A satellite navigation system is a system that uses satellites to provide autonomous geopositioning. When a satellite navigation system has global coverage, it is referred to as a Global Navigation Satellite System (GNSS). As of today, there are four operational global systems: the GPS of the United States, Galileo of the European Union, GLONASS of Russia, and BeiDou of China. All of these systems rely on the transmission of formatted signals from multiple satellites, allowing receivers to extract their own geopositioning solutions.
GNSS Spoofing
GNSS spoofing is a technique in which false (but convincing and seemingly legitimate) signals are broadcast with the intent of tricking the “victim” receiver(s) into misinterpreting them as authentic signals, causing the system to operate incorrectly. The tricked system(s) may end up calculating a false position fix, a false clock offset, or both. Consecutive false position and/or timing fixes can lead to abnormal and even potentially dangerous behavior in the victim system(s).
Since GNSS standards are typically open (allowing vendors to design and manufacture compliant receivers), it is relatively straightforward to mimic the messaging behavior of GNSS satellites. An authentic GNSS signal is usually transmitted by a satellite at an altitude between 19,100 km (for GLONASS) and 35,786 km (for BeiDou). On its way to Earth, the signal undergoes various degrading effects, such as attenuation, distortion, and dispersion, particularly at the ionosphere. Depending on the satellite’s position in the sky and atmospheric conditions, the GPS signal strength at the receiver end can vary legitimately between –160 dBW and –153 dBW, with a time delay of about 300 ns. Thus, by adjusting the transmitted power and timing, it is technically possible to deceive the victim system(s) with convincingly fake signals. Depending on the budget and complexity, spoofing attacks can be executed using various approaches, such as open-loop signal simulation attacks, meaconing (or record-and-replay) attacks, and multi-transmitter meaconing attacks. In these attacks, it is also common to nullify or suppress the authentic GNSS signals, making it easier for the victim to be convinced by the fake signals.
Counter Spoofing Precautions
For a long time, the GNSS receiver community did not consider spoofing a major threat, and as a result, counter-spoofing design considerations have been limited. As mentioned earlier, the GPS signal strength at the receiver side typically ranges from –160 dBW to –153 dBW, with a time delay of approximately 300 ns. Therefore, monitoring the signal strength (via carrier-to-noise ratio) and measuring the time delay (using time-of-arrival decomposition) could be intuitive techniques for detecting whether a received signal is authentic or spoofed. Other potential discriminators for distinguishing spoofed signals from authentic ones include Doppler shift, signal direction, authentic-fake signal correlation, and discrepancies between solutions obtained from different GNSS systems. However, most modern receivers (estimated at nearly 6.5 billion) are not capable of detecting these differences.
Once spoofing is detected, the next step is mitigation, which could involve nullifying the receiver antenna’s signal reception towards the spoofed signal direction (if possible) or discarding the information carried by the fake signal. Unfortunately, most GNSS receivers on the market lack spoofing detection and/or mitigation capabilities.
Anti Spoofing Capabilities of TUALCOM Products
TUALCOM products are equipped with Controlled Reception Pattern Antennas (CRPAs) that use digital beamforming techniques to quickly detect the direction of abnormal GNSS signals and nullify reception in the relevant direction. The operating principle of these products is based on distinguishing authentic (satellite-based) signals from fake (ground-based) signals by analyzing their strengths and time delays. This is achieved by dedicating one antenna of the CRPA to receive the GNSS satellite signal, while the other antennas are used for beamforming and nullifying purposes. This feature, which enables the detection and suppression of unwanted or interfering signals, provides inherent resilience not only against jamming but also against spoofing.
Certainly, achieving this requires specialized knowledge in digital beam control and antenna integration, which goes beyond the expertise required to develop ordinary GNSS receivers. TUALCOM’s superior in-house engineering capabilities have enabled the development of a state-of-the-art Digital Antenna Control Unit (DACU), which utilizes the CRPA for mitigation against jamming and spoofing. The proprietary DACU can easily be configured to control 2-, 4-, or 8-antenna systems.
Hence, TUALCOM products provide a highly reliable source of position information, regardless of the integrated system’s status (whether it is a legacy system or one developed for a specific purpose) or application (military or non-military). Last but not least, relevant TUALCOM products ensure robust GNSS operation under interference (including spoofing and jamming) while complying with size, weight, power, and cost considerations.
