INTRODUCTION
Overview
The Global Navigation Satellite Systems (GNSS) are used in many civil fields for positioning services that need accuracy and security (Figure 1.1), such as vehicle tracking, unmanned aircraft, precise agriculture, pay-as-you-drive, financial transactions, etc.
All these services could potentially be attacked by hackers for economical or even terroristic interests [1], [2] The fact that, almost all services rely on GNSS civil signals, which are easily interfered unintentionally or intentionally In reality, the threat of intentional Radio Frequency Interference (RFI), such as jamming or spoofing attacks, is growing in popularity The major hazard in this situation is when the receiver is not aware of being fooled; therefore, it does not raise any alarm to the hosting system, which is induced to make wrong and possibly hazardous decisions based on spoofed position, velocity and time (PVT) information [51]-[55]. This attack is known with the name of ‘spoofing’ [1]-[5],[30].
Figure 1.1 Applications of GNSS (source: [64] )
Over the last decade, spoofing has been perceived as a more and more concrete threat This perception has been motivated by technological progresses and by the availability of advanced software-defined radio (SDR) platforms making the
17 development of GNSS spoofers not only feasible but also affordable [17]
Furthermore, many public channels are active source of information and awareness, as for example web sites, social platforms and online magazines [39] - [42].
Spoofing attacks can be defeated by exploiting specific features which are difficult to be counterfeited at the signal, measurement, and position level [4], [5], [9],[11]-
[15] A detailed survey of the most promising techniques for spoofing detection proposed in the last decade for civil signals can be found in [5] where several methods are described and compared in terms of complexity and effectiveness. Among all these families of approaches, spatial processing based on the AoA defense is probably the most robust and effective technique to detect and possibly mitigate the counterfeit signals [14],[15] However, AoA-based methods in cost- constrained mass-market applications are still difficult for several reasons: costs of the equipment, complexity of the processing and size of the installation.
In [16], [17] the authors developed a method for spoofing detection based on differential carrier phase measurements from a pair of receivers and antennas; it neither requires dedicated hardware nor needs special constraints on the geometry of the system; only the knowledge of the baseline (of the relative position of the two receiving antennas), is needed However, although these methods have been proved to be simple but efficient technique to detect spoofing attacks, they still have some limitations that will be discussed in the following sections.
According to [19], [5], [12] spoofed attacks can be divided into three main categories: simple spoofing attack, intermediated spoofing attack, sophisticated spoofing attack The simple spoofing attack can be easily detected by the existing techniques [5] However, these methods may not detect well the intermediated spoofing attack and sophisticated spoofing attack [5] Recently, those kinds of attacks are proved to be increasingly popular [8], [2].
Therefore, the thesis focuses to study the detection of spoofing in the intermediated and sophisticated cases to ensure the reliability and accuracy of services usingGNSS.
Motivation
From the analysis above, it can be seen that ensuring the safety and reliability of GNSS applications is increasingly important and urgent Currently, the proposed detection methods are not really practically effective [19] -[17], they either require directly interfering to the system signal or using ancillary equipment, leading to higher costs Meanwhile, the affordable AoA approaches are however not really effective in complex attack situations Therefore, the first motivation in this work is to propose a method to improve the performance of low-cost AoA-based methods to detect intermediate and complicated spoofings (spoofed signals comes from different directions).
Regarding the dataset for spoofing detection research, most of the GNSS simulators (IFEN, Spirent, SkyDel, Teleorbit, etc) generate uni-direction signals or require specific costly license for multi-direction signals Therefore, the second motivation of the thesis is to propose a method to generate fake signals from different directions for the validation of complicated spoofing detection methods.
Problem statement
To the best of our knowledge, the spoofing detection based on AoA is perhaps the most powerful and efficient technique for detecting and possibly minimizing false signals [14], [15] However, its use in commercial applications is limited by a number of reasons: costs, processing complexity and size of receiver.
The authors of [16], [17] develop a simple method for spoofing detection based on differential carrier phase measurements from a pair of receivers and antennas It requires neither a specialized hardware nor special geometrical constraints; the only technical requirement is the synchronization of the receivers and the distance between the two antennas This method is known as sum of squared (SoS) detector Unlike other works [6], SoS models the integer ambiguity component of the carrier phase measurement as random variables having values in a set of integers ambiguities. These variables are deduced using the general likelihood ratio test (GLRT) approach
Though the computational complexity is significantly decreased; this method leverages on carrier phase measurements, possible cycle slips can occur and need to be detected and mitigated before forming double difference carrier phase measures. Furthermore, the SoS approach considers just the condition of having the whole signal ensemble either counterfeit or authentic, while it does not consider possible scenarios where the victim’s receiver is locked onto a subset of spoofed satellites, while for the remaining are still authentic ones (so-called ‘mixed tracking’ in the rest of the work) [8], [9], [2].
In this work, we focus on proposing AoA-based spoofing detection methods which address the limitations pointed out in typical existing work (especially in SoS approach) Furthermore, we are also interested in validating our method in complicated spoofing scenarios wherein spoofed signals may come from different directions However, it is the fact that generating multi-direction spoofed signals require special high-cost equipment installation; therefore, we propose to use a software-based receiver approach to modify the signal phase to simulate the signal’s angle of arrival.
The work focuses on the technique for detecting spoofed GNSS In the first methodology, a method to detect mixed spoofing signals using commercial receivers and dual antennas was proposed In this method, the distance between the two antennas is fixed at roughly two meters to avoid noise when performing differential computations between the two receivers The GMM machine learning model is used in the second method to detect spoofing signals coming from multiple directions To attack spoofing from many different directions, we have to synchronize the spoofing signal generators To implement this method, we have to use high-precision and expensive clocks Therefore, we use the method of transmitting only one spoof satellite to fool the receiver.
This work focuses on solving the spoofing detection problem based on AoA approach In addition, to overcome the limitation of the lack of dataset for testing spoofing detectors, we also propose a method for simulating unauthentic signals in two typical scenarios: spoof only and mixed signals from different directions Our work has the below main contributions:
First, we propose AoA-based methods for spoof detection, in our proposal we utilize D 3 measurement to overcome the limitation of the existing SoS methods.
V.H Nguyen, G Falco, M Nicola, and E Falletti (2018) “A dual antenna GNSS spoofing detector based on the dispersion of double difference measurements”, in Proc Int 9th ESA Workshop on Satellite Navigation
Technologies and European Workshop on GNSS Signals and Signal Processing (NAVITEC), Noordwijk, Netherlands, Dec 2018, 5-7, DOI: 10.1109/NAVITEC.2018.8642705.
Van Hien Nguyen, Gianluca Falco, Emanuela Falletti, Mario Nicola, The Vinh
La (2021), “A Linear Regression Model of the Phase Double Differences to
Improve the D 3 Spoofing Detection Algorithm” European Navigation
E Falletti, G Falco, Van Hien Nguyen, M Nicola (2021) “Performance Analysis of the Dispersion of Double Differences Algorithm to Detect GNSS Spoofing” IEEE Transactions on Aerospace and Electronic Systems Early
Access Print ISSN: 0018-9251 Online ISSN: 1557-9603 DOI: 10.1109/TAES.2021.3061822.
Second, this thesis introduces a novel approach to classify authentic and fake GNSS signals using Gaussian Mixture Models (GMMs) and increase detection accuracy while eliminating the need for any parameter tuning process through automated learning (Expectation Maximize algorithm) This method can improve the performance of the algorithm to detect spoofed signals in the sophisticated case.
Nguyen Van Hien, Nguyen Dinh Thuan, Hoang Van Hiep, La The Vinh (2020)
“A Gaussian Mixture Model Based GNSS Spoofing Detector using DoubleDifference of Carrier Phase” Journal of Science and Technology of Technical
Third, we develop a method to simulate signals coming from different directions which are used to validate the detection algorithm in multi-direction attack scenarios.
Nguyễn Văn Hiên, Cao Văn Toàn, Nguyễn Đình Thuận, Hoàng Văn Hiệp (2020),
"Phương pháp sinh dữ liệu mô phỏng GNSS đa hướng sử dụng công nghệ vô tuyến điều khiển bằng phần mềm" 178-185, số Đặc san Viện Điện tử, 9 - 2020,
Tạp chí Nghiên cứu Khoa học Công nghệ quân sự.
The dissertation is composed of five chapters as follows:
Chapter 1 Introduction This chapter briefly introduces the research area The importance of the topic, the definitions and the existing approaches are clearly addressed Then the thesis focuses on the contributions are also presented clear.
Chapter 2 Related Work This chapter first summarizes the importance of services using GNSS Then, a comprehensive survey of the previous algorithms, existing work relating to interference detector are presented The limitations of the previous algorithms are clearly analysed and resolved.
Chapter 3 Intermediated GNSS Spoofing detector based on angle of arrive The development of a dual-antenna GNSS spoofing detection technique based on the dispersion of the double differences of carrier phase measurements created by two GNSS receivers is presented in this chapter.
Chapter 4 Sophisticated GNSS spoofing detector based on angle of arrive The chapter present an algorithm that using an automated learning process, this approach can improve detection accuracy and detect GNSS spoofing in the sophisticated scenario while obviating the need for any parameter tuning procedures (Expectation Maximization algorithm).
Chapter 5 Conclusion and future works A conclusion is given in this chapter.Furthermore, some limitations of the work are presented, along with possible solutions, which may need additional study.
Thesis outline
This chapter presents vulnerabilities of civil GNSS with more focus on different types of spoofing techniques We also briefly introduce some state-of-the-art methods for GNSS spoofing detection and analyse the advantages as well as disadvantages of the surveyed methods From the analysis, we propose our approach to improve the current limitations of the existing work.
2.1 Civil GNSS vulnerabilities to intentional interference
Because of the low SIS signal strength [65] (Figure 2.2) (GPS L1 C/A code: -158.5 dBW; Galileo E1: -157 dBW) and the physical environment in which signals are transmitted from satellites to receivers (Figure 2.1), GNSS receivers are extremely vulnerable An interfering signal that is just a few orders of magnitude stronger than the minimum received GNSS signal intensity will cause a receiver to lose lock on a satellite Navigation receivers are vulnerable to strong interfering signals such as jamming, ionospheric and tropospheric effects and RF emitters.
Figure 2.1 The enviroment for transmitting signals from satellites to receivers (source: [65] )
According to [67], GNSS nowadays use Code Division Multiple Access (CDMA), while GLONASS legacy signals use the Frequency Division Multiple Access (FDMA) technique However, over the last decade, modernized GLONASS satellites, such as the GLONASS-K1 satellites (launched in 2011, transmitting CDMA signals on L3-band), the GLONASS-M satellites (including CDMA signals on L3-band since 2014), and the GLONASS-K2 satellites, have begun to include additionalCDMA signals (launched in 2018, transmitting CDMA signals also on L1- and L2- bands) In the presence of interfering signals, the receiver's dispreading procedure spreads the power of the interfering signal over a large bandwidth as show inFigure 2.2 Other
RELATED WORK
Civil GNSS vulnerabilities to intentional interference
Because of the low SIS signal strength [65] (Figure 2.2) (GPS L1 C/A code: -158.5 dBW; Galileo E1: -157 dBW) and the physical environment in which signals are transmitted from satellites to receivers (Figure 2.1), GNSS receivers are extremely vulnerable An interfering signal that is just a few orders of magnitude stronger than the minimum received GNSS signal intensity will cause a receiver to lose lock on a satellite Navigation receivers are vulnerable to strong interfering signals such as jamming, ionospheric and tropospheric effects and RF emitters.
Figure 2.1 The enviroment for transmitting signals from satellites to receivers (source: [65] )
According to [67], GNSS nowadays use Code Division Multiple Access (CDMA), while GLONASS legacy signals use the Frequency Division Multiple Access (FDMA) technique However, over the last decade, modernized GLONASS satellites, such as the GLONASS-K1 satellites (launched in 2011, transmitting CDMA signals on L3-band), the GLONASS-M satellites (including CDMA signals on L3-band since 2014), and the GLONASS-K2 satellites, have begun to include additionalCDMA signals (launched in 2018, transmitting CDMA signals also on L1- and L2- bands) In the presence of interfering signals, the receiver's dispreading procedure spreads the power of the interfering signal over a large bandwidth as show inFigure 2.2 Other radio frequency signals can also cause problems such as DVBT, which is used as an incentive signal, has harmonics in the GNSS bandwidth.
Because the GNSS signal structure is publicly open, it is vulnerable to the illicit transmission of counterfeit signals, which may fool an unprotected receiver The use of false GNSS signals to deceive the victim GNSS receiver's location or time information without completely disrupting its operations is one of the most dangerous attacks This type of attack is known as spoofing [1], [5].
