Nghiên cứu phương pháp phát hiện và xác định vị trí nguồn can nhiễu lên tín hiệu định vị sử dụng vệ tinh
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (5.05 MB, 135 trang )
MINISTRY OF EDUCATION AND TRAINING
HANOI UNIVERSITY OF SCIENCE AND TECHNOLOGY
NGUYEN VAN HIEN
DETECT AND LOCALIZE INTERFERENCE SOURCES FOR
GLOBAL NAVIGATION SATELLITE SYSTEMS
Major: Computer Engineering
Code No: 9480106
COMPUTER ENGINEERING DISSERTATION
SUPERVISORS:
1. Assoc. Prof. Lã Thế Vinh
2. Prof. Fabio Dovis
Hanoi -2022
download by :
STATEMENT OF ORIGINALITY AND AUTHENTICITY
I hereby declare that all the content and organization of the thesis is the product of
my own research and does not compromise in any way the rights of third parties, and
all citations are explicitly specified from credible sources. I further confirm that all
the data and results in the thesis are performed on actual devices completely true and
have never been published by anyone else.
Hanoi, April 2022
SUPERVISORS
AUTHOR
Assoc.Prof. Lã Thế Vinh
Nguyễn Văn Hiên
Prof. Fabio Dovis
i
download by :
ACKNOWLEDGEMENTS
First of all, I would like to sincerely thanks my supervisor Assoc.Prof. La The Vinh,
for his guiding, supporting and motivating me throughout the whole my PhD student
time.
I would also like to express my gratitude to the members of the Navigation, Signal
Analysis and Simulation (NavSAS) and Navis Centre. In many ways, they have
contributed to all the research activities presented in the thesis. In particular, I want
to express my gratitude to Dr. Gianluca Falco and Dr. Nguyen Dinh Thuan, their
endless support and their huge knowledge have greatly contributed to my work. And
I'd like to express my gratitude to Dr. Emanuela Falletti, who offered scientific
guidance and suggestions to help me develope and finish my research during my
period at NavSAS.
Thanks to Prof. Fabio Dovis, who gave me important ideas and guided me to do my
research especially during my period at Politecnico Di Torino.
I sincere thanks to VINIF. With the great financial support of the VINIF, my research
conditions have greatly improved, and I am fully committed to the works with all of
my creative energy.
This work was funded by Vingroup Joint Stock Company and supported by the
Domestic Master/ PhD Scholarship Programme of Vingroup Innovation Foundation
(VINIF), Vingroup Big Data Institute (VINBIGDATA), code VINIF.2020.TS.129.
I'd also like to thank the members of the dissertation committee for their insightful
suggestions, which have helped me develop and finish this dissertation.
Last but not least, I am grateful to my parents and my wife for their unconditional
love, encouragement, support and motivation, as well as for inspiring me to overcome
all challenges and difficulties in order to finish this thesis.
ii
download by :
TABLE OF CONTENTS
STATEMENT OF ORIGINALITY AND AUTHENTICITY .................................... i
ACKNOWLEDGEMENTS ....................................................................................... ii
TABLE OF CONTENTS .......................................................................................... iii
LIST OF ACRONYMS ............................................................................................. vi
LIST OF TABLES .................................................................................................. viii
LIST OF FIGURES ................................................................................................... ix
ABSTRACT ............................................................................................................ xiv
1.
INTRODUCTION ............................................................................................ 16
1.1 Overview..................................................................................................... 16
1.2 Motivation................................................................................................... 17
1.3 Problem statement ...................................................................................... 18
1.4 Contribution ................................................................................................ 19
1.5 Thesis outline .............................................................................................. 20
2.
RELATED WORK .......................................................................................... 21
2.1 Civil GNSS vulnerabilities to intentional interference ............................... 21
2.2 Radio Frequency Interference .................................................................... 23
2.3 GNSS Interference detection techniques .................................................... 25
2.4 Spoofing detection techniques .................................................................... 26
2.4.1 Classification of spoofing threat ........................................................ 26
2.4.2 Spoofing detection algorithms ........................................................... 27
2.5 Conclusions................................................................................................. 32
3.
