GPS World

Tag: unmanned aerial vehicle

  • Riegl Launches RiCopter UAV at InterGeo

    At InterGeo 2014, James Van Rens, chief executive officer of Riegl, explains the launch of the RiCopter UAV with LiDAR integration, and its designer gives a live demonstration of the UAV in flight. The show was held October 7-9 in Berlin.

    The unmanned aerial vehicle is a survey-grade unmanned scanning platform for a variety of demanding applications, such as corridor, power line, or railway mapping.

    The high-performance UAV can be equipped with the Riegl VUX-1 survey-grade LiDAR sensor to offer a fully integrated turnkey solution. The RiCopter platform design includes a fully integrated Riegl VUX LiDAR sensor, IMU/ GNSS unit with antenna, control unit, and up to four optional cameras providing measuring characteristics of a 330-degree field of view, 500,000 measurements per second, and 10-millimeter accuracy.

    The class 1 unmanned aircraft system can be flown at a maximum operating altitude of 550 meters with a maximum take-off mass of up to 25 kg and a maximum payload of 16 kg, providing a long flight endurance of 30 minutes.

    RiCopter flight characteristics are smooth and stable in hovering positions, as well as on demanding flight maneuvers under challenging conditions.

    See more InterGeo videos at GPS World’s YouTube Channel.

    Another video of the RiCopter in action comes from Riegl:

  • GPS World at the 2014 Esri International User Conference

    This is the mecca of geographic information systems, or GIS, at least in the United States: the 2014 Esri International User Conference (UC) in San Diego, California, held every July. GPS World and Geospatial Solutions were there in force. A newly dominant technology that got plenty of discussion was unmanned aerial systems (UAS or UAV). Eric Gakstatter, GPS World’s survey and GIS editor, said “I can boil where this technology is headed down to one word: real-time.”

  • Unmanned Aircraft Navigation

    Unmanned Aircraft Navigation

    Sponsored by: Hemisphere GNSS
    Original Broadcast Date: Thursday, November 21, 2013
    Moderator:     Tony Murfin, Editor, Professional OEM newsletter
    Speakers: Olivier Casabianca,     Business Area Manager, Trimble GNSS OEM; Hal Adams, Co-founder/Chief Operating Officer, Accord Technology; Neil Gerein, Defense Product Manager, NovAtel; Eric Brewer, Senior Systems Engineer, Rockwell Collins; and Howard William Loewen, President, MicroPilot Inc.
    Summary:     In recent years, there has been explosive growth in the Unmanned Aerial Vehicle (UAV) market segment, with most on-board navigation systems relying on GNSS or GNSS with inertial aiding. As military budgets decline, interest in civilian commercial applications is growing rapidly.  The FAA recently awarded special type certification to two UAVs for commercial Arctic operations, and the industry is now poised for the opening of the regulation floodgates to address a growing commercial demand. In this webcast, we will hear from some of the industry leaders in GNSS-based navigation for UAVs, in both the military and civilian sectors: they will tell us what they are doing in UAV navigation and where they see this exciting market going.

  • Drone Hack: Spoofing Attack Demonstration on a Civilian Unmanned Aerial Vehicle

    By Daniel Shepard, Jahshan A. Bhatti, and Todd E. Humphreys

    
    Unmanned aerial vehicle (uav) used in the spoofing tests; owned by the University of Texas.

     A radio signal sent from a half-mile away deceived the GPS receiver of a UAV into thinking that it was rising straight up. In this way, the UAV’s dependence on civil GPS allowed the spoofer operator to force the UAV vertically downward in dramatic fashion as part of multiple capture demonstrations.

    In December 2011, Iran captured a U.S. Central Intelligence Agency (CIA) surveillance drone with only minor damage to the undercarriage of the drone, likely due to a rough landing when captured. An Iranian engineer claimed in an interview that “Iran managed to jam the drone’s communication links to American operators” causing the drone to shift into an autopilot mode that relies solely on GPS to guide itself back to its home base in Afghanistan. With the drone in this state, the Iranian engineer claimed that “Iran spoofed the drone’s GPS system with false coordinates, fooling it into thinking it was close to home and landing into Iran’s clutches.”