Figure 2.2 The low SIS signal power of GNSS (source: [75] )
Figure 2.3 GNSS frequency bands (source: [69] )
Radio Frequency Interference
With low power signal, GNSS can be attacked by RFI, both unintentional and intentional as shown in Figure 2.4.
Radio frequency systems such as radar systems, DVTB, VHFs, mobile satellite services, and personal electronics with high power harmonics and intermodulation products [8] can inadvertently interfere with the GNSS signal However, this kind of interference is somewhat resolved by properly radio frequency band management policies which are currently used by all governments.
The first type of intentional RFI is jamming A jamming attacker uses devices to generate powerful signals in the GNSS band (Figure 2.6), resulting in a variety of effects (which may lead to failed operation of GNSS receivers) With the existing handheld GNSS jammers, GNSS signals within a radius of a few tens of meters are completely disrupted The operating principle of these devices is to use a chirp signal to intervene in the GNSS signal's operating frequency range To the best of our knowledge, there are no effective methods for reducing the impact of this type of attack.
Spoofing is another form of intentional interference and is one of the most dangerous attacks (Figure 2.5) Because this technique uses devices to broadcast fake GNSS signals to mislead the victim GNSS receiver's position or time information without completely disrupting its operations The incorrect position,velocity and time information produced by the attacked receiver may result in even more serious problems if they are used in other important systems like: financial transaction synchronization, energy transmission, etc.
Figure 2.6 Cheap jammers are widely sold online (source: [96])
GNSS Interference detection techniquesTime domain statistical analysis
Specifically used for spoofing detection
GNSS Interference detection techniques
In the [8], [62]-[65], the authors list some GNSS interference detection methods (as shown in Figure 2.7).
Figure 2.7 Techniques for Detecting GNSS Interference
According to [8] the AGC gain variation can be used to detect the presence of interference because the AGC is driven by ambient noise or interference rather than GNSS satellite signal power However, this technique hardly can distinguish among interference, environmental changes or noise.
All GNSS receivers support the C/N0 parameter The interference can be modelled as an addition to the noise variance [8] However, this technique may fail to work if the presence of the jammer is "masked" or "filtered" by an estimation algorithm.
In [65], non-stationary interference is typically concentrated in a small region of the time-frequency (TF) plane The general procedure is to compare the peak magnitude of the received signal's TF distribution with a predefined threshold However, this method has a high computational complexity Therefore, it is difficult to implement the algorithm on a commercial receiver with a limited computation capability.
In this approach, the Chi-square Goodness of Fit test, implemented in a software receiver, is used and applied against two live spoofing datasets [9] The result obtained in two scenarios (static and dynamic) demonstrates the GoF's ability to detect the fake signal However, similar to time-domain statistical analysis technique, this method also has a high computational complexity In addition, this method is implemented on the software receiver making it hard to be available on existing commercial receivers.
Spoofing detection techniques
Figure 2.8 Three continuum of spoofing threat: simplistic, intermediate, and sophisticated attacks (source: [19] )
According to [19], [5], [15], spoofing attacks can be divided into three main categories (see Figure 2.8):
The construction of this spoofer includes a GNSS signal simulator in combination with an RF terminal used to mimic real GNSS signals These signals are not basically synchronized with the real GNSS signals Thus, the spoofing signals look like noises in the receiver operating in monitor mode (even if the broadcast power is higher than the actual signal) [5] However, this type of device can deceive commercial receivers, especially if the power of the spoofing signal is higher than the authentic signal This signal simulator is easy to detect using various anti- splitting techniques such as amplitude tracking, checking consistency between different measurements and checking for consistency with inertial measurement units (IMU).
This is more advanced than the simple spoofer It includes a GNSS receiver combined with a spoofed transmitter The system first synchronizes with the GNSS signal by extracting the current satellite position, time and calendar from the GPS receiver, then it generates fake signals based on the above information and emits it from transmits toward the target receiving antenna Some of the difficulties in building this system are referencing spoofing signals to the intended target receiver with the correct delay and signal strength Another downside is that the spoofing power must be higher than the authentication signal power to fool the GNSS receiver Carrier phase alignment with authentic signals This type of spoofer overcomes many of the spoofing detection techniques of conventional single receivers because they synchronize the authentication signal and can spoof the receiver in tracking mode This type of Spoof uses an antenna that transmits, so signals coming from the same direction can be detected via the incoming angle estimation (AoA) [16], [17].
According to [5] this is the most complicated and dangerous of all the spoofer This type assumes knowing the centimeter-level position of the antenna-phase center of the receiver under attack in order to perfectly synchronize the spoofing signal code and carrier phase with the authenticated signal code This type of spoofer can take advantage of a number of special antennas that can pass direction-based detection techniques In this case, the spoofer needs to synthesize a matching array manifold with the authentic signal array to defeat the spoofing signal detection system by the direction The complexity of this device is much more complicated than the two above, and at the same time its high cost and high operating complexity [5] In addition, there are some physical limitations regarding the location of the transmitting antenna and target receiver antenna Detecting this fake case detection technique is quite complex This spoofing signal can be detected using the integrated inertial measurement systems Attacks of this type can be defended by using data encryption.
Figure 2.9 depicts a high-level overview of various antispoofing approaches.
According to [17], the most effective defense is cryptographic defense, but it necessitates that GNSS signals be designed to support cryptographic functions.
Cryptographic defenses are further classified as encryption-based approaches,which require fully or partially encrypted GNSS signals, and authentication-based defenses, which require GNSS signals to have specific features that allow them to be authenticated Signal encryptions include code and navigation message encryptions.
•GSM/UTMS Any system providing PVT-related information
•AGC gain, noise floor, clock bias, jumps
Figure 2.9 A summary of the various spoofing detection methods available in the literature (source: [17] )
Spoofing can be detected by comparing the GNSS PVT with alternative sources of location, for example: inertial units, enhanced long-range navigation (eLORAN), wireless fidelity (Wi-Fi), and cellular-based location A detailed survey of the most promising techniques for spoofing detection proposed in the last decade for civil signals can be found in [13] where several methods are described and compared in terms of complexity and effectiveness.
Several spoofing detector techniques rely on signal characteristics that are difficult to be faked as shown Table 2.1:
Vestigial signal defense: In [11], to detect spoofing attacks, this technique monitors distortions in the complex correlation domain The ‘vestigial signal defense’ is based on the assumption that original GNSS signals are present also during a spoofing attack
[11] and the presence of residual signal components can be verified by an ad-hoc receiver The VSD is a stand-alone software-defined defense, which means it has a low implementation cost and adds no size or weight to the receiver It cannot implement in the commercial receiver.
Table 2.1 Techniques of GNSS spoofing detector based on signal features
Spoofing Detector based on Signal Features
Angle of Arrival Vestigial signal defense
AOA defense takes advantage of the fact that genuine GNSS signals come from multiple directions, whereas counterfeit signals come from a single source
Pros: It does not necessitate the use of external infrastructures that provide complementary
PVT information or cryptographic signal features.
This technique can implement in the software receiver or commercial receiver
Cons: this technique cannot detect sophisticated case.
To detect spoofing attacks, this technique monitors distortions in the complex correlation domain [11].
Pros: this technique is a low implementation cost and does not increase receiver size or weight.
Cons: a stand- alone software- defined defence It is constrained by the difficulty of distinguishing spoofing from multipathing.
Spoofing detection method based on the correlation of the amplitudes of various received signals [70] This technique investigates the use of a moving antenna to distinguish between the spatial signatures of authentic and spoofing signals by monitoring the amplitude and Doppler correlation of visible satellite signals
Pros: it is not affected by spatial multipath fading that the GNSS signals.
Cons: complexity of implementation because of moving receiver
A monitor in the RF front end that employs the automatic gain control (AGC) mechanism [29].
Pros: low computational complexity and is an extremely powerful
Cons: a stand- alone software- defined defence.
It cannot implement in the commercial receiver
Amplitude correlation: In [70], the authors investigated a moving antenna to distinguish between the spatial signatures of authentic and spoofing signals by monitoring the amplitude and Doppler correlation of visible satellite signals it is not affected by spatial multipath fading that the GNSS signals This technique is complexity of implementation because of moving receiver.
In [9] the authors developed two methods of spoofing detection, that is Chi-square Goodness of Fit (GoF) and a signature test applied to paired correlation difference, for each satellite tracked by the receiver The algorithms show a certain effectiveness in detecting the spoofing attack The GoF test also seems reliable under dynamic conditions and in the case of a large energy difference of spoofing and authentic signals However, these two methods develop on soft receivers with complex algorithms, which are quite difficult to apply on commercial receivers.
AGC gain: In [29], a monitor in the Radio Frequency (RF) front end using the automatic gain control (AGC) mechanism is outlined GNSS simulator signal is broadcast and its power level is greater than that of the received true GNSS signal. This technique is low computational complexity But this technique is implemented on a stand-alone software-defined defense It cannot implement in the commercial receiver This technique can be difficult to distinguish between interference, environmental changes or noise.
Angle of Arrival: The angle-of-arrival (AoA) of GNSS signal (Figure 2.10) is the direction in which the signal is received These techniques are analysed in terms of complexity, cost and performance as well as in terms of robustness against the type of spoofing attack [7] Most of the techniques discussed in the literature are intended for single-antenna receivers, since this is the most common operative condition in which receivers operate Nonetheless, spoofing transmitters are expected to broadcast all the counterfeit signals from the one antenna, while the authentic signals are transmitted by the satellites in orbit from widely separate directions with respect to the receiver [5] The AOA defense exploits the fact that genuine GNSS signals come from different directions whereas counterfeit signals are likely transmitted from a single source [13]-[15].
Figure 2.10 Angle of arrival of GNSS satellite
Figure 2.11 Angle of arrival defense Spoofing
Among all these families of approaches, spatial processing based on the AOA defense is probably the most robust and effective technique to detect and possibly mitigate counterfeit signals [14], [15] However, this method has two approaches as shown in Figure 2.11 The first approach uses estimation of direction-of-arrival characteristics This technique uses multi antenna receiver with a common oscillator and deploy on the software receiver [3], [71] its use in cost-constrained mass- market applications is still difficult for several reasons: costs of the equipment, complexity of the processing and size of the installation.
In [10], [16] the authors developed a simple method (according to the estimation of difference of direction-of-arrival characteristics) for spoofing detection based on differential carrier phase measurements (difference of direction-of-arrival) from a pair of receivers and antennas; it does not require dedicated hardware nor special constraints on the geometry of the system; only a basic synchronization of the receivers and the knowledge of the baseline, i.e., of the relative position of the two receiving antennas, is needed This method is called sum-of-squares (SoS) detector.Differently from other works [6], the SoS models carrier phase cycle ambiguities as random variables that assume value on an arbitrary set of integers Thus, they do not need to be estimated This formulation, derived using the generalized likelihood ratio test (GLRT) approach, leads to the SoS detector, where the decision variable is expressed as the sum of squared carrier phase single differences corrected for a pseudo mean and for their integer parts [10], [16].
Although this method has been proved to be a simple but efficient technique to detect spoofing attacks, it still has some limitations: the SoS approach considers just the condition of having the whole signal ensemble either counterfeit or authentic, while it does not consider possible scenarios where the victim’s receiver is locked onto a subset of spoofed satellites only, while for the remaining ones the tracking stage continues on the authentic signals This situation is indicated as ‘mixed tracking’ Several in-lab tests have shown this ‘mixed tracking’ condition as quite common, in particular at the beginning of an attack [17], [18].
Conclusions
In this chapter 2, we have presented an overview of techniques for detecting interference signals on GNSS The first part of this chapter shows the vulnerability of GNSS, which is low signal power and the hard environment for signal transmission from satellites to receivers Because of the above vulnerability, GNSS is very vulnerable to intentional and unintentional interference which is described in the second part The most serious of the interferences is the spoofing attack In this chapter, the existing algorithm for detecting spoofed signals are clearly analyzed.The methods that use AoA are the most effective among the GNSS spoofed signal detecting algorithms The techniques for detecting spoofed signals based on AoA are the topic of this thesis.
INTERMEDIATED GNSS SPOOFING DETECTOR BASED ON ANGLE
Fundamental background of GNSS and Spoofing
Global Navigation Satellite Systems use a constellation of satellites to transmit data. The purpose of GNSS is almost complete coverage of the Earth's surface The system is based on a spherical positioning system in which all transmitters (satellites) are synchronized The receiver calculates a signal parameter whose value is proportional to the distance between the sources: Time of Arrival (TOA) The signals must be timestamped to correspond to the transmission time The centres of the spheres are the satellites, and the distance is the radius The intersection of at least three spheres must be used to determine the location as show Figure 3.1 In this thesis we will focus on the GPS system, although it can be extended to all satellite navigation signal and systems and all algorithm, which is presented in this thesis based on GPS signal.
