Spirent Communications has announced a Robust PNT Test Framework that evaluates GPS and GNSS security vulnerabilities for positioning, navigation and timing (PNT) systems.
Threats to GNSS and related PNT applications are more orchestrated and coordinated, with the motivation to disrupt or cause financial loss. The technology to disrupt GPS has also become much more accessible, resulting in GPS vulnerability gaining attention at hacker conventions.
Spirent’s GSS100D Detector, developed in collaboration with Nottingham Scientific Ltd, enables detection, characterization and analysis of real GNSS threats.
The Robust PNT Test Framework will be used by technology, system and application developers where PNT is critical. Spirent’s framework enables threats to be detected in the field, taken into the lab and re-synthesized along with GPS and other GNSS signals. In addition, Spirent’s threat intelligence library of actual and typical threats provides a wide range of GNSS segment errors and spoofing attacks, as well as space weather and other vulnerabilities for preventive troubleshooting.
“Spirent wants to move beyond talking about the increase of GNSS vulnerabilities and offer a pragmatic approach to enable informed decision making when it comes to evaluating the impact of vulnerabilities,” said John Pottle, marketing director of Spirent’s Positioning Technology Division. “Through our Robust PNT Test Framework Spirent is pulling everything together to enable users to readily audit systems and take practical steps to improve resilience.”
GPS World will host a webinar this Thursday, March 19, on the merits of using simulated jamming, spoofing and interference scenarios to prepare GNSS receivers for the brave new world of coping with adverse signal effects. It’s clear that users need to still operate commercially and individually, even when they get hit by extraneous interference — intended or otherwise — in a world where cigarette-lighter jammers, engineering “lash-up” spoofers, and badly designed commercial gear can ruin a person’s day.
Recently, I had a conversation with Guy Buesnel, market segment manager, GNSS Vulnerabilities, at Spirent Communications. He wanted to alert me to the concept that jamming and spoofing is at a stage where Internet hacking was many years ago. Hacking has progressed from the typical loan student in his bedsit or studio apartment pounding on a keyboard to break down banking or other institutional firewalls, to nowadays, where focused groups mount hacking attacks on targeted agencies or companies lasting days, weeks, even months. Huge effort is currently being applied to defending against these and future focused attacks.
Buesnel’s point is that organized attacks on GNSS may be coming, and coming soon. Individuals and groups are already self-jamming to prevent detection — organized car and truck thieves wanting to avoid location of stolen assets, or truck drivers wanting to prevent their employers knowing their whereabouts — using easily obtained “personal cigarette lighter” or even professional-looking jammers (see figure below). Jamming GPS L3 at 1381.05MHz might awaken U.S. Department of Defense (DOD) interest as it’s used by the Nuclear Detonation (NUDET) Detection System Payload (NDS), and L4 at 1379.913 MHz is currently only used for studies on additional ionospheric corrections.
But Buesnel warns that organized spoofing could soon start to happen, and happen frequently. And it could be argued that spoofing is more dangerous than jamming, because a user or someone monitoring a user might not know for some time that their position information has been compromised. Long enough, perhaps, for an unwary user to get into potentially serious trouble, especially in a higher speed, fuel-restricted application like an aircraft or a small boat running some distance offshore.
GNSS is already embedded into the critical infrastructure of utility providers, and also telecoms, financial and transport sectors for timing/synchronization or positional data, and the growth in vehicle automation will soon see GNSS being used for even more safety-critical applications. The security of GNSS is already of huge importance and a “GNSS hacking attack,” like those experienced by Internet users, could achieve significant disruption across a host of operational segments. Precise GNSS timing is already essential for time stamping some transactions and used extensively for cell-site synchronization, so significant damage could occur if timing information were to be compromised.
While an intentional spoofing attack has yet to be confirmed — except under conditions such as that drone spoofing demonstration and then the White Rose luxury yacht spoofing trials, both by University of Texas/Cockrell School of Engineering graduate students — unintentional spoofing has indeed been reported. GNSS repeaters radiating at higher power levels than actual GNSS signals can be the source of such spurious signals. The result can be that GNSS receivers may acquire and track the higher power repeater signals, and the receiver position becomes that of the repeater. Use of GPS repeaters in unsuitable locations, such as for production tests in an open workshop, have been reported. The risk is that GNSS signals could extend outside the building and affect users, so GPS receivers could be spoofed and tricked into reporting an incorrect position.
White Rose 213-foot luxury yacht. Photo: Tony Murfin
For more than 20 years, the information security community has debated publishing the methods used by hackers and others to expose and attack vulnerabilities within products. Initially, things were kept hidden and were only shared between groups of hackers or IT administrators. However, online hacker forums quickly distributed knowledge — often including sample code. This allowed everyone from security researchers and IT administrators to hackers to learn about the vulnerabilities of applications and critical systems. It would seem that both researchers and hackers alike have broken the spell, and now it’s easy to spread the word about backdoors and weaknesses in firewalls, critical applications and the like.