    Although the Iranian claims are highly questionable, this incident left many unanswered questions as to the security of GPS systems on unmanned aerial vehicles (UAVs). The CIA drone should have been guiding itself based on the encrypted military GPS signals, which would be incredibly difficult to spoof. However, some experts have conjectured that simultaneous jamming of the military signals and spoofing of the civilian signals might have worked if the drone had been programmed to fall back on the civilian GPS signals in the event that the military signals were jammed. This raises the question: How difficult would it be to spoof a UAV guiding itself based on civilian GPS signals?

    FAA Modernization Act

    In February of this year, Congress passed the FAA Modernization and Reform Act of 2012. According to the Library of Congress summary, this act “requires the Secretary [of Transportation] to develop a plan to accelerate safely the integration by September 30, 2015, of civil unmanned aircraft systems (UASes, or drones) into the national airspace system … [and] determine if certain drones may operate safely in the national airspace system before completion of the plan.”

    Such civilian UAVs would be primarily guided by civil GPS, which has been shown to be readily spoofable in the lab. This would create a significant potential hazard in the national airspace if the problem of civil GPS spoofing is not fixed. Thousands of civilian UAVs (operated by postal services, police departments, research institutions, and others) could populate the skies in only a few years while still being vulnerable to remote hijacking via GPS spoofing. The passing of the FAA Modernization Act further emphasizes the need to examine the vulnerability of UAVs to GPS spoofing.

    Test

    On invitation of the Department of Homeland Security (DHS), unclassified spoofing tests against a UAV were performed at White Sands Missile Range (WSMR) on June 19, 2012 during the DHS GYPSY test exercise. These tests demonstrated the capability of a spoofer, built by the University of Texas (UT) Radionavigation Lab, to commandeer a civilian UAV by influencing the position-velocity-time (PVT) solution of the UAV’s GPS receiver.

    The Spoofer. The civil GPS spoofer used for these tests is an advanced version of the spoofer reported in “Assessing the Spoofing Threat,” GPS World, January 2009. A schematic representation of the spoofer is shown in Figure 1. It is the only spoofer reported in open literature to date that is capable of precisely aligning the spreading codes and navigation data of its counterfeit signals with those of the authentic GPS signals. Such alignment capability allows the spoofer to carry out a sophisticated spoofing attack in which no obvious clues remain to suggest that an attack is underway.


    Figure 1. This spooler is capable of precisely aligning the spreading code and navigation data of its counterfeit signals with GPS signals.

    The spoofer is implemented on a portable software-defined radio platform with a digital signal processor (DSP) at its core. This platform comprises:

    • A radio frequency (RF) front-end that down-mixes and digitizes GPS L1 and L2 frequencies
    • A DSP board that performs acquisition and tracking of GPS L1 C/A, calculates a navigation solution, predicts the L1 C/A databits, and produces a consistent set of up to 14 spoofed GPS L1 C/A signals with a user-controlled fictitious implied navigation and timing solution.
    • An RF back-end with a digital attenuator that converts the digital samples of the spoofed signals from the DSP to analog output at the GPS L1 frequency with a user-controlled broadcast power.
    • A single-board computer that handles communication between the spoofer and a remote computer over the Internet.

    The spoofer works by first acquiring and tracking GPS L1 C/A and L2C signals to obtain a navigation solution. It then enters its “feedback” mode, in which it produces a counterfeit, data-free feedback GPS signal that is summed with its own antenna input. The feedback signal is tracked by the spoofer and used to calibrate the delay between production of the digitized spoofed signal and output of the analog spoofed signal. This is necessary because the delay is non-deterministic on start-up of the receiver, although it stays constant thereafter.

    After feedback calibration is complete and enough time has elapsed to build up a navigation data bit library, the spoofer is ready to begin an attack. Initially, it produces signals that are aligned to within a few meters with the authentic signals at the location of the target antenna but have low enough power that they remain far below the target receiver’s noise floor. The spoofer then raises the power of the spoofed signals slightly above that of the authentic signals. At this point, the spoofer has taken control of the victim receiver’s tracking loops and can slowly lead the spoofed signals away from the authentic signals, carrying the receiver’s tracking loops with it.  The target receiver can be considered completely captured when either of the following are true:

    • each spoofed signal has shifted by 2 µs relative to the authentic signals, or
    • each spoofed signal is at least 10 dB more powerful than the corresponding authentic signal.

