Publicerad den Lämna en kommentar

Toughen GPS to resist jamming and spoofing

By Bradford W. Parkinson
Aeronautics and Astronautics Professor Emeritus (recalled)
Stanford University

Brad Parkinson

Brad Parkinson

We, of the PNT universe, have been hearing a rather continual message of doom from the media regarding the fragility of the GPS (or GNSS) signals. In a way, they are right. The received GPS signal is 1/10th of 1 millionth of 1 billionth of a Watt. It can be susceptible to jamming and spoofing.

In response, the U.S. government has sponsored major studies and some competitive tests of techniques to augment or possibly replace GPS. I applaud such queries, but also would strongly advocate more balance in efforts to increase robustness of positioning, navigation and timing (PNT).

Specifically, I argue for increased emphasis on well-known techniques that can greatly toughen GNSS receivers to both jamming and spoofing. Some of these techniques are deliberately denied to civil users by government policy.

Background

The PNT Advisory Board (PNTAB) is a panel of national experts who report to the PNT ExCom. The ExCom is comprised of the deputy heads of the nine U.S. government departments with the largest stakes in PNT. The PNTAB has a starkly simple and well-stated goal:


To meet its overarching goal, the PNTAB has developed a three-legged strategic framework, known as “PTA”: “We must protect, toughen and augment GPS to ensure that it continues to provide economic and societal benefits to the nation.”

Most current U.S. government efforts have been focused on the third of the PNTAB strategic legs: augmenting the GPS system. These system augmentations include: modernized Loran (eLoran), fiber-optic distribution of time, and ranging to low-Earth-orbit (LEO) satellites (particularly the swarms of communications satellites). In general, these system augmentations offer no hope of being equivalent to GPS in terms of availability and accuracy.

However, augmentations have the advantage of either being less vulnerable to interference, or highly proliferated in case of satellite outages. As supplements, or in an emergency, they can perform a very valuable role, but with nowhere near the equivalent performance of normally operating GNSS, which can routinely provide worldwide, 24/7 precisions better than decimeters in the dynamic real-time kinematic (RTK) mode. In the United States, GPS also offers continuous, real-time integrity assessments courtesy of the FAA1. Europe has a similar, compatible integrity system called EGNOS, and there are other regional system augmentations.

In summary, the current PNTAB assessment regarding these substitutes is:

“No current or foreseeable alternative to GNSS (primarily GPS) can deliver the equivalent accuracy (static down to millimeters) and worldwide, 24/7 availability.”

Toughening User Equipment

Toughening, the second leg of our assurance strategy, includes all aspects of GPS enterprise vulnerability — satellites, ground control and user equipment. For this article, I am focused on toughening the user equipment. I would argue that we have largely under-emphasized, or been prohibited by national policy from using, well-known and widely available user equipment toughening technology.

The main vulnerabilities of GPS receivers are jamming and spoofing of the received signals. Familiar anti-jam (A/J) methods can substantially overcome the inherent weakness of GPS signals to defeat deliberate jamming and spoofing. As I outline here, such measures can reduce a jammer’s effective radius by a factor of more than 100 and reduce the effective jammer area by a factor of 10,000 compared to the unprotected receiver.2

Thus, these methods are also deterrents, because they can render ineffective such hostile (or possibly inadvertent) acts. Further, the technology that provides this significant toughening is available now or will be within a few years, rather than the many years required by some alternative, system-level augmentations.

Toughening techniques (A/J improvements) are traditionally calibrated as the improvement in the amount of jamming that can be tolerated, measured by the jamming-to-signal power ratio (J/S) expressed as decibels (dB). However, for this discussion, I will also use a different, more intuitive, measure. This metric is the Denial Radius Reduction Ratio (DRRR):

DRRR = (radius of jammer denial after J/S measure applied)/(jammer radius without improvements)

For example, a 15-dB improvement in J/S would lead to a DRRR of 0.178.3 In other words, the 15-dB improvement has reduced the denial radius to about 18% of the line-of-sight radius that would be denied to an untoughened receiver. Note that the simultaneous use of techniques is generally multiplicative. For example, simultaneously applying technique #1 with a DRRR1 of 0.5 and technique #2 with a DRRR2 of 0.3, would result in a DRRR1&2 of 0.3 *0.5, or an overall DRRR of 0.15. This is the advantage of using this metric to describe the A/J improvements. 4

Baseline Case

For our basis for comparison, we will consider the L1 C/A signal in full accuracy (State 5) tracking mode and a 1-kW noise jammer.5,6 For this situation, the line-of-sight jammer could deny GPS to a radius of about 560 kilometers. A discussion of the lower accuracy State 3 tracking is included below.
It is useful to consider toughening techniques in four major categories.

