New research by Bjorn Bergman of the environmental non-profit SkyTruth has found ships in various parts of the world reporting locations thousands of miles away and circling at precisely 20 knots.
Bergman’s findings were first reported at the annual meeting of the Resilient Navigation and Timing Foundation on May 5.
Bergman previously observed and reported on circling phenomena with GPS-based reporting systems from vessels and fitness trackers in China ports. It has also been observed in Tehran, Iran. In all those cases, though, it was clear that the real location was fairly nearby the false and circling locations.
In the most recent observations, the actual locations of the ships were thousands of miles away. In most cases, literally halfway across the globe.
Image courtesy of Skytruth and RNTF.
Bergman said that he was able to verify the vessels’ approximate true location by examining the field of view of the satellite receiving the automatic identification system (AIS) position reports. The satellites are only able to see an area about 5,000 kilometers wide.
A satellite that could only see the Gulf of Guinea in West Africa, for example, received GPS-based location data from a ship’s AIS that showed the vessel offshore of Point Reyes in northern California. The vessels’ true locations were also confirmed by their position reporting before and after the “displacement events.”
Bergman was unsure if these errors are the result of the ships’ AIS systems or some fault or influence on GPS navigation receivers. It is clear that ongoing “circling” incidents in China are some form of GPS interference.
GPS-based fitness tracker reporting was affected the same way and at the same time as those of receivers on vessels. Bergman has been able to find no similar supporting data for these long-range displacement and circling events.
While Bergman was able to observe these events, he was at a loss to explain them. In previously observed cases it seemed clear a disruption device was nearby and affecting a large number of vessels. In these incidents, each vessel was the only one in its vicinity affected, and the vessels were separated by thousands of miles.
Image courtesy of Skytruth and RNTF.
Further hampering analysis, and making even speculation difficult, was the lack of commonality among the few cases observed.
The vessels were of much different types and operations. Pilot boats, work boats, tugs, cargo and passenger vessels were all involved.
The length of these disruptions also varied greatly. The shortest recorded was a reefer ship for less than half an hour. A crew boat was “displaced” for more than 16 days.
While most of the vessels reported circling positions off the coast of Northern California, two were displaced to Madrid, one to the vicinity of Hong Kong, and one to the Chinese city of Shanwei. One even began reporting it was circling a location offshore of northern California, and subsequently reported circling positions that drifted east almost a thousand miles inland to Utah.
A true mystery, the RNT Foundation is hoping to crowdsource ideas and share them with Bergman and other analysts. Anyone with insights or ideas about this mystery is encouraged to send them to [email protected].
A video of Bjorn Bergman’s presentation at the RNT Foundation’s annual meeting is available on the foundation’s website and below. He has also posted a short paper on these events on SkyTruth’s website.
Regulus Cyber, creator of what it calls “anti-virus” software to protect GPS navigation and timing across a wide range of applications, is collaborating with Harman, a connected-car company.
The software-based cybersecurity solution will be part of Harman Shield, the company’s risk-management offering for vehicle manufacturers and mobility companies.
“We are looking forward to joining forces with Harman, a Tier 1 supplier to the automotive industry, a trusted partner to more than 50 global vehicle manufacturers. Coming together with Harman is a great testament to the necessity of GPS protection measures in our industry,” said Yonatan Zur, CEO of Regulus Cyber.
“We’re seeing our OEM customers expand into the digital and mobility spaces, offering added-value services to consumers by leveraging connectivity and mobile applications,” said Asaf Atzmon, vice president and general manager, Automotive Cybersecurity at Harman. “Through Harman Shield, we offer full visibility, analytics and risk management capabilities into cyber threats, and Regulus Pyramid GNSS solution complements our offering with another layer of protection against GPS hacking. We’re excited about the possibilities of this new collaboration with Regulus.”
The Regulus Pyramid GNSS is a software solution that uses machine learning to detect spoofing and defend any GNSS receiver, device or chipset against it — ensuring the security and reliability that are essential to safe and accurate navigation. GPS spoofing attacks are becoming more common and are often difficult to detect and protect against.
Pyramid GNSS uses a combination of patented algorithms, developed over years of spoofing experiments to protect against attacks at the firmware, operating system, or application level. This deal is further proof of the market demand for resilient navigation and positioning at a time when GPS hacking is a growing concern.
In the second part of our receiver feature, top receiver manufacturers discuss what’s on the horizon for GNSS receivers: recent and upcoming innovations, combating spoofing and jamming, fusing GNSS with other sensors, and the impact of increasing accuracy both for professional surveyors and consumers.
In January, we featured responses from NovAtel, Trimble, Unicore, Topcon, Hemisphere GNSS, CNC Navigation and Septentrio to questions about their recent and upcoming innovations in the design and manufacturing of GNSS receivers. We continue in this issue with responses to the same questions from Javad GNSS, Swift Navigation, Eos Positioning Systems, Tersus GNSS, TeleOrbit, Allystar Technology and NTLab.
All GNSS receiver manufacturers agree that spoofing and intentional and unintentional jamming are serious challenges. Their approaches to dealing with these challenges differ, however, as they rely on different combinations of technologies on both their receivers (such as monitoring cycle slips and using analog-to-digital converters, correlators and notch filters) and their antennas (such as using array antennas), as well as the new Galileo authentication service.
Photo: Tersus GNSS
Many receiver manufacturers now routinely use optical, inertial and other sensors — which continue to drop in price and increase in performance — to supplement GNSS signals where they are degraded or denied, especially in the automotive market.
Carrier phase positioning and correction services are increasingly improving the accuracy of survey stations and reducing their price. Meanwhile, submeter accuracy is spreading beyond surveying to other industries. Performance in challenging conditions also continues to improve, thanks largely to the increase in the number of GNSS constellations, available satellites and frequencies. (For a review of recent developments in antennas, see our companion article here.)
On the consumer side, the introduction of multi-frequency GNSS receiver chips, the increased use of correction services, and, in a few countries, the deployment of thousands of additional base stations will continue to increase the location accuracy of cell phones and other consumer devices, enabling new applications. However, in these devices size and cost limitations make antenna performance particularly challenging. (See Part 1 here.)
Javad GNSS
Jamming and Spoofing. “We protect you against jammers and spoofers like no one else can,” said Javad Ashjaee, founder and CEO of Javad GNSS. “We use multiple techniques to detect spoofers, the most important being the use of digital signal processing to detect more than one peak. First, with 864 channels and about 130,000 Quick Acquisition Channels in our Triumph chip, we have resources to assign more than one channel to each satellite to find all signals that are transmitted with that GNSS PRN code. If we detect more than one reasonable and consistent correlation peak for any PRN code, we know that we are being spoofed and can then identify the spoofer signals and ignore the wrong peak.”
An example of two peaks. (Chart: Javad GNSS)
Ashjaee described additional techniques:
The J-Shield filter blocks out-of-band interference.
Sixteen 255th-order FIR anti-jam digital filters protect against static in-band interference, and 16 adaptive 80th-order digital filters protect against dynamic interference.
Javad products measure the level of interference as a percentage of in-band noise above normal.
The Triumph chip has a powerful spectrum analyzer. Each spectrum shows the power and the shape of the interfering signals and jammers. This is more powerful and more efficient than using a commercial spectrum analyzer to evaluate the environment.
The chip also keeps a record of Automatic Gain Control, which is another indicator of external signals. A change in AGC can indicate interference.
Deviation of SNR from the expected value is another important indicator of interference.
“Usually there are over 100 signals available at any given time, and we need only four good signals to compute position. It is extremely unlikely that we can be spoofed without our knowledge.” Ashjaee concluded. “We will immediately recognize and take corrective actions.”
Jamming and spoofing protection is available on all Javad GNSS receivers and OEM boards. Read more about Javad GNSS’s jamming and spoofing protection in the December 2019 issue.
Sensor Fusion. “To support users in environments where GNSS RTK solutions are difficult or impossible to obtain,” Ashjaee said, “Javad GNSS has invented the J-Mate, which is a remotely controlled robotic EDM device and digital camera. GNSS RTK and optical can be seamlessly integrated using the J-Mate as the seventh RTK engine. Just set up a Triumph-3 on top of a J-Mate and a Triumph LS on top of a zebra rod, making the former pair the RTK base station and the latter pair the RTK rover.” Read more about Javad GNSS’s RTK and Optical United solution in the November 2019 issue.
