Luận án Detect and localize interference sources for global navigation satellite systems

The Global Navigation Satellite Systems (GNSS) are used in many civil fields for positioning services that need accuracy and security (Figure 1.1), such as vehicle tracking, unmanned aircraft, precise agriculture, pay-as-you-drive, financial transactions, etc.

All these services could potentially be attacked by hackers for economical or even terroristic interests [1], [2]. The fact that, almost all services rely on GNSS civil signals, which are easily interfered unintentionally or intentionally. In reality, the threat of intentional Radio Frequency Interference (RFI), such as jamming or spoofing attacks, is growing in popularity. The major hazard in this situation is when the receiver is not aware of being fooled; therefore, it does not raise any alarm to the hosting system, which is induced to make wrong and possibly hazardous decisions based on spoofed position, velocity and time (PVT) information [51]-[55]. This attack is known with the name of ‘spoofing’ [1]-[5],[30].

Over the last decade, spoofing has been perceived as a more and more concrete threat. This perception has been motivated by technological progresses and by the availability of advanced software-defined radio (SDR) platforms making the development of GNSS spoofers not only feasible but also affordable [17]. Furthermore, many public channels are active source of information and awareness, as for example web sites, social platforms and online magazines [39] - [42].

Spoofing attacks can be defeated by exploiting specific features which are difficult to be counterfeited at the signal, measurement, and position level [4], [5], [9],[11]-[15]. A detailed survey of the most promising techniques for spoofing detection proposed in the last decade for civil signals can be found in [5] where several methods are described and compared in terms of complexity and effectiveness. Among all these families of approaches, spatial processing based on the AoA defense is probably the most robust and effective technique to detect and possibly mitigate the counterfeit signals [14],[15]. However, AoA-based methods in cost-constrained mass-market applications are still difficult for several reasons: costs of the equipment, complexity of the processing and size of the installation.

In [16], [17] the authors developed a method for spoofing detection based on differential carrier phase measurements from a pair of receivers and antennas; it neither requires dedicated hardware nor needs special constraints on the geometry of the system; only the knowledge of the baseline (of the relative position of the two receiving antennas), is needed. However, although these methods have been proved to be simple but efficient technique to detect spoofing attacks, they still have some limitations that will be discussed in the following sections.

According to [19], [5], [12] spoofed attacks can be divided into three main categories: simple spoofing attack, intermediated spoofing attack, sophisticated spoofing attack. The simple spoofing attack can be easily detected by the existing techniques [5]. However, these methods may not detect well the intermediated spoofing attack and sophisticated spoofing attack [5]. Recently, those kinds of attacks are proved to be increasingly popular [8], [2]. 

Therefore, the thesis focuses to study the detection of spoofing in the intermediated and sophisticated cases to ensure the reliability and accuracy of services using GNSS.

docx 135 trang phubao 26/12/2022 3722
Bạn đang xem 20 trang mẫu của tài liệu "Luận án Detect and localize interference sources for global navigation satellite systems", để tải tài liệu gốc về máy hãy click vào nút Download ở trên.

File đính kèm:

  • docxluan_an_detect_and_localize_interference_sources_for_global.docx
  • docxBan_thong_tin_dua_len_mang.docx
  • pdfBan_thong_tin_dua_len_mang.pdf
  • docxBan_Trich_Yeu_Luan_An.docx
  • pdfBan_Trich_Yeu_Luan_An.pdf
  • docxBia_tom_tat _ EN.docx
  • pdfBia_tom_tat _ EN.pdf
  • docxBia_tom_tat _ VN.docx
  • pdfBia_tom_tat_VN.pdf
  • pdfLuan_an.pdf
  • docxQuyen_Tom_Tat_Luan_An_EN.docx
  • pdfQuyen_Tom_Tat_Luan_An_EN.pdf
  • docxQuyen_Tom_Tat_Luan_An_VN.docx
  • pdfQuyen_Tom_Tat_Luan_An_VN.pdf

