinated by Richard Langley, Department of Geodesy and Geomatics Engineering, University of New Brunswick. To contact him with topic ideas, email him at lang @ unb.ca.

Embedded GPS receivers have become commonplace with the proliferation of GPS navigation systems into all but the least expensive vehicle and cell-phone lines. As more manufacturers embed low-cost GPS receivers into their products, the need for low-cost GPS signal simulators has also grown. Controlled virtual testing is vital in ensuring the expected system performance.

Many GPS signal generators are available that are designed specifically for high-volume production test applications for devices that use commercial GPS/SBAS, GLONASS, and Galileo receivers. Often the cost of these high-end simulators is beyond the reach of small companies or universities. In response to this need, we have developed our low-cost, software-defined radio (SDR)-based GPS Signal Architect Test Set to address a broad range of research, academic, industrial, and defense applications. The system is designed to be flexible, scalable, and most importantly, inexpensive.

Our test set leverages the capabilities of the Universal Software Radio Peripheral (USRP) radio and our GPS Signal Simulation Toolbox to provide users with a GPS signal generation capability at a much lower cost than currently available on the market. The combination of the GPS signal simulation software coupled with the record and playback capability of the USRP makes for an extremely low-cost, yet highly flexible, GPS signal simulation capability.

FIGURE 1 shows the GPS signal simulator hardware. It is designed for use with commercial software-defined radios and is based on our GPS Signal Simulation Toolbox.

FIGURE 1. GPS signal simulator hardware.

Toolbox. The Toolbox is a complete set of GPS signal simulation, test, and analysis tools. This Matlab-based signal simulation toolbox simulates the effect of the signal degradation on a conventional commercial GPS receiver, including the effect of the ionospheric activity on the code and carrier tracking loops such as losing lock or cycle slipping. The Toolbox’s geographic tools facilitate the transformation of data between the various coordinate systems commonly used in GPS research, including latitude-longitude-altitude; WGS 84 Earth-centered, Earth-fixed (ECEF); north-east-down; and body-fixed reference frames. It also provides tools to read GPS almanacs and ephemerides and compute ECEF and line-of-sight vectors to GPS satellites as a function of user position and time. The receiver design and analysis tools model different receiver architectures and simulate different error scenarios by providing tracking and navigation algorithms, including phase lock loops and delay lock loops.

The user-configurable options allow the operator to define virtually all aspects of a GPS signal environment, including the GPS spreading code(s), navigation message, and interference scenarios. Such flexibility is particularly useful in simulating GPS jamming environments, where time, resources, and repeatability are generally scarce.

Because these tools are linked directly to Matlab, it is relatively simple to define and implement new signal components as they become available. Of primary interest are the GPS modernization codes as well as those of other global navigation satellite systems (GNSS). Also of interest are new and exotic categories of jammers, including frequency-modulated, amplitude-modulated, phase-modulated, and frequency-swept jammers.

An early version of the toolbox was reviewed in a previous Innovation column (see Further Reading).

Configuration. In the configuration shown in Figure 1, the signal control unit (SCU) is used to control the radio for record and playback operation. The USRP includes a 10-MHz frequency standard as well as an input for an external reference clock. The GPS Signal Architect software can produce custom GPS scenario data files, which can use the USRP to produce a GPS signal at RF.

This article provides a review of how the signal simulator uses the USRP family of radios as low-cost RF record and playback devices using the Signal Architect files. In addition, the hardware design and supported signals are described and test results are presented showing the USRP providing simulated GPS signals to conventional GPS user equipment.

Radio Hardware

The USRP radio family provides an inexpensive development platform for software-defined radios. The USRP can also be used to record and play back the GPS signal in a static or mobile environment. The system operator can then reproduce the signal on the bench either from a simulated profile or from a previously recorded test environment. An advantage of the USRP is that it supports a wideband transceiver front-end that can accommodate the full 20 MHz of the GPS signal band and can be tuned to operate at any of the GPS signal frequencies (L1 at 1575.42 MHz, L2 at 1227.60 MHz, or L5 at 1176.45 MHz). This allows record and playback of both the civil and military GPS codes.

While the GPS Signal Architect tools can be easily adapted for use with any commercial SDR, the USRP family was chosen because of its reasonable price, quality construction, and extensive support by the GNU Radio project.

USRPs are SDRs, which can, in principle, transmit or receive signals on any frequency under software control. Typically, USRPs connect to a host computer through a high-speed USB or gigabit Ethernet link, which the host-based software uses to control the USRP hardware and to transmit or receive data. Some USRP models also integrate the general functionality of a host computer with an embedded processor that allows the USRP to operate in a standalone fashion. The USRP hardware is controlled through a hardware driver, which supports Linux, MacOS, and Windows platforms. A framework running on the host computer then accesses the USRP through the driver. Several frameworks, including GNU Radio (a free software toolkit for learning about, building, and deploying SDR systems developed under the GNU Project — “GNU” is a recursive acronym that stands for “GNU’s Not Unix”), LabView, Matlab, and Simulink, use the driver. The driver’s functionality can also be accessed directly with an application programming interface (API), which provides native support for C++. Any other language that can import C++ functions can also use the driver. This is accomplished in Python through the Simplified Wrapper and Interface Generator, for example. The API allows users to develop their own custom frameworks, as we did with our SCU.

Of the available USRP radios, the N210 was chosen because it has the highest sample rate, greatest flexibility, and largest capacity for modification (see FIGURE 2).

FIGURE 2. Univeral Software Radio Peripheral.

The USRP provides an interface between high-speed analog to digital converters, high-speed digital to analog converters, and an Ethernet interface, as previously mentioned. Daughterboards available for the USRP provide an interface from the baseband signals present at the data converters to the GPS frequency bands and vice versa.

A daughterboard (or daughtercard or piggyback board) is a circuit board meant to be an extension or “daughter” of a motherboard. The USRP uses interchangeable daughterboards, plugging into the main board, to serve as the RF front end. Several classes of daughterboard modules exist: receivers, transmitters, and transceivers. Transmitter daughterboard modules can modulate an output signal to a higher frequency; receiver daughterboard modules can acquire an RF signal and convert it to baseband; and transceiver daughterboard modules combine the functionality of a both a transmitter and receiver.

For this project, a WBX (wide bandwidth) transceiver daughterboard was installed in the USRP. The tunable range of the WBX (50 MHz to 2.2 GHz) covers all the current GNSS frequencies. An RF pre-filter is used to band-limit the GNSS signals to the sample rate selected for use in the SCU to avoid spectral folding from the N210 40-MHz channel bandwidth. For example, a 2-MHz filter centered at L1 is optimal based on the Nyquist sampling frequency of 2 MHz of both the in-phase and quadrature (I/Q) components of the signal. If sampling at 20 MHz, then a 20-MHz pre-filter should be used.

Signal Control Unit

The SCU includes a Linux single-board computer with software developed to run under the GNU Radio Companion (an open-source graphical tool for creating signal flow graphs and generating flow-graph source code using the GNU Radio libraries) and management of the GNU SDR for RF record and playback under control of the GPS Signal Architect software through an Ethernet connection. This enables the user to tap into the excellent USRP community support for his or her project and benefit from the close relationship between the GNU Radio project and the USRP manufacturer. The Ethernet connection is also used to download and upload recorded or simulated signal files from the Signal Architect signal simulation software.

Signal Simulation Software

The GPS Signal Architect hardware and software provides users with a Matlab-based GPS signal generation capability. If our Matlab GPS Toolbox is provided, the Signal Architect GPS simulation can be run under the Matlab environment. For the non-Matlab user, the Signal Architect software is bundled as a stand-alone executable. The signal simulation flow is depicted in FIGURE 3.

FIGURE 3. Signal Architect simulation flow. (Click to enlarge.)

GUI. Using a simple, intuitive graphical user interface (GUI), the user specifies a trajectory and a complete set of simulation parameters to create an I/Q data file (see FIGURE 4). The user specifies a trajectory either from an NMEA file (most GPS receivers use the National Marine Electronics Association 0183 interface standard for logging positions and other data) or a KML file from Google Earth (Google’s Keyhole Markup Language has become a standard for describing geographically referenced features), and an almanac file used to define GPS satellites to be simulated. The user defines the mask angle for the satellite selection and the noise figure to be simulated. The Signal Architect software then generates a simulated digital storage file, including the selected pseudorandom noise codes (C/A and/or the unencrypted military P or M′ codes).

FIGURE 4. Signal Architect graphical user interface. (Click to enlarge.)

TABLE 1. Signal simulator system specifications.

Scenarios. The Signal Architect software also ships with preloaded scenario files that the user can run right out of the box into the SCU using the USRP. The Signal Architect software supports computers with multi-core processors and will automatically configure itself to run on all available processors. The Signal Architect software will generate either static or dynamic simulation profiles. The Signal Architect GUI allows the operator to easily modify a wide range of scenario variables from the pre-set defaults. Complete scenarios are easily shared between signal simulation systems, supporting collaborative testing between similar projects and reducing the amount of time spent developing test tools.

The signal data file can then be used for subsequent analysis within Matlab using the Matlab GPS Toolbox, or can be provided to the SCU and USRP to create a GPS signal suitable for playback into a GPS receiver. If the Matlab GPS Toolbox is available, the user has complete flexibility to manipulate the signal at various stages of generation or post-generation to simulate GPS anomalies. Without the toolbox, the user is restricted to using only the standard error modeling provided by the compiled Signal Architect code.

Simulation Test Results

To demonstrate the high fidelity of our Signal Architect signal record and playback capability, a series of stationary GPS simulations were run. In these tests, the USRP was used to record and play back GPS C/A-code signals at the L1 band (1575.42 MHz). The SCU and USRP were connected to a rooftop-mounted GPS L1 antenna. The GPS signal was split between a commercial GPS receiver and the USRP to allow the operator to monitor the GPS receiver while the USRP was recording the GPS signal.

In record mode, the I/Q data is written from the USRP to a file on the SCU. In playback mode, the data is read from the file by the USRP to generate the RF signal. The RF signals are output to the GPS receiver through an external variable attenuator. The attenuator allows the operator to adjust the signal power into the GPS receiver as different lengths of antenna cable are added or as the signal is split to other GPS receivers.

To demonstrate the GPS Signal Architect Test Set performance, representative data was collected in a series of two laboratory tests. The first test demonstrates the system performance as a record and playback GPS signal simulator. The second test results demonstrate the system performance when using the Signal Architect software to generate custom GPS scenario files for playback into the GPS receiver.

In the first test, the GPS simulator hardware was configured as shown in FIGURE 5. The GPS receiver and USRP were connected to a commercially available antenna. The antenna was positioned at a known location with a clear view of the GPS constellation. The signal from the GPS antenna was split between the GPS receiver and the USRP so that the data could be logged by the receiver software at the same time as it was being recorded by the SCU.

FIGURE 5. GPS Signal Simulator record and playback GPS simulation.

The simulated satellite constellation is shown in FIGURE 6. Seven GPS satellites are in view.

FIGURE 6. Simulated satellite constellation.

The 2-D position error from the simulated signal is shown in FIGURE 7. The errors are representative of the accuracies achievable using GPS C/A-code pseudoranges.

FIGURE 7. North-east (2-D) position error.

We can examine the performance of our test set by looking at plots of the measurements of carrier-to-noise-density ratio (C/N₀) from the GPS receiver for both the live sky data and for the recorded signal when played into the GPS receiver by the Signal Simulator for three of the GPS receiver channels (see FIGURE 8). The C/N₀ data collected from the GPS antenna is shown in blue, while the C/N₀ from the USRP is shown in green.

FIGURE 8. C/N0 record and playback vs. live sky collection.

As we can see, the C/N₀ was 1–2 dB lower in playback mode when compared to the data collected from the GPS antenna. The signal loss is due to the 1-bit sampling of the incoming GPS signal by the Signal Architect software. One-bit and 2-bit quantization are used in many commercial GPS receivers. The rule of thumb states that 1-bit quantization degrades the signal-to-noise ratio by 1.96 dB, and 2-bit quantization degrades the signal-to-noise by 0.55 dB. These results show that 1-bit I/Q sampling is sufficient for reproducing GPS L1 C/A-code signals with the USRP.

In the second test, the Signal Architect software was used to generate a 10-minute static GPS C/A-code L1 scenario file. The SCU used the USRP to generate the GPS signal.

Shown in FIGURE 9 are the number of satellites the GPS receiver was able to track. When using the GPS Signal Architect Test Set to play back the scenario file, the GPS receiver was able to track all the simulated satellites in the file. The time necessary for the GPS receiver to acquire and track the satellites is consistent with the performance one would expect from the GPS receiver when connected to an external antenna.

FIGURE 10 shows the C/N₀measurements from the GPS receiver for three of the receiver channels. There were nine satellites in this static scenario file. The C/N₀for all the satellites is stable for the duration of the scenario playback.

FIGURE 9. Number of satellites tracked (digital signal file playback mode).

FIGURE 10. C/N0 (digital signal file playback mode).

Another Hardware/Software Option

We have also worked with the manufacturer of the LabSat hardware signal simulator to include some of the software functionality of our USRP system.

The LabSat GNSS simulator (see FIGURE 11) can be used to record live navigation satellite RF data streamed onto a hard drive. This can then be played back as an RF signal. When integrated with the SatGen software, simulated digitized RF data can be generated and played back into the LabSat simulator in place of the recorded, digitized GNSS RF signals.

FIGURE 11. LabSat GNSS simulator.

The core of the SatGen software is our Signal Architect software component, which has been adapted to run on the LabSat platform to allow simulation of the multiple GNSS satellite signals.

Hardware. The latest version of the LabSat hardware design (LabSat 2) enables the record and playback of GPS and GLONASS synchronized RF data streams (see FIGURE 12). When recording the GPS or GLONASS signals, the RF L1 channels (1575.42 MHz for GPS and 1602.0 MHz for GLONASS) are down-converted to a 0-Hz intermediate frequency. The signals are sampled (2 bit I and Q) at 16.368 MHz to capture the full GLONASS set of frequency channels. The GPS and GLONASS data is then interleaved into a 4-bit data stream and recorded in an internal buffer as a binary file. A high-speed USB link then transmits the data to a PC before streaming onto the PC hard disk. For playback, the PC streams the stored binary data to the LabSat via the USB link. The recorded digital GPS and GLONASS signals are up-converted onto the GPS and GLONASS RF channels and played back into the receiver under test. A digital attenuator on the output can adjust the RF output level.

FIGURE 12. LabSat GNSS simulator hardware design.

Using the LabSat record and playback mode, all of the real-world effects on the GNSS signals are recorded, including multipath effects, drop-outs, and atmospheric effects, allowing repeatable tests to be performed on GNSS receivers under a variety of real-world conditions, such as operating in urban canyons. This is ideal for debugging fault conditions on GNSS equipment and software. For more extensive simulations in different environments, the LabSat SatGen software can be used to generate simulated scenarios at any time or place or for a dynamic environment.

SatGen Scenario Simulation. SatGen is a software package that allows users to define trajectories for use in generating simulated data files for playback into LabSat. A user-defined trajectory file can be used to create a LabSat-simulated scenario for a route anywhere in the world. Routes can be generated directly from NMEA files imported directly into SatGen from a GPS datalogger or from user-defined routes generated using Google Earth.

SatGen users can use Google Earth to define a route by creating a path using its “Add Path” tool. The user can use as many or as few waypoints as the user wants, and can edit routes by moving, adding, or removing waypoints. The path is saved as a standard Google Earth KML file, which is imported into SatGen, which then fills in and smoothes the trajectory between the waypoints. The user can also define velocity profiles, or SatGen can provide these automatically. SatGen creates an NMEA file that is used to generate a binary I/Q simulated signal file for replay on the LabSat hardware.

Signal Architect Simulation. The core of the SatGen software is GNSS Signal Architect, an upgraded version of our GPS Signal Architect, which provides the capability to simulate multiple GPS signals and also different GNSS signals.

Signal Architect imports the NMEA trajectory either from a prerecorded file or from one generated using SatGen, and uses this file to generate a GNSS-simulated scenario. The user specifies the input GPS satellite constellation through a Yuma-format almanac file and the GLONASS constellation through a GLONASS almanac file in “.agl” or RINEX format. These files are then used to generate the simulated pseudorange, Doppler, and carrier phase for the GPS and GLONASS satellites in view of the simulated GNSS receivers above a specified mask angle. This simulated range data is then used to generate the digitized I/Q signals for the GPS and GLONASS satellites. Users who have access to our GNSS Signal Simulation Toolbox (an upgrade of our GPS toolbox) will have the added ability to modify the GNSS signal strength and add additional high-resolution error models to the simulated signals including multipath or GNSS signal error characteristics. The resulting I/Q simulated data file for the GPS plus GLONASS constellation is then recorded in a data file, which can be loaded into the LabSat hardware for playback into a receiver under test.

Test results using the LabSat and SatGen combination have demonstrated that highly accurate navigation solutions can be obtained with a variety of playback modes.

Conclusion

The combination of our GPS Signal Architect software with either the SCU and USRP or LabSat has proven to be an ideal low-cost GPS signal simulation tool with the capability of simulating or recording the complete GPS signal spectrum, including both the civil and the military codes for playback. The initial release of the GPS Signal Architect Test Set supports L1 operation and C/A- and P-code and M′ signal simulation or C/A- and P(Y)-code and M′ record and playback, while both GPS and GLONASS signal generation and playback is available with LabSat.

Our team of GPS and RF experts is continually developing and updating the system to provide additional functionality. Future releases of our test set will include support for multi-frequency SDR hardware and the capability to simulate other civil and military GPS signals, and also those of other global navigation satellite systems. To reflect this capability, we have branded the latest version of our simulation system, the GNSS Signal Architect Test Set.

Acknowledgments

The authors acknowledge the support of Ettus Research LLC in the development of the technology associated with the USRP system, as well as Racelogic Ltd. for collaboration on the LabSat GNSS simulator. USRP is a registered trademark of National Instruments Corp.

The article is based primarily on the papers “GPS Signal Simulation Using Open Source GPS Receiver Platform” presented at the Virginia Tech Symposium on Wireless Personal Communication in June 2011 and “SatGen GNSS Signal Simulation Software” presented at ION GNSS 2011 in Portland, Oregon, in September 2011.

Manufacturers

The GNSS Signal Architect Test Set was developed by Navsys Corp. The USRP used for the test set is the Ettus Research LLC model USRP N210. The LabSat 2 GNSS Simulator and associated SatGen software is produced by Racelogic Ltd. The GPS equipment used in our tests was a Novatel DL-4 plus receiver and a GPS-702GG antenna.