Swift Navigation
Jamming and Spoofing. “Receivers have become more robust to intentional jamming by mimicking the jammers’ behavior to cancel it,” said Alex Pun, staff product manager for Swift. “Nevertheless, advanced jamming and spoofing mitigation often imply array antennas. A real evolution lies in considering these threats only in terms of the availability of the GNSS sensor, now part of a complete multi-sensor positioning engine such as Starling.”
Sensor Fusion. IMUs, visual sensors and GNSS will aid each other in different types of environments and scenarios, explained Pun. “Sensors are becoming more affordable, and their performance increases with each new generation. Sensor fusion will be the glue that will bind them to provide a precise positioning solution.”
Surveying. The combined use of carrier-phase positioning and correction services, such as Swift’s Skylark, will greatly improve accuracy and reduce the cost of survey stations, because they make their accuracy less dependent on the intrinsic performance of the receiver and the antenna, Pun said. “A global service eliminates the need for an individual base station.”
Consumer Devices. “The introduction of dual-frequency GNSS receivers from chip manufacturers will help improve positioning in cell phones and other consumer devices,” Pun said. “These chips, coupled with a widely available correction service such as Skylark, will greatly improve their performance accuracy to sub-meter levels.”
Other Challenges. Performance stability of the antenna and its characterization will become the main challenge to exploiting the new GNSS ASICs (application-specific integrated circuits) and correction services at their highest level of performance, Pun said. “A positioning engine can exploit this information to accelerate the convergence to the high-accuracy solution, and then improve its availability.”
Eos Positioning Systems
A surveyor uses the Arrow Gold receiver to map assets in Terrebonne, Quebec, Canada. (Photo: Eos Positioning)
“The past three years have seen considerable innovations and trends in the GNSS industry,” said Jean-Yves Lauture, CTO of Eos Positioning. “Receivers are becoming increasingly affordable and the adoption of higher-accuracy (submeter, centimeter) positioning by other industries, outside of conventional surveying, is growing. Considering the now four usable GNSS constellations and the aggressive launches of Galileo and BeiDou satellites, the number of available satellites and the list of frequencies they use has considerably increased.
“Although accuracy itself is not really improving, performance is — particularly in tougher conditions. It’s not uncommon for customers to use 30 to 35 satellites out of more than 40 in view using an Arrow Series GNSS receiver. The numbers are even higher in the Pacific regions, thanks to geostationary BeiDou satellites. This is, by far, more than double the number of satellites available with just GPS and GLONASS.”
Consumer Devices. “It will be challenging for smartphones and consumer devices to achieve survey-grade accuracy in the next few years. They face certain limitations. For instance, there is a cost and physical size associated with using a high-end GNSS antenna with a minimum of ground plane to achieve these levels of accuracy.
The Arrow Gold RTK GNSS receiver. (Photo: Eos Positioning)
“Also, it is unlikely that the manufacturers of consumer devices will invest in developing the advanced algorithms needed for a high level of constant accuracy and performance. In order to fit into a smartphone, consumer-grade GNSS chipset manufacturers must drop the use of many available signals and frequencies to keep both size and power consumption to a minimum.”
Allystar Technology
Photo: Allystar
Jamming and Spoofing. The GNSS chip in Allystar’s TAU1301 module supports eight adaptive notch filters to reduce the effects of GNSS jamming, explained Shi-Xian Yang, senior principal engineer in the company’s Baseband Algorithm Department. “It significantly improves the performance of GNSS tracking measurements, even in the presence of strong and fast-varying jamming signals.”
Sensor Fusion. The TAU1310 integrates a six-axis micro-electromechanical system (MEMS) gyro, which makes its affordable for the mass market, Yang said.
The Lenovo Z6. (Photo: Lenovo)
Consumer Devices. In its Z6 smartphone, Lenovo has taken advantage of the great improvement in multipath mitigation provided by the L5 signal’s higher chip rate and the output of high quality raw data via the TAU1302’s HD8040 GNSS chipset to improve the accuracy experience in the consumer market, Yang explained. Additionally, he pointed out, cell phones and other consumer devices now enable developers to access the raw sensor data from such sensors as accelerometers and barometers to input into their fusion algorithms.
Other Challenges. In the future, the TAU1310 could also support the L6 signal for PPP-RTK application.
NTLab
NTLab anti-jamming GNSS receiver. (Photo: NTLab)
Jamming and Spoofing. The problem of jamming and spoofing worries customers, according to Konstantin Yuriev, lead GNSS engineer at NTLab. The combination of anti-jam and anti-spoofing is in greater demand because the anti-jam feature alone is becoming insufficient. Yuriev cited the European Union’s new requirements for the European Railway Traffic Management System (ERTMS), which makes anti-spoofing mandatory.
The key issue today is “the solution to the problem of reducing the size and cost of anti-jam receivers, so that they become available to consumers on the civilian market. The key technology for this will be increasing the degree of integration of the component base, first creating a chipset for solving anti-jamming and anti-spoofing tasks, and then moving on to a single-chip solution. We have created a chipset and are ready to start work on the further integration into a single chip.”
Sensor Fusion. The traditional task of integrating data from a GPS antenna and a MEMS sensor has been solved, Yuriev said, with many such solutions on the market. One task is to track the antenna’s tilt. “The antenna, GNSS receiver, and MEMS sensors should be located very closely to each other — if possible, on a single small board,” Yuriev said. “Here, again, the solution is to increase the degree of integration, up to placing the baseband processor on the same chip with the digital CMOS circuitry of the MEMS sensor.” Another application of MEMS is serving as the core of an inertial navigation system (INS), providing an auxiliary subsystem for detecting the presence of spoofing. “This is more of an algorithmic task,” Yuriev said, “because traditional coupling using recursive filters is not enough. It is necessary to ensure the independence of the INS subsystem from the GNSS solution, or their intelligent mutual cross-control.”
Surveying. A major part of the cost of a survey-grade device, Yuriev pointed out, is for additional services, know-how, and other added values. There is market demand for a business model in which device price could go down while maintaining the main values for the customer. “This could be achieved if end-users tightly cooperate with hardware manufacturers, skipping third-party integrators. Alternatively, multiple third parties could compete, keeping the cost of the software low. One of the technical solutions for this is to provide software application programming interfaces (APIs) that will allow multiple third parties to offer application-level software for the same hardware. We call it the ‘open platform’ approach. One of our products implements this strategy.”
Other Challenges. Despite some skeptics, Yuriev argued, new GNSS systems have been successful. “A good example is IRNSS (NavIC), with India’s population of 1.3 billion forming a potential market. Moreover, according to our studies, good coverage is provided not only in India’s territory. We are working on creating an economically affordable solution with support for the NavIC S-band. A new chip-scale packaged RFIC (radio-frequency integrated circuit) should minimize the size, consumption, and price of NavIC-oriented modules, while maintaining all the advantages of the S-band signal in areas close to the equator. This is our solution to the problem.”
TeleOrbit
GOOSE platform. (Photo: Fraunhofer IIS)
GNSS Receiver Development Platform. The company’s GOOSE platform is a field-programmable gate array (FPGA)-based GNSS receiver, developed by Fraunhofer IIS, making it flexible in processing new or proprietary signals, according to Katrin Dietmayer, software development engineer at Fraunhofer IIS. “It comprises 60 hardware channels in real time and provides an open software interface for customer applications,” she explained.
Jamming and Spoofing. “It grants deep access to the hardware interface, down to, for example, the correlation values. Additionally, anti-jamming functions (such as notch-filter or pulse-blanker) can be added and anti-spoofing algorithms are already implemented. Thanks to the open architecture, our customers can also implement these or other algorithms.”
Sensor Fusion. Vector tracking in real time is already implemented on code base. Deep coupling with INS/IMU multi-sensor fusion — for example, with an odometer, ultra wideband or 5G — are possible and under development, Dietmayer said.
Surveying.TeleOrbit provides GNSS-RTK using RTKLIB. “The implemented Open GNSS Receiver Protocol (OGRP) is fully documented with a parsing tool using CONVBIN from RTKLIB as RINEX converter,” Dietmayer explained.
Consumer Devices. GOOSE is also used as the reference receiver in the ESA project Receiver Technologies for Future Mass Market (RT4FMM) devices. The project validates state-of-the-art dual-frequency mass-market receivers based on Broadcom BCM47755 and u-blox F9 and compares their performance against GOOSE E5AltBOC processing.