Nội dung text: Luận án Detect and localize interference sources for global navigation satellite systems

  1. GMMs later can well recognize authentic and spoofing distributions without any manually tuned parameters. In our work, we build two datasets of DD values (illustrated in Figure 4.9a and Figure 4.9c) for training Gaussian Mixture Models (or learning the density function in the form eq. 7). Two models are trained on the two DD datasets corresponding to authentic and spoofed signals. The difference of the two distributions is presented clearly in Figure 4.9b and Figure 4.9d. With the two models, we are able to decide if a set of GNSS data is spoofed or not depending on whether the value of the spoofed density function is higher or smaller than the one of the authentic density functions. Using the GMM PDFs illustrated in Figure 4.9, we successfully detect 1921/1967 (97.66 %) authentic signal points and 8442/8586 (98.32%) spoofed patterns in our experiment. (a) (b) (c) (d) Figure 4.9 Double carrier phase difference and GMM density functions of spoofed signals and authentic signals 108
  2. Figure 4.11 Fractional DD measurements and SoS detection metric in mixed tracking conditions under spoofing attack with a authentic satellite as the reference Figure 4.12 DD points distribution of all the 4-satellite combination (spoofed 1a 2s – all the points corresponding to the combinations in which the reference is spoofed, the other three contain 1 authentic and 2 spoofed satellites) 110
  3. Figure 4.15 GMM of DD of the data has only one fake satellite Figure 4.15 Given a DD point from a combination of 4 satellites (i, j, k, r – reference satellite) the generated 3D points and a surface representing the Gaussian location and scale (three standard deviations in each axis) More than one satellites are spoofed If there are at least two spoofed satellites as Figure 4.16. Because the spoofed satellites should have similar AoA, the cloud of points should be on a zero plane (if the reference is the fake one: see red and black points), or a bisector plane (if the reference is the real one: see yellow and green points). Figure 4.16 The DD planes for the mixed data, including two spoofed satellites and two authentic satellites 112
  4. 4.4 Multi-Directional GNSS Simulation Data Generation Method Use of Software Defined Radio Technology This section proposes a method to simulate GNSS signals that allows generating signals coming from different directions and can customize the initial phase (phase offset) of the satellites, making direct changes to the results of the AoA estimation techniques. This simulation signal generation technique is highly flexible, creating a variety of counterfeit attack situations at low cost. The practical results of the simulation have shown that the simulation signal is completely similar to the actual received signal, thus making the simulator capable of overcoming the methods of detecting currently advanced spoofing signals. 4.4.1 Multidirectional GNSS signal simulation The architecture of the GNSS signal simulator based on software-defined radio (SDR) technology is shown in Figure 4.18 In this architecture, the digital signal processing core module plays the role of modulating the GNSS digital signal, then this digital signal will be sent to the frontend and converted digital to analogue and analogue to RF. Notice that simple systems will use only one frontend while the most complex simulation systems will use multiple frontend (one for each satellite). The system will broadcast all GNSS systems in transmit bands (GPS, GLONASS, Galileo, BeiDou, ). Then GPS simulation signal and simulation noise will be generated. These simulated interferences are large enough that the receiver cannot track the signals of the satellites in the real GNSS system, but only track the spoofing signals. Figure 4.18 The GNSS simulator architecture is based on SDR technology 4.4.2 Signal and system model The structure of the signal received by the GNSS receiver is modelled as follow [51], [60]: 114