Alison Brown is the president and chief executive officer of Navsys Corp., Colorado Springs, Colorado, which she founded in 1986. Brown has a Ph.D. in mechanics, aerospace, and nuclear engineering from UCLA, an M.S. in aeronautics and astronautics from MIT, and an M.A. and B.A. in engineering from Cambridge University. She is a fellow of the Institute of Navigation and an honorary fellow of Sidney Sussex College, Cambridge.

Jarrett Redd is a senior systems engineer with Navsys Corp. working on hardware, firmware, and embedded systems development for signal acquisition, processing, and transmission. He holds an M.S. and B.S. in computer engineering from Texas A&M University.

Mark-Anthony Hutton is a software engineer with Navsys Corp. working on GNSS signal simulation tools and the GPS Jammer Detection and Location System. He holds a B.S. in computer science from the University of Colorado at Colorado Springs.

FURTHER READING

• Authors’ Proceedings Papers

“SatGen GNSS Signal Simulation Software” by A. K. Brown, M.-A. Hutton, M. Quigley, and M. Sampson in Proceedings of ION GNSS 2011, the 24th International Technical Meeting of the Satellite Division of The Institute of Navigation, Portland, Oregon, September 19–23, 2011, pp. 2031–2034.

“GPS M’-Code and P-Code Signal Simulation Using an Open Source Radio Platform” by A. Brown and B. Johnson in Proceedings of ION GNSS 2011, the 24th International Technical Meeting of the Satellite Division of The Institute of Navigation, Portland, Oregon, September 19–23, 2011, pp. 1494–1498.

“GPS Signal Simulation using Open Source GPS Receiver Platform” by A. Brown, R. Tredway, and R. Taylor in Proceedings of the 21st Virginia Tech Symposium on Wireless Personal Communications, Blacksburg, Virginia, June 1–3, 2011.

“Modeling and Simulation of GPS Using Software Signal Generation and Digital Signal Reconstruction” by A. Brown, N. Gerein, and K. Taylor in Proceedings of the 2000 National Technical Meeting of The Institute of Navigation, Anaheim, California, January 26–28, 2000, pp. 646–652.

• GNU Radio

GNU Radio Wiki.

Open Source Software-Defined Radio: A Survey on GNUradio and its Applications by D. Valerio, technical report, FTW-TR-2008-002, Forschungszentrum Telekommunikation Wien, Vienna, Austria, August 2008.

“GNU Radio: Tools for Exploring the Radio Frequency Spectrum” by E. Blossom in Linux Journal, Issue No. 122, June, 2004.

• GNSS Simulation

“Simulating Inertial/GNSS Hybrid: SINERGHYS Test Bench for Military and Avionics Receivers” by S. Gallot, P. Dutot, and C. Sajous in GPS World, Vol. 23, No. 5, May 2012, pp. 38–43.

“Realistic Randomization: A New Way to Test GNSS Receivers” by A. Mitelman in GPS World, Vol. 22, No. 3, March 2011, pp. 43–48.

“Record, Replay, Rewind: Testing GNSS Receivers with Record and Playback Techniques” by D. A. Hall in GPS World, Vol. 21, No. 10, October 2010, pp. 28–34.

“GNSS Simulation: A User’s Guide to the Galaxy” by I. Petrovski, T. Tsujii, J.-M. Perre, B. Townsend, and T. Ebinuma in Inside GNSS, Vol. 5, No. 5, October 2010, pp. 52–61.

“GPS Simulation” by M. B. May in GPS World, Vol. 5, No. 10, October 1994, pp. 51–56.

• Matlab Simulation Toolboxes

“GPS MATLAB Toolbox Review” by A.K. Tetewsky and A. Soltz in GPS World, Vol. 9, No. 10, October 1998, pp. 50–56.

• NMEA 0183

NMEA 0183, The Standard for Interfacing Marine Electronic Devices, Ver. 4.00, published by the National Marine Electronics Association, Severna Park, Maryland, November 2008.

“NMEA 0183: A GPS Receiver Interface Standard” by R.B. Langley in GPS World, Vol. 6, No. 7, July 1995, pp. 54–57.

Unofficial online NMEA 0183 descriptions: NMEA data; NMEA Revealed by E.S. Raymond, Ver. 2.8, February 2011.

May 1, 2012
Innovation: Ionospheric Scintillations

How Irregularities in Electron Density Perturb Satellite Navigation Systems

By the Satellite-Based Augmentation Systems Ionospheric Working Group

INNOVATION INSIGHTS by Richard Langley

THE IONOSPHERE. I first became aware of its existence when I was 14. I had received a shortwave radio kit for Christmas and after a couple of days of soldering and stringing a temporary antenna around my bedroom, joined the many other “geeks” of my generation in the fascinating (and educational) hobby of shortwave listening. I avidly read Popular Electronics and Electronics Illustrated to learn how shortwave broadcasting worked and even attempted to follow a course on radio-wave propagation offered by a hobbyist program on Radio Nederland. Later on, a graduate course in planetary atmospheres improved my understanding.

The propagation of shortwave (also known as high frequency or HF) signals depends on the ionosphere. Transmitted signals are refracted or bent as they experience the increasing density of the free electrons that make up the ionosphere. Effectively, the signals are “bounced” off the ionosphere to reach their destination.

At higher frequencies, such as those used by GPS and the other global navigation satellite systems (GNSS), radio signals pass through the ionosphere but the medium takes a toll. The principal effect is a delay in the arrival of the modulated component of the signal (from which pseudorange measurements are made) and an advance in the phase of the signal’s carrier (affecting the carrier-phase measurements). The spatial and temporal variability of the ionosphere is not predictable with much accuracy (especially when disturbed by space weather events), so neither is the delay/advance effect. However, the ionosphere is a dispersive medium, which means that by combining measurements on two transmitted GNSS satellite frequencies, the effect can be almost entirely removed. Similarly, a dual-frequency ground-based monitoring network can map the effect in real time and transmit accurate corrections to single-frequency GNSS users. This is the approach followed by the satellite-based augmentation systems such as the Federal Aviation Administration’s Wide Area Augmentation System.

But there is another ionospheric effect that can bedevil GNSS: scintillations. Scintillations are rapid fluctuations in the amplitude and phase of radio signals caused by small-scale irregularities in the ionosphere. When sufficiently strong, scintillations can result in the strength of a received signal dropping below the threshold required for acquisition or tracking or in causing problems for the receiver’s phase lock loop resulting in many cycle slips.

In this month’s column, the international Satellite-Based Augmentation Systems Ionospheric Working Group presents an abridged version of their recently completed white paper on the effect of ionospheric scintillations on GNSS and the associated augmentation systems.

The ionosphere is a highly variable and complex physical system. It is produced by ionizing radiation from the sun and controlled by chemical interactions and transport by diffusion and neutral wind. Generally, the region between 250 and 400 kilometers above the Earth’s surface, known as the F-region of the ionosphere, contains the greatest concentration of free electrons. At times, the F-region of the ionosphere becomes disturbed, and small-scale irregularities develop. When sufficiently intense, these irregularities scatter radio waves and generate rapid fluctuations (or scintillation) in the amplitude and phase of radio signals. Amplitude scintillation, or short-term fading, can be so severe that signal levels drop below a GPS receiver’s lock threshold, requiring the receiver to attempt reacquisition of the satellite signal. Phase scintillation, characterized by rapid carrier-phase changes, can produce cycle slips and sometimes challenge a receiver’s ability to hold lock on a signal. The impacts of scintillation cannot be mitigated by the same dual-frequency technique that is effective at mitigating the ionospheric delay. For these reasons, ionospheric scintillation is one of the most potentially significant threats for GPS and other global navigation satellite systems (GNSS).

Scintillation activity is most severe and frequent in and around the equatorial regions, particularly in the hours just after sunset. In high latitude regions, scintillation is frequent but less severe in magnitude than that of the equatorial regions. Scintillation is rarely experienced in the mid-latitude regions. However, it can limit dual-frequency GNSS operation during intense magnetic storm periods when the geophysical environment is temporarily altered and high latitude phenomena are extended into the mid-latitudes. To determine the impact of scintillation on GNSS systems, it is important to clearly understand the location, magnitude and frequency of occurrence of scintillation effects.

This article describes scintillation and illustrates its potential effects on GNSS. It is based on a white paper put together by the international Satellite-Based Augmentation Systems (SBAS) Ionospheric Working Group (see Further Reading).

Scintillation Phenomena

Fortunately, many of the important characteristics of scintillation are already well known.

Worldwide Characteristics. Many studies have shown that scintillation activity varies with operating frequency, geographic location, local time, season, magnetic activity, and the 11-year solar cycle. FIGURE 1 shows a map indicating how scintillation activity varies with geographic location. The Earth’s magnetic field has a major influence on the occurrence of scintillation and regions of the globe with similar scintillation characteristics are aligned with the magnetic poles and associated magnetic equator. The regions located approximately 15° north and south of the magnetic equator (shown in red) are referred to as the equatorial anomaly. These regions experience the most significant activity including deep signal fades that can cause a GNSS receiver to briefly lose track of one or more satellite signals. Less intense fades are experienced near the magnetic equator (shown as a narrow yellow band in between the two red bands) and also in regions immediately to the north and south of the anomaly regions. Scintillation is more intense in the anomaly regions than at the magnetic equator because of a special situation that occurs in the equatorial ionosphere. The combination of electric and magnetic fields about the Earth cause free electrons to be lifted vertically and then diffuse northward and southward. This action reduces the ionization directly over the magnetic equator and increases the ionization over the anomaly regions. The word “anomaly” signifies that although the sun shines above the equator, the ionization attains its maximum density away from the equator.

FIGURE 1. Global occurrence characteristics of scintillation. (Figure courtesy of P. Kintner)

Low-latitude scintillation is seasonally dependent and is limited to local nighttime hours. The high-latitude region can also encounter significant signal fades. Here scintillation may also accompany the more familiar ionospheric effect of the aurora borealis (or aurora australis near the southern magnetic pole) and also localized regions of enhanced ionization referred to as polar patches. The occurrence of scintillation at auroral latitudes is strongly dependent on geomagnetic activity levels, but can occur in all seasons and is not limited to local nighttime hours. In the mid-latitude regions, scintillation activity is rare, occurring only in response to extreme levels of ionospheric storms. During these periods, the active aurora expands both poleward and equatorward, exposing the mid-latitude region to scintillation activity. In all regions, increased solar activity amplifies scintillation frequency and intensity. Scintillation effects are also a function of operating frequency, with lower signal frequencies experiencing more significant scintillation effects.

Scintillation Activity. Scintillation may accompany ionospheric behavior that causes changes in the measured range between the receiver and the satellite. Such delay effects are not discussed in detail here but are well covered in the literature and in a previous white paper by our group (see Further Reading, available online).

Amplitude scintillation can create deep signal fades that interfere with a user’s ability to receive GNSS signals. During scintillation, the ionosphere does not absorb the signal. Instead, irregularities in the index of refraction scatter the signal in random directions about the principal propagation direction. As the signal continues to propagate down to the ground, small changes in the distance of propagation along the scattered ray paths cause the signal to interfere with itself, alternately attenuating or reinforcing the signal measured by the user. The average received power is unchanged, as brief, deep fades are followed by longer, shallower enhancements.

Phase scintillation describes rapid fluctuations in the observed carrier phase obtained from the receiver’s phase lock loop. These same irregularities can cause increased phase noise, cycle slips, and even loss of lock if the phase fluctuations are too rapid for the receiver to track.

Equatorial and Low Latitude Scintillations. As illustrated in Figure 1, the regions of greatest concern are the equatorial anomaly regions. In these regions, scintillation can occur abruptly after sunset, with rapid and deep fading lasting up to several hours. As the night progresses, scintillation may become more sporadic with intervals of shallow fading. FIGURE 2 illustrates the scintillation effect with an example of intense fading of the L1 and L2 GPS signals observed in 2002, near a peak of solar activity. The observations were made at Ascension Island located in the South Atlantic Ocean under a region that has exhibited some of the most intense scintillation activity worldwide. The receiver that collected this data was one that employs a semi-codeless technique to track the L2 signal. Scintillation was observed on both the L1 and L2 frequencies with 20 dB fading on L1 and nearly 60 dB on L2 (the actual level of L2 fading is subject to uncertainty due to the limitations of semi-codeless tracking). This level of fading caused the receiver to lose lock on this signal multiple times. Signal fluctuations depicted in red indicate data samples that failed internal quality control checks and were thereby excluded from the receiver’s calculation of position. The dilution of precision (DOP), which is a measure of how pseudorange errors translate to user position errors, increased each time this occurred. In addition to the increase in DOP, elevated ranging errors are observed along the individual satellite links during scintillation.

FIGURE 2. Fading of the L1 and L2 Signals from one GPS satellite recorded from Ascension Island on March 16, 2002. Absolute power levels are arbitrary. (Figure courtesy of C. Carrano)

FIGURE 3 illustrates the relationship between amplitude and phase scintillations, also using measurements from Ascension Island. As shown in the figure, the most rapid phase changes are typically associated with the deepest signal fades (as the signal descends into the noise). Labeled on these plots are various statistics of the scintillating GPS signal: S4 is the scintillation intensity index that measures the relative magnitude of amplitude fluctuations, τ_I is the intensity decorrelation time, which characterizes the rate of signal fading, and σ_φ is the phase scintillation index, which measures the magnitude of carrier-phase fluctuations.

FIGURE 3. Intensity (top) and phase scintillations (bottom) of the GPS L1 signal recorded from Ascension Island on March 12, 2002. (Figure courtesy of C. Carrano)

The ionospheric irregularities that cause scintillation vary greatly in spatial extent and drift with the background plasma at speeds of 50 to 150 meters per second. They are characterized by a patchy pattern as illustrated by the schematic shown in FIGURE 4. The patches of irregularities cause scintillation to start and stop several times per night, as the patches move through the ray paths of the individual GPS satellite signals. In the equatorial region, large-scale irregularity patches can be as large as several hundred kilometers in the east-west direction and many times that in the north-south direction. The large-scale irregularity patches contain small-scale irregularities, as small as 1 meter, which produce scintillation. Figure 4 is an illustration of how these structures can impact GNSS positioning. Large-scale structures, such as that shown traversed by the signal from PRN 14, can also cause significant variation in ionospheric delay and a loss of lock on a signal. Smaller structures, such as those shown traversed by PRNs 1, 21, and 6, are less likely to cause loss of the signal, but still can affect the integrity of the signal by producing ranging errors. Finally, due to the patchy nature of irregularity structures, PRNs 12 and 4 could remain unaffected as shown. Since GNSS navigation solutions require valid ranging measurements to at least four satellites, the loss of a sufficiently large number of satellite links has the potential to adversely affect system performance.

FIGURE 4. Schematic of the varying effects of scintillation on GPS.

FIGURE 5 illustrates the local time variation of scintillations. As can be seen, GPS scintillations generally occur shortly after sunset and may persist until just after local midnight. After midnight, the level of ionization in the ionosphere is generally too low to support scintillation at GNSS frequencies. This plot has been obtained by cumulating, then averaging, all scintillation events at one location over one year corresponding to low solar activity. For a high solar activity year, the same local time behavior is expected, with a higher level of scintillations.

FIGURE 5. Local time distribution of scintillation events from June 2006 to July 2007 (in 6 minute intervals). (Figure courtesy of Y. Béniguel)

FIGURE 6 (top panel) shows the variation of the monthly occurrence of scintillation during the pre-midnight hours at Ascension Island. The scintillation data was acquired by the use of Inmarsat geostationary satellite transmissions at 1537 MHz (near the GNSS L1 band). The scintillation occurrence is illustrated for three levels of signal fading, namely, > 20 dB (red), > 10 dB (yellow), and > 6 dB (green). The bottom panel shows the monthly sunspot number, which correlates with solar activity and indicates that the study was performed during the years 1991 to 2000, extending from the peak of solar cycle 22 to the peak of solar cycle 23. Note that there is an increase in scintillation activity during the solar maximum periods, and there exists a consistent seasonal variation that shows the presence of scintillation in all seasons except the May-July period. This seasonal pattern is observed from South American longitudes through Africa to the Near East. Contrary to this, in the Pacific sector, scintillations are observed in all seasons except the November-January period. Since the frequency of 1537 MHz is close to the L1 frequencies of GPS and other GNSS including GLONASS and Galileo, we may use Figure 6 to anticipate the variation of GNSS scintillation as a function of season and solar cycle. Indeed, in the equatorial region during the upcoming solar maximum period in 2012-2013, we should expect GNSS receivers to experience signal fades exceeding 20 dB, twenty percent of the time between sunset and midnight during the equinoctial periods.

FIGURE 6. Frequency of occurrence of scintillation fading depths at Ascension Island versus season and solar activity levels. (Figure courtesy of P. Doherty)

High Latitude Scintillation. At high latitudes, the ionosphere is controlled by complex processes arising from the interaction of the Earth’s magnetic field with the solar wind and the interplanetary magnetic field. The central polar region (higher than 75° magnetic latitude) is surrounded by a ring of increased ionospheric activity called the auroral oval. At night, energetic particles, trapped by magnetic field lines, are precipitated into the auroral oval and irregularities of electron density are formed that cause scintillation of satellite signals. A limited region in the dayside oval, centered closely around the direction to the sun, often receives irregular ionization from mid-latitudes. As such, scintillation of satellite signals is also encountered in the dayside oval, near this region called the cusp.

When the interplanetary magnetic field is aligned oppositely to the Earth’s magnetic field, ionization from the mid-latitude ionosphere enters the polar cap through the cusp and polar cap patches of enhanced ionization are formed. The polar cap patches develop irregularities as they convect from the dayside cusp through the polar cap to the night-side oval. During local winter, there is no solar radiation to ionize the atmosphere over the polar cap but the convected ionization from the mid-latitudes forms the polar ionosphere. The structured polar cap patches can cause intense satellite scintillation at very high and ultra-high frequencies. However, the ionization density at high latitudes is less than that in the equatorial region and, as such, GPS receivers, for example, encounter only about 10 dB scintillations in contrast to 20-30 dB scintillations in the equatorial region.

FIGURE 7 shows the seasonal and solar cycle variation of 244-MHz scintillations in the central polar cap at Thule, Greenland. The data was recorded from a satellite that could be viewed at high elevation angles from Thule. It shows that scintillation increases during the solar maximum period and that there is a consistent seasonal variation with minimum activity during the local summer when the presence of solar radiation for about 24 hours per day smoothes out the irregularities.

