Keywords

1 Introduction

GNSS can provide precise positioning, navigation and timing services in all time and space, and it plays an important role in military and daily life. With the occurrence of more and more GNSS spoofing incidents, spoofing has become one of the biggest threats to the trusted positioning of GNSS. Spoofing refers to the fact that the receiver outputs the wrong location and time without being aware of it, causing the user to suffer huge losses. The WelNavigate GS720 signal source was once placed on the former truck to deceive the target receiver on the next truck [1]. In 2008, Todd Humphreys and his team designed and manufactured a spoofing interference source to demonstrate the feasibility of spoofing interference [2]. In 2012 and 2013, Humphreys successfully deceived drones and ships using GPS civilian signals [3,4,5]. On the military side, in December 2011, Iranian media claimed that the Iranian air forces captured an American unmanned aircraft “RQ-170” on the eastern border of the country [6], which has drawn intense attention from all over the world.

Because the real signal in the GNSS receiver behaves self-consistently, the deceptive signal will always break this self-consistent state more or less, so it can be judged whether the receiver has been spoofed according to the abnormality behavior of the receiver. GNSS receiver spoofing detection technology can be classified as follows based on the detection information source process: incoming signal direction detection based on the antenna array [7], RF channel AGC change detection [8], signal processing layer detection [9,10,11] and external sensor-assisted detection [12, 13].

For ordinary low-cost receivers, a small number of circuits are usually added to the signal processing layer to perform fraud detection without additional hardware such as an antenna array and external sensors. The spoofing detection method based on the In-phase correlation values in this paper is aimed at the application of ordinary low-cost receivers, which is improved on the CN0 detection method. There have been some researches based on CN0 and noise power. Nielsen proposed a detection criterion based on the CN0 [14], but for repeater spoofing, the CN0 is basically the same as normal conditions, which will cause false alarms. Total signal power detection will bring a large false alarm [15]. Jahromi proposed a method of deceptive interference detection based on the total signal power and CN0 [16], but did not give a theoretical analysis of the performance under the repeater deceptive interference. Based on the current research basis, this paper proposes a repeater spoofing detection method based on the correlation value of the in-phase branch, which can not only avoid false alarms caused by interference, but also effectively perform repeater deception detection.

The structure of this article is as follows. Section 2 gives the repeater spoofing and the received signal model; Sect. 3 gives the correlation value mathematical model, and then introduces the detection method with its performance analysis. The performance under different scenarios was simulated and verified. Finally, it was summarized.

2 Signal Model

The received signal is a mixture of the deception interference signal and the real signal when there is repeater spoofing interference.

2.1 Repeater Spoofing Signal Model

Repeater deceptive interference uses the GNSS signal repeater to directly retransmitting the received signal to the target receivers. The scene is shown as the following Fig. 1.

Fig. 1.
figure 1

Repeater spoofing

Full size image

The signal received by the repeater is expressed as

$$ x_{R} \left( t \right) = s_{R} \left( t \right) + n_{R} \left( t \right) $$
(1)

The subscript \( R \) represents the repeater. \( s_{R} \left( t \right) \) is the navigation signal and can be expressed as

$$ s_{R} \left( t \right) = A_{R} c\left( {t - \tau_{R} } \right)D\left( {t - \tau_{R} } \right)\cos \left( {2\pi \left( {f_{0} + f_{R} } \right)t + \theta_{R} } \right) $$
(2)

Among them, \( A_{R} \) indicates the amplitude of the navigation signal, \( c\left( t \right) \) indicates the pseudo-code sequence, and the chip width is \( T_{c} \), \( \tau_{R} \) indicates the signal delay, \( D\left( t \right) \) indicates the navigation message, \( f_{0} \) indicates the carrier frequency, and \( f_{R} \) indicates the doppler frequency and \( \theta_{R} \) is the initial phase of the carrier. \( n_{R} \left( t \right) \) is the unavoidable noise introduced by the repeater receiving RF channel, and the power spectral density is \( \frac{{N_{0} }}{2} \). In reality, there will be multiple satellite signals. Here one satellite signal is used for analysis.

