GNSS Spoofing Detection using Two-Antenna Differential Carrier Phase
Abstract
A method is developed to detect GNSS spoofing by
processing beat carrier-phase measurements from a pair
of antennas in a CDGPS-type calculation. This systemdetects spoofing attacks that are resistant to standard
RAIM technique, and it can sense an attack in a fraction
of a second without external aiding. The signal-in-space
properties used to detect spoofing are the relationships of
the signal arrival directions to the vector that points from
one antenna to the other. In the un-spoofed case, there
are a multiplicity of relationships between the interantenna
vector and the arrival directions of the multiple
signals, which results in a quantifiable multiplicity of
carrier-phase single-differences between the antennas. In
the spoofed case, there is a single direction of arrival,
assuming a single spoofer transmission antenna, and the
carrier phase single-differences are identical for all
channels, up to an integer cycle ambiguity. A real-time
implementation of this detection method has been
developed, and it has been tested against live-signal
spoofing attacks aboard a superyacht that was cruising
around Italy en route from Monaco to Venice. The
prototype system demonstrated an ability to detect
spoofing attacks in a fraction of a second, though lags in
the system’s signal processing lengthened the detection
delay to as much as 6 seconds. The system experienced
challenges during the initial phase of a spoofing attack if
the spoofer power was not much greater than that of the
true signal. The true and spoofed signals interfere in a
beating pattern in this case, making the composite signal
harder to track and harder to classify as being either
spoofed or non-spoofed. After the spoofer drags the
victim receiver off to an erroneous position or timing fix,
the beating subsides, and the new spoofing detection
system performs well.