    The latter option ensures that there is no significant interaction between authentic and spoofed signals by simultaneously jamming and spoofing.
    The UT spoofer and attack strategy have been tested against a wide variety of civil GPS receivers and have always been successful in commandeering the target receiver.

    Test UAV.  The spoofing tests targeted a University-of-Texas-owned Hornet Mini UAV supplied by Adaptive Flight, which is shown in the  opening photo. The Hornet Mini is roughly five feet long and weighs about 10 pounds when fully loaded. The Mini’s sophisticated avionics package loosely couples an altimeter, magnetometer, and a MEMS IMU package to a GPS receiver via an extended Kalman filter.

    The Hornet Mini is representative of UAVs used by law enforcement. Thus, the results of the spoofing tests with the Mini also apply to other similarly-designed UAVs, including those used in most civil applications, whose navigation systems are centered on civil GPS. It should be noted that no special alterations were made to the Hornet Mini for this test – it was in its “as sold” or “stock” configuration.

    Setup. A schematic of the setup used for the spoofing tests against the civil UAV at WSMR appears in Figure 2. The spoofer was located on a hilltop with the receive antenna on the far side of the hilltop from the transmit antenna as shown in Figure 3. The UAV site was located in a sandy basin approximately 620 meters from the transmit antenna.


    Figure 2. Schematic of the test setup.


    Figure 3. Aerial view of the test site showing the spoofer location on a hilltop and the UAV site 0.62 kilometers away.

    Procedure. The UAV was commanded by its ground controller to hover approximately 60 feet above ground level at the UAV site. After the initial ground control command was sent, the UAV maintained its hovering position automatically based on the navigation solution of its extended Kalman filter, which is based in part on GPS. At this point in the test procedure, the spoofed signals were not being broadcast: the UAV was only under the influence of the authentic GPS signals.

    The spoofer was then commanded to begin transmitting spoofed signals. To ensure seamless capture of the UAV’s GPS unit, the code phases of the spoofed signals were aligned to within meters of the authentic signals at the location of the UAV’s GPS antenna. The spoofed signals overpowered their authentic counterparts and instantly captured the tracking loops within the UAV’s GPS receiver.

    Immediately after capture, the spoofer induced a false velocity and corresponding position change in the UAV’s GPS receiver, drawing the position reported by the UAV’s extended Kalman filter away from the UAV’s commanded hover position. To compensate, the UAV’s flight controller responded by moving in the opposite direction. A safety pilot was on hand to prevent the UAV from drifting out of control.  This was necessary because by commandeering the UAV’s GPS receiver, the spoofer operator effectively breaks the UAV autopilot’s feedback control loop. The spoofer operator must now act as an operator-in-the-loop, which requires real-time, meter-level knowledge of the UAV’s true location.

    Results. Between tests WSMR and UT, the spoofer demonstrated short-term 3-dimensional control of the UAV. Thus, we conclude that it is indeed possible to hijack a civil UAV — in this case, a fairly sophisticated one — by civil GPS spoofing.

    Interestingly, the Hornet Mini relies only on its altimeter for direct measurements of its vertical position; the GPS-measured vertical position is ignored. This can be done with reasonable accuracy because of the Hornet Mini’s short flight endurance (~20 minutes). However, the GPS vertical velocity does affect the extended Kalman filter’s vertical coordinate estimate because the filter propagates GPS velocity measurements through a UAV dynamics model to form an a priori vertical estimate that gets updated with the altimeter measurements. This dependence on GPS velocity allowed the spoofer operator to force the UAV vertically downward in dramatic fashion in the final three capture demonstrations.

    Developing a full spoofer-based control system for a UAV is a difficult problem that, in addition to the requirement for real-time true position feedback, requires the spoofer to model the UAV’s feedback control behavior and to estimate the UAV’s desired path. Causing a UAV to spin out of control and crash is not difficult with a spoofer, but fine-grained control certainly is.

    Implications

    These tests have demonstrated that civilian UAVs will be vulnerable to control by malefactors with a civil GPS spoofer looking to hijack or crash these UAVs unless their vulnerability to GPS spoofing is addressed. There are several reasons why someone may want to spoof a drone including fear over drones invading people’s privacy. This poses a significant safety concern that could result in mid-air collisions with other aerial vehicles or buildings, not to mention loss of property.