FIGURE 7. Variation of 244-MHz scintillations at Thule, Greenland with season and solar cycle. (Figure courtesy of P. Doherty)

The irregularities move at speeds up to ten times larger in the polar regions as compared to the equatorial region. This means that larger sized structures in the polar ionosphere can create phase scintillation and that the magnitude of the phase scintillation can be much stronger. Large and rapid phase variations at high latitudes will cause a Doppler frequency shift in the GNSS signals which may exceed the phase lock loop bandwidth, resulting in a loss of lock and an outage in GNSS receivers.

As an example, on the night of November 7–8, 2004, there was a very large auroral event, known as a substorm. This event resulted in very bright aurora and, coincident with a particularly intense auroral arc, there were several disruptions to GPS monitoring over the region of Northern Scandinavia. In addition to intermittent losses of lock on several GPS receivers and to phase scintillation, there was a significant amplitude scintillation event. This event has been shown to be very closely associated with particle ionization at around 100 kilometers altitude during an auroral arc event. While it is known that substorms are common events, further studies are still required to see whether other similar events are problematic for GNSS operations at high latitudes.

Scintillation Effects

We had mentioned earlier that the mid-latitude ionosphere is normally benign. However, during intense magnetic storms, the mid-latitude ionosphere can be strongly disturbed and satellite communication and GNSS navigation systems operating in this region can be very stressed. During such events, the auroral oval will extend towards the equator and the anomaly regions may extend towards the poles, extending the scintillation phenomena more typically associated with those regions into mid-latitudes.

An example of intense GPS scintillations measured at mid-latitudes (New York) is shown in FIGURE 8. This event was associated with the intense magnetic storm observed on September 26, 2001, during which the auroral region had expanded equatorward to encompass much of the continental U.S. This level of signal fading was sufficient to cause loss of lock on the L1 signal, which is relatively rare. The L2 signal can be much more susceptible to disruption due to scintillation during intense storms, both because the scintillation itself is stronger at lower frequencies and also because semi-codeless tracking techniques are less robust than direct correlation as previously mentioned.

FIGURE 8. GPS scintillations observed at a mid-latitude location between 00:00 and 02:00 UT during the intense magnetic storm of September 26, 2001. (Figure courtesy of B. Ledvina)

Effects of Scintillation on GNSS and SBAS

Ionospheric scintillation affects users of GNSS in three important ways: it can degrade the quantity and quality of the user measurements; it can degrade the quantity and quality of reference station measurements; and, in the case of SBAS, it can disrupt the communication from SBAS GEOs to user receivers. As already discussed, scintillation can briefly prevent signals from being received, disrupt continuous tracking of these signals, or worsen the quality of the measurements by increasing noise and/or causing rapid phase variations. Further, it can interfere with the reception of data from the satellites, potentially leading to loss of use of the signals for extended periods. The net effect is that the system and the user may have fewer measurements, and those that remain may have larger errors. The influence of these effects depends upon the severity of the scintillation, how many components are affected, and how many remain.

Effect on User Receivers. Ionospheric scintillation can lead to loss of the GPS signals or increased noise on the remaining ones. Typically, the fade of the signal is for much less than one second, but it may take several seconds afterwards before the receiver resumes tracking and using the signal in its position estimate. Outages also affect the receiver’s ability to smooth the range measurements to reduce noise. Using the carrier-phase measurements to smooth the code substantially reduces any noise introduced. When this smoothing is interrupted due to loss of lock caused by scintillation, or is performed with scintillating carrier-phase measurements, the range measurement error due to local multipath and thermal noise could be from three to 10 times larger. Additionally, scintillation adds high frequency fluctuations to the phase measurements further hampering noise reduction.

Most often scintillation will only affect one or two satellites causing occasional outages and some increase in noise. If many well-distributed signals are available to the user, then the loss of one or two will not significantly affect the user’s overall performance and operations can continue. If the user has poor satellite coverage at the outset, then even modest scintillation levels may cause an interruption to their operation. When scintillation is very strong, then many satellites could be affected significantly. Even if the user has excellent satellite coverage, severe scintillation could interrupt service. Severe amplitude scintillation is rarely encountered outside of equatorial regions, although phase effects can be sufficiently severe at high latitudes to cause widespread losses of lock.

Effect on Reference Stations. The SBAS reference stations consist of redundant GPS receivers at precisely surveyed locations. SBAS receivers need to track two frequencies in order to separate out ionospheric effects from other error sources. Currently these receivers use the GPS L1 C/A-code signal and apply semi-codeless techniques to track the L2 P(Y) signal. Semi-codeless tracking is not as robust as either L1 C/A or future civil L5 tracking. The L2 tracking loops require a much narrower bandwidth and are heavily aided with scaled-phase information from the L1 C/A tracking loops. The net effect is that L2 tracking is much more vulnerable to phase scintillation than L1 C/A, although, because of the very narrow bandwidth, L2 tracking may be less susceptible to amplitude scintillation. Because weaker phase scintillation is more common than stronger amplitude scintillation, the L2 signal will be lost more often than L1. The SBAS reference stations must have both L1 and L2 measurements in order to generate the corrections and confidence levels that are broadcast. Severe scintillation affecting a reference station could effectively prevent several, or even all, of its measurements from contributing to the overall generation of corrections and confidences. Access to the L5 signal will reduce this vulnerability. The codes are fully available, the signal structure design is more robust, and the broadcast power is increased. L5-capable receivers will suffer fewer outages than the current L2 semi-codeless ones, however strong amplitude scintillation will still cause disruptions. Strong phase scintillation may as well.

If scintillation only affects a few satellites at a single reference station, the net impact on user performance will likely be small and regional. However, if multiple reference stations are affected by scintillation simultaneously, there could be significant and widespread impact.

Effect on Satellite Datalinks. The satellites not only provide ranging information, but also data. When scintillation causes the loss of a signal it also can cause the loss or corruption of the data bits.

Each GPS satellite broadcasts its own ephemeris information, so the loss of data on an individual satellite affects only that satellite. A greater concern is the SBAS data transmissions on GEOs. This data stream contains required information for all satellites in view including required integrity information. If the data is corrupted, all signals may be affected and loss of positioning becomes much more likely.

Mitigation Techniques. There are several actions that SBAS service providers can take to lessen the impact of scintillation. Increasing the margin of performance is chief among them. The more satellites a user has before the onset of scintillations, the more likely he will retain performance during a scintillation event. In addition, having more satellites means that a user can tolerate more noise on their measurements. Therefore, incorporating as many satellites as possible is an effective means of mitigation. GNSS constellations in addition to GPS are being developed. Including their signals into the user position solution would extend the sky coverage and improve the performance under scintillation conditions. (See the white paper for other mitigation techniques.)

Conclusions and Further Work

Ionospheric scintillations are by now a well-known phenomenon in the GNSS user community. In equatorial regions, ionospheric scintillations are a daily feature during solar maximum years. In auroral regions, ionospheric scintillations are not strongly linked to time of the day. In the mid-latitude regions, scintillations tend to be linked to ionospheric disturbances where strong total electron content gradients can be observed (ionospheric storms, strong traveling ionospheric disturbances, solar eclipses, and so on).

While the global climatic models of ionospheric scintillations can be considered satisfactory for predicting (on a statistical basis) the occurrence and intensity of scintillations, the validation of these models is suffering from the fact that at very intense levels of scintillation, even specially designed scintillation receivers are losing lock. Also, the development of models that can predict reliably the size of scintillation cells (regions of equal scintillation intensity), which allows establishing joint probabilities of losing more than one satellite simultaneously, is still ongoing.

Acknowledgments

This article is based on the paper “Effect of Ionospheric Scintillations on GNSS — A White Paper” by the SBAS-IONO Working Group.

Manufacturers

The data presented in Figure 2 was produced by an Ashtech, now Ashtech S.A.S. Z-XII GPS receiver. The data presented in Figure 5 was obtained from Javad, now Javad GNSS and Topcon Legacy GPS receivers and GPS Silicon Valley, now NovAtel GSV4004 GPS scintillation receivers. The data presented in Figure 8 was obtained from a non-commercial receiver.

The Satellite-Based Augmentation Systems Ionospheric Working Group was formed in 1999 by scientists and engineers involved with the development of the Satellite Based Augmentation Systems in an effort to better understand the effects of the ionosphere on the systems and to identify mitigation strategies. The group now consists of over 40 members worldwide.

The scintillation white paper was principally developed by Bertram Arbesser-Rastburg, Yannick Béniguel, Charles Carrano, Patricia Doherty, Bakry El-Arini, and Todd Walter with the assistance of other members of the working group.

FURTHER READING

• SBAS-IONO Working Group White Papers

Effect of Ionospheric Scintillations on GNSS – A White Paper by the Satellite-Based Augmentation Systems Ionospheric Working Group, November 2010.

Ionospheric Research Issues for SBAS – A White Paper by the Satellite-Based Augmentation Systems Ionospheric Working Group, February 2003.

• Scintillation Spatial and Temporal Variability

“Morphology of Phase and Intensity Scintillations in the Auroral Oval and Polar Cap” by S. Basu, S. Basu, E. MacKenzie, and H. E. Whitney in Radio Science, Vol. 20, No. 3, May–June 1985, pp. 347–356, doi: 10.1029/RS020i003p00347.

“Global Morphology of Ionospheric Scintillations” by J. Aarons in Proceedings of the IEEE, Vol. 70, No. 4, April 1982, pp. 360–378, doi: 10.1109/PROC.1982.12314.

“Equatorial Scintillation – A Review” by S. Basu and S. Basu in Journal of Atmospheric and Terrestrial Physics, Vol. 43, No. 5/6, pp. 473–489, 1981, doi: 10.1016/0021-9169(81)90110-0.

• Effects of Scintillations on GNSS

“GNSS and Ionospheric Scintillation: How to Survive the Next Solar Maximum by P. Kintner, Jr., T. Humphreys, and J. Hinks in Inside GNSS, Vol. 4, No. 4, July/August 2009, pp. 22–30.

“Analysis of Scintillation Recorded During the PRIS Measurement Campaign” by Y. Béniguel, J.-P. Adam, N. Jakowski, T. Noack, V. Wilken, J.-J. Valette, M. Cueto, A. Bourdillon, P. Lassudrie-Duchesne, and B. Arbesser-Rastburg in Radio Science, Vol. 44, RS0A30, 11 pp., 2009, doi:10.1029/2008RS004090.

“Characteristics of Deep GPS Signal Fading Due to Ionospheric Scintillation for Aviation Receiver Design” by J. Seo, T. Walter, T.-Y. Chiou, and P. Enge in Radio Science, Vol. 44, RS0A16, 2009, doi: 10.1029/2008RS004077.

“GPS and Ionospheric Scintillations” by P. Kintner, B. Ledvina, and E. de Paula in Space Weather, Vol. 5, S09003, 2007, doi: 10.1029/2006SW000260.

A Beginner’s Guide to Space Weather and GPS by P. Kintner, Jr., unpublished article, October 31, 2006.

“Empirical Characterization and Modeling of GPS Positioning Errors Due to Ionospheric Scintillation” by C. Carrano, K. Groves, and J. Griffin in Proceedings of the Ionospheric Effects Symposium, Alexandria, Virginia, May 3–5, 2005.

“Space Weather Effects of October–November 2003” by P. Doherty, A. Coster, and W. Murtagh in GPS Solutions, Vol. 8, No. 4, pp. 267–271, 2004, doi: 10.1007/s10291-004-0109-3.

“First Observations of Intense GPS L1 Amplitude Scintillations at Midlatitude” by B. Ledvina, J. Makela, and P. Kintner in Geophysical Research Letters, Vol. 29, No. 14, 1659, 2002, doi: 10.1029/2002GL014770.

• Previous “Innovation” Articles on Space Weather and GNSS

“GNSS and the Ionosphere: What’s in Store for the Next Solar Maximum?” by A. Jensen and C. Mitchell in GPS World, Vol. 22, No. 2, February 2011, pp. 40–48.

“Space Weather: Monitoring the Ionosphere with GPS” by A. Coster, J. Foster, and P. Erickson in GPS World, Vol. 14, No. 5, May 2003, pp. 42–49.

“GPS, the Ionosphere, and the Solar Maximum” by R.B. Langley in GPS World, Vol. 11, No. 7, July 2000, pp. 44–49.

April 1, 2012
Sensing Location: Software Receiver Estimates Signal States During Outages

By Hans-Georg Büsing, Ulrich Haak, and Peter Hecker

Future safety-relevant driver assistant systems demand vehicle state estimations accurate enough to match the position within a road lane, which cannot be provided by standalone GPS. A promising approach to meet the requirements is the fusion of standalone or differential GNSS measurements with vehicle sensor data like odometers or accelerometers. To achieve deeper sensor integration, a software GNSS receiver was developed at the Institute of Flight Guidance (IFF) that is able to use dead reckoning sensors to support its signal acquisition. This article presents an approach to estimate the signal states during outages based on the tightly coupled vehicle state, which reduces the reacquisition time and significantly increases the signal availability.

GNSS-based navigation is a key enabler for future advanced driver assistance systems (ADAS). Car manufacturers have identified automotive assistance systems as core devices to propose their uniqueness mainly in the luxury and upper-class market segments. While the precision and availability of loosely coupled single-frequency GPS navigation satisfies the requirements of typical route guidance systems, future automotive systems — especially those that enhance driving safety — are more demanding on positioning system performance.

The Institute of Flight Guidance (IFF) of the Technische Universität, Braunschweig, Germany, is involved in two research projects evaluating the performance of unaided traditional GNSS receivers coupled with vehicle sensor measurements such as odometers in a tightly coupled architecture. Besides these involvements, the IFF has developed a general-purpose software-based GNSS receiver allowing full access to signal processing routines.

The benefits of the tight sensor fusion are reliable state estimations even during total signal outages that are common in the automotive sector due to tunnels, parking decks, or urban canyons. In this architecture, the GNSS receiver works autonomously to deliver raw GNSS-measurements only. Additional knowledge provided by the vehicle sensors cannot be used to support the receiver in any way. Besides other beneficial aspects in the tracking channels, additional external knowledge about the vehicle state has the potential to reduce acquisition times and improve the measurement availability significantly.

The Institute of Flight Guidance uses a software environment called “Automotive Data and Time-Triggered Framework” (ADTF) for research in the field of ADAS and automotive navigation. In this software framework, the overall system architecture is assembled with independent modules. These modules are implemented as libraries and loaded into ADTF. Data is exchanged via pins that are defined as public variables. The framework also attaches timestamps to the individual measurements and adds a data recording and playback functionality.

From a general-purpose software GNSS receiver, presented at the ION GNSS 2010, we have derived an automotive-specific ADTF software receiver module. The software framework adds the flexibility to synchronously process measurements from vehicle sensors additionally to the IF data from the front end. This gives us the opportunity to aid signal processing in the software GNSS receiver with additional external sensors.

For positioning, a tightly coupled positioning filter based on GPS raw data measurements and the rear-wheel odometers is implemented. The vehicle’s motion is modeled using a kinematic relationship between the vehicle sensors and the GNSS measurements.

Based on the tightly coupled vehicle state estimation, an acquisition state is processed during signal outages that enables the software GNSS receiver to reacquire the satellite signal instantaneously with high precision.

In this article, the constituent parts of the system are presented and the estimation of the acquisition state derived. The system was tested in an urban scenario, and the state estimations validated with the recorded measurements.

System Architecture

The software-defined GNSS receiver developed by the IFF was designed to process the computationally expensive signal correlation on an Nvidia graphics board using the vast parallel processing capability of graphics processing units (GPUs). With the use of common graphics boards, an entire receiver can be implemented on an ordinary PC, needing only a front-end to receive digital GNSS signals in an intermediate frequency (IF) band.

For research in the field of vehicle state estimation, a derivate of the software receiver of the Institute of Flight Guidance has been implemented in the “Automotive Data and Time-Triggered Framework” (ADTF). The software is commonly used in the automotive industry for the development of ADAS. Figure 1 shows a typical system layout in ADTF. A central component of the framework is the ability to record and play back measurement data, which is indicated by the buttons on the left of the screenshot.

Figure 1. System Architecture in ADTF. (Click to enlarge.)

Within ADTF, the systems are assembled from modules that are shown as blocks within the graphical configuration editor. Standard modules such as the connection of common hardware are provided with the framework. Custom modules can be implemented in C++ by the user. Every module is implemented as a dynamic library (DLL) and interpreted by the framework. Modules can be featured with input and output pins.

These pins are implemented by using specific data types from the framework. The communication and data exchange between the modules is handled via these pins. They can be connected by graphically drawing connector lines in the configuration editor.

ADTF provides the user with classes for timing and threading. Processes can thereby be linked to the ADTF system time, which is especially important as the data replay can be slowed down or sped up for debugging.

The instantaneous reacquisition algorithm is based on a traditional approach of tightly coupling GNSS raw data with vehicle sensor measurements. The fusion is based on a kinematic model following the Ackermann geometry establishing the relationship between the vehicle’s motion and the respective measurements.

At each time step of an arriving measurement, the vehicle’s motion is predicted based on the last estimated state with an extended Kalman filter. The prediction is then corrected using either measurements from the vehicle sensors or GNSS raw measurements. The range and Doppler measurements are calculated in the tracking channels of the ADTF software GNSS receiver. The corrected vehicle state is then fed back into the kinematic model for the next update cycle.

In case the GNSS signal is lost in a tracking channel, a virtual tracking channel is initialized with the last calculated channel states. The change in the channel output is then predicted utilizing the change in the vehicle state and the current evaluation of the ephemeris. The schematic implementation of the channel state prediction is shown in Figure 2.

Figure 2. Schematic of Channel State Prediction. (Click to enlarge.)

Signal State Estimation

Using the tightly coupled architecture presented above, an estimated position and velocity can even be provided during total signal outages. Assuming that the last valid observation of a satellite signal is stored together with its respective time t_o and position, an estimation of the signal state (that is, Doppler frequency, code- and carrier-phase) based on the estimation of the vehicle state during the signal outage at time t₁ can be used for an instantaneous signal reacquisition. Using the ephemeris data provided by the respective GPS satellite the range between a user position x_u and the satellite x_sv can be calculated using the following terms
    (1)
and
(2)
with |…| indicating the Euclidian distance.

