How Non-Coherent Spoofing Affects GNSS Base Stations

To write this article I was inspired by the strong opinion of some GNSS specialists that spoofing is not dangerous for RTK base stations, as the existing control systems can easily detect it.

If the RTK base station is affected by interference or intentional jamming, this becomes obvious as satellite tracking is lost. But what transpires in the case of non-coherent spoofing?

According to our measurements, Russia is the region with the most frequent use of GNSS spoofing as a counter-drone measure. A while ago, we had a test zone on the Black Sea coast. One of the probes was installed near the GNSS base station, which is called SOC2. Data provided by the hive.geosystems.aero system:

Affected RTK BS - SOC2 - 14 Mar 2021

The measurements were taken on March 14, 2021. The probe detected 4 episodes of non-coherent spoofing. In most cases of non-coherent spoofing, the wrong coordinates are simulated, and the fake signal has significant differences in code phase and Doppler. Follow this link to learn about coherent and non-coherent spoofing.

GP-Cloud charts - GPS and Glonass Spoofing - 14 Mar 2021

In the screenshot above note the huge pseudorange residual for some satellites. This indicates a non-coherent attack.

Registered incidents:

From (UTC)To (UTC)Duration
06:2006:3717 minutes
06:4807:0921 minutes
09:2210:0038 minutes
10:3110:376 minutes

We calculated the affected hours and compared it with hive.geosystems.aero system data:

Hourly availability of station observations
HourGPSPATRON datahive.geosystems.aero data
0651.6%99%
0785%99%
08100%91%
0936%83%
1090%83%

As outlined, the data provided by GPSPATRON and NTRIP management software differ.

How We Can Prove Our Results

We downloaded the RINEX files of the affected base station and the station that is 25 km away:

GNSS RTK Rover

Then we processed the files in RTKLIB. In the following picture a significant degradation of SNR of the base station during the spoofing is observed:

RTK base station degradation during GNSS spoofing

The moments of SNR degradation match the spoofing events from the GPSPATRON system.

Now let’s solve the navigation task for the rover:

Notice that during the spoofing the navigation solution does not converge and the derived coordinates have a significant error.

Conclusions

  1. NTRIP caster software only monitors the measurements availability and does not control their quality. It is suitable for monitoring jamming, but it is not applicable for detecting even a basic spoofing scenario. We are confident that this conclusion is true not only for the HIVE system, but also for other NTRIP management applications.
  2. When post-processing, non-coherent spoofing is evident and not likely to be dangerous. Although, if you’ve spent a lot of time and collected data at a remote location, and then you see in the office that the base station had bad data during observation, it will be frustrating.
  3. For autonomous machines using Real-Time Kinematic positioning (RTK), even unintentional non-coherent spoofing can be an issue. All consumers connected to the affected base station will diminish positioning accuracy. This can be risky for numerous applications.

GPSPATRON Solution

We provide two options for protection:

  1. With GP-Probe
  2. Base Station raw GNSS data analysis

GP-Probe

We can install GP-Probe near protected GNSS base station. If an incident is registered, GP-Cloud will classify the interference as spoofing or jamming, determine which GNSS is affected (GPS, GLONASS, BeiDou, Galileo), and send a real-time alert to customers. The users can stop their operation or switch to an alternative base station.

Pros

  • Guaranteed detection of deliberate coherent spoofing attack
  • Interference classification

Cons

  • Installation of additional equipment is required (GP-Probe)

Raw GNSS Data Analysis

The GP-Cloud supports 1-Hz GNSS data from GNSS base stations over RTCM\NTRIP. Using neural network, GP-Cloud detects anomalies and sends a real-time alert.

Pros

  • No additional equipment is required

Cons

  • It is not possible to classify interference into spoofing and jamming.
  • Unable to detect a deliberate coherent attack
Previous Post
GP-Blocker Datasheet
Next Post
Kaspersky Industrial Cybersecurity 2021. Post-Conference Interview

Get Our Newsletter

Enter your email address below to receive announcements from GPSPATRON.
We will also send you the latest published articles.
Menu