Introduction

Global navigation satellite system (GNSS) plays an increasingly crucial role in numerous fields of application. In the past, users used to be concerned about availability and accuracy and ignore the safety which, however, gradually starts to get users attention.

Global navigation satellite system (GNSS) signals received by the user on earth surface are quite weak, which leads to potential vulnerability to interference. In 2001, United States Department of Transportation report highlighted the dangers of GNSS spoofing (Volpe 2001). With respect to traditional jamming, spoofing is a more sophisticated interference pattern that can make GNSS receivers indicate the incorrect position, velocity, and time by means of transmitting false GNSS-like signals. If the user receiver is unaware of this covert spoofing attack, it may cause great interference to the user receiver. Therefore, spoofing is much more dangerous than jamming (Psiaki and Humphreys 2016; Shaofeng et al. 2017).

Many spoofing countermeasure techniques have been proposed (Kuhn 2005; Bardout 2011). Some are based on encryption mechanism, like spreading cryptographic code measures (Humphreys 2013), or navigation message authentication measures (Wesson et al. 2012; Kerns et al. 2014). These are unpractical to be realized in a short period due to quite a high cost and complexity. O’Hanlon et al. (2010, 2012, 2013) provided a considerable analysis on codeless cross-correlation measures. Heng et al. (2015) extend the dual-receiver P(Y)-code correlation method to a network of receivers with higher availability.

Other countermeasure techniques are based on analyzing the abnormal features caused by spoofing attacks, such as clock error (Hwang and McGraw 2014; Jafarnia-Jahromi et al. 2013; Shepard et al. 2012), automatic gain control (AGC) (Akos 2012), signal quality (Broumandan et al. 2012; Dehghanian et al. 2012; Jafarnia-Jahromi et al. 2012, 2014). Khanafseh et al. (2014) propose a method to detect GPS spoofing attacks using residual-based receiver autonomous integrity monitoring (RAIM) with inertial navigation sensors. Lee et al. (2015) puts forward a GNSS spoofing detection method aided by accelerometers. Psiaki et al. (2013, 2014) studied the use of multi-antenna technology against spoofing attacks.

As of today, there are no existing spoofing countermeasure techniques that can cope with all spoofing cases. Many countermeasures are confined to specific conditions. As for which kind of technique or techniques to adopt, the user receiver needs to take cost, complexity and other factors into account.

Jafarnia-Jahromi et al. (2012) have assessed the reduced effectiveness of the GPS spoofer countermeasure during acquisition when the GPS receiver utilizes C/N0 discrimination, which leads to the deterioration of the receiver detection performance. Also, the detection method based on C/N0 should get the accurate Doppler frequency and the code phase information through acquisition. Jafarnia-Jahromi et al. (2014) propose a low-complexity authenticity verification technique, by taking advantage of the GPS signal structure, which we refer to as the SPA method for short in the following presentation. However, through the TEXBAT processing results of the SPA method, we can find the test statistics fluctuate severely which means the signal energy may not be combined fully and makes the receiver detection performance worse (Jafarnia-Jahromi et al. 2014; Broumandan et al. 2015).

We present a new spoofing detection method based on total signals energy measurement of both spoofing signals and authentic signals (hereafter referred to as the TSEM method). Compared with traditional C/N0 detection method, this new technique does not need to know the Doppler frequency and code phase. This method has the same advantages as the SPA method such as being based on digital samples without despreading the received signal, and it does not need any information about the AGC gain. The TSEM method utilizes the pre-despreading concept, but its fundamental theory is totally different. Compared with the SPA method, this new signal quality assessment model, by adopting coherent integration theory, extracts all signals strength completely. This method fetches the total energy of authentic signals and spoofing signals through the new signal quality assessment model, using the cycle characteristics of C/A code, while the noise component is uncorrelated. The interference caused by a spoofing attack will reduce the SNR of authentic signals. While the test value related to the total energy of spoofing and authentic signals rises as the power of spoofing interference rises.

Received signal model

This section presents the received signal model based on the average GPS receiver, of which the basic structure is shown in Fig. 1. Take GPS L1 C/A code receiver as an example. Its internal structure can be divided into three parts: RF front-end processing stage, baseband digital signal processing stage, and navigation information output stage as shown in Fig. 1.

Fig. 1
figure 1

Typical work process of single-frequency GPS receiver

Full size image

It is assumed that the structure of spoofing signals is similar to that of authentic signals. But as for the spoofing signals, the power level, code delay, Doppler frequency, navigation message may be different from those of the authentic signals.

Through down-conversion and A/D conversion, the received signal of a spoofing attack can be modeled as

$$ r(nT_{\text{s}} ) = S_{\text{IF}}^{\text{a}} (nT_{\text{s}} ) + S_{\text{IF}}^{\text{s}} (nT_{\text{s}} ) + \eta_{0} (nT_{\text{s}} ) $$
(1)
$$ S_{\text{IF}}^{\text{a}} (nT_{\text{s}} ) = \sum\limits_{i = 1}^{M} {\sqrt {P_{i}^{\text{a}} } D_{i}^{\text{a}} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{a}} } \right)} \right.c_{i} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{a}} } \right)} \right.{\text{e}}^{{j\varphi_{i}^{\text{a}} + j2\pi (f_{\text{IF}} + f_{{{\text{d}}i}}^{\text{a}} )nT_{\text{s}} }} } $$
(2)
$$ S_{\text{IF}}^{\text{s}} (nT_{\text{s}} ) = \sum\limits_{i = 1}^{M} {\sqrt {P_{i}^{\text{s}} } D_{i}^{\text{s}} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{s}} } \right)} \right.c_{i} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{s}} } \right)} \right.{\text{e}}^{{j\varphi_{i}^{\text{s}} + j2\pi (f_{\text{IF}} + f_{{{\text{d}}i}}^{\text{s}} )nT_{\text{s}} }} } $$
(3)

where P a i and P s i are, respectively, the authentic signal power and the spoofing signal power. The superscript symbols “a” and “s,” respectively, denote authentic and spoofing. D i (nTs) denotes the transmitted navigation data bit, c i (nTs) is the PRN sequence at a time instant nTs, τ i denotes the time delay, φ i denotes the initial phase, fIF means the center frequency of the baseband signals, fd is the Doppler frequency shift, and Ts is the sampling interval. For analyzing conveniently and without loss of generality, it is assumed that the spoofing signal and authentic signal have the same satellites PRNs, the number of which is M. η0(nTs) is complex additive white Gaussian noise with zero mean and the variance δ 20 .

This next section introduces the received model with spoofing attack. Details of the subsequent sections are all based on this basic model.