Other Challenges. GOOSE already processes the new Galileo OS-NMA (Open Service – Navigation Messages Authentication), while implementing the new Galileo High Accuracy Service (HAS) is on the roadmap. “The combination of these new features will result in a robust and reliable high-accuracy position,” Dietmayer said. “For system testing, the intermediate frequency signals can be recorded, processed and replayed with the platform.”
Tersus GNSS
The Oscar. (Photo: Tersus GNSS)
Jamming and Spoofing. Xiaohua Wen, founder and CEO, said his company has done much research and testing on jamming and spoofing. “We already implemented a high dynamic analog-to-digital converter to overcome jamming. To mitigate spoofing, we think that internet of things (IoT) devices can leverage cloud services. Alternatively, the new Galileo authentication service may serve the same function.”
Sensor Fusion.Tersus GNSS makes an INS product, and its Oscar receiver contains an inertial measurement unit (IMU). “The sensor fusion hub is a very hot topic in the automobile industry,” Wen said. “We are quickly adapting our Oscar and INS product line for the creation of high definition maps and for indoor navigation. We think it’s still the major pain point for a crowded country such as China.”
Surveying. As has been the case in many other industries, Wen said, the widespread adoption of GNSS technology and the increase in the number of players in the field has led to a drop in prices. “Tersus’ David and Oscar models are low cost but still perform well compared with Tier 1 players for professional survey machines using our own OEM GNSS board,” he said.
Consumer Devices. The fact that a few vendors are providing dual-frequency chipsets in smartphones opens the door for consumer-grade sub-decimeter applications, Wen said. “But we think the antenna could be a big challenge for the small devices.”
Other Challenges. “Mobile carriers are building thousands of base stations,” Wen said. “For example, Softbank in Japan completed 3,300 stations this year. China Mobile just issued a bid for a phase one project for 4,400 stations. We think mobile phone innovations for the new high-accuracy application may have some impacts in the coming years. We have been actively looking at some new GIS (geographic information systems) applications based on our in-house Nuwa platform.”
Top receiver manufacturers discuss what’s on the horizon for GNSS receivers. The companies reveal recent and upcoming innovations, how to combat spoofing and jamming, fusing GNSS with other sensors, and the impact of increasing accuracy both for professional surveyors and consumers.
With regard to jamming and spoofing, the preferred approach is a combination of monitoring, detection and filtering. However, shielding, the use of IMUs and other third-party sensors, and advances in processing algorithms also help mitigate interference. In a few years, hopefully, encrypted or “watermarked” signals will substantially reduce this problem.
IMUs and other sensors are now routinely integrated with GNSS receivers, with their outputs fused. This trend is largely propelled on the demand side by the needs of the emerging market for autonomous vehicles and on the supply side by smaller, cheaper and more accurate IMUs and lidar scanners. Meanwhile, developments in algorithms have improved the modeling of errors to correct for the inherent tendency of IMUs to drift. Additionally, digital cameras, lidar and other industry-specific sensors are increasingly common, especially for collision avoidance in human-machine interactions.
In surveying, the use of all constellations and frequencies, as they become available, is an industry trend. Costs will continue to drop as the growth in the adoption of GNSS solutions enables manufacturers to take greater advantage of economies of scale. Precise point positioning (PPP), which benefits greatly from the growth in GNSS constellations, is now giving real-time kinematic (RTK) positioning a run for its money. Available applications enable Android mobile devices to achieve centimeter accuracy, while innovations continue in core positioning algorithms.
In the world of mobile consumer devices, dual-frequency, multi-constellation GNSS chipsets are increasingly prevalent. As increased accuracy fuels expectations for even higher accuracy, precision positioning may become the norm in the consumer space, and new applications for these devices may emerge. Already, crowdsourcing the monitoring of both GNSS signals and interference helps improve accuracy for everyone, in a positive feedback loop.
Other notable trends include the introduction and expansion of 5G data networks, the increased use of satellite-based correction services, and continued efforts to develop precise positioning for indoor areas. (See part 2 of this feature here.)
Topcon
Jamming and Spoofing. “We continue to develop and deploy patented technology to detect spoofing,” said Alok Srivastava, director, product management. “We already have cutting edge GNSS antenna technology to provide stellar support for interference rejection and filtering.” All Topcon end products have this advanced antenna and filtering technology.
Sensor Fusion. “Topcon has been using inertial systems for decades for a variety of positioning applications — such as machine control, mobile mapping, and agriculture,” said Srivastava. “In recent years, advancements in IMU technology have progressed to where the size and cost of these sensors are at levels to be utilized at a larger scale. For example, the recently released Topcon HiPer VR takes advantage of inertial technology to improve productivity in real time with our Topcon Integrated Leveling Technology (TILT), which compensates for mis-leveled field measurements out of plumb by as much as 15 degrees.”
Surveying. Topcon continues to invest in its core positioning algorithms to innovate such features as quartz lock loop, advanced multi-engine platform, and VHD heading technology into its positioning engines, Srivastava said. “We also produce solutions such as our Millimeter GPS and Hybrid Positioning innovations, which are designed around improving accuracy, higher reliability, and greater flexibility by converging positioning technologies.”
Consumer Devices. “GNSS in consumer devices and other commercial systems is used to aid other positioning sensors,” Srivastava said. “So, it may not be in the best of interest to offer that level of accuracy from GNSS alone.”
Other Challenges. Precise indoor positioning is a requirement of the vertical construction industry. “Topcon’s combined optical instrument takes a unique approach to solve that problem by integrating a compact laser scanner with a fully featured robotic total station,” Srivastava said.
Photo: CHC Navigation
CHC Navigation
Jamming and Spoofing.CHCNav is currently taking a twofold approach to GNSS interference, said François Martin, vice general manager, International Division. “As a GNSS system integrator, we focus our design around strong electromagnetic shielding and sealed isolation chambers.” Additionally, he pointed out, the advanced filtering of GNSS signals and an antenna patch produce optimal interference mitigation.
Sensor Fusion. Integrating interference-free, high-dynamic IMUs instead of MEMS has brought the full benefits of tilt compensation to users, Martin said. The latest development in algorithms dramatically obviated the need for the annoying process of initializing GNSS IMU receivers and boosted the availability of GNSS RTK in demanding environments.
Surveying. The fast adoption of GNSS solutions by large user segments has reduced costs by enabling a sizable manufacturing economy of scale, Martin pointed out. “Tighter combination of embedded technologies such as GNSS and connectivity modules are sustaining that cost reduction process.”
Consumer Devices. “The emergence of dual frequency multi-constellation GNSS chipsets supports the development of untapped user segments, but the position accuracy repeatability remains an issue,” Martin said. “The integration of GNSS chipset and high-performance helical antennas, as precision add-on modules, onto rugged Android cell phone and tablets is creating a prosumer-grade centimeter to decimeter accuracy answering to a wide range of mobile workforce applications.”
Other Challenges. A growing number of positioning and navigation applications require the fusion of technologies to increase productivity, Martin said. “The integration of advanced tightly integrated positioning algorithms, scanners, IMUs, HDR cameras, IoT and cloud-based connected solutions are a clear trend.” However, their adoption by a large user base remains limited by their current price point.
Photo: Septentrio
Septentrio
Jamming and Spoofing. “Recent developments in receiver-antenna combinations maximize the benefits of anti-jamming techniques,” said Gustavo Lopez, market access manager. Third party sensors, such as IMUs, also help mitigate interference, he pointed out. “Septentrio’s advanced receiver technology such as AIM+, a standard feature on all the company’s products, bring not only real time monitoring but also jamming/spoofing mitigation. Galileo and GPS have clear roadmaps bringing signal authentication in order to avoid spoofing.”
Sensor Fusion. Smaller IMUs with higher grade performance now on the market are enabling new use cases in autonomous applications, said Lopez. Other important elements are a new generation of compact high-performance sensors and the growing importance of multi-sensor technology “to provide even higher levels of positioning integrity.” He cited Septentrio’s AsteRx-i family of products as an example of GNSS/INS integrated solutions.
Surveying. As an example of Septentrio’s survey-specific products, which “continuously benefit from advanced developments being rolled out in our platform,” Lopez cited the Altus NR3.
Consumer Devices. The increasing positioning accuracy of cell phones, Lopez pointed out, “has spurred innovations such as PPP and the use of mobile phone measurements,” as well as “other purposes, such as interference detection and crowdsourcing.”