INTERMEDIATED GNSS SPOOFING DETECTOR BASED ON ANGLE OF
ARRIVAL......................................................................................................... 33
3.1 Fundamental background of GNSS and Spoofing ..................................... 33
3.1.1 GNSS positioning theory ................................................................... 33
3.1.2 GPS signal ......................................................................................... 34
3.1.3 GNSS receiver architecture ............................................................... 35
3.1.4 GNSS spoofing .................................................................................. 35
3.2 Detection of a subset of counterfeit GNSS signals based on the Dispersion
of the Double Differences (D3) ................................................................... 37
iii
download by :
3.2.1 Differential Carrier-Phase Model and SoS Detector ......................... 38
3.2.2 Sum of Squares Detector Based on Double Differences ................... 40
3.2.3 Some Limitations of the SoS Detector .............................................. 42
3.2.4 Detection Of A Subset Of Counterfeit Signals Based On The
Dispersion Of The Double Differences (D3) .................................... 44
3.2.5 Determination of the Decision Threshold ......................................... 45
3.2.6 Cycle slip monitoring: the Doppler shift monitor ............................. 47
3.2.7 Reducing the probability of incorrect decision by time averaging ... 48
3.2.8 Experimental Results ......................................................................... 49
3.3 Performance Analysis of the Dispersion of Double Differences Algorithm to
Detect Single-Source GNSS Spoofing ....................................................... 54
3.3.1 Theoretical analysis of performance and decision threshold ............ 54
3.3.2 Performance evaluation of robust D3 implementations ..................... 65
3.3.3 Considerations on practical performance .......................................... 69
3.3.4 Performance assessment .................................................................... 70
3.4 A Linear Regression Model of the Phase Double Differences to Improve the
D3 Spoofing Detection Algorithm .............................................................. 78
3.4.1 Limitations of D3 algorithm ............................................................... 78
3.4.2 The piecewise linear model ............................................................... 80
3.4.3 The proposed LR-D3 detector ............................................................ 83
3.4.4 Performance assessment with in-lab GNSS signals .......................... 87
3.5 Conclusions................................................................................................. 92
4.
SOPHISTICATED GNSS SPOOFING DETECTOR BASED ON ANGLE OF
ARRIVAL......................................................................................................... 94
4.1 Gaussian Mixture Models and Expectation-Maximization for GMM (source
[76]) ............................................................................................................ 94
4.1.1 Gaussian distribution ......................................................................... 94
4.1.2 GMM Distribution ............................................................................. 95
4.1.3 Maximum likelihood for the Gaussian ............................................ 100
4.1.4 The expectation maximization algorithm for GMM ....................... 101
4.2 A Gaussian Mixture Model Based GNSS Spoofing Detector using Double
Difference of Carrier Phase in simple spoofing scenario ......................... 107
iv
download by :
4.3 A novel approach to classify authentic and fake GNSS signals in
sophisticated spoofing scenario using Gaussian Mixture Models ............ 109
4.3.1 Grouping of Double Carrier Phase Difference ................................ 109
4.4 Multi-Directional GNSS Simulation Data Generation Method Use of
Software Defined Radio Technology ....................................................... 114
4.4.1 Multidirectional GNSS signal simulation ....................................... 114
4.4.2 Signal and system model ................................................................. 114
4.5 Experimental result ................................................................................... 116
4.5.1 Multidirectional GNSS signals simulation ...................................... 116
4.5.2 Sophisticated GNSS spoofing detector ........................................... 118
4.6 Conclusions............................................................................................... 123
5.
CONCLUSIONS AND FUTURE WORKS .................................................. 124
PUBLICATIONS ................................................................................................... 126
REFERENCES ....................................................................................................... 127
v
download by :
LIST OF ACRONYMS
Acronym
Meaning
ADC
Analog to Digital Converters
AGC
Automatic Gain Control
AoA
Angle of Arrival
C/A
Coarse/Acquisition
C/N0
Carrier-to-Noise density
CDMA
Code Division Multiple Access
D3
Dispersion of the Double Differences
DVBT
Digital Video Broadcasting – Terrestrial
FDMA
Frequency Division Multiple Access
FNR
False Negative Rate
FPR
False Positive Rate
GLRT
General Likelihood Ratio Test
GMM
Gaussian Mixture Model
GNSS
Global Navigation Satellite Systems
GoF
Goodness of Fit
GPS
Global Positioning System
GSM
Global System for Mobile Communications
vi
download by :
IMU
Inertial Measurement Units
OEM
Original Equipment Manufacturer
PVT
Position, Velocity and Time
RFI
Radio Frequency Interference
RX
Receiver
SDR
Software-Defined Radio
SIS
Signal in Space
SoS
Sum of Squares
TNR
True Negative Rate
TOA
Time of Arrival
TPR
True Positive Rate
TX
Transmitter
UTMS
Universal Mobile Telecommunications System
VHF
Very High Frequency
VSD
Vestigial Signal Defense
vii
download by :
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
LIST OF TABLES
Table 2.1 Techniques of GNSS spoofing detector based on signal features ............ 29
Table 3.1 Percentage of correct decisions for SoS and D3, in the three scenarios under
test .......................................................................................................................... 52
Table 3.2 Statistical performance of the D3 algorithm with two baselines .............. 67
Table 3.3 Static tests: estimation of the probability of missed detection on the
counterfeit signals (%). the ‘overall’ case is the probability of missed detection of