Establishment of test quantity

This section presents the mechanism of the spoofing test quantity, which is the output of the spoofing detection mode. Here we establish a new variable u[kp], which is defined as:

$$ \begin{aligned} u\left[ {k,p} \right] & = \frac{1}{N}\sum\limits_{n = (k - 1)N + 1}^{kN} {r(nT_{\text{s}} ) \times r^{*} \left( {nT_{\text{s}} - \frac{p}{2}T_{\text{c}} } \right)} , \\ & \quad (0 < p < 2046) \\ \end{aligned} $$
(4)

where N means the number of consecutive samples of 1 ms, k means the kth coherent integration output result, and Tc is the chip period of C/A code.

When p equals 1, we can get u[k, 1]. Then, we can have an analysis of the characteristics of u[k, 1], through calculating \( r\left( {nT_{\text{s}} } \right) \times r^{*} \left( {nT_{\text{s}} - 0.5T_{\text{c}} } \right) \) as follows

$$ \begin{aligned} & r(nT_{\text{s}} ) \times r^{*} (nT_{\text{s}} - 0.5T_{\text{c}} ) = \left[ {S_{\text{IF}}^{\text{a}} (nT_{\text{s}} ) + S_{\text{IF}}^{\text{s}} (nT_{\text{s}} ) + \eta_{0} (nT_{\text{s}} )} \right] \\ & \quad \quad \times \left[ {S_{\text{IF}}^{{{\text{a}} * }} (nT_{\text{s}} - 0.5T_{\text{c}} ) + S_{\text{IF}}^{{{\text{s}} * }} (nT_{\text{s}} - 0.5T_{\text{c}} ) + \eta_{0}^{ * } (nT_{\text{s}} - 0.5T_{\text{c}} )} \right] \\ & \begin{array}{*{20}l} {\quad = S_{\text{IF}}^{\text{a}} (nT_{\text{s}} )S_{\text{IF}}^{{{\text{a}} * }} (nT_{\text{s}} - 0.5T_{\text{c}} ) + S_{\text{IF}}^{\text{s}} (nT_{\text{s}} )S_{\text{IF}}^{{{\text{s}} * }} (nT_{\text{s}} - 0.5T_{\text{c}} )} \hfill & {\text{I}} \hfill \\ {\quad \quad + \,S_{\text{IF}}^{\text{a}} (nT_{\text{s}} )S_{\text{IF}}^{{{\text{s}} * }} (nT_{\text{s}} - 0.5T_{\text{c}} ) + S_{\text{IF}}^{\text{s}} (nT_{\text{s}} )S_{\text{IF}}^{{{\text{a}} * }} (nT_{\text{s}} - 0.5T_{\text{c}} )} \hfill & {\text{II}} \hfill \\ {\quad \quad \left. {\begin{array}{*{20}l} { + \,\left[ {S_{\text{IF}}^{\text{a}} (nT_{\text{s}} ) + S_{\text{IF}}^{\text{s}} (nT_{\text{s}} )} \right]\eta_{0}^{ * } \left( {nT_{\text{s}} - 0.5T_{\text{c}} } \right)} \hfill \\ { + \,\left[ {S_{\text{IF}}^{{{\text{a}} * }} (nT_{\text{s}} - 0.5T_{\text{c}} ) + S_{\text{IF}}^{{{\text{s}} * }} \left( {nT_{\text{s}} - 0.5T_{\text{c}} } \right)} \right]\eta_{0} (nT_{\text{s}} )} \hfill \\ \end{array} } \right\}} \hfill & {\text{III}} \hfill \\ {\quad \quad + \,\eta_{0} (nT_{\text{s}} )\eta_{0}^{ * } (nT_{\text{s}} - 0.5T_{\text{c}} )} \hfill & {\text{IV}} \hfill \\ \end{array} \\ \end{aligned} $$
(5)

As shown in (5), the right-hand side of the equation can be divided into four parts, identified by I–VI.

I: First part of the right-hand side of (5).

$$ \begin{aligned} & S_{\text{IF}}^{\text{a}} (nT_{\text{s}} ) \times S_{\text{IF}}^{{{\text{a}} * }} (nT_{\text{s}} - 0.5T_{\text{c}} ) \\ & \quad = \sum\limits_{i = 1}^{M} {\left\{ {\begin{array}{*{20}l} {P_{i}^{\text{a}} D_{i}^{\text{a}} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{a}} } \right)} \right.D_{i}^{\text{a}} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{a}} - 0.5T_{\text{c}} } \right)} \right.c_{i} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{a}} } \right)} \right.} \hfill \\ {c_{i} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{a}} - 0.5T_{\text{c}} } \right)} \right.{\text{e}}^{{j\pi (f_{\text{IF}} + f_{{{\text{d}}i}}^{\text{a}} )T_{\text{c}} }} } \hfill \\ \end{array} } \right\}} \\ & \quad \quad + \,\sum\limits_{i = 1}^{M} {\sum\limits_{\begin{subarray}{l} q = 1 \\ q \ne i \end{subarray} }^{M} {\left\{ {\begin{array}{*{20}l} {\sqrt {P_{i}^{\text{a}} P_{q}^{\text{a}} } D_{i}^{\text{a}} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{a}} } \right)} \right.D_{q}^{\text{a}} \left( {\left. {nT_{\text{s}} - \tau_{q}^{\text{a}} - 0.5T_{\text{c}} } \right)} \right.c_{i} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{a}} } \right)} \right.} \hfill \\ {c_{q} \left( {\left. {nT_{\text{s}} - \tau_{q}^{\text{a}} - 0.5T_{\text{c}} } \right)} \right.{\text{e}}^{{j2\pi (f_{{{\text{d}}i}}^{\text{a}} - f_{{{\text{d}}q}}^{\text{a}} )nT_{\text{s}} + j\pi (f_{\text{IF}} + f_{{{\text{d}}q}}^{\text{a}} )T_{c} + j(\varphi_{i}^{\text{a}} - \varphi_{q}^{\text{a}} )}} } \hfill \\ \end{array} } \right\}} } \\ & \quad \approx \frac{1}{2}\sum\limits_{i = 1}^{M} {P_{i}^{\text{a}} {\text{e}}^{{j\pi f_{\text{IF}} T_{\text{c}} }} } + \sum\limits_{i = 1}^{M} {\sum\limits_{\begin{subarray}{l} q = 1 \\ q \ne i \end{subarray} }^{M} {\left\{ {\begin{array}{*{20}l} {\sqrt {P_{i}^{\text{a}} P_{q}^{\text{a}} } c_{i} D_{i}^{\text{a}} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{a}} } \right)} \right.D_{q}^{\text{a}} \left( {\left. {nT_{\text{s}} - \tau_{q}^{\text{a}} - 0.5T_{\text{c}} } \right)} \right.} \hfill \\ {c_{i} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{a}} } \right)} \right.c_{q} \left( {\left. {nT_{\text{s}} - \tau_{q}^{\text{a}} - 0.5T_{\text{c}} } \right)} \right.} \hfill \\ {{\text{e}}^{{j2\pi (f_{{{\text{d}}i}}^{\text{a}} - f_{{{\text{d}}q}}^{\text{a}} )nT_{\text{s}} + j\pi (f_{\text{IF}} + f_{{{\text{d}}q}}^{\text{a}} )T_{\text{c}} + j(\varphi_{i}^{\text{a}} - \varphi_{q}^{\text{a}} )}} } \hfill \\ \end{array} } \right\}} } \\ \end{aligned} $$
(6)