    Constructing from scratch a sophisticated GPS spoofer like the one developed by UT is not easy, nor is it within the capability of the average anonymous hacker. It is orders of magnitude harder than developing a GNSS jammer. Nonetheless, the trend toward software-defined GNSS receivers for research and development, where receiver functionality is defined entirely in software downstream of the A/D converter, has significantly lowered the bar to spoofer development in recent years.

    As a point of reference, we estimate that there are more than 100 researchers in universities around the globe who are well-enough versed in software-defined GPS that they could develop a sophisticated spoofer from scratch with a year of dedicated effort. More worrisome is the fact that one does not have to build a sophisticated spoofer like ours, capable of aligning its signals precisely with authentic signals at the location of a chosen target, to spoof a civil GPS receiver. A low-cost off-the-shelf GPS signal simulator would not permit the kind of seamless attack we carried out, but would be adequate to confuse and disrupt the navigation system of a commercial UAV.

    Fixing the Problem

    There is no quick, easy, and cheap fix for the civil GPS spoofing problem. Moreover, not even the most effective GPS spoofing defenses are foolproof. Nonetheless, there are many possible remedies to the spoofing problem that, while not foolproof, would vastly improve civil GPS security. These defenses can be broken up into two categories: cryptographic and non-cryptographic defenses.

    Cryptographic defenses come primarily in two forms, spread-spectrum security codes (SSSC) and navigation message authentication (NMA), depending on whether the unpredictable digital signature is placed on the spread-spectrum code or the navigation data. These cryptographic signatures could be placed on WAAS signals or existing or future GPS signals to provide authentication of the source of the WAAS or GPS signals. A cryptographic defense implemented with appropriate checks to protect against certain variants of spoofing attacks, described in “Straight Talk on Anti-Spoofing,” GPS World, January 2012, would significantly raise the bar for a would-be spoofer. Several proposals for cryptographic methods are currently on the table including a proposal by Logan Scott to place SSSC signatures on GPS L1C signals that will be broadcast by GPS Block III satellites. However, the current proposals for civil GPS cryptographic authentication schemes are still at least several years away from implementation and have a 5-minute window between authentications of each individual GPS signal. These proposals have currently gained no ground in being implemented because of a lack of dedicated funds for development and implementation.

    There are also a number of promising non-cryptographic techniques for civil GPS spoofing detection that include jamming-to-noise power detectors (J/N meters), correlation profile anomaly defenses, and antenna-based defenses. J/N meters are simple and easily-implementable and would prevent a spoofer from simultaneous jamming and spoofing. However, a J/N sensor will not typically detect a spoofing attack in which the spoofed signals are only slightly more powerful than their authentic counterparts. The inclusion of a J/N meter does ensure that the authentic signals will also be visible as a corruption to the correlation curve during a spoofing attack, due to the difficulty of nulling out the authentic signal. This allows correlation profile anomaly defenses to be viable. However, these methods suffer from the difficulty of distinguishing multipath effects from a spoofing attack, particularly in mobile receivers. Antenna-based defenses also present an attractive option for anti-spoofing, but most of these methods require additional hardware (multiple antennas) and cost. One promising new antenna-based defense is currently under development at Cornell University that does not require multiple antennas. This defense involves an extension of the signal spatial correlation technque developed by the University of Calgary PLAN group. However, this technique is still under development, and receivers implementing this technique would likely be several times more expensive than current receivers.

    For details on potential spoofing defenses, see Todd Humphrey’s congressional testimony in “The System.”

    Recommendations

    We recommend that for non-recreational operation in the national airspace, civil UAVs exceeding 18 pounds be required to employ navigation systems that are spoof-resistant. Spoof resistance will be defined through a series of four canned attack scenarios that can be recreated in a laboratory setting. A navigation system is declared spoof-resistant if, for each attack scenario, the system is either unaffected by or able to detect the spoofing attack. Spoofing detection combined with an appropriate GPS-denied mode for the UAV to fall back on will significantly increase the difficulty of mounting a successful spoofing attack.

    Additionally, civil GPS receivers in many critical infrastructures (communications networks, financial trade centers, and the power grid) are also vulnerable to civil GPS spoofing. These critical infrastructures primarily rely on GPS for timing, which is also susceptible to manipulation with varying consequences depending on the application. A discussion of power grid vulnerabilities to GPS spoofing is given in “Going Up Against Time” in this issue of the magazine on page 34. We also recommend that GPS-based timing or navigation systems having a non-trivial role in systems designated by DHS as national critical infrastructure be required to be spoof-resistant.

