By Saeed Daneshmand, Ali Jafarnia-Jahromi, Ali Broumandan, and Gérard Lachapelle
Most anti-spoofing techniques are computationally complicated or limited to a specific spoofing scenario. A new approach uses a two-antenna array to steer a null toward the direction of the spoofing signals, taking advantage of the spatial filtering and the periodicity of the authentic and spoofing signals. It requires neither antenna-array calibration nor a spoofing detection block, and can be employed as an inline anti-spoofing module at the input of conventional GPS receivers.
GNSS signals are highly vulnerable to in-band interference such as jamming and spoofing. Spoofing is an intentional interfering signal that aims to coerce GNSS receivers into generating false position/navigation solutions. A spoofing attack is, potentially, significantly more hazardous than jamming since the target receiver is not aware of this threat. In recent years, implementation of software receiver-based spoofers has become feasible due to rapid advances with software-defined radio (SDR) technology. Therefore, spoofing countermeasures have attracted significant interest in the GNSS community.
Most of the recently proposed anti-spoofing techniques focus on spoofing detection rather than on spoofing mitigation. Furthermore, most of these techniques are either restricted to specific spoofing scenarios or impose high computational complexity on receiver operation.
Due to the logistical limitations, spoofing transmitters often transmit several pseudorandom noise codes (PRNs) from the same antenna, while the authentic PRNs are transmitted from different satellites from different directions. This scenario is shown in Figure 1. In addition, to provide an effective spoofing attack, the individual spoofing PRNs should be as powerful as their authentic peers. Therefore, overall spatial energy of the spoofing signals, which is coming from one direction, is higher than other incident signals. Based on this common feature of the spoofing signals, we propose an effective null-steering approach to set up a countermeasure against spoofing attacks. This method employs a low-complexity processing technique to simultaneously de-spread the different incident signals and extract their spatial energy. Afterwards, a null is steered toward the direction where signals with the highest amount of energy impinge on the double-antenna array. One of the benefits of this method is that it does not require array calibration or the knowledge of the array configuration, which are the main limitations of antenna-array processing techniques.
The block diagram of the proposed method is shown in Figure 2. Without loss of generality, assume that s(t) is the received spoofing signal at the first antenna.
The impinging signal at the second antenna can be modeled by , where θs and μ signify the spatial phase and gain difference between the two channels, respectively. As mentioned before, the spoofer transmits several PRNs from the same direction while the authentic signals are transmitted from different directions. Therefore, θs is the same for all the spoofing signals. However, the incident authentic signals impose different spatial phase differences. In other words, the dominant spatial energy is coming from the spoofing direction. Thus, by multiplying the conjugate of the first channel signals to that of the second channel and then applying a summation over N samples, θs can be estimated as
where r1 and r2 are the complex baseband models of the received signals at the first and the second channels respectively, and Ts is the sampling duration. In (1), θs can be estimated considering the fact that the authentic terms are summed up non-constructively while the spoofing terms are combined constructively, and all other crosscorrelation and noise terms are significantly reduced after filtering. For estimating μ, the signal of each channel is multiplied by its conjugate in the next epoch to prevent noise amplification. It can easily be shown that μ can be estimated as
where T is the pseudorandom code period. Having and a proper gain can be applied to the second channel in order to mitigate the spoofing signals by adding them destructively as
Analyses and Simulation Results
We have carried out simulations for the case of 10 authentic and 10 spoofing GPS signals being transmitted at the same time. The authentic sources were randomly distributed over different azimuth and elevation angles, while all spoofing signals were transmitted from the same direction at azimuth and elevation of 45 degrees. A random code delay and Doppler frequency shift were assigned to each PRN. The average power of the authentic and the spoofing PRNs were –158.5 dBW and –156.5 dBW, respectively.
Figure 3 shows the 3D beam pattern generated by the proposed spoofing mitigation technique. The green lines show the authentic signals coming from different directions, and the red line represents the spoofing signals. As shown, the beam pattern’s null is steered toward the spoofing direction.
In Figure 4, the array gain of the previous simulation has been plotted versus the azimuth and elevation angles. Note that the double-antenna anti-spoofing technique significantly attenuates the spoofer signals. This attenuation is about 11 dB in this case. Hence, after mitigation, the average injected spoofing power is reduced to –167.5 dBW for each PRN. As shown in Figure 4, the double-antenna process has an inherent array gain that can amplify the authentic signals. However, due to the presence of the cone of ambiguity in the two-antenna array beam pattern, the power of some authentic satellites that are located in the attenuation cone might be also reduced.
Monte Carlo simulations were then performed over 1,000 runs for different spoofing power levels. The transmitted direction, the code delay, and the Doppler frequency shift of the spoofing and authentic signals were changed during each run of the simulation. Figure 5 shows the average signal to interference-plus-noise ratio (SINR) of the authentic and the spoofing signals as a function of the average input spoofing power for both the single antenna and the proposed double antenna processes. A typical detection SINR threshold corresponding to PFA=10-3 also has been shown in this figure.
In the case of the single antenna receiver, the SINR of the authentic signals decreases as the input spoofing power increases. This is because of the receiver noise-floor increase due to the cross-correlation terms caused by the higher power spoofing signals. However, the average SINR of the spoofing signals increases as the power of the spoofing PRNs increase.
For example, when the average input spoofing power is –150 dBW, the authentic SINR for the single-antenna process is under the detection threshold, while the SINR of the spoofing signal is above this threshold. However, by considering the proposed beamforming method, as the spoofing power increases, the SINR of the authentic signal almost remains constant, while the spoofing SINR is always far below the detection threshold.
Hence, the proposed null-steering method not only attenuates the spoofing signals but also significantly reduces the spoofing cross-correlation terms that increase the receiver noise floor. Early real-data processing verifies the theoretical findings and shows that the proposed method indeed is applicable to real-world spoofing scenarios.
The method proposed herein is implemented before the despreading process; hence, it significantly decreases the computational complexity of the receiver process. Furthermore, the method does not require array calibration, which is the common burden with array-processing techniques.
These features make it suitable for real-time applications and, thus, it can be either employed as a pre-processing unit for conventional GPS receivers or easily integrated into next-generation GPS receivers. Considering the initial experimental results, the required antenna spacing for a proper anti-spoofing scenario is about a half carrier wavelength. Hence, the proposed anti-spoofing method can be integrated into handheld devices.
The proposed technique can also be easily extended to other GNSS signal structures. Further analyses and tests in different real-world scenarios are ongoing to further assess the effectiveness of the method.
Saeed Daneshmand is a Ph.D. student in the Position, Location, and Navigation (PLAN) group in the Department of Geomatics Engineering at the University of Calgary. His research focuses on GNSS interference and multipath mitigation using array processing.
Ali Jafarnia-Jahromi is a Ph.D. student in the PLAN group at the University of Calgary. His research focuses on GNSS spoofing detection and mitigation techniques.
Ali Broumandan received his Ph.D. degree from Department of Geomatics Engineering, University of Calgary, Canada. He is a senior research associate/post-doctoral fellow in the PLAN group at the University.
Gérard Lachapelle holds a Canada Research Chair in wireless location In the Department of Geomatics Engineering at the University of Calgary in Alberta, Canada, and is a member of GPS World’s Editorial Advisory Board.