Similarly, with (6) we can get \( S_{\text{IF}}^{\text{s}} \left( {nT_{\text{s}} } \right) \times S_{\text{IF}}^{{{\text{s}}*}} \left( {nT_{\text{s}} - 0.5T_{\text{c}} } \right) \) as follows:

$$ \begin{aligned} & S_{\text{IF}}^{\text{s}} (nT_{\text{s}} ) \times S_{\text{IF}}^{{{\text{s}} * }} (nT_{\text{s}} - 0.5T_{\text{c}} ) \\ & \quad \approx \frac{1}{2}\sum\limits_{i = 1}^{M} {P_{i}^{\text{s}} {\text{e}}^{{j\pi f_{\text{IF}} T_{\text{c}} }} } \\ & \quad \quad + \,\sum\limits_{i = 1}^{M} {\sum\limits_{\begin{subarray}{l} q = 1 \\ q \ne i \end{subarray} }^{M} {\left\{ {\begin{array}{*{20}l} {\sqrt {P_{i}^{\text{s}} P_{q}^{\text{s}} } D_{i}^{\text{s}} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{s}} } \right)} \right.D_{q}^{\text{s}} \left( {\left. {nT_{\text{s}} - \tau_{\text{q}}^{\text{s}} - 0.5T_{\text{c}} } \right)} \right.} \hfill \\ {c_{i} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{s}} } \right)} \right.c_{q} \left( {\left. {nT_{\text{s}} - \tau_{q}^{\text{s}} - 0.5T_{\text{c}} } \right)} \right.} \hfill \\ {{\text{e}}^{{j2\pi (f_{{{\text{d}}i}}^{\text{s}} - f_{{{\text{d}}q}}^{\text{s}} )nT_{\text{s}} + j\pi (f_{\text{IF}} + f_{{{\text{d}}q}}^{\text{s}} )T_{\text{c}} + j(\varphi_{i}^{\text{s}} - \varphi_{q}^{\text{s}} )}} } \hfill \\ \end{array} } \right\}} } \\ \end{aligned} $$
(7)

II: Second part of the right-hand side of (5):

$$ \begin{aligned} & S_{\text{IF}}^{\text{a}} (nT_{\text{s}} ) \times S_{\text{IF}}^{{{\text{s}} * }} (nT_{\text{s}} - 0.5T_{\text{c}} ) \\ & \quad = \sum\limits_{i = 1}^{M} {\sum\limits_{q = 1}^{M} {\left\{ {\left. {\begin{array}{*{20}l} {\sqrt {P_{i}^{\text{a}} P_{q}^{\text{s}} } D_{i}^{\text{a}} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{a}} } \right)} \right.D_{q}^{\text{s}} \left( {\left. {nT_{\text{s}} - \tau_{q}^{\text{s}} - 0.5T_{\text{c}} } \right)} \right.} \hfill \\ {c_{i} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{a}} } \right)} \right.c_{q} \left( {\left. {nT_{\text{s}} - \tau_{q}^{\text{s}} - 0.5T_{\text{c}} } \right)} \right.} \hfill \\ {{\text{e}}^{{j2\pi (f_{{{\text{d}}i}}^{\text{a}} - f_{{{\text{d}}q}}^{\text{s}} )nT_{\text{s}} + j\pi (f_{\text{IF}} + f_{{{\text{d}}q}}^{\text{s}} )T_{\text{c}} + j(\varphi_{i}^{\text{a}} - \varphi_{q}^{\text{s}} )}} \, } \hfill \\ \end{array} } \right\}} \right.} } \\ \end{aligned} $$
(8)

Similarly, with (8) we can get \( S_{\text{IF}}^{\text{s}} \left( {nT_{\text{s}} } \right) \times S_{\text{IF}}^{{{\text{a}} * }} \left( {nT_{\text{s}} - 0.5T_{\text{c}} } \right) \) as follows:

$$ \begin{aligned} & S_{\text{IF}}^{\text{s}} (nT_{\text{s}} ) \times S_{\text{IF}}^{{{\text{a}} * }} (nT_{\text{s}} - 0.5T_{\text{c}} ) \\ & \quad = \sum\limits_{i = 1}^{M} {\sum\limits_{q = 1}^{M} {\left\{ {\left. {\begin{array}{*{20}l} {\sqrt {P_{i}^{\text{s}} P_{q}^{\text{a}} } D_{i}^{\text{s}} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{s}} } \right)} \right.D_{q}^{\text{a}} \left( {\left. {nT_{\text{s}} - \tau_{q}^{\text{s}} - 0.5T_{\text{c}} } \right)} \right.} \hfill \\ {c_{i} \left( {\left. {nT_{\text{s}} - \tau_{i}^{\text{s}} } \right)} \right.c_{q} \left( {\left. {nT_{\text{s}} - \tau_{q}^{\text{a}} - 0.5T_{\text{c}} } \right)} \right.} \hfill \\ {{\text{e}}^{{j2\pi (f_{{{\text{d}}i}}^{\text{s}} - f_{{{\text{d}}q}}^{\text{a}} )nT_{\text{s}} + j\pi (f_{\text{IF}} + f_{{{\text{d}}q}}^{\text{a}} )T_{\text{c}} + j(\varphi_{i}^{\text{s}} - \varphi_{q}^{\text{a}} )}} } \hfill \\ \end{array} } \right\}} \right.} } \\ \end{aligned} $$
(9)

III: Third part of the right-hand side of (5):

$$ \left[ {S_{\text{IF}}^{\text{a}} (nT_{\text{s}} ) + S_{\text{IF}}^{\text{s}} (nT_{\text{s}} )} \right] \times \eta_{0}^{*} (nT_{\text{s}} - 0.5T_{\text{c}} ) \approx \eta_{1} (nT_{\text{s}} ) $$
(10)

where η1(nTs) is a circularly symmetric complex additive white Gaussian noise process. The distribution of η1(nTs) can be written as

$$ \eta_{1} (nT_{\text{s}} ) \sim N\left( {\left[ {\begin{array}{*{20}c} 0 \\ 0 \\ \end{array} } \right],\delta_{0}^{2} \left( {\sum\limits_{i = 1}^{M} {P_{i}^{\text{a}} } + \sum\limits_{q = 1}^{M} {P_{q}^{\text{s}} } } \right)\left[ {\begin{array}{*{20}c} 1 & 0 \\ 0 & 1 \\ \end{array} } \right]} \right) $$
(11)