    Finally, we recommend that funding be committed for development and implementation of a cryptographic authentication signature in one of the existing or forthcoming civil GPS signals. The signature should at minimum take the form of a digital signature interleaved into the navigation message stream of the WAAS signals. A better plan would be to interleave the signature into the CNAV or CNAV2 GPS navigation message stream. The best plan for implementing a cryptographic authentication signature would be to implement the signature as an SSSC interleaved into the spreading code of the L1C data channel. Inclusion of a cryptographic signature would greatly aid manufacturers in developing receivers that are spoof-resistant.

    Manufacturers

    The Hornet Mini UAV carries a µ-blox GPS receiver.

    Daniel P. Shepard is pursuing M.S. and Ph.D. degrees in aerospace engineering at the University of Texas (UT) at Austin. He is a member of the Radionavigation Laboratory.

    Jahshan A. Bhatti is pursuing a Ph.D. in aerospace engineering and engineering mechanics at UT and is a member of the Radionavigation Laboratory.

    Todd E. Humphreys is an assistant professor of aerospace engineering and engineering mechanics at UT and director of the Radionavigation Laboratory. He received a Ph.D. in aerospace engineering from Cornell University.

     

  • The System: Fly the Pilotless Skies: UAS and UAV

     

    
    Unmanned aerial vehicles and civil aircraft may co-habit the airspace after September 2015.

     As the U.S. Federal Aviation Administration (FAA) moves ahead with plans for unmanned aerial systems/vehicles (UAS/UAV) to have regular access to U.S. airspace by 2015, it has encountered several barriers. For UAVs to be treated like manned aircraft, their systems likley need to be qualified to the same standards as civil avioncs. This is a challenge, as each UAS has largely unique systems. UAS equipment standards are emerging, but threats to GNSS abound, requiring defense/mitigation.

    Demand for UAS has produced many different types flying in a range of applications. With no apparent standard avionics fit or uniform safety standards, each UAS type is basically configured for specific tasks. Commercial UAS applications continue to emerge, and major market growth is anticipated. One forecast indicates that the UAS market could reach $7.26 billion this year alone. The promise of new and better ways to reduce costs, improve safety, and increase operational efficiency feeds market expansion.

    However, in the United States the FAA currently requires each UAS commercial project desiring access to controlled airspace to obtain an FAA-approved Certificate of Authorization. While the FAA has made efforts to speed up approvals, this process slowed widespread commercial adoption of UAS. Nevertheless, opportunities abound in pipeline and transmission line inspection, crop spraying, law enforcement, security, and surveillance, survey/mapping, remote area mail delivery, and hundreds of other applications. The FAA may have felt some pressure to move forward, because Congress has put in place the Modernization and Reform Act of 2012, which calls on the FAA to fully integrate unmanned systems, including those for commercial use, into the national airspace by September 2015.

    UAS in the NAS. Meanwhile, a project called the Unmanned Aircraft Systems Integration in the National Airspace System (UAS in the NAS), undertaken by NASA’s Dryden Flight Research Center, seeks to reduce technical barriers related to safety and operational challenges associated with enabling routine UAS access to the NAS.

    Europe has also launched a study on the integration of UAS in non-segregated airspace for the future Single European Sky. The ICONUS study will be carried out by a consortium within the European air traffic management program called Single European Sky ATM Research Programme (SESAR). The study will drive the definition of the requirements, capabilities, and equipment which UAS will need to operate safely and efficiently in the coming European SESAR environment.

    The U.S. RTCA SC-203 committee is drafting UAS operational requirements, and there has been significant progress towards publishing Minimum Aviation Performance Standards (MASPS), including requirements for navigation. Europe has similar activities underway aimed at improving UAS access to its airspace.

    MOPS. The big picture is that requirements for unmanned aircraft are being brought into conformance with the standards applied to the performance and behavior of manned aircraft. Navigation requirements for UAS are expected to specify that systems will need to be qualified to Minimum Operational Performance Standards (MOPS). This means that on-board electronics, including GNSS systems, will probably need to be FAA Technical Standard Orders (TSO) qualified, just as they are now for manned aircraft.