Therefore the change of the range can be obtained with equations (1) and (2):
(3)
Assuming an unbiased Gaussian error distribution of the measurements, the tightly coupled system provides an estimation of the covariance matrix of the vehicle state. Using only the submatrix
(4)
related to the vehicle position, the covariance of the user position along the line-of-sight to the satellite can be obtained with the Euclidean norm of the line-of-sight vector
(5)
and the law of error propagation:
(6)

Furthermore, using the law of error propagation, it can be shown that the variance of the change of range estimation in equation (3) is obtained by:
   (7)

With the last valid range measurement related to time t_o, the signal state at time t₁ can be obtained for the pseudo-range PSR
   (8)
and the carrier phase Φ:
    (9)

The resulting variance of these estimations can by expressed by
   (10)
and
   (11)
respectively. The estimate of the Doppler and the related variance can be obtained analogous.
Considering the variances of the estimation, it can be decided if the signal can be reacquired instantaneously or if the receiver has to find the signal using standard acquisition routines in a limited search space.

Experimental Validation

The Volkswagen Passat station wagon operated by the Institute of Flight Guidance was used to evaluate the performance of the proposed algorithm (see PHOTO.) The test vehicle is customized from the standard by adding an additional generator to meet the power requirements of the measurement and processing hardware. In addition, the Controller Area Network (CAN) is mirrored and open to access the data collected by the sensors of the vehicle. The relevant sensors include a longitudinal accelerometer, a gyro for measuring the yaw rate as well as the odometers of all four wheels. The test vehicle is equipped with a GNSS front-end developed by the Fraunhofer Institute for Integrated Circuits. It is capable of streaming L1, L2, and L5 RF samples via two USB ports. The sampling rate of L1 is 40.96 MHz at an intermediate frequency of 12.82 MHz.

Test Vehicle. A customized Volkswagen Passat was used to evaluate performance of the algorithm.

The vehicle sensor data is streamed via CAN to an automotive PC from Spectra. It is equipped with an Intel quadcore CPU, 8 GB RAM, a Vector PCI CAN device and 256 GB SATA solid state disk allowing up to 195 MB/s writing speed. Additionally, it has been equipped with an Nvidia GeForce GT 440 graphics board that is used for processing the GNSS RF data. This specific graphics board was chosen because it offers a comparably high performance of the GPU at relatively low power consumption.

Both GNSS RF data and data from the vehicle sensor network are streamed to an ADTF hard disk recorder. Due to the setup of the data acquisition, several challenges have to be solved. The first challenge is that the front-end needs to be used as hardware-in-the-loop. It is by itself not equipped with an automated gain control. Therefore, it is not possible to just stream the RF data but it has to be decoded, processed for adjusting the gain, and then stored to the hard drive.

Secondly, the recording setup needs to cover high data rates. The GNSS front-end streams approximately 20 MB/s. As the data needs to be decoded and processed for gain control, the expanded data rate for recording is ~40 MB/s. In total including vehicle sensor measurements, >2000 data packets per second are streamed to the recorder. Because this could not be done using mechanical hard drives, we used solid state disks that also allow data storage during times of high vibration.

Related to the before-mentioned challenges, an efficient thread management needed to be implemented. The software framework’s threading classes are utilized to parallelize the receiver processes. Additionally, it has arisen that a significant part of the processing time is taken by the data transfer to the memory of the GPU.

In order to prove the advantages of an odometer-aided reacquisition, an applicable testing scenario was chosen. To distinguish an odometer-based aquisition approach from a model-based approach, a trajectory was chosen that features a right turn of 90 degrees immediately after cutting off the GNSS signal. A model-based kinematic prediction would project the trajectory in the direction of the latest known heading derived by the GNSS solution. Only a sensor-based state estimation is able to resolve the right turn. The driven trajectory is shown in Figure 3.

The GNSS signal has been cut off for approximately 10 seconds, which is equivalent of a 75-meter drive on dead reckoning sensors only after the right turn.

Figure 3. Trajectory of test drive includes a 90-degree turn. (Click to enlarge.)

Results

The following plots in Figure 4 show the performance of the virtual tracking channels. The plots in the upper row show the pseudorange output over time. For vividness they have been corrected for the motion of the respective satellite that is dominant due to their high speeds. Over a short period of time the satellites’ motion relative to the receiver can be linearly approximated. The pseudorange measurements over time were fit using a linear regression. The respective value of the linear regression was then subtracted from the pseudorange and plot over time as shown in the figures in the second row, leaving only the approximated influence of the vehicle’s motion.

Figure 4. Modified pseudorange and Doppler results of the virtual tracking channels. (Click to enlarge.)

The Doppler measurements have been similarly compensated by just subtracting the minimum measurement. These modifications of the pseudorange and Doppler measurements allow a direct comparison of each other as the Doppler can be understood as the first derivate of the pseudorange over time.

The results of PRN 6 show that the Doppler estimate during the GPS outage smoothly fits into the surrounding measurements without any major outliers. The plot of the pseudorange shows a similar behavior. The pseudorange could have potentially been modeled using a dynamic prediction that is not based on vehicle sensors due to the limited dynamics on the pseudorange measurements.

The Doppler plot of PRN 16 shows a strong change in the relative velocity between satellite and receiver. If a further projection of the Doppler using a linear dynamic model would have been used instead of predicting with vehicle sensors, it would likely have misled the reacquisition by ~ 50 Hz. The trend in the pseudorange measurements is comparable to PRN 6 at a higher rate of change.

The plots of PRN 21 probably show the advantages of using vehicle sensors for reacquisition best as the dynamics on pseudorange and Doppler are the most significant in the group. Both pseudorange and Doppler show a turning point during the GNSS outage. Especially, the pseudorange would have been mismodeled using a kinematic predicion that is not relying on additional sensors.

Conclusion

In this article, a tightly coupled positioning system implemented in the automotive-specific framework ADTF was presented that is based on the fusion of standard automotive sensor data and software receiver measurements. We showed that, using the tightly coupled solution, an acquisition state during signal outages can be estimated that allows the tracking channels to reacquire the signal instantaneously without the need of computationally expensive acquisition routines.

Under the assumption of a tightly coupled RTK position and small outage times, a reacquisition of the carrier phase without loosing the information about the phase ambiguity seems possible.

In the next version of the automotive GNSS receiver, the authors are planning to integrate the vehicle sensors to aid the tracking loops, which is likely to further improve tracking continuity especially in scenarios with high vegetation. Additionally, we plan to show that the implementation is capable of working in real time. Improvements of the initialization of the virtual tracking loops are also intended.

Acknowledgments

This article is based on a paper presented at ION-GNSS 2011, held September 19–23 in Portland, Oregon.

This work was funded by the Federal State of Lower Saxony, Germany. Project: Galileo – Laboratory for the research airport Braunschweig.
The authors would like to thank their colleagues working in the automotive navigation group for continuous support with the ADTF framework.

Hans-Georg Büsing holds a Dipl.-Ing. in aerospace engineering from the Technische Universität Braunschweig and has been a research engineer at IFF since 2008. He works in the area of applied satellite navigation, especially in the field of vehicle positioning.

Ulrich Haak holds a Dipl.-Ing. in mechanical engineering from the Technische Universität Braunschweig and joined IFF in 2008 as a research engineer. He works in the areas of receiver design and positioning algorithms.

Peter Hecker joined IFF in 1989 as research scientist. Initial focus of his scientific work was in the field of automated situation assessment for flight guidance. From 2000 until 2005, he was head of the DLR Pilot Assistance department. Since April 2005, he has been director of IFF. He is managing research activities in the areas of air/ground cooperative air traffic management, airborne measurement technologies and services, satellite navigation, human factors in aviation, and safety in air transport systems.

March 1, 2012
Patch Antennas for the New GNSS
By Gyles Panther

Small ceramic patch elements offer nearly perfect single-frequency receive characteristics and have become the standard for GPS L1 antennas. However, the new generation of GNSS receivers now being introduced track many satellites in multiple constellations. Are these narrow-band devices up to the task for wider bandwidths?

L1 Compass and GLONASS navigation signals are broadcast on frequencies close to GPS L1, but the offset exceeds the circular-response bandwidth of small patch antennas. This article discusses the nature of the defects to be expected with the use of small patches over the broader bandwidths required, and contrasts this with the higher performance of dual-feed patch antennas.

It is very difficult to evaluate the relative merits of GNSS antennas without very specialized equipment and resources. An accurate method for comparative evaluation of competing antennas is described that makes use of the C/N0 values reported by GNSS receivers.

A particular challenge facing GNSS is the threat posed by encroaching interfering signals; the LightSquared terrestrial segment signals often being quoted. Relatively simple measures are described to make GNSS antennas immune and the small resulting hit to antenna performance is quantified.

Circularly-Polarized Carrier Signals

The civilian signals transmitted from GNSS satellites are right hand circularly polarized (RHCP). This allows for arbitrary orientation of a receiving patch antenna (orthogonal to the direction of propagation) and, with a good co-polarized antenna, has the added benefit of cross polarization rejection.

For conceptualization, circularly polarized (CP) signals can be thought of as comprised of two orthogonal, linearly polarized signals offset in phase by 90 degrees, as shown in fig 1 below. With one feed defined as I (in-phase), and the other Q (quadrature), the response of the antenna will either be LHCP or RHCP depending upon the polarity of the Q signal phase relative to that of the I signal.

If a CP signal is reflected from a metallic surface (such as metalized glass), the reflected signal becomes cross-polarized, so that a reflected RHCP signal becomes LHCP, and vice-versa. Unlike the linearly polarized (LP) case, a good CP receiving antenna will reject cross-polarized signals resulting from a single reflection. In this respect, reception of CP signals by a CP antenna is considerably improved relatively to linearly polarized signals.

FIGURE 1. Graphic representation of circular polarization (from Innovation column, July 1998 GPS World).

Frequency Plans

At this time, four global navigation satellite systems (GNSS) are either in service or expected to achieve full operational capability within the next 2–3 years: GPS, of course, GLONASS, also now fully deployed, Galileo, and Compass, expected to be deployed over the next two years.

Thus the systems and signals to be considered are:
- GPS-L1 at 1575.42 MHz;
- GLONASS L1, specified at 1602MHz (+6, –7) × Fs, where Fs is 0.5625 MHz;
- Compass at 1561 MHz;
- Galileo L1 as a transparent overlay on the GPS system at 1575.42 MHz.
It has emerged that considerable accuracy and availability benefits derive from tracking a larger number of satellites from multiple constellations. Notably, STMicroelectronics has produced an excellent animation of the GPS and GLONASS constellations that shows the theoretical improvement in accuracy and fix availability that derive from simultaneously tracking GPS and GLONASS satellites in Milan, For a really interesting comparison check out www.youtube.com/watch?v=0FlXRzwaOvM.

Most GNSS chip manufacturers now have multi-constellational GNSS receiver chips or multi-chip modules at various stages of development. It is awe-inspiring that the navigational and tracking devices in our cars and trucks will in the very near future concurrently track many satellites from several GNSS constellations. Garmin etrex 10/20/30 handhelds now have GLONASS as well as GPS capability.

Small single-feed patch antennas have good CP characteristics over a bandwidth up to about 16 MHz. This format is cheap to build and provides almost ideal GPS L1 characteristics.

Multi-constellation receivers such as GPS/GLONASS require antennas with an operational bandwidth of up to 32 MHz, and up to 49 MHz to also cover Compass.

Patch Antenna Overview

The familiar patch element is a small square ceramic substrate, fully metalized on one side, acting as a ground plane, and on the other, a metalized square patch. This structure constitutes two orthogonal high-Q resonant cavities, one along each major axis. An incident circular electromagnetic wave induces a ground current and an induced voltage (emf) between the patch edge and ground plane so that at resonance, the cavity is coupled to free space by these fringing fields.

A typical low-cost GPS L1 patch is a 25 × 25 × 4 mm block of ceramic (or smaller) with a single-feed pin. Patches as small as 12 mm square can be fabricated on high-dielectric constant substrates, but at the cost of lower gain and bandwidth. The two axes are coupled either by chamfered patch corners or by offset tuning plus diagonal feed pin positions (Figure 2).

FIGURE 2. Patch RHCP configurations: left, corner chamfer; right, diagonal feed.

An alternate form of patch antenna has independent feeds for each axis. The feeds are combined in a network that fully isolates the two feeds. Dual-feed antennas can provide nearly ideal characteristics but are inherently more expensive to build. See Figure 3.

FIGURE 3. Dual-feed patch (left) and feed combiner (right).

Basic Performance Parameters

The factors that have a direct bearing on patch performance are:
- Gain and radiation pattern;
- Available signal-to-noise as a function of receiver gain and low-noise amplifier (LNA) noise figure;
- Bandwidth, measured as: radiated power gain bandwidth; impedance bandwidth; or axial ratio bandwidth.
Gain and Radiation Pattern. Patch antennas are specified and usually used with an external ground plane, typically 70 or 100 millimeters (mm) square. Without an external ground plane a reasonable approximation of the radiation pattern is a circle tangential to the patch ground plane with a peak gain of about 3 dBic (dBic includes all power in a circular wave). The addition of an external ground plane increases the peak gain at zenith by up to 2 dB.

The pattern shown in Figure 4 is typical for a 25 mm patch on a 100 mm ground plane. The gain peaks just under 5 dBic, dropping to about 0 dB at an elevation angle of ±60 degrees (the horizon is 90 degrees).

FIGURE 4. Radiation pattern for 25 mm patch on 100 mm ground plane.

Table 1 tabulates approximate gain values at zenith for a range of GPS L1 patch sizes, mounted on a 100-mm ground plane, at resonance, radiated with a RHCP signals (that is, dBic).

TABLE 1. Patch size versus gain at zenith.

Clearly, gain is significantly lower for patches smaller than 25 mm square. Not illustrated here is that the bandwidths of antennas smaller than 25 mm also become too narrow for consideration for anything other than single-frequency signals such as GPS L1.

Achievable C/N₀. The carrier signal-to-noise density ratio (C/N₀) is a fundamental measure of signal quality and hence antenna performance. For a given receiver, if the C/N₀ is degraded due to any cause, be it a poorly tuned patch or bad LNA noise figure or other, the shortfall in performance is non-recoverable.

The effective isotropic radiated power (EIRP) of the transmitted GPS L1 signal from the space vehicles is approximately 27 dBW. If D is the range to the satellite, and λ is the carrier wavelength, the free space path loss, PL, is given by

PL = [ λ / (4 × π × D)]²

The signal power received at the antenna terminals, P_r, is given by:

P_r = EIRP × G_r × PL

where G_r is the receive antenna gain.

The noise power in a 1 Hz bandwidth, N₀, referred back to the antenna terminals is given by:

N₀ = 10log(T_e × k),

where T_e is the overall system noise temperature, and k is the Boltzmann constant.

Thus C/N₀, the ratio of received carrier power to noise in a 1 Hz bandwidth, referred to the antenna is

C/N₀ = Pr / N₀

Quantifying this calculation: For λ = 0.19 meters (corresponding to the L1 frequency), and an orbit height of 21,000 kilometers, the path loss,

PL = –182.8 dBW.

The received signal power,

P_r = EIRP(dBW) + G_r(dB)+ PL(dB)

(in dBW)

Assuming the mid-elevation antenna gain, G_r, is 3 dBic,

P_r = –152.8 dBW.

For a cascaded system such as a GPS receiver, the overall noise temperature is given by:

T_e = T_s + T_lna + T_gps/G_lna

where T_e is the overall receiver system noise temperature, T_s is an estimate of sky-noise temperature at 1575.42 MHz, assumed to be 80 K, Tlna is the LNA noise temperature (76 K for an LNA noise figure of 1 dB), G_lna is the LNA gain (631 for 28 dB gain), and T_gps is the noise temperature of the GPS receiver (636 K for 5 dB receiver noise figure).

Thus, T_e = 157.1 K and N₀ = –206.6 dBW.

The available ratio of received carrier power to 1 Hz noise, C/N₀, referenced to the antenna is:

C/N₀ = P_r/(T_e × k) –
(implementation loss)

where implementation loss is an estimate of the decode implementation loss in the GPS receiver, assumed to be 2 dB (something of a fiddle factor, but reasonable!)

Thus, C/N₀ = –152.8 – (–206.6) – 2 dB = 51.8 dB.

For satellites that subtend a high elevation angle, the reported C/N0 could be 2 dB higher or 53.8 dB best case.

A good circular antenna should provide C/N₀ values in the range 51 dB–53 dB. This can be checked using the (NMEA) $GPGSV message output from most GNSS receivers. Comparative measurement of C/N₀ provides the basis for comparative antenna evaluation as described later.

Single-Feed Bandwidth. Bandwidth of single-feed patches can be defined in several quite different ways.
- Radiated power gain bandwidth: the bandwidth over which the amplitude at the terminals of the receiving antenna is not more than X dB below the peak amplitude, with an incident CP field.
- Axial ratio bandwidth: the bandwidth over which the ratio of the maximum to minimum output signal powers for any two orthogonal axes is less than Y dB. This is an indicator of how well the antenna will reject cross-polarized signals.
- Return loss (RL) or impedance bandwidth: that over which the feed input return loss is less than Z dB. This is very easy to measure, and gives the most optimistic bandwidth value.
The input impedance of a single-feed patch is shown in Figure 5. The rotated W-shape of the single-feed patch impedance is a result of the coupling between the two axes of the patch. The 10 dB return loss, called S11, is shown as a circle, outside of which |S11| > –10 dB.

These measures of bandwidth are shown for 25 × 25 × 4 mm and two thicknesses of 36 mm² antennas in Table 2.

FIGURE 5. S11 for a 25 mm single-feed patch.

TABLE 2. The various measures of patch bandwidth.

These different measures yield large differences in bandwidth. The merits of each depends on what is important to the user.

From a purist viewpoint, the most intuitively useful measure of bandwidth is the 0.5 dB radiated gain value. Even then, at the band edges so defined, the axial ratio for a 25 mm² × 4 mm patch is degraded to about 5 dB, just on the negative side of ok.

As shown in Table 2, the 10 dB return loss bandwidth is comparatively wide. Figure 6 shows the EФ and Eϴ fields for a 36-mm patch a) at resonance and, b) and c), at the upper and lower –10 dB RL frequencies. At resonance the fields are equal, and the radiation is circular (add 3 dB for the CP gain). At the two 10 dB RL offset frequencies, the axial ratio is about 9 dB, with the dominant axis swapped at the band edges.

(a)

(b)

(c)
FIGURE 6. (a) Realized gain patterns EФ and Eθ, single-feed at resonance, Fc. (b) realized gain patterns EФ and Eθ , single-feed, Fc+F_{–10 dB}.
(c) realized gain patterns EФ and Eθ, single-feed, Fc-F_+10dB.

As a transmitter, a 10 dB return loss would correspond to 90 percent of the energy transmitted, in this case, mostly on a single axis. By reciprocity, as a receiver, the single axis gain of the patch at the 10 dB RL frequency is higher (by about 2 dB ) than at resonance. So, if a linear response can be tolerated, the 10 dB bandwidth is a useful measure, albeit for a very non-ideal response.

