The U.S. government has been aware of the vulnerability of unencrypted civilian GNSS signals to spoofing at least since the Department of Transportation released its Volpe report in 2001. A spoofer intentionally broadcasts signals that look like true signals to User Equipment receivers (UE). These false signals can fool a receiver into an incorrect determination of its position, receiver clock time, or both.
Spoofing of civilian GNSS signals is straightforward because their full characteristics are publicly available. It is relatively easy to synthesize false signals with the same characteristics. Encrypted military signals, such as the GPS P(Y) and M codes, are much harder to spoof. One must break their encryptions or use a meaconing-type attack, an attack which involves reception and rebroadcast of actual encrypted signals.
Spoofing of OPS receivers has been in the news recently. In December 2011, Iran captured a highly classified stealth drone that belonged to the U.S. government. An Iranian engineer claimed that they spoofed the drone's GPS in a way which fooled it into thinking that it was landing at its home base in Afghanistan. In reality, it was descending into the hands of waiting Iranian military personnel. It remains unclear how much of the Iranian claims are true, but their claims are not outlandish and have to be taken seriously.
In June 2012, a group led by Todd Humphreys of UT Austin spoofed a small helicopter Uninhabited Air Vehicle (UAV) using live, on-air spoofing signals as part of a specially authorized test at White Sands Missile Range, N. Mex. The UT Austin team caused the UAV to execute unintended maneuvers by spoofing its GPS-derived position and velocity. One of the untended maneuvers involved a near landing when the UAV had been commanded to hover about 20 m above the ground.
Existing anti-spoofing technology known as Receiver Autonomous Integrity Monitoring (RAIM) will not suffice to detect sophisticated spoofing attacks. Therefore, a number of recent and on-going efforts have sought to develop advanced spoofing detection methods that can alert a user to a sophisticated attack. These methods include advanced RAIM algorithms that operate at the correlator/discriminator/tracking-loop level, algorithms that cross-correlate the unknown encrypted parts of a signal between a potential victim receiver and a secure receiver, Navigation Message Authentication (NMA) that relies on proposed insertions of encrypted authentication elements within the low-bandwidth navigation message, multiple-antenna techniques, and moving-antenna techniques
Other references have described multiple-antenna techniques that do not perform spoofing detection. Rather, this class of techniques is used to mitigate spoofing by attenuating it without the need to formally detect it.
Each of the newer techniques has strengths and weaknesses. Advanced RAIM methods require only modest changes to receiver software and hardware, but they may only be able to detect spoofing at the onset of an attack. If an advanced RAIM algorithm misses the attack during this short window, then it may go undetected. The cross-correlation techniques can detect spoofing rapidly at any time during an attack, perhaps in as little as 0.2 seconds, but they rely on a high bandwidth communications link between the defended receiver and a secure receiver. NMA introduces encryption-level security into the civilian GNSS community, but it requires changes to GNSS message structures that are difficult to bring about. It may require additional signal processing in order ensure against estimation-and-replay by the spoofer of the NMA message components. NMA techniques may be slow, requiring 10 seconds or more in order to detect an attack. A UAV may already be in the hands of an enemy by the time such a method discovered the attack. Multiple-antenna methods can be made reliable and fast if implemented well, but they require a significant amount of additional hardware and signal processing. The multi-receiver cross-correlation technique and the NMA technique share an additional drawback: they offer no protection against a meaconing-type receive-and-replay attack. Even an encrypted military signal is vulnerable to a meaconing attack.
The moving antenna technique can be implemented using simple hardware and algorithms, but the method of conventional teachings requires long observation intervals, and it does not develop a clearly defined hypothesis test. Furthermore, its reliance on signal amplitude variations as an indication of spoofing may prove unreliable. A spoofer could easily create time-dependent amplitude variations between its false signals, and this particular moving-antenna detection method might interpret these variations as indicating a non-spoofed situation.
There is a need for methods and systems that do not require explicit or implicit knowledge of exact position or attitude. There is a need for methods and systems that can detect spoofing attacks in a stand-alone mode, without the need for aiding data from some external source or for the implementation of a new GPS navigation data message. There is a need for methods and systems to provide clear spoofing detection hypothesis test statistics, threshold values, and probabilities of false alarm and missed detection.