Study of Spoofing Threats Against GNSS Positioning, Navigation and Timing Units

The availability of Global Navigation Satellite Systems (GNSS) raw data for Android devices in 2016 significantly increased the possibility to analyze the positioning process implemented in the GNSS module of an Android smartphone. Before raw data were available, device users could only access GNSS data from the National Marine Electronics Association (NMEA), which contained only rudimentary GNSS information such as position, carrier-to-noise ratio (C/N0), speed over ground, and heading. It is known that due to the weakness of GNSS signals, the performance of GNSS receivers can be easily disrupted by anthropogenic interference, with Radio Frequency (RF) jamming and spoofing activities being critical threats. It is seen in the literature that Android smartphones are generally resistant to simplistic spoofing. In this paper, we present the result of test campaigns designed to evaluate with certainty the resistance of such smartphones to a simplistic spoofing methodology. In the process, we show that given the right conditions, these phones are still vulnerable to such spoofing. Testing is conducted in a controlled open environment using a realistic GPS spoofing device that transmits fake GPS L1 signals to a variety of smartphones belonging to the top two Android smartphone manufacturers. A comparative analysis of the performance of different smartphones under intentional interference is performed and the effect on raw GNSS measurements is seen. In the thesis, we focus on the design and validation of different signal processing techniques, that aim at the detection and mitigation of the spoofing attack effects. These are standalone techniques, working at the receiver’s level and providing discrimination of spoofing events without the need for external hardware or communication links. Four different techniques are explored each of them with its unique sets of advantages and disadvantages, and a unique approach to spoofing detection. For these techniques, a spoofing detection algorithm is designed and implemented, and its capabilities are validated by means of a set of datasets containing spoofing signals. The thesis focuses on two different aspects of the techniques, divided into detection and mitigation capabilities. Both detection techniques are complementary, their joint use is explored and experimental results are shown that demonstrate the advantages. In addition, each mitigation technique is analyzed separately as they require specialized receiver architecture in order to achieve spoofing detection and mitigation. These techniques are able to decrease the effects of the spoofing attacks, to the point of removing the spoofing signal from the receiver, and compute navigation solutions that are not controlled by the spoofer and lead to more accurate end results. The main contributions of this thesis are the description of a multidimensional ratio metric test for distinction between spoofing and multipath effects; the introduction of a cross-check between automatic gain control measurements and the carrier to noise density ratio, for the distinction between spoofing attacks and other interference events; the description of a novel signal processing method for detection and mitigation of spoofing effects, based on the use of linear regression algorithms; and the description of a spoofing detection algorithm based on a feedback tracking architecture.