Because the two axes are only balanced at resonance, single-feed patches are only truly circular at resonance. An ideal CP antenna has an equal response to a linearly polarized signal, for any rotational angle of incidence. Figure 7 shows the response of a CP antenna to a LP signal for any rotation, which is 3 dB down relative to the response to a co-polarized CP wave.

Figure 7. Perfect CP response to linearly polarized waveform.

In contrast, Figure 8 shows the responses of a single-feed patch (25 mm² × 4 mm) as a function of field rotation with a linearlarly polarized wave. Note that, at resonance, all of the responses have the same amplitude because the patch is circular at that frequency.

Figure 8. 25-millimeter single-feed patch response to linear polarization rotation.

The responses shown above are for the following conditions:

A) single axis excitation (axis A)
B) single axis excitation (axis B)
C) equal axis excitation, antipodal
D) equal axis excitation, in-phase.

The relevance of this is that a circular polarized wave can become elliptical as a result of multipath interference. Figure 8 shows that the antenna response can be highly variable as a function of the angle of the ellipse principal axis. This is another way of looking at impaired cross-polarization rejection.

In addition, poor axial ratio results in non-equal contributions from each of EФ and Eϴ as the E vector of a linearly polarized wave is rotated. Thus an antenna with a poor axial ratio has a non-linear phase response, unlike a truly CP antenna which has an output phase that rotates proportionally with the E vector rotation.

25 mm²patches for GPS/GLONASS applications are tuned to the mid frequency of 1590 MHz. Because the RHCP response is narrow, so is the cross polarization rejection, which is also centered at 1590 MHz, Figure 9 shows the simulated response of a single-feed 25 mm patch to co-polarized and cross polarized fields.

Figure 9. Co-polarized and cross polarized response, single-feed patch.

The cross-polarization rejection is degraded at both GPS and GLONASS frequencies, so that much of the ability of the antenna to reject reflected signals is lost.

Against these criteria, a 25 × 25 × 4 mm single-feed patch element can provide good CP performance over about 16 MHz. Of course, initial tuning tolerance must be subtracted from this. However, even within the 0.5 dB radiated gain bandwidth the axial ratio rapidly becomes degraded to about 5 dB, and at larger offsets, the patch response becomes virtually linearly polarized, with poor cross-polarization rejection and phase response. However, as a redeeming feature, the single-feed patch has a wideband frequency response albeit linearly polarized at the GPS and GLONASS frequencies (the band edges).

Dual-Feed Patches

By comparison, dual-feed patches can provide almost ideal characteristics over the bandwidth of the patch element. Figure 3 shows a typical physical configuration and a schematic representation for the feed combining network. This ensures that the two axis feeds are fully isolated from each other over all frequencies of interest. The well known 90-degree hybrid coupler provides exactly the required transfer function.

The Smith chart in Figure 10 shows the impedance of one of the two feeds (that is, one axis) and the combiner output impedance, this being just a small locus close to 50 ohms.

Figure 10. Dual-feed patch, single axis and combiner S11.

Contributions from each axis at all frequencies are theoretically identical for a perfect specimen, so that the configuration naturally has an almost ideal axial ratio (0 dB).

Gain and Radiation Pattern. At resonance, the mode of operation of the single and dual-feed patches is identical so, unsurprisingly, the gain and radiation pattern are also the same; see Figure 4.

Dual-Feed Bandwidth. The 1 dB radiation bandwidth of a dual-feed patch is just less than 1 MHz narrower than if configured as a single feed. Otherwise, the bandwidth of a dual-feed patch is simply the resonant characteristic of the cavities comprised of each axis. The allowable in-band roll-off defines the patch bandwidth, which in any event should not be worse than 1.0 dB, including initial tuning errors. The response for a 36 × 36 × 6 mm patch is shown in Figure 11.

Figure 11. Co-polarization and cross-polarization response, dual-feed patch.

Axial Ratio. Because the axial ratio of dual-feed patches is inherently good, the cross-polarization rejection is also good. The simulated cross-polarization response for the dual-feed patch is also shown in Figure 11.

In reality, small gain and phase imbalances in the printed circuit board, hybrid coupler, and patch itself will prevent the axial ratio from being perfect and cross-polarization response not quite so ideal. With good manufacturing controls, axial ratio can be held to typically better than 2 dB.

The obvious question is, since dual-feed devices have nearly ideal characteristics, why not just make a low cost small dual-feed antenna? There are three issues: The first is that the feed offsets required for a 25 mm2 patch are physically too close for two feed pins. Secondly, a dual-feed structure requires an additional relatively expensive combiner component; thirdly, sometimes, the only way to achieve the necessary bandwidth is through the considerably extended, but linearly polarized bandwidth of the single-feed patch.

That said, were it possible, it would be the ideal solution.

Comparative Performance

The C/N₀ value reported in the NMEA $GPGSV message provides a simple method for comparative evaluation of GNSS antennas. The idea is to compare reported C/N₀values for a number of competing antenna types.

This requires a reference GPS receiver, a logging computer and the antennas to be evaluated, and these should be arranged so that:
- The computer is set up to log the NMEA $GPGSV messages output from the receiver ($GLGSV for GLONASS).
- Each antenna is placed and centered on identical ground planes (100 mm),
- The antennas-under-test are not closer to each other than 0.5 meters (to ensure no coupling), and
- Each antenna-under-test has a clear sight of the whole sky, and
- It is possible to quickly switch the antenna connectors at the receiver.
The method is to connect each antenna in sequence for 15 seconds or so, and to log NMEA data during that time. The antenna connector substitution should be slick, so that the receiver quickly re-acquires, and to validate the assumption of a quasi-stationary constellation.

Each NMEA $GPGSV message reports C/N_0, at the antenna, for up to 4 satellites in view. The best reported average C/N₀ value for specific satellites 49 dB and above are the values of interest. The winner is the highest reported C/N₀ value for each constellation.

This sequence should be repeated a few times to get the best estimate. The important parameter is the difference between the reported C/N₀ and the receiver acquisition C/N₀ threshold. If the acquisition C/N₀ threshold is –30 dB, an antenna that yields –49 dB C/N₀ has a 19 dB margin, while an antenna that yields 52 dB has a 22 dB margin — a big difference.

Immunity to LightSquared

Much has been written regarding the threat of the prospective terrestrial segment that the LightSquared L-band communication system poses for GPS (and GNSS in general), which mostly is true. On the other hand, front-end protection for GNSS antennas is a relatively simple, inexpensive addition. The performance cost (in addition to a very small dollar cost increment) is an unavoidable but relatively small sensitivity hit. Note that L-band augmentation systems, other than WAAS and compatible systems, face a more difficult problem.

This is not just a LightSquared issue. In several corners of the world, transmission of high-level signals are permitted that have the potential to interfere with GPS either by source distortion or inter-modulation within the GPS antenna front end itself.

The primary hazard is saturation of the first stage of what is usually a two stage LNA. So, the only way to protect against this is a pre-filter, as shown in Figure 12.

FIGURE 12. Pre-filtered antenna architecture.

There is a trade-off between the slope and corner frequency of the pre-filter out-of-band rejection and its associated insertion loss. The table below shows the response with a wider filter with an insertion loss of 1 dB, the second a more aggressive filter with a 2.5 dB insertion loss (IL).

Table 3 shows overall noise figure including and excluding sky noise. Sky-noise temperature is used here as a catchall that includes true sky-noise, thermal noise (the antenna can partially see the local environment), plus similar factors. The value used is arguable, but experience indicates this is a reasonable number.

The existence of sky noise limits the lowest available noise figure and sets the effect of a pre-filter in the correct context. In any event addition of a quite adequate pre-filter against a 1536 MHz signal can be achieved with less than 1 dB impact on received C/N₀.

TABLE 3. Rejection and noise figure for pre-filtered antenna.

Putting It All Together

Small (25 mm² × 4 mm) single-feed patches are only truly circularly polarized at resonance but do have good CP characteristics over a bandwidth of about 16 MHz, and almost perfect for GPS L1. The pre-dominance of this format for GPS L1 is fully justified.

However, when used to receive wider bandwidth signals such as GPS/GLONASS, single-feed patch antennas suffer from a litany of minor flaws, most particularly poor axial ratio and poor cross-polarization rejection.

On the other hand, the coupling that happens in single-feed antennas results in a very wide 10 dB return loss bandwidth but at the band edges (where the GNSS signals are) they are virtually linearly polarized.

There is no doubt that the performance of small single-feed patches for bandwidths such as those required for GPS/GLONASS coverage is marginal. However, to no small extent, the sensitivity of modern receiver chips is so good that marginal antenna performance can often be accommodated, at least from a basic operational viewpoint. The receiver bails out the antenna.

However, the end result must be degraded GNSS reception. If the application cannot tolerate reduced GNSS availability or accuracy because of marginal antenna performance the choice should be a dual-feed patch type. This will present the GNSS receiver with more consistent signals levels and phase responses and less interference. The end result should be faster acquisition, and realization of the improvement in horizontal dilution of precision (HDOP) that GPS/GLONASS offers.

The reported values of C/N₀ in the $GPGCV NMEA message provides a simple and sensitive means to comparatively evaluate antenna performance.

A not insignificant consideration is that the antenna is usually a very visible part of a bigger system, and unavoidably represents the quality of the user equipment. In that case, the antenna housing robustness and appearance may also be a criterion to maintain the image of the end product.
The final point is that introduction of pre-filters into active GNSS is a good idea, whose time has come. This provides protection against the well known bug-a-boo, but also protects against known interference in other parts of the world.

Acknowledgments

I would like to acknowledge the assistance of Inpaq Technologies (Suzhou) Ltd., for provision of patch samples and technical support; Rony Amaya, adjunct research professor, Carleton University, Ottawa, for discussions and assistance in preparing this article; and STMicroeletronics for permission to cite the GPS+GLONASS demonstration video.

Gyles Panther is president and CTO of Tallysman Wireless (www.tallysman.com) and has an honors degree in applied physics from City University, London. He has worked in the fields of RF and satellite communications for more than 20 years. As CTO of a precursor company he was the principal engineer for the development of a wide-area Canadian differential GPS corrections system (CDGPS) receiver. Tallysman is a new start-up specializing in high-performance GNSS antennas and systems.
February 1, 2012
Second Galileo IOV Satellite Transmitting Signals

News courtesy of CANSPACE Listserv.

On Monday, 16 January, at about 02:18 UTC, the second of the two Galileo In-Orbit Validation (IOV) satellites, FM2 (Flight Model 2) also known as GSAT0102, started transmitting navigation signals on the L1/E1 frequency using the E12 ranging code, according to tracking reports from the COoperative Network for GIOVE Observation (CONGO).

FM2 was launched together with PFM, the ProtoFlight Model (GSAT0101), on October 21, 2011. PFM started transmitting E1 signals on December 10, 2011, and E5 signals on December 14, according to CONGO network tracking reports. Subsequently, ESA confirmed that the E6 transmitter was powered up the weekend before Christmas.

CONGO is a global network of 19 tracking stations established by the German Space Operations Center (DLR/GSOC) and the German Federal Agency for Cartography and Geodesy (BKG) in cooperation with several agencies including Technische Universitaet Muenchen.

January 16, 2012
First Galileo IOV Satellite Producing Full Spectrum of Signals

Galileo team at Redu receiving signals.

Europe’s first Galileo satellite appears to be functioning as expected, transmitting test signals received by the European Space Agency’s ground station in Redu, Belgium, across the whole of its assigned radio spectrum, ESA reports.

The first two Galileo satellites were launched by Soyuz from Europe’s Spaceport in French Guiana on October 21. They are currently in the midst of a rigorous campaign to check that their highly sophisticated navigation payloads are operating as planned, unaffected by the strains of launch.

Testing is centered on the first Galileo satellite for now, and expected to progress to the second satellite early in the new year.

The Galileo system offers various groups of users a total of 10 different modulated signals across three spectral bands, known as E1, E5 and E6. The weekend before Christmas, all Galileo signals were activated simultaneously across these bands for the first time, following the switch-on and outgassing — warming up to vent potentially harmful vapours — of power amplifiers in the remaining E6 band.

The signals were received by Galileo Test User Receivers deployed at the Redu ground station, within Belgium’s Ardennes forest, as well as by identical receivers at ESA’s Navigation Laboratory, in ESA’s ESTEC technical centre in Noordwijk, the Netherlands.

These test receivers work in the same way as operational receivers will once Galileo begins its initial services in 2014. They are capable of processing the Open Service, Commercial Service and Safety-of-Life Service signals from the Galileo constellation.

Galileo combines multi-frequency signals with the most accurate atomic clock ever flown in space for navigation, accurate to one second in three million years, ESA said. Its signals should open up a large number of commercial applications by combining this accuracy with the increased reliability of dual- or triple-frequency measurements. Receiver developers can choose among the variety of Galileo signals on offer to meet the needs of their customers in the most efficient way. They can also combine the processing of Galileo signals with GPS or Russian GLONASS signals to offer more robust positioning information in challenging environments such as city center urban canyons.

First Galileo triple band signals. (Click to enlarge.)

January 3, 2012
Innovation: Know Your Enemy

Signal Characteristics of Civil GPS Jammers

By Ryan H. Mitch, Ryan C. Dougherty, Mark L. Psiaki, Steven P. Powell, Brady W. O’Hanlon, Jahshan A. Bhatti, and Todd E. Humphreys

GPS jamming is a continuing threat. A detailed understanding of how the available jammers work is necessary to judge their effectiveness and limitations. A team of researchers from Cornell University and the University of Texas at Austin reports on their analyses of the signal properties of 18 commercially available GPS jammers.

INNOVATION INSIGHTS by Richard Langley

GPS IS AT WAR. It is a major asset for United States and allied military forces in a number of operating theaters around the world in both declared and undeclared conflicts. But GPS is at war on the domestic front, too — at war against a proliferation of jamming equipment being marketed to cause deliberate interference to GPS signals to prevent GPS receivers from computing positions to be locally stored or relayed via tracking networks.

There have been many notable examples of deliberate jamming of GPS receivers. Many more likely go undetected each day. In 2009, outages of a Federal Aviation Administration reference receiver at Newark Liberty International Airport close to the New Jersey Turnpike were traced to a $33, 200 milliwatt GPS jammer in a truck that passed the airport each day. The driver was reportedly arrested and charged. In July 2010, two truck thieves in Britain were jailed for 16 years. They used GPS jammers to prevent the trucks from being tracked after the thefts. And in Germany, some truck drivers have been using jammers to evade the country’s GPS-based road-toll system.

The U.S. and some foreign governments have enacted laws to prohibit the importation, marketing, sale or operation of these so-called personal privacy devices. Nevertheless, a certain number of jammers are in the hands of individuals around the world and they continue to be available from manufacturers and suppliers in certain countries. So, GPS jamming is a continuing threat both at home and abroad and a detailed understanding of how the available jammers work is necessary to judge their effectiveness and limitations. This information will also help in developing countermeasures that could be incorporated into GPS receivers to limit the impact of jammers.

Jammers constitute an enemy force, and as the Chinese General Sun Tzu stated in the Art of War more than 2,000 years ago, battles will be won by knowing your enemy. In the last verse of Chapter Three, he states:

So it is said that if you know your enemies and know yourself, you can win a hundred battles without a single loss.

If you only know yourself, but not your opponent, you may win or may lose.

If you know neither yourself nor your enemy, you will always endanger yourself.

In this month’s column, a team of researchers from Cornell University and the University of Texas at Austin reports on their analyses of the signal properties of 18 commercially available GPS jammers. The enemy has been exposed.

The Global Positioning System has become increasingly incorporated into civilian infrastructure. The increase in GPS-integrated systems has caused a proportional increase in the vulnerability of these systems to jamming and interference. The interests of individuals or groups willing to break the law may be served by interfering with the normal operation of GPS-enabled systems. As a result, in recent years many GPS jamming devices have become available for purchase over the Internet. These relatively cheap devices, some costing less than an inexpensive GPS receiver, pose a significant risk to the normal operation of many systems reliant on GPS.

Many types of intentional radio frequency (RF) interference exist, including tones, swept waveforms, pulses, narrowband noise, and broadband noise. There are a number of methods for mitigating the effects of jamming and interference, and additional methods exist to locate the sources of the interference. Mitigation and location methods can be improved by use of a priori information about the interference source. This article provides such a priori information for a set of jammers and assesses their threats. Its results are based on two tests. The first test records raw RF data from a selection of jammers and analyzes it using fast Fourier transform (FFT) spectral methods. The second test evaluates the effective range of a subset of the GPS jammers using a commercial off-the-shelf (COTS) receiver.

The article presents results based on 18 civil GPS jammers. There are other types of GPS jammers for sale that were not tested. Furthermore, civil jammer behavior and design is likely to evolve over time. In this article, we draw conclusions based on only the jammers that we tested.

Overview of Civil GPS Jammers

Devices that claim to jam or “block” GPS signals are widely available through a number of websites and online entities. The cost of these devices ranges from a few tens of dollars to several hundred. Their price does not seem to correlate with the claims made by the purveyors of these devices regarding the features and effectiveness of the product in question. Effective ranges from a few meters to several tens of meters are advertised, but the actual effective ranges are significantly greater. Claimed and true power consumptions range from a fraction of a watt to several watts.

We grouped the GPS jammers we examined in this article into three categories based on morphology. The first is a group of jammers designed to plug into an automotive 12-volt auxiliary power supply outlet (cigarette lighter socket); this class of jammer is referred to in the remainder of this article as Group 1. The second category contains those jammers that are both powered by an internal rechargeable battery and that have an external antenna connected via an SMA connector; these jammers are referred to as Group 2. The jammers in Group 3 are disguised as cell phones; they have batteries but no external antennas. Figure 1 shows an example of a device from each of Groups 1–3.

Figure 1. Three jammers are depicted, from left to right Jammers 1, 5, and 15 from Groups 1, 2, and 3, respectively.

All 18 jammers broadcast power at or near the L1 carrier frequency, six broadcast power at or near the L2 carrier frequency, and none broadcast power at or near the L5 carrier frequency. Some of the jammers also broadcast power at frequencies outside of the GPS bands, typically cellular phone or Wi-Fi bands, but those frequencies are outside the scope of this article. Results in this article are for the current power levels broadcast in the GPS L1 and L2 bands, but examination of power levels in non-GPS bands indicate that many of these devices could be easily modified to broadcast much more power in the GPS bands.