  5. The signal and noise energy parameters can be determined based on the receiver's signal-to-noise ratio calculation formula as follows: 푃 = × 푒푞푛 (4.34) 0 푃푛 where 푃 , 푃푛 và 푒푞푛 are the energy of the signal, the energy of the background noise and the equivalent noise bandwidth, respectively [61]. The parameter / 0 is the carrier-to-noise ratio and is the input of the simulator. This parameter is different for each satellite. If the interference effect is not calculated, this parameter depends entirely on the distance from the satellite to the receiver. However, the role of noise in the ionosphere, convection and even background noise cannot be ignored, so the role of distance here can be neglected. The phase displacement value Φ is determined based on the distance from the receiver to the simulation satellites. The positions of the simulated satellites are determined based on the astronomical calendar information and simulation time [60]. These astronomical calendar parameters are also the ones that will be included to encode the data stream. signal's spread spectrum code was determined based on published GPS documentation. 4.5 Experimental result 4.5.1 Multidirectional GNSS signals simulation To conduct to test capable of generating multidirectional signals of system, determine the incident angle by estimating the incident angle value according to the double difference of the phase measurement as shown in [16], [17]. The timing of the test must be determined first, then proceed in two steps: • Collect real data at that time using the Septentrio receiver and proceed to determine the phase difference of the satellites; • Simulate the signal at that time using the Septentrio receiver and determine the phase difference of the satellites; The multi-directional simulated GNSS system is set up as shown in Figure 4.20 below: 116
  6. Figure 4.22 Phase difference of conventional simulation signal In the case of using simulators that transmit signals of 10 satellites in different directions to the receiver. Figure 4.23 shows the results after conducting the double difference calculation of the phase measurement of the two receivers. The double carrier phase difference of the simulated satellites in this case gives results similar to those obtained from real satellites. Figure 4.23 Phase difference of the multi-directional simulation signal 4.5.2 Sophisticated GNSS spoofing detector (1) System and Setup In our experiment, we simulate a simplistic spoofing attack where we attach a power amplifier and an antenna to a GNSS signal simulator, and we radiate the RF signal toward the target receivers. This experiment is carried out indoor in order to avoid 118
  7. important to stress that only one baseline would be necessary to detect the spoofing attack. (2) Cross validation testing In this work we use the cross validation to divide the data into 10 folds. We use 9 folds to do training 1 folds as a testing data. With the data shown in Figure 4.10, when we use the GMM model to detect fake signals. We obtained the results as shown in Table 4.1 and Table 4.2. From Table 4.1 we see the results to identify the spoofing signal with high performance without depending on the C/N0 value as algorithm D3. Figure 4.24 shows the case of a DD of real satellite cross DD of fake satellites. With D3 algorithm in the time period of 148s-152s, the system gets false alarm the real satellite PRN25 into a fake satellite as shown in Figure 4.24. Using D3 spoofing detector reaches only 98.02% efficiency and this algorithm depends on C/N0 value. Figure 4.24 Fractional DDs in case of Intermediate spoofing attack, where the DDs of authentic satellites (PRN 25) cross the ones related to the spoofed satellites 120
