GNSS/GPS Jamming & Spoofing Tests in Real Conditions: A Guide

cart Shopcart:$0.00


GNSS/GPS Jamming & Spoofing Tests in Real Conditions: A Guide


2024-10-08 By: W, Lynn
GNSS/GPS Jamming & Spoofing Tests in Real Conditions: A Guide

Boost receiver resilience against RF interference with our advanced signal jammer, taking technology to the next level.

What are GNSS/GPS jamming and spoofing, and how do they work?

In the realm of digital technology, advancements often bring new threats. GNSS/GPS signals, in particular, face vulnerabilities to interference. Such disruptions can manifest in two primary forms: jamming and spoofing. Jamming occurs when external sources interrupt frequencies, causing receivers to lose crucial position information. Spoofing, a more deceptive threat, involves the transmission of counterfeit GNSS/GPS signals. These false signals mislead receivers, presenting users with inaccurate locations or time data. Both jamming and spoofing pose significant risks to the reliability and security of GNSS/GPS systems, underscoring the need for robust countermeasures.

How effective are GNSS/GPS jammers in field tests?

In recent years, jamming and spoofing attacks on GNSS/GPS signals have become increasingly common, heightening the need for robust anti-jamming and anti-spoofing solutions. While experts have conducted assessments of these functionalities in controlled lab environments for over a decade, these tests cannot fully capture the receiver’s behavior during real-world attacks. Therefore, field test verifications are crucial to complement laboratory findings. By conducting outdoor tests, we can identify the characteristics of typical jamming and spoofing signals in a real user environment, verify the receiver’s capabilities to withstand these attacks, and gain insights into how receivers behave dynamically in the presence of jamming and spoofing. This holistic approach ensures comprehensive evaluation and effective mitigation strategies against GNSS/GPS threats.

Engineers face a unique challenge when transitioning from the lab to the roads due to strict protections on GNSS frequency bands. Broadcasting RF signals within these bands is typically prohibited, requiring special permission from authorities. This challenge has led to innovative solutions, such as the recent Jammer test 2022 organized by Norwegian authorities, marking the second such field test. This event provides a valuable opportunity for GNSS manufacturers and technology suppliers from across Europe to test their products in a real-world environment, identifying gaps and enhancing the receiver’s resilience. Thanks to these efforts, the industry can continue to evolve, addressing the complexities of GNSS frequency band protections while ensuring the reliability and performance of their technologies.

Quick test tips?

Embarking on a unique enterprise, a group of experts, in collaboration with Norwegian authorities, ventured to the Northern shore of Norway to conduct Jammertest 2022. This initiative aimed to assess the resilience of GNSS/GPS systems against jamming and spoofing under regular atmospheric conditions. For a week, over one hundred participants convened to put their equipment through rigorous tests amidst intense jamming and spoofing scenarios.

The evaluations spanned across diverse roadways and weather patterns, simulating real-world challenges. Notably, three primary testing zones were established: a high-jammer zone and two low-effect jammer zones, each designed to disrupt specific frequency bands. This comprehensive approach ensured a thorough examination of the systems’ performance in various environments.

While most GNSS/GPS signal jammers were sourced from the Norwegian communications authority and police, some were procured online, albeit not intended for widespread use. This diverse range of equipment further enriched the testing process, providing a broader perspective on the systems’ vulnerabilities and capabilities.

During this experimentation week, experts conducted a comprehensive series of tests focusing on two primary categories: jamming scenarios and spoofing scenarios. Jamming tests encompassed two distinct groups – a high-effect jammer utilizing CW and PRN (BPSK-modulated) jamming signals, alongside low-effect jammers, specifically the broadband sweep-type. When it comes to spoofing tests, the experts delved into two types: basic and advanced attacks. Basic attacks involved spoofing L1 C/A satellite signals by evaluating a given position and time, while advanced attacks entailed synchronized open-air GPS L1 spoofing signals under varying time frames, including time step, frequency step, or false leap second conditions. The table below outlines the diverse types of tests and their specifications. During the tests, experts utilized a GNSS signal jammer, conducting low and high-effect jamming both inside and outside the car (Single-band, Dual-band, and Multi-band). All general statistic tests were also performed to ensure comprehensive data collection and analysis.

