Browsing by Subject "Humphreys"
Now showing 1 - 20 of 49
- Results Per Page
- Sort Options
Item Assured Navigation and Timing(2017-09-28) Humphreys, ToddItem A Blueprint for Civil GPS Navigation Message Authentication(2014-05) Kerns, Andrew J.; Wesson, Kyle D.; Humphreys, Todd E.A proposal for civil GPS navigation message authentication (NMA) is presented with sufficient specificity to enable near-term implementation. Although previous work established the practicality and efficacy of NMA for civil GPS signal authentication, there remains a need for a detailed proposal that addresses several outstanding considerations regarding implementation. In particular, this paper (1) provides a definitive evaluation of the tradeoffs involved in the choice of cryptographic protocol, and (2) optimizes the placement of digital signature bits in the GPS CNAV message stream. By offering GPS engineers and policymakers a detailed blueprint for civil NMA, this work advances the possibility of NMA implementation on modernized civil GPS signals.Item Centimeter Positioning with a Smartphone-Quality GNSS Antenna(2014-09) Pesyna, Kenneth M. Jr; Heath, Robert W. Jr.; Humphreys, Todd E.This paper demonstrates for the first time that centimeteraccurate positioning is possible based on data sampled from a smartphone-quality Global Navigation Satellite System (GNSS) antenna. Centimeter-accurate smartphone positioning will enable a host of new applications such as globally-registered fiduciary-marker-free augmented reality and location-based contextual advertising, both of which have been hampered by the several-meterlevel errors in traditional GNSS positioning. An empirical analysis of data collected from a smartphone-grade GNSS antenna reveals the antenna to be the primary impediment to fast and reliable resolution of the integer ambiguities which arise when solving for a centimeter-accurate carrierphase differential position. The antenna’s poor multipath suppression and irregular gain pattern result in large timecorrelated phase errors which significantly increase the time to integer ambiguity resolution as compared to even a low-quality stand-alone patch antenna. The time to integer resolution—and to a centimeter-accurate fix—is significantly reduced when more GNSS signals are tracked or when the smartphone experiences gentle wavelength-scale random motion.Item Characterization of Receiver Response to Spoofing Attacks(2011) Shepard, Daniel P.; Humphreys, Todd E.Test procedures are developed for characterizing the response of civil GPS receivers to spoofing attacks. Two response characteristics are analyzed in detail for four representative GPS receivers: (1) the spoofer power advantage over the authentic signals required for successful receiver capture, and (2) the aggressiveness with which a spoofer can manipulate the victim receiver’s time and position solution. Two of the tested receivers are commonly used in critical infrastructure applications, one in smart power grid regulation and one in telecommunications networks. The implications of the test results for these critical infrastructure applications are discussed.Item Civilian GPS Spoofing Detection based on DualReceiver Correlation of Military Signals(2011) Psiaki, Mark L.; O'Hanlon, Brady W.; Bhatti, Jahshan A.; Shepard, Daniel P.; Humphreys, Todd E.Cross-correlations of unknown encrypted signals between two civilian GNSS receivers are used to detect spoofing of known open-source signals. This type of detection algorithm is the strongest known defense against sophisticated spoofing attacks if the defended receiver has only one antenna. The attack strategy of concern starts by overlaying false GNSS radio-navigation signals exactly on top of the true signals. The false signals increase in power, lift the receiver tracking loops off of the true signals, and then drag the tracking loops and the navigation solution to erroneous, but consistent results. This paper develops codeless and semi-codeless spoofing detection methods for use in inexpensive, narrow-band civilian GNSS receivers. Detailed algorithms and analyses are developed that use the encrypted military P(Y) code on the L1 GPS frequency in order to defend the open-source civilian C/A code. The new detection techniques are similar to methods used in civilian dualfrequency GPS receivers to track the P(Y) code on L2 by cross-correlating it with P(Y) on L1. Successful detection of actual spoofing attacks is demonstrated by off-line processing of digitally recorded RF data. The codeless technique can detect attacks using 1.2 sec of correlation, and the semi-codeless technique requires correlation intervals of 0.2 sec or less. This technique has been demonstrated in a narrow-band receiver with a 2.5 MHz bandwidth RF