    Why do we need to investigate certified avionics now? In the scheme of avionics, more than two years breathing space to certify UAS avionics systems is not a long time, not at all, until the September 2015 deadline. FAA airborne software and hardware qualification will take much time and effort to implement, and re-configuration of systems, interfaces, and operating procedures may take even longer.

    For Manufacturers. UAS makers have the option to move forward in stages. For instance, by selecting a few existing airborne-qualified OEM avionics, they could minimize the internal effort to comply. As the first UAS with certified avionics emerge, they will probably get good support from FAA to adopt U.S. operating rules for the NAS. Embedding an existing certified GPS receiver in UAS avionics will reduce the internal work needed and allow more effort for developing commercial market opportunities that look to quickly adopt UAS.

    Meanwhile, efforts are in full swing to change the U.S. and European navigation landscapes over the next few years. So it would be better to be ready with a capable GNSS receiver that is already built to meet the challenges of NextGen and SESAR.

    GPS III and Galileo. The L5 civil GPS frequency may be operational around the time that UAS unrestricted access becomes possible. GPS L1/L5 dual-frequency operations will enable higher navigation accuracy, reliablity, and integrity. The FAA is already developing NextGen WAAS to include L5, and revisions to the GPS MOPS to include L5 should begin shortly, in time for a usable GPS L5 constellation in 2015/2016. The FAA is already preparing for L5 avionics, and industry investigative work is underway. Its possible that GPS L1/L5 may meet the accuracy and integrity requirements for CAT II/III automated landings. In Europe, Eurocae work is expected to gain momentum for the Galileo E1/E5a MOPS as the Galileo satellite navigation system becomes operational.

    The new GNSS environment also includes WAAS/SBAS precision approach (localizer performance with vertical guidance, or LPV) capability: LPV is available now in the United States and will soon be in wider operation in Europe. Automatic Dependendant Surveillance (ADS-B) is rolling out in the United States and around the world. ADS-B is being mandated within the U.S. NAS as the means for air-traffic control to track all aircraft, so UAS avionics will need to include certified ADS-B Out capability.

    In one commercial instance, the Septentrio AiRx2 receiver comes out of the box as a certified L1 GPS with ADS-B and WAAS LVP, but is also ready for GPS L5 and Galileo E1/E5a.

    Even as greater steps forward enhance how GNSS is used in this wider definition of aviation that will soon include UAS, a team at the University of Texas demonstrated how a UAV could be maliciously side-tracked (see article on page 30 of this issue) —  reminiscent of the Iranian downing of a U.S. surveillance drone in December 2011.

    Admittedly the GPS on the vehicle in the UT test was not a qualified airborne receiver, but how could this happen when there was also an inertial sensor and a radio-altimeter on the UAV? A good question, which UAV manufacturers will need to consider when they implement their on-board Kalman filters, knowing that spoofing is now an additional threat to parry.

    Couldn’t we detect that high-power RF spoofing signal at the front-end of the GPS receiver? Even if only to tell the on-board systems that there could be hazardous misleading information about? Or run separate GPS and GPS/inertial position solutions, detect significant divergence, and set the same warning flag? And multi-constellation, multi-frequency receivers, and even controlled radiation pattern antennas — all things to investigate.  More work for the aviation receiver guys who labor tirelessly to improve GNSS integrity.

    Of course if you hijack a UAV with a high-power spoofer, you are also spoofing civil transports operating in the same airspace, so now there is the potential to trigger a Federal investigation. It will probably be easier to detect this stuff with moving airborne sensors rather than the fixed ground equipment used to find jammers on trucks at Newark airport, and lots of pilots likely providing real-time location information on radios if their GPS goes even a little haywire. All would help to quickly locate and shut down any spoofer. Nevertheless, it’s a threat to be mitigated.

    Fatal Crash. In South Korea, the effects of intermittent North Korean jamming of GPS to disrupt seal, land, and air navigation in the South may have contributed to the recent fatal crash of a Schiebel Camcopter S-100 drone, a 150-kilogram rotorcraft capable of 220 km/h flight. It should have coped with loss of GPS as the Camcopter has multiple inertial measurement units that allow safe operation and recovery in the absence of GPS signals. Emergency procedures to ensure a safe recovery in such a situation do not appear to have been correctly and adequately followed, manufacturer Schiebel alleges.