Fast forward, and we are now in the age of mass-market access to jammers of all kinds through offshore websites — even if it’s illegal to operate such devices. However, it’s also illegal to hack the Department of Defense, but that has not prevented hackers in the past from assaulting and penetrating all sorts of secure DoD computing facilities. So, let’s just assume that the individuals who get a kick out of creating mayhem may eventually turn to something new — and the age of jamming and spoofing for fun may be upon us.
All is not lost, however. Just as applications for finding and killing viruses have become more robust, and new “antidotes” and warnings are now automatically downloaded to your PC even as they are created, and huge amounts of effort are now being applied to creating the most robust firewalls, so the designers of GNSS receivers are working hard to immunize their systems against anticipated attacks. And simulator/replay manufacturers such as Spirent Communications, IFEN, Spectracom and Racelogic are developing and fielding ready-made spoofing and jamming capabilities and scenarios with which manufacturers can test and qualify their receivers — which you may well hear about during the coming GPS World webinar on March 19.
Nevertheless, some people in the industry are urging members of the GNSS community to act more cooperatively and report spoofing and jamming incidents/attacks for their own good. It seems that the industry only collaborates in the face of a major common threat — take the ultra wideband and LightSquared episodes where the response was virtually unanimous. While most GNSS manufacturers in the meantime tend to maintain a very proprietary cover to their field experience and technological solutions, this still leaves customers exposed to product vulnerabilities. The GNSS community now has the advantage that the information security community has been working through these hurdles for the past two decades. Lessons learned include the following:
Controlled, responsible disclosure and cooperation allows everyone to monitor the threat and how it is being dealt with.
Without restricted disclosure and preventive solutions, attacks will always take advantage of weaknesses.
Eventually, disclosure of product vulnerabilities will result in more respect and confidence in manufacturers by users.
Rapid resolution of issues is essential.
The GNSS community has an opportunity to come together, learn from the information security community, and adopt best practices to secure and protect its customers.
(With grateful thanks to Guy Buesnel and David DeSanto of Spirent Communications!)
Spirent Communications has added capabilities to its ultra-wideband GSS6425, which enable recording up to 150MHz bandwidth of GNSS signals. Users can now record up to three RF frequency bands at any one time with 10-, 30- or 50-MHz bandwidth each. Other enhancements include the ability to record up to four video streams, USB 3.0 support and easy remote-control using tablet or smartphone.
A single portable test system, the ultra-wideband GSS6425 allows customers to record GPS L1 and L2 and GLONASS L1 and L2 signals commonly needed for applications requiring very high accuracy such as surveying, precision agriculture, automotive research, and advanced navigation.
“Customers undertaking field testing are increasingly looking for portable and easy to use test solutions,” said Rahul Gupta, commercial segment lead for Spirent’s positioning division. “With these new abilities they can now easily configure, monitor, and control the GSS6425 using their mobile phone or tablet over Wi-Fi.”
Recording of four video streams by attaching webcams allows the user to capture visual records of any location. This enables users to fully understand the conditions at the time of recording, not only inside the vehicle (including activity on the dashboard, facial expressions, navigation unit, and more) but also outside the vehicle (such as top, front and back scenes, capturing building types, and movement in and out of a tunnel), which is useful especially during the post-processing phase.
The support for USB 3.0 has also been added, to facilitate faster recording transfer to and from the test system. Users can also use this to record data straight onto to any external hard drive supporting this interface, to record for a longer duration of time.
Spirent’s pecord and playback GSS6425 test solution provides a popular variety of applications, including:
Automotive R&D testing: With the connected car becoming a reality, record and playback testing techniques are proving to be very useful, saving engineering teams time and cost spent on drive testing. With the GSS6425, customers can not only record GNSS signals but also up to four video streams, CAN bus data and sensor data synchronously.
Authorized user tests: The GSS6425 can record GPS signals simultaneously for several hours at L1 and L2 frequencies — sufficient to capture both the GPS M-codes and Y-codes.
Special Section, March 2015. Download a PDF of this section, with the Simulator Product Showcase.
CAST Navigation
CAST-SGX GPS Satellite Simulator
The SGX GPS satellite signal simulator from CAST Navigation. Photo: CAST Navigation
The SGX GPS satellite signal simulator from CAST Navigation provides the user with dynamic, repeatable GPS RF signals for use in the laboratory or in the field for a wide range of GPS applications. The SGX simulator is housed in a portable, lightweight, handheld enclosure measuring 7 x 11 x 3 inches and weighing just over 4 pounds.
