The theory and practice of unmanned aerial vehicle (UAV) capture and control via Global Positioning System (GPS) signal spoofing are analyzed and demonstrated. The goal of this work is to explore UAV vulnerability to deceptive GPS signals. Specifically, this paper (1) establishes the necessary conditions for UAV capture via GPS spoofing, and (2) explores the spoofer's range of possible post-capture control over the UAV. A UAV is considered captured when a spoofer gains the ability to eventually specify the UAV's position and velocity estimates. During post-capture control, the spoofer manipulates the true state of the UAV, potentially resulting in the UAV flying far from its flight plan without raising alarms. Both overt and covert spoofing strategies are considered, as distinguished by the spoofer's attempts to evade detection by the target GPS receiver and by the target navigation system's state estimator, which is presumed to have access to non-GPS navigation sensor data. GPS receiver tracking loops are analyzed and tested to assess the spoofer's capability for covert capture of a mobile target. The coupled dynamics of a UAV and spoofer are analyzed and simulated to explore practical post-capture control scenarios. A field test demonstrates capture and rudimentary control of a rotorcraft UAV, which results in unrecoverable navigation errors that cause the UAV to crash. C 2014 Wiley Periodicals, Inc.
Cross-correlation of unknown encrypted signals between two Global Navigation Satellite System (GNSS) receivers is used for spoofing detection of publicly-known signals. This detection technique is one of the strongest known defenses against sophisticated spoofing attacks if the defended receiver has only one antenna. The attack strategy of concern overlays false GNSS radio-navigation signals on top of the true signals. The false signals increase in power, lift the receiver tracking loops off of the true signals, and drag the loops and the navigation solution to erroneous, but consistent results. This paper uses hypothesis testing theory to develop a codeless cross-correlation detection method for use in inexpensive, narrow-band civilian GNSS receivers. The detection method is instantiated by using the encrypted military GPS P(Y) code on the L1 frequency in order to defend the publicly-known civilian GPS C/A code. Successful detection of spoofing attacks is demonstrated by off-line processing of recorded RF data from narrow-band 2.5 MHz RF front-ends, which attenuate the wide-band P(Y) code by 5.5 dB. The new technique can detect attacks using correlation intervals of 1.2 sec or less.
Cross-correlation of unknown encrypted signals between two Global Navigation Satellite System (GNSS) receivers is used for spoofing detection of publicly-known signals. This detection technique is one of the strongest known defenses against sophisticated spoofing attacks if the defended receiver has only one antenna. The attack strategy of concern overlays false GNSS radio-navigation signals on top of the true signals. The false signals increase in power, lift the receiver tracking loops off of the true signals, and drag the loops and the navigation solution to erroneous, but consistent results. This paper uses hypothesis testing theory to develop a codeless cross-correlation detection method for use in inexpensive, narrow-band civilian GNSS receivers. The detection method is instantiated by using the encrypted military GPS P(Y) code on the L1 frequency in order to defend the publicly-known civilian GPS C/A code. Successful detection of spoofing attacks is demonstrated by off-line processing of recorded RF data from narrow-band 2.5 MHz RF front-ends, which attenuate the wide-band P(Y) code by 5.5 dB. The new technique can detect attacks using correlation intervals of 1.2 sec or less.
A method for detecting the spoofing of civilian GPS signals has been implemented and successfully tested in a real‐time system. GPS signal spoofing is an attack method whereby a third party transmits a signal that appears authentic but induces the receiver under attack to compute an erroneous navigation solution, time, or both. The detection system described herein provides a defense against such attacks. It makes use of correlations between the unknown encrypted GPS L1 P(Y) code signals from two narrow‐band civilian receivers to verify the presence or absence of spoofing. One of these receivers is assumed to be at a secure location that is not subject to spoofing. The other receiver is the potential spoofing victim for which the present developments constitute a defense. Successful detection results are presented using a reference receiver in Ithaca, New York, a victim receiver in Austin, Texas, and a spoofer in Austin, Texas. Copyright © 2013 Institute of Navigation.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.