three counterfeit signals ............................................................................................ 71
Table 3.4 Static tests: Estimation of the probability of false alarms on the authentic
signals (%) ................................................................................................................ 72
Table 3.5 Dynamic tests: aircraft trajectories description ........................................ 73
Table 3.6 Dynamic test TRJ1: Estimation of the probability of missed detection on
the counterfeit signals (%). The ‘overall’ case is the probability of missed detection
of three counterfeit signals ....................................................................................... 75
Table 3.7 Dynamic test TRJ1: Estimation of the probability of false alarm on the
authentic signals (%) ................................................................................................ 75
Table 3.8 Dynamic test TRJ2: Estimation of the probability of missed detection on
the counterfeit signals (%) ........................................................................................ 76
Table 3.9 Dynamic test TRJ2: Estimation of the probability of false alarm on the
authentic signals (%) ................................................................................................ 76
Table 3.10 Static test with Real Measurements: Detection Results for Test #1 ...... 77
Table 3.11 Dynamic tests with Real Measurements: Tests trajectories description 77
Table 3.12 Dynamic tests with Real Measurements: Detection Results for Test #4 78
Table 3.13 Comparison of detection performance for 2 hours of signal simulation:
LR-D3 and standard D3 algorithms ........................................................................... 88
Table 3.14 Detection performance as a function of C/N0 ........................................ 91
Table 4.1 The result of cross validation testing ...................................................... 119
Table 4.2 The result of Fractional DDs in case of Intermediate spoofing attack, where
the DDs of authentic satellites cross the ones related to the spoofed satellites ...... 121
Table 4.3 Normalized confusion matrix of Fractional DDs in case of Intermediate
spoofing attack ........................................................................................................ 123
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
viii
download by :
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
LIST OF FIGURES
Figure 1.1 Applications of GNSS (source: [64]) ...................................................... 16
Figure 2.1 The enviroment for transmitting signals from satellites to receivers
(source: [65]) ............................................................................................................ 21
Figure 2.2 The low SIS signal power of GNSS (source: [75])................................. 22
Figure 2.3 GNSS frequency bands (source:[69]) ..................................................... 22
Figure 2.4 Radio frequency interference .................................................................. 23
Figure 2.5 Intermediated Spoofing Scenario ............................................................ 24
Figure 2.6 Cheap jammers are widely sold online (source: [96]) ............................ 24
Figure 2.7 Techniques for Detecting GNSS Interference ........................................ 25
Figure 2.8 Three continuum of spoofing threat: simplistic, intermediate, and
sophisticated attacks (source:[19]) ........................................................................... 26
Figure 2.9 A summary of the various spoofing detection methods available in the
literature (source: [17]) ............................................................................................. 28
Figure 2.10 Angle of arrival of GNSS satellite ........................................................ 30
Figure 2.11 Angle of arrival defense Spoofing ........................................................ 31
Figure 3.1 Spherical positioning system of GNSS ................................................... 33
Figure 3.2 A fundamental GNSS receiver architecture (source: [72]) ..................... 35
Figure 3.3 Principles of GPS simulator .................................................................... 36
Figure 3.4 Blocks scheme of GPS simulator ............................................................ 37
Figure 3.7 Reference geometry for the dual-antenna system ................................... 40
Figure 3.8 Fractional DDs and SoS detector results under simulated spoofing attack
(H0) .......................................................................................................................... 41
Figure 3.9 Fractional DDs and SoS detector results in normal conditions (H1) ...... 42
Figure 3.10 Fractional DD measurements and SoS detection metric in mixed tracking
conditions under spoofing attack. Only three signals out of nine are counterfeit. The
reference signal is authentic ..................................................................................... 43
Figure 3.11 Example of cycle slips effect on the SoS metric in the presence of single
source. The detector is not able to reveal a spoofing attack when cycle slips occur 43
Figure 3.12 Zero baseline fractional DD measurements for various values of input
C/N0 ratio. In this setup the ratio was equal for all the simulated signals ................ 46
Figure 3.13 Empirical mapping of the relationship between threshold ξk and input
C/N0 ratio .................................................................................................................. 47
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
ix
download by :
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
Figure 3.14 Fractional DD measurements and SoS metric in the presence of single
source after removing cycle slips ............................................................................. 48
Figure 3.15 Authentic signals scenario .................................................................... 49
Figure 3.16 Simplistic spoofing attack scenario ...................................................... 50
Figure 3.17 Intermediate spoofing attack scenario .................................................. 50
Figure 3.18 Fractional DD measurements and SoS metric in the Authentic signals
scenario. When cycle slips occur, the DDs are not computed ................................. 52
Figure 3.19 D3 detector results in the Authentic signals scenario ............................ 53
Figure 3.20 Fractional DDs in case of Intermediate spoofing attack, where the DDs
of authentic satellites (PRN 23) cross the ones related to the spoofed satellites ..... 54