The SGX is lightweight and portable, operates on AC or battery power, and features 16 channels of L1 C/A and P codes. Based on CAST’s technology that has been developed for use in the company’s larger military products, it is extremely accurate and repeatable.
The SGX is controlled via an intuitive touchscreen interface that allows the user to select, start, and stop scenarios, change screen views, and change satellite RF power levels while a scenario is running. Three test scenarios are delivered with the simulator.
XGEN Plus Scenario Generation Software. This software gives the user the ability to generate custom scenarios for use with the SGX. The software allows for complete control over GPS almanac, ephemeris, and all satellite error sources.
The user can select from a variety of vehicle types and simulate static or dynamic motion. The user can also employ antenna gain patterns and vehicle silhouettes if desired. The user can generate a customized high precision six-degree-of-freedom trajectory simply by defining a mission profile that is based on raw maneuvers, waypoints, Google Maps or a combination of these maneuver types.The new scenarios can be downloaded via USB port or SD card interfaces.
CAST has been in the GPS simulation and support business for more than 30 years, designing, developing, manufacturing, and integrating innovative GPS/INS simulators and associated test equipment for government, military, prime vendor, and consumer markets.
Designed to be a versatile yet affordable satellite simulator, the GPSG-1000 is proving to be a vital instrument used by those validating and testing GNSS receivers in a variety of applications within the transportation, consumer electronics, aerospace and military industry segments, to name a few.
The GPSG-1000 is a single carrier, multi-channel GPS/Galileo simulator that is portable and ruggedized so it can be safely and confidently deployed in a variety of outdoor and indoor environments. The unit is available in a 6- or 12-channel configuration, and supports the following GNSS signals: L1, L1C, L2C, L5, E1, E5, E5a, E5b and SBAS (WAAS and EGNOS).
The GPSG-1000 can be directly connected to a GNSS receiver under test. It can also simulate actual “open-sky” situations whereby the unit can generate its signals through the included antenna coupler system that isolates and transmits to the UUT’s antenna(s). Utilizing an integrated GPS receiver, the GPSG-1000 simulates actual time of day and date as well as the real constellation that would be available for navigation at that specific point in time. Multiple almanacs and route files can be saved to the GPSG’s memory, thereby enabling current and past history dynamic motion, constellation environment creation/recreation and other significant troubleshooting capabilities. During any given static or dynamic simulation, space vehicle parametrics and health can be user controlled.
The GPSG-1000 features a touchscreen user interface that can be remotely hosted via an integrated Ethernet port. The unit uses a rechargeable, Lithium Ion battery enabling hours of untethered use, and can also be used while the battery is recharging.
The NavX-NCS Professional GNSS Simulator by IFEN. Photo: IFEN
The absolute flexibility of the NavX-NCS Professional GNSS Simulator allows it to be configured with up to 108 channels and all of the following signals:
GPS L1/L2/L5 C/A & P code and L2C
GLONASS G1/G2 standard & high accuracy codes
Galileo E1/E5/E6 (BOC/CBOC/AltBOC)
BeiDou B1/B2/B3
SBAS L1/L5 (WAAS, EGNOS, MSAS, GAGAN)
QZSS L1 & L1-SAIF
IMES
The user is enabled to assign signals freely to any of the RF modules fitted to the simulator. This allows the same hardware to be used in a range of different configurations.
Signals may be added by software license with no need to return the hardware for upgrade.
Up to four independent RF outputs may be fitted, enabling the user to simulate multiple antenna locations simultaneously (allowing simulation of multiple antennas on one vehicle, multiple vehicles simultaneously, a mixture of static locations and mobile vehicles, and multiple antenna elements for Controlled Reception Pattern Antenna [CRPA] testing).
The comprehensive and easy-to-use Control Center operating software allows the operator to quickly create realistic test scenarios for effective testing of user equipment.
IFEN also offers the NavX-NCS Essential GNSS Simulator, which is available with 21 or 42 channels and is capable of simulating GPS L1 (including SBAS L1), GLONASS G1, Galileo E1, BeiDou B1, QZSS L1, and IMES. The simulator is also supplied with Control Center operating software for comprehensive scenario generation.
For USA and Canada: Mark Wilson; phone: 951-739-7331; email: [email protected]
Racelogic
LabSat 3 Triple Constellation Simulator
RaceLogic LabSat 3. Photo: RaceLogic
LabSat 3 from Racelogic is a low cost, stand-alone, battery powered, multi-constellation RF record-and-replay device, designed to assist GNSS engineers in the development and testing of their products.
With its small size and all-in-one design, LabSat 3 makes it easier than ever to collect raw satellite data in the same environment that end users experience in everyday use. This enables repeatable and realistic testing to be carried out under controlled conditions.