Figure 3.1 Spherical positioning system of GNSS
In GNSS, the time measurement can be done as: receiver only receive the signal in one direction; satellites must be synchronized with high precision (within few ns).
A pulse transmitted by a satellite at time �0 is received at time �0 + The (3.1) is an approximation of the distance between TX and RX:
Where � is the speed of light (≈3.10^8 m/s) The measure of �0 + allows for R determination if both synchronized oscillators are perfects However, the clocks of receiver cannot be synchronized with the satellite time scale at low cost and complexity Then, signals received from the satellite have a bias due to the difference in GNSS time and the receiver’s clock time The receiver’s measurements are known as pseudo-ranges GNSS system use four satellite to determine the location Pseudo-ranges can be written as (3.2):
Where ρ is pseudo-range, δtu is user clock bias.
The user will calculate four unknowns by measuring four pseudo-ranges as (3.3) with respect to four satellites with known coordinates:
((((((((((((((( � , � � , � � ) is satellite position (center of the pseudo-sphere)
� � is pseudo-range (radius of the pseudo-sphere), can be
The (3.3) can be solved by using linearization process [72].
The GPS Signal in Space (SIS) received at the antenna can be described as [69], [73]:
�,,,,,,,,,,,,,,, is the received signal power of the �th satellite
� � is the propagation delay of the �th satellite
�,,,,,,,,,,,,,,, is the Doppler frequency of the �th satellite Φ � is the initial carrier phase of the �th satellite
� � is the Coarse/Acquisition (C/A) code of the �th satellite
� � is the navigation data bits of the �th satellite
RF Front- end ADC/AGC Acquisition stage
Figure 3.2 A fundamental GNSS receiver architecture (source: [72] )
In the Figure 3.2 show a basic GNSS receiver architecture The antenna receives the signals sent by the GPS satellites The input signal is amplified to the correct amplitude and the frequency is converted to the desired output frequency through the RF front-end chain The RF front-end can be disturb by thermal noise, random fluctuations of electrical, electromagnetic, interference signals (random or deterministic) The output signal is digitalized using the Automatic Gain Control (AGC) that optimizes the gain according to the Analog-to digital Converter (ADC) dynamic range The receiver's hardware includes the antenna, RF chain, and ADC.
The acquisition stage refers to the process of locating a satellite's signal The tracking stage is used to locate the navigation data's phase transition Subframes and navigation data can be accessed from the navigation data phase transformation The navigation data can be used to acquire ephemeris data and pseudo-ranges The satellite positions are calculated using ephemeris data Finally, for the satellite positions and pseudo-ranges, the user location can be determined.
As shown in Figure 3.3 in the forward direction, the receiver receives information about the satellite number (Coarse/Acquisition (C/A) code), the position of the satellites and the time at which the satellite transmitted the signal (the navigation data bits) From the information on the receiver, it is estimated that the distance is assumed When at least 4 satellites have received signals, the receiver solves the (3.3) to determine the position (� � , � � , � � ).
In the opposite direction, to generate spurious signals: user position, based on satellite orbit information, the ephemeris is widely published on websites such as
[74] Then we can simulate the navigation data bits.
Figure 3.3 Principles of GPS simulator
Filter Multipath of SV1, SV2, … quantizing signal Continuous waves, narrow band, pules …
C/N0 Ephemeris Almanac Time Location of user Clock bias Noise Ionospheric error
Carrier frequency Power of signal Data
Figure 3.4 Blocks scheme of GPS simulator
Figure 3.4 shows how to generate spoofing signals To generate a fake position or time, the following parameters are needed: C/N0 to perform the calculation of the output signal power, Ephemeris, Almanac is published on the website of IGS [73] together with the location user to define satellite number, pseudo-range; The clock bias, ionospheric, tropospheric parameters are estimated to be similar to the authentic signal.
Detection of a subset of counterfeit GNSS signals based on the Dispersion of the Double Differences (D 3 )
Dispersion of the Double Differences (D 3 )
The first block in the Figure 3.6 shows the development of a dual-antenna GNSS spoofing detection technique based on the dispersion of the double differences of carrier phase measurements (D 3 ) made by two GNSS receivers The approach does not require receiver synchronization to function effectively The approach is based on the Sum of Squares (SoS) detector (as shown in Figure 3.5), which was recently introduced as a simple and efficient method of detecting a common angle of arrival Multipath model
Interference model for all GNSS signals arriving at a pair of antennas The presence of such a common angle is recognized as an undiscussed indication of spoofed GNSS signals. Despite this, various flaws in the SoS algorithm can be found To begin with, the assumption that all signals originate from the same source; it is feasible that the receiver only monitors a subset of counterfeit signals out of the entire signal ensemble The concept provided in this section aims to address these issues by changing the SoS detection measure to identify subsets of counterfeit signals The efficiency of the suggested strategy is demonstrated by many simulation experiments in both authentic and spoofed signal situations.
Figure 3.5 Block diagram of SoS Detector
Figure 3.6 Block diagram of D 3 Detector
3.2.1 Differential Carrier-Phase Model and SoS Detector
The carrier phase measurements for a stand-alone GNSS receiver can be written, according to [16], [17], as
• � � is the carrier phase measurement for the �th satellite (� = 1,2, … � ), expressed in meters;
• � � is the geometric range between the receiver and the ith
• c is the speed of the light;
• � � is the ith satellite clock error;
• � is the receiver clock error;
• �,� is the tropospheric error; satellite;
• � is a noise term accounting for residual un-modeled errors, including thermal noise and multipath.
If we consider two receivers observing the same satellites at the same time, we can use their output data to build single carrier phase differences for each satellite in common view: Δ� = � � (1) − � (2) = (� (1) − � (2) ) + Δ� � + �(� (2) − � (1) ) + Δ
� � � � � � (3.6) where superscripts (1) and (2) denote measurements from the two receivers For short baselines, the ionospheric and tropospheric errors are cancelled out Moreover, the range difference between the satellite and the receivers (� (1) − � (2) ) can be expressed as in [16]: � �
� � � (3.7) where D is the distance between the two antennas and � is the angle of arrival (AoA) of the ith satellite signal, as depicted in Figure 3.7 The Double carrier phase Difference (DD) between the �-th satellite single difference and the reference satellite single difference, here indicated with the subscript ‘r’, removes the difference clock bias term (� (2) − � (1) ) from (3 6):
(3.8) expressed in units of cycle Notice that the choice of using the double difference measurements ❑ � in the construction of the detector is equivalent to the option expressed in [16] -equation (10) and further discussed in [17] -equation (39).
Figure 3.7 Reference geometry for the dual-antenna system
3.2.2 Sum of Squares Detector Based on Double Differences
In (3.8), the term (cos( � ) − cos( � )) only depends on the AOA of the � -th and reference received signals In normal conditions, GNSS signals are transmitted by different satellites and arrive at the receiver from different directions: cos( � )
≠ cos( � )∀(�, �) On the contrary, in case of counterfeit signals all transmitted from the same source, the received signals share a common AoA, meaning that cos( � ) − cos( � ) = 0∀(�, �) Thus, [ 1 6]-equation (10) and [17 ]-equation (39) demonstrate that the double differences stated in (3.8) can be used to design a statistical test, formulated on the two hypotheses:
� 1 ) ∃�, � ∶ cos( � ) − cos( � ) ≠ 0 (3.9) where the null hypothesis � 0 indicates counterfeit signals and �1 is the case of nominal condition where the signals are authentic The Generalized Likelihood Ratio Test (GLRT) approach is proposed in [16] [17] to discriminate between �0 and
�1 at each observation epoch, based on the following test statistic:
(3.10) in which Λ SoS (Δ∇∇∇∇∇∇∇∇∇∇∇∇∇∇∇ ) is the SoS detector, I is the number of satellites observed in the current epoch by both receivers and � � is a weight given to the measurements (see [16], equations (7) or (9)) Due to the round operator the impact of the integer ambiguities is removed and only the fractional part of the DD is considered, i.e.
� � = Δ∇∇∇∇∇∇∇∇∇∇∇∇∇∇∇ � − �����(Δ∇∇∇∇∇∇∇∇∇∇∇∇∇∇∇ � ) (3.11) so that (3.10) can be rewritten as
When the system is under the �0 hypothesis, Δ∇∇∇∇∇∇∇∇∇∇∇∇∇∇∇ � is dominated by the noise term Δ
∇∇ � and so is Λ SoS On the contrary, under � 1 , the geometrical term cos( � ) − cos( � ) is dominant The comparison of the test statistic (3.12) against a proper detection threshold determines the hypothesis selection As observed in [16], the formulation of the test statistic as in (3.10 )-(3.12 ) is a measure of the dispersion of the DD measurements.
An example of SoS detector (3.10) is reported in Figure 3.8 and Figure 3.9, along with the associated fractional DDs (3.11) for both the cases of a scenario where all the signals are generated from the same source (�0) and for the case where all the signals are transmitted by the true satellites (�1) It is clearly visible how the SoS metric Λ SoS is able to successfully discriminate between the case where all the signals are counterfeit and the case where the signals are authentic, because arrive from different directions In fact, in the case of a counterfeit source (Figure 3.8), Λ SoS is orders of magnitude lower than in the case where all the signals are authentic (Figure 3.9).
Figure 3.8 Fractional DDs and SoS detector results under simulated spoofing attack (H 0 )
Figure 3.9 Fractional DDs and SoS detector results in normal conditions (H 1 )
3.2.3 Some Limitations of the SoS Detector
In certain operative conditions, the SoS detector summarized above may fail in recognizing the presence of counterfeit signals Indeed, so far the detector has targeted the scenario of a victim receiver that tracks only counterfeit GNSS signals, while the authentic signals have been completely discarded from the tracking stage.
In this case the SoS is a valid and powerful method to detect the presence of a spoofing attack.
However, let consider a case where the receiver is simultaneously exposed to the two ensembles of signals, namely the authentic and the counterfeit ones Especially in case of limited power difference between the two ensembles, it is possible that the receiver does not completely lock onto one ensemble only, but continues tracking some of the authentic signals, simultaneously with a subset of the counterfeit ones [8] Several in-lab tests have shown this ‘mixed tracking’ condition as quite common, in particular at the beginning of an attack [9], [2] An example of such a condition is reported in Figure 3.10 where the receiver is tracking three counterfeit and five authentic GPS L1 C/A signals The signal taken as reference was among the authentic ones In this condition only three fractional DD � � have the same geometrical term
(cos( �� � ) − co s( � )) ≠ 0, where ��� indicates the common AoA of the counterfeit signals, resulting in a SoS metric (3.12) higher than the detection threshold Therefore, the hypothesis �1 is incorrectly chosen.
Figure 3.10 Fractional DD measurements and SoS detection metric in mixed tracking conditions under spoofing attack Only three signals out of nine are counterfeit The reference signal is authentic
Another limitation of the SoS detector is determined by the presence of cycle slips in the carrier phase measurements A cycle slip causes a jump in carrier-phase measurements when the receiver’s tracking loop experiences a temporary loss of lock, due to signal blockage or some other disturbing factors [21] Cycle slips can have a remarkable impact on the SoS detector, as it is evident in Figure 3.11 for a single source case: when a cycle slip happens, the correspondent fractional DD measurement � � jumps and the SoS detector increases so as to detect a normal condition (�1).
Figure 3.11 Example of cycle slips effect on the SoS metric in the presence of single source The detector is not able to reveal a spoofing attack when cycle slips occur
3.2.4 Detection Of A Subset Of Counterfeit Signals Based On The
Dispersion Of The Double Differences (D 3 )
Performance Analysis of the Dispersion of Double Differences Algorithm
Algorithm to Detect Single-Source GNSS Spoofing
3.3.1 Theoretical analysis of performance and decision threshold
The test metric (3.19) is the squared difference of fractional DDs between pairs of signals (�, �), having Gaussian distribution according to (3.13) Therefore, normalized metric Λ 3 ( ,� �)/(� 2 + � 2 ) can be described as a random variable withthe
� 2 distribution with one degree of freedom, because it is written, in any instant, as the square of the Gaussian random variable ((� � − � � ) having variance � 2 + � 2 :
� � 2 + � � 2 1 (3.22) where � is the non-centrality parameter of the distribution, which depends on the mean value of ((((((((((((((( � − � � ):
It is worth noticing explicitly that � can be time-variant, following the variations of
� � , � � along the time However, the relationship (3.22) does not change Since the test hypotheses (3.18) are formulated for a single epoch, then the following discussion is independent from the temporal variation of the non-centrality parameter �.