The jammer antennas have been removed in most of the testing for this article, but their use in a real-world scenario will modify the jammer behavior. The antennas used by Group 1 and Group 2 jammers are loaded monopole antennas, while those used by the Group 3 jammers are electrically short helical antennas that have approximately the same gain pattern as the loaded monopoles. These antennas broadcast linearly polarized radiation, as opposed to the right-hand circular polarization of GPS signals. The polarization mismatch will cause some loss in received power at a right-hand circularly polarized GPS receiver antenna.

Jammer Signal Characteristics Test

The goal of the first set of tests was to record complex samples of the jamming signals and to derive the jammer characteristics from these data. A two-step procedure was used to collect useful data. The first step used a spectrum analyzer to find the frequency range of the jamming signal near L1 and L2. The second step used this frequency information to set the center frequency of a general-purpose RF digitization and signal storage device with a 12-drive RAID storage array. Offline analyses were then conducted on the recorded data.

The test procedure was as follows. For the first two groups, the jammer was placed inside an RF-shielded test enclosure shown in Figure 2, to prevent any signal leakage, and its SMA signal output port was connected to the relevant data collection device using a shielded coaxial cable. The signal had to pass from the inside to the outside of the RF enclosure using the built-in coaxial feed-through. Note, therefore, that no jammer signal radiation occurred for Group 1 and 2 jammers even inside the RF enclosure. The enclosure was used primarily as a precaution.

Figure 2. RF-shielded test enclosure. Jammers were operated inside the enclosure to prevent emission of their RF signals.

None of the Group 3 jammers had external antennas. Therefore, they were allowed to radiate in the RF enclosure using their internal antennas. To capture the signal, a receiving patch antenna with active amplification was placed in the RF enclosure, and the antenna output was connected to the relevant RF recording device via the enclosure’s coaxial feed-through. The jammer and receiving antenna were separated by about 14 centimeters. The patch antenna field-of-view center was pointed directly at the jammer. The jammer was oriented such that the axis of its helical antenna was pointing perpendicular to the line from the receiving antenna to the jammer.

Jammer Signal Characteristics Test Results

Although 18 jammers were tested, only a representative subset is discussed here. The signals were analyzed using FFT spectral methods and measurements of in-band power. Figure 3 displays the results of this analysis for a typical jammer from Group 1.

The top plot of Figure 3 graphs frequency on the vertical scale versus time on the horizontal scale. The bottom plot graphs power on the vertical scale versus time on the horizontal scale. Each vertical slice of the recorded RF data plot is a single FFT frequency spectrum. It covers 62.5 MHz centered on the L1 band and has a resolution of approximately 1 MHz. The relative power spectral density of each slice is indicated by color. The time axes of both plots span 80 microseconds.

Figure 3. Jammer 4 power spectral density versus time, with color indicating relative power (top plot) and power versus time in a 62.5-MHz band centered at the L1 carrier frequency (bottom plot).

The upper plot of Figure 3 is clearly that of a linear frequency modulation interspersed with rapid resets — a series of linear chirps. Each sweep takes nine microseconds and spans a range of about 14 MHz. This range includes the civil L1 GPS band. The center frequency is depicted by the horizontal red line in the top plot. The power is about 20 milliwatts and remains fairly constant over the sweep.

Three of the Group 1 jammers appeared to be of the same model and one was slightly different. All of them broadcast power only at L1. Despite their similarities in external appearance, the three jammers of the same model exhibited markedly different signal properties. These differences will be presented later in terms of tabulated frequency modulation characteristics and in-band power levels.

One of the Group 2 jammers was unusual in two respects, as illustrated in Figure 4. This figure plots the L2 spectrum whose center is indicated by the horizontal red line in the top plot. The first obvious difference from Figure 3 is that the frequency modulation in time is a triangular wave instead of a sawtooth. Additionally, the modulation frequency is very high in comparison to all the other jammers; its period is only about 1 microsecond. Note that the horizontal scale of this figure spans only 8 microseconds, that is, 10 times less than in Figure 3.

The other Group 2 jammers tended to broadcast sawtooth frequency modulations as in Figure 3. They all broadcast jamming power at L1. Of course, the jammer depicted in Figure 4 broadcast power at L2 as well. Only one other Group 2 jammer had L2 jamming capability. Two of the jammers suffered from poor design of their L1 frequency modulation schemes: they placed no jamming power closer than 4.6 MHz away from the nominal L1 carrier frequency.

Figure 4. Jammer 10 power spectral density versus time (top plot), with resolution of about 3 MHz and color indicating relative power, and power versus time (bottom plot) in a 62.5-MHz band centered at the L2 carrier frequency.

Another unusual frequency modulation was encountered in a Group 3 jammer. The L1 results for this jammer are depicted in Figure 5. It seems to show a linear-type frequency modulation distorted by sudden frequency jumps, as seen in the upper plot of the figure. Despite its irregular nature, this waveform maintains its jamming efficacy.

Figure 5. Jammer 15 power spectral density versus time, with color indicating relative power (top plot) and power versus time in a 62.5-MHz band centered at the L1 carrier frequency (bottom plot). Note the additional frequency jumps in the sweep pattern.

All four jammers in Group 3 broadcast power at L1, L2, and additional frequency bands. Three of the jammers appeared to be of the same model, while a fourth was different. Jammers in this group normally use a standard sawtooth frequency modulation. Figure 5 represents the exception.

Additional types of distortion from the nominal sawtooth frequency modulation have been observed in some of the jammers. Discussion of each additional variation has been omitted here for the sake of brevity. See the authors’ companion conference paper, listed in the Further Reading sidebar for more details.

Frequency Modulation Periods and Ranges. The frequency modulation characteristics of all 18 jammers are listed in Table 1. The first two columns identify each jammer by group number and jammer number. The sweep period and frequency range for the L1 sweep are shown in the third and fourth columns. The two numbers in the fourth column are the upper and lower bounds of the jamming tone sweep range in megahertz above and below the L1 carrier frequency. For instance, the period between resets of the linear frequency modulation of Jammer 1 is 26 microseconds and the tone sweeps from 25.4 MHz below L1 to 31.3 MHz above L1. The fifth and sixth columns are analogous to the third and fourth columns, but for jamming in the L2 band, with entries only for those jammers that broadcast in this band.

The sweep periods were calculated using four contiguous sweeps from near the beginning of each data set and another four sweeps 30 seconds later. The sweep periods exhibited standard deviations of less than 1 microsecond. The reported sweep ranges are the minimum and maximum frequency observed in the same data used to calculate sweep periods. The sweep ranges changed by as much as 2.5 MHz between sweeps.

One can make a number of observations based on Table 1. First, as mentioned previously, jammers which appeared to be of the same model exhibited significant variations in sweep behavior. For instance, Jammers 1, 3, and 4 appeared to be of the same models, yet Jammer 1 has a sweep period nearly three times as long as Jammers 3 and 4. It also has a sweep range four times as wide. Second, some individual jammers were exceptional. For example, Jammer 10 has a sweep period nearly 10 times shorter than any other jammer, and its L1 sweep range exceeded the 62.5 MHz bandwidth recorded by the RF sampling equipment. The sweep range of Jammer 16 also exceeded the sampled bandwidth, though its sweep period was not exceptional. Jammers 12 and 13 do not sweep through the L1 carrier frequency, as indicated by the negative signs in the fourth column of Table 1. Jammer 17 suffered from the same problem, but for both L1 and L2.

Table 1. Frequency characteristics of GPS jammers.

In-Band Jammer Power Levels. The GPS signal is spread over several megahertz by the pseudorandom noise (PRN) codes that modulate the L1 or L2 carrier waves. Different GPS receivers exploit this spreading by processing more or less of the full bandwidth. The RF power of the GPS jamming signal within different bands centered at L1 is an important concern because different receiver RF front-end bandwidths may allow different total amounts of jammer power to pass through them. For example, a C/A-code receiver with a 2-MHz RF front-end bandwidth will pass 10 dB less jammer power than will a 20-MHz bandwidth RF front end of a P(Y)-code receiver if the jammer in question spreads its power evenly over the 20-MHz band centered at the L1 carrier frequency. If the jammer power is concentrated in a 2-MHz range, however, then both receiver front ends will pass equal total jammer power.

To determine the power in different bandwidths, the raw data were filtered to pass only the bandwidths of interest. The data were digitally filtered using a finite input response (FIR) equiripple band-pass filter, providing 60 dB of attenuation at 2 MHz past the roll-off frequency. Note that a real GPS receiver will probably not have analog filter frequency roll offs as sharp as those used in our work.

Table 2 presents the results of this study. It reports power measurements averaged over 15 milliseconds in three different bandwidths: 2, 20, and 50 MHz, all centered at the nominal L1 or L2 carrier frequency. The table also indicates whether each jammer broadcasts power at frequencies other than the GPS frequencies. No power data is given for the non-GPS frequencies because they are not the focus of this article.

A number of observations can be drawn from Table 2. First, there is a large variation in broadcast power among jammers, with Group 2 jammers being on average more powerful. Specifically, Jammer 11 is the most powerful, broadcasting more than a watt in the GPS bands! Second, jammers of the same model broadcast roughly the same amount of power despite the differences in sweep behavior mentioned above. For instance, Jammers 1, 3, and 4 broadcast roughly the same amount of power, and Jammers 15, 17, and 18 do so as well. Third, the poor frequency plans of Jammers 12, 13, and 17 are apparent in the power measurements. These jammers did not sweep a tone through L1 or L2, and effectively no power was measured in the 2-MHz band centered on the L1 or L2 carrier frequencies.

Table 2. Jammer power levels in frequency bands of interest.

Although not shown in the tables, Jammers 12, 13, and 14 exhibited periodic variations in broadcast power. Their peak-to-peak power varies as a sawtooth wave with period approximately 15 milliseconds and amplitude on the order of 10 percent of the total broadcast power.

The measured power values in Table 2 for jammers of Groups 1 and 2 were derived using direct cable connections. Thus, they report the total power into the transmitting antenna. The power received at a GPS receiver’s RF front end will be affected by any antenna inefficiency, the antenna gain pattern, and the space loss, among other effects.

In contrast, the power reported for Group 3 jammers includes all of those effects for the given test configuration. Specifically, the receiving antenna picked up only a fraction of the radiated power because the receiving antenna subtended only a fraction of the 4π steradians around the transmitting antenna. Also, the power that was received was boosted by the receiving antenna’s active low-noise amplifier. Finally, the radiation environment inside the RF enclosure is uncertain, and the enclosure constrains the separation of the antennas to be on the order of one wavelength, thereby giving rise to near-field effects. Therefore, the indicated power levels for the Group 3 jammers do not constitute measures of absolute power. The tabulated power levels for Group 3 jammers are included primarily for purposes of comparison within the group.

Maximum Effective Range Test

The goal of the second set of tests was to determine the effective ranges of the GPS jammers when interfering with a COTS receiver. A constraint on this test was that it could not broadcast harmful radiation to the environment. Ideally, the jammers and a receiver would be taken outside and tested with all antennas attached. However, this type of test would possibly interfere with other equipment and is illegal in the United States. A close approximation to this scenario can be constructed using a high-fidelity simulated GPS signal, a commercial GPS receiver, a GPS jammer in an RF enclosure, and a set of attenuators to simulate various distances. The setup for the second test is shown in the block diagram of Figure 6.

Figure 6. Block diagram of the test procedure and equipment used to determine the GPS jammers’ effective ranges.

Each range test involved running a GPS jammer inside the RF enclosure, passing its signal through the enclosure’s coaxial feed-through, and electrically combining that signal with a GPS simulator signal. The combined signal was then input to the antenna connector of the COTS GPS receiver. Attenuators were inserted in-line with the GPS jammer before it arrived at the combiner. Using this setup, two tests were conducted. The first test determined the jamming signal attenuation level necessary for continuous tacking. The second test determined the attenuation level necessary to allow the receiver to acquire the simulator signal within five minutes from a cold start. As will be shown in the next section, the resulting attenuation values can be converted into effective ranges of the jammers if one makes certain reasonable assumptions about transmitting and receiving antenna gains and path losses.

The simulator power level was set so that the power into the receiver matched that which it would receive from the actual GPS constellation through a typical roof-mounted passive patch antenna. This power level was checked by comparing the resulting C/N0 for all of the visible satellites when using the simulator against typical C/N₀ values when using the roof-mounted antenna. Typical levels reported by the receiver were C/N₀ = 43 dB-Hz.

Maximum Effective Range Results

The jamming signal attenuation levels resulting from the two tests are presented in Table 3. These tests were conducted on one jammer from Group 1 and three jammers from Group 2. No jammers from Group 3 were included because of the broadcast power uncertainties discussed in connection with Table 2.

The attenuation values by themselves are not very useful, but they can be converted into distance measurements with a number of assumptions. The ratio of received power to transmitted power can be expressed as

where G_t is the transmitting antenna gain, G_r is the receiving antenna gain, and the term (λ/(4πr))² is the path loss for radiation of wavelength λ over the distance r. This equation can be solved for the range, r:

The quantity in this formula that equates to the total electrical jammer attenuation produced in each bench-top test is the product of the antenna gains and the ratio of transmitted to received power: G_t G_r(P_t ⁄P_r).

To convert the results in Table 3 into effective ranges, the transmitting and receiving antennas can be assumed to be perfect, lossless, isotropic radiators. In this case, the gain terms, G_t and G_r, are unity. Each measured attenuation value can be converted to the unitless ratio, P_t ⁄P_r , and substituted into the equation for r. Use of this equation at the L1 carrier frequency yields the ranges in Table 4. If the range between the jammer and receiver is less than that listed in the third column of the table, then the jammer will prevent the receiver from tracking and acquiring. If the range is less than that listed in the last column but more than that listed in the third column, the receiver will continue to track but be unable to acquire. The effective ranges are at least an order of magnitude greater than the claims of the jammers’ purveyors.

Table 3. Jammer attenuation levels needed to allow COTS GPS receiver acquisition and tracking.

Table 4. Ranges of jammer effectiveness against COTS GPS receiver when using lossless isotropic antennas.

Distinct scenarios with different antennas can be approximately tested using Table 3 and the range equation. For example, a patch antenna that is oriented perfectly skyward might have 10 dB of attenuation at very low elevation angles, and the jammer might have an additional 3 dB loss due to polarization mismatch. In this scenario, the effective jamming range would be factored down by 10^-13/20 = 0.22. In this case, Jammer 11’s tracking interference range would be reduced from 6.1 kilometers to 1.4 kilometers. Additional jammer signal attenuation might occur if the emissions passed through the reduced RF aperture of a vehicle’s body and windows. Such an effect could be incorporated into the range equation to determine a revised effective range.

Due to the ignored losses in the real system, it would likely be safe to assume that the effective ranges of the GPS jammers would be no greater than those listed in Table 4. The ranges could potentially be greater if a high-gain receiving antenna were aimed directly at the jamming source, or if the jamming source used a high-gain transmitting antenna aimed at the receiver. None of the jammers tested employed such an antenna.

Summary and Conclusions

This article has presented the signal properties of 18 commercially available GPS jammers as determined from two types of live experimental tests. The first test examined the frequency structures and power levels of the jammer signals. It showed that all of the jammers used some sort of swept tone method to generate broadband interference. The majority of the jammers used linear chirp signals, all jammed L1, only six jammed L2, and none jammed L5. The sweep period of the jammers is about 9 microseconds on average, and they tend to sweep a range of less than 20 MHz. Some of the jammers’ sweep ranges failed to encompass the target L1 or L2 carrier frequencies.

The second test provided an estimate of four of the jammers’ effective ranges when deployed against a typical commercial receiver. An upper bound on the effective ranges was calculated for idealized, lossless, isotropic radiating and receiving antennas with matched polarizations. The weakest of the four jammers affected tracking at a range of about 300 meters and acquisition at about 600 meters, while the strongest affected tracking at a range of about 6 kilometers and acquisition at about 8.5 kilometers.

Acknowledgments

The authors thank the U.S. Department of Homeland Security for providing interference devices for testing. This article is based on the paper “Signal Characteristics of Civil GPS Jammers” presented at ION GNSS 2011, the 24th International Technical Meeting of the Satellite Division of The Institute of Navigation, Portland, Oregon, September 19–23, 2011, where it received a best-presentation-in-session award.

Manufacturers

The tests discussed in this article used an Agilent Technologies (www.home.agilent.com) model N1996A spectrum analyzer, a National Instruments PXI-5663 RF vector signal analyzer, a Ramsey Electronics model STE3000B RF shielded test enclosure, an Antcom (www.antcom.com) model 53G1215A-XT-1 patch antenna, and a NovAtel ProPakII-RT2 GPS receiver.

Ryan H. Mitch is a graduate student in the Sibley School of Mechanical and Aerospace Engineering at Cornell University, Ithaca, New York. He received his B.S. degree in mechanical engineering from the University of Pittsburgh.

Ryan C. Dougherty is a graduate student in the Sibley School. He holds a B.S. degree in aerospace engineering from the University of Southern California.

Mark L. Psiaki is a professor in the Sibley School. He received a B.A. degree in physics and M.A. and Ph.D. degrees in mechanical and aerospace engineering from Princeton University.

Steven P. Powell is a senior engineer with the GPS and Ionospheric Studies Research Group in the Department of Electrical and Computer Engineering at Cornell University. He has M.S. and B.S. degrees in electrical engineering from Cornell University.

Brady W. O’Hanlon is a graduate student in the School of Electrical and Computer Engineering at Cornell University. He received a B.S. degree in electrical and computer engineering from Cornell University.

Jahshan A. Bhatti is pursuing a Ph.D. degree in the Department of Aerospace Engineering and Engineering Mechanics at the University of Texas (UT) at Austin, where he also received his M.S. and B.S. degrees. He is a member of the UT Radionavigation Laboratory.

Todd E. Humphreys is an assistant professor in the Department of Aerospace Engineering and Engineering Mechanics at UT Austin and Director of the UT Radionavigation Laboratory. He received B.S. and M.S. degrees in electrical and computer engineering from Utah State University and a Ph.D. degree in aerospace engineering from Cornell University.

Further Reading

• Authors’ Conference Paper

“Signal Characteristics of Civil GPS Jammers” by R.H. Mitch, R.C. Dougherty, M.L. Psiaki, S.P. Powell, B.W. O’Hanlon, J.A. Bhatti, and T.E. Humphreys in Proceedings of ION GNSS 2011, the 24th International Technical Meeting of The Satellite Division of the Institute of Navigation, Portland, Oregon, September 19–23, 2011, pp. 1907–1919.

• Vulnerability of GPS

Vulnerability Assessment of the Transportation Infrastructure Relying on the Global Positioning System – Final Report. John A. Volpe National Transportation Systems Center, Cambridge, Massachusetts, August 29, 2001.

