By Franco de Lorenzo, Product Strategy for Standard Precision GNSS, u blox Espoo
There are basically two ways to tamper with GNSS receivers. The first is jamming, which involves exposing them to electromagnetic noise on the frequencies used by the GNSS satellites. If GNSS receivers tracking assets are jammed, cargo containers, vehicles, pets, and basically anything else can disappears from their owners’ dashboards, either temporarily – just long enough to hide some form of illicit behavior – or permanently. GNSS jammers are readily available online, for less than US$ 30.
Then there’s spoofing, which involves deceiving GNSS receivers by feeding them fake satellite signals, for example for a different time or location. In some cases, attempts at spoofing can immediately be spotted by the GNSS receiver or the user. But if their goal is to make GNSS unreliable in a specific region, they succeed nonetheless.
Using spoofing to guide a vehicle to a false destination without the driver catching on is something that James Bond might do in a movie. But last year, a team of researchers from the US and China developed a sophisticated spoofing device that did just that. By spoofing the satellite signal in just the right circumstances, they were able to make the in car navigation system generate a new route to a “wrong” destination.
The trick the researchers used was to design the intervention in such a way that the navigation instructions continued to match the car’s actual outdoor surroundings, while fake GNSS signals tricked the navigation device into “thinking” that it was still on route to the original destination. Of the 40 participants the researchers tested their device on, 38 drove all the way to the wrong destination. The hardware required cost only US$ 223.
With broad swaths of the economy – including in sensitive areas such as banking and aviation – dependent on GNSS technology, jamming and spoofing could potentially be exploited as an effective weapon of mass disruption. Human users might catch obvious discrepancies between the GNSS data and reality; because they lack that human filter, automated systems that use GNSS data are particularly vulnerable.
Proofing receivers against spoofing
Awareness is a crucial first step to dealing with the threat of signal jamming and spoofing. Asset owners can immediately take action if they find out that their asset trackers are for some reason being jammed. Fortunately, it’s quite straightforward for a GNSS receiver to detect jamming. In the best case, the tracking application will inform the asset owner that something shady is going on.
Furthermore, state of the art GNSS receivers can concurrently track multiple GNSS constellations and frequency bands. This vastly increases the number of signals that need to be manipulated in parallel for spoofing to go undetected. And Galileo, Europe’s GNSS constellation, introduced Open Service Navigation Message Authentication (OS NMA), which allows users to verify the authenticity of the GNSS signals their devices receive using a well known and secure encryption and authentication algorithm.
Smart system design is essential
Ultimately, the most effective protection against GNSS jamming and spoofing is a smart system design. In particular, this involves taking advantage of available redundancies to detect interference. In smart cars, this might mean comparing the GNSS based measurements with those sensed by the vehicle’s dead reckoning system, as conflicting information would be a surefire way to detect that something is wrong.
As in IT security, it’s an arms race between those providing solutions and those seeking to exploit them. Innovative hardware, a strong commitment to secure positioning solutions, and smart system design are three keys to ensuring that GNSS technology remains at the service of its legitimate users, today and well into the future.