LabSat 3 doesn’t need to be connected to a PC in order to record live-sky GNSS signals. With one-touch recording to SD card and a two-hour battery life, it can be used in any outdoor location to create real-world scenarios, for eventual replay back in the lab. As well as being able to simultaneously record or replay GPS, GLONASS, BeiDou, QZSS, Galileo, and SBAS signals, it can log CAN Bus, serial, or digital data, embedded alongside the satellite information. This additional information can then be replayed alongside the GNSS output, with synchronization to within 60 ns. A 1PPS signal can also be generated using the internal GPS receiver.
LabSat 3 can be used as a replay system out of the box with a set of 60 pre-recorded scenarios supplied as part of the package, recorded from various locations around the globe. Additionally, SatGen software, a demo version of which is available from the LabSat website, allows for
scenario generation of user-defined trajectories, with precise control over velocity, heading, height, and constellation profiles. Routes are also easily created in Google Maps, and the software also supports NMEA and KML file import. SatGen gives test engineers the ability to develop their products using simulations that would be difficult or impossible to record due to geographic location or safety constraints.
LabSat 3 is available as a record and replay, or replay-only version; either one, two, or three constellation types generate a single, dual, or triple constellation file.
LabSat is currently used by many leading manufacturers of GPS chipsets, portable navigation devices, smartphones, and by major car companies in their test, development and production processes.
www.labsat.co.uk; phone: +44 (0)1280 823803
Rohde & Schwarz
R&S SMBV100A: GNSS Simulator in Vector Signal Generator
The R&S SMBV100A: GNSS Simulator in Vector Signal Generator. Photo: R&S
The GNSS simulator in the vector signal generator R&S SMBV100A is designed for development, verification and production of GNSS chipsets, modules and receivers. The simulator supports all possible scenarios, from simple setups with individual, static satellites all the way to flexible scenarios generated in real time with up to 24 dynamic GPS, GLONASS, Galileo, BeiDou and QZSS satellites.
GNSS simulator with support of GPS L1/L2 (C/A and P code), GLONASS L1/ L2, Galileo E1, BeiDou and QZSS L1, including hybrid constellations.
Real-time simulation of realistic constellations with up to 24 satellites and unlimited simulation time.
Flexible scenario generation including moving scenarios, dynamic power control and atmospheric modeling.
Configuration of realistic user environments, including obscuration and multipath, antenna characteristics and vehicle attitude.
Static mode for basic receiver testing using signals with zero or constant Doppler shift.
Support of Assisted GNSS (A-GNSS) test scenarios, including generation of assistance data for GPS, GLONASS, Galileo, BeiDou and QZSS.
Real-time external trajectory feed for hardware in the loop (HIL) applications.
High signal dynamics, simulation of spinning vehicles and precision code (P-code) simulations to support aerospace and defense applications.
Enhanced simulation capabilities for aerospace applications by supporting ground-based augmentation systems (GBAS).
Support of other digital communications and radio standards in the same instrument.
Afforable, Flexible and User-Friendly GNSS Simulators
The Spectracom family of simulators. Photo: Spectracom
Spectracom GNSS Simulators support test and development programs from simple manufacturing tests to multi-output testing across the diverse ecosphere of industries relying on GNSS technology. Spectracom’s innovation allows users of any skill level full control over the GNSS constellation, vehicle motion/attitude and signal path complications such as atmospherics and multipath to develop complex scenarios. Typical test conditions include:
Clock errors
Data errors
“Real-world” motion from embedded Google Maps
In-band noise generation
Multipath
Signal obstructions calculated from 3D building models
“Current time” simulation
Real-time HIL testing
Easy synchronization for multi-output testing
Automative download of the current almanac
Antenna pattern effects
Inertial sensor testing
Assisted GNSS testing
No dedicated PC is required. Scenarios are run and managed from the front panel, SCPI commands, or any PC/tablet via a web interface. Users can select a flexible, field upgradeable Spectracom simulator, and then purchase the software options they need.
GSG-6 Series multi-frequency, advanced GNSS simulator is powerful enough for any cutting-edge test program. GPS, GLONASS, Galileo, Beidou, QZSS and IRNSS signals are available across multiple frequencies. The GSG-6 is designed for military, research or professional applications.
GSG-5 Series multi-constellation L1-band GNSS simulator is designed for commercial development/integration programs. If a user is developing commercial products with GNSS capability, the GSG-5 will shorten test programs with confidence.
GSG-51 single channel signal generator is designed for one purpose — fast, simple go/no-go manufacturing test and validation, ensuring the manufacturing line is operating at full capacity with confidence in quality.
Spirent provides simulators that cover all applications, including research and development, integration/verification and production testing.