• GPS Jamming

“Car Jammers: Interference Analysis” by R. Bauernfeind, T. Kraus, D. Dötterböck, B. Eissfeller, E. Löhnert, and E. Wittmann in GPS World, Vol. 22, No. 10, October 2011, pp. 28–35.

“GPS Jamming: No Jam Tomorrow” in The Economist, Technology Quarterly Special Section, Vol. 398, Issue 8724, March 12, 2011, pp. 20–21.

Modern Communications Jamming Principles and Techniques, 2nd ed., by R.A. Poisel, published by Artech House, Boston, Massachusetts, 2011.

“Jamming GPS: Susceptibility of Some Civil GPS Receivers” by B. Forssell and R.B. Olsen in GPS World, Vol. 14, No. 1, January 2003, pp. 54–58.

“A Growing Concern: Radiofrequency Interference and GPS” by F. Butsch in GPS World, Vol. 13, No. 10, October 2002, pp. 40–50.

“Interference Effects and Mitigation Techniques” by J.J. Spilker Jr. and F.D. Natali, Chapter 20 in Global Positioning System: Theory and Applications, Volume I, published by the American Institute of Aeronautics and Astronautics, Inc., Washington, D.C., 1996, pp. 717–771.

• Government Regulations and Actions Against Jammers

“Twenty Online Retailers of Illegal Jamming Devices Targeted in Omnibus Enforcement Action,” a Federal Communications Commission press release issued October 5, 2011.

“FCC Enforcement Bureau Steps up Education and Enforcement,” a Federal Communications Commission press release issued February 9, 2011.

“Cell Jammers, GPS Jammers, and Other Jamming Devices,” Federal Communications Commission Enforcement Advisory No. 2011-04 issued February 9, 2011, for consumers.

“Cell Jammers, GPS Jammers, and Other Jamming Devices,” Federal Communications Commission Enforcement Advisory No. 2011-03 issued February 9, 2011, for retailers.

• Jamming Counter Measures

“Receiver Certification: Making the GNSS Environment Hostile to Jammers and Spoofers” by L. Scott. Presented to the National Space-Based Positioning, Navigation, and Timing (PNT) Advisory Board, 9th Meeting, November 9–10, 2011, Alexandria, Virginia.

“The Civilian Battlefield: Protecting GNSS Receivers from Interference and Jamming” by M. Jones in Inside GNSS, Vol. 6, No. 2, March/April 2011, pp. 40–49.

“Interference Heads-up: Receiver Techniques for Detecting and Characterizing RFI” by P.W. Ward in GPS World, Vol. 19, No. 6, June 2008, pp. 64–73.

“Jamming Protection of GPS Receivers, Part I: Receiver Enhancements” by S. Rounds in GPS World, Vol. 15, No. 1, January 2004, pp. 54–59.

“Jamming Protection of GPS Receivers, Part II: Antenna Enhancements” by S. Rounds in GPS World, Vol. 15, No. 2, February 2004, pp. 38–45.

“Antijamming and GPS for Critical Military Applications,” by A. Abbott in Crosslink, Vol. 3, No. 2, Summer 2003, pp. 36–41.

January 1, 2012
Straight Talk on Anti-Spoofing: Securing the Future of PNT
By Kyle Wesson, Daniel Shepard, and Todd Humphreys

Disruption created by intentional generation of fake GPS signals could have serious economic consequences. This article discusses how typical civil GPS receivers respond to an advanced civil GPS spoofing attack, and four techniques to counter such attacks: spread-spectrum security codes, navigation message authentication, dual-receiver correlation of military signals, and vestigial signal defense. Unfortunately, any kind of anti-spoofing, however necessary, is a tough sell.

GPS spoofing has become a hot topic. At the 2011 Institute of Navigation (ION) GNSS conference, 18 papers discussed spoofing, compared with the same number over the past decade. ION-GNSS also featured its first panel session on anti-spoofing, called “Improving Security of GNSS Receivers,” which offered six security experts a forum to debate the most promising anti-spoofing technologies.

The spoofing threat has also drawn renewed U.S. government scrutiny since the initial findings of the 2001 Volpe Report. In November 2010, the U.S. Position Navigation and Timing National Executive Committee requested that the U.S. Department of Homeland Security (DHS) conduct a comprehensive risk assessment on the use of civil GPS. In February 2011, the DHS Homeland Infrastructure Threat and Risk Analysis Center began its investigation in conjunction with subject-matter experts in academia, finance, power, and telecommunications, among others. Their findings will be summarized in two forthcoming reports, one on the spoofing and jamming threat and the other on possible mitigation techniques. The reports are anticipated to show that GPS disruption due to spoofing or jamming could have serious economic consequences.

Effective techniques exist to defend receivers against spoofing attacks. This article summarizes state-of-the-art anti-spoofing techniques and suggests a path forward to equip civil GPS receivers with these defenses. We start with an analysis of a typical civil GPS receiver’s response to our laboratory’s powerful spoofing device. This will illustrate the range of freedom a spoofer has when commandeering a victim receiver’s tracking loops. We will then provide an overview of promising cryptographic and non-cryptographic anti-spoofing techniques and highlight the obstacles that impede their widespread adoption.

The Spoofing Threat

Spoofing is the transmission of matched-GPS-signal-structure interference in an attempt to commandeer the tracking loops of a victim receiver and thereby manipulate the receiver’s timing or navigation solution. A spoofer can transmit its counterfeit signals from a stand-off distance of several hundred meters or it can be co-located with its victim.

Spoofing attacks can be classified as simple, intermediate, or sophisticated in terms of their effectiveness and subtlety. In 2003, the Vulnerability Assessment Team at Argonne National Laboratory carried off a successful simple attack in which they programmed a GPS signal simulator to broadcast high-powered counterfeit GPS signals toward a victim receiver. Although such a simple attack is easy to mount, the equipment is expensive, and the attack is readily detected because the counterfeit signals are not synchronized to their authentic counterparts.

In an intermediate spoofing attack, a spoofer synchronizes its counterfeit signals with the authentic GPS signals so they are code-phase-aligned at the target receiver. This method requires a spoofer to determine the position and velocity of the victim receiver, but it affords the spoofer a serious advantage: the attack is difficult to detect and mitigate.

The sophisticated attack involves a network of coordinated intermediate-type spoofers that replicate not only the content and mutual alignment of visible GPS signals but also their spatial distribution, thus fooling even multi-antenna spoofing defenses.

Table 1. Comparison of anti-spoofing techniques discussed in this article.

Lab Attack. So far, no open literature has reported development or research into the sophisticated attack. This is likely because of the success of the intermediate-type attack: to date, no civil GPS receiver tested in our laboratory has fended off an intermediate-type spoofing attack. The spoofing attacks, which are always conducted via coaxial cable or in radio-frequency test enclosures, are performed with our laboratory’s receiver-spoofer, an advanced version of the one introduced at the 2008 ION-GNSS conference (see “Assessing the Spoofing Threat,” GPS World, January 2009).

To commence the attack, the spoofer transmits its counterfeit signals in code-phase alignment with the authentic signals but at power level below the noise floor. The spoofer then increases the power of the spoofed signals so that they are slightly greater than the power of the authentic signals. At this point, the spoofer has taken control of the victim receiver’s tracking loops and can slowly lead the spoofed signals away from the authentic signals, carrying the receiver’s tracking loops with it. Once the spoofed signals have moved more than 600 meters in position or 2 microseconds in time away from the authentic signals, the receiver can be considered completely owned by the spoofer.

Spoofing testbed at the University of Texas Radionavigation Laboratory, an advanced and powerful suite for anti-spoofing research. On the right are several of the civil GPS receivers tested and the radio-frequency test enclosure, and on the left are the phasor measurement unit and the civil GPS spoofer.

Although our spoofer fooled all of the receivers tested in our laboratory, there are significant differences between receivers’ dynamic responses to spoofing attacks. It is important to understand the types of dynamics that a spoofer can induce in a target receiver to gain insight into the actual dangers that a spoofing attack poses rather than rely on unrealistic assumptions or models of a spoofing attack. For example, a recent paper on time-stamp manipulation of the U.S. power grid assumed that there was no limit to the rate of change that a spoofer could impose on a victim receiver’s position and timing solution, which led to unrealistic conclusions.

Experiments performed in our laboratory sought to answer three specific questions regarding spoofer-induced dynamics:
- How quickly can a timing or position bias be introduced?
- What kinds of oscillations can a spoofer cause in a receiver’s position and timing?
- How different are receiver responses to spoofing?
These questions were answered by determining the maximum spoofer-induced pseudorange acceleration that can be used to reach a certain final velocity when starting from a velocity of zero, without raising any alarms or causing the target receiver to lose satellite lock. The curve in the velocity-acceleration plane created by connecting these points defines the upper bound of a region within which the spoofer can safely manipulate the target receiver. These data points can be obtained empirically and fit to an exponential curve. Alarms on the receiver may cause some deviations from this curve depending on the particular receiver.

Figure 1 shows an example of the velocity-acceleration curve for a high-quality handheld receiver, whose position and timing solution can be manipulated quite aggressively during a spoofing attack. These results suggest that the receiver’s robustness — its ability to provide navigation and timing solutions despite extreme signal dynamics — is actually a liability in regard to spoofing. The receiver’s ability to track high accelerations and velocities allows a spoofer to aggressively manipulate its navigation solution.

Figure 1. Theoretical and experimental test results for a high-quality handheld receiver’s dynamic response to a spoofing attack. Although not shown here, the maximum attainable velocity is around 1,300 meters/second.

The relative ease with which a spoofer can manipulate some GPS receivers suggests that GPS-dependent infrastructure is vulnerable. For example, the telecommunications network and the power grid both rely on GPS time-reference receivers for accurate timing. Our laboratory has performed tests on such receivers to determine the disruptions that a successful spoofing attack could cause. The remainder of this section highlights threats to these two sectors of critical national infrastructure.

Cell-Phone Vulnerability. Code division multiple access (CDMA) cell-phone towers rely on GPS timing for tower-to-tower synchronization. Synchronization prevents towers from interfering with one another and enables call hand-off between towers. If a particular tower’s time estimate deviates more than 10 microseconds from GPS time, hand-off to and from that tower is disrupted. Our tests indicate that a spoofer could induce a 10-microsecond time deviation within about 30 minutes for a typical CDMA tower setup. A spoofer, or spoofer network, could also cause multiple neighboring towers to interfere with one another. This is possible because CDMA cell-phone towers all use the same spreading code and distinguish themselves only by the phasing (that is, time offset) of their spreading codes. Furthermore, it appears that a spoofer could impair CDMA-based E911 user-location.

Power-Grid Vulnerability. Like the cellular network, the power grid of the future will rely on accurate GPS time-stamps. The efficiency of power distribution across the grid can be improved with real-time measurements of the voltage and current phasors. Phasor measurement units (PMUs) have been proposed as a smart-grid technology for precisely this purpose. PMUs rely on GPS to time-stamp their measurements, which are sent back to a central monitoring station for processing. Currently, PMUs are used for closed-loop grid control in only a few applications, but power-grid modernization efforts will likely rely more heavily on PMUs for control. If a spoofer manipulates a PMU’s time stamps, it could cause spurious variations in measured phase angles. These variations could distort power flow or stability estimates in such a way that grid operators would take incorrect or unnecessary control actions including powering up or shutting down generators, potentially causing blackouts or damage to power-grid equipment.

Under normal circumstances, a changing separation in the phase angle between two PMUs indicates changes in power flow between the regions measured by each PMU. Tests demonstrate that a spoofer could cause variations in a PMU’s measured voltage phase angle at a rate of 1.73 degrees per minute. Thus, a spoofing attack could create the false indications of power flow across the grid. The tests results also reveal, however, that it is impossible for a spoofer to cause changes in small-signal grid stability estimates, which would require the spoofer to induce rapid (for example, 0.1–3 Hz) microsecond-amplitude oscillations in timing. Such oscillations correspond to spoofing dynamics well outside the region of freedom of all receivers we have tested. A spoofer might also be able to affect fault-location estimates obtained through time-difference-of-arrival techniques using PMU measurements. This could cause large errors in fault-location estimates and hamper repair efforts.

What Can Be Done? Despite the success of the intermediate-type spoofing attack against a wide variety of civil GPS receivers and the known vulnerabilities of GPS-dependent critical infrastructure to spoofing attacks, anti-spoofing techniques exist that would enable receivers to successfully defend themselves against such attacks. We now turn to four promising anti-spoofing techniques.

Cryptographic Methods

These techniques enable a receiver to differentiate authentic GPS signals from counterfeit signals with high likelihood. Cryptographic strategies rely on the unpredictability of so-called security codes that modulate the GPS signal. An unpredictable code forces a spoofer who wishes to mount a successful spoofing attack to either
- estimate the unpredictable chips on-the-fly, or
- record and play back authentic GPS spectrum (a meaconing attack).
To avoid unrealistic expectations, it should be noted that no anti-spoofing technique is completely impervious to spoofing. GPS signal authentication is inherently probabilistic, even when rooted in cryptography. Many separate detectors and cross-checks, each with its own probability of false alarm, are involved in cryptographic spoofing detection. Figure 2 illustrates how the jammer-to-noise ratio detector, timing consistency check, security-code estimation and replay attack (SCER) detector, and cryptographic verification block all work together. This hybrid combination of statistical hypothesis tests and Boolean logic demonstrates the complexities and subtleties behind a comprehensive, probabilistic GPS signal authentication strategy for security-enhanced signals.

Figure 2. GNSS receiver components required for GNSS signal authentication. Components that support code origin authentication are outlined in bold and have a gray fill, whereas components that support code timing authentication are outlined in bold and have no fill. The schematic assumes a security code based on navigation message authentication.

Spread Spectrum Security Codes. In 2003, Logan Scott proposed a cryptographic anti-spoofing technique based on spread spectrum security codes (SSSCs). The most recent proposed version of this technique targets the L1C signal, which will be broadcast on GPS Block III satellites, because the L1C waveform is not yet finalized. Unpredictable SSSCs could be interleaved with the L1C spreading code on the L1C data channel, as illustrated in Figure 3. Since L1C acquisition and tracking occurs on the pilot channel, the presence of the SSSCs has negligible impact on receivers. Once tracking L1C, a receiver can predict when the next SSSC will be broadcast but not its exact sequence. Upon reception of an SSSC, the receiver stores the front-end samples corresponding to the SSSC interval in memory. Sometime later, the cryptographic digital key that generated the SSSC is transmitted over the navigation message. With knowledge of the digital key, the receiver generates a copy of the actual transmitted SSSC and correlates it with the previously-recorded digital samples. Spoofing is declared if the correlation power falls below a pre-determined threshold.

Figure 3. Placement of the periodically unpredictable spread spectrum security codes in the GPS L1C data channel spreading sequence.

When the security-code chip interval is short (high chipping rate), it is difficult for a spoofer to estimate and replay the security code in real time. Thus, the SSSC technique on L1C offers a strong spoofing defense since the L1C chipping rate is high (that is, 1.023 MChips/second). Furthermore, the SSSC technique does not rely on the receiver obtaining additional information from a side channel; all the relevant codes and keys are broadcast over the secured GPS signals. Of course a disadvantage for SSSC is that it requires a fairly fundamental change to the currently-proposed L1C definition: the L1C spreading codes must be altered.

Implementation of the SSSC technique faces long odds, partly because it is late in the L1C planning schedule to introduce a change to the spreading codes. Nonetheless, in September 2011, Logan Scott and Phillip Ward advocated for SSSC at the Public Interface Control Working Group meeting, passing the first of many wickets. The proposal and associated Request for Change document will now proceed to the Lower Level GPS Engineering Requirements Branch for further technical review. If approved there, it passes to the Joint Change Review Board for additional review and, if again approved, to the Technical Interchange Meeting for further consideration. The chances that the SSSC proposal will survive this gauntlet would be much improved if some government agency made a formal request to the GPS Directorate to include SSSCs in L1C — and provided the funding to do so. The DHS seems to us a logical sponsoring agency.

Navigation Message Authentication. If an L1C SSSC implementation proves unworkable, an alternative, less-invasive cryptographic authentication scheme based on navigation message authentication (NMA) represents a strong fall-back option. In the same 2003 ION-GNSS paper that he proposed SSSC, Logan Scott also proposed NMA. His paper was preceded by an internal study at MITRE and followed by other publications in the open literature, all of which found merit in the NMA approach. The NMA technique embeds public-key digital signatures into the flexible GPS civil navigation (CNAV) message, which offers a convenient conveyance for such signatures. The CNAV format was designed to be extensible so that new messages can be defined within the framework of the GPS Interference Specification (IS). The current GPS IS defines only 15 of 64 CNAV messages, reserving the undefined 49 CNAV messages for future use.

Our lab recently demonstrated that NMA works to authenticate not only the navigation message but also the underlying signal. In other words, NMA can be the basis of comprehensive signal authentication. We have proposed a specific implementation of NMA that is packaged for immediate adoption. Our proposal defines two new CNAV messages that deliver a standardized public-key elliptic-curve digital algorithm (ECDSA) signature via the message format in Figure 4.

Figure 4. Format of the proposed CNAV ECDSA signature message, which delivers the first or second half of the 466-bit ECDSA signature and a 5-bit salt in the 238-bit payload field.

Although the CNAV message format is flexible, it is not without constraints. The shortest block of data in which a complete signature can be embedded is a 96-second signature block such as the one shown in Figure 5. In this structure, the two CNAV signature messages are interleaved between the ephemeris and clock data to meet the broadcast requirements.

Figure 5. The shortest broadcast signature block that does not violate the CNAV ephemeris and timing broadcast requirements. To meet the required broadcast interval of 48 seconds for message types 10, 11, and one of 30–39, the ECDSA signature is broadcast over a 96-second signature block that is composed of eight CNAV messages.

The choice of the duration between signature blocks is a tradeoff between offering frequent authentication and maintaining a low percentage of the CNAV message reserved for the digital signature. In our proposal, signature blocks are transmitted roughly every five minutes (Figure 6) so that only 7.5 percent of the navigation message is devoted to the digital signature. Across the GPS constellation, the signature block could be offset so that a receiver could authenticate at least one channel approximately every 30 seconds. Like SSSC, our proposed version of NMA does not require a receiver’s getting additional information from a side channel, provided the receiver obtains public key updates on a yearly basis.

Figure 6. A signed 336-second broadcast. The proposed strategy signs every 28 CNAV messages with a signature broadcast over two CNAV messages on each broadcast channel.