Toughening Category 1: Signal Processing. With L1 C/A, GPS receivers can improve jamming resistance, albeit with loss of ranging (tracking) accuracy, by using code tracking mode – State 3. This reduces a line-of-sight jammer’s denial radius (DRRR) to about 0.29 (a 10.7 dB improvement).

Toughening Category 2: Inertial Components and Very Stable User Clocks. This includes miniature micro-electromechanical (MEMS) components up to high-grade inertial measurement units (IMUs) and quartz to chip-scale atomic clocks (CSACs). These techniques enable narrower tracking filters and longer averaging, as well as allowing navigation through regions when GPS is denied. The range of DRRRs is 0.40 down to 0.10. We will use a nominal value of 0.18 (a 15-dB improvement).

Toughening Category 3: CRPAs. Controlled reception pattern antennas (CRPAS) are digital, multi-element, phase-steered antennas. They represent well-understood and available technology; they have been used in large surface-search radar systems for many decades.7 They can be used in null-steering or beam-steering modes.8 The number of antenna elements could range up to dozens. Potentially, they could produce DRRRs down to .01 — that is, a 99% reduction of jammer radius to 1% of the unprotected GPS receiver value.

Unfortunately, the U.S. government does not allow more than three-element CRPAs to be manufactured or sold for civil use. 9 This is due to some very old International Traffic in Arms Regulations (ITAR). For our nominal example, we will assume the restriction has been relaxed and use a CRPA of about 20 elements, which should produce a DRRR of 0.06 (a 25-dB improvement).

Toughening Category 4: Signal Alternatives. This category includes alternative modulations at 1575 MHz (L1C, Galileo or other GNSS) and alternative frequencies (L5, L2, Galileo). Note that the modern signals generally offer significantly improved signal-processing toughening as well as increased power.

Using L1C in State 3 compared to L1 C/A in State 5 would yield a DRRR of 0.10. (a 20.3-dB improvement). The L1C international signal should be operational on GPS by mid-decade. The L5 signal, at 1176 MHz, is clearly the most capable of the civil GPS signals in terms of jam resistance. L5 also should be declared operational by mid-decade. As the use of LEO communication satellites matures, their use may also fit this category.

Summary of Receiver Toughening Options. Quantification of the selected, nominal receiver augmentations are summarized in FIGURE 1 for both full accuracy (State 5, centimeter-level accuracy in RTK) and for less accurate code tracking (State 3, meter-level accuracy). These results are shown with a logarithmic scale to accommodate the wide range of denial radii.

Figure 1. Effect of receiver augmentations on accuracy for both State 5 and State 3. (Image: Brad Parkinson)

Figure 1. Effect of receiver augmentations on accuracy for both State 5 and State 3. (Image: Brad Parkinson)

The example shows that a 1-kW hostile jammer’s denial radius10 can be reduced by a factor of about 100, using the conservative example augmentations of inertial and CRPAs. Because area is proportional to radius squared, the effective denial area of an augmented receiver would be 1/10,000th of the unaugmented receiver, using the example values.

Reverting to code-only (State 3) tracking, it enables operating through higher levels of jamming, albeit with less ranging precision. All these receiver augmentations and tracking techniques would also offer a significant defense against any attempt to spoof (deceive) the position measurement. Again, none of these techniques are new; we demonstrated the capabilities at the original GPS Joint Program Office in 1978, more than 40 years ago. Today, many competent manufacturers are offering toughened GPS receivers with combinations and variations of these techniques.

GPS jamming tests at White Sands have caused aircraft interference, which could be largely avoided with toughened receivers. Here, M-code is tested on Joint Light Tactical Vehicle platforms in 2020. (Photo: Joe Bullinger/U.S. Navy)

GPS jamming tests at White Sands have caused aircraft interference, which could be largely avoided with toughened receivers. Here, M-code is tested on Joint Light Tactical Vehicle platforms in 2020. (Photo: Joe Bullinger/U.S. Navy)

Meeting Increasing Threats

Threats of both jamming and spoofing seem to have accelerated. Devices to perform these illegal acts are freely advertised on the internet. In fact, we read of incidents both in the United States and abroad.11 Near White Sands Missile Range in New Mexico, there have been GPS air traffic control outages due to authorized military operational jamming exercises. Such interruptions could be largely avoided if more robust (toughened) GPS receivers, with the enhanced jam resistance techniques outlined here, were in use.

News reports also highlight the spoofing issue. Hardening against this threat is also a task for toughening. A serious spoofing sequence usually starts with a strong jamming signal to cause the user’s receiver to break lock, followed by a strong false GNSS signal that causes false lock by the receiver. Using the false signal leads to a false position, of course. The first line of defense is to avoid the break-lock threat. Failing this, numerous self-check and authentication schemes can be used to avoid false positions.

