CSS
 
Date : 19-10-21 07:53
   Full Text Download:  isgnss2019-002.pdf (1.1M)
A New Massive Multi-correlator Metric Tested Against GNSS Signal Generator Attacks with a Slow Power Increase and Spoofer Movement
Ronny Blum, Dominik Dotterbock, Kahee Han, Thomas Pany



In this work, we investigated the behavior of anti-spoofing tracking parameters for a signal generator attack with artificial signals with a slow power rise and a spoofer movement away from the target, sent out over the air. In an earlier work Blum et al. (2019) we investigated the code minus carrier (CMC), the speed or code rate of the replica (CRR) and the power of the signal for meaconing attacks. Beside the old parameters we now also investigated the behavior of the carrier-to-noise-ratio C/N0, the code and the Doppler as well as a new self-designed parameter, which is a so called correlation function fluctuation metric (CFFM). It is a new multi-correlator analysis method for detecting spoofing attacks in a GNSS signal, which is real-time capable. It was tested successfully with the SX3 software receiver from IFEN Gmbh (https://www.ifen.com/products/sx3-gnss-software-receiver/). The metric is defined as the mean of the normalized standard deviation of 41 normalized multi-correlator values from one satellite over a time period of 15 s each, minus the according theoretical simulation (without spoofing) for the averaged C/N0 in this time period. If a sudden big difference between measured and simulated metric occurs, the probability of a spoofing attack rises. The metric works automatically for changing C/N0 values but generally cannot distinguish between spoofing and multipath. But since the metric is much more influenced by spoofing attacks than for multipath this is not considered to be a problem. Under specific circumstances, a slow spoofer power rising can lead to a small not detectable increase of the power, the CMC, the pseudorange and the C/N0. The CFFM though could still always detect the attack, assumed a spoofer with a slow speed was considered, whereas all the other parameters only showed a more or less higher standard deviation after the spoofer began to move, which though was often not significant enough for a simple threshold alarm. The CFFM parameter can therefore be recommended agaainst sophisticated attacks with a slow power increase, provided the spoofer increases slowly the distance to the target.

Keywords: anti spoofing, signal generator attack, correlation function, slow power rise, multi-correlator, GNSS