If we define the pairwise hypotheses as
ℎ0 (null pairwise hypothesis): the two signals are counterfeit;
ℎ1 (alternative pairwise hypothesis): at least one of the two signals is genuine; then the � 2 (�) distribution (3.22) is central under ℎ 0 , i.e.:
Notice that (3.25) expresses the fact that � � , � � cluster around the same mean value, which is not necessarily 0, neither necessarily constant in time On the other hand, the
� 2 (�) distribution (3.22) is non-central under ℎ1, i.e.:
The distribution function of the theoretical � 2 distribution with one degree of freedom [31]-[34] is reported for the ℎ 0 and ℎ 1 hypotheses in (3.28), where � � (�) is the modified Bessel function of the first kind, with order �.
In order to verify the above assumptions with numerical results, we simulate three time series of DD measurements, generated according to the model (3.5) and (3.8): two of them share the same geometrical term and thus fall in the null hypothesis ℎ0; the third one has a different geometrical term and thus falls in the alternative hypothesis ℎ1 All the series have the same variance � 2 For the two pairs of DDs, we calculate the numerical distribution of the values of the normalized decision metric Λ � 3 ( ,� �)/(222222222222222 2 ) in the form of a normalized histogram of occurrences and we compare it with the theoretical distributions (3.28) The comparison between sample
1 and theoretical distributions is shown in Figure 3.22 for the ℎ1 condition and in Figure3.23 for the ℎ0 one, confirming in both cases the correct matching It is worth noticing that in the ℎ1 hypothesis, the slopes of DD time series generated by authentic signals are different each other (see Figure 3.21) and therefore the value of the geometrical terms � � , � � in (3.15) change over time at different rates In these conditions the non-centrality parameter of the � 2 distribution is time-varying and the sample distribution cannot be estimated from the time series To overcome this effect, it is necessary to apply a de-trending process to the DD measurements before forming the decision metrics; after that, the sample distribution can be estimated and the
� � 2 (�; 1, �) function can represent on a two-dimensional plot, as in Figure 3.22.
(2) Hypothesis ℎ0 : Determination of the pairwise detection threshold and missed detections
Based on the theoretical characterization above, this subsection derives the pairwise detection threshold � 2 as a parameter determined from a target pairwise probability of missed detection The approach used here is similar to the guidelines stated in [35].
Under the ℎ0 hypothesis, consider two fractional DDs � � , � ∈ � According to (3.19), we can define the pairwise probability of detection � � as:
The corresponding pairwise probability of missed-detection � �� can be stated then as:
By exploiting (3.22) and (3.28), the � �� can be formulated as:
(3.31) where � � 2 (⋅) is the Cumulative Distribution Function (CDF) of the � 2 function and
� 2 is the threshold value Notice that the normalization (3.22) implies:
Figure 3.21 Fractional DD measurements in mixed tracking conditions under spoofing attack Five signals of eight are counterfeit The reference signal is counterfeit, so that M cnt = 0
Expression (3.30) cannot be resolved in closed-form but it can be numerically approximated through a quantile function [36] Thus, for a given target � �� , the threshold � 2 can be found by inverting (3.30) [35] Thus, the values of � 2 for different values of pairwise � �� are reported in Figure 3.24, where, as a function of a range of possible values of Λ � 3 /(222222222222222 2 ) in (3.29), the curves of CDF � � 2 (⋅) and 1- CDF (3.30) are reported in blue dash-dotted and red continuous line respectively: then for instance, the black dotted line sets a target pairwise � �� = 0.01 and determines the correspondent detection threshold � 2 = 6.26 read on the 1 − � � 2 (� 2 ) curve.
Figure 3.22 Normalized distribution under the h 1 condition: comparison between theoretical and sample distribution
Figure 3.23 Normalized distribution under the h 0 condition: comparison between theoretical and sample distribution
The validity of the relationship (3.30) between detection threshold and pairwise probability of missed detection can be numerically checked via simulation We employ two hours-long time series of carrier phase measurements computed by two software receivers on RF simulated signals, generated under the hypothesis of single transmitting source and equal C/N 0 ratio Then, the DD measurements ��,
�� ∈ � are generated at 1 Hz (with � 2 = � 2 = � 2 ), the test metric (3.19) is computed at each
� � epoch, normalized to 222222222222222 2 and it is compared with the threshold � 2 In this way, a good estimator of � �� is the missed-detection rate � �� , defined as:
Figure 3.24 Relationship between ξ 2 and pairwise P md , under the h 0 condition (logarithmic scale on the Y axis)
For example, for a detection threshold set to � 2 = 6.26, the resulting � �� is equal to 0.0114, which is close to the target � �� = 0.01, with confidence of this estimate on the order of � �� /10 for the available simulation length Using the same simulated dataset, the spoofing detection test is applied setting different values of the target
� �� , which correspond to different values of the threshold � 2 The comparison between estimated � �� (3.33) and target � �� is always satisfactory, as can be appreciated in Figure 3.25, which reports the curve of the target � �� (blue line) as a function of the corresponding threshold � 2 , compared with the estimated � �� (red dotted line) The confidence interval for each estimate is indicated with the black segments: for � �� < 0.005 the simulation length is not sufficient for a reliable estimate using (3.33).
Figure 3.25 Comparison between the theoretical P md and the computed missed- detection rate R md for various values of detection threshold ξ 2
(3) Hypothesis ℎ1 : Analysis of the false alarms
Under the ℎ 1 hypothesis, for two measurements � � , � � such that � � or � � ∈ � , the
| 2 2 event � � − � � | ≤ � �� is a wrong detection, i.e., a false alarm Then, we define the pairwise probability of false alarms � �� as
� �� = Prob (||||||||||||||| � − �2 � | ≤ � �� 2 |ℎ 1 ) (3.34) which is a function of � through the threshold � 2 (3.32) and of
�� �� � � through the non-centrality parameter (3.26) Using the theoretical expression of the cumulative density function related to the distribution function (3.28), the pairwise probability of false alarm (3.24) can be written as
(3.35) whose numerical integration is reported in Figure 3.26 for various possible values of �| ℎ 1
Notice that the range of feasible values for the non-centrality parameter �| ℎ 1 can be computed looking at the possible values of the differential geometrical term
||||||||||||||| � − � | and of the standard deviation of the measurement noise variance; such an analysis is reported in Figure 3.27 where it appears that �| ℎ 1 is small (i.e., say, �| ℎ 1
< 10) for most of the cases (e.g., ∀∀∀∀∀∀∀∀∀∀∀∀∀∀∀ ≥ 0.3 ), although greater and substantially greater values are possible.
A validation of the analysis under the ℎ1 hypothesis via numerical simulation is less intuitive than in the previous case, because the non-centrality parameter of the distribution under ℎ1 is not constant along the time, therefore the applicable � �� curve changes along time across the ensemble of Figure 3.26 For example, in a two-hours- long simulation in the ℎ1 hypothesis, � � varies with average slope 0.0024 cycles/s and � � varies with average slope 8e-4 cycles/s; the false alarm rate can be computed as Figure 3.27.
As a function of the applied detection threshold � 2 The result of the simulation for
� �� is reported in Figure 3.28, in which the � �� curve would cross those in Figure 3.26 without coinciding with anyone of these for the reason explained above.
Figure 3.26 Theoretical values of P fa (3.24) as a function of ξ 2 and for several non-centrality parameters λ
Figure 3.27 Evaluation of the feasible range of values for the non-centrality parameter λ, as a function of the difference |m j -m k | and of the standard deviation of the measurement noise σ
Figure 3.28 Measured values of R fa as a function of ξ 2 for a two-hours simulation in which |m j -m k | varies along time and so does the non-centrality parameter λ| (h1)
Finally, putting together (3.30) and (3.25), it is instructive to observe the pairwise operating curves of the � 3 detection rule, defined as the pairwise � �� (�) as a function of the pairwise � �� , whose relationship is established through the threshold
� 2 evaluated as in Hypothesis ℎ0 The analysis is shown in Figure 3.29: given a pair of geometrical terms � � , � � ∈ � � � and the associated measurement noise variances
� 2 , � 2 , the possible pairs of pairwise � �� and � �� are completely determined along
� � one of the curves in Figure 3.29 and the expected performance can be obtained by setting � 2 as in (3.32) As closer two authentic measurements are (� � or � � ∈ �,
� �� � smaller), as higher the probability of false alarm is, for any given probability of missed detection.
Figure 3.29 Pairwise operating curves (i.e., pairwise P fa (λ) as a function of the pairwise P md ) for the D3 detection rule, for several non-centrality parameters λ
The overall � 3 detection rule in (3.18) employs combinations of pairwise detections Therefore, the overall � 3 performance depend on the proper combination of the pairwise performance analyzed in the previous paragraphs Thus, under the
�0 hypothesis in (3.18), the overall probability of missed-detection (� �� ) can be formulated as:
� �� = 1 − � � (3.37) where � � is the overall probability of detection Considering three DD measurements
� � , � , � ∈ �, the � 3 detection event is given by the intersection of two pairwise detection events:
(Λ � 3 (�, �) ≤ � �� 2 |ℎ 0 ) ∩ (Λ � 3 (�, �) ≤ � �� 2 |ℎ 0 ) (3.38) Therefore, � � is given by the probability of the two events:
� � = Prob(((((((((((((( ( �� ∩ � �� ||||||||||||||| 0 ) (3.39) where � �� = (Λ � 3 (�, �) ≤ � 2 |ℎ 0 ) is a pairwise detection event If � �� and � �� are independent, then
� � where � � (���) is the pairwise probability of detection defined in (3.29), associated to the event � ��
A numerical simulation under the � 0 hypothesis, similar to the one used in the previous paragraph (2) Hypothesis ℎ0, allows to verify the overall � �� as a function of the pairwise threshold � 2 The results are reported in Figure 3.30, which reports the � �� estimated from the simulation for different values of � 2 and same noise variance, corresponding to �/� 0 = 39 dBHz, for the three series of DDs.
Similarly, to the definition of the overall probability of missed-detection, we can define the overall probability of false alarms (� �� ) under the �1 hypothesis in (3.18) If we consider three DDs � � , � � , � � ∈ ,� the D 3 false alarm event can be stated as:
� �� � � �� (3.41) where � �� = (Λ � 3 (�, �) < � 2 |ℎ 1 ) is a pairwise false alarm event Then the overall probability of false alarm results
� �� = Prob(� �� ∩ � �� |� 1 ) (3.42) which for independent events becomes
� �� = � �� ((((((((((((((( �� ) ⋅ � �� (� �� ) (3.43) where � �� (� �� ) is the pairwise probability of false alarm defined in (3.24), associated to the event � �� At this point, the overall Receiver Operating Characteristic (ROC) curves for the � 3 spoofing detection algorithm can be drawn as in Figure 3.31 It is evident and expected that the overall detection rule improves the ROC curves with respect to the pairwise ones in Figure 3.29, i.e., for each value of �, the overall ROC curve is lower than the pairwise one.
A Linear Regression Model of the Phase Double Differences to Improve
In this part we have presented a new metric to improve the performance of the Dispersion of Double Difference algorithm to detect GNSS spoofing attacks in case of mixed tracking The new metric is based on a linear regression of the fractional phase double differences (Figure 3.36) Although the required hardware components are the same as for SoS detector and standard D 3 algorithms, the performance of this version of the D3, indicated and LR-D3, is better and independent of the C/N0 and the antenna distance In addition, our algorithm eliminates the use of 2 baselines which is mandatory in the standard D 3 method to reduce false alarms.
Figure 3.36 Block diagram of LR-D 3 Detector
A limitation of the work presented in section 3.2, i.e., of the standard D 3 algorithm, is the frequent appearance of false alarm events, whose origin can be explained by means of Figure 3.37 and Figure 3.38 Figure 3.37 reports an example of the Double carrier phase Differences (DDs) measured along the time for a set of 9 satellites tracked by two receivers with antennas placed 2 meters apart The figure does not report the satellite used as reference in forming the DDs (for which the DD series would be constantly 0) Only the fractional part of the DDs is shown, which is the observed metric used by the standard D 3 algorithm to take its decisions about the presence of signals coming from the same direction In fact, the standard D 3 decides that signals are counterfeit if the distance (dispersion) of their fractional DDs is below a given similarity threshold In Figure 3.37, the fractional DDs of PRN 7, 8,
17, 21, 32, form a cluster around 0 because their Direction of Arrival is the same; on the contrary, the fractional DDs associated to PRN 5, 16 and 25 show a different trend, which depends on their own (differential) Direction of Arrival and Doppler frequency Nonetheless, in the intervals in which the genuine signals
DD traces cross the trace of the counterfeit ones, a false spoofing detection happens This is highlighted in Figure 3.38, where the sequence of decisions taken per each satellite is shown: false alarms are visible for PRN 16 and 25 around 200s and 360s respectively (from the beginning of the simulation).
