Abstract

Cross-correlations of unknown encrypted signals between
\ntwo civilian GNSS receivers are used to detect spoofing
\nof known open-source signals. This type of detection
\nalgorithm is the strongest known defense against
\nsophisticated spoofing attacks if the defended receiver has
\nonly one antenna. The attack strategy of concern starts by
\noverlaying false GNSS radio-navigation signals exactly
\non top of the true signals. The false signals increase in
\npower, lift the receiver tracking loops off of the true
\nsignals, and then drag the tracking loops and the
\nnavigation solution to erroneous, but consistent results.
\nThis paper develops codeless and semi-codeless spoofing
\ndetection methods for use in inexpensive, narrow-band
\ncivilian GNSS receivers. Detailed algorithms and
\nanalyses are developed that use the encrypted military
\nP(Y) code on the L1 GPS frequency in order to defend
\nthe open-source civilian C/A code. The new detection
\ntechniques are similar to methods used in civilian dualfrequency
\nGPS receivers to track the P(Y) code on L2 by
\ncross-correlating it with P(Y) on L1. Successful detection
\nof actual spoofing attacks is demonstrated by off-line
\nprocessing of digitally recorded RF data. The codeless
\ntechnique can detect attacks using 1.2 sec of correlation,
\nand the semi-codeless technique requires correlation
\nintervals of 0.2 sec or less. This technique has been
\ndemonstrated in a narrow-band receiver with a 2.5 MHz
\nbandwidth RF front-end that attenuates the P(Y) code by
\n5.5 dB.