TACTIC

Starting point / motivation

Global Satellite Navigation Systems (GNSS) utilize the time difference of arrival (TDOA) principle to provide position and time information to a multitude of users. Due to the large distances between satellites and users, the system may be compromised if suitable signals are broadcast on the same frequencies as used by the GNSS.

One distinguishes between spoofing and jamming signals, if those interfering signals are broadcast intentionally. Whereas many research and evidence of jamming has been gained in the past, the awareness about spoofing threats may still further be stressed for the navigation community and GNSS user groups.

Spoofing aims at deceiving the GNSS receiver’s estimate of position and timing information, by broadcasting GNSS-like signals. A spoofing device exploits the full documentation of the open service GNSS signals and is able to broadcast a perfectly modified signal. Resistance against spoofing is partly intrinsically present in open service GNSS user receivers (e.g. receiver autonomous integrity monitoring) or applications, but those counter-measures have never been tested under a realistic spoofing attack.

In contrast to open service signals, encrypted GNSS signals, like the Galileo PRS service are inherently more robust against spoofing, as the detailed signal structure of PRS is kept secret. The threats of intentionally falsified or disrupted GNSS signals may still bring further awareness in the GNSS user community of critical infrastructure entities. Also there are hardly any experiments with spoofing attacks for the benefit of the society (e.g. protection against hostile UAVs).

Methods

The experimentation includes a realistic setup of target GNSS receivers and an open-service GPS/Galileo L1/E1 spoofing device transmitting the spoofing signal over the air. Commercial off-the-shelf jammers are also considered.

Envisaged spoofing cases are controlled landing of an UAV, deceiving a user navigating with a smart phone and impacting the time synchronization of an electrical power network. In parallel a PRS-like signal will be broadcast from a pseudolite and received simultaneously with the open service satellite + spoofing signal. This will allow assessing the benefit of future Galileo PRS receivers against those threat scenarios.

Contents and goals

The project team has all required expertise to design, implement and execute such demanding experiments. Certainly, as a mutual benefit, such research work will further increase the project team’s competence and will strengthen their position in the related scientific community and market. The benefit of the TACTIC project for the GNSS user community is an increased awareness of this threat and a better assessment of the likelihood of such cases.

Expected results

By close cooperation with respective stakeholders, the dissemination of TACTIC results is maximized. From the technology point of view, software-defined GNSS signal transmission technology is developed, which can be commercialized later in terms of a spoofing device, a GNSS pseudolite or for a GNSS RF simulator. An existing GNSS receiver is tested for its robustness against spoofing and recommendations can be given how a spoofing/jamming attack can be identified and what counter measures are most useful.

Coordinator

JOANNEUM RESEARCH Forschungsgesellschaft mbH

Project partner

IGASPIN GmbH

JOANNEUM RESEARCH Forschungsgesellschaft mbH
DI. Roman Lesjak
Steyrergasse 17
A-8010 Graz