Similarly, with (10) we can get

$$ \left[ {S_{\text{IF}}^{{{\text{a}}*}} \left( {nT_{\text{s}} - 0.5T_{\text{c}} } \right) + S_{\text{IF}}^{{{\text{s}}*}} \left( {nT_{\text{s}} - 0.5T_{\text{c}} } \right)} \right] \times \eta_{0} \left( {nT_{\text{s}} } \right) $$

as follows:

$$ \left[ {S_{\text{IF}}^{{{\text{a}} * }} (nT_{\text{s}} - 0.5T_{\text{c}} ) + S_{\text{IF}}^{{{\text{s}} * }} (nT_{\text{s}} - 0.5T_{\text{c}} )} \right] \times \eta_{0} (nT_{\text{s}} ) \approx \eta_{2} (nT_{\text{s}} ) $$
(12)

where η2(nTs) is a circularly symmetric complex additive white Gaussian noise process. The distribution of η2(nTs) can be written as

$$ \eta_{2} (nT_{\text{s}} ) \sim N\left( {\left[ {\begin{array}{*{20}c} 0 \\ 0 \\ \end{array} } \right],\delta_{0}^{2} \left( {\sum\limits_{i = 1}^{M} {P_{i}^{\text{a}} } + \sum\limits_{q = 1}^{M} {P_{q}^{\text{s}} } } \right)\left[ {\begin{array}{*{20}c} 1 & 0 \\ 0 & 1 \\ \end{array} } \right]} \right) $$
(13)

VI: Fourth part of the right-hand side of (5):

$$ \eta_{0} (nT_{\text{s}} )\eta_{0}^{ * } (nT_{\text{s}} - 0.5T_{\text{c}} ) \approx \eta_{3} (nT_{\text{s}} ) $$
(14)

where η3(nTs) is a circularly symmetric complex additive white Gaussian noise process. The distribution of η3(nTs) can be written as

$$ \eta_{3} (nT_{\text{s}} ) \sim N\left( {\left[ {\begin{array}{*{20}c} 0 \\ 0 \\ \end{array} } \right], 2\delta_{0}^{4} \left[ {\begin{array}{*{20}c} 1 & 0 \\ 0 & 1 \\ \end{array} } \right]} \right) $$
(15)

According to previous assumptions, η0(nTs) is complex additive white Gaussian noise with zero mean (Jafarnia-Jahromi et al. 2014). The noise component is assumed to be uncorrelated in the receiver operational bandwidth. Therefore, we can get the normal distribution characteristics of η3(nTs), as is shown in (15).

Estimation of new noise level model

As discussed previously, \( u\left[ {k, 1} \right] \) can directly reflect the signal components including both spoofing signals and the authentic signals, while for p ≥ 2, the u[kp] directly reflects the noise level. The methodology to estimate the noise is the crucial part of spoofing detection. This section mainly provides an analysis of the new noise level model which is different from traditional definitions. We can estimate the noise level through the following equation:

$$ \hat{\sigma }^{2} = \frac{1}{4086}\sum\limits_{p = 2}^{2044} {\left| {u\left[ {k,p} \right]} \right|^{2} } = \frac{1}{2}\text{var} \left[ {u\left[ {k,p} \right]} \right] $$
(16)

where \( \text{var} \left[ {u\left[ {k,p} \right]} \right] \) means taking the variance of u[kp]. Then, we can get \( \hat{\sigma }^{2} \), through analyzing each part of u[kp].

Here, we have an analysis of the variance of the first part of (5). We define two new variables

$$ \psi_{\text{aa}} \left[ k \right] = \frac{1}{N}\sum\limits_{n = (k - 1)N + 1}^{kN} {S_{\text{IF}}^{\text{a}} (nT_{\text{s}} ) \times S_{\text{IF}}^{{{\text{a}}*}} \left( {nT_{\text{s}} - \frac{p}{2}T_{\text{c}} } \right)} $$
(17)
$$ \psi_{\text{ss}} \left[ k \right] = \frac{1}{N}\sum\limits_{n = (k - 1)N + 1}^{kN} {S_{\text{IF}}^{\text{s}} (nT_{\text{s}} ) \times S_{\text{IF}}^{{{\text{s}}*}} \left( {nT_{\text{s}} - \frac{p}{2}T_{\text{c}} } \right)} $$
(18)

According to (6) and (17), the distribution of ψaa[k] can be written as

$$ \psi_{\text{aa}} \left[ k \right] \sim N\left( {\left[ {\begin{array}{*{20}c} 0 \\ 0 \\ \end{array} } \right],\sum\limits_{i = 1}^{M} {\sum\limits_{q = 1}^{M} {P_{i}^{\text{a}} P_{q}^{\text{a}} } } \left[ {\begin{array}{*{20}c} {\delta^{2} } & 0 \\ 0 & {\delta^{2} } \\ \end{array} } \right]} \right) $$
(19)

According to (7) and (18), the distribution of ψss[k] can be written as

$$ \psi_{\text{ss}} \left[ k \right] \sim N\left( {\left[ {\begin{array}{*{20}c} 0 \\ 0 \\ \end{array} } \right],\sum\limits_{i = 1}^{M} {\sum\limits_{q = 1}^{M} {P_{i}^{\text{s}} P_{q}^{\text{s}} } } \left[ {\begin{array}{*{20}c} {\delta^{2} } & 0 \\ 0 & {\delta^{2} } \\ \end{array} } \right]} \right) $$
(20)

where δ2 is a fixed value which is extracted to be δ2 ≈ 0.00033 (Jafarnia-Jahromi et al. 2012). As shown in (19) and (20), ψaa[k] depends on the power of authentic signals and ψss[k] depends on the power of spoofing signals.

Then similarly with the analysis procedure of (17)–(20), we define another two new variables ψas[k] and ψsa[k]

$$ \psi_{\text{as}} [k ]= \frac{1}{N}\sum\limits_{n = (k - 1)N + 1}^{kN} {S_{\text{IF}}^{\text{a}} (nT_{\text{s}} ) \times S_{\text{IF}}^{{{\text{s}}*}} \left( {nT_{\text{s}} - \frac{p}{2}T_{\text{c}} } \right)} $$
(21)
$$ \psi_{\text{sa}} \left[ k \right] = \frac{1}{N}\sum\limits_{n = (k - 1)N + 1}^{kN} {S_{\text{IF}}^{\text{s}} (nT_{\text{s}} ) \times S_{\text{IF}}^{{{\text{a}}*}} \left( {nT_{\text{s}} - \frac{p}{2}T_{\text{c}} } \right)} $$
(22)