Experience comprehensive signal jamming tests with our high-performance equipment. We conduct rigorous step-up evaluations, testing various signal types and frequency bands including L1, G1, L2, and L5. Our process involves precise power ramping from 2nW to 20 W EIRP, offering a remarkable 100 dB dynamics range. Each ramp is meticulously adjusted in 2dB increments, first ascending and then descending. Equipped with a directional antenna (right-hand circular polarization), we ensure comprehensive coverage. The tests progress through multiple phases: Ramp 1 focuses on L1 with CW signals, Ramp 2 explores L1 with PRN, Ramp 3 expands to include L1, G1, L2, L5 with CW, and Ramp 4 incorporates L1, G1, L2, L5 with PRN. These step-up tests are complemented by extended duration jamming sessions, utilizing a high-effect GNSS signal jammer at 20 W. We also venture into bands and combinations not addressed initially, such as B1l, G2, and E5b. To ensure real-world applicability, we conduct driving tests on roads equipped with both static high and low-effect jammers. This includes driving under continuous high-effect jamming at 5W or lower, and scenarios with a jammer placed inside or nearby the vehicle. We even simulate a convoy setup with a jammer positioned in the intermediate vehicle. Lastly, we establish a “Jammer playground” for comprehensive field testing and evaluation. Discover the full potential of our signal jamming solutions through our comprehensive and systematic testing approach.

Explore the effects of dynamic signal jamming in real-world driving scenarios. Our comprehensive tests include jammers placed inside moving vehicles, simulating encounters with other jammed cars, and stationary vehicles equipped with jammers as others pass by. Discover the impact on GPS reception in various driving situations. Dive deeper into our “Jammer playground” for an even broader range of experiments. But that’s not all – we also investigate spoofing attacks, combined with jamming, to assess their combined threat. From basic L1 C/A spoofing, manipulating position and time data, to more complex attacks targeting GPS L1 CA and Galileo E1 signals, we cover the full spectrum. Witness synchronized multi-constellation spoofing and understand its implications on navigation systems. Our research is your guide to the complex world of signal jamming and spoofing.

Discover innovative testing and demonstration ideas with spoofed signal timing information. Explore new test concepts derived from previous expert sessions. Our comprehensive evaluations include CW and PRN (BPSK) trials, conducted twice for reliability. Witness a loose test session in Grunnvatn, initially without jammers, to assess baseline performance. Extend the driving scope to the vicinity of Bleikii for a broader evaluation. Confirm the system’s versatility by driving everywhere, simulating real-world conditions. These rigorous assessments ensure the effectiveness and reliability of our signal jamming solutions.

Results Found?

Overcoming obstacles like synchronizing signals during recording activities, driving around under these conditions led to a deeper understanding of the receiver’s behavior during jamming and spoofing. Key observations from this week’s experimentation encompass the following: Firstly, the receiver demonstrates robustness due to signal processing and mitigation techniques, thereby enhancing the availability of position and time. Secondly, the most significant contribution to the availability of position and time comes from the processing of multiple frequency bands and sensor data. Specifically, when a single-frequency receiver with sensor data (DR) loses GNSS fix/signals, it can still provide position and time through the DR. Similarly, when a multi-frequency receiver loses signals from a jammed band, it can continue to provide GNSS fix/signals based on a second frequency. The following graph illustrates a long-term jamming scenario under a high-effect GNSS signal jammer (20W) on the L1 band.

During the test campaign, vehicles followed trajectories through Bleik’s village in open space to gather data. In this case, they initially moved towards the jammer and then away from it. The graph illustrates the number of signals per frequency band used to estimate position, velocity, and time resolution. A notable reduction in signal count corresponds to the received jamming power, primarily influenced by the distance to the jammer. Near the jamming source, no signal from the L1 band is detectable. The L2 band reception experiences substantial interference, specifically at 20W transmission power. Remarkably, even in this scenario, the receiver can detect at least four signals, ensuring accurate position, velocity, and time solutions. It’s worth noting that in most situations, interference doesn’t significantly compromise the accuracy of position and time, even during high-impact jamming, let alone fundamental jamming.

The ZED-F9P receiver maintains impressive accuracy, even during signal jamming. When L1 GNSS/GPS signals are lost due to jamming, the receiver seamlessly transitions to L2 signals for navigation. This ensures reliable performance, with an acceptable accuracy of around 6m (comparable to street width) during jamming sessions. Its robust design makes it a dependable choice for consistent, accurate navigation in challenging environments.

Are you sure you want to leave?

The recent exercise, with its precise specifications and timeframes, enabled participants to assess receiver behavior during jamming and spoofing under realistic conditions. This provided technology developers with valuable insights. For u-blox, it was an ideal opportunity to evaluate the resilience of current GNSS receivers in a real-world environment. Furthermore, we gained crucial insights for enhancing the security of future devices, an aspect the company deeply cares about. Of course, this would not have been possible without the support of the Norwegian Public Roads Administration, the Norwegian Communications Authority, and the Norwegian Defense Research Establishment; their efforts are fundamental and greatly appreciated.