Browsing by Subject "Bhatti"
Now showing 1 - 12 of 12
- Results Per Page
- Sort Options
Item Civilian GPS Spoofing Detection based on DualReceiver Correlation of Military Signals(2011) Psiaki, Mark L.; O'Hanlon, Brady W.; Bhatti, Jahshan A.; Shepard, Daniel P.; Humphreys, Todd E.Cross-correlations of unknown encrypted signals between two civilian GNSS receivers are used to detect spoofing of known open-source signals. This type of detection algorithm is the strongest known defense against sophisticated spoofing attacks if the defended receiver has only one antenna. The attack strategy of concern starts by overlaying false GNSS radio-navigation signals exactly on top of the true signals. The false signals increase in power, lift the receiver tracking loops off of the true signals, and then drag the tracking loops and the navigation solution to erroneous, but consistent results. This paper develops codeless and semi-codeless spoofing detection methods for use in inexpensive, narrow-band civilian GNSS receivers. Detailed algorithms and analyses are developed that use the encrypted military P(Y) code on the L1 GPS frequency in order to defend the open-source civilian C/A code. The new detection techniques are similar to methods used in civilian dualfrequency GPS receivers to track the P(Y) code on L2 by cross-correlating it with P(Y) on L1. Successful detection of actual spoofing attacks is demonstrated by off-line processing of digitally recorded RF data. The codeless technique can detect attacks using 1.2 sec of correlation, and the semi-codeless technique requires correlation intervals of 0.2 sec or less. This technique has been demonstrated in a narrow-band receiver with a 2.5 MHz bandwidth RF front-end that attenuates the P(Y) code by 5.5 dB.Item Development and Demonstration of a TDOA-Based GNSS Interference Signal Localization System(2012) Bhatti, Jahshan A.; Humphreys, Todd E.; Ledvina, Brent M.Background theory, a reference design, and demonstration results are given for a Global Navigation Satellite System (GNSS) interference localization system comprising a distributed radio-frequency sensor network that simultaneously locates multiple interference sources by measuring their signals’ time difference of arrival (TDOA) between pairs of nodes in the network. The end-to-end solution offered here draws from previous work in single-emitter group delay estimation, very long baseline interferometry, subspace-based estimation, radar, and passive geolocation. Synchronization and automatic localization of sensor nodes is achieved through a tightly-coupled receiver architecture that enables phase-coherent and synchronous sampling of the interference signals and so-called reference signals which carry timing and positioning information. Signal and crosscorrelation models are developed and implemented in a simulator. Multiple-emitter subspace-based TDOA estimation techniques are developed as well as emitter identification and localization algorithms. Simulator performance is compared to the CramérRao lower bound for single-emitter TDOA precision. Results are given for a test exercise in which the system accurately locates emitters broadcasting in the amateur radio band in Austin, TX.Item Evaluation of Smart Grid and Civilian UAV Vulnerability to GPS Spoofing Attacks(2012) Shepard, Daniel P.; Bhatti, Jahshan A.; Humphreys, Todd E.; Fansler, Aaron A.Test results are presented from over-the-air civil GPS spoofing tests from a non-negligible stand-off distance. These tests were performed at White Sands Missile Range (WSMR) against two systems dependent on civil GPS, a civilian unmanned aerial vehicle (UAV) and a GPS time-reference receiver used in “smart grid” measurement devices. The tests against the civil UAV demonstrated that the UAV could be hijacked by a GPS spoofer by altering the UAV’s perceived location. The tests against the time-reference receiver demonstrated the spoofer’s capability of precisely controlling timing from a distance, which means a spoofer could manipulate measurements used for smart grid control without requiring physical access to the measurement devices. Implications of spoofing attacks against each of these systems are also given. Recommendations are presented for regulations regarding GPS receivers used in critical infrastructure applications. These recommendations include creating a certification process by which receivers are declared spoof-resistant if they are able to detect or mitigate spoofing attacks in a set of canned scenarios. The recommendations also call for a mandate that only spoof-resistant receivers be used in applications classified by the Department of Homeland Security (DHS) as national critical infrastructure.Item An Evaluation of the Vestigial Signal Defense for Civil GPS Anti-Spoofing(2011) Wesson, Kyle D.; Shepard, Daniel P.; Bhatti, Jahshan A.; Humphreys, Todd E.A receiver-autonomous non-cryptographic civil GPS antispoofing technique called the vestigial signal defense (VSD) is defined and evaluated. This technique monitors distortions in the complex correlation domain to detect spoofing attacks. Multipath and spoofing interference models are developed to illustrate the challenge of distinguishing the two phenomena in the VSD. A campaign to collect spoofing and multipath data is described, which specific candidate VSD techniques can be tested against. Test results indicate that the presence of multipath complicated the setting of an appropriate spoofing detection threshold.Item GNSS Spoofing Detection using Two-Antenna Differential Carrier Phase(2014-09) Psiaki, Mark L.; O'Hanlon, Brady W.; Powell, Steven P.; Bhatti, Jahshan A.; Wesson, Kyle D.; Humphreys, Todd E.A method is developed to detect GNSS spoofing by processing beat carrier-phase measurements from a pair of antennas in a CDGPS-type calculation. This systemdetects spoofing attacks that are resistant to standard RAIM technique, and it can sense an attack in a fraction of a second without external aiding. The signal-in-space properties used to detect spoofing are the relationships of the signal arrival directions to the vector that points from one antenna to the other. In the un-spoofed case, there are a multiplicity of relationships between the interantenna vector and the arrival directions of the multiple signals, which results in a quantifiable multiplicity of carrier-phase