Figure 3.21 Fractional DD measurements in mixed tracking conditions under
spoofing attack. Five signals of eight are counterfeit. The reference signal is
counterfeit, so that Mcnt = 0 ...................................................................................... 57
Figure 3.22 Normalized distribution under the h1 condition: comparison between
theoretical and sample distribution ........................................................................... 57
Figure 3.23 Normalized distribution under the h0 condition: comparison between
theoretical and sample distribution ........................................................................... 58
Figure 3.24 Relationship between ξ2 and pairwise Pmd, under the h0 condition
(logarithmic scale on the Y axis) .............................................................................. 58
Figure 3.25 Comparison between the theoretical Pmd and the computed misseddetection rate Rmd for various values of detection threshold ξ2 ............................... 59
Figure 3.26 Theoretical values of Pfa (3.24) as a function of ξ2 and for several noncentrality parameters λ.............................................................................................. 60
Figure 3.27 Evaluation of the feasible range of values for the non-centrality parameter
λ, as a function of the difference |mj-mk | and of the standard deviation of the
measurement noise σ ................................................................................................ 61
Figure 3.28 Measured values of Rfa as a function of ξ2 for a two-hours simulation in
which |mj-mk | varies along time and so does the non-centrality parameter λ|(h1) .... 61
Figure 3.29 Pairwise operating curves (i.e., pairwise Pfa (λ) as a function of the
pairwise Pmd ) for the D3 detection rule, for several non-centrality parameters λ .... 62
Figure 3.30 Estimated PMD for the D3 algorithm under the H0 condition ................. 64
Figure 3.31 ROC curves for the D3 spoofing detection algorithm, for several noncentrality parameters λ.............................................................................................. 64
Figure 3.32 Estimated PMD for the D3 algorithm with averaged fractional DDs, under
the H0 condition and for different averaging window lengths .............................. 66
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
x
download by :
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
Figure 3.33 Comparison of ROC curves for the D3 spoofing detection algorithm with
1 and 2 baselines, for several non-centrality parameters λ ....................................... 68
Figure 3.34 Static test: Double carrier phase differences with respect to a counterfeit
reference satellite ...................................................................................................... 72
Figure 3.35 Double carrier phase differences of the 1st baseline (top) and 2nd baseline
(bottom) in TRJ 1 ..................................................................................................... 74
Figure 3.36 Block diagram of LR-D3 Detector ........................................................ 78
Figure 3.37 Fractional DD measurements in mixed tracking conditions under
spoofing attack. Five signals of eight are counterfeit ............................................... 79
Figure 3.38 Sequences of decisions, with false alarms, in the standard D3 spoofing
detector algorithm for PRNs 25 and 16 .................................................................... 80
Figure 3.39 Example of fractional DD approximated by piecewise straight lines .. 80
Figure 3.40 Example of estimated value of line slope and intercept ....................... 82
Figure 3.41 Measured pairwise missed-detection rate for the detection events Aij and
Bij evaluated on three data collections at different SNR .......................................... 86
Figure 3.42 Overall probability of missed-detection (PMD) estimated for the LR-D3
and the standard D3 algorithms ................................................................................. 86
Figure 3.43 Measured pairwise false-alarm rate for the detection events Aij and Bij
evaluated on three data collections at different SNR .............................................. 87
Figure 3.44 Overall probability of false-alarm (PFA) estimated for the LR- D3 and the
standard D3 algorithms ............................................................................................. 87
Figure 3.45 Time series of the fractional DD measurements computed from a GNSS
dataset, including both authentic and spoofed signals ............................................. 88
Figure 3.46 Decisions produced by the standard D3 algorithm ................................ 89
Figure 3.47 Decisions produced by the LR-D3 algorithm ........................................ 90
Figure 3.48 Examples of slope estimates (a) and intercept estimates (c), and
associated pairwise false alarm rates for events A7-25(b) and B7-25(d). Here PRN 7∈ S
and PRN 25∈ A ......................................................................................................... 90
Figure 3.49 Measured missed-detection rate and false alarm rate, evaluated on three
data collections at different C/N0 (dataset 1: 39 dBHz; dataset 2: 42 dBHz, dataset 3:
45 dBHz) as a function of the detection threshold λ ................................................ 91
Figure 3.50 Measured pairwise missed-detection rate for the detection events Aij and
Bij evaluated on three data collections at different distance of two antennas .......... 92
Figure 4.1 Block diagram of sophisticated gnss spoofing detector using GMM ..... 94
Figure 4.2 The single variable Gaussian are plotted with 𝜇 = 0 and = 1 ......... 95
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
xi
download by :
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
Figure 4.3 Example of a Gaussian mixture distribution in one dimension, green, blue,
and yellow are shown as components, and their sum is shown in black .................. 96
Figure 4.4 Illustration of a mixture of 3 Gaussian components in 2D; a) Constant
density contour for the 3 components of the mixture; b) The contour of the boundary
probability density p(x) of the mixed distribution; c) Show the distribution of p(x)
along the surface ....................................................................................................... 96
Figure 4.5 Graph showing a mixed model in which the combined distribution is
represented as p(x,z)=p(z)p(x|z) ............................................................................... 98
Figure 4.6 Graph showing a GMM with matching latent points zn for a set of N i.i.d.