  8. 8 1550 174 172 98.85% 9 1550 174 172 98.85% 10 1550 174 172 98.85% Total 98.62% (σ2 =0.088) C/N0 = 42 Fold Number of Number of Number of Accuracy number training data testing data correctly- points points classified points 1 1550 174 173 99.43% 2 1550 174 172 98.85% 3 1550 174 172 98.85% 4 1550 174 171 98.27% 5 1550 174 173 99.43% 6 1550 174 173 99.43% 7 1550 174 172 98.85% 8 1550 174 171 98.27% 9 1550 174 171 98.27% 10 1550 174 172 98.85% Total 98.85% (σ2 =0.088) C/N0 = 45 Number of Number of Fold Number of training data correctly- Accuracy number testing data points points classified points 1 1550 174 172 98.85% 2 1550 174 171 98.27% 3 1550 174 172 98.85% 4 1550 174 172 98.85% 5 1550 174 171 98.27% 6 1550 174 173 99.43% 7 1550 174 171 98.27% 8 1550 174 172 98.85% 9 1550 174 171 98.27% 10 1550 174 172 98.85% 98.68% Total (σ2=0.088) 122
  9. 5. CONCLUSIONS AND FUTURE WORKS Spoofing is a pernicious type of intentional interference where a GNSS receiver is fooled into tracking counterfeit signals. Starting from the fact that the spoofer’s signals share the same direction of arrival, a spoofing detection technique based on the Sum of Squares of the double difference carrier phase measurements was introduced in the past. However, that technique fails to work when the receiver tracks only a subset of fake signals. Thus, in this thesis we have presented four algorithm such as follow: At first, we have presented a new AOA-based method to detect this situation, based on the Dispersion of the Double Differences (D3), which has shown to be effective in case of such mixed tracking. The algorithm works with every antenna distance, provided that the hypothesis of short baseline is satisfied; its hardware requirements are the same as for the SoS detector. Successful preliminary tests have been conducted to verify its performance. At second, the work is planned to further evolve in several directions: i) a comparative evaluation of performance in terms of false alarm rate and correct detection rate at various C/N0 levels, also in case of non-equal C/N0 levels; ii) an investigation on possible optimization strategies for the decision threshold 휉2; iii) a more formal evaluation of the detection performance of the D3 algorithm in terms of probability of false alarm and correct detection; iv) the use of the D3 algorithm as a trigger for a robust direction finding algorithm, used to estimate the direction of the spoofing source with respect to the victim receiver. Furthermore, the possibility of using the second baseline for direction finding, i.e., for the estimation of the AOA of the spoofing source 훼 푛푡, will be investigated for certain operative conditions. At third, this thesis presented the theoretical derivation of missed detection and false alarm probabilities for a GNSS spoofing detection algorithm based on the AOA estimation suitable for dual-antennas GNSS systems. The algorithm, named D3, is based on the evaluation of regions of similarity for the DD of the carrier phase measurements: when the DDs of at least three signals are contained in the same region, then they are evaluated as counterfeit signals. The analytical derivation of the detection threshold for a target pairwise missed detection probability has been demonstrated, along with the performance obtained by the algorithm and the benefits of some proposed modifications. Finally, has been used to check the validity of the theoretical results. In a set of experimental tests, the D3 algorithm proved to be able to reach a reliable detection of spoofing attacks both in static and dynamic scenarios and at different C/N0 values, provided that the employed GNSS receivers produce reliable carrier phase measurements. In this thesis we have presented a new metric to improve the performance of the Dispersion of Double Difference algorithm to detect GNSS spoofing attacks in case of mixed tracking. The new metric is based on a linear regression of the fractional phase double differences. Although the required hardware components are the same as for SoS detector and standard D3 algorithms, the performance of this version of the D3, indicated and LR-D3, is better and independent 124