In this work we propose an evolution of the standard D 3 algorithm, based on the idea of modelling the fractional DDs as piecewise straight lines along the time, as they are in fact apart for the noise component Figure 3.39 shows an example of evolution of the fractional DDs (fDDs) for a pair of genuine signals along about
3500 seconds: the piecewise linear trend is evident Based on this observation, the new detection metrics proposed in this work will be the parameters of such straight lines, instead of the fDD measurements themselves It will be proved that this idea remarkably reduces the problems of false alarms and missed detection.
Figure 3.37 Fractional DD measurements in mixed tracking conditions under spoofing attack Five signals of eight are counterfeit
Figure 3.38 Sequences of decisions, with false alarms, in the standard D 3 spoofing detector algorithm for PRNs 25 and 16
Figure 3.39 Example of fractional DD approximated by piecewise straight lines
In section 3.2 proposed two different solutions to mitigate the aforementioned problems: the first solution required extending the time of detection by applying some averaging while the second to use an extra baseline On the contrary, the new method presented in this work does not require any additional baseline or averaging technique This method is based on modelling the fractional DD measurements as piecewise straight lines, through a linear regression (LR) algorithm; for this reason, it will be indicated in the following as LR-D 3
The double differences of the carrier phase measurements between two receivers and two signals (‘�’ and the reference signal ‘0’) at the time instant � can be written as in section 3.2.
(3.46) where �� (⋅) denotes the single-difference carrier phase pseudorange, �� (⋅) is the single-difference geometric range (i.e., the distance difference of the source from the two antennas), � � is the carrier wavelength, �� (⋅) is the single-difference carrier phase integer ambiguity, �� (⋅) are differential noise terms, accounting for residual unmodeled errors, including thermal noise and multipath The measurements are assumed to be synchronized, so that differential clock terms can be neglected. Justification details of this model are omitted for reasons of space; the interested reader can find them in section 3.2.
In order of getting rid of the integer part of the DD measurement (3.46), i.e., of the term ��((((((((((((((( ) − �� (0) , which cannot be easily determined, only the fractional part of it is used for the present purpose, as proposed in [5]:
Along relatively short time intervals (e.g., on the order of 500s), the fractional DD measurements can be approximated as straight lines (Figure 3.39), whose model equation is simply as it follows:
� � [�] ≈ � � [�] = � � � + � � (3.48) where the ordinate � � [�] represents the nominal fDD value at the discrete time index
�, according to the straight-line model; � � is the slope of the line and � � is the intercept of the line at � = 0 The time interval in which the model (3.48) is valid is indicated hereafter as linearity interval.
There are many methods for estimating the unknown parameters � � and � � starting from the noisy fDD observations, such as the least absolute deviations [24], the Theil– Sen estimator [25] or the Deming regression technique [26] In this work we use the least squares method to estimate � and �, so that the square difference between the sequence of measurements, � � , and the line representing its best fit, � � , is minimum. According to [27], it can be proved that the intercept � � can be estimated by the equation:
� where �̅ � [�] is the mean value of the sequence of measurements � � [1] … � � [�] and
�̅ is the mean value of the time interval 1 … �, where � is the length of the observation window, from the beginning of the linearity interval The slope � � can be estimated by the following expression [27]:
Using (3.49) and (3.50), the two parameters � � and � � can be calculated in real-time through subsequent refinements.
Considering each linearity interval as made of � time instants and � adjacent measurements (e.g., � = 400 in the example reported in Figure 3.37), the parameters
� � and � � of the straight-line model are determined with the following steps:
At the first instant = � = 1 , and � � and � � are estimated through only one sample in (3.49) and (3.50); the final estimate of � � and � � [�] from the previous linearity interval can be used as initial estimate if available;
From the second time instant till to �, � in (3.49) and (3.50) covers the number of epochs from 1 up to the current epoch �.
By applying such an approach to one of the spoofed fDD traces in Figure 3.37, the sequences � � [�] and � � [�] are estimated as shown in Figure 3.40.
Figure 3.40 Example of estimated value of line slope and intercept
In case of a spoofing attack, the signals are likely broadcasted from the same source, thus the fDD measurements are similar for all the spoofed signals On the contrary, the fDDs of the authentic signals are different between each other. Therefore, let � be the subset of the spoofed signals and � be the subset of the authentic ones tracked by the receiver; we can set the following spoofing detection rule:
If � � ≠ � � or � � ≠ � � , then (�, �) ∈ � (3.51) More formally, we can set (3.51) as the following testing hypothesis:
(3.52) where � 2 is the decision threshold associated with the test on the intercept value and
� 2 is the decision threshold of the test on the slope The null hypothesis � is
� 0 represented by the presence of at least two counterfeit signals in the ensemble under tracking The decision on spoofing is made by comparing each pair of fDDs at a time, while in the standard D 3 formulation the decision is taken on a set of at least three fDDs at a time This means that the minimum number of counterfeit signals detectable by the LR-D 3 is two, which is less than three, the number in the conventional D 3
Conclusions
The D 3 algorithm is based on the evaluation of regions of similarity for the DD of carrier phase measurements was described in this chapter: when the DDs of at least three signals are included in the same region, the signals are considered counterfeit. The performance of the algorithm and the benefits of several proposed improvements have been demonstrated, as well as the analytical derivation of the detection threshold for a target paired missed detection probability The D 3 algorithm proved to be capable of reliably detecting spoofing attacks in both static and dynamic scenarios, as well as at various C/N0 values, in a set of experimental tests, provided that the used GNSS receivers produce reliable carrier phase measurements This chapter introduced a new metric for improving the performance of the D 3 algorithm, which detects GNSS spoofing attacks in mixed tracking The new metric is based on the linear regression of fractional phase double differences. The performance of this version of the D 3 and LR-D 3 is superior and independent of the C/N0 and antenna distance, despite the fact that the required hardware components are the same as for the SoS detector and regular D 3 algorithms.
The main research results of chapter 3 have been published in articles 1, 4, 5 in the list of publications of the thesis:
1 V.H Nguyen, G Falco, M Nicola, and E Falletti,(2018) “A dual antenna
GNSS spoofing detector based on the dispersion of double difference measurements”, in Proc Int 9th ESA Workshop on Satellite Navigation Technologies and European Workshop on GNSS Signals and Signal Processing (NAVITEC), Noordwijk, Netherlands, Dec 2018, 5-7, DOI: 10.1109/NAVITEC.2018.8642705.
4 Van Hien Nguyen, Gianluca Falco, Emanuela Falletti, Mario Nicola, The Vinh La,
(2021) “A Linear Regression Model of the Phase Double Differences to Improve the D 3 Spoofing Detection Algorithm” European Navigation Conference 2020, 23-
24 November 2020, Dresden, Germany Date Added to IEEE Xplore: 18 January 2021.
5 E Falletti, G Falco, Van Hien Nguyen, M Nicola (2021), “Performance Analysis of the Dispersion of Double Differences Algorithm to Detect GNSS Spoofing”.IEEE Transactions on Aerospace and Electronic Systems Early Access Print ISSN:0018- 9251 Online ISSN: 1557-9603 DOI: 10.1109/TAES.2021.3061822.
SOPHISTICATED GNSS SPOOFING DETECTOR BASED ON ANGLE OF
Gaussian Mixture Models and Expectation-Maximization for GMM (source [76])
The Gaussian distribution is known as the normal distribution, which is a popular model for continuous variable distribution The Gaussian distribution can be stated as follows for a single variable �:
22 2 222222222222222 2 (4.1) Where � is mean and � 2 is the variance A visualization of the Gaussian distribution is shown in Figure 4.2 with � = 0, � = 1.
Figure 4.2 The single variable Gaussian are plotted with � = 0 and � = 1 The Gaussian distribution has the following form if the x vector has D dimensions:
If the � vector has D dimensions, the Gaussian distribution can be written as:
In the above expression, � is the expectation vector with D dimension, � is the covariance matrix of size � × � and |�| is the determinant of �.
Although Gaussian distributions have important theoretical properties, they have limitations when it comes to modelling real data sets As a result, Gaussian distributions will better describe the complicated nature of the real data collection.
By using a large enough number of Gaussian components, altering their expectancies and variances, and adjusting the coefficients of the linear combination, it is possible to approximate nearly any continuous distribution with arbitrary precision.
Consider the superimposed case of K with the following Gaussian distribution:
This is a case of a mixed Gaussian distribution Each distribution �(�| � �, � �) is a component of the mixture having its own expectation and variance � � , � � respectively The parameters π � are mixing coefficients Figure 4.3 shows how a linear combination of Gaussians can result in extremely complicated densities.
Figure 4.3 Example of a Gaussian mixture distribution in one dimension, green, blue, and yellow are shown as components, and their sum is shown in black
Figure 4.4 Illustration of a mixture of 3 Gaussian components in 2D; a) Constant density contour for the 3 components of the mixture; b) The contour of the boundary probability density p(x) of the mixed distribution; c) Show the distribution of p(x) along the surface
Figure 4.4 shows a Gaussian distribution with three components Integrating both sides of (4.3) with respect to x and noting that both �(�) and the individual
Gaussian components are normalized, we have:
Figure 4.4 depicts a three-component Gaussian distribution When both sides of (4.3) are integrated with respect to x, and both �(�) and the individual Gaussian components are normalized, we get:
The requirement that �(�) ≥ 0, �(�|� , �� � � � ) ≥ 0 leads to �� ≥ 0 for all k. Combined with (4.4) there will be:
Mixed coefficients also satisfy conditions such as probabilities We can write the following as an equivalent to expression (4.3):
Where, �� = �(�) is the a priori probability of the kth component.
� (�|� � , Σ � ) = �(�|�) is the conditional probability of � for k Another important quantity is the posterior probability �(�|�) From Bayes theorem, we have:
The GMM distribution is governed by the parameters � , � and � where � ≡ {�1, … ,
��}, � ≡ { � 1, … , � �} and � ≡ {� 1, … , � �} To set the value of these parameters can use maximum likelihood From (4.3), the logarithm of the available function is given by:
Where � = {� 1,…, � N} It can be seen that this is a much more complicated case than the simple Gaussian distribution since there is a sum over k inside the logarithm Therefore, the solution of the parameters is no longer analytic In this case, the expected maximum can be used to get the solution.
Assume that the K-dimensional random binary z variable has one of K representations where the special element z� = 1 and the other elements equal 0 The value z� satisfies z� ∈ {0,1} and ∑ � �� = 1 There are K states for the vector z corresponding to it having a non-zero element Define the combined distribution �(�, �) according to the boundary distribution �(�) and the conditional distribution �( �|�) corresponds to the model shown in Figure 4.5.
Figure 4.5 Graph showing a mixed model in which the combined distribution is represented as p(x,z)=p(z)p(x|z)
The boundary distribution for z is specified depending on the composite coefficients such that �(�� = 1) = ��.
Since z uses one of K representations, this distribution can be written as:
A Gaussian distribution is also the conditional distribution of x with a special value of z:
This formula can also be written as:
The combined distribution is given by �(�)�(�| � ) while the marginal distribution of x is the sum of the combined distributions for all possible states of x:
This equation used (4.12) and (4.13) Thus, the boundary distribution of x is a mixed Gaussian distribution of the form (4.3) If there are observations � 1 …, � � and the boundary distribution is of the form �(�) = ∑ � �( ,� � ) so for each observable data point � � there will be a latent variable � �.
An equivalent formula for a mixed Gaussian distribution corresponding to a latent variable explicitly represented will be derived from this As a result, instead of working with the marginal distribution �( ,� �), the associative distribution �(�) can be used, resulting in a significant simplification via the Expectation Maximization(EM).
Another quantity that plays an important role is the conditional probability of z for a given x Using the notation γ(� � ) for �(�� = 1|�) and γ(��) is determined by Bayes theorem as follows:
Where: � � is the a priori probability for �� = 1 and (��) is the corresponding posterior probability when there is an observation x γ(��) can be considered as a quantity that plays a responsible role, leading to the element k taking the observation x.
