Date of Original Version
Global Navigation Satellite Systems (GNSS) are well known to be accurate providers of position information across the globe; as such, they are commonly used to locate and navigate craft in various transportation modes. Because of high signal availabilities, capable receivers, and well-populated satellite constellations, GNSS users typically believe that the position information provided by their GNSS receiver is perfectly accurate. More sophisticated users look beyond accuracy and are also concerned with the integrity of the GNSS information; for example, RAIM algorithms were developed to ensure users that the provided position information is resistant to several possible satellite failure modes. Advances in electronics technology have enabled the creation of malicious RF interference of GNSS signals. Inexpensive jamming devices overpower or distort the GNSS receiver’s input so as to completely deny the GNSS user of PNT information. While a serious concern when we expect PNT information to be available at all times, current generation GNSS receivers warn the user when PNT is unavailable; some of the more sophisticated receiver designs can also battle jamming. A second threat to GNSS integrity is spoofing, the creation of counterfeit GNSS signals. This type of attack is considered more dangerous than a jamming attack since an erroneous PNT solution is often worse than no solution at all. A variety of approaches have been proposed in the literature to recognize spoofing and can vary widely based upon the assumed capabilities and a priori knowledge of the spoofer. Some of these are based on characteristics of the RF signal alone (e.g. vestigial peaks in the correlator outputs) or employ multiple antennae (e.g. beamforming) or multiple receivers (looking for consistent data). Another spoof detection method is to compare the GNSS measurement to data from a sensor of a different type that cannot be spoofed; for example, several prior efforts have considered IMU data. This paper considers the use of range measurements (range only, no bearing) to detect spoofing. Range might be measured using RF signals (e.g. DME for avionics) although other modalities could be effective (e.g. a calibrated barometric altimeter). Assuming that the data set consists of a GNSS measurement and ranges to one or more fixed sites, this paper develops the binary hypothesis test between spoofing and no spoofing. The unknown positions naturally lead to a generalized likelihood approach. We initially focus on the simplest case of one range measurement and a simple Gaussian model for the GNSS position measurement; this scenario allows for a simple closed form solution from which we can examine the characteristics of the test (it is similar to RAIM) and to observe the interaction between the relative accuracy of the sensors (GNSS and range) on the form of the hypothesis test and its resulting performance at detecting spoofing. We then generalize the results to multiple ranges and correlated statistics.
Swaszek, Peter F., Hartnett, Richard J., Seals, Kelly C., "GNSS Spoof Detection using Independent Range Information," Proceedings of the 2016 International Technical Meeting of The Institute of Navigation, Monterey, California, January 2016, pp. 739-747.