Gnss Spoofing Detection Using High-Frequency Antenna Motion And Carrier-Phase Data

A method is developed that processes Global Navigation Satellite System (GNSS) beat carrier phase measurements from a single moving antenna in order to determine whether the GNSS signals are being spoofed. This technique allows a specially equipped GNSS receiver to detect sophisticated spoofing that cannot be detected using receiver autonomous integrity monitoring techniques. It works for both encrypted military signals and for unencrypted civilian signals. It does not require changes to the signal structure of unencrypted civilian GNSS signals. The method uses a short segment of beat carrier-phase time histories that are collected while the receiver's single antenna is undergoing a known, high-frequency motion profile, typically one pre-programmed into an antenna articulation system. The antenna also can be moving in an unknown way at lower frequencies, as might be the case if it were mounted on a ground vehicle, a ship, an airplane, or a spacecraft. The spoofing detection algorithm correlates high-pass-filtered versions of the known motion component with high-pass-filtered versions of the carrier phase variations. True signals produce a specific correlation pattern, and spoofed signals produce a recognizably different correlation pattern if the spoofer transmits its false signals from a single antenna. The most pronounced difference is that non-spoofed signals display variations between the beat carrier phase responses of multiple signals, but all signals' responses are identical in the spoofed case. These differing correlation characteristics are used to develop a hypothesis test in order to detect a spoofing attack or the lack thereof. For moving-base receivers, there is no need for prior knowledge of the vehicle's attitude. Instead, the detection calculations also provide a rough attitude measurement. Several versions of this spoofing detection system have been designed and tested. Some have been tested only with truth-model data, but one has been tested with actual live-signal data from the Global Positioning System (GPS) C/A code on the L1 frequency. The live-data tests correctly identified spoofing attacks in the 4 cases out of 8 trials that had actual attacks. These detections used worst-case false-alarm probabilities of 106, and their worst-case probabilities of missed detection were no greater than 1.6x10-6. The ranges of antenna motion used to detect spoofing in these trials were between 4 and 6 cm, i.e., on the order of a quarter-cycle of the GPS L1 carrier wavelength.