A conclusion is that avoiding the break-lock jamming is a first line of defense against a spoofing attack. Of course, the toughening techniques to avoid this are the main subject of this paper. One well-known expert has stated that, for a well-designed receiver, a spoofing attack might deny the measurement of position, but should never cause false PNT. I will leave further discussion of spoofing to other authors.
Returning to disruptions of service in general, some have suggested many interference occurrences have gone unreported, because the typical user would not know where to make such a report. To remind the reader, the official reporting center is online at www.navcen.uscg.gov/?pageName=gpsUserInput.

In addition, the U.S. Federal Communications Commission (FCC) has repurposed a portion of the spectrum adjacent to the main GNSS L1 frequency (1575 MHz). The agency is converting the license holder’s original authorization to transmit a weak space-transmitted signal into a much stronger terrestrial system, potentially with thousands of transmitters. Extensive testing of civil GPS receivers by the U.S. Department of Transportation demonstrated that the planned repurposing will interfere with many existing receivers. Some observers call this disruption “legal jamming.”

Such a new spectrum use could have grave impacts on those existing receivers, notably aviation (especially helicopters and UAVs) and first providers. On the other hand, installing toughened replacement receivers would make the users virtually immune to this threat.

So, this begs the question: If the receiver toughening techniques are so effective, why are they not more prevalent?

Barriers to Adoption

Let’s examine the potential resistance to more extensive use of receiver augmentations.

Knowledge. This involves underestimating the threat to PNT and not understanding that toughening techniques are available. As mentioned above, threats to the fragile GNSS signals are growing.

There seems to be little interest in the U.S. government to monitor and suppress interference in the United States. Internationally, the reported incidents continue to increase.12 It is also reported that certain European aircraft manufacturers have installed advanced, deeply integrated inertial systems with civil GNSS receivers to defeat or “flywheel” through radio-frequency threats (particularly in the Middle East).

As this threat trend continues, GPS manufacturers and users must realize that many of these solutions will take time to authorize, implement and install. It appears that the media are not aware that not only are the toughening techniques outlined here feasible, but many manufacturers have product offerings that address these threats. Having off-the-shelf solutions will give the PNT user the opportunity to retrofit and defeat such threats.

Cost. The cost for a receiver to revert from State 5 to State 3 is zero, and all receivers that use Code 5 (for example, RTK) would naturally have this built in. Regarding use of other frequencies (such as L5) and modulations (L1C) rather than the original L1 C/A, there is some small cost associated, including the additional antenna for L5. Note that all modern cellphone chips, such as Qualcomm’s, have this capability — including integrated carrier-phase measurements — in a chip that is estimated to cost about $5. A potential barrier is that the L5 and L1C signals are not yet declared operational, but these newer GPS signals should be operational within about five years.

The costs of many inertial components (accelerometers and gyros) have plummeted in the last few decades with the proliferation of MEMS devices, particularly into cellphones and automobiles. Their power consumption has also decreased while their performance has steadily improved. Full IMUs are much more expensive, but are already installed on many commercial aircraft. Robust toughening with inertial sensors can be achieved, but requires deep integration and careful engineering.

Depending on their complexity, CRPA antennas can be a costly receiver augmentation. Very high-speed (330 MHz is available), 16-bit, A-to-D converters are at the heart of most of these phased-array devices. Some are priced at about $150 each. Applications with a high premium for PNT availability in the face of interference — such as commercial aircraft and cargo ships — should find them affordable. Aircraft manufacturers have resisted retrofitting existing aircraft with larger diameter CRPA antennas because of costs. For some of these applications, integration costs can be more than the costs of the receiver itself, particularly if not included in the original manufacture.

As the yearly sales of fully toughened receivers increase, the economies of scale should significantly reduce unit costs. Each application will make its own determination of affordability, based on risk.

Government restrictions. Civil use of CRPAs with four or more elements is restricted by ITAR. These are well-meaning restrictions on technologies that could be used against the United States by hostile military forces. Unfortunately, the phased-array antenna techniques are not only well understood and tested, but relatively inexpensive components are widely available on the open world market. In particular, the restriction on the number of CRPA elements for civil use should be completely removed. All potential enemies are well aware of the beam-steering method and have ready access to the parts to build them. Thus, the restriction is only harming civil users without affording any apparent improvement in general military posture.

Certified aviation receivers need approval for deep integration of inertial systems and multi-element CRPAs. (Photo: JasonDoiy/iStock/Getty Images Plus/Getty Images)

Certified aviation receivers need approval for deep integration of inertial systems and multi-element CRPAs. (Photo: JasonDoiy/iStock/Getty Images Plus/Getty Images)

Gaining permission: FAA flight certifications. To be used in commercial aircraft operations, navigation equipment must be certified by the U.S. Federal Aviation Administration (FAA). Current, certified GPS aviation receivers have rudimentary toughening techniques, but gaining approval for deep integration of inertial systems and multi-element CRPAs must be completed. It is gratifying to hear that work is underway to do this.