    NovAtel may have found one way to help mitigate spoofing on UAVs; the company released a combined civil/SAASM GPS receiver, the OEM625S, aimed specifically at UAVs. Granted, the idea is to add SAASM anti-spoofing capability to a number of UAVs which currently use NovAtel commercial receivers, mostly in military systems. That may be motivated by the desire to avoid further Iranian incidents!

    BAE Systems has been thinking of giving GPS a back-up for just those situations where jamming or even spoofing is detected. BAE’s Navigation via Signals of Opportunity (NAVSOP) system was just announced at the Farnborough air show in the UK and is still in research phase, but looks extremely promising. It interrogates the radio environment for the ID and signal strength of local digital TV and radio signals, plus air traffic control radars, with finer grained adjustments coming from cellphone masts and Wi-Fi routers. Mapping the location of all these sources might be quite an undertaking, and given that these are all non-safety-of-life commercial signals, the sources are subject to the vagaries of power outages, regular maintenance, and breakdowns. Nevertheless, with such a multitude of signals, NAVSOP could well turn out to be a viable back-up for GNSS.

    So, shared access to civil airspace, wider applications in commercial operations, and changes in equipment qualification, along with potential solutions for GNSS jamming and spoofing: lots to consider for the UAS industry.

    Taking It to the House

    U.S. House of Representatives Committee on Homeland Security; Subcommittee on Oversight, Investigations, and Management; Hearing, July 19, 2012:  Using Unmanned Aerial Systems Within the Homeland: Security Game Changer?

    Testimony by Todd E. Humphreys, Ph.D.; Assistant Professor, Cockrell School of Engineering, The University of Texas at Austin. [Excerpted. Prof. Humphreys is a co-author of the article “Drone Hack” in the August issue of GPS World.]

    The vulnerability of civil GPS to spoofing has serious implications for civil unmanned aerial vehicles (UAVs), as was recently illustrated by a dramatic remote hijacking of a UAV at White Sands Missile Range.

    Hacking a UAV by GPS spoofing is but one expression of a larger problem: insecure civil GPS technology has over the last two decades been absorbed deeply into critical systems within our national infrastructure. Besides UAVs, civil GPS spoofing also presents a danger to manned aircraft, maritime craft, communications systems, banking and finance institutions, and the national power grid.

    Constructing from scratch a sophisticated GPS spoofer like the one developed by the University of Texas is not easy. It is not within the capability of the average person on the street, or even the average Anonymous hacker. But the emerging tools of software-defined radio and the availability of GPS signal simulators are putting spoofers within reach of ordinary malefactors.

    There is no quick, easy, and cheap fix for the civil GPS spoofing problem. What is more, not even the most effective GPS spoofing defenses are foolproof. But reasonable, cost-effective spoofing defenses exist which, if implemented, will make successful spoofing much harder.

    I recommend that for non-recreational operation in the national airspace civil UAVs exceeding 18 lbs be required to employ navigation systems that are spoof-resistant.

    More broadly, I recommend that GPS-based timing or navigation systems having a non-trivial role in systems designated by DHS as national critical infrastructure be required to be spoof-resistant.

    Finally, I recommend that the DHS commit to funding development and implementation of a cryptographic authentication signature in one of the existing or forthcoming civil GPS signals.

    Complete testimony (PDF) covers:

    • The potential vulnerabilities of U.S. national transportation, communications, banking and finance, and energy distribution infrastructure;
    • What does it take to build a spoofer? Buy a spoofer?
    • Range and required knowledge of target.
    • Fixing the problem:

    •    Jamming-to-noise sensing defense;
    •    Defense based on SSSC or NMA on WAAS signals;
    •    Multi-system multi-grequency defense;
    •    Single-antenna defense;
    •    Defense based on spread-spectrum security codes on L1C;
    •    Defense based on navigation message authentication on L1C, L2C, or L5;
    •    Correlation prole anomaly defense;
    •    Multi-antenna defense;
    •    Defense based on cross-correlation with military signals.