GSS9000. The newly released Spirent GSS9000 multi-frequency, multi-GNSS RF constellation simulator can simulate signals from all GNSS and regional navigation.The GSS9000 offers a four-fold increase in RF signal iteration rate (SIR) over Spirent’s GSS8000 simulator. The GSS9000 SIR is 1000 Hz (1 ms), enabling higher dynamic simulations with more accuracy and fidelity. It includes support for restricted and classified signals from the GPS and Galileo systems, as well as advanced capabilities for ultra-high dynamics. It can evaluate resilience of navigation systems to interference and spoofing attacks, and has the flexibility to reconfigure constellations, channels and frequencies between test runs or test cases.
Hardware changes can be done in the field, supported by the new on-board calibrator module. The GSS9000 is extensible and can support the widest range of carriers, ranging codes and data streams for the Galileo, GPS, GLONASS, and BeiDou systems, as well as regional/augmentation systems. Multi-antenna/multi-vehicle simulation, for differential-GNSS and attitude determination, and interference/jamming and spoofing testing are also supported.
CRPA Test System. Spirent’s Controlled Reception Pattern Antenna (CRPA) Test System generates both GNSS and interference signals. Users can control multiple antenna elements. Null-steering and space/time adaptive CRPA testing are both supported by this comprehensive approach.
GSS6425. The Spirent GSS6425 RPS quickly and simply records complex real-world RF environments, capturing both GNSS signals and atmospheric/interference effects. These environments can then be replayed repeatedly to the hardware software under test, reducing project, travel and engineering costs.
Precision matters. While “accuracy” is somewhat one-dimensional, “precision” is multi-faceted. We submit to you that whatever area of GNSS-based location you are interested in, precision matters today and will matter more in the future. In this column, we’ll explain why this is.
Traditional test approaches involve taking measurements to evaluate fundamental performance, for example, time-to-first-fix. As the number of critical applications that rely on positioning, navigation and timing (PNT) increases, the list of considerations for testing also grows.
Critical applications typically require higher integrity. There are a myriad of techniques to achieve this, from adding constellations, additional frequencies, improved navigation message authentication approaches and everything in between. Examples of safety-related applications include rail, connected car and aviation. Commercially critical application examples are smartphone payment authentication and container port automation. Protecting the warfighter and ensuring mission success against growing interference and jamming are key initiatives for the military. All of these applications are becoming more sophisticated and complex, stressing the importance of precision in testing.
Neal Fedora
Testing these critical applications requires:
Precise and clear test objectives
Precise definition of test approaches to explore both nominal and off-nominal conditions
Comprehensive test tools that include all required signal components precisely modeled and controlled
Test signal precision of at least an order of magnitude better than the device under test
Results analysis that can quickly and effectively highlight areas of interest or concern.
Robustness against Cyber Attacks. The second area calling for more precision is the need for a more robust PNT systems in the face of increasing cyber attacks and interference. While well known in the IT world, the GNSS community is relatively unfamiliar with being targeted by hackers. Attacks on GNSS technologies are increasing in frequency and sophistication for both commercial and military users. The stakes are rising as the incidents increase from occasional (often accidental) interference to more structured and organized approaches to jamming and even spoofing.
We’re predicting a game of cat and mouse where these cyber attacks and interference threats will continually evolve to try and stay one step ahead of the protections in place. In our view, this will call for increasingly clever and proactive threat-detection techniques in navigation systems, in addition to precise, reliable test solutions to verify them.
Spirent’s test solutions address these growing demands by providing not only multi-GNSS signal simulators, but also inertial and interference simulators, anti-jamming test solutions, and record and replay of actual observed interference and even communications port vulnerability testing.
In our view, the diversity of critical applications will increase, emphasizing the need for a precise approach to test planning, execution and analysis. Robust PNT is an achievable vision, and we are excited for the future.
John Pottle is marketing director for Spirent Communications plc. Neal Fedora is director of engineering for Spirent Federal Systems Inc.
John Pottle from Spirent Communications details the company’s GSS9000 RF constellation simulator at the 2014 ION GNSS+ Conference September 9-12 in Tampa, Florida. Spirent Federal’s GSS9000 RF constellation simulator has been reviewed and granted security approval by the Global Positioning Systems Directorate.
Spirent Federal Systems, a U.S. provider of positioning, navigation and timing test solutions to the government and its contractors, announces that its GSS9000 RF constellation simulator has been reviewed and granted security approval by the GPS Directorate.
Higher dynamic simulations with more accuracy and fidelity are enabled by 1000-Hz (1 ms) System Iteration Rate — a four-fold increase over Spirent’s current GSS8000 product — zero inter-channel bias and a 0.3 mm RMS pseudorange accuracy. The GSS9000 also includes support for restricted and classified signals from the GPS and Galileo systems as well as advanced capabilities for ultra-high dynamics.