2.2 Receiving Signal Model

The signal received by the final target receiver is

$$ x\left( t \right) = s\left( t \right) + n\left( t \right) + G_{T} x_{R} \left( t \right) = s\left( t \right) + n\left( t \right) + G_{T} \left[ {s_{R} \left( t \right) + n_{R} \left( t \right)} \right] $$
(3)

Among them, \( G_{T} \) is the transmitting gain of the repeater. The expression of the real navigation signal is

$$ s\left( t \right) = Ac\left( {t - \tau_{A} } \right)D\left( {t - \tau_{A} } \right)\cos \left( {2\pi \left( {f_{0} + f_{A} } \right)t + \theta_{A} } \right) $$
(4)

The subscript \( A \) represents the Authentic signal. For receiver thermal noise \( n\left( t \right) \), the power spectral density is consistent with \( n_{R} \left( t \right) \). Other symbols have the same meaning as the formula (2). In addition, assume that the real navigation signal is received by an omnidirectional antenna with a gain of 0 dB.

3 Correlation Values

The receiver needs to perform filtering, amplification, down conversion, gain control, sampling quantization, quadrature down conversion, matched filter detection, and coherent integration on the received signal to obtain the correlation values.

3.1 Receiver Processing

The simplified process of navigation receiver signal processing is as Fig. 2.

Fig. 2.
figure 2

Simple implementation block diagram of the receiver

Full size image

The receiver performs power adjustment and quantization of the received signal, and performs digital orthogonal down conversion, and then correlates with the local pseudo code, then product results enters the integrator for accumulation. The integration time is \( T_{coh} \), and finally the relevant accumulated value is obtained. The cumulative value of two orthogonal correlations is shown below.

$$ \left\{ \begin{aligned} I(k) = AD(k)\cos \left[ {\varphi (k)} \right] + n_{I} (k) \hfill \\ Q(k) = AD(k)\sin \left[ {\varphi (k)} \right] + n_{Q} (k) \hfill \\ \end{aligned} \right. $$
(5)

Among them, \( \varphi (k) \) indicates the phase error between the navigation signal and the local reference signal during normal tracking. The correlation value \( I(k) \), \( Q(k) \) follows a Gaussian distribution, and the average value is determined by the signal power. In order to simplify the analysis, the correlation value loss caused by factors such as frequency estimation errors and pseudo-code phase errors are ignored here.

The noise accumulated value is as follows.

$$ \left\{ {\begin{array}{*{20}l} {n_{I} (k) = \frac{1}{{T_{coh} }}\int\limits_{{kT_{coh} }}^{{\left( {k + 1} \right)T_{coh} }} {n_{I} \left( t \right)c\left( t \right)dt} } \hfill \\ {n_{Q} (k) = \frac{1}{{T_{coh} }}\int\limits_{{kT_{coh} }}^{{\left( {k + 1} \right)T_{coh} }} {n_{Q} \left( t \right)c\left( t \right)dt} } \hfill \\ \end{array} } \right. $$
(6)

It is assumed that the interference power caused by cross-correlation is much lower than the noise power and is ignored here.

3.2 Correlation Value Analysis

When the receiver tracks the real navigation signal or spoofing signal, the correlation value characteristics are obviously different. The correlation value characteristics in the two cases are theoretically derived below.

When the receiver tracks the authentic navigation signal, the correlation value results expression is the same as formula (5). The variance of \( n_{I} \left( k \right) \) and \( n_{Q} \left( k \right) \) is \( \frac{{N_{0} }}{{2T_{coh} }} \) respectively. When the receiver tracks the repeater spoofing signal, the correlation value can be expressed as follows.

$$ \left\{ {\begin{array}{*{20}l} {I_{R} (k) = G_{T} A_{R} D(k)\cos \left[ {\varphi (k)} \right] + n_{RI} (k)} \hfill \\ {Q_{R} (k) = G_{T} A_{R} D(k)\sin \left[ {\varphi (k)} \right] + n_{RQ} (k)} \hfill \\ \end{array} } \right. $$
(7)

The two noise correlation accumulation processes are as follows.