data points xn, where n = 1,...,N. ............................................................................ 100
Figure 4.7 Distribution of 2D and PDF datasets respectively according to GMM; (a)
Distribution of 2D datasets and initialization of EM; b) PDF of 3 data sets after 38
iteration of EM; c) Log-Likelihood by number of iterations ................................. 104
Figure 4.8 Illustration of EM algorithm, data distribution and evaluation of PDF by
EM a) After 1/100 iteration; b) After the 2/100 iteration; c) After the 5/100 iteration;
d) After the 10/100 iteration; e) After the 15/100 iteration; f) After 20/100 iteration;
g) After 30/100 iteration; h) After 38/100 iteration ............................................... 105
Figure 4.9 Double carrier phase difference and GMM density functions of spoofed
signals and authentic signals .................................................................................. 108
Figure 4.10 Fractional DD measurements and SoS detection metric in mixed tracking
conditions under spoofing attack with a fake satellite as the reference ................. 109
Figure 4.11 Fractional DD measurements and SoS detection metric in mixed tracking
conditions under spoofing attack with a authentic satellite as the reference ......... 110
Figure 4.12 DD points distribution of all the 4-satellite combination (spoofed 1a 2s –
all the points corresponding to the combinations in which the reference is spoofed,
the other three contain 1 authentic and 2 spoofed satellites) .................................. 110
Figure 4.13 DD of real data and fake data to make the reasonability of the approach
clear, we analyse the difficulty of spoofing identification in the below cases ....... 111
Figure 4.14 DD of the data has only one fake satellite .......................................... 111
Figure 4.15 GMM of DD of the data has only one fake satellite ........................... 112
Figure 4.16 The DD planes for the mixed data, including two spoofed satellites and
two authentic satellites ........................................................................................... 112
Figure 4.17 GMM distribution of DDs................................................................... 113
Figure 4.18 The GNSS simulator architecture is based on SDR technology ......... 114
Figure 4.19 L1 GPS spectral code generation method (Source: [16]) ................... 115
Figure 4.20 Test configuration of GNSS simulation system.................................. 117
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
xii
download by :
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
Figure 4.21 Phase difference for real signal ........................................................... 117
Figure 4.22 Phase difference of conventional simulation signal............................ 118
Figure 4.23 Phase difference of the multi-directional simulation signal ............... 118
Figure 4.24 Fractional DDs in case of Intermediate spoofing attack, where the DDs
of authentic satellites (PRN 25) cross the ones related to the spoofed satellites ... 120
Figure 4.25 False alarm in the D3 detector: a fractional DD from a genuine satellite
crosses the DDs of the spoofed satellites ............................................................... 121
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
xiii
download by :
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
ABSTRACT
GNSS spoofing is a pernicious type of intentional interference where a GNSS
receiver is fooled into tracking counterfeit signals, with the purpose of inducing a
misleading information into the application it is used for.
This work presents the development of a dual-antenna GNSS spoofing detection
technique based on the analysis of the dispersion of the double differences of carrier
phase measurements produced by two GNSS receivers (D3 technique). No
synchronization of the receivers is needed for the algorithm to properly work. The
algorithm is derived from the idea of the Sum of Squares (SoS) detector, recently
presented as a simple and efficient way to detect a common angle of arrival for all the
GNSS signals arriving to a pair of antennas. The presence of such a common angle is
recognized as an undiscussed indication of spoofed GNSS signals. Nonetheless, some
limitations can be identified in the SoS algorithm. First of all, the assumption that all
the signals arrive from the same source; situations are possible in which the receiver
tracks only a subset of counterfeit signals, out of the whole signal ensemble. The idea
presented in this work intends to overcome such limitations, properly modifying the
SoS detection metric to identify subsets of counterfeit signals. The analysis is
supported by several simulation tests, in both nominal and spoofed signal conditions,
to prove the effectiveness of the proposed method.
However, the D3 technique has not been analyzed in a rigorous theoretical way so far
and the detection threshold was, for instance, set only empirically. Aiming at filling
these gaps, this work intends to revise the main concepts of the aforementioned
technique in a clear mathematical way. Thus, the detection threshold will be given
according to a target probability of missed detection. Moreover, the work provides a
thorough analysis of expected performance in terms of probability of missed
detection and probability of false alarm, addressing them first as pairwise probability,
then as overall probability. The effect of the signal C/N0 ratio on these detection
performances is analyzed. Methods to reduce the occurrence of events of false alarm
are also discussed. Eventually, an assessment of performance of the D3 algorithm is
evaluated through a set of tests that emulate real working conditions.
Moreover, this work presents the development of a new metric to improve the
performance of the D3 algorithm. The new metric is based on a linear regression
applied to the fractional phase double differences. The original D3 algorithm is
sometimes prone to false alarms and to missed detections. The idea presented in this
work intends to overcome such limitations by leveraging on the fact that the fractional
double differences are characterized by having a piecewise linear trend, with different
slopes and intercepts. By evaluating the dispersion of such two parameters instead of
the double difference measurements directly, it is possible to design a more robust
spoofing detector. The performance of this linear regression-based method is very
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
xiv
download by :
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
promising, since no cases of false alarms or of missed detections have been observed
in all the performed tests.
In the next contribution, we propose a novel method to effectively detect GNSS
(Global Navigation Satellite Systems) spoofing signals. Our approach utilizes
mixtures of Gaussian distributions to model the Double Carrier Phase Difference
(DD) produced by two separated receivers. DD values contain the angle of arrival
(AOA) information and a small amount of Gaussian noise. The authentic GNSS
signals come from different directions, therefore AOA values are different for each
satellite. In contrast, spoofing signals from one broadcaster should always have the
same direction. Therefore, DD values of authentic satellites contain mainly the double
difference of AOA values, while DD of spoofing satellites contains only an
insignificant amount of Gaussian noise. That rough observation is the theoretical
basis for our proposal in which we use Gaussian Mixture Model (GMM) to learn the
distribution of DD values calculated for both kinds of satellites. The pre-trained
GMMs are then utilized for detecting spoofed signals coming from spoofer.
