What is GNSS Spoofing? | GIM International

With increasing counterfeit attacks, GNSS poll receivers need to be protected by interference reduction technology using the latest security techniques to ensure reliable positioning.

The research and mapping industry has been using GPS / GNSS precision positioning technology for years. While the falsification of GNSS is recognized as a real threat to unmanned aerial vehicles (UAVs or “unmanned aerial vehicles”), its impact on survey and mapping equipment is still underestimated. Reliable data collection is important for the various uses of mapping, from human-based surveys and mobile mapping to UAV photogrammetry. Ensuring reliable positioning requires the use of stable equipment designed in such a way as to alleviate all possible vulnerabilities. The use of GNSS receivers that are stable against jamming and tampering is key to reliable data collection anytime, anywhere.

GPS / GNSS anti-jamming

Attenuation and tampering are a type of GNSS radio interference that occurs when weak GNSS signals are overcome by stronger radio signals on the same frequency. Attenuation is a type of “white noise” interference that causes loss of accuracy and potentially loss of positioning. This type of interference can come from neighboring electronic devices or external sources such as radio amateurs in the area. Forgery is an intelligent form of intervention that misleads the consumer into thinking that it is in the wrong place. During a fake attack, a radio transmitter located nearby sends fake GPS signals to the target receiver. For example, even a cheap software-defined radio (SDR) can make a smartphone believe it is on Mount Everest (see Figure 1)!

GNSS users are experiencing more and more cases of jamming, and counterfeiting events are also on the rise – especially in recent years, as it has become easier and more accessible to create malicious counterfeiting systems. There are many examples, from Finland – which experienced a week-long counterfeiting attack in 2019 – to China, where many vessels have been the target of counterfeiting attacks. Therefore, jamming and tamper protection is no longer a “nice to have” feature, but a critical component of a GNSS receiver.

Counterfeiting incidents are on the rise

C4ADS, a non-governmental organization that analyzes conflicts and data issues, concluded that Russia makes extensive use of counterfeiting to divert air drones from entering airspace near government figures, airports and ports. And some of the most enthusiastic counterfeiters are fans of the augmented reality mobile game Pokémon Go, who use SDR to trick their GPS position and catch elusive Pokémon without having to leave their rooms.

Such attacks are usually targeted at a specific receiver. However, transmitting a counterfeit will actually affect all nearby GPS receivers. For example, the SDR may affect all GPS receivers within a radius of 1 km from the forgery source and the signal may be amplified for further propagation. This means that surveys or mapping jobs in densely populated areas are at higher risk of such ‘indirect’ counterfeiting attacks.

Figure 1: Even a cheap SDR can overcome GNSS signals and trick a single-frequency GPS smartphone into believing it’s on Mount Everest.

How to fix a receiver

The spooter can either retransmit GNSS signals recorded at another location and time, or generate and transmit modified satellite signals. Therefore, to combat counterfeiting, GNSS receivers must be able to distinguish counterfeit signals from authentic signals. Once the satellite signal is marked as forged, it can be excluded from the positioning calculations.

There are different levels of tamper protection that the receiver can offer. Using the analogy of a home intrusion detection system, it can be based on a simple entry alarm system or a more complex motion detection system. For added security, the homeowner may decide to install video image recognition, broken glass sound detection, or a combination of the above. An unsecured GNSS receiver is like a house with an unlocked door; it is vulnerable to even the simplest forms of forgery. Secure receivers, on the other hand, can detect counterfeiting by looking for signal anomalies or by using anti-counterfeiting signals such as Galileo OSNMA and E6 or GPS military code.

Advanced jamming technologies, such as Septentrio AIM +, use advanced signal processing algorithms to mitigate flag jamming and tampering. To detect forgery AIM + checks for various anomalies in the GNSS signal, such as unusually high signal strength. It also works in conjunction with RAIM + integrity algorithms to ensure range validity (distance to the satellite) by comparing range information from different satellites. AIM + will not even be fooled by the advanced GNSS signal generator, the Spirent GSS9000. Even with realistic power levels and actual navigation data in the signal, it can still identify it as an “inauthentic” signal. Other advanced techniques to prevent tampering, such as the use of a double-polarized antenna, are currently being explored.

Figure 2: GNSS forgery can be used to manipulate the movement of air drones.

Authentication of satellite navigation data

Different countries are investing in tampering with sustainability by building security directly into their GNSS satellites. With Open Service Navigation Message Authentication (OSNMA), the European Galileo is the first satellite system to introduce a forgery service directly on a civilian GNSS signal.

OSNMA is a free Galileo E1 frequency service that allows verification of Galileo navigation data. Such navigation data carry information about the location of the satellite and, if changed, will lead to an incorrect calculation of the position of the receiver. As a close partner of ESA, the European manufacturer of GNSS Septentrio has been contributing to the design and testing of the Galileo system since its inception. Today, as the OSNMA system enters its testing phase, Septentrio receivers are successfully used to test OSNMA signals. The US GPS system is also experimenting with satellite anti-counterfeiting for civilian users with its recent authentication system called Chimera.

Figure 3: European Galileo satellites provide an E1 open authentication service and an E6 commercial authentication service. (Photo courtesy of: European Space Agency)

Advanced interference mitigation technology

OSNMA is part of the puzzle containing AIM + interference protection system. The anti-jamming component suppresses the widest variety of interference, from simple, continuous narrowband signals to the most complex, broadband and pulse transmissions. The anti-counterfeiting component consists of signal anomaly detection, OSNMA, RAIM +, and other algorithms.

Future-resistant GNSS receivers

Interference reduction technology such as AIM + protects accurate positioning today. To provide the best protection for tomorrow, GNSS vendors are offering future-proof technology that allows users to take advantage of new GNSS protection services such as ONSMA and Chimera as soon as they become available. The use of future GNSS receivers in research, mapping and UAV equipment allows integrators to reduce their time to market with elastic products. Secure GNSS means reliable accurate positioning and peace of mind for anyone who relies on this technology.

More information