According to (8) and (21), the distribution of ψas[k] can be written as

$$ \psi_{\text{as}} \left[ k \right] \sim N\left( {\left[ {\begin{array}{*{20}c} 0 \\ 0 \\ \end{array} } \right],\sum\limits_{i = 1}^{M} {\sum\limits_{q = 1}^{M} {P_{i}^{\text{a}} P_{q}^{\text{s}} } } \left[ {\begin{array}{*{20}c} {\delta^{2} } & 0 \\ 0 & {\delta^{2} } \\ \end{array} } \right]} \right) $$
(23)

According to (9) and (22), the distribution of ψsa[k] can be written as

$$ \psi_{\text{sa}} \left[ k \right] \sim N\left( {\left[ {\begin{array}{*{20}c} 0 \\ 0 \\ \end{array} } \right],\sum\limits_{i = 1}^{M} {\sum\limits_{q = 1}^{M} {P_{i}^{\text{s}} P_{q}^{\text{a}} } } \left[ {\begin{array}{*{20}c} {\delta^{2} } & 0 \\ 0 & {\delta^{2} } \\ \end{array} } \right]} \right) $$
(24)

Comparing (23) with (24), ψas[k] and ψsa[k] can be assumed to be equivalent. The characteristics of ψas[k] and ψsa[k] depend on the power of authentic signals and spoofing signals.

Based on the above discussions, u[kp](2 ≤ p ≤ 2044) can be approximated as a complex Gaussian random variable with the following distribution:

$$ u\left[ {k,p} \right] \sim N\left( {\begin{array}{*{20}c} {\left[ {\begin{array}{*{20}c} 0 \\ 0 \\ \end{array} } \right],\left[ {\frac{{ 2\delta_{0}^{2} }}{N}\left( {\sum\limits_{i = 1}^{M} {P_{i}^{\text{a}} } + \sum\limits_{q = 1}^{M} {P_{q}^{\text{s}} } } \right) + \frac{{ 2\delta_{0}^{4} }}{N}} \right]\left[ {\begin{array}{*{20}c} 1 & 0 \\ 0 & 1 \\ \end{array} } \right]} \\ {\quad + \sum\limits_{i = 1}^{M} {\sum\limits_{q = 1}^{M} {\left( {P_{i}^{\text{a}} P_{q}^{\text{a}} + P_{i}^{\text{s}} P_{q}^{\text{s}} + 2P_{i}^{\text{a}} P_{q}^{\text{s}} } \right)\left[ {\begin{array}{*{20}c} {\delta^{2} } & 0 \\ 0 & {\delta^{2} } \\ \end{array} } \right]} } } \\ \end{array} } \right) $$
(25)

Then, we can get \( \hat{\sigma }^{2} \) as follows:

$$ \begin{aligned} \hat{\sigma }^{2} & = \frac{{N_{0} }}{{NT_{\text{s}} }}\left( {\sum\limits_{i = 1}^{M} {P_{i}^{\text{a}} } + \sum\limits_{q = 1}^{M} {P_{q}^{\text{s}} + \frac{{N_{0} }}{{ 2T_{\text{s}} }}} } \right) \\ & \quad { + }\,\sum\limits_{i = 1}^{M} {\sum\limits_{q = 1}^{M} {\left( {P_{i}^{\text{a}} P_{q}^{\text{a}} + P_{i}^{\text{s}} P_{q}^{\text{s}} + 2P_{i}^{\text{a}} P_{q}^{\text{s}} } \right)} } \delta^{ 2} \\ \end{aligned} $$
(26)

where N0 means the spectral density of the additive white Gaussian noise, which is assumed to be − 204 dBW-Hz. With this, we have derived the expression of the noise level model. \( \hat{\sigma }^{2} \) can be considerably affected in the presence of spoofing signals. Since the power of authentic signals is kept within strict boundaries, \( \hat{\sigma }^{2} \) mainly depends on the power of spoofing signals. The next section will provide a detailed analysis of the factors that influence \( \hat{\sigma }^{2} \).

Effect analysis of spoofing attack on \( 2\hat{\sigma }^{2} \)

The interference caused by the spoofing attack can elevate the noise floor of the receiver processing. The receiver noise floor model has been estimated in the previous section, and this section is aimed at the effect of \( \hat{\sigma }^{2} \) imposed by spoofing attack. Here we take \( 2\hat{\sigma }^{2} \) as the estimation value of noise floor. Since there is no actual physical definition for \( 2\hat{\sigma }^{2} \), it is dimensionless. But in order to express its strength feature more intuitively, we take “X” and “dBX” as the units of \( 2\hat{\sigma }^{2} \). The transformation law between “X” and “dBX” is the same as the transformation between “W” and “dBW.” (“W” means the power unit “Watt.”)

$$ 10{\text{ [X]}} = 10\log_{10} ( 1 0) = 1 0\,{\text{dBX}} $$
(27)

As shown is in (27), the conversion between “X” and “dBX” is similar to that between “W” and “dBW.”

Figure 2 shows the average spoofing power for the case of 15 authentic PRNs and 15 spoofing PRNs versus the noise floor estimation values. The power of each authentic PRN (Pau) is − 157 dBW. The power of each spoofing PRN rises from − 180 to − 120 dBW. As shown in the figure, the noise floor stays at about − 306.5 dBX, when the average power of spoofing PRNs (Psp) is lower than − 157 dBW. While with the increase in the average power of spoofing PRNs, the noise floor estimation value increases gradually.

Fig. 2
figure 2

Noise floor estimate versus Psp

Full size image

Figure 3 shows the different cases of Pau (− 161, − 157 and − 153 dBW) versus the noise floor estimation values. From the three curves in Fig. 3, we can visually find that the stronger Pau, the higher will be the noise floor estimation level. But the distinctions among the three curves are not noticeable. That is because when Psp is lower than Pau, the internal noise of the received signals plays a leading role, and when Psp is higher than − 145 dBW, the spoofing signals play a leading role.

Fig. 3
figure 3

Noise floor estimate for different values of Pau

Full size image

Figure 4 shows the noise floor estimation values for different choices of the number of available satellites. As Psp is lower than − 160 dBW, the five curves are nearly the same. As Psp keeps increasing, the differences between the five curves appear. But the variation tendency of the five curves is similar. In general, the number of available satellites for the user receiver is stable, and it can also be estimated from the almanac data stored in user receiver before.

Fig. 4
figure 4

Noise floor estimate for different choices of the number of satellites available

Full size image

A typical receiver is commonly equipped with an AGC system that changes the input amplifier gain in order to efficiently sample different signals with different levels. This AGC gain which is adjusted depending on the input signal power can be different in the presence and absence of spoofing signal. Then in order to measure real noise floor values, we must get the AGC gain values accurately which makes strict demands on the performance of GNSS receivers. Since the AGC gain similarly affects both signal and noise outputs, we can finish the spoofing detection task by compensating the effect of AGC, which will be discussed in detail in the next section.