According to Spirent, the GSS9000 is being rapidly adopted worldwide by key GNSS system and solution developers and providers because of its flexibility, performance and capability. The GSS9000 builds on the capability and performance of previous solutions from Spirent.
The GSS9000 is highly flexible and can support the widest range of carriers, ranging codes and data streams for the GPS, GLONASS, Galileo and BeiDou as well as regional/augmentation systems. Its flexibility is key to supporting tailored and customizable solutions for specific and unique test needs. Multi-antenna/multi-vehicle simulation, for differential-GNSS and attitude determination, and interference/jamming and spoofing testing are also supported.
LTE brings a promise of improved location accuracy with new positioning technologies and their integration using hybrid techniques. Although established technologies such as A-GNSS (A-GPS and A-GLONASS) provides excellent performance in environments with a clear view of the sky, performance is often poor indoors, where detection of satellite signals is limited. In LTE, current standards support Observed Time Difference of Arrival (OTDOA), an advanced cellular positioning technology that can augment A-GNSS and provide a more accurate location fix for indoor scenarios.
With large-scale VoLTE rollouts imminent, leading operators are confronted with the need for extensive and complex testing of LTE positioning technologies to ensure VoLTE E911 works well from day one. Additionally, the FCC, whose current E911 regulations apply only to outdoor environments, has proposed stringent indoor requirements as a response to increased mobile usage for emergency calls and lack of accurate positioning information on calls that originate indoors.
“Roughly 70 percent of 911 calls are placed from wireless phones and a majority of these calls originate indoors, so there is a real urgency in providing better location accuracy for mobile users, wherever they are calling from,” said Nigel Wright, vice president at Spirent Communications. “Spirent is currently working with all the key industry players to evaluate OTDOA and its integration with other positioning technologies, and to enable operators to meet the location requirements for VoLTE E911 and the evolving FCC requirements.”
Spirent 8100 LTS has won widespread acceptance as the leading platform for location testing in the wireless industry, and with this latest capability is now able to support OTDOA Position Calculation Function (PCF). Minimum performance testing for OTDOA looks only at the raw measurements from the device, whereas use of OTDOA PCF enables full verification of a device’s position accuracy performance. Recognizing its importance, leading carriers have established their own OTDOA positioning performance requirements beyond bare minimum standards. Ensuring that devices fully meet these requirements as well as the evolving FCC regulations for E911 requires comprehensive testing.
I attended the China Satellite Navigation Conference in Nanjing in May, the fifth year of CSNC and my third time attending. Tremendous progress was evident this year in terms of BeiDou (BDS) deployment and China’s general openness and willingness to collaborate over those years. I have also seen a slowly growing international presence at the show and expect that to continue to increase as well. You may recall my column last year about Little Tigers. Well, they aren’t so little any more. As for the tycoons, you will have to read to the end.
The conference opened with the usual provider updates. Chenqi Ran, who runs the China Satellite Navigation Office, the lead government agency for BDS, started off. It’s always good to hear his update delivered in China, where the is a little more freedom to provide information beyond the standard pitch. China continues on pace to its plan for the third step of BDS with five geosynchronous-orbit, three inclined geosynchronous-orbit, and 27 mid-Earth orbit satellites for a worldwide system by 2020. They are meeting their stated goal of 10-meter accuracy regionally today, and as good as 5-meter near the Equator. Ran also provided interesting numbers for the fast-growing Chinese domestic market:
More than 2 million BDS chips sold in China in Q1
More than 300,000 vehicles equipped with BDS
20 domestic brands offering car navigation systems
First consumer tablet (Samsung Galaxy Note 3) with BDS.
First consumer smartphone (Huawei B199) with BDS
The updates from other providers (GPS, GLONASS, and Galileo) were relatively standard and did not contain much new information. I had hoped that maybe the Russian presentation would provide more information about the April outages, but nothing was forthcoming and I was not overly surprised.
The conference itself is very well organized and runs nine parallel technical tracks over two full days, with additional special-interest sessions. All of the presentations are in Chinese, however the conference provides headsets for simultaneous translation, and many presenters have dual slide sets in Chinese and English, so it is easy to attend anything that seems interesting.
I came as an invited speaker on the Institute of Navigation (ION) panel organized by Professor Jade Morton from Miami University, Ohio, and Professor Lu of the National Timing Service Center near Xian. The ION panel was well attended and included a short panel discussion at the end.
One of the most interesting outcomes was that both Broadcom and Trimble showed approximately 25 percent accuracy improvement by adding Beidou to their existing GPS/GLONASS solutions. It was interesting not just because they reached the same number, but because Broadcomm was talking in meters about urban-canyon performance and Trimble was talking in centimeters about precise positioning.