Any civil solution for the United States must expand integrity monitoring beyond GPS to include all GNSS, and must be operationally included in the FAA’s integrity monitoring with WAAS.

Recommendation

In describing resistance to interference, I have introduced the idea of DRRR – Denial Radius Reduction Ratio. Also, I have used a 1-kW white-noise jammer as a standard threat for calculating the denial radius of various GPS receiver configurations. My recommendation is that equipment manufacturers specify their receiver offerings by stating their equipment’s denial radius against a “standardized” 1-kW EIRP white-noise jammer.

Summary

Media reports of interference to GPS may be accurate, but they generally do not recognize that available toughening techniques can largely defeat those interference threats. While exploring systems-level replacements or augmentations (such as LEO ranging or Loran) is worthwhile, GPS (or GNSS) still offers the greatest capability in combined terms of accuracy, integrity and coverage.

The goal of all PNT providers — GPS operators, certifiers and manufacturers — should be assured PNT, with the expected accuracy and availability. The described toughening techniques to do that have been known for decades, but have not been generally adopted by many critical civil users. Many manufacturers do offer civil products under existing government constraints.

The purpose of this article was to describe and advocate the solutions available to increase the robustness and toughening of civil GPS receivers. For example, readily available toughening augmentations for civil receivers can reduce the denial radius of interference by 99% or more. This implies that any denied area would be squeezed down to 1/10,000th of that experienced by an unaugmented receiver.

The payoff is high, and should be affordable to many high-end, safety-of-life users. Therefore, a renewed focus on toughening of GPS receivers is overdue. We discussed barriers to rapid adoption but, more than the specifics, it is crucial to fully and urgently embrace the goal of toughening receivers, particularly removing the ITAR restriction on antennas.


Opinions expressed in this article are those of the writer and should not be construed as the official position of the PNTAB or any U.S. government organization.


Notes

1. While not a part of the U.S. Department of Defense’s GPS operation, the FAA’s integrity signal (WAAS) is a GPS-type signal directly available and being used by almost all modern GPS receivers, including cellphones.

2. This is the ration of Denial Radius between, for example, unaugmented L1 C/A in State 5 and augmented L1C in State 3. Please see later footnote and graph.

3. Calculated as 10 (–15/20)

4. Of course, the more traditional dB measure of jammer resistance can (in most cases) be simply summed to estimate the total effectiveness. The use of DRRR gives a more intuitive calibration, particularly for non-technical persons who may not be at all familiar with dBs.

5. State 5 is the tracking mode that provides full accuracy; it requires tracking both the PRN code and the reconstructed carrier. It is required for RTK positioning, which is usually used for automatic control of machines or vehicles. It is most vulnerable to interference. Less vulnerable is State 3 tracking, which only provides code tracking, with precisions of perhaps a few meters.

6. Deliberate jamming using “matched spectrum” GPS-like modulations have also been employed in the Middle East. The toughening techniques described are also generally applicable, with appropriate rescaling. The matched spectrum is fundamentally used to improve the jammer spectrum efficiency.

7. See Michael Jones, “Anti-jam systems: Which one works for you?”, posted on gpsworld.com on June 14, 2017, for a survey of manufacturer offerings at that time. Named companies generally continue to offer improved, jam-resistant products. 

8. Phased-array antennas, by their nature, distort phase and would probably have to be calibrated for precise operations such as RTK. Fortunately, we understand that this problem has been reportedly addressed and largely solved by the U.S. Navy’s JPALs program.

9. See U.S. Munitions List at www.ecfr.gov/current/title-22/chapter-I/subchapter-M/part-121.

10. The denial radius results shown can be easily scaled for weaker or more powerful jammers. The scaling goes as simply the square root of the power ratio of a different size jammer to the 1-kW example. A 10-watt jammer is 1/100th the power of the example. The denial radius would then be one tenth of the example, which is the square root of 1/100.

11. “Ships have reported an increasing number of cases of significant GPS interference and jamming in recent months. The geographic areas with more than one reported incident include the eastern and central Mediterranean Sea, the Persian Gulf, and multiple Chinese ports.” (Source: www.gard.no/web/updates/content/30454065/gps-interference-and-jamming-on-the-increase).

“North Korea is using radio waves to jam GPS navigation systems near the border regions, South Korean officials said. The broadcasts have reportedly affected 110 planes and ships and can cause mobile phones to malfunction.” (Source: www.bbc.com/news/world-asia-35940542).

12. “Reports of GPS outages submitted by pilots from the cockpits of commercial flights show that disruptions to the navigation system, which was created and is maintained by the U.S. government, are now standard occurrence on the flight routes between North America and Europe and the Middle East, according to data from the European Organization for the Safety of Air Navigation, known as Eurocontrol.” Fortune Magazine, Nov. 1, 2020.

Lämna ett svar