Spoofing detection

The objective of analyzing the new noise floor model proposed in previous sections offers critical substance for the spoofing detection step. This section presents the implementation of spoofing detection. The invasion of a spoofing attack can considerably increase the observed noise floor of a GPS receiver. Here the correlation output value D is defined as follows:

$$ D = u\left[ {k, 1} \right] \times u^{ * } \left[ {k, 1} \right] $$
(28)

Then, the ternary hypothesis test is established as follows (Schonhoff and Giordano 2006):

\( {\text{H}}_{0} \) :

(signals absent, \( 2\hat{\sigma }_{0}^{2} \))

\( {\text{H}}_{ 1} \) :

(authentic signals present only, \( 2\hat{\sigma }_{1}^{2} \))

\( {\text{H}}_{2} \) :

(both authentic and spoofing signals present, \( 2\hat{\sigma }_{2}^{2} \))

where \( 2\hat{\sigma }_{0}^{2} \), \( 2\hat{\sigma }_{1}^{2} \) and \( 2\hat{\sigma }_{2}^{2} \), respectively, denote the noise floor estimation under \( {\text{H}}_{0} \), \( {\text{H}}_{ 1} \) and \( {\text{H}}_{2} \) hypothesis. In case that the number of authentic and spoofing PRN signals is 10, and the power of the spoofing signal is assumed to be − 157 dBW, i.e., the same with that of the authentic signal, the characteristic curves under the three Chi-square distributions below are presented in Fig. 5.

Fig. 5
figure 5

Probability density distribution of D under ternary hypothesis test

Full size image

Under \( {\text{H}}_{0} \), D can be written as central Chi-squared distributions with two degrees of freedom as follows:

$$ p(D,{\text{H}}_{0} ) = \frac{1}{{2\hat{\sigma }_{0}^{2} }}{\text{e}}^{{ - \frac{D}{{2\hat{\sigma }_{0}^{2} }}}} $$
(29)

where \( \hat{\sigma }_{0}^{2} \) means the estimated sampling variance of the correlation output value D, and \( p(D,{\text{H}}_{0} ) \) denotes the probability distribution density under \( {\text{H}}_{0} \) hypothesis, the characteristic curve is shown as a green line in Fig. 5.

Under \( {\text{H}}_{ 1} \), D can be written as a non-central Chi-squared distribution with two degrees of freedom:

$$ p(D,{\text{H}}_{1} ) = \frac{1}{{2\hat{\sigma }_{1}^{2} }}{\text{e}}^{{ - \frac{{D + a_{1}^{2} }}{{2\hat{\sigma }_{1}^{2} }}}} I_{0} \left( {\frac{{\sqrt D a_{1} }}{{\hat{\sigma }_{1}^{2} }}} \right) $$
(30)
$$ a_{1}^{2} = \frac{1}{4}\sum\limits_{i = 1}^{M} {P_{i}^{\text{a}} P_{i}^{\text{a}} } $$
(31)

where \( \hat{\sigma }_{1}^{2} \) means the estimated sampling variance of the correlation output value D, I0(x) is the modified zero-order Bessel function of the first kind, and \( p(D,{\text{H}}_{1} ) \) denotes the probability distribution density under \( {\text{H}}_{1} \) hypothesis, the characteristic curve is shown as the blue line in Fig. 5.

Under \( {\text{H}}_{2} \), D can be written as a non-central Chi-squared distribution with two degrees of freedom as:

$$ p(D,{\text{H}}_{2} ) = \frac{1}{{2\hat{\sigma }_{0}^{2} }}{\text{e}}^{{ - \frac{{D + a_{2}^{2} }}{{2\hat{\sigma }_{0}^{2} }}}} I_{0} \left( {\frac{{\sqrt D a_{2} }}{{\hat{\sigma }_{0}^{2} }}} \right) $$
(32)
$$ a_{2}^{2} = \frac{1}{4}\sum\limits_{i = 1}^{M} {\left( {P_{i}^{\text{a}} P_{i}^{\text{a}} + P_{i}^{\text{s}} P_{i}^{\text{s}} } \right)} $$
(33)

where \( \hat{\sigma }_{2}^{2} \) means the estimated sampling variance of the correlation output value D, and \( p(D,{\text{H}}_{2} ) \) denotes the probability distribution density under \( {\text{H}}_{2} \) hypothesis, the characteristic curve of which is shown as the red line in Fig. 5.

Here we focus on just spoofing detection, so we set the threshold Dth for the judgment of \( {\text{H}}_{ 1} \) and \( {\text{H}}_{2} \). If the correlator output value exceeds Dth, the spoofing attack may probably exist.

The probability of false alarm (Pfa) and the probability of detection (Pd) can be defined as:

$$ P_{\text{fa}} = \int\limits_{{D_{\text{th}} }}^{\infty } {p(D,{\text{H}}_{1} )} {\text{ d}}D $$
(34)
$$ P_{\text{d}} = \int\limits_{{D_{\text{th}} }}^{\infty } {p(D,{\text{H}}_{2} )} {\text{ d}}D $$
(35)

herein, when the receiver is equipped with an AGC system that changes the input amplifier gain in order to efficiently sample different signals with different power levels. In order to remove the effect of the AGC gain, we define a new variable TSNR as follows:

$$ {\text{TSNR}} = \frac{D}{{2\hat{\sigma }^{2} }} $$
(36)

As shown in (36), the definition of the new variable TSNR is similar to the traditional definition for SNR. Since the estimation noise value \( 2\hat{\sigma }^{2} \) and the correlation output value D are related to the spoofer’s power advantage, TSNR will be affected as the spoofer’s power changes. Combining (26), (28) and (36), we can get the variation tendency curve of TSNR versus Psp as shown in Fig. 6.

Fig. 6
figure 6

Variation tendency of TSNR versus Psp

Full size image

Figure 6 shows the variation tendency of TSNR with the increase in Psp (Pau = − 157 dBW, Number = 15). We can find that when Psp is lower than − 170 dBW, the value of TSNR keeps near 10 dB. When Psp keeps increasing from − 170 dBW, TSNR increases sharply. When Psp is higher than − 140 dBW, TSNR remains stable gradually with the value close to 26 dB.

Combining (34)–(36), we can get the receiver operating characteristic curve (ROC curve) for different values of Psp, as shown in Fig. 7. It is observed that the detection performance of the receiver substantially gets better as Psp increases. We can get the threshold TSNRth = 15.9 dB for Pfa = 0.001% as the probability of false alarm. Then, when Psp is − 151 dBW, Pd will be higher than 99.998%.

Fig. 7
figure 7

ROC curve for different values of Psp

Full size image

Simulation results

According to the published literature, it is quite difficult nowadays to get a complete platform for spoofing experiments tests, and it is illegal to spread spoofing signals outdoor. For the flexibility of GNSS software, it is practical to verify the proposed method with the help of GNSS software. The previous sections have shown specific decision processing of spoofing detection. This section presents experiments to testify the effectiveness of the new spoofing detection method based on GNSS software.