It became clear that everyone sees BDS as an important part of their roadmap at L1, regardless of how many frequencies they currently support. I must also note that both Professor Morton and Professor Lu were outstanding hosts and showed us some of the wonderful local sites.
Exhibit Hall
The biggest change from last year was in the exhibit hall. I would estimate the overall floor space grew by 50 percent, with 106 companies in specially designed booths (up from 56 last year) and another 44 in standard booths.
The content change was even more dramatic. Last year there were a lot of small booths with pretty basic displays, mostly of prototypes and slideshows. This year, there were many more extremely large booths that were very professionally created. They had evolved into displaying very polished-looking finished products with nicely edited videos. It was clear that this was all targeted at domestic buyers, as it was difficult to find anyone on the show floor who spoke English (except in the Spirent booth). These are no longer little tigers. These are now real companies, out hunting for new business.
Policy and Intellectual Property
My other favorite topic to listen to at this conference is on policy and intellectual property (IP). That is where I spent most of my time and was not disappointed. There was in fact an entire session dedicated to intellectual property, and several presentations on the global state of affairs of patents in GNSS.
Interestingly, most of the speakers were either lawyers or from government, but there were some corporate ones as well. Several speakers highlighted the recent disagreement and settlement of the patent dispute between the United States and the United Kingdom over complex modulation patents. There was a large element of underlying concern that although the U.S. had been able to settle the dispute, it might be very hard for China if either the U.S. or the UK came after them. They had several charts showing how far behind they were in GNSS patents, in an effort to encourage local companies to create more IP and patent it. They also showed they have made significant progress in recent years in domestic Chinese patents, though they still have a long way to go in international patents.
They were also very concerned about the largest holders of GNSS patents in China — Qualcomm and Broadcom — as a threat to domestic industry. They cited the GlobalLocate/Broadcom versus SiRF/CSR lawsuit as a cautionary tale. Several presenters showed the dominance of Broadcomm and Qualcomm in terms of domestic Chinese patent holdings and referred to them as the “Tycoons.” I envisioned Rich Uncle Moneybags, the guy from the Monopoly game wearing the top hat, walking around with patents instead of dollar bills hanging out of his hat.
Conclusion
The little tigers have definitely grown up. They are much bigger, have real teeth, and are definitely trying to stake out territory in the fast-growing domestic market. But the Tycoons still have the upper hand in the mass-market battle for consumer devices. For the moment, anyway.
The Tycoons are going to have to start spending some of their bounty in China if they want to maintain that market share against rapidly evolving domestic competition. I won’t be surprised if next year we see the Tycoons exhibiting at CSNC, and soon after that, the tigers looking to expand their hunting ground into nearby markets in Korea, India, and Japan.
Greg Turetzky is a principal engineer at Intel responsible for strategic business development in Intel’s Wireless Communication Group focusing on location. He has more than 25 years of experience in the GNSS industry at JHU-APL, Stanford Telecom, Trimble, SiRF, and CSR. He is a member of GPS World’s Editorial Advisory Board.
The statements, views, and opinions presented in this article are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author’s present and/or former employers or any other organization the author may be associated with.
Spirent Communications today introduced the GSS6300M range of multi-channel GPS and multi-GNSS simulators for receiver integrators, application developers, aftercare and production testing environments. This entry-level test system readily enables laboratory evaluation of GPS performance across different locations and routes, Spirent said. In addition to being easy-to-use even for non-GPS experts, the GSS6300M range features competitive pricing for engineering teams looking to integrate positioning functionality to new classes of consumer electronic devices.
The GSS6300M is a “one-box” solution with everything required to start testing immediately and can be controlled from a tablet or smartphone, or via remote commands across multiple interfaces. It enables a variety of fundamental test and compliance to industry standard. Users can create custom trajectories using a Google Maps interface to help evaluate receiver performance.
The GSS6300M offers the same preeminent signal quality as other Spirent test systems, which are used by governments and space agencies around the world. High fidelity test equipment ensures the highest user experiences, leading to improved customer satisfaction, reduced product returns and greater market success for integrators and application teams.
“Positioning is of key importance to a wide range of new applications and consumer devices. As navigation and GPS test experts, Spirent wants to help developers build high-performing positioning functionality into their systems quickly and easily,” said John Pottle, marketing director of Spirent Positioning Technology. “Spirent provides test equipment that our customers rely on to achieve accurate results they can trust. The GSS6300M continues this tradition and is priced to be widely accessible.”
The GSS6300M is designed to for the huge and growing range of applications and technologies that incorporate location features — from vehicles and mobile devices to wearable technology, security tracking and other new market segments. In addition to GPS, the GSS6300M fully supports GLONASS, BeiDou and Galileo, the Russian, Chinese and European navigation systems.