Other Challenges. “Sensor fusion is a key element in positioning and orientation,” Lopez said. “Easy integration is a key element in this trend. Also, integrity in error reporting and positioning will be required as well as reliable raw measurements which can be integrated with other sensors. This drives the requirement for receivers capable of running customer proprietary software. Another important element will also be the possibility of running positioning algorithms on a third-party processor.”
Photo: Hemisphere GNSS
Hemisphere GNSS
Jamming and Spoofing. “Hemisphere’s new Lyra II ASIC platform used in our Phantom and Vega series positioning and heading boards,” said Miles Ware, director of marketing, “introduces new technology and filtering methods to identify and mitigate known and unknown interference sources that typically have an adverse effect on GNSS performance.”
Sensor Fusion. “Advancements in IMU integration and sensor fusion,” Ware said, “will continue to be a key focus for Hemisphere to support the growth and adoption of the expanding autonomous vehicle and application marketplace. The positioning and heading technology offered in our Vega 28 will be a core component for autonomous marine, machine control, and agriculture solutions for new and emerging markets.”
Surveying. “Access to modern and future signals like BeiDou Phase III, ALTBOC and BS-ACEBOC significantly enhance GNSS accuracy, especially in challenging environments where satellite visibility is compromised by the topography and or the structures present,” Ware pointed out. “Survey solutions that can not only track but also use all the available GNSS measurements in their RTK solution will have a substantial advantage in the market.”
Consumer Devices. “As mobile phones and consumer devices continue to adopt hardware designs that can access the latest GNSS signals,” Ware said, “the opportunities for solutions where high precision measurement engines can be hosted within mobile devices opens up a new realm of solutions that can leverage the high accuracy positioning performance found in Hemisphere technology and products. We see this as a very exciting and emerging area.”
Other Challenges. Ware pointed to “leveraging GNSS technology to further support environmentally friendly transportation solutions and sustainable agriculture,” for which GNSS continues to be an integral component.
Photo: Unicore
Unicore Communications
Sensor Fusion. “We are implementing GNSS with different level IMUs, including low-cost and high-end, targeting automotive, intelligent driving, and robot application scenarios,” said Gao Jingbo, marketing director. “The algorithm can also integrate with the already-existing sensors on the platform, such as IMUs, cameras and odometers. The solution can be done on the GNSS side, with high information synchronization accuracy, or processed on the platform.”
Surveying. Products with Unicore boards inside can provide centimeter- to millimeter-level positioning accuracy, said Jingbo. “Unicore’s high-precision boards and modules can track all frequencies of all satellite systems. The UGypsophila RTK technology can make the most of the observation data of all frequencies in all systems even without the observations of the base station in the RTK solution, thus greatly improving the usability, reliability and accuracy of RTK.” The company is now also working to reduce the dimensions and cost of its products, Jingbo pointed out. “With Unicore’s single GNSS SoC on board, the UB4B0M and UM4B0 modules are making affordable high-end high precision surveying possible.”
Consumer Devices. Algorithms and hardware are ready now to implement PPP+RTK in cell phones, Jingbo said, and this increase in positioning accuracy will enable many more applications. “We have rich experience in high precision GNSS, but the antenna might be a challenge. Our new generation 22 nm GNSS SoC features low power consumption and support of sensor fusion. Additionally, true point technology by Rx-Networks (also a BDStar company) can provide sub-meter data service, which also enables users to access centimeter-level accuracy location data through their mobile phones and wearable technologies, without increasing the demand for processing power.”
Photo: Trimble
Trimble
Jamming and Spoofing. “Trimble’s latest GNSS receivers leverage our seventh-generation Maxwell technology, which implements hardware- and software-based techniques to detect and mitigate spoofing,” said Stuart Riley, vice president, GNSS Technology. “In addition, Trimble continues to improve the robustness of our GNSS receivers with advances in processing algorithms and hardware enhancements such as the integration of inertial technology.”
Sensor Fusion. “For many years, IMUs have been widely used in Trimble agriculture and Applanix products,” Riley said. “Over the past few years, we’ve created a new line of lower-cost inertially integrated board-level GNSS receivers. We have also integrated inertial components into survey and construction products, including tilt compensation in the Trimble R10, R12 and SPS986 receivers. Trimble also combines its GNSS solutions with optical, laser, lidar and other sensors.”
Surveying. Trimble’s GNSS products, Riley pointed out, range from GIS handhelds to high-performance mobile mapping systems.
Consumer Devices. “The Trimble Catalyst system uses Android-based smartphones or tablets to run an application that includes a software-defined GNSS receiver,” Riley said. “The recently introduced SiteVision system builds on this ecosystem and integrates Google’s ARCore platform with precision GNSS to provide an augmented reality solution for a variety of professional applications.”
Other Challenges. To address signal masking and multipath, Trimble has “continued to improve performance in difficult environments with products such as the Trimble R12 receiver, which provides sophisticated multipath mitigation and an advanced precision processing engine.” Riley said, “Trimble’s RTX Correction Services, delivered via satellite, enable users to achieve RTK speed and accuracy nearly anywhere on the planet without the need for local reference stations.”
Photo: NovAtel
NovAtel
Jamming and Spoofing. “The RF environment is at best crowded and at worst hostile,” said Sandy Kennedy, vice president of innovation, Hexagon’s Positioning Intelligence division. “The NovAtel OEM7 generation of receivers was launched in 2016, with interference detection and mitigation as key features on every variant. Protecting authenticity, availability, and precision for multifrequency measurements is the challenge going forward — in all segments of the system: constellation management and SIS, antenna, receiver design and processing in FW/SW.”
Sensor Fusion. In the last three years, Kennedy pointed out, IMU manufacturers have made significant improvements in the performance offered in smaller, cheaper IMUs. “At the same time, new methods to improve error modelling (to control positioning errors) have been added to the NovAtel SPAN product line, especially in SPAN Land profile. Extended GNSS outages are easily handled now.”
Surveying. “PPP has become a strong competitor to RTK, as convergence times have decreased, and this will continue in service offerings like Terrastar-X from NovAtel,” Kennedy said.
Consumer Devices. The devices, Kennedy said, offer “the tantalizing promise of quality measurements from a common utility device with huge computing horsepower and data connectivity built in! It’s fun to watch, and we shall see if accuracy is truly addictive enough to fuel development for general use of precision positioning.”
Other Challenges. “In the past 20 years, users have moved from awe and wonder that centimeter-level positioning is possible — to utter contempt when it is not,” Kennedy said. “This will continue, with an added requirement of integrity and functional safety. Continuously available positioning within a usable protection level is a requirement for autonomous vehicles.”
GPS signals are by far the single most widely used and most accurate source of navigation, positioning and timing (PNT), and this capability is deeply integrated into every aspect of our society. In particular, the timing service provided by GPS, while virtually unknown to the general public, is essential for a variety of digital operations — from performing financial transactions to operating cell phone networks to running the internet.
Of course, GPS — originally developed to guide nuclear submarines — is now vital to most military missions, and the system’s vulnerabilities are a source of great concern.
GPS has been remarkably reliable over the past quarter century. Solar flares are rare, multipath can be largely mitigated, and obstructed line-of-sight to the satellites is an acute problem only in certain environments, such as urban canyons.
The most serious intentional threats to GPS are spoofing and jamming. Jamming is more widespread — it is more easily accomplished intentionally and it also occurs unintentionally. In the defense sphere, intentional jamming is a regular occurrence. It is expected as a routine aspect of electronic warfare operations to disrupt and deceive, typically just before the shooting begins. Unintentional jamming includes recently re-emerging concern about potential interference by ultra-wideband devices.
Experts at NovAtel, Collins Aerospace, L3Harris Technologies and Honeywell address the challenges posed by jamming and the relative effectiveness of various anti-jamming approaches.
NovAtel
Tackling Jamming on Multiple Levels
Disruption by jamming of GPS’s PNT data “is occurring with a growing regularity,” said Dean Kemp, Defense Segment manager at NovAtel, part of Hexagon’s Positioning Intelligence division. The problem will only increase, given our reliance on GNSS and increasing demand for precision. In the military sphere, electronic warfare in Syria, as well as jamming in Ukraine, Korea, and Finland, “have shown that modern, high-power equipment is routinely being used to disrupt the military.”