Jafarnia-Jahromi et al. (2014) proposed the SPA method for spoofing detection based on energy measurement. According to their Eq. (4), the periodic characteristic of \( y_{\text{ss}}^{\text{cc}} (nT_{\text{s}} ) \), i.e., the cross-correlation of different received PRN signals, depends on the frequency difference between two PRNs. The frequency difference between two PRNs may change with time, so the periodic characteristic of \( y_{\text{ss}}^{\text{cc}} (nT_{\text{s}} ) \) changes with time too. That is to say that \( y_{\text{ss}}^{\text{cc}} (nT_{\text{s}} ) \) will not always get strengthened or weakened by the noise filtering process, which is likely to be the cause of test the statistics jumping violently. Based on the filtering theory of the SPA method, the energy of the signal is adequately extracted only when each Doppler frequency differences among the PRNs are n kHz, with n being an integer. However, we do not know sufficient information about code phase and Doppler frequency of the spoofing signals based on TEXBAT datasets (Humphreys et al. 2012). In that case, GNSS software provides a more practical and flexible simulation platform to verify the above predictions.

First simulation experiment

Applicability analysis of SPA method and TSEM method with different Doppler frequency choices.

  • Pau = − 157 dBW; Number_au = Number_sp = 15; Time length: 6 s;

  • Time 0–5 s: Doppler frequencies of authentic signals and spoofing signals get a random variation every 1 s.

  • Time 5–6 s: In order to make sure that the Doppler frequency differences among different PRNs of authentic and spoofing signals are integer times of kHz, each Doppler frequency of the PRNs is reset to n kHz, and the integer n is randomly chosen within the range [− 5, 5].

In order to avoid the interaction between authentic signals and spoofing signals, the relative code phase difference between authentic signals and spoofing signals for the same PRN is limited to > 1.5 chips.

Figure 8 shows the SPA test statistics for simulated data in different situations such as spoofing absent (clean data), matched power 3 dB (the average power of spoofing is 3 dB higher than that of authentic signals), matched power 0.8 dB (the average power of spoofing is 0.8 dB higher than that of authentic signals), and overpowered (the average power of spoofing is 10 dB higher than that of authentic signals). It is observed that in the first 5 s, the test statistics stays at a low level, while after 5 s they undergo obvious uplift. The test statistics of the SPA method depend on the Doppler frequencies of spoofing signals and authentic signals, while under realistic environment, the Doppler frequencies are diversified. Based on the filtering theory of the SPA method, the energy of the signal is adequately extracted only when each Doppler frequency differences among the PRNs is n kHz, as shown at time 5–6 s. Now, therefore, we can justify that the SPA method has difficulties achieving practical performance levels.

Fig. 8
figure 8

Spoofing detection based on SPA method in different situations

Full size image

Figure 9 shows the signals energy elevation based on TSEM method in different situations. As shown in the figure, the detection threshold TSNRth = 15.9 dB is determined for the false alarm probability Pfa = 0.001%. Even for the case when the average power of the spoofing signals is 0.8 dB higher than that of the authentic signals, the test statistics is 5 dB higher than in the case of when spoofing is absent. It is observed that the TSEM method can successfully detect the presence of spoofing signals.

Fig. 9
figure 9

Signals energy elevation based on TSEM method in different situations

Full size image

Figure 10 shows the noise floor elevation in different situations. It is observed that the presence of spoofing signals slightly increases the receiver noise floor estimate. However, this slight increment might not provide considerable discrimination between authentic and spoofing signal sets.

Fig. 10
figure 10

Noise floor elevation based on TSEM method in different situations

Full size image

Second simulation experiment

Code interval between spoofing PRNs and authentic PRNs is more than 1.5 chips

  • Pau = Psp = − 157 dBW; Number_au = Number_sp = 15; Time length: 1 s.

Code phase and Doppler frequency parameters: It is assumed that the relative Doppler frequency of spoofing signals and authentic signals is Δf and the carrier phases of the two signals are completely synchronous at the beginning. Also, the code phases of the two signals are kept at a half chip apart all the time.

Figure 11 shows test statistics based on TSEM method. Four panels, respectively, illustrate four situations: spoofing absent and spoofing attack with Δf = 3 Hz/s, 100 Hz/s, and 1 kHz/s. We can know that the average power of the received signals without spoofing attack is about 10 dB, according to the upper left panel. As shown in the upper right panel, at the beginning the average power of the received signals is 20 dB which is much higher than TSNRth, while it ranges from − 10 to 20 dB regularly. The lower left panel and the lower right panel illustrate similar characteristics. However, for the lower right panel, the test statistics tend to be relatively stable around 15 dB after 0.5 s. It is observed that when the Doppler frequency differences between spoofing signals and authentic signals are relatively small and the code phase differences are < 1.5 chips, the test statistics vary widely. When the Doppler frequency differences are in-phase, the test statistics get much higher than TSNRth, which will improve the spoofing detection performance, while when the Doppler frequency differences are antiphase, the test statistics get much lower than TSNRth, which will make the spoofing detection performance worse and even lose efficiency.

Fig. 11
figure 11

Spoofing detection based on TSEM method in different situations

Full size image

Just as stated above, the performance of the TSEM method will get worse when the code interval between authentic and PRNs is < 1.5 chips. The worst situation is that the spoofing signals and the authentic signals are antiphase with each other, the energy signals should be offset, and it is difficult for the receiver to detect the spoofing attack. This case is quite difficult to achieve for spoofer. On the one hand, the spoofer must know the motion state parameters of the receiver accurately and control various time delay precisely. On the other hand, the requirement of code phase difference and antiphase of Doppler frequency with the code interval < 1.5 chips will greatly limit the extension of spoofing, since the navigation results of a receiver depend on code phases and Doppler frequency. One common and practical spoofing pattern is: the spoofing power gradually increases and finally exceeds the authentic signal’s power, and at the same time a higher power spoofing correlation peak is generated which gradually moves toward the authentic correlation peak and tries to grab the tracking point of the target receiver as shown in Fig. 12. When the receiver is under stable spoofed state, the TSEM method can detect the existence of a spoofing attack effectively, since the code phases between the spoofing signals and authentic signals are more than 1.5 chips apart, in order to avoid interaction with each other.

Fig. 12
figure 12

Sliding spoofing attack on tracking phase of the user receiver

Full size image

Compared with spoofing attack, multipath signals may have some similar effects. Multipath signals are generally considered undesirable in GNSS because they destroy the correlation function shape used for time delay estimation. Multipath interference occurs when the user device receives reflected signals in addition to the direct line of sight (LOS) signal. These interference signals are generally reflected from the ground, buildings or trees in terrestrial navigation. In order to analyze the multipath effects on the TSEM method, the following simulation experiment is proposed.

Third simulation experiment

Analysis of multipath effects on TSEM method

  • Pau = − 157 dBW; Number_au = 15; Time length: 1 s; Multipath number: 4.

