When the GPS signals were designed in the early 1970s, the principles of electronic warfare were already well understood. Generally speaking, adversaries may attempt to disrupt position, navigation and time solutions derived from GPS in one of two ways: spoofing (making a GPS receiver calculate a false position); and jamming (overpowering GPS satellite signals locally so that a receiver can no longer operate).
Spoofing and jamming are two different problems, and the potential mitigation solutions for the user differ accordingly.
To spoof a receiver, an adversary needs to faithfully recreate the signals from multiple satellites and then transmit that “spoofing” signal to capture a local GPS receiver. (See Figure 1.) If the targeted GPS receiver is unable to tell the difference between the real satellite signals and the spoofed signals, the spoofing will fool the target receiver into appearing to be at a different location.
The legacy GPS signals include an encrypted binary code of 1s and 0s known as Y-code that is transmitted on the L1 and L2 frequencies, with these signals only intended for military use. This encrypted binary code changes 10.23 million times per second, and the Y-code does not repeat over the course of an entire week (in other words, a unique sequence of 6.18 trillion 1s and 0s per satellite per week).
Without the encryption keys it is virtually impossible for an adversary to generate the Y-code and, hence, virtually impossible to spoof a GPS receiver set to track Y-code. The legacy GPS signals also includes a Coarse Acquisition, or C/A code, that was originally meant to aid acquisition of the Y-code, but is now used for all civilian GPS receivers.
The C/A code is unencrypted, the 1s and 0s change 1.023 million times a second, and the code itself repeats every millisecond (a unique sequence of 1,023 1s and 0s every millisecond). As the C/A code structure is openly published in a public signal-in-space interface specification, it can be recreated by a relatively competent adversary who can then generate a “spoofed” version of the GPS signal with which to capture a receiver.
How can we protect against spoofing?
The best way to protect against spoofing is to directly track the encrypted Y-code. Of course, this is only possible by using a GPS receiver that has a Selective Availability Anti-Spoofing Module (SAASM). SAASM receivers can track Y-code only when loaded with the currently valid decryption key, and the modules are tamper-proof to prevent reverse engineering by adversaries.
SAASM receivers such as the NovAtel OEM625s are only available to governmentauthorized customers, and the sales and distribution of these units are tightly controlled by the United States Department of Defense.
For civil users, multi-constellation receivers that can track multiple GNSS such as GPS, GLONASS, Galileo, and BeiDou simultaneously can be effective against spoofers, because an adversary would have to produce and transmit all possible GNSS signals simultaneously to spoof the target receiver.
An additional measure of protection can beadded by aiding the navigation solution with an inertial measurement unit (IMU), as an adversary cannot spoof the Earth's gravitational field or vehicle dynamics and cause the inertial unit to think it has moved in a way that it hasn't.
A low received signal power makes all CDMA signals, not just GNSS, susceptible to accidental interference and intentional interference (jamming). Once the interference level passes a certain limit, the GNSS signal will be lost within the interfering signal. (See Figure 2.)
The fact that the Y-code is transmitted at 10 times the code rate of the C/A code provides an inherent improvement in jamming performance. This arises from the “spreading” of P/Ycode power over 10 times the frequency range, allowing Y-code receivers to handle 10 times the jamming power of C/A code receivers.
The same improvement in jamming performance can be seen with some of the newer and faster civilian signals such as GPS L5, Galileo E5a, and Galileo E5b. But if the interference level is high enough, both low-code rate and high-code rate signals will eventually be overpowered; so, even SAASM receivers can be jammed.
How can we protect against jamming?
Luckily, we have multiple mitigation strategies to help us overcome interference:
1. Filtering in the receiver. The first line of defense for interference of any type in any RF system is to filter out as much of the interference as possible as soon as it reaches the receiver. This is especially effective for what we call out-of-band signals, or signals that are not directly in the GNSS frequencies that we are trying to receive. Unfortunately, if a signal falls directly in-band it may still overpower the receiver.
2. Aid the receiver with an IMU. IMUs are impervious to radio frequency interference and can provide a navigation solution to bridge gaps of seconds to a few minutes in GNSS performance.
3. Null the interfering signal by using an adaptive antenna array. By using multiple antenna elements spaced a known distance apart, signal-processing techniques can be employed to discern the direction from which an interfering signal is arriving and then adaptively change the apparent receiving strength of the antenna array, creating lower gain (“nulls”) in the antenna receiving pattern. By pointing these nulls towards the source of interference, the receiver can be protected from interference arriving from that direction. (See Figure 3.) Controlled reception pattern antennas, or CRPAs such as NovAtel's GAJT® anti-jam antenna (Figure 4.), are extremely effective at mitigating all types of interference, even if that interference falls within the GNSS frequency band.