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
xv
download by :
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
1. INTRODUCTION
1.1 Overview
The Global Navigation Satellite Systems (GNSS) are used in many civil fields for
positioning services that need accuracy and security (Figure 1.1), such as vehicle
tracking, unmanned aircraft, precise agriculture, pay-as-you-drive, financial
transactions, etc.
All these services could potentially be attacked by hackers for economical or even
terroristic interests [1], [2]. The fact that, almost all services rely on GNSS civil
signals, which are easily interfered unintentionally or intentionally. In reality, the
threat of intentional Radio Frequency Interference (RFI), such as jamming or
spoofing attacks, is growing in popularity. The major hazard in this situation is when
the receiver is not aware of being fooled; therefore, it does not raise any alarm to the
hosting system, which is induced to make wrong and possibly hazardous decisions
based on spoofed position, velocity and time (PVT) information [51]-[55]. This attack
is known with the name of ‘spoofing’ [1]-[5],[30].
Figure 1.1 Applications of GNSS (source: [64])
Over the last decade, spoofing has been perceived as a more and more concrete threat.
This perception has been motivated by technological progresses and by the
availability of advanced software-defined radio (SDR) platforms making the
16
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
download by :
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
development of GNSS spoofers not only feasible but also affordable [17].
Furthermore, many public channels are active source of information and awareness,
as for example web sites, social platforms and online magazines [39] - [42].
Spoofing attacks can be defeated by exploiting specific features which are difficult to
be counterfeited at the signal, measurement, and position level [4], [5], [9],[11]-[15].
A detailed survey of the most promising techniques for spoofing detection proposed
in the last decade for civil signals can be found in [5] where several methods are
described and compared in terms of complexity and effectiveness. Among all these
families of approaches, spatial processing based on the AoA defense is probably the
most robust and effective technique to detect and possibly mitigate the counterfeit
signals [14],[15]. However, AoA-based methods in cost-constrained mass-market
applications are still difficult for several reasons: costs of the equipment, complexity
of the processing and size of the installation.
In [16], [17] the authors developed a method for spoofing detection based on
differential carrier phase measurements from a pair of receivers and antennas; it
neither requires dedicated hardware nor needs special constraints on the geometry of
the system; only the knowledge of the baseline (of the relative position of the two
receiving antennas), is needed. However, although these methods have been proved
to be simple but efficient technique to detect spoofing attacks, they still have some
limitations that will be discussed in the following sections.
According to [19], [5], [12] spoofed attacks can be divided into three main categories:
simple spoofing attack, intermediated spoofing attack, sophisticated spoofing attack.
The simple spoofing attack can be easily detected by the existing techniques [5].
However, these methods may not detect well the intermediated spoofing attack and
sophisticated spoofing attack [5]. Recently, those kinds of attacks are proved to be
increasingly popular [8], [2].
Therefore, the thesis focuses to study the detection of spoofing in the intermediated
and sophisticated cases to ensure the reliability and accuracy of services using GNSS.
1.2 Motivation
From the analysis above, it can be seen that ensuring the safety and reliability of
GNSS applications is increasingly important and urgent. Currently, the proposed
detection methods are not really practically effective [19] -[17], they either require
directly interfering to the system signal or using ancillary equipment, leading to
higher costs. Meanwhile, the affordable AoA approaches are however not really
effective in complex attack situations. Therefore, the first motivation in this work is
to propose a method to improve the performance of low-cost AoA-based methods to
detect intermediate and complicated spoofings (spoofed signals comes from different
directions).
17
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
download by :
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
Regarding the dataset for spoofing detection research, most of the GNSS
simulators (IFEN, Spirent, SkyDel, Teleorbit, etc) generate uni-direction signals or
require specific costly license for multi-direction signals. Therefore, the second
motivation of the thesis is to propose a method to generate fake signals from different
directions for the validation of complicated spoofing detection methods.
1.3 Problem statement
To the best of our knowledge, the spoofing detection based on AoA is perhaps the
most powerful and efficient technique for detecting and possibly minimizing false
signals [14], [15]. However, its use in commercial applications is limited by a number
of reasons: costs, processing complexity and size of receiver.
The authors of [16], [17] develop a simple method for spoofing detection based on
differential carrier phase measurements from a pair of receivers and antennas. It
requires neither a specialized hardware nor special geometrical constraints; the only
technical requirement is the synchronization of the receivers and the distance between
the two antennas. This method is known as sum of squared (SoS) detector. Unlike
other works [6], SoS models the integer ambiguity component of the carrier phase
measurement as random variables having values in a set of integers ambiguities.
These variables are deduced using the general likelihood ratio test (GLRT) approach
[10], [16].