Figure 4.6 Graph showing a GMM with matching latent points zn for a set of N i.i.d data points xn, where n = 1, ,N
4.1.3 Maximum likelihood for the Gaussian
If we want to use a mixed Gaussian distribution to model the data set {� 1, … , � � }.
An X matrix of dimension �� with row n equal to x T can be used to represent this data set A Z matrix of size �� with rows � T is used to represent the hidden variables If the data points have independent distributions, a mixed Gaussian model can be shown graphically for this data set, as illustrated in Figure 4.6.
Figure 4.6 represents a set of N independent random points with the same distribution {x n}, with latent points {z n}, where n = 1…, N From ( 4.3 ), log of the probability function shown by:
There is a significant challenge with maximization of visibility for the GMM. Consider a mixed Gaussian distribution whose components have covariance matrices of the form � � = � 2�, where � is the unit matrix The conclusion reached applies to general covariance matrices as well Assume that one of the mixed model components, such as the jth component, has on average � � precisely equal to one of the data points, resulting in � � = � � for some n This data point will be used in the manifest function as follows:
If we consider the limit where �� → 0, we can see that this term approaches infinity As a result, the log of the available function reaches infinity as well As a result, maximization of the reproducible log function is an inadequately presented task because monotony is always present and occurs whenever one of the Gaussian distribution components is attained A single Gaussian distribution does not cause this issue As a result, when applying maximum visibility to a mixed Gaussian model, caution must be exercised to prevent obtaining an absurd solution or a local maximum of the visibility function.
Another problem related to the maximum possible solution is that for any possible maximum solution, a mixture of K elements will have K! equivalent solution for K! how to assign K sets of parameters to K components In other words, for any given point (non-degenerate) in the space of parameter values there will be K! – 1 more point with the same distribution.
4.1.4 The expectation maximization algorithm for GMM
Consider the conditions that must be satisfied at the maximum of the possible function The derivative of lnp(X|π, μ, Σ)in (4.16) for the mean � � of Gaussian components and set to 0, we have:
For the Gaussian distribution, we used the formula ( 4.19 ) On the right-hand side of (4.15), the posterior probabilities γ(���) appear naturally By multiplying both sides by Σ −1 and rearranging the numbers, we get:
A Gaussian Mixture Model Based GNSS Spoofing Detector using Double
The implementation of spoofing signal detection using the AOA measurement is presented We use a dual-antenna system to verify if some of the received signals have the similar AOA or not Theoretically, DD values of fake signals from one broadcaster distribute densely around the zero point, because all the AOA-related terms are eliminated in the subtractions Authentic signals have DD values diversely distributed due to the difference of AOA among satellites Existing works [19] [43] [44]-[48] manually tune thresholds to distinguish those two distributions However, the threshold is strongly affected by several factors like signal-to-noise ratio, elevation angle of satellites, ionospheric and tropospheric condition, etc Therefore, we propose to use Gaussian Mixture Models to objectively learn parameters of the distributions over a large amount of training data The trained
GMMs later can well recognize authentic and spoofing distributions without any manually tuned parameters.
In our work, we build two datasets of DD values (illustrated in Figure 4.9a and Figure 4.9c) for training Gaussian Mixture Models (or learning the density function in the form eq 7) Two models are trained on the two DD datasets corresponding to authentic and spoofed signals.
The difference of the two distributions is presented clearly in Figure 4.9b and Figure 4.9d With the two models, we are able to decide if a set of GNSS data is spoofed or not depending on whether the value of the spoofed density function is higher or smaller than the one of the authentic density functions.
Using the GMM PDFs illustrated in Figure 4.9, we successfully detect 1921/1967 (97.66 %) authentic signal points and 8442/8586 (98.32%) spoofed patterns in our experiment.
Figure 4.9 Double carrier phase difference and GMM density functions of spoofed signals and authentic signals
4.3 A novel approach to classify authentic and fake GNSS signals in sophisticated spoofing scenario using Gaussian Mixture Model
4.3.1 Grouping of Double Carrier Phase Difference
We use mixed data including authentic and spoofed satellites as show in Figure 4.10 and Figure 4.11 This mixed data consists of 3 fake satellites and 5 real satellites From Figure 4.10, Figure 4.11 we can see that SoS algorithm mistakenly identifies all satellites as real satellites We see the fake satellites tend to gather in a certain location, the actual satellites are distributed widely in the range (-0.5; 0.5). Figure
4.10 show that with fake satellites as a reference, the fake satellites have the same angle, so the DD value is almost zero Other real satellites are scattered distributed.
In Figure 4.11 we take real satellites as a reference The three fake satellites are concentrated in the range of - 0.15 other real satellites still scattered.
Figure 4.10 Fractional DD measurements and SoS detection metric in mixed tracking conditions under spoofing attack with a fake satellite as the reference
In Figure 4.11, we take an authentic satellite as the reference, the DDs of fake signals converge around -0.15.
In this work, we select all 4-satellite combinations of 8 satellites in the data set In each combination of 4 satellites, we use every possible reference satellite to calculate the double carrier phase difference to form a set of double difference vectors with three components corresponding to the three remaining satellites.Figure 4.12 presents all those 3-D double difference points It can be seen clearly that the points do not distribute randomly but they gather in some specific regions.
Figure 4.11 Fractional DD measurements and SoS detection metric in mixed tracking conditions under spoofing attack with a authentic satellite as the reference
Figure 4.12 DD points distribution of all the 4-satellite combination (spoofed 1a 2s – all the points corresponding to the combinations in which the reference is spoofed, the other three contain 1 authentic and 2 spoofed satellites)
Figure 4.13 DD of real data and fake data to make the reasonability of the approach clear, we analyse the difficulty of spoofing identification in the below cases
Only one satellite is fake, the others are authentic
Figure 4.14 DD of the data has only one fake satellite
Figure 4.14 shows the 3D space of the Fractional DD, in which only one satellite is fake and the remaining are real satellites In this case, we see clouds that contain spoof satellites and clouds that contain only real satellites are well separated This is the most difficult situation However, it can be seen that, the distribution of spoofed points is still distinguishable from the authentic points They are NOT overlapped each other.
Figure 4.15 GMM of DD of the data has only one fake satellite
Figure 4.15 Given a DD point from a combination of 4 satellites (i, j, k, r – reference satellite) the generated 3D points and a surface representing the Gaussian location and scale (three standard deviations in each axis)
More than one satellites are spoofed
If there are at least two spoofed satellites as Figure 4.16 Because the spoofed satellites should have similar AoA, the cloud of points should be on a zero plane (if the reference is the fake one: see red and black points), or a bisector plane (if the reference is the real one: see yellow and green points).
Figure 4.16 The DD planes for the mixed data, including two spoofed satellites and two authentic satellites
Figure 4.17 GMM distribution of DDs
When we use fake satellites as a reference, there will always be 1 value x = 0 or y 0 or z = 0 so in the Oxyz, this point will be on the plane passes through the origin in which (x = 0 or y = 0 or z = 0) Real satellites, when used as a reference, always have two DD values of two equally spurious satellites, so in the 3D coordinate system, it will be on the bisector plane.
In these cases, it can be seen that, spoofed points are located at specific regions in the 3D spaces, that surely be a good criterion to identify them As shown in Figure 4.17, with the above data we find the GMM distribution model with 4 separate components.
The above visualization helps us to see the ability to develop a method to identify if there are any spoofed satellites at a specific time epoch or not It is clear that spoofed points and authentic points are well-separated in all the situations that we analysed above What we need here is a model to parameterize the distribution of points (one for spoofed and one for authentic) and then calculate the probability of a given point to see if that point belongs to the model or not.
We use GMM (Gaussian Mixture Model) to learn the distribution of spoofed points (at least one of the four satellites is fake) and authentic points (all the four satellites are real) Figure 4.13 illustrates the distribution of those points computed from the whole dataset.
To easily test the methods of detecting GNSS signals spoofing The next section introduces methods of generating GNSS simulation data coming from many different directions.
Multi-Directional GNSS Simulation Data Generation Method Use of
of Software Defined Radio Technology
This section proposes a method to simulate GNSS signals that allows generating signals coming from different directions and can customize the initial phase (phase offset) of the satellites, making direct changes to the results of the AoA estimation techniques This simulation signal generation technique is highly flexible, creating a variety of counterfeit attack situations at low cost The practical results of the simulation have shown that the simulation signal is completely similar to the actual received signal, thus making the simulator capable of overcoming the methods of detecting currently advanced spoofing signals.
The architecture of the GNSS signal simulator based on software-defined radio (SDR) technology is shown in Figure 4.18
In this architecture, the digital signal processing core module plays the role of modulating the GNSS digital signal, then this digital signal will be sent to the frontend and converted digital to analogue and analogue to RF Notice that simple systems will use only one frontend while the most complex simulation systems will use multiple frontend (one for each satellite) The system will broadcast all GNSS systems in transmit bands (GPS, GLONASS, Galileo, BeiDou, ) Then GPS simulation signal and simulation noise will be generated These simulated interferences are large enough that the receiver cannot track the signals of the satellites in the real GNSS system, but only track the spoofing signals.
Figure 4.18 The GNSS simulator architecture is based on SDR technology
The structure of the signal received by the GNSS receiver is modelled as follow
In which: � �,� 1 (�) is the signal of the k-th satellite at frequency L1; � �,� � (�) is the noise signal caused by the multipath interference, which is calculated by applying different multipath noise models; � � (�) is the interference signal, the interference signal will be computed from different interference models; η � (�) synthesizes other noise components; N, M, K are the number of satellites , the number of affected by the multipath effect, and the number of interference on the signal, respectively.
For the simulation system, if not consider the multipath effect and the interference, these two components can be ignored, we can ignore the role of these two components The signal of the k-th satellite at frequency L1 is modelled as follow:
In which: � � is the signal energy of the satellite at the receiver, this energy can be calculated through the signal-to-noise ratio selected by the user; τ � is the propagation delay of satellite k to the receiver, this parameter can be calculated from the satellites' position at time t (taken from the astronomical calendar) and the receiver-user position (refer to receiver input number); � �,� is the Doppler frequency caused by the movement of the satellite and receiver, this information can be calculated from the user's velocity; � �1 is the L1 frequency of GPS; Φ � is the initial phase displacement, which is optional for the user; C k (� − τ � ) is the spectral spread code of the satellite k, this information can be found in the specification of the GPS system; D k (� − τ � ) is the satellite positioning message k, this information can be calculated from the astronomical calendar.
Figure 4.19 L1 GPS spectral code generation method (Source: [16])
The signal and noise energy parameters can be determined based on the receiver's signal-to-noise ratio calculation formula as follows:
� 0 � � (4.34) where � � , � � và � ��� are the energy of the signal, the energy of the background noise and the equivalent noise bandwidth, respectively [61].
The parameter /////////////// 0 is the carrier-to-noise ratio and is the input of the simulator. This parameter is different for each satellite If the interference effect is not calculated, this parameter depends entirely on the distance from the satellite to the receiver However, the role of noise in the ionosphere, convection and even background noise cannot be ignored, so the role of distance here can be neglected.
The phase displacement value Φ � is determined based on the distance from the receiver to the simulation satellites The positions of the simulated satellites are determined based on the astronomical calendar information and simulation time
[60] These astronomical calendar parameters are also the ones that will be included to encode the � � data stream � � signal's spread spectrum code was determined based on published GPS documentation.
Experimental result
To conduct to test capable of generating multidirectional signals of system, determine the incident angle by estimating the incident angle value according to the double difference of the phase measurement as shown in [16], [17] The timing of the test must be determined first, then proceed in two steps:
• Collect real data at that time using the Septentrio receiver and proceed to determine the phase difference of the satellites;
• Simulate the signal at that time using the Septentrio receiver and determine the phase difference of the satellites;
The multi-directional simulated GNSS system is set up as shown in Figure 4.20 below:
Figure 4.20 Test configuration of GNSS simulation system
(1) Determine the phase difference parameters of real satellites
Figure 4.21 shows the difference estimation of the AoA value of the authentic satellites when received by a 2-antenna system under normal outdoor conditions As shown in the Figure 4.21, the satellites come from different directions, so the calculated incident angle difference values of satellites are different Therefore, Δ
Figure 4.21 Phase difference for real signal
(2) Phase difference for simulation signal
In Figure 4.22, the results obtained by the conventional simulator, the fractional of double carrier phase difference are approximately zero Thus, by conventional methods such as using the SoS in [16], [17] can detect spoofing signals.
Figure 4.22 Phase difference of conventional simulation signal
In the case of using simulators that transmit signals of 10 satellites in different directions to the receiver Figure 4.23 shows the results after conducting the double difference calculation of the phase measurement of the two receivers The double carrier phase difference of the simulated satellites in this case gives results similar to those obtained from real satellites.
