An Assessment of the Difficulties Spoofing Live Sky vs Simulated GNSS Signals

Abstract

The spoofing of GNSS signals has evolved from being a largely esoteric, theoretical threat which was thought to be extremely unlikely to occur, to being a threat that is considered to be very real and to have potentially a high impact on targeted GNSSdependent systems or devices. Several recent real-world incidents, namely well documented anecdotal incidents occurring in the Black Sea and in the approaches to the Port of Shanghai, have shown that there is also a high potential for collateral effects to impact GNSS users. The FAA now regard GNSS spoofing as a “concern” and are investigating mitigation options, and modernized GPS and Galileo constellations are likely to implement signal authentication techniques to improve the security of navigation messages. Whilst the spoofing of GPS signals in the Black Sea are thought to have affected more than 130 commercial ships, it is not possible to quantify how many suffered no effects or impact from the spoofed GPS signals. The authors have tested many GNSS receivers using a simulator to generate both the “authentic” GNSS signals and the faked, spoofed signals that a spoofer would generate. Results have shown that many receivers are unable to resist this kind of attack and once the spoofing signals approach the power level of the authentic signals, the target receiver often quickly starts to track the faked signals and will not recover until the fake signal power has been reduced to a level well below the generated authentic signals. These scenarios were performed under ideal benchmarking conditions. Other researchers believe based on their experience that mounting spoofing attacks in the real world is more difficult. The authors have considered that when using a single simulator to generate “authentic” and replica GNSS signals, the alignment of simulated “live sky” and spoofed signals is almost perfect and there are no environmental variables to consider – in other words this situation is likely to be the very best set of circumstances to showcase and test responses to a successful GNSS spoofing attack but may not provide valid information on a system’s ability to resist such an attack in the real world. In this paper the authors show a test set up in which the receivers under test are locked on to authentic live sky signals through an antenna feed into the laboratory and an RF Constellation Simulator is used to provide spoofing signals. The test set up is discussed as are issues with the set-up (test repeatability and geographic limitations). Two sample receivers (A and B) are tested with GPS spoofing at ranges of 10m, 50m and 100m. During the spoofing attacks, the power of the replica (counterfeit) GPS signals is gradually raised to about +10dBC – the tests are in fact very similar to those undertaken in [1], but this time with authentic GNSS Live Sky signals replacing the simulated authentic GNSS signal. These results are compared with those obtained in the original paper and the major differences are discussed. The paper concludes with a discussion and assessment of the major factors that influence whether a spoofing attack is successfully resisted or not along with implications for mitigation techniques - and whether environmental factors that are normally detrimental to the accuracy of navigation systems are actually beneficial to system robustness when subject to a spoofing attack.