single-differences between the antennas. In the spoofed case, there is a single direction of arrival, assuming a single spoofer transmission antenna, and the carrier phase single-differences are identical for all channels, up to an integer cycle ambiguity. A real-time implementation of this detection method has been developed, and it has been tested against live-signal spoofing attacks aboard a superyacht that was cruising around Italy en route from Monaco to Venice. The prototype system demonstrated an ability to detect spoofing attacks in a fraction of a second, though lags in the system’s signal processing lengthened the detection delay to as much as 6 seconds. The system experienced challenges during the initial phase of a spoofing attack if the spoofer power was not much greater than that of the true signal. The true and spoofed signals interfere in a beating pattern in this case, making the composite signal harder to track and harder to classify as being either spoofed or non-spoofed. After the spoofer drags the victim receiver off to an erroneous position or timing fix, the beating subsides, and the new spoofing detection system performs well.Item The GPS Assimilator: a Method for Upgrading Existing GPS User Equipment to Improve Accuracy, Robustness, and Resistance to Spoofing(2010) Humphreys, Todd E.; Bhatti, Jahshan A.; Ledvina, BrentItem A Graphical Approach to GPS Software-Defined Receiver Implementation(2013) Kassas, Zaher M.; Bhatti, Jahshan A.; Humphreys, Todd E.Global positioning system (GPS) software-defined receivers (SDRs) offer many advantages over their hardwarebased counterparts, such as flexibility, modularity, and upgradability. A typical GPS receiver is readily expressible as a block diagram, making a graphical approach a natural choice for implementing GPS SDRs. This paper presents a real-time, graphical implementation of a GPS SDR, consisting of two modes: acquisition and tracking. The acquisition mode performs a twodimensional fast Fourier transform (FFT)-based search over code offsets and Doppler frequencies. The carrier-aided code tracking mode consists of the following main building blocks: correlators, code and carrier phase detectors, code and carrier phase filters, a code generator, and a numerically-controlled oscillator. The presented GPS SDR provides an abstraction level that enables future research endeavors.Item Indoor GPS: Tightly Coupled Opportunistic Navigation(2010) Pesyna, Ken; Wesson, Kyle; Bhatti, Jahshan A.; Humphreys, ToddItem Opportunistic Frequency Stability Transfer for Extending the Coherence Time of GNSS Receiver Clocks(2010) Wesson, Kyle D.; Pesyna, Kenneth M. Jr; Bhatti, Jahshan A.; Humphreys, Todd E.A framework is presented for exploiting the frequency stability of non-GNSS signals to extend the coherence time of inexpensive GNSS receiver clocks. This is accomplished by leveraging stable ambient radio frequency signals, called “signals of opportunity,” to compensate for the frequency instability of the reference oscillators typically used in inexpensive handheld GNSS receivers. Adequate compensation for this frequency instability permits the long coherent integration intervals required to acquire and track GNSS signals with low carrier-to-noise ratios. The goal of this work is to push the use of GNSS deeper indoors or into environments where GNSS may be subject to interference.Item Receding Horizon Trajectory Optimization for Simultaneous Signal Landscape Mapping and Receiver Localization(2013) Kassas, Zaher M.; Bhatti, Jahshan A.; Humphreys, Todd E.A receiver with no a priori knowledge about its own states is dropped in an unknown environment comprising multiple signals of opportunity (SOPs) transmitters. Assuming that the receiver could control its maneuvers in the form of acceleration commands, two problems are considered. First, the minimal conditions under which such environment is completely observable are established. It is shown that receiver-controlled maneuvers reduce the minimal required a priori information about the environment for complete observability. Second, the trajectories that the receiver should traverse in order to build a highfidelity signal landscape map of the environment, while simultaneously localizing itself within this map in space and time with high accuracy are prescribed. To this end, the one-step look-ahead (greedy) strategy is compared to the multi-step look-ahead (receding horizon) strategy. The limitations and achieved improvements in the map quality and localization accuracy due to the receding horizon strategy are quantified, and the associated computational burden is discussed.Item A Testbed for Developing and Evaluating GNSS Signal Authentication Techniques(2014) Humphreys, Todd E.; Bhatti, Jahshan A.; Shepard, Daniel; Wesson, KyleAn experimental testbed has been created for developing and evaluating Global Navigation Satellite System (GNSS) signal authentication techniques. The testbed advances the state of the art in GNSS signal authentication by subjecting candidate techniques to the strongest publicly-acknowledged GNSS spoofing attacks. The testbed consists of a real-time phase-coherent GNSS signal simulator that acts as spoofer, a real-time softwaredefined GNSS receiver that plays the role of defender, and post-processing versions of both the spoofer and defender. Two recently-proposed authentication techniques are analytically and experimentally evaluated: (1) a defense based on anomalous received power in a GNSS band, and (2) a cryptographic defense against estimation-and-replay-type spoofing attacks. The evaluation reveals weaknesses in both techniques; nonetheless, both significantly complicate a successful GNSS spoofing attackItem The Texas Spoofing Test Battery: Toward a Standard for Evaluating GPS Signal Authentication Techniques(2012) Humphreys, Todd E.; Bhatti, Jahshan A.; Shepard, Daniel; Wesson, KyleA battery of recorded spoofing scenarios has been compiled for evaluating civil Global Positioning System (GPS) signal authentication techniques. The battery can be considered the data component of an evolving standard meant to define the notion of spoof resistance for commercial GPS receivers. The setup used to record the scenarios is described. A detailed description of each scenario reveals readily detectable anomalies that spoofing detectors could target to improve GPS security