front-end that attenuates the P(Y) code by 5.5 dB.Item Collaborative Opportunistic Navigation(2012) Kassas, Zak; Pesyna, Kenneth M. Jr; Humphreys, Todd E.Item Constructing a Continuous Phase Time History from TDMA Signals for Opportunistic Navigation(2012-04) Pesyna, Kenneth M. Jr; Kassas, Zaher M.; Humphreys, Todd E.A technique is developed for reconstructing a continuous phase time history from the noncontinuous phase bursts of time division multiple access (TDMA) signals. A continuous phase time history facilitates exploitation of TDMA signals as signals of opportunity (SOPs) within an opportunistic navigation framework. Because of their widespread use and availability in today’s wireless communication market, TDMA signals are attractive candidate SOPs for opportunistic navigation. The phase reconstruction technique presented here combines an integer least squares technique for estimating phase ambiguities at the beginning of each TDMA phase burst with a Kalman filter and smoother for removing these ambiguities and optimally “stitching” the bursts together. A Monte-Carlo-type simulation and test environment has been developed to investigate the sensitivity of the proposed phase reconstruction technique to various system parameters, namely, carrier-to-noise ratio, receiver clock quality, TDMA transmitter clock quality, line-of-sight acceleration uncertainty, and TDMA burst structure. Simulation results indicate that successful carrier phase reconstruction is most strongly dependent on the TDMA burst period and on the combined phase random walk effect of the receiver and transmitter clocks, the propagation effects, and the range errorsItem Counter-UAV Challenges: Is GNSS Spoofing Effective?(2017-09-28) Humphreys, ToddItem Data-Driven Generalized Integer Aperture Bootstrapping for Real-Time High Integrity Applications(2016-04) Green, G. Nathan; King, Martin; Humphreys, Todd E.A new method is developed for integer ambiguity resolution in carrier-phase differential GPS (CDGPS) positioning. The method is novel in that it is (1) data-driven, (2) generalized to include partial ambiguity resolution, and (3) amenable to a full characterization of the prior and posterior distributions of the three-dimensional baseline vector that results from CDGPS. The technique is termed generalized integer aperture bootstrapping (GIAB). GIAB improves the availability of integer ambiguity resolution for high-integrity, safety-critical systems. Current high-integrity CDGPS algorithms, such as EPIC and GERAFS, evaluate the prior risk of position domain biases due to incorrect integer ambiguity resolution without further validation of the chosen solution. This model-driven approach introduces conservatism which tends to reduce solution availability. Common data-driven ambiguity validation methods, such as the ratio test, control the risk of incorrect ambiguity resolution by shrinking an integer aperture (IA), or acceptance region. The incorrect fixing risk of current IA methods is determined by functional approximations that are inappropriate for use in safety-of-life applications. Moreover, generalized IA (GIA) methods incorrectly assume that the baseline resulting from partial ambiguity resolution is zero mean. Each of these limitations is addressed by GIAB, and the claimed improvements are validated by Monte Carlo simulation. The performance of GIAB is then optimized by tuning the integer aperture size to maximize the prior probability of full ambiguity resolution. GIAB is shown to provide higher availability than EPIC for the same integrity requirements.Item A Dense Reference Network for Mass-Market Centimeter-Accurate Positioning(2016-04) Murrian, Matthew J.; Gonzalez, Collin W.; Humphreys, Todd E.; Novlan, Thomas D.The quality of atmospheric corrections provided by a dense reference network for centimeter-accurate carrierphase differential GNSS (CDGNSS) positioning is investigated. A dense reference network (less than 20 km inter-station distance) offers significant benefits for mass-market users, enabling lowcost (including single-frequency) CDGNSS positioning with rapid integer ambiguity resolution. Precise positioning on a massmarket platform would significantly influence the world economy, ushering in a host of consumer-focused applications such as globally-registered augmented and virtual reality and improved all-weather safety and efficiency for intelligent transportation systems, applications which have so far been hampered by the several-meter-level errors in standard GNSS positioning. This contribution examines CDGNSS integer ambiguity resolution performance in terms of network correction uncertainty, and network correction uncertainty, in turn, in terms of network density. It considers the total error in