GNSS Spoofing Detection using Two-Antenna Differential Carrier Phase

Abstract

A method is developed to detect GNSS spoofing by processing beat carrier-phase measurements from a pair of antennas in a CDGPS-type calculation. This systemdetects spoofing attacks that are resistant to standard RAIM technique, and it can sense an attack in a fraction of a second without external aiding. The signal-in-space properties used to detect spoofing are the relationships of the signal arrival directions to the vector that points from one antenna to the other. In the un-spoofed case, there are a multiplicity of relationships between the interantenna vector and the arrival directions of the multiple signals, which results in a quantifiable multiplicity of carrier-phase single-differences between the antennas. In the spoofed case, there is a single direction of arrival, assuming a single spoofer transmission antenna, and the carrier phase single-differences are identical for all channels, up to an integer cycle ambiguity. A real-time implementation of this detection method has been developed, and it has been tested against live-signal spoofing attacks aboard a superyacht that was cruising around Italy en route from Monaco to Venice. The prototype system demonstrated an ability to detect spoofing attacks in a fraction of a second, though lags in the system’s signal processing lengthened the detection delay to as much as 6 seconds. The system experienced challenges during the initial phase of a spoofing attack if the spoofer power was not much greater than that of the true signal. The true and spoofed signals interfere in a beating pattern in this case, making the composite signal harder to track and harder to classify as being either spoofed or non-spoofed. After the spoofer drags the victim receiver off to an erroneous position or timing fix, the beating subsides, and the new spoofing detection system performs well.