In the civilian sphere, interference is a growing issue because of cheap and effective jammers available via the internet. People use these so-called personal privacy devices to defeat vehicle tracking devices for purposes ranging from avoiding supervision all the way to hijacking vehicles.
GNSS signals are vulnerable because the received power is so small that receivers can be disabled with an incident power in the picowatt (10-12 W) range. “Jammers come in many different forms,” Kemp said, “from low-power civil devices to complex and powerful military-grade electronic warfare systems that can disable civilian receivers from a few hundred meters to hundreds of kilometers.”
Situational Awareness. Users can fail to recognize that their GPS is being jammed, Kemp said. Beyond defending against possible jamming scenarios, it is also necessary to “identify, find, and characterize the source of interference and to provide this information to the user so that it can be used appropriately.” In the defense field, this is known as situational awareness.
Emerging jamming threats, Kemp explained, can be understood within the context of cyber and information warfare using the Cyber Electromagnetic Activities (CEMA) layered approach. It recognizes a cognitive layer — a human decision based on PNT data; a virtual layer, in which PNT data are used to inform or support networked systems; and a physical layer, the hardware used to provide and protect PNT data.
Therefore, effective anti-jamming requires that:
users understand the system’s vulnerabilities and identify when they are being jammed, so that they can resort to traditional means for positioning and navigation (but not timing)
PNT data be protected and verified before being trusted
on the physical level, there be a multi-layered and heterogeneous approach that provides assured PNT information in the presence of jamming and spoofing without quantifiable loss of accuracy.
By combining these considerations at each layer, “they form a unified view on capability,” Kemp said.
Spoofing with Pokémon. Jamming threats are evolving, employed by both civilian and state actors. Worse, these threats are augmented by spoofing. While spoofing is harder to achieve than jamming, it is potentially more concerning. “Spoofing the receiver by rebroadcasting the GNSS signals or by generating them from a simulator has become a regular occurrence,” Kemp said.
Spoofing came to public attention in 2016 when enterprising programmers designed location-deception apps to hack the Pokémon Go mobile game. Instances have since been reported worldwide. Because early spoofing demonstrations were conducted against simple GPS L1 C/A-code receivers, it was initially hoped that spoofing could be defeated by using dual- or multi-frequency receivers.
However, it has been demonstrated that multi-frequency receivers using commercially available components can also be spoofed, “at least when the receiver is using multiple frequencies of GPS,” Kemp noted. “Adding further GNSS signals will help, but the best defensive measure is to employ, if authorized, an encrypted military signal.”
Coverage Improvement Factor. Typically, the effectiveness of an anti-jam system is assessed on the basis of the jamming to signal ratio (J/S) figure in decibels, which depends on variables such as the receiver’s front-end RF bandwidth, the signal type being tracked (C/A versus P(Y) code), the signal tracking threshold of the receiver, the receiver platform dynamics, the choice of receiver oscillator, the interference type and antenna characteristics.
Difference in how manufacturers calculate J/S led to the invention of the coverage improvement factor (CIF), adopted by the GPS Joint Project Office. “CIF gives a single number that describes the effectiveness of an anti-jam system for a particular jammer scenario, given that space vehicle positions vary by elevation and azimuth,” Kemp said.
However, the use of CIF to assess the anti-jam performance is a highly technical process and the results are usually classified. He discussed current approaches to anti-jamming.
Multi-element, controlled reception pattern antennas (CRPA), which pass the good signal to the receiver while nulling out the interference, are the first line of defense. “The system can dynamically change the gain pattern of the antenna so that as the platform and jammers move, the gain pattern adapts so that nulling continues effectively.”
The use of multiple constellations and frequencies can be an effective tactic to mitigate interference, “but relies on the jammer not covering the bands of interest.”
“Obtaining actionable data on interference is almost as important as mitigation,” because it enables users to modify plans. However, “interference effects can be difficult to diagnose and complicated to track down.”
Monitoring automatic gain control can indicate jamming.
“Coupling a GNSS receiver with a robust inertial measurement unit (IMU) will provide a higher level of protection for GNSS signals due to the IMU providing reliable position, velocity and attitude even through short periods when satellite signals are blocked or unavailable.” However, IMUs are liable to drift, resulting in degraded performance.
There are many approaches to designing anti-jam systems. They must be balanced against user requirements, which vary significantly. “A layered approach is the best form of defense against jamming and spoofing,” Kemp said, starting with protecting the incoming GPS signal. “One of the highest levels of protection is from an anti-jam antenna system paired with a GNSS receiver that is tightly coupled with an IMU.”
Finally, given that jamming attacks are now to be expected on the battlefield, it is critical to train users on the best response.
Collins Aerospace
Artist’s concept: Collins Aerospace
A Potent Triumvirate of Tools
While sources of deliberate jamming are on the rise, the vast adoption of GPS means that “even the non-deliberate sources of jamming will have an asymmetric impact on end users,” said Sai Kalyanaraman, Ph.D. and Technical Fellow at Collins Aerospace. Challenges posed by jamming depend on the receiver, mission and performance needs, while the source of unintentional jamming could be “something as simple as a TV antenna that is transmitting harmonics into the GNSS band.”
Kalyanaraman outlined viable approaches to interference mitigation and anti-jamming:
Integration with inertial navigation systems (INS) can provide the platform’s attitude, which is required for beam forming. This, in turn, is required for some of the CRPA GNSS Anti-jam signal processing modes. It can also alert the user of jamming when the INS position diverges dramatically from that provided by the GPS receiver.
Use of multiple frequencies is a form of robust design against interference.
For authorized users, M-code will provide additional limited capabilities against jammers.
Integration of GNSS with other PNT sensors to help address GNSS-denied environments.
GNSS signals have the advantage that the true signal is well under the noise floor; therefore, “as long as you can characterize the noise floor adequately from the receiver design/installation perspective, anything that shows up above the noise floor typically does not belong in that slice of the spectrum,” Kalyanaraman said. Combining a CRPA, a platform orientation sensor (like an INS), and a GPS/GNSS receiver, “you have a fairly potent triumvirate of tools that you can use to help mitigate the impacts of jamming and potentially spoofing.”
Collins produces multiple variants of its digital integrated GPS anti-jam receivers (DIGAR). “Depending on which variety you choose, you can essentially have a receive apparatus that can perform basic nulling all the way up to beam-forming and direction finding and help provide resiliency against high jamming signal levels and other threats that emulate a GNSS-like signal in space,” Kalyanaraman said.
L3Harris
L3Harris develops gun-hardened anti-jam solutions for the M1156 Precision Guidance Kit Modernization program. The kit turns 155-mm artillery shells into smart weapons. Here, soldiers test the kit for accuracy. (Credit: U.S. Army/Spc. Robert Porter)
Field Tests Verify PNT Reliability
Dealing with deliberate and unintentional interference with GPS requires agreeing on the level of enhancements required, reducing the time and cost needed to integrate them into systems of systems, and “centralizing PNT generation and distribution functions on a platform to reduce user equipment redundancies and increase the leverage of future PNT enhancements,” said Dave Duggan, president of the Precision Engagement Sector at L3Harris Technologies.
The increase in interference “creates a cascading negative effect to PNT client mission systems,” Duggan said, including the systems of systems for sensing, maneuver and fires [military-speak for the use of weapon systems].” The capability of anti-jam countermeasures “scales across a range of performance, size, weight, power and cost points and can be tailored to a given threat space, improving the performance of even legacy user equipment.”
Spoofing, which inhibits receivers from forming a solution or, worse, tricks them into passing misleading PNT solutions to other systems, is a bigger challenge than jamming because it can result in aborted missions and loss of life and usually requires new receivers, Duggan said.
Duggan defines a reliable anti-jam/anti-spoof capability as one that “provides a PNT solution with a high level of confidence in its accuracy, authenticity and integrity for their applications and anticipated threat environments — all at a reasonable cost/performance point.” Confidence in the solution requires “extensive analysis, threat modeling, simulation and testing of the anti-jam/anti-spoof capability.” For this reason, “L3Harris has worked extensively in developing simulation and testing environments of the highest fidelity and continues to participate in numerous live field test events to establish that foundation.”
L3Harris develops and produces digital anti-jam antenna electronics for U.S. and allied end use.