  10. PUBLICATIONS 1. V.H. Nguyen, G. Falco, M. Nicola, and E. Falletti,(2018) “A dual antenna GNSS spoofing detector based on the dispersion of double difference measurements”, in Proc. Int. 9th ESA Workshop on Satellite Navigation Technologies and European Workshop on GNSS Signals and Signal Processing (NAVITEC), Noordwijk, Netherlands, Dec. 2018, 5-7, DOI: 10.1109/NAVITEC.2018.8642705. 2. Nguyen Van Hien, Nguyen Dinh Thuan, Hoang Van Hiep, La The Vinh, (2020) “A Gaussian Mixture Model Based GNSS Spoofing Detector using Double Difference of Carrier Phase”, pp. 042–047, Vol. 144 (2020), Journal of Science and Technology of Technical Universities, 2020. 3. Nguyễn Văn Hiên, Cao Văn Toàn, Nguyễn Đình Thuận, Hoàng Văn Hiệp,(2020) "Phương pháp sinh dữ liệu mô phỏng GNSS đa hướng sử dụng công nghệ vô tuyến điều khiển bằng phần mềm". 178-185, số Đặc san Viện Điện tử, 9 - 2020, Tạp chí Nghiên cứu Khoa học Công nghệ quân sự. 4. Van Hien Nguyen, Gianluca Falco, Emanuela Falletti, Mario Nicola, The Vinh La, (2021) “A Linear Regression Model of the Phase Double Differences to Improve the D3 Spoofing Detection Algorithm”. European Navigation Conference 2020, 23- 24 November 2020, Dresden, Germany. Date Added to IEEE Xplore: 18 January 2021. 5. E. Falletti, G. Falco, Van Hien Nguyen, M. Nicola (2021), “Performance Analysis of the Dispersion of Double Differences Algorithm to Detect GNSS Spoofing”. IEEE Transactions on Aerospace and Electronic Systems. Early Access. Print ISSN: 0018- 9251. Online ISSN: 1557-9603. DOI: 10.1109/TAES.2021.3061822. 126
  11. [13] J. Nielsen, A. Broumandan, and G. Lachapelle, “Spoofing detection and mitigation with a moving handheld receiver,” GPS World, vol. 21, no. 9, pp. 27–33, 2010. [14] J. Magiera, R. Katulski, “Accuracy of differential phase delay estimation for GPS spoofing detection,” in Proceedings of the 36th international conference on telecommunications and signal processing, September 2013, pp 695–699. doi:10.1109/TSP.2013.6614026. [15] P. Y. Montgomery, T. E. Humphreys, B. M. Ledvina, “Autonomous spoofing detection: experimental results of a multiantenna receiver defense against a portable civil GPS spoofer,” in Proceedings of the ITM 2009. Institute of Navigation, Anaheim, CA, January 2009, pp 124–130. [16] D. Borio and C. Gioia. “A dual-antenna spoofing detection system using GNSS commercial receivers”, in Proc of ION GNSS+ 2015, Tampa, FL, USA, Sep. 2015, pp.1–6. [17] D. Borio and C. Gioia, “A sum-of-squares approach to GNSS spoofng detection”, IEEE Trans. on Aerospace and Electronic Systems, Vol. 52, No. 4, pp. 1756–1768, 2016. [18] L. Canzian et al., “Interference localization from space. Theoretical background,” in Inside GNSS, November/December 2016, pp. 59-68. [19] T. E. Humphreys, B. M. Ledvina., M. L . Psiaki, B. W O’ Hanlon, and P. M. Kintner, Jr, “Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer,” in Proc. of ION GNSS 2008 of the Institute of Navigation, Savanna, GA, USA, Sept. 2008. [20] F. De Ponte Müller, A. Steingass, and T. Strang, "Zero-Baseline Measurements for Relative Positioning in Vehicular Environments," in Proceedings of the 6th European Workshop on GNSS Signals and Signal Processing, 2013. [21] P. Cederholm, and D. Plausinaitis, “Cycle Slip Detection in Single Frequency GPS Carrier observations using expected Doppler shift”, Nordic Journal of Surveying and Real Estate Research (2014). [22] IFEN NavX-NCS Essential Simulator website: [23] Septentrio AsteRx4 OEM website: receivers/oem-receiver-boards/asterx4-oem 128