network corrections: a sum of ionospheric, tropospheric, and reference station multipath components. The paper’s primary goal is to identify the network density beyond which mass-market users would see no further significant improvement in ambiguity resolution performance. It finishes by describing development and deployment of a low-cost dense reference network in Austin, Texas.Item Dense RTK: Mass-Market Positioning for Automated Vehicles(2016-09-15) Humphreys, Todd E.; Pesyna, Ken; Shepard, Daniel; Murrian, Matthew; Kerns, AndrewItem Development and Demonstration of a TDOA-Based GNSS Interference Signal Localization System(2012) Bhatti, Jahshan A.; Humphreys, Todd E.; Ledvina, Brent M.Background theory, a reference design, and demonstration results are given for a Global Navigation Satellite System (GNSS) interference localization system comprising a distributed radio-frequency sensor network that simultaneously locates multiple interference sources by measuring their signals’ time difference of arrival (TDOA) between pairs of nodes in the network. The end-to-end solution offered here draws from previous work in single-emitter group delay estimation, very long baseline interferometry, subspace-based estimation, radar, and passive geolocation. Synchronization and automatic localization of sensor nodes is achieved through a tightly-coupled receiver architecture that enables phase-coherent and synchronous sampling of the interference signals and so-called reference signals which carry timing and positioning information. Signal and crosscorrelation models are developed and implemented in a simulator. Multiple-emitter subspace-based TDOA estimation techniques are developed as well as emitter identification and localization algorithms. Simulator performance is compared to the CramérRao lower bound for single-emitter TDOA precision. Results are given for a test exercise in which the system accurately locates emitters broadcasting in the amateur radio band in Austin, TX.Item Evaluation of Smart Grid and Civilian UAV Vulnerability to GPS Spoofing Attacks(2012) Shepard, Daniel P.; Bhatti, Jahshan A.; Humphreys, Todd E.; Fansler, Aaron A.Test results are presented from over-the-air civil GPS spoofing tests from a non-negligible stand-off distance. These tests were performed at White Sands Missile Range (WSMR) against two systems dependent on civil GPS, a civilian unmanned aerial vehicle (UAV) and a GPS time-reference receiver used in “smart grid” measurement devices. The tests against the civil UAV demonstrated that the UAV could be hijacked by a GPS spoofer by altering the UAV’s perceived location. The tests against the time-reference receiver demonstrated the spoofer’s capability of precisely controlling timing from a distance, which means a spoofer could manipulate measurements used for smart grid control without requiring physical access to the measurement devices. Implications of spoofing attacks against each of these systems are also given. Recommendations are presented for regulations regarding GPS receivers used in critical infrastructure applications. These recommendations include creating a certification process by which receivers are declared spoof-resistant if they are able to detect or mitigate spoofing attacks in a set of canned scenarios. The recommendations also call for a mandate that only spoof-resistant receivers be used in applications classified by the Department of Homeland Security (DHS) as national critical infrastructure.Item An Evaluation of the Vestigial Signal Defense for Civil GPS Anti-Spoofing(2011) Wesson, Kyle D.; Shepard, Daniel P.; Bhatti, Jahshan A.; Humphreys, Todd E.A receiver-autonomous non-cryptographic civil GPS antispoofing technique called the vestigial signal defense (VSD) is defined and evaluated. This technique monitors distortions in the complex correlation domain to detect spoofing attacks. Multipath and spoofing interference models are developed to illustrate the challenge of distinguishing the two phenomena in the VSD. A campaign to collect spoofing and multipath data is described, which specific candidate VSD techniques can be tested against. Test results indicate that the presence of multipath complicated the setting of an appropriate spoofing detection threshold.Item Fault Free Integrity of Mid-Level Voting for Triplex Differential GPS Solutions(2015) Green, G. Nathan; King, Martin; Humphreys, ToddLanding systems for large unmanned air vehicles have stringent integrity requirements as well as demanding system continuity requirements that often lead to triplex avionics architectures. Triplex avionics architectures are designs that have triple redundancy for key functions. Mid-level voting (MLV) algorithms that select the median value from among the three