Honeywell
Honewell’s HGuide micro-electro-mechanical system (MEMS) inertial measurement units (IMUs) and INS are designed to be integrated with GNSS receivers. (Photo: Honeywell)
Integrating GNSS with Inertial
Heightened awareness of intentional and inadvertent jamming threats has less to do with new types of threats and more to do with the increased importance of precise PNT coupled with more frequent instances of jamming, according to Chris Lund, senior director, HGuide Navigation and Sensors at Honeywell Aerospace.
“As applications become more reliant on highly accurate and reliable position and timing information provided by navigation systems, the consequences associated with the data not being available or not being correct quickly escalate,” Lund said.
The best way to measure the impact of a jamming threat and the capabilities of countermeasures is “to determine in actual real-world use cases whether the desired application outcome can still successfully be achieved,” Lund said.
The most promising approach to anti-jamming is integration of GNSS receivers with inertial navigation systems (INS) and other PNT systems. “Given the complementary aspects of many of the available approaches in the anti-jamming toolkit, it’s often best to leverage however many tools are available and needed to allow the application to achieve its desired outcome,” Lund said.
The billions of interconnected devices and sensors embedded in other devices, vehicles and even humans that collectively constitute the much-heralded internet of things (IoT) collect and share data used in myriad applications. This requires them to know their location, which is a challenge in GPS-denied environments, such as most indoor locations, tunnels and urban canyons.
A new approach helps networks of smart devices cooperate to find and communicate their positions in such environments. This “localization of things” could be helpful in applications ranging from autonomous vehicles to asset tracking, from supply-chain monitoring to smart cities and real-time mapping.
Traditional network localization methods estimate a single value for each geospatial variable, such as the distance between two nodes. Therefore, accuracy drops sharply in environments where multipath, a limited view of the sky, and other problems severely degrade GNSS and wireless signals. A paper by researchers at four institutions outlines a system to capture location information even in these challenging environments by fusing positional data of various kinds as well as digital maps.
The new method fuses data from various sensing measurements — such as radio, optical and inertial signals — and analyzes features of each signal — including its power, angle of arrival, and time of flight. It uses machine-learning techniques to weigh this “soft information” — the researchers call it that because their method does not favor any single “hard” number — to create a probability distribution of distances, angles and other metrics.
It also exploits contextual information from digital maps, dynamic models and node profiles to verify what is possible. For example, two nodes could not be 20 meters apart if they are both in an area with a maximum dimension of 10 meters.
To reduce the complexity and size of the data that it must collect to function, the new method identifies the most and least useful aspects of the received waveforms for the purpose at hand on the basis of a “principal component analysis.”
In simulations of challenging scenarios, full of reflections and echoes, the new system’s performance significantly surpassed that of traditional ones and consistently approached the theoretical limit for localization accuracy, while the accuracy of traditional systems dropped dramatically.
Evolution in civil aviation foresees a greater role for GNSS in onboard navigation systems as opposed to traditional terrestrial navigation aids. This will require improvements in managing the threat posed by RF interference.
Fortunately, the availability of more GNSS constellations and two carrier frequencies now enables GNSS equipment used aboard civil aircraft to not only detect and monitor spoofing, but also determine from which direction it is coming.
A recent paper details a procedure to do this. It consists of a detection module that employs an algorithm to identify which signals tracked by the receiver are counterfeit, if any, followed by a direction-finding module that implements an efficient direction-of-arrival (DOA) estimator. The procedure requires three GNSS antennas and the same number of receivers, time-synchronized with a common clock, plus a signal processor that implements the detection and DOA estimation algorithms. The paper presents the design of the chain of algorithms and their preliminary tests in a laboratory setup, with the simulation of several spoofing attacks, assumed realistic in a civil aviation scenario.
Citation: “An Algorithm for Finding the Direction of Arrival of Counterfeit GNSS Signals on a Civil Aircraft” by G. Falco, M. Nicola, E. Falletti and M. Pini, presented on Sept. 20, 2019, at the ION GNSS+ conference in Miami, Florida.
Joint Galileo/GPS Project on the ISS
The European Space Agency (ESA) and NASA conducted a joint Galileo/GPS space receiver experiment aboard the International Space Station (ISS). The objectives of the project were to demonstrate the robustness of a combined Galileo/GPS waveform uploaded to NASA hardware already operating in the challenging space environment — the SCaN (Space Communications and Navigation) software defined radio (SDR) testbed (FPGA) — on-board the ISS.
The activities included the analysis of the Galileo/GPS signal and on-board position/velocity/time (PVT) performance, processing of the Galileo/GPS raw data (code and carrier phase) for precise orbit determination, and validation of the added value of a space-borne dual GNSS receiver compared to a single-system GNSS receiver operating under the same conditions. A recent paper provides a general overview of the experiment (called GARISS) and describes its design, test, validation, and operations. It also presents the various analyses conducted in the context of this project and the results obtained, with a focus on the (Precise) Orbit Determination results.
Citation: “The joint ESA/NASA Galileo/GPS Receiver onboard the ISS – The GARISS Project” by W. Enderle, E. Schönemann, F. Gini, M. Otten, P. Giordano, J. Miller, S. Sands, D. Chelmins, O. Pozzobon, presented on September 20, 2019, at the ION GNSS+ conference in Miami, FL.
As technological advances make GPS/GNSS devices more affordable, our lives are becoming increasingly dependent on precise positioning and timing. Industries such as survey, construction and logistics rely on precise positioning for automation, efficiency and safety.
GNSS time provides the pulsating heartbeat for the backbone of our industry by synchronizing telecom networks, banks and the power grid. A single day of GNSS outage is estimated to cost $1 billion U.S. dollars alone.
GNSS is a reliable system, and to keep it as such, professional GNSS receivers need to be wary of all possible vulnerabilities which could be exploited. Using GNSS receivers that are robust against jamming and spoofing is key for secure PNT (positioning, navigation and timing).
What is GPS/GNSS spoofing?
Radio interference can overpower weak GNSS signals, causing satellite signal loss and potentially loss of positioning. Spoofing, is an intelligent form of interference which makes the receiver believe it is at a false location. During a spoofing attack a radio transmitter located nearby sends fake GPS signals into the target receiver. For example, a cheap software-defined radio (SDR) can make a smartphone believe it’s on Mount Everest!
Figure 1. A cheap SDR can overpower GNSS signals and spoofs a single-frequency smartphone GPS into believing it is on Mount Everest. (Image: Septentrio)
Why GPS spoofing?
Imagine a combat situation. Clearly, the side which uses GPS/GNSS technology would have an advantage over the side which does not. But what if one side could manipulate GPS receivers of their adversary? This could mean taking over control of autonomous vehicles and robotic devices which rely on GPS positioning.
For example, in October 2018, Russia accused the U.S. of spoofing a drone and redirecting it to attack a Russian air base in Syria.
Figure 2. GNSS spoofing could be used to manipulate movement of aerial drones. (Image: Septentrio)
In the last three years, more than 600 incidents of spoofing have been recorded in the seas near the Russian border. These ships appeared to be “transported” to nearby airports.
This type of spoofing might have been introduced as a defense mechanism to ground spy drones. Most semi-professional drones on the market have a built-in geo-fencing mechanism that lands them automatically if they come close to airports or other restricted areas.
Some of the most enthusiastic spoofers are Pokémon GO fans who use cheap SDRs to spoof their GPS position and catch elusive Pokémon without having to leave their room.
Types of spoofing
Spoofers overpower relatively weak GNSS signals with radio signals carrying false positioning information. There are two ways of spoofing:
Rebroadcasting GNSS signals recorded at another place or time (so-called meaconing)
Generating and transmitting modified satellite signals
Spoof-proof: How can you protect your receiver against spoofing?
To combat spoofing, GNSS receivers need to detect spoofed signals out of a mix of authentic and spoofed signals. Once a satellite signal is flagged as spoofed, it can be excluded from positioning calculation.
GNSS receivers can offer various levels of spoofing protection. Let’s compare it to a house intrusion-detection system. You can have a simple entry alarm system or a more complex movement detection system. For added security you might install video image recognition, breaking-glass sound detection or a combination of the above.
Like a house with an open door, an unprotected GNSS receiver is vulnerable to even the simplest forms of spoofing. Secured receivers, on the other hand, can detect spoofing by looking for signal anomalies, or by using signals designed to prevent spoofing such as Galileo OS-NMA and E6 or the GPS military code.
Advanced interference mitigation technologies, such as the Septentrio AIM+, use signal-processing algorithms to flag spoofing by detecting various anomalies in the signal. For example, a spoofed signal is usually more powerful than an authentic GNSS signal.
