Understanding GNSS Signal Vulnerabilities: Exploring Jamming vs. Spoofing
As our reliance on Global Navigation Satellite Systems (GNSS) grows, so does our awareness of the vulnerabilities they face, including environmental conditions, system errors, and intentional interference. Among the most critical threats are jamming and spoofing attacks.
1️⃣ Defining Jamming and Spoofing:
- Jamming: This involves emitting high power RF signals, matching GNSS frequencies, to disrupt or block reception since the GNSS receiver cannot anymore distinguish the original GNSS signal given the presence of a much higher power RF signal.
- Spoofing: A more sophisticated attack that consists of a radio transmitter sending false GNSS signals with higher power, causing the target receivers to compute an incorrect time and/or position. This technique poses serious threats to industries relying on GNSS positioning, such as autonomous vehicles, UAVs and surveying, since GNSS receivers providing critical location information might not figure out that they are being spoofed and therefore the estimated location will be assessed as valid. Spoofers can either emit signals recorded at a different location and time (meaconing), or create and send modified satellite signals.
2️⃣ Anti-Jamming and Anti-Spoofing Techniques:
Jamming and spoofing are two different issues that must be treated using specific techniques for each case. In order to counteract jamming, the following strategies can be used (not intended to be a comprehensive list):
1. Filter the interference once it gets to the receiver. This technique can be used with out-of-band data (signals are in a different channel than the GNSS data), but it is not the most effective method.
2. Equip the receiver with an IMU (Inertial Measurement Unit), which measures the receiver’s acceleration and angular velocity, to then combine this information with the data collected by the GNSS receiver and provide a more reliable estimate of the PNT.
3. Nulling. This is done through a system that can detect the direction from which the interfering signal is coming, and then adjust the receiving strength of the antenna to create “nulls” (no values) in that direction. In this way, we are able to ignore the undesired interference signal. This technique, which can be also applied as an anti-spoofing measure, requires a sophisticated RF subsystem that is not representative of the mainstream GNSS solutions.
As for anti-spoofing mechanisms, there are several offerings, representing different levels of protection:
1. Signal-processing algorithms can detect sudden variations in the properties of the signal that is being received, like its amplitude, phase or power. It is only a detection system so, once the spoofing has been spotted, it does not help suppressing it.
2. Employing a SAASM (Selective Availability Anti-Spoofing Module) receiver, used for the GPS constellation, which can only track the encrypted Y-code when it carries a valid decryption key. These can only be used by approved government or military users. The new military signal called M-code, which has been designed to further improve the anti-jamming and secure access of the military GPS signals, seems to be the future of military GPS anti-interference solutions.
3. Using multi-constellation receivers that can track the data from several constellations like Galileo, GLONASS and GPS might help in protecting against spoofing attacks. Multi-constellation receivers are becoming mainstream, available to all customers, and can be effective because they force the spoofer to emit all GNSS signals at the same time, otherwise the assault will fail to trick the receiver that would be able to detect the presence of an interference given the different constellations’ signals behaviors.
3️⃣ The Role of OSNMA in Anti-Spoofing:
The rise of spoofing incidents underscores the need for robust defenses even in mass-market navigation applications. Here is when the new Galileo service OSNMA comes into place:
OSNMA (Open Service Navigation Message Authentication), developed by Galileo authorities #EUSPA, is another mechanism designed to authenticate navigation data coming from Galileo in order to secure devices against spoofing. It uses hybrid cryptography to ensure data authenticity and accurate positioning, even in the presence of spoofed signals. In other words, it acts as a digital signature that proves that the data caught by the receiver is valid and real. OSNMA is a signal-in-space service that will be available for its use for all the Galileo users with a receiver able to track Galileo E1-B signal, therefore it is oriented to mass-market solutions so that its protection can benefit the maximum number of users possible. OSNMA capable GNSS solutions will be able to detect GNSS spoofing.
4️⃣ Recent Incidents:
Jamming attacks are very common and frequent, and most of them are caused by “privacy protection devices”, which are illegal in many countries. Although spoofing attacks may seem inferior in number (may be due to the fact that successful spoofing assaults are not detected or reported), recent data from the European Business Aircraft Association and Airbus Flight Data Monitoring reveal a significant rise in GNSS outages due to spoofing incidents, emphasizing the concerning accessibility of spoofing technology. In a stark illustration of the problem, the Airbus Flight Data Monitoring recorded 49,605 incidents in 2022, a dramatic increase from 10,843 the previous year.
At Rokubun, we prioritize navigation security with solutions that integrate advanced anti-spoofing technologies. By leveraging tools like OSNMA, we ensure reliable and accurate positioning, even in challenged environments.
More information about our OSNMA SDK for spoofing protection can be found here: https://www.rokubun.cat/white-paper/