Though the computational complexity is significantly decreased; this method
leverages on carrier phase measurements, possible cycle slips can occur and need to
be detected and mitigated before forming double difference carrier phase measures.
Furthermore, the SoS approach considers just the condition of having the whole
signal ensemble either counterfeit or authentic, while it does not consider possible
scenarios where the victim’s receiver is locked onto a subset of spoofed satellites,
while for the remaining are still authentic ones (so-called ‘mixed tracking’ in the rest
of the work) [8], [9], [2].
In this work, we focus on proposing AoA-based spoofing detection methods which
address the limitations pointed out in typical existing work (especially in SoS
approach). Furthermore, we are also interested in validating our method in
complicated spoofing scenarios wherein spoofed signals may come from different
directions. However, it is the fact that generating multi-direction spoofed signals
require special high-cost equipment installation; therefore, we propose to use a
software-based receiver approach to modify the signal phase to simulate the signals
angle of arrival.
18
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
download by :
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
1.4 Scope of Research
The work focuses on the technique for detecting spoofed GNSS. In the first
methodology, a method to detect mixed spoofing signals using commercial receivers
and dual antennas was proposed. In this method, the distance between the two
antennas is fixed at roughly two meters to avoid noise when performing differential
computations between the two receivers. The GMM machine learning model is used
in the second method to detect spoofing signals coming from multiple directions. To
attack spoofing from many different directions, we have to synchronize the spoofing
signal generators. To implement this method, we have to use high-precision and
expensive clocks. Therefore, we use the method of transmitting only one spoof
satellite to fool the receiver.
1.5 Contribution
This work focuses on solving the spoofing detection problem based on AoA
approach. In addition, to overcome the limitation of the lack of dataset for testing
spoofing detectors, we also propose a method for simulating unauthentic signals in
two typical scenarios: spoof only and mixed signals from different directions. Our
work has the below main contributions:
First, we propose AoA-based methods for spoof detection, in our proposal we utilize
D3 measurement to overcome the limitation of the existing SoS methods.
V.H. Nguyen, G. Falco, M. Nicola, and E. Falletti (2018) “A dual antenna GNSS
spoofing detector based on the dispersion of double difference measurements”, in
Proc. Int. 9th ESA Workshop on Satellite Navigation Technologies and European
Workshop on GNSS Signals and Signal Processing (NAVITEC), Noordwijk,
Netherlands, Dec. 2018, 5-7, DOI: 10.1109/NAVITEC.2018.8642705.
Van Hien Nguyen, Gianluca Falco, Emanuela Falletti, Mario Nicola, The Vinh
La (2021), “A Linear Regression Model of the Phase Double Differences to
Improve the D3 Spoofing Detection Algorithm”. European Navigation Conference
2020, 23-24 November 2020, Dresden, Germany.
E. Falletti, G. Falco, Van Hien Nguyen, M. Nicola (2021) “Performance
Analysis of the Dispersion of Double Differences Algorithm to Detect GNSS
Spoofing”. IEEE Transactions on Aerospace and Electronic Systems. Early
Access. Print ISSN: 0018-9251. Online ISSN: 1557-9603. DOI:
10.1109/TAES.2021.3061822.
Second, this thesis introduces a novel approach to classify authentic and fake GNSS
signals using Gaussian Mixture Models (GMMs) and increase detection accuracy
while eliminating the need for any parameter tuning process through automated
learning (Expectation Maximize algorithm). This method can improve the
performance of the algorithm to detect spoofed signals in the sophisticated case.
Nguyen Van Hien, Nguyen Dinh Thuan, Hoang Van Hiep, La The Vinh (2020)
“A Gaussian Mixture Model Based GNSS Spoofing Detector using Double
Difference of Carrier Phase. Journal of Science and Technology of Technical
19
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
download by :
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
Universities, pp. 042047, Vol. 144 (6-2020).
Third, we develop a method to simulate signals coming from different directions
which are used to validate the detection algorithm in multi-direction attack scenarios.
Nguyễn Văn Hiên, Cao Văn Tồn, Ngũn Đình Thuận, Hồng Văn Hiệp (2020),
"Phương pháp sinh dữ liệu mô phỏng GNSS đa hướng sử dụng công nghệ vô tuyến
điều khiển bằng phần mềm". 178-185, số Đặc san Viện Điện tử, 9 - 2020, Tạp chí
Nghiên cứu Khoa học Cơng nghệ qn sự.
1.6 Thesis outline
The dissertation is composed of five chapters as follows:
Chapter 1 Introduction. This chapter briefly introduces the research area. The
importance of the topic, the definitions and the existing approaches are clearly
addressed. Then the thesis focuses on the contributions are also presented clear.
Chapter 2 Related Work. This chapter first summarizes the importance of services
using GNSS. Then, a comprehensive survey of the previous algorithms, existing work
relating to interference detector are presented. The limitations of the previous
algorithms are clearly analysed and resolved.
Chapter 3 Intermediated GNSS Spoofing detector based on angle of arrive. The
development of a dual-antenna GNSS spoofing detection technique based on the
dispersion of the double differences of carrier phase measurements created by two
GNSS receivers is presented in this chapter.