AIM+ won’t even be fooled by an advanced GNSS signal generator: Spirent GSS9000. With realistic power levels and with actual navigation data within the signal, AIM+ can identify it as a “non-authentic” signal.
Other advanced anti-spoofing techniques such as using a dual-polarized antenna are being researched.
Satellite navigation data authentication
Various countries invest in spoofing resilience by building security directly into their GNSS satellites. With OS-NMA (Open Service Navigation Message Authentication), Galileo is the first satellite system to introduce an anti-spoofing service directly on a civil GNSS signal.
OS-NMA is a free service on the Galileo E1 frequency. It enables authentication of the navigation data on Galileo and even GPS satellites. Such navigation data carries information about satellite location and if altered will result in wrong receiver positioning computation. While currently in development, OS-NMA is planned to become publicly available in the near future. Also GPS is experimenting with satellite based anti-spoofing for civil users with their recent Chimera authentication system.
Figure 3. European Galileo satellites provide an open authentication service on the E1 signal and a commercial authentication service on the E6 signal. (Image: European Space Agency)
Recently, within the scope of the FANTASTIC project led by GSA, OS-NMA anti-spoofing protection was implemented on a Septentrio receiver.
The strongest shield: signal-level GNSS authentication
The Galileo system will be offering Commercial Authentication Service (CAS) on the E6 signal with the highest level of security for safety-critical applications such as autonomous vehicles. The signal level encryption will be based on similar techniques as the military GPS signals. Only the receivers who have the secret key are able to track such encrypted signals. The secret key is also needed to generate the signal making it impossible to fake. CAS authentication techniques are currently being prototyped at Septentrio in collaboration with the European Space Agency.
Spoof-resilient GNSS means reliable precise positioning and timing, and a peace of mind for everyone touched by this indispensable technology.
Ships sailing through the Strait of Hormuz and the Persian Gulf have been experiencing GPS interference that U.S. officials suspect is the work of the Iranians, according to CNN.
The U.S. Department of Transportation’s Maritime Administration issued an advisory on Aug. 7 to ships traveling in the Persian Gulf, Strait of Hormuz, Gulf of Oman, Arabian Sea and Red Sea. Ships have reported GPS interference, bridge-to-bridge communications spoofing and jamming, and other problems.
Iran’s goal is for ships and aircraft to wander into Iranian waters or airspace, justifying a seizure, a U.S. defense official told CNN. He said Iran has placed GPS jammers on Iran-controlled Abu Musa Island, which lies in the Persian Gulf close to the entrance of the Strait of Hormuz.
“Heightened military activity and increased political tensions in this region continue to pose serious threats to commercial vessels,” reads the advisory. “Associated with these threats is a potential for miscalculation or misidentification that could lead to aggressive actions. Vessels operating in the Persian Gulf, Strait of Hormuz, and Gulf of Oman may also encounter GPS interference, bridge-to-bridge communications spoofing, and/or other communications jamming with little to no warning.”
In at least two incidents, vessels reported GPS interference. One vessel reportedly shut off its Automatic Identification System (AIS) before it was seized, complicating response efforts.
Vessels have also reported spoofed bridge-to-bridge communications from unknown entities falsely claiming to be U.S. or coalition warships.
Since May 2019, the following maritime incidents have occurred in this region:
Six attacks against commercial vessels.
Shoot-down of U.S. Navy remotely piloted aircraft over international waters
Attempted at-sea interdiction of Isle of Man-flagged M/V British Heritage (oil tanker)
Seizure of ex-Panama-flagged M/V Riah (oil tanker)
Seizure of U.K.-flagged M/V Stena Impero (oil/chemical tanker)
Detention and subsequent release of Liberian-flagged M/V Mesdar (oil tanker).
The U.S. Air Force will load a new signal feature, designed to make spoofing detectable, aboard a satellite that will broadcast it from space as a security overlay for the GPS L1C signal, but not until 2022 at the earliest.
The Chips Message Robust Authentication (Chimera) is now in testing under the auspices of the Air Force Research Laboratory (AFRL), getting ready to fly on the Navigation Technology Satellite 3 (NTS-3), which will trial a number of new PNT techniques and technologies.
Chimera inserts encrypted digital signatures and watermarks within the L1C signal. A GPS receiver with the requisite additional capability for this purpose can then detect whether the signal is real or fake and also authenticate the location of a GPS receiver that is remotely located.
This key feature could provide a defense against hacking by blocking access from anyone unable to prove they are at an anticipated or licensed site. Hacking, of course, is a growing threat to all sorts of infrastructure: financial, security, utility grid and more.
Presentation slide from PNT Advisory Board briefing by Logan Scott.
Consultant Logan Scott first proposed the Chimera technology in 2003, when he affirmed that “Some of the spoofing detection measures in wide use offer a false sense of security. Authenticatable signal architectures are needed.” In June, he made a presentation to the PNT Advisory Board: “The Role of Civil Signal Authentication in Trustable Systems.” The two slides accompanying this article appeared in that presentation.
“Chimera represents a fundamental paradigm shift in PVT security paradigms,” Scott related in a subsequent conversation. “Trust takes time and memory on a personal level and, in this case, in GNSS signals, too.
“You don’t trust somebody as soon as you meet them. Over a period of time, you get to know them. If you can’t remember anything, you can’t develop trust either.”
“In the GNSS world, there are a lot of applications where you don’t need output in real time,” Scott said. “For example, to align an inertial. The inertial provides the real-time aspect. You don’t want to send anything to the IMU that is factually incorrect. When building to aid inertial, I can afford to have a delay from real time as long as I tell it where it was 10 seconds ago. The power of that is, if I don’t have to give real-time output, I can ponder and think about things.
“If a spoofer attacks, there’s an evolution that happens there. If I, as the receiver, can see the developing scenario, and how it starts to look at little screwy, I can stop and not send anything to the IMU that might corrupt it.”
How It Works. The core concept of Chimera involves the satellites sending encrypted watermarks, encoded into the signal by the satellite. After a slight delay, the satellite sends the key used to generate those encrypted watermarks. Once a key is sent, the system changes the key.
Since the receiver has already recorded the signal with its watermarks before the key is sent, spoofers cannot know the correct key ahead of time, in time to insert correct watermarks of their own. This means that any spoofed signals can be easily spotted: either the subsequent key won’t match up with the spoofed watermarks, or there will be no watermarks at all.
“Another reason it’s hard for someone to generate these watermarks on their own is because the signal is buried below the noise,” added Scott. “The watermarks are hidden.”
A number of different time delays between signal and key are possible within this concept and within the general set-up of GPS. Scott and the AFRL have, for various practical reasons, provisionally settled on a 6-second delay on the fast watermark channel and a 3-minute delay for the slow watermark channel.
The signal enhancement could be incorporated into the Wide Area Augmentation System (WAAS). This has yet to be fully determined, but this route would lead to a faster implementation of Chimera. Scott thinks that going the WAAS route could bring Chimera capability into action within two years.
The AFRL, however, is looking at a much longer timeline. The NTS-3 satellite, where it first intends to test Chimera, will not launch until 2022 — three years hence. And that’s only a test, not an enactment or a system-wide implementation.
Slide: Logan Scott
Verification. One key benefit for commercial entities, particularly those in financial infrastructure and other systems that increasingly fall victim to hacking, is that Chimera gives them the ability to verify customers’ or partners’ locations before granting any kind of access. The customer’s or other erstwhile user’s GPS receiver would record the full signal, including the watermarks, and transmit that data to the company, entity or data center needing location verification, before the keys are published. Each combination of watermarks and signals is unique to the place where it was recorded, thus it is possible to tell whether the user is actually where they say they are, or in an authorized or pre-identified location before granting access or accepting further input (such as commands).
Scott claims that Chimera affords a 99.9% probability of detecting spoofers. “I have a 99.9% chance of detecting that the watermark is not there, because they don’t know how to generate it. This is based on how you’re processing the signal. It’s designed to be very flexible in how the receiver uses the signal.”
Just One Problem. Receiver manufacturers will have to develop new Chimera-capable receivers, and customers will have to buy them. An additional cost for the added processing, above and beyond that required for normal GPS operation, is unavoidable.