  12. [34] J N. L. Johnson, S. Kotz, and N Balakrishnan, “Chi-Square Distributions including Chi and Rayleigh. Continuous Univariate Distributions.” (Second ed.). John Wiley and Sons. pp. 415–493, 1994, ISBN 978-0-471-58495-7. [35] S. Lo, Y.H. Chen, H. Jain, P. Enge, "Robust GNSS Spoof Detection using Direction of Arrival: Methods and Practice," in Proc. of the 31st Int. Tech. Meeting of the Sat. Division of The Institute of Navigation (ION GNSS 2018), Miami, Florida, September 2018, pp. 2891-2906 [36] R. W Abernathy, and R. P Smith, "Applying series expansion to the inverse beta distribution to find percentiles of the F-distribution", in ACM Transactions on Mathematical Software, Vol. 9, No.4, pp 478–480, 1994. [37] C. Jiang, et al.,"Analysis of the baseline data based GPS spoofing detection algorithm," in Proc. of IEEE/ION Position, Location and Navigation Symposium (PLANS), Monterey, CA, 2018, pp. 397-403. [38] “GNSS raw data in the presence of spoofing”: Zenodo Link: [Last visited Feb 6, 2020]. [39] National Defense Magazine: [40] “Resilient Navigation and Timing Foundation”: [Last visited Nov 17, 2020] [41] Inside GNSS magazine: [Last visited Nov. 17, 2020] [42] GEOSpatial World: [Last visited Nov. 17, 2020] [43] Tech. rep., John A. Volpe “Vulnerability assessment of the transportation infrastructure relying on the Global Positioning System,” National Transportation Systems Center, 2001. [44] Rui Xu, Mengyu Ding, Ya Qi, Shuai Yue, Jianye Liu, “Performance Analysis of GNSS/INS Loosely Coupled Integration Systems under Spoofing Attacks” Published in Sensors 2018 DOI:10.3390/s18124108. [45] Y.F.Hu, S.F. Bian, B. Ji, J. Li, “GNSS spoofing detection technique using fraction parts of double-difference carrier phases”, J. Navig. 2018, 71, 1111– 1129. 130
  13. [56] Gross, Jason, and Todd E. Humphreys. "GNSS spoofing, jamming, and multipath interference classification using a maximum-likelihood multi-tap multipath estimator." Proceedings of the 2017 International Technical Meeting of The Institute of Navigation, Monterey, CA, USA. 2017. [57] Broumandan, Ali, Ali Jafarnia-Jahromi, and Gérard Lachapelle. "Spoofing detection, classification and cancelation (SDCC) receiver architecture for a moving GNSS receiver." Gps Solutions 19.3 (2015): 475-487. [58] Geng, Z., Huang, Y., Chen, H., & Wang, F. (2018). “GNSS Spoofing Mitigation Method After Despreading.” China Satellite Navigation Conference (CSNC) 2018 Proceedings, 423–434.doi:10.1007/978-981-13- 0029-5_37. [59] Li, Bowen, et al. "An improved model and simulator design of GNSS ocean reflected signals." 2017 Forum on Cooperative Positioning and Service (CPGPS). IEEE, 2017. [60] Thuan, Nguyen Dinh, Ta Hai Tung, and Lo Presti Letizia. "A software based multi-IF output simulator." Proceedings of the International Symposium of GNSS (IS-GNSS), Kyoto, Japan. 2015. [61] Falletti, Emanuela, Marco Pini, and L. Lo Presti. "Are carrier-to-noise algorithms equivalent in all situations." Inside GNSS 2010 (2010): 20-27. [62] Wesson, K., Rothlisberger, M., and Humphreys, T. “Practical cryptographic civil gps signal authentication.” NAVIGATION, Journal of the Institute of Navigation, 59, 3 (2012), 177–193. [63] Scott, L. “Anti-spoofing and authenticated signal architectures for civil navigation systems.” In Proceedings of the 16th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GPS/GNSS), Portland, OR, Sep. 2003, 1543–1552. [64] J. Merrill, “Patriot Watch: Vigilance Safeguarding America,” presented at the Presentation Telcordia-NIST-ATIS Workshop Synchronization Telecommun. Syst. (WSTS ’12), Mar. 20–22, 2012. [Online]. Available: , [Accessed: 17-Feb-2021]. 132
  14. [76] Christopher M. Bishop F.R.Eng (2006), “Pattern Recognition and Machine Learning”, Springer Science Business Media, LLC [77] Sultan Alzahrani (2021). “Expectation Maximization Algorithm.zip” ( expectation-maximization-algorithm-zip), MATLAB Central File Exchange. Retrieved September 12, 2021. 134