Chapter 4 Sophisticated GNSS spoofing detector based on angle of arrive. The
chapter present an algorithm that using an automated learning process, this approach
can improve detection accuracy and detect GNSS spoofing in the sophisticated
scenario while obviating the need for any parameter tuning procedures (Expectation
Maximization algorithm).
Chapter 5 Conclusion and future works. A conclusion is given in this chapter.
Furthermore, some limitations of the work are presented, along with possible
solutions, which may need additional study.
20
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
download by :
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
2. RELATED WORK
This chapter presents vulnerabilities of civil GNSS with more focus on different types
of spoofing techniques. We also briefly introduce some state-of-the-art methods for
GNSS spoofing detection and analyse the advantages as well as disadvantages of the
surveyed methods. From the analysis, we propose our approach to improve the
current limitations of the existing work.
2.1 Civil GNSS vulnerabilities to intentional interference
Because of the low SIS signal strength [65] (Figure 2.2) (GPS L1 C/A code: -158.5
dBW; Galileo E1: -157 dBW) and the physical environment in which signals are
transmitted from satellites to receivers (Figure 2.1), GNSS receivers are extremely
vulnerable. An interfering signal that is just a few orders of magnitude stronger than
the minimum received GNSS signal intensity will cause a receiver to lose lock on a
satellite. Navigation receivers are vulnerable to strong interfering signals such as
jamming, ionospheric and tropospheric effects and RF emitters.
Figure 2.1 The enviroment for transmitting signals from satellites to receivers
(source: [65])
According to [67], GNSS nowadays use Code Division Multiple Access (CDMA),
while GLONASS legacy signals use the Frequency Division Multiple Access
(FDMA) technique. However, over the last decade, modernized GLONASS satellites,
such as the GLONASS-K1 satellites (launched in 2011, transmitting CDMA signals
on L3-band), the GLONASS-M satellites (including CDMA signals on L3-band since
2014), and the GLONASS-K2 satellites, have begun to include additional CDMA
signals (launched in 2018, transmitting CDMA signals also on L1- and L2-bands). In
the presence of interfering signals, the receiver's dispreading procedure spreads the
power of the interfering signal over a large bandwidth as show in Figure 2.2. Other
21
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
download by :
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
radio frequency signals can also cause problems such as DVBT, which is used as
an incentive signal, has harmonics in the GNSS bandwidth.
Because the GNSS signal structure is publicly open, it is vulnerable to the illicit
transmission of counterfeit signals, which may fool an unprotected receiver. The use
of false GNSS signals to deceive the victim GNSS receiver's location or time
information without completely disrupting its operations is one of the most dangerous
attacks. This type of attack is known as spoofing [1], [5].
Figure 2.2 The low SIS signal power of GNSS (source: [75])
Figure 2.3 GNSS frequency bands (source:[69])
22
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
download by :
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
2.2 Radio Frequency Interference
Radio Frequency Interference
Intentional interference
Unintentional interference
ã
ã
ã
ã
ã Spoofing
ã Jamming
Mobile satellite services
VHFs
DVTB
Radar systems
Figure 2.4 Radio frequency interference
With low power signal, GNSS can be attacked by RFI, both unintentional and
intentional as shown in Figure 2.4.
(1) Unintentional interference
Radio frequency systems such as radar systems, DVTB, VHFs, mobile satellite
services, and personal electronics with high power harmonics and intermodulation
products [8] can inadvertently interfere with the GNSS signal. However, this kind of
interference is somewhat resolved by properly radio frequency band management
policies which are currently used by all governments.
(2) Intentional interference
The first type of intentional RFI is jamming. A jamming attacker uses devices to
generate powerful signals in the GNSS band (Figure 2.6), resulting in a variety of
effects (which may lead to failed operation of GNSS receivers). With the existing
handheld GNSS jammers, GNSS signals within a radius of a few tens of meters are
completely disrupted. The operating principle of these devices is to use a chirp signal
to intervene in the GNSS signal's operating frequency range. To the best of our
knowledge, there are no effective methods for reducing the impact of this type of
attack.
Spoofing is another form of intentional interference and is one of the most dangerous
attacks (Figure 2.5). Because this technique uses devices to broadcast fake GNSS
signals to mislead the victim GNSS receiver's position or time information without
completely disrupting its operations. The incorrect position, velocity and time
23
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
download by :
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
information produced by the attacked receiver may result in even more serious
problems if they are used in other important systems like: financial transaction
synchronization, energy transmission, etc.
Figure 2.5 Intermediated Spoofing Scenario
Figure 2.6 Cheap jammers are widely sold online (source: [96])
24
Nghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinhNghiên.cỏằâu.phặặĂng.phĂp.phĂt.hiỏằn.v.xĂc.ỏằnh.vỏằ.trư.nguỏằn.can.nhiỏằu.lên.tưn.hiỏằu.ỏằnh.vỏằ.sỏằư.dỏằƠng.vỏằ.tinh
download by :