  • NovAtel SAASM to See First Action in Aerial Drones

    The new OEM625S Selective Availability Anti-Spoofing Module (SAASM) GNSS receiver from NovAtel, launched in a cooperative effort with SAASM expert L-3 Interstate Electronics Corporation (IEC), will get its first applications in the unmanned aerial vehicle (UAV) sector. NovAtel has brought forth the new product in part to meet requirements of UAV manufacturers who are now mandated to have SAASM onboard as well, for in-theater operations in areas of military activity.

    “The new SAASM regulations meant that integrators were looking at having to incorporate another receiver alongside their NovAtel unit, complicating user interface factors and increasing onboard space requirements,” said NovAtel Product Manager Neil Gerein. “The OEM625S gives our customers a drop-in form factor that easily replaces their existing NovAtel OEM receiver.”

    “NovAtel has supplied UAV integrators on the civil scientific side almost since our inception,” Gerein said, adding, “the military has become more and more involved in this market in recent years for budget and various other strategic reasons.” He mentioned that in its 20-year history selling GPS products, for the last 17 years NovAtel has provided receivers and expertise to U.S. and Canada defense contractors, and to defense research labs in Allied countries. Antcom, a wholly-owned NovAtel subsidiary specializing in antennas and microwave products, makes the majority of its sales into military areas.

    Examples of such products in this area — not necessarily from NovAtel customers, who remain unidentified — include hand-launched mini-UAVs like the Aerovironment RQ-11 Raven and Elbit Skylark I, and runway-capable tactical UAVs such as Textron RQ-7 Shadow, Aeronautics DS Aerostar, IAI Searcher II, and InSitu’s ScanEagle UAV system, quickly evolving into a mainstay with the U.S. Navy and its allies thanks to a partnership with Boeing.

    The InSitu ScanEagle was first developed to track dolphins and tuna from fishing boats, to ensure that fish labeled “dolphin-safe” actually are so. The same characteristics needed by commercial fishing boats — low infrastructure launch and recovery, small size, 20-hour long endurance, automated flight patterns — are key for naval operations from larger vessels, and for battlefield surveillance.

    At present the OEM625S, combining a commercial dual-frequency NovAtel GNSS receiver with an L-3 IEC XFACTOR SAASM, provides single-point positioning with SAASM for authorized defense customers. The SAASM position is provided via a dedicated communication port, as well as through NovAtel’s software command protocol, allowing for maximum flexibility. The small form factor and low power consumption expands range of potential defense applications requiring robust SAASM GPS positioning.

    The OEM625S measures 60 x 100 x 9.1 millimeters, and runs on field-upgradeable software. NovAtel will accept orders for the OEM625S from authorized customers starting in Q3 2012.

  • Tech-Transfer Event Showcases New UAV

    A low-cost, man-portable, reusable unmanned aerial vehicle (UAV) was one of several emerging technologies highlighted at the “Homeland Security: Detect and Protect, Novel Military Technologies for Commercial Use” technology-transfer and federal marketplace event held at the U.S. Army’s Aberdeen Proving Ground (APG) in Aberdeen, Maryland, on April 20.

    Hosted by APG, the Maryland Technology Development Corporation (TEDCO), and the Tech Council of Maryland, the event showcased technologies under development in APG?s research labs and testing facilities that can be commercialized by local companies. The UAV garnered interest from the Department of Defense Technology Transfer and Commercialization National Center of Excellence for First Responder Technologies at the University of Pittsburgh; American Aerospace Advisors, Inc.; and CTRL Systems, Inc.

    John Condon, mechanical engineer at the Weapons and Materials Directorate, U.S. Army Research Laboratory, led the presentation about the Switchblade UAV, which uses real-time video, infrared imagery, and Global Positioning System technology for surveillance applications. The UAV can conduct overhead intelligence-surveillance-reconnaissance of infrastructure while carrying such payloads as day/night video, high-resolution snapshots, and chem-bio detectors. It can also deliver remote sensors and warheads to preselected areas on the battlefield. The UAV was developed in collaboration with AeroVironment, Inc., a Monrovia, California-based developer of small UAV solutions.

    The one-day homeland security program also included presentations focused on available joint research and patent license opportunities, such as Cooperative Research and Development Agreements, and examples of successful partnerships with APG. More than 250 business executives, entrepreneurs, and researchers from 13 states attended the event. Technology-transfer officials from TEDCO were on hand to provide information about state and federal funding programs that support technology-transfer projects.

    For more information about this and upcoming technology programs, visit www.marylandtedco.org.