And a Hiccup. Chimera, while an acronym, is as a name perhaps not a totally felicitous choice. In Greek mythology, the chimera is a fire-breathing female monster with a lion’s head, a goat’s body, and a serpent’s tail. These historic ancestors have evolved into the word’s more current use: a thing that is hoped or wished for but that is in fact illusory or impossible to achieve.
AFRL Wants Your Opinion. The Air Force Research Laboratory seeks feedback from the PNT community on the Chimera enhancement for the L1C signal. The specification is here. And, you can download a comment form
Photo: Ministry of Defense of the Russian Federation
Israeli security officials publicly accused Russia of disrupting and spoofing GPS signal reception in Israeli airspace throughout the month of June. The electronic warfare at which Russia is known to be adept was reportedly traced to the Khmeimim Air Base in Syria, where Russia maintains and actively flies a large number of warplanes on behalf of the Syrian government. The base is approximately about 350 kilometers (217 miles) north of Ben Gurion, so if the accusation is true, fairly powerful equipment is behind the attack.
Both Israeli and other-nationality airline pilots have reported interruptions in GPS reception during take-off and landing at Tel Aviv’s Ben Gurion International Airport. The Israeli Airline Pilots Association labeled the interruptions a spoofing attack, causing airplane receivers to report false positions.
The International Federation of Air Line Pilots’ Associations issued a Notice to Airmen: “GPS signal loss affects RNAV arrivals and departures and may create numerous alerts for systems that rely on internal position accuracy. Flight Crews should be aware of the potential risk, avoid distractions, and plan for alternative procedures as necessary.”
Pilots have since for the most part relied on Instrument Landing System, a precision runway approach aid based on two radio beams which together with both vertical and horizontal guidance during an approach to land at Ben Gurion International Airport.
The Israeli Airports Authority stated that the GPS attacks affected only airborne crews and not terrestrial navigation systems, and that they occur only during daytime.
The Russian ambassador to Israel has denied the accusations.
In April, a U.S. research institute, the Center for Advanced Defense Studies, documented more than 10,000 separate incidents of GPS disruption on Russian soil, in northern Scandinavia and in the Middle East between February 2016 and November 2018. It said Russia was “pioneering” the technique to “protect and promote its strategic interests.” GPS World summarized the report here, stating that “The Russian Federation is growing and actively nurturing a comparative advantage in the targeted use and development of GNSS spoofing capabilities to achieve tactical and strategic objectives at home and abroad.”
Tie-in with Iran Tensions. Meanwhile the Helsinki Times reported that researchers at the Finnish Geodetic Institute noticed unusual power variations in the GPS signal on June 20 and 21: “an increase of up to 10dBHz in the carrier-to-noise ratio readings comparing with the usual daily values.” Normally the variations are between -0.5 and 0.5 dBHz.
The same findings were communicated to the research community by Peter Steigenberger, senior scientist at the German Aerospace Center, DLR:
“Based on carrier-to-noise density ratio observations (C/N0) of IGS receivers, we observed global flex power operations on June 20 and 21, 2019. Flex power started subsequently for all healthy Block IIR-M and IIF satellites on June 20 between 15:18 and 17:49 UTC. C/N0 of the P(Y)-code tracking increased by roughly 10 dB for all healthy Block IIR-M and IIF satellites whereas C/N0 of the C/A-code decreased by about 2-3 dB for the healthy IIR-M satellites only. The changes in power levels are similar to flex power mode III discussed in “Steigenberger P, Thölert S, Montenbruck O. (2019) Flex power on GPS Block IIR-M and IIF, GPS Solutions, doi:10.1007/s10291-018-0797-8″. All satellites returned to normal power levels on June 21 between 6:00 and 10:00 UTC.”
On June 20, a US military drone was downed down by Iranian missiles. On June 21 President Trump tweeted that he had called off a dawn attack on Iran that day.
Whether the spoofing affecting Israeli airspace has any connection to building tensions 1,500 kilometers to the east is unknown.
New initiatives from the Navigation Innovation and Support Programme (NAVISP), a program of the European Space Agency (ESA), have targeted counter-jamming and counter-spoofing efforts, as Europe’s Galileo program gains progressive foothold in the marketplace, particularly in safety-critical systems such as driverless cars.
“We are looking for new and disruptive ideas in navigation and that is why we created NAVISP,” said ESA Director General Jan Wörner.
TeleConsult Austria is working with JH Joanneum University of Applied Sciences on the GNSS Interference Detection and Analysis System (GIDAS), to automatically detect, classify and pinpoint all intentional interference sources within a given area by monitoring all civil GNSS signals in real time.The aim is to build a multi-frequency scalable system. GIDAS plans to begin commercialization at the end of 2019.
France Developpement Conseil has developed a hardened satnav module called DRACONAV, combining hardware and software to combat jamming and spoofing. Targeting intelligent transport applications, it seeks to identify cyber attacks and continue to provide authenticated positioning information as they occur.
DRACONAV would deliver a level of confidence to let users know if they can continue relying on the data the module delivers, and yield an estimate of the receiver’s true position as the attack continues. A prototype design has undergone more than 3,000 kilometers of field tests and is moving to industrialization.
o to analyze a few tens or hundreds of milliseconds of Galileo signals at a time, to tell the user whether or not the signal is authentic or spoofed.
In Romania, InSpace Engineering’ MARGOT assesses the multipath and interference impact on PNT information in maritime environments.
The Norwegian company SINTEF is developing its Advanced Radio Frequency Interference Detection, Alerting and Analysis System (ARFIDAAS) project, offering as wide a spectral coverage as possible — including all current GPS, Galileo and GLONASS signals — to identify disruptions due to intentional or unintentional interference.
UK company Helix Technologies has developed compact helical antennas, built around a dielectric ceramic core, primarily for driverless cars. The multi-frequency design aims to reduce susceptibility to interference as well as multipath. Testing will soon get underway in several European cities.
The U.S. Army will send prototype anti-jamming systems to its 2nd Cavalry Regiment, stationed in Europe, in September to aid forces under GPS jamming or spoofing conditions. The first generation of Mounted Assured PNT Systems (MAPS) and anti-jam antennas are nearly ready for integration aboard armored Stryker vehicles, and the Army is already evaluating proposals for an upgraded version incorporating an inertial navigation system (INS) for further resilience.
The shipment comes in response to widespread Russian jamming of GPS signals from the sub-Arctic to the Middle East, and in tacit, likely tardy acknowledgment of Russian superiority in electronic warfare.
An Interim Armored Vehicle “Stryker” and AH-64 Apache helicopters with Battle Group Poland move to secure an area during a lethality demonstration as part of Saber Strike 18 in June 2018. (Photo: U.S. Army/Spc. Hubert D. Delany III, 22nd Mobile Public Affairs Detachment)
Col. Nickolas Kioutas, Army project manager for positioning, navigation and timing (PNT), announced the move at the annual C4ISRnet conference in Arlington, Virginia. C4ISR stands for Command, Control, Communications, Computer, Intelligence, Surveillance, and Reconnaissance, or more broadly, electronic and other systems, procedures and techniques used to collect and disseminate information.
Three vendors are providing prototypes for the IMU-equipped second-generation MAPS, or MAPS-2, with testing to begin in September. A MAPS-3 capability, drawing on lessons learned in 1 and 2, may get underway soon. GPS Source, now a subsidiary of General Dynamics Mission Systems, made MAPS-1 and is now competing for MAPS-2.
The initiative reflects a new approach by the Army of “doing much smaller, iterative programs,” according to Col Kioutas. Traditionally, U.S. armed forces have taken years (and sometimes more years) to develop large, complex weaponry and supporting systems, and then even longer to deploy them. By the time they arrive in the operational theater, they are obsolete.
Rapid deployment of smaller, quickly designed and manufactured batches creates the opportunity for rapid feedback on what works and what doesn’t, with equally rapid return to the design board and re-manufacture. In other words, “shoot, aim, ready.”
Kioutas and crew are also flouting another U.S. military tenet, that in which previously “[we] asked for exactly what we wanted and industry built exactly to that. We don’t know exactly what we want. Tell us how we should do this the best, and then we’ll test that.” The PNT program has left requirements broad and open to change, knowing how quickly technology develops — and is shown to be vulnerable.
The Stryker is an eight-wheeled armored fighting vehicle, basically a lightly armored tank or heavily-armored troop carrier that is more road-friendly, that is, faster, than a tank. It has several variants of armament, armor and troop-carrying capacity. It saw extensive use in the Iraq counter-insurgency campaign.
