spoofing aspects at receiver start-up
Post on 27-Nov-2021
2 Views
Preview:
TRANSCRIPT
Spoofing Aspects at Receiver Start-Up
Manuel Appel German Aerospace Center (DLR)
Institute of Communications and Navigation
manuel.appel@dlr.de
Meeting #3
WGC – Resilience Subgroup
10.04.2018
Maspalomas, Gran Canaria
Simulations
www.DLR.de • Chart 2 > Spoofing at Startup > M. Appel • WGC Maspalomas > April 2018
Lab Setup
Common Constellation:
Simplistic Setup (unsynchronized)
www.DLR.de • Chart 3 > Spoofing at Startup > M. Appel • WGC Maspalomas > April 2018
Timing
Bunch of different runs:
- Different speed
- Different Power
Location
Simplistic Setup (unsynchronized) – with RFI
Depends on Receiver
www.DLR.de • Chart 4 > Spoofing at Startup > M. Appel • WGC Maspalomas > April 2018
Timing with “knock-out”
No Pattern
Explanation
www.DLR.de • Chart 5 > Spoofing at Startup > M. Appel • WGC Maspalomas > April 2018
Interference forces receiver into
reacquisition.
Dependent on search strategy, either
authentic or fake peak is found first and
tracked.
Synchronization
Receiver Aspects – Startup, Acquisition
www.DLR.de • Chart 6 > Spoofing at Startup > M. Appel • WGC Maspalomas > April 2018
- Search strategy (in Acq. or
Reacq.) in 2D-grid if serial search
is implemented
- Search method (either serial or
parallel FFT-based)
- Noise floor estimation at startup
Receiver Aspects - Tracking (1)
www.DLR.de • Chart 7 > Spoofing at Startup > M. Appel • WGC Maspalomas > April 2018
Receiver Aspects - Tracking (2)
www.DLR.de • Chart 8 > Spoofing at Startup > M. Appel • WGC Maspalomas > April 2018
Effect of loop parametration on spoofing sync (peaks overlap!)
Feasibility Issues (1)
www.DLR.de • Chart 9 > Spoofing at Startup > M. Appel • WGC Maspalomas > April 2018
- Since no synchronization is necessary, feasibility is given by using
commercial hardware
- Either signal simulators or SDR Platforms will be enough (software on
Github)
- Very unlikely that correlation functions overlap, i.e. only one peak per PRN
will be tracked.
bla
deR
F D
EF
CO
N23
(~600
€)
HackR
F (
for
Pokem
on)
(~500 €
)
R&
S (
SM
BV
A100A
)
(~30 k
€)
A. Broumandan, A. Jafarnia Jahromi, S. Daneshmand, and L. Gérard, “GNSS
Vulnerability to Spoofing Threats and a Review of Anti-Spoofing Techniques,”
presented at the ION Alberta Meeting, Alberta?, 24-Jan-2014.
Feasibility Issues (2)
www.DLR.de • Chart 10 > Spoofing at Startup > M. Appel • WGC Maspalomas > April 2018
Issue: Power calibration of spoofer to match nominal power
Easier (for spoofer) if farer away!
Possible Occurrences
www.DLR.de • Chart 11 > Spoofing at Startup > M. Appel • WGC Maspalomas > April 2018
Every time the victim is “parked” and navigation is turned on or restarted
Examples:
- Airport
- Parked train, train passing tunnel
- Harbor
If mix is found/tracked: Allows for ARAIM based detection
Questions to the group
www.DLR.de • Chart 12 > Spoofing at Startup > M. Appel • WGC Maspalomas > April 2018
- How does this fit in the current threat model? (see threat_notes_v0.9)
- Are ARAIM methods (would be a link to the other subgroup) useful? Which
ones?
- How to deal with receiver implementation aspects?
- Possible defend strategies?
Countermeasure proposals:
- Second peak constant search/acquisition
- Second peak tracking if overlapped
- Recommendation for loop implementation (Tobias Bamberg)
top related