Spirent Communications, provider of testing solutions for positioning and navigations systems, has introduced the Spirent GSS9000 Multi-Frequency, Multi-GNSS RF Constellation Simulator. The GSS9000 offers a new benchmark in performance, capability and flexibility that includes the ability to simulate signals from all GNSS and regional navigation systems.
The GSS9000 offers new levels of performance, enabled by a four-fold increase in RF signal iteration rate (SIR) over Spirent’s current GSS8000 product. The GSS9000 SIR is 1000Hz (1ms), enabling higher dynamic simulations with even more accuracy and fidelity, Spirent said. It also includes support for restricted and classified signals from the GPS and Galileo systems as well as advanced capabilities for ultra-high dynamics. The GSS9000 can evaluate resilience of navigation systems to interference and spoofing attacks.
GSS9000 has the flexibility to reconfigure constellations, channels and frequencies, between test runs or test cases. In addition, the GSS9000 has been designed to be backward compatible, enabling the use of existing test cases and remote control/motion from existing Spirent simulators. Hardware changes can now be done in the field, supported by the new on-board calibrator module.
“The GSS9000 raises the performance bar and addresses the future challenges of improving accuracy and resilience for end users of GNSS technology,” said Martin Foulger, managing director of Spirent’s Positioning division. “The GSS9000 solution is a result of almost thirty years of unrivalled expertise, innovation and leadership.”
The GSS9000 is extensible and can support the widest range of carriers, ranging codes and data streams for the GPS, GLONASS, Galileo and BeiDou GNSS systems as well as regional/augmentation systems. Multi-antenna/multi-vehicle simulation, for differential-GNSS and attitude determination, and interference/jamming and spoofing testing are also supported.
Spirent Communications now offers SimSAFE, a software solution that simulates legitimate GNSS constellations along with spoofed or hoax signals to evaluate receiver resilience and help develop counter measures.
Hoax or spoofing attacks work by mimicking genuine GNSS signals, which mislead GNSS receivers. The military and critical infrastructure — such as wireless networks, banking, and utilities — are especially interested in being able to detect and reject spoofing attacks.
“GNSS signal vulnerability is becoming a significant issue,” said John Pottle, marketing director of Spirent’s Positioning Division. “The industry is beginning to talk more about vulnerability and how we actually think about categorizing the threat — what approaches are there to evaluate performance in the presence of interference signals? If you’re a developer, what approaches are there to clean up your performance? You’ll see us at Spirent being quite a bit more vocal about these areas in the coming months.”
SimSAFE was developed in conjunction with Qascom, a small organization of half a dozen GNSS signal security and authentication experts headed by Oscar Pozzobon, who served as the chief solutions architect for SimSAFE. Pozzobon contributed his knowledge of GNSS security and vulnerabilities, which were then integrated into the SimSAFE system.
SimSAFE provides a means of emulating a spoofing attack, and then monitoring a receiver under attack to evaluate mitigation strategies and countermeasures.
“SimSAFE really gets into details on how a receiver reacts in the presence of the hoax signals,” Pottle said. “By really understanding that, really getting into how is the receiver is acting and reacting, you can understand better how your receiver is likely to behave, and tune it up.”
The SimSAFE laboratory-based test solution is fully controllable, so that users can evaluate a receiver’s response to a wide range of spoofing attacks. As Pottle put it, when fed both authentic and spoofed signals, “What’s the receiver going to see? It’s going to see the authentic signals, it’s going to see a couple of spoofed signals. And you can play around with the spoofed signals — that’s the controllable bit. While this is happening, the detector module within SimSAFE monitors and reports the receiver’s response to the attacks. At its most simple, that’s the power of SimSAFE.”
SimSAFE is aimed not only at receiver developers, a core audience of Spirent’s, but at anyone trying to build a system that may be subject to intentional interference, such as in the military or critical infrastructure. “Those people are starting to ask questions about what should I be worried about? What kind of an attack might I be open to? How can I be sure, if I’ve got a choice of three or four receivers, that I’m going to choose one that meets my needs in terms of resilience to intentional interference?” Pottle said. “Our belief is that SimSAFE will allow people to evaluate different receivers and strategies for mitigating spoofing attacks, and therefore help them to build the right level of resilience in their systems.”
SimSAFE is available in two variants. SimSAFE Simulated uses the simulator for all signals, both satellite and spoofed, using one or more channels for the spoofed signal.
Instead of a simulator, SimSAFE Live pulls authentic signals from sky with an antenna, so the user has the full power of the simulator to generate a much broader range of spoofing attacks. “The clever bit is aligning the spoofed signal with the real signal, getting the timing and frequency synced up,” Pottle said.
Spirent is also working on other technologies to mitigate spoofing, including work with interference signals from ground-based transmitters, adaptive antenna lab-based tests, and integration with inertial sensors, such as in military jets.