NMA is inherently less secure than SSSC. A NMA security code chip interval (that is, 20 milliseconds) is longer than a SSSC chip interval, thereby allowing the spoofer more time to estimate the digital signature on-the-fly. That is not to say, however, that NMA is ineffective. In fact, tests with our laboratory’s spoofing testbed demonstrated the NMA-based signal authentication structure described earlier offered a receiver a better-than 95 percent probability of detecting a spoofing attack for a 0.01 percent probability of false alarm under a challenging spoofing-attack scenario.

NMA is best viewed as a hedge. If the SSSC approach does not gain traction, then NMA might, since it only requires defining two new CNAV messages in the GPS IS — a relatively minor modification. CNAV-based NMA could defend receivers tracking L2C and L5. A new CNAV2 message will eventually be broadcast on L1 via L1C, so a repackaged CNAV2-based NMA technique could offer even single-frequency L1 receivers a signal-side anti-spoofing defense.

P(Y) Code Dual-Receiver Correlation. This approach avoids entirely the issue of GPS IS modifications. The technique correlates the unknown encrypted military P(Y) code between two civil GPS receivers, exploiting known carrier-phase and code-phase relationships. It is similar to the dual-frequency codeless and semi-codeless techniques that civil GPS receivers apply to track the P(Y) code on L2. Peter Levin and others filed a patent on the codeless-based signal authentication technique in 2008; Mark Psiaki extended the approach to semicodeless correlation and narrow-band receivers in a 2011 ION-GNSS paper.

In the dual-receiver technique, one receiver, stationed in a secure location, tracks the authentic L1 C/A codes while receiving the encrypted P(Y) code. The secure receiver exploits the known timing and phase relationships between the C/A code and P(Y) code to isolate the P(Y) code, of which it sends raw samples (codeless technique) or estimates of the encrypting W-code chips (semi-codeless technique) over a secure network to the defending receiver. The defending receiver correlates its locally-extracted P(Y) with the samples or W-code estimates from the secure receiver. If a spoofing attack is underway, the correlation power will drop below a statistical threshold, thereby causing the defending receiver to declare a spoofing attack. Although the P(Y) code is 20 MHz wide, a narrowband civil GPS receiver with 2.6 MHz bandwidth can still perform the statistical hypothesis tests even with the resulting 5.5 dB attenuation of the P(Y) code. Because the dual-receiver method can run continuously in the background as part of a receiver’s standard GPS signal processing, it can declare a spoofing attack within seconds — a valuable feature for many applications.

Two considerations about the dual-receiver technique are worth noting. First, the secure receiver must be protected from spoofing for the technique to succeed. Second, the technique requires a secure communication link between the two receivers. Although the first requirement is easily achieved by locating secure receivers in secure locations, the second requirement makes the technique impractical for some applications that cannot support a continuous communication link.

Of all the proposed cryptographic anti-spoofing techniques, only the dual-receiver method could be implemented today. Unfortunately the P(Y) code will no longer exist after 2021, meaning that systems that make use of the P(Y)-based dual-receiver technique will be rendered unprotected, although a similar M-code-based technique could be an effective replacement. The dual-receiver method, therefore, is best thought of as a stop-gap: it can provide civil GPS receivers with an effective anti-spoofing technique today until a signal-side civil GPS authentication technique is approved and implemented in the future This sentiment was the consensus of the panel experts at the 2011 ION-GNSS session on civil GPS receiver security.

Non-Cryptographic Methods

Non-cryptographic techniques are enticing because they can be made receiver-autonomous, requiring neither security-enhanced civil GPS signals nor a side-channel communication link. The literature contains a number of proposed non-cryptographic anti-spoofing techniques. Frequently, however, these techniques rely on additional hardware, such as accelerometers or inertial measurements units, which may exceed the cost, size, or weight requirements in many applications. This motivates research to develop software-based, receiver-autonomous anti-spoofing methods.

Vestigial Signal Defense (VSD). This software-based, receiver-autonomous anti-spoofing technique relies on the difficulty of suppressing the true GPS signal during a spoofing attack. Unless the spoofer generates a phase-aligned nulling signal at the phase center of the victim GPS receiver’s antenna, a vestige of the authentic signal remains and manifests as a distortion of the complex correlation function. VSD monitors distortion in the complex correlation domain to determine if a spoofing attack is underway.

To be an effective defense, the VSD must overcome a significant challenge: it must distinguish between spoofing and multipath. The interaction of the authentic and spoofed GPS signals is similar to the interaction of direct-path and multipath GPS signals. Our most recent work on the VSD suggests that differentiating spoofing from multipath is enough of a challenge that the goal of the VSD should only be to reduce the degrees-of-freedom available to a spoofer, forcing the spoofer to act in a way that makes the spoofing signal or vestige of the authentic GPS signal mimic multipath. In other words, the VSD seeks to corner the spoofer and reduce its space of possible dynamics.

Among other options, two potential effective VSD techniques are
- a maximum-likelihood bistatic-radar-based approach and
- a phase-pseudorange consistency check.
The first approach examines the spatial and temporal consistency of the received signals to detect inconsistencies between the instantaneous received multipath and the typical multipath background environment. The second approach, which is similar to receiver autonomous integrity monitoring (RAIM) techniques, monitors phase and pseudorange observables to detect inconsistencies potentially caused by spoofing. Again, a spoofer can act like multipath to avoid detection, but this means that the VSD would have achieved its modest goal.

Anti-Spoofing Reality Check

Security is a tough sell. Although promising anti-spoofing techniques exist, the reality is that no anti-spoofing techniques currently defend civil GPS receivers. All anti-spoofing techniques face hurdles. A primary challenge for any technique that proposes modifying current or proposed GPS signals is the tremendous inertia behind GPS signal definitions. Given the several review boards whose approval an SSSC or NMA approach would have to gain, the most feasible near-term cryptographic anti-spoofing technique is the dual-receiver method. A receiver-autonomous, non-cryptographic approach, such as the VSD, also warrants further development. But ultimately, the SSSC or NMA techniques should be implemented: a signal-side civil GPS cryptographic anti-spoofing technique would be of great benefit in protecting civil GPS receivers from spoofing attacks.

Manufacturers

The high-quality handheld receiver cited in Figure 1 was a Trimble Juno SB. Testbed equipment shown: Schweitzer Engineering Laboratories SEL-421 synchrophasor measurement unit; Ramsey STE 3000 radio-frequency test chamber; Ettus Research USRP N200 universal software radio peripheral; Schweitzer SEL-2401 satellite-synchronized clock (blue); Trimble Resolution SMT receiver (silver); HP GPS time and frequency reference receiver.

References, Further Information

University of Texas Radionavigation Laboratory.

Full results of Figure 1 experiment are given in Shepard, D.P. and T.E. Humphreys, “Characterization of Receiver Response to Spoofing Attacks,” Proceedings of ION-GNSS 2011.

NMA can be the basis of comprehensive signal authentication: Wesson, K.D., M. Rothlisberger, T. E. Humphreys (2011), “Practical cryptographic civil GPS signal authentication,” Navigation, Journal of the ION, submitted for review.

Humphreys, T.E, “Detection Strategy for Cryptographic GNSS Anti-Spoofing,” IEEE Transactions on Aerospace and Electronic Systems, 2011, submitted for review.

Kyle Wesson is pursuing his M.S. and Ph.D. degrees in electrical and computer engineering at the University of Texas at Austin. He is a member of the Radionavigation Laboratory. He received his B.S. from Cornell University.

Daniel Shepard is pursuing his M.S. and Ph.D. degrees in aerospace engineering at the University of Texas at Austin, where he also received his B.S. He is a member of the Radionavigation Laboratory.

Todd Humphreys is an assistant professor in the department of Aerospace Engineering and Engineering Mechanics at the University of Texas at Austin and director of the Radionavigation Laboratory. He received a Ph.D. in aerospace engineering from Cornell University.
January 1, 2012
GMV Tracks the First Galileo IOV Satellite

GMV, one of the world’s leading companies in satellite navigation systems, announced the tracking of both data and pilot channels of Galileo first satellite signal with its own line of GNSS receiver products.

The first two Galileo satellites were launched from Kouru Spaceport in French Guiana on October 21st and are now in in-orbit test campaign. The Galileo PRN 11 started transmitting the first navigation signal last Saturday.

GMV has been involved in GNSS for the last 25 years and today GMV’s GNSS team includes more than 120 highly specialized engineers, some having more than 15 years experience in the GNSS field. GMV plays a critical role in the ongoing development of Europe’s GNSS strategy, being a key partner in the EGNOS and Galileo programmes.

GMV has developed its own GNSS software receiver products: SRX-10 on GPS, which has been optimized for the urban environment, NUSAR for GPS L1 and Galileo E1 and its own L1 front end. This experience has been applied, even previously to the development of the receivers, to many studies on receiver performances under very diverse signal conditions and designs, namely by processing the GIOVE satellites signal.

Supported by its line of GNSS receiver products, GMV now presents its results on the first Galileo signals on both data (E1-B) and pilot (E1-C) channels of the Galileo PRN 11 satellite.

December 21, 2011
E1 and E5 Galileo IOV Signals: Report from U. Calgary

This article gives a brief overview of the acquisition and tracking of Galileo IOV signals received from the GSAT0101 satellite on the morning of December 15. Researchers in the PLAN Group successfully recorded E1 and E5 data using a single dual-channel front-end and subsequently acquired and tracked E1 B/C, E5a and E5b signals using the PLAN Group GSNRx software GNSS receiver.

A little over seven weeks after launch, one of the two Galileo IOV satellites began to transmit on the E1 band. To the delight of eagerly waiting researchers worldwide, Galileo-PFM (GSAT0101) broke radio silence on December 10, 2011. Within hours the community was alive with reports of successful acquisition and tracking of the E1 B/C signals. Four days later the E5 signal was also activated. In the early hours of the morning of the 15th of December researchers gathered in the PLAN Group at the University of Calgary and observed the sky filled with broadcasting satellites from three GNSS. Using a dual channel front-end designed in-house, a Novatel GPS-703-GGG antenna and a laptop computer, IF data was collected to examine these new signals. This data was processed by GSNRx, a reconfigurable a multi-system, multi-frequency software receiver developed by the PLAN Group [1]. The equipment used to acquire and process the data is shown in Figure 1.

Figure 1 The equipment used to acquire and process the Galileo-PFM signals included an in-house dual frequency front-end, a 10 MHz OCXO, a Novatel GPS-703-GGG antenna and a standard laptop computer running the GSNRx software receiver.

At approximately 03:20 MST (UTC – 7:00) more than 20 GNSS satellites were visible from a rooftop mounted antenna. Having reconfigured the front-end to accommodate the E5 band, IF data was collected which included Galileo E1 B/C and E5 A/B, GIOVE-B E1 B/C and E5a, GPS L1 C/A and L5, and GLONASS L1 C/A. Following some last minute modifications to GSNRx to include the Galileo E5b signals, the samples were processed, simultaneously tracking GPS and Galileo on both the L1/E1 and L5/E5 frequencies and GLONASS on L1. A screenshot of the receiver in operation is shown in Figure 2.

Figure 2 Screenshot of GSNRx while processing the Galileo PFM signals

The versatility of GSNRx had been exploited in the past when new signals were brought online. In particular, the modular design adapted for PLAN’s software receiver had been utilized to quickly add new signals and new signal processing techniques. Once again this flexibility was drawn upon to facilitate the last-minute addition of the E5b I/Q signals (that very night) and to enable the stand-alone tracking of each signal component. By the same means, of course, this structure could be easily manipulated to enable composite tracking of data/pilot signal pairs or even facilitate vector tracking of all signals in view.

A subset of the raw correlator values for the E1 B, E1 C, E5a I and E5a Q signals are shown in Figure 3, (note that the E1 C values have been offset by -2.0×105 for clarity). A data-rate of 250 symbol/s is clearly visible on the E1 B and E5b signals while a 50 symbol/s stream can be observed on the E5a I signal. The 25 chip secondary code is also evident on E1 C at a rate of 250 chip/s.

Figure 3 Raw Correlator Values for the E1 B/C, E5aI/Q and E5bI/Q signals. The bit periods can be clearly seen on E1B, E5aI and E5bI. The secondary code can be observed on E1C while the pilot signal can be seen on singals E5aQ and E5bQ.

All six components of the Galileo-PFM signals shown above (transmitted on PRN 11) were tracked independently and their signal modulations were found to agree with the Galileo Open Service ICD [2]. A trace of the measured carrier-to-noise floor ratios for the Galileo signals is shown in Figure 4. As indicated by the ICD, the E5b signals were observed at 2 dB lower power than the E1 B and C signals. The E5a signals, however, were expected to be received at the same power as E5b and yet were observed at approximately 4 dB lower power. This is believed to be a combination of the antenna and IF filtering within the front-end as the E5a center frequency is located relatively near the pass-band edge of both. This front-end was initially designed for 40 MHz bandwidth, but used in this experiment at 50 MHz, as will be discussed later.

Figure 4 Measured C/N0 for Galileo-PFM Signals

The software receiver was once again reconfigured, this time to produce signal correlator values spaced along a delay of approximately 700 m and 70 m for the E1 A/B and E5 A/B signals, respectively, such that the cross-correlation of the received and local-replica PRN sequences could be examined. The signals were tracked for 10 seconds and the 1 ms correlator values averaged, to produce estimates of the code cross-correlation function. The characteristic ripple of the CBOC modulation on E1 B/C can be seen in Figure 5 (left), particularly on the right-most ascending feature of the envelope. Likewise, the alt-BOC cross-correlation of E5a Q in Figure 5 (right) is as expected. It is noted that the E5a I signal has suffered some distortion due to the filtering effects mentioned above.

Figure 5 Measured cross-correlation functions for the Galileo PFM E1 B and C signals (left) and E5a I and E5b I signals (right).

The PLAN group’s front-end is a highly flexible GNSS signal capture tool ideally suited for use with the GSNRx software receiver. The front-end, photographed in Figure 6, allows software reconfiguration of oscillator source (onboard, or external), antenna bias voltage, sampling rate, and IF bandwidth in addition to other low level control options making it highly adaptable. Furthermore, the center frequency, and filter bandwidth of each of the two hardware channels is independently configurable between 1150 – 2000 MHz, and between 4—40 MHz bandwidth (single sided) respectively.

Figure 6: PLAN group two-channel reconfigurable front-end with main system blocks labeled. The external clock and GNSS antenna SMA connectors are along the right edge, while the data interface is via mini-USB on the opposite side of the front-end.

Typically the front-end is configured to collect dual bands of 40 MHz two-sided bandwidth in order to cover the L1 and L2 transmission bands of both GPS and GLONASS as is shown in the right and central blocks within Figure 7. To allow the capture of E5a/E5b, the front-end configuration software was used to move the center frequency of channel B from 1237 MHz to 1192 MHz, the bandwidth of channel B from 33 MHz to 50 MHz, and to increase the sampling rate of both channels from 40 to 50 Ms/s.

Figure 7: Front-end channel A and channel B typically configured to capture GPS and GLONASS L1+L2, but reconfigured here to allow capture of Galileo IOV E5a+E5b signal in lieu of L2 band.

While each of the E5a and E5b signals have main lobe widths of 20.46 MHz (two sided), the composite E5 signal covers 50 MHz of spectrum, overlaying both the current GPS L5 signal at 1176, and the future GLONASS L3 signal near 1207 MHz. In order to demonstrate the capabilities of the GSNRx software receiver as an L5/E5 + L1/E1 system, it was desirable to capture the new IOV signals in their entirety.

The Galileo PFM satellite was observed from the Calgary Laboratory on the E1 link since the 12th of December at approximately 08:00 hrs and on the E5 link since the 14th of December at approximately 18:00 hrs. The last successful acquisition of the satellite on either E1 or E5 was at 03:20 hrs on the 15th of December and indicated a Doppler of approximately +2.3 kHz at E1. This figure is compatible with a reported elevation of approximately 40 degrees and rising, as reported by a number of software packages operating on a TLE [3]. Researchers recorded IF data once again at 03:55 on the 15th of December but failed to acquire any of the Galileo-PFM signals, suggesting the satellite may temporarily have ceased transmission.

References
Petovello, M. G., and C. O’Driscoll, G. Lachapelle, D. Borio and H. Murtaza (2008), “Architecture and Benefits of an Advanced GNSS Software Receiver,” Journal of Global Positioning Systems, vol. 7, no. 2, pp. 156-168.
Galileo Project Office. Galileo OS SIS ICD. http://ec.europa.eu/…/galileo/files/galileo-os-sis-icd-issue1-revision1_en [Accessed: 15 December 2011].
NORAD Two-Line Element Sets. http://celestrak.com/NORAD/elements/, [Accessed: 15 December 2011].

December 16, 2011
E5 Aloft, Second Galileo Signal Transmitted

The Galileo PFM IOV satellite (GSAT0101) began transmitting E5 signals early on December 14. It had already started airing E1 signals on December 10. Several COoperative Network for GIOVE Observation (CONGO) stations, including one at the University of New Brunswick, are now tracking both the E1 and E5 signals.

Meanwhile, the European Space Agency (ESA) has released a statement on the start of IOV satellite transmissions, titled "Galileo in tune: first navigation signal transmitted to Earth":

"Europe’s Galileo system has passed its latest milestone, transmitting its very first test navigation signal back to Earth.

"The first two Galileo satellites were launched into orbit on 21 October. Since then their systems have been activated and the satellites placed into their final orbits, positioned so that their navigation antennas are aligned with the world they are designed to serve.

"Last weekend marked the first orbital transmission from one of these navigation antennas. The stage was set, the singer in place and an audience – in the shape of engineers on the ground – was waiting eagerly.

"The question was would the singer make music, and if so, would it be in tune?

"The turn of Galileo’s main ‘L-band’ (1200-1600 MHz) antenna came on the early morning of Saturday 10 December. A test signal was transmitted by the first Galileo satellite in the ‘E1’ band, which will be used for Galileo’s Open Service once the system begins operating in 2014.

"To prepare for the test, the payload power amplifiers were switched on and ‘outgassed’ – warmed up to release vapours that might otherwise interfere with operations – before transmission began.

"The signal power and shape was well within specifications. The shape is especially important because its modulation is carefully designed to enable interoperability with the ‘L1’ band of US GPS navigation satellites: Galileo and GPS can indeed work together as planned.

"The test campaign is concentrating on the first satellite for the reminder of the year, with the focus moving to the second Galileo satellite from the start of 2012. The plan is to complete In-Orbit Testing by next spring.

"The next pair of Galileo In-Orbit Validation satellites will also be launched next year, to form the operational nucleus of the full Galileo constellation. Meanwhile the next batch of Galileo satellites are currently being manufactured for launch in 2014."

December 14, 2011