Figure 4.23 Phase difference of the multi-directional simulation signal
In our experiment, we simulate a simplistic spoofing attack where we attach a power amplifier and an antenna to a GNSS signal simulator, and we radiate the RF signal toward the target receivers This experiment is carried out indoor in order to avoid the difficulty of synchronizing a simulator’s output with the real GNSS signals
We use the IFEN NavX-NCS Essential one to generate and broadcast GNSS signals and Septentrio AsteRx4 OEM modules to receive signals An example of system set up is reported in [19].
Table 4.1 The result of cross validation testing
Number of training data points
Number of testing data points
Number of correctly classified points
From Figure 3.16 (b), it is possible to see that the spoofer is located on a mezzanine at ISMB premises and comprises of a hardware simulator, a PC laptop running the
SW part of the GNSS simulator and a choke ring passive Novatel antenna transmitting the amplified GNSS-like signals In Figure 3.16 (a) and (c), we can see the spoofing signal is received by a set of three antennas (forming two baselines) that are connected to two multi-constellation dual-antenna Septentrio receivers.
It is important to stress that only one baseline would be necessary to detect the spoofing attack.
In this work we use the cross validation to divide the data into 10 folds We use 9 folds to do training 1 folds as a testing data With the data shown in Figure 4.10, when we use the GMM model to detect fake signals We obtained the results as shown in Table 4.1 and Table 4.2 From Table 4.1 we see the results to identify the spoofing signal with high performance without depending on the C/N0 value as algorithm D 3
Figure 4.24 shows the case of a DD of real satellite cross DD of fake satellites With
D 3 algorithm in the time period of 148s-152s, the system gets false alarm the real satellite PRN25 into a fake satellite as shown in Figure 4.24.
Using D 3 spoofing detector reaches only 98.02% efficiency and this algorithm depends on C/N0 value.
Figure 4.24 Fractional DDs in case of Intermediate spoofing attack, where the DDs of authentic satellites (PRN 25) cross the ones related to the spoofed satellites
Figure 4.25 False alarm in the D 3 detector: a fractional DD from a genuine satellite crosses the DDs of the spoofed satellites
With the data in Figure 4.24, when we use GMM we get a much better result than D 3 (Figure 4.25) without dependent the C/N0 value as shown in Figure 4.24. And in the False Alarm Rate and Miss Detection Rate are approximately 2% as shown in
Table 4.2 The result of Fractional DDs in case of Intermediate spoofing attack, where the DDs of authentic satellites cross the ones related to the spoofed satellites C/N0 = 39
Fold number Number of training data points
Number of testing data points
Number of correctly- classified points
Number of training data points
Number of testing data points
Number of correctly- classified points
Number of training data points
Number of testing data points
Number of correctly- classified points
Table 4.3 Normalized confusion matrix of Fractional DDs in case of
Predicted as authentic signal Actual: spoofed signal TPR.2% FNR=1.8%
Actual: authentic signal FPR= 1.59% TNR.41%
Conclusions
A more robust strategy to detecting these spoofers using GMM was proposed in this chapter GMM was proposed as a more reliable method of detecting these GNSS spoofing signal The AOA principle is still used in our method, and the data of two antennas GMM can easily adjust to changing antenna geometries and satellite conditions since they learn the classification threshold automatically Our classification success rate is better than 95% for both spoofed and authentic signals. The thesis also includes a low-cost multidirectional GNSS signal generation method This technique disables the most recent and frequently used GNSS spoofing detection methods A Septentrio receiver was used to capture simulation data for each antenna.
The primary research findings from Chapter 4 have been published in articles 2 and
2 Nguyen Van Hien, Nguyen Dinh Thuan, Hoang Van Hiep, La The Vinh, (2020) “A
Gaussian Mixture Model Based GNSS Spoofing Detector using Double Difference of Carrier Phase”, pp 042–047, Vol 144 (2020), Journal of Science and Technology of Technical Universities, 2020.
3.Nguyễn Văn Hiên, Cao Văn Toàn, Nguyễn Đình Thuận, Hoàng Văn Hiệp,(2020)
"Phương pháp sinh dữ liệu mô phỏng GNSS đa hướng sử dụng công nghệ vô tuyên điều khiển bằng phần mềm" 178-185, số Đặc san Viện Điện tử, 9 - 2020, Tạp chíNghiên cứu Khoa học Công nghệ quân sự.
CONCLUSIONS AND FUTURE WORKS
Spoofing is a pernicious type of intentional interference where a GNSS receiver is fooled into tracking counterfeit signals Starting from the fact that the spoofer’s signals share the same direction of arrival, a spoofing detection technique based on the Sum of Squares of the double difference carrier phase measurements was introduced in the past However, that technique fails to work when the receiver tracks only a subset of fake signals Thus, in this thesis we have presented four algorithm such as follow:
At first, we have presented a new AOA-based method to detect this situation, based on the Dispersion of the Double Differences (D 3 ), which has shown to be effective in case of such mixed tracking The algorithm works with every antenna distance, provided that the hypothesis of short baseline is satisfied; its hardware requirements are the same as for the SoS detector Successful preliminary tests have been conducted to verify its performance.
At second, the work is planned to further evolve in several directions: i) a comparative evaluation of performance in terms of false alarm rate and correct detection rate at various C/N0 levels, also in case of non-equal C/N0 levels; ii) an investigation on possible optimization strategies for the decision threshold � 2 ; iii) a more formal evaluation of the detection performance of the D 3 algorithm in terms of probability of false alarm and correct detection; iv) the use of the D 3 algorithm as a trigger for a robust direction finding algorithm, used to estimate the direction of the spoofing source with respect to the victim receiver Furthermore, the possibility of using the second baseline for direction finding, i.e., for the estimation of the AOA of the spoofing source ��� , will be investigated for certain operative conditions.
At third, this thesis presented the theoretical derivation of missed detection and false alarm probabilities for a GNSS spoofing detection algorithm based on the AOA estimation suitable for dual-antennas GNSS systems The algorithm, named D 3 , is based on the evaluation of regions of similarity for the DD of the carrier phase measurements: when the DDs of at least three signals are contained in the same region, then they are evaluated as counterfeit signals The analytical derivation of the detection threshold for a target pairwise missed detection probability has been demonstrated, along with the performance obtained by the algorithm and the benefits of some proposed modifications Finally, has been used to check the validity of the theoretical results In a set of experimental tests, the D 3 algorithm proved to be able to reach a reliable detection of spoofing attacks both in static and dynamic scenarios and at different C/N 0 values, provided that the employed GNSS receivers produce reliable carrier phase measurements In this thesis we have presented a new metric to improve the performance of the Dispersion of DoubleDifference algorithm to detect GNSS spoofing attacks in case of mixed tracking.The new metric is based on a linear regression of the fractional phase double differences Although the required hardware components are the same as for SoS detector and standard D 3 algorithms, the performance of this version of the D 3 ,indicated and LR-D 3 , is better and independent of the C/N0 and the antenna distance In addition, our algorithm eliminates the use of 2 baselines which is mandatory in the standard D 3 method to reduce false alarms.
At fourth we propose a more robust approach to detect these spoofers using GMM.Our method still leverages the concept of AOA and requires multiple antennas.However, since the classification threshold is automatically learnt by GMMs, the algorithm can easily adapt to different antenna geometries and satellite conditions.Our classification success rate is higher than 95% for both fake and authentic signal patterns The thesis also has presented a low cost multidirectional GNSS signal generation method This method disables most modern and commonly used GNSS spoofing detection techniques Simulation data were generated for each antenna respectively and captured using a Septentrio receiver The results of simulation and testing with the AOA estimation method based on the double difference of phase measurements show that the satellites have phase displacement in case of attack similar to real satellite With this method, the simulator is able to overcome the most advanced and efficient method of spoofed signal detection currently available based on the estimation of AoA of the satellite signal.
1.V.H Nguyen, G Falco, M Nicola, and E Falletti,(2018) “A dual antenna GNSS spoofing detector based on the dispersion of double difference measurements”, in
Proc Int 9th ESA Workshop on Satellite Navigation Technologies and European Workshop on GNSS Signals and Signal Processing (NAVITEC), Noordwijk, Netherlands, Dec 2018, 5-7, DOI: 10.1109/NAVITEC.2018.8642705.
2.Nguyen Van Hien, Nguyen Dinh Thuan, Hoang Van Hiep, La The Vinh, (2020) “A
Gaussian Mixture Model Based GNSS Spoofing Detector using Double Difference of Carrier Phase”, pp 042–047, Vol 144 (2020), Journal of Science and Technology of Technical Universities, 2020.
3.Nguyễn Văn Hiên, Cao Văn Toàn, Nguyễn Đình Thuận, Hoàng Văn Hiệp,(2020)
"Phương pháp sinh dữ liệu mô phỏng GNSS đa hướng sử dụng công nghệ vô tuyến điều khiển bằng phần mềm" 178-185, số Đặc san Viện Điện tử, 9 - 2020, Tạp chí
Nghiên cứu Khoa học Công nghệ quân sự.
4.Van Hien Nguyen, Gianluca Falco, Emanuela Falletti, Mario Nicola, The Vinh La,
(2021) “A Linear Regression Model of the Phase Double Differences to Improve the D 3 Spoofing Detection Algorithm” European Navigation Conference 2020, 23-
24 November 2020, Dresden, Germany Date Added to IEEE Xplore: 18 January 2021.
5 E Falletti, G Falco, Van Hien Nguyen, M Nicola (2021), “Performance Analysis of the Dispersion of Double Differences Algorithm to Detect GNSS Spoofing” IEEE
Transactions on Aerospace and Electronic Systems Early Access Print ISSN:0018- 9251 Online ISSN: 1557-9603 DOI: 10.1109/TAES.2021.3061822.
[1] F Dovis, “GNSS Interference Threats and Countermeasures” Norwood,
[2] E Falletti, D Margaria, G Marucco, B Motella, M Nicola, M Pini,
“Synchronization of critical infrastructures dependent upon GNSS: current vulnerabilities and protection provided by new signals”, manuscript under review to the IEEE Systems Journal, submitted on Feb 19, 2018.
[3] P Y Montgomery, T E Humphreys, and B M Ledvina, “Receiver- autonomous spoofing detection: Experimental results of a multi-antenna receiver defense against a portable civil GPS spoofer,” in Proc of the International Technical Meeting of the Institute of Navigation, Anaheim,
[4] S Pullen, G.X Gao, “GNSS Jamming in the name of Privacy,” in Inside
GNSS, vol 7, no 2, Mar./Apr 2012.
[5] A Jafarnia-Jahromi, A Broumandan, J Nielsen, and G Lachapelle, “GPS vulnerability to spoofing threats and a review of antispoofing techniques,” in the International Journal of Navigation and Observation, vol 2012, pp 1–16, May 2012.
[6] D Margaria, B Motella, M Anghileri, J J Floch, I Fernandez-Hernandez and M Paonni, “Signal Structure-Based Authentication for Civil GNSSs:
Recent Solutions and Perspectives,” in IEEE Signal Proc Magazine, vol 34, no 5, pp 27-37, Sep 2017 doi: 10.1109/MSP.2017.2715898.
[7] M L Psiaki and T E Humphreys, “GNSS spoofing and detection,” in Proc. of the IEEE, vol 104, no 6, pp 1258–1270, June 2016.
[8] R.T Ioannides, T Pany, G Gibbons, “Known Vulnerabilities of Global
Navigation Satellite Systems, Status, and Potential Mitigation Techniques,” in the Proceedings of the IEEE, vol 104, no 6, pp 1174-1194, June 2016.
[9] M Troglia Gamba, D M Truong, B Motella, E Falletti, T H Ta,
“Hypothesis testing methods to detect spoofing attacks: a test against the TEXBAT datasets,” in GPS Solutions, vol 21 (2), June 2016.
[10] S C Lo and P K Enge, “Authenticating aviation augmentation system broadcasts,” in Proc of the IEEE/ION Position, Location and Navigation
Symposium (PLANS '10), pp 708–717, Indian Wells, CA, USA, May 2010.
[11] K.D Wesson,, D.P Shepard, J.A Bhatti, and T.E Humphreys, "An
Evaluation of the Vestigial Signal Defense for Civil GPS Anti-Spoofing," in
Proc of ION GNSS 2011, Portland, Oregon, USA, Sept 2011.
[12] C E McDowell, “GPS Spoofer and Repeater Mitigation System using
Digital Spatial Nulling—US Patent 7250903 B1,” 2007.