solutions are commonly used to select among available sensors and navigation solutions. When each solution is computed using a single suite of avionics, such median values are robust to single airborne sensor failures and provide improved unfaulted accuracy as well. Robustness to single faults results because a single faulted sensor will not impact the solutions computed by the other two sets of avionics. System accuracy is improved for zero mean error solutions because the median value is more concentrated about the truth than any of the single solutions. When performing fault tree analysis for integrity risk in the unfaulted case, it is common to treat sensors’ errors as being mutually independent. In the case of multiple carrier phase differential GPS (CDGPS) solutions, this assumption is invalid due to common atmospheric errors and common reference receiver errors. This paper aims to quantify the unfaulted integrity risk from triplex correlated CDGPS solutions for float, fixed, and almost fixed baselines that use a MLV algorithm. The bound on the integrity risk is compared with that of independent solutions to show the impact of incorrectly assuming independence of CDGPS solutions. Triplex performance is compared to simplex to show improvement or degradation in unfaulted availability of integrity.Item Future Directions in GNSS Research(2012-11-15) Humphreys, ToddItem GNSS Security(2014-09-18) Humphreys, ToddItem GNSS Signal Authentication via Power and Distortion Monitoring(2017) Wetson, Kyle D.; Gross, Jason N.; Humphreys, Todd E.; Evans, Brian L.We propose a simple low-cost technique that enables civil Global Positioning System (GPS) receivers and other civil global navigation satellite system (GNSS) receivers to reliably detect carry-off spoofing and jamming. The technique, which we call the Power-Distortion detector, classifies received signals as interference-free, multipath-afflicted, spoofed, or jammed according to observations of received power and correlatio n function distortion. It does not depend on external hardware or a network connection and can be readily implemented on many receivers via a firmware update. Crucially, the detector can with high probability distinguish low-power spoofing from ordinary multipath. In testing against over 25 high-quality empirical data sets yielding over 900,000 separate detection tests, the detector correctly alarms on all malicious spoofing or jamming attack s while maintaining a <0.5% single-channel false alarm rate.Item GNSS Spoofing Detection using Two-Antenna Differential Carrier Phase(2014-09) Psiaki, Mark L.; O'Hanlon, Brady W.; Powell, Steven P.; Bhatti, Jahshan A.; Wesson, Kyle D.; Humphreys, Todd E.A method is developed to detect GNSS spoofing by processing beat carrier-phase measurements from a pair of antennas in a CDGPS-type calculation. This systemdetects spoofing attacks that are resistant to standard RAIM technique, and it can sense an attack in a fraction of a second without external aiding. The signal-in-space properties used to detect spoofing are the relationships of the signal arrival directions to the vector that points from one antenna to the other. In the un-spoofed case, there are a multiplicity of relationships between the interantenna vector and the arrival directions of the multiple signals, which results in a quantifiable multiplicity of carrier-phase single-differences between the antennas. In the spoofed case, there is a single direction of arrival, assuming a single spoofer transmission antenna, and the carrier phase single-differences are identical for all channels, up to an integer cycle ambiguity. A real-time implementation of this detection method has been developed, and it has been tested against live-signal spoofing attacks aboard a superyacht that was cruising around Italy en route from Monaco to Venice. The prototype system demonstrated an ability to detect spoofing attacks in a fraction of a second, though lags in the system’s signal processing lengthened the detection delay to as much as 6 seconds. The system experienced challenges during the initial phase of a spoofing attack if the spoofer power was not much greater than that of the true signal. The true and spoofed signals interfere in a beating pattern in this case, making the composite signal harder to track and harder to classify as being either spoofed or non-spoofed. After the spoofer drags the victim receiver off to an erroneous position or timing fix, the beating subsides, and the new spoofing detection system performs well.Item The GPS Assimilator: a Method for Upgrading Existing GPS User Equipment to Improve Accuracy, Robustness, and Resistance to Spoofing(2010) Humphreys, Todd E.; Bhatti, Jahshan A.; Ledvina, Brent
- «
- 1 (current)
- 2
- 3
- »