$$ \left\{ {\begin{array}{*{20}l} {n_{RI} (k) = \frac{1}{{T_{coh} }}\int\limits_{{kT_{coh} }}^{{\left( {k + 1} \right)T_{coh} }} {\left( {n\left( t \right) + G_{T} n_{R} \left( t \right)} \right)c\left( t \right)dt} } \hfill \\ {n_{RQ} (k) = \frac{1}{{T_{coh} }}\int\limits_{{kT_{coh} }}^{{\left( {k + 1} \right)T_{coh} }} {\left( {n\left( t \right) + G_{T} n_{R} \left( t \right)} \right)c\left( t \right)dt} } \hfill \\ \end{array} } \right. $$
(8)

When the receiver tracks the repeater signal, the two noises obey the Gaussian distribution, and the variance is \( \left( {G_{T}^{2} + 1} \right)\frac{{N_{0} }}{{2T_{coh} }} \) respectively, which can be derived by referring to [17].

4 Spoofing Detection Based on In-Phase Correlation Values

Successful spoofing attack usually requires higher absolute power level than the authentic signal. Because the repeater directly retransmits the received signal, the repeater transmission gain must be maintained at a certain level to ensure that the absolute level of the spoofing signal is higher than the absolute level of the real signal.

If the repeater uses a high gain receiving antenna, the repeater transmission gain can be lower than the omnidirectional receiving antenna. Different from the traditional spoofing detection method based on the total received signal power and the CN0 measurements, this paper establishes a constant false alarm repeater spoofing detection value based on the in-phase branch correlation values, which is essentially a method for detecting the absolute power level of the tracking signal.

4.1 Spoofing Detection Statistics

Ignoring the effects of message symbols and phase errors, the in-phase branch data can be modeled as

$$ I(k) = A + n_{I} (k),k \in N $$
(9)

The binary detection problem is

$$ \begin{array}{*{20}l} {{\rm H}_{0} :I(k) = A_{S} + n_{SI} (k)} \hfill \\ {{\rm H}_{1} :I(k) = G_{T} A_{R} + \left( {G + 1} \right)n_{SI} (k) = G_{T} A_{R} + n_{RI} (k)} \hfill \\ \end{array} $$
(10)

When noise suppression interference exists,

$$ \begin{array}{*{20}l} {{\rm H}_{0} :I(k) = A_{S} + n_{SI} (k) + n_{J} (k)} \hfill \\ {{\rm H}_{1} :I(k) = G_{T} A_{R} + n_{RI} (k) + n_{J} (k)} \hfill \\ \end{array} $$
(11)

Among them, \( n_{J} \left( k \right) \) represents the noise interference, \( A_{S} = G_{R} A_{0} \), where \( A_{0} \) represents the prior information of the authentic signal amplitude and \( G_{R} \) represents the repeater receiving antenna gain. All above signal level is compensated according to the AGC value \( G_{A} \) measured by the current receiving RF channel. If

$$ T\left( {\mathbf{x}} \right) = \left( {N - 1} \right)\frac{{\left( {\bar{I} - G_{A} A_{0} } \right)^{2} }}{{\frac{1}{N}\sum\limits_{k = 1}^{N} {\left( {I\left( k \right) - \bar{I}} \right)^{2} } }} > \gamma $$
(12)

The GLRT judges \( H_{1} \) [18]. \( \bar{I} \) represents the mean of in-phase branch correlation values:

$$ \bar{I} = \frac{1}{N}\sum\limits_{k = 1}^{N} {I\left( k \right)} $$
(13)

4.2 Detection Performance Analysis

The detection performance can be shown as follows:

$$ \begin{array}{*{20}l} {P_{FA} = Q_{{F_{1,N - 1} }} \left( \gamma \right)} \hfill \\ {P_{D} = Q_{{F_{1,N - 1} \left( \lambda \right)}} \left( \gamma \right)} \hfill \\ \end{array} $$
(14)

Among them, \( P_{FA} \) represents false alarm probability, \( P_{D} \) represents detection probability theoretical value, \( F_{1,N - 1} \) represents \( F \) distribution, which has 1 freedom and \( N - 1 \) degrees of freedom, \( F_{1,N - 1} \left( \lambda \right) \) represents non-central F distribution, which has 1 freedom and \( N - 1 \) degrees of freedom, and non-central parameter \( \lambda \) with the value

$$ \lambda = \frac{{N\left( {A - A_{0} } \right)^{2} }}{{\sigma^{2} }} $$
(15)

Among them, \( \sigma^{2} \) represents the noise variance. The false alarm probability is calculated based on the distribution and does not depend on the noise variance, so it is the constant false alarm detection amount. From the above formula, it can be seen that the detection performance under a certain false alarm probability is affected by factors such as data length, noise power, and amplitude value offset.