[13] J Nielsen, A Broumandan, and G Lachapelle, “Spoofing detection and mitigation with a moving handheld receiver,” GPS World, vol 21, no 9, pp.
[14] J Magiera, R Katulski, “Accuracy of differential phase delay estimation for
GPS spoofing detection,” in Proceedings of the 36th international conference on telecommunications and signal processing, September 2013, pp 695–699. doi:10.1109/TSP.2013.6614026.
[15] P Y Montgomery, T E Humphreys, B M Ledvina, “Autonomous spoofing detection: experimental results of a multiantenna receiver defense against a portable civil GPS spoofer,” in Proceedings of the ITM 2009 Institute of
Navigation, Anaheim, CA, January 2009, pp 124–130.
[16] D Borio and C Gioia “A dual-antenna spoofing detection system using
GNSS commercial receivers”, in Proc of ION GNSS+ 2015, Tampa, FL,
[17] D Borio and C Gioia, “A sum-of-squares approach to GNSS spoofng detection”, IEEE Trans on Aerospace and Electronic Systems, Vol 52, No.
[18] L Canzian et al., “Interference localization from space Theoretical background,” in Inside GNSS, November/December 2016, pp 59-68.
[19] T E Humphreys, B M Ledvina., M L Psiaki, B W O’ Hanlon, and P M.
Kintner, Jr, “Assessing the Spoofing Threat: Development of a Portable GPS
Civilian Spoofer,” in Proc of ION GNSS 2008 of the Institute of Navigation,
[20] F De Ponte Müller, A Steingass, and T Strang, "Zero-Baseline
Measurements for Relative Positioning in Vehicular Environments," in Proceedings of the 6th European Workshop on GNSS Signals and Signal Processing, 2013.
[21] P Cederholm, and D Plausinaitis, “Cycle Slip Detection in Single
Frequency GPS Carrier observations using expected Doppler shift”, Nordic
Journal of Surveying and Real Estate Research (2014).
[22] IFEN NavX-NCS Essential Simulator website: https://www.ifen.com/products/navx-ncs-essential-gnss-simulator/
[23] Septentrio AsteRx4 OEM website: https://www.septentrio.com/products/gnss-receivers/rover-base- receivers/oem-receiver-boards/asterx4-oem
[24] I Barrodale and F D K Roberts, "An improved algorithm for discrete L1 linear approximation" SIAM Journal on Numerical Analysis 10 (5), 1973, pp: 839–848 doi:10.1137/0710069.
[25] M.G Akritas, S.A Murphy, and M.P LaValley, "The Theil-Sen estimator with doubly censored data and applications to astronomy", Journal of the American Statistical Association, 90, 1995, pp: 170–177, doi:10.1080/01621459.1995.10476499.
[26] A.C Jensen, "Deming regression, MethComp package", 2007.
[27] S Raj and S Kannan, “Detection of Outliers in Regression Model for
Medical Data”, International Journal of Medical Research & Health
[28] UK Government Office for Science, Jan (2018) “Satellite-derived Time and
Position: A Study of Critical Dependency,” [Online] Available: www.gov.uk/go-science
[29] D M Akos, “Who's afraid of the spoofer? GPS/GNSS spoofing detection via automatic gain control (AGC)” in NAVIGATION, Journal of the Institute of
[30] A Konovaltsev, et al., "Autonomous Spoofing Detection and Mitigation in a
GNSS Receiver with an Adaptive Antenna Array," in Proc of the 26th Int.
Tech Meeting of the Sat Division of The Institute of Navigation (ION GNSS 2013), Nashville, TN, September 2013, pp 2937-2948.
[31] M K Simon, “Probability Distributions Involving Gaussian Random
Variables,” New York: Springer, 2002, eq (2.35), ISBN 978-0-387-34657-1.
[32] M Abramowitz, and I A Stegun, “Handbook of Mathematical Functions,”
10th Ed Dover, 1972 Online: http://people.math.sfu.ca/~cbm/aands/
[33] J M Borwein, and I J Zucker, "Fast Evaluation of the Gamma Function for
Small Rational Fractions Using Complete Elliptic Integrals of the First Kind" IMA J Numerical Analysis 12 (4): 519–526, 1992. doi:10.1093/imanum/12.4.519.
[34] J N L Johnson, S Kotz, and N Balakrishnan, “Chi-Square Distributions including Chi and Rayleigh Continuous Univariate Distributions.” (Second ed.) John Wiley and Sons pp 415–493, 1994, ISBN 978-0-471-58495-7.
[35] S Lo, Y.H Chen, H Jain, P Enge, "Robust GNSS Spoof Detection using
Direction of Arrival: Methods and Practice," in Proc of the 31st Int Tech.
Meeting of the Sat Division of The Institute of Navigation (ION GNSS 2018),
[36] R W Abernathy, and R P Smith, "Applying series expansion to the inverse beta distribution to find percentiles of the F-distribution", in ACM
Transactions on Mathematical Software, Vol 9, No.4, pp 478–480, 1994.
[37] C Jiang, et al.,"Analysis of the baseline data based GPS spoofing detection algorithm," in Proc of IEEE/ION Position, Location and Navigation Symposium (PLANS), Monterey, CA, 2018, pp 397-403.
[38] “GNSS raw data in the presence of spoofing”: Zenodo Link: https://zenodo.org/record/2537055#.XjvtmPlKi70 [Last visited Feb 6, 2020].
[39] National Defense Magazine: https://www.nationaldefensemagazine.org
[40] “Resilient Navigation and Timing Foundation”: https://rntfnd.org/ [Last visited Nov 17, 2020]
[41] Inside GNSS magazine: https://insidegnss.com/ [Last visited Nov 17, 2020]
[42] GEOSpatial World: https://www.geospatialworld.net/ [Last visited Nov 17,
[43] Tech rep., John A Volpe “Vulnerability assessment of the transportation infrastructure relying on the Global Positioning System,” National Transportation Systems Center, 2001.
[44] Rui Xu, Mengyu Ding, Ya Qi, Shuai Yue, Jianye Liu, “Performance
Analysis of GNSS/INS Loosely Coupled Integration Systems under Spoofing Attacks” Published in Sensors 2018 DOI:10.3390/s18124108.
[45] Y.F.Hu, S.F Bian, B Ji, J Li, “GNSS spoofing detection technique using fraction parts of double-difference carrier phases”, J Navig 2018, 71,1111– 1129.
[46] Li He, Hong Li, Mingquan Lu, “Dual-antenna GNSS spoofing detection method based on Doppler frequency difference of arrival”, GPS Solutions July 2019.
[47] Esteban Garbin Manfredini, Dennis M Akos, Yu-Hsuan Chen, Sherman Lo,
Todd Walter, and Per Enge, “Effective GPS Spoofing Detection Utilizing
Metrics from Commercial Receivers,” Proceedings of the Institute of Navigation International Technical Meeting, Reston, VA January 2018.
[48] G Caparra, J.T Curran, “On the Achievable Equivalent Security of GNSS
Ranging Code Encryption” in IEEE/ION Position, Location and Navigation
[49] Y Huang, K Englehart, B Hudgins, A.D.C Chan, “A Gaussian mixture model based classification scheme for myoelectric control of powered upper limb prostheses”, IEEE Trans Biomed Eng., 52 (11) (2005), pp 1801-1811
[50] Amruthnath and Gupta, 2018 N Amruthnath, T Gupta, “ A research study on unsupervised machine learning algorithms for fault detection” in predictive maintenance 5th InternationalEr conference on industrial engineering and applications (ICIEA), IEEE (2018), pp 355-361
[51] Wang, Yue, et al "Design and implementation of programmable multi-mode
GNSS signal simulator." 2010 IEEE 12th International Conference on Communication Technology IEEE, 2010.
[52] C Tanil, P Martinez Jimenez, M Raveloharison, B Kujur, S Khanafseh, and
B Pervan, “Experimental Validation of INS Monitor against GNSS Spoofing,” in ION GNSS+ 2018, 2018.
[53] Liu, Yang, et al "Impact assessment of GNSS spoofing attacks on ins/GNSS integrated navigation system." Sensors 18.5 (2018): 1433.
[54] Wang, Fei, Hong Li, and Mingquan Lu "GNSS spoofing countermeasure with a single rotating antenna." IEEE Access 5 (2017): 8039-8047.
[55] Huang, Jie, et al "GNSS spoofing detection: Theoretical analysis and performance of the Ratio Test metric in open sky." Ict Express 2.1 (2016): 37-
[56] Gross, Jason, and Todd E Humphreys "GNSS spoofing, jamming, and multipath interference classification using a maximum-likelihood multi- tap multipath estimator." Proceedings of the 2017 International Technical Meeting of The Institute of Navigation, Monterey, CA, USA 2017.
[57] Broumandan, Ali, Ali Jafarnia-Jahromi, and Gérard Lachapelle "Spoofing detection, classification and cancelation (SDCC) receiver architecture for a moving GNSS receiver." Gps Solutions 19.3 (2015): 475-487.
[58] Geng, Z., Huang, Y., Chen, H., & Wang, F (2018) “GNSS Spoofing
Mitigation Method After Despreading.” China Satellite Navigation Conference (CSNC) 2018 Proceedings, 423–434.doi:10.1007/978-981-13- 0029-5_37.
[59] Li, Bowen, et al "An improved model and simulator design of GNSS ocean reflected signals." 2017 Forum on Cooperative Positioning and Service (CPGPS) IEEE, 2017.
[60] Thuan, Nguyen Dinh, Ta Hai Tung, and Lo Presti Letizia "A software based multi-IF output simulator." Proceedings of the International Symposium of
GNSS (IS-GNSS), Kyoto, Japan 2015.
[61] Falletti, Emanuela, Marco Pini, and L Lo Presti "Are carrier-to-noise algorithms equivalent in all situations." Inside GNSS 2010 (2010): 20-27.
[62] Wesson, K., Rothlisberger, M., and Humphreys, T “Practical cryptographic civil gps signal authentication.” NAVIGATION, Journal of the Institute of
[63] Scott, L “Anti-spoofing and authenticated signal architectures for civil navigation systems.” In Proceedings of the 16th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GPS/GNSS), Portland, OR, Sep 2003, 1543–1552.
[64] J Merrill, “Patriot Watch: Vigilance Safeguarding America,” presented at the Presentation Telcordia-NIST-ATIS Workshop SynchronizationTelecommun Syst (WSTS ’12), Mar 20–22, 2012 [Online] Available:https://www.gps.gov/multimedia/presentations/2012/03/WSTS/merrill.pdf ,[Accessed: 17-Feb-2021].
[65] Fabio.Dovis, “Recent trends in Interference Mitigation and Spoofing
[66] http://www.celljammerstore.com/gps-jammers.html [Last visited Nov 17,
[67] https://gssc.esa.int/navipedia/index.php/CDMA_FDMA_Techniques [Last visited Nov 17, 2020]
[68] E Falletti, B Motella and M T Gamba, "Post-correlation signal analysis to detect spoofing attacks in GNSS receivers", Proc 24th Eur Signal Process.
Conf (EUSIPCO), pp 1048-1052, Aug./Sep 2016.
[69] https://gssc.esa.int/navipedia/index.php/GNSS_signal [Last visited Nov 17,
[70] Broumandan, A., Jafarnia-Jahromi, A., Dehghanian, V., Nielsen, J., and
Lachapelle, G “GNSS spoofing detection in handheld receivers based on signal spatial correlation.” In Proceedings of the IEEE/ION Position Location and Navigation Symposium (PLANS), Apr 2012, 479–487.
[71] Psiaki, M L., O’Hanlon, B W., Powell, S P., Bhatti, J A., Wesson, K D.,
Humphreys, T E., and Schofield, A “GNSS spoofing detection using two- antenna differential carrier phase.” In Proceedings of the 27th International
Technical Meeting of The Satellite Division of the Institute of Navigation (ION GNSS + ), Tampa, FL, Sep 2014, 2776–2800.
[72] “Fundamentals of Global Positioning System Receivers:A Software
Approach” January 2005 DOI:10.1002/0471712582 Edition: 2ndPublisher:
John Willey & Sons, Inc James Bao Yen Tsui.
[73] “A Software-Defined GPS and Galileo Receiver A Single-Frequency
Approach” 2007 Authors: Borre, K., Akos, D.M., Bertelsen, N., Rinder, P.,
[74] https://cddis.nasa.gov/archive/gnss/data/daily [Last visited Nov 17, 2020]
[75] Fina Otosi Faithpraise, Effiong Okokon Obisung, Joseph Offiong “The Design and Use of Dual Modules System for Domestic Animals Monitoring (DMS)”.
International Journal Of Environmental & Science Education E-ISSN: 1306-