  • Chip spacing separation from the authentic signals: 0.3 chip, 0.5 chip, 0.6 chip, 1.6 chips.

  • The power of multipath signals: − 160, − 162, − 164, − 161 dB.

It is assumed that the relative Doppler frequency of multipath signals and authentic signals is Δf = 3 Hz and the carrier phases of the two signals are completely synchronous at the beginning. In order to avoid the interaction between authentic signals and spoofing signals, the relative code phase difference between authentic signals and spoofing signals for the same PRN is limited to > 1.5 chips. In order to avoid the interaction between authentic signals and spoofing signals, the relative code phase difference between authentic signals and spoofing signals for the same PRN is limited to > 1.5 chips.

As shown in Fig. 13, the vast majority of the test statistics are under the threshold with multipath signals based on the TSEM method fluctuating more widely than the case without multipath signals shown in the upper left panel of Fig. 11. Generally, the multipath signals are from low-elevation angles of all available satellites, and the multipath signals are weaker than the authentic signals, while the spoofing signals are stronger than the authentic signals. The characteristics of multipath signals may change with time for a moving receiver, and it may make test statistics decrease or increase, which can lead to a false alarm or missed alarm. Since the time delay, attenuation factors, number of multipaths, and directions of multipaths are almost impossible to know, it is quite difficult to simulate the complex multipath environment completely. Therefore, it is not very easy to evaluate the bad effects of multipath signals on the detection performance of the TSEM method, and more research needs to be done.

Fig. 13
figure 13

Multipath effects on TSEM method

Full size image

Nowadays, multipath remains a dominant source of ranging error in GNSS, and a large number of multipath suppression methods have been proposed. In order to enhance the robustness of the TSEM method, it is practical to take steps to reduce the bad effects of multipath signals on GNSS receivers. Since the multipath suppression problem will get more complex and difficult, once the receiver receives the multipath signal through the antenna, it is sensible to try to avoid the introduction of multipath signals. While choosing an open work area can effectively avoid multipath signals. Multipath suppression antenna will also do well against the introduction of multipath signals.

Fourth simulation experiment

TSEM method performance with spoofing power increasing

  • Time length: 14 s; Pau = − 157 dBW; Number_au = Number_sp = 15;

  • Time 0–1 s: authentic signals present only;

  • Time 1 s: Spoofing attack starts, and the initial value of Psp is − 172 dBW.

  • Time 1–14 s: Psp is increasing from − 172 to − 133 dBW.

  • Power increasing speed of Psp is 3 dB/s.

In order to avoid the interaction between authentic signals and spoofing signals, the relative code phase difference between authentic signals and spoofing signals for the same PRN is required to be > 1.5 chips.

Figures 14, 15, and 16 show the performance of the implemented spoofing detection method. Figure 14 shows that in the first 5 s (\( P_{\text{sp}} \le - \,160\,\,{\text{dBW}} \)), most of the TSNR values are below TSNRth. As time increases, TSNR exceeds the TSNRth gradually. When Psp is just slightly higher than Pau, the spoofing attack cannot cause obvious lifting to the noise floor estimation, since the signal components, both authentic and spoofing signals, are far weaker than the noise component. In this case, it is quite difficult for the user receiver to realize the existence of a spoofing attack. The proposed TSEM method can help the user receiver detect the spoofing attack effectively. As shown in Fig. 14, after 7 s (\( P_{\text{sp}} \ge - \,154\,\,{\text{dBW}} \)), most of the TSNR values are above TSNRth. After about 12 s (\( P_{\text{sp}} \ge - \,142\,\,{\text{dBW}} \)), TSNR keeps nearly constant.

Fig. 14
figure 14

Variation tendency of TSNR versus time (0–14 s)

Full size image
Fig. 15
figure 15

Variation tendency of \( 2\hat{\sigma }^{2} \) versus time (0–14 s)

Full size image
Fig. 16
figure 16

Variation tendency of TSNR versus time (0–1 s)

Full size image

When the AGC function is off, we can get the noise floor estimation \( 2\hat{\sigma }^{2} \) as shown in Fig. 15. In the first 5 s, \( 2\hat{\sigma }^{2} \) remains stable, while after 5 s, it starts to increase gradually. After 8 s, \( 2\hat{\sigma }^{2} \) increases sharply.

Figure 16 shows the variation of TSNR versus time in the first seconds (authentic signals present only). TSNR fluctuates near 10 dB, which is below TSNRth. Therefore, the spoofing detection method proposed is useful for the case when only digital samples are available without despreading the IF signals.

Conclusions

The TSEM method which is based on measuring the energy of received signals can be used for GNSS spoofing detection. Through establishing new test quantities which can reflect the power of signal components and noise floor level, respectively, this spoofing detection system can work well when only digital samples are available, without knowing the code phase and Doppler frequency of each satellite and the AGC gain. The number of satellites available can be obtained from almanac data stored in the user receiver, as the prior information for the determination of detection threshold. In the end, the proper performance of this technique is verified through simulations based on GNSS software. The simulation results show that this method can work well even when the received signal strength of the spoofing and authentic signals are very close to each other when the spoofing signals are more than 1.5 chips apart from authentic signals. Also, the performance of spoofing detection gets better with the increase in spoofing signal strength.

However, there are yet no existing spoofing countermeasure techniques that can cope with all spoofing cases. Many countermeasures are confined to specific conditions. The nature of spoofing attack is that it represents not the real signals received from the satellites. The definition and classification of a spoofing attack are flexible rather than just a single fixed model taken from the existing literature. That is the reason why there are not yet existing spoofing countermeasure techniques that can cope with all spoofing cases. The spoofing detection method presented is based on the general assumption that the code phases of authentic signals and spoofing signals are independent of each other. Just as stated above, the TSEM method will meet some negative factors for some special situations, such when the code phase differences between authentic signals and spoofing signals are < 1.5 chips, and the method needs to be adjusted or combined with other methods. But it is difficult to keep the code phases and Doppler frequencies accurate to meet the requirements for the spoofer to avoid being detected, which does well for the applicability of TSEM method. In addition, multipath signals can also negatively affect the robustness of the TSEM method, and further research is needed for multipath interference problems to improve its feasibility under complex multipath environment. Currently, it is practical and advisable for the TSEM method to be integrated with corresponding suppression technology to restrain or eliminate the multipath signals.

In summary, this spoofing detection system is easy to be applied on GNSS anti-spoofing receiver, with its characteristics being simple and effective. Especially for sophisticated spoofing signals transmitted by multi-antenna strategies for which many anti-spoofing countermeasures may lose efficacy, this method can work generally well, since it does not rely on the directions of received signals. But further developments are needed in order to produce a sufficiently reliable detection system for other spoofing cases such as under complex multipath conditions which have not been thoroughly evaluated in this paper.