5 Simulation Verification and Analysis

There are several factors needed to be considered before simulation. Under special conditions, the navigation satellite will perform signal power enhancement to lift anti-interference ability of the receiver. For spoofing attackers, the retransmission gain needs to be controlled in order to achieve better deceiving affects, and the gain of the receiving antenna is specially designed to obtain a higher CN0 of the spoofing signal, which can reduce the transmission power of the repeater.

In summary, the simulation scene parameter settings can be traversed as the following. The normal power level is set to −160 dBW and the power enhancement is set to −155dBW. The repeater transmit gain is set to three levels of 0 dB, 3 dB, and 6 dB, and the repeater receive antenna gain is set to three levels of 0 dB, 3 dB, and 6 dB. The jamming-signal-ratio (JSR) is set to four levels of no jamming, 5 dB, 10 dB and 20 dB. In the simulation process, correlation value data is generated every 1 ms, and Monte Carlo simulation is performed 100,000 times.

5.1 Impact of Signal Power Enhancement

The following figure is the impact of navigation signal power enhancement on detection performance. The correlation data length is 4 ms.

It can be seen from the Fig. 3 that power enhancement can improve the detection performance. That is, under the same power difference condition, the higher of the absolute signal level, the easier is to be detected.

Fig. 3.
figure 3

Detection performance in power enhanced scenarios

Full size image

5.2 Effect of Repeater Transmit Gain

The effect of the repeater transmit gain on the detection performance is shown as Fig. 4. The correlation data length is 4 ms.

Fig. 4.
figure 4

Effect of transmit gain on detection performance

Full size image

As can be seen from the figure above, with the increase of the repeater transmission gain, the absolute power level also increases, and the receiver more easily detects the existence of spoofing interference.

5.3 Effect of Repeater Receive Antenna Gain

The influence of the repeater receiving antenna gain on the detection performance is shown as Fig. 5. The correlation data length is 4 ms.

Fig. 5.
figure 5

Effect of receive antenna gain on detection performance

Full size image

Comparing Figs. 4 and 5, it can be found that the method of increasing the repeater receiving gain is more concealed than increasing the repeater transmitting gain. For example, the detection probability shown by Fig. 5 is lower than that shown by Fig. 4 when the gain value is identical and false alarm probability is at 0.1%.

5.4 Effect of Coherent Integration Data Length

The influence of the length of the coherent integration data on the detection performance is illustrated in Fig. 6. The repeater receiving antenna gain is 0 dB and the transmission gain is 3 dB.

Fig. 6.
figure 6

Effect of coherent integration data length on detection performance

Full size image

As can be seen from the above figure, under the condition of no interference, the receiver can achieve higher detection performance when the coherent integration data length exceeds 8 ms.

5.5 Impact of Noise Jamming Interference

The impact of noise jamming interference on detection performance is illustrated in Fig. 7. The correlation value data length is 4 ms.

Fig. 7.
figure 7

Effect of interference on detection performance

Full size image

As can be seen from the figure above, interference will greatly decline the detection performance. In order to improve the detection performance of the detector under interference scenarios, the receiver needs to increase the length of the coherent integral data. The detection performance of different coherent integral data length under different JSR scenes is shown in Fig. 8.

Fig. 8.
figure 8

Detection performance of different coherent length under jamming

Full size image

It can be seen from Fig. 8, when the coherent integral data length exceeds 1 s, a detection probability of 90% can be obtained as the false alarm probability is 0.1% and the JSR is 20 dB.

6 Conclusions

This paper addresses the problem of high missing alarms using the CN0 detection method under the condition of repeater spoofing interference and the high false alarms in the jamming scenario based on the total signal power measurement. The repeater spoofing interference detection method based on the correlation value of in-phase branches realizes the constant false alarm detection under different noise jamming power. The effects of navigation signal power enhancement, repeater transmitting gain, receiving antenna gain, coherent integral data length and different noise jamming power on the detection performance are analyzed through simulation. For anti-spoofing receiver design, the recommendations of different coherent integration data length are given.