Jump to content

Technology for Spoofing GPS Receivers; Even Better Than

Vinny & Sue Team
Followers 3

Recommended Posts

Vinny & Sue Team

+Vinny & Sue Team

Posted
Posted

In an earlier thread, I have discussed the existence of very affordable GPS signal blocking devices, that is, small portable short-range transmitters that can be deployed to scramble reception by any GPS receiver within a limited radius, normally limited to anywhere from 80 feet to 600 feet, depending upon model and price of the GPS signal blocking device. And, putting the potential legal issues aside for a moment (for, after all, a number of these devices are freely offered for sale by numerous online and brick-and-mortar shops), I had also discussed in the same thread the fascinating possibility of deploying such a GPS signal blocking device in the vicinity of a cache to render the cache hide truly "evil", because GPS receivers in the vicinity of the blocking transmitter would tend to display grossly inaccurate location readings.

 

Well, this morning I stumbled up on an interesting article in Wired magazine, one which stated that researchers have now come up with ways to build small portable GPS spoofing devices, that is, small portable short-range transmitters that cause nearby GPS receivers to display a pre-set spoofed location, perhaps one that is hundreds or thousands of miles from the actual location. The potential legal issues regarding deployment of such a device aside for a moment, the potential of a device such as this in creating a truly evil and diabolical geocache hide are manifold!

 

Have you wondered why I have not given you the link for the article yet? Well, I will be giving you the link for the article in a moment, but I decided that I did not dare to give it to you without first forewarning you that the article was obviously written by a babbling idiot who does not understand the tiniest thing about RF transmitters and receivers, nor about how the GPS system works, and it also sounds like Wired must have laid off all their technical editors (whose job it would normally have been to catch and repair glaring errors of fact before the article is published) due to the recession, and thus, the article, while rather short, is jam-packed with very irritating inaccuracies, with incorrect use of terminology. The author regularly uses the term "receiver" when he intends to indicate a transmitter, and the article contains so many other gross butcherings of logic, semantics and syntax that I began to seriously wonder about the author's sanity and the integrity of his neurochemistry as I read the article. Anyway, now that I have warned you about the blatant errors in the article, I feel free to share the link to the article with you, and you may find the article, entitled Researchers Demonstrate How to Spoof GPS Devices, at Wired magazine online.

 

Enjoy! And, lets hear your ideas about how you might use such a small portable spoofing device to create a truly diabolical cache!

 

.

Link to comment
Stargazer22

+Stargazer22

Posted
Posted

Very interesting concept. While it might be possible to construct a spoofing device, I'm not sure how well it would work. If one could construct several of them and put them in an area, it might be possible to have someone wandering around for quite a while before they realized something was wrong with the signal in the area.

 

This reminds me of my old college days. I have an electrical engineering background and used to construct all kinds of unusual and weird devices. We were into scanners back in those days and the local police force used a scrambling device based on a balanced modulator/demodulator system that essentially took audio and transformed it into something like a single sideband audio signal. I managed to construct a descrambler unit and made a few of them for my scanner friends. What was really funny about it was that every time they would "go code" and scramble their transmissions, they never discussed anything of importance. It was always something like a request for an officer to bring back a burger to the station, or asking for someone's home phone number, or something similarly mundane. We heard them use the scrambler one night to ask for detailed directions on how to jump off a dead battery. I guess they didn't want the general scanning public to know they had no idea how to give a jump. Also, they were not supposed to be jumping people with their cruisers, so they probably wanted to keep it low profile.

 

I designed another device at one point that we never built because we were a little afraid of the consequences of using it. It was a spoofing device that could be used on the old style police radar that would make the radar gun read whatever speed you wanted it to show as you cruised by. The newer stuff would be a lot harder to spoof these days.

 

Thanks for an interesting thread that took me a little way down memory lane. :P

Link to comment
BBWolf+3Pigs

+BBWolf+3Pigs

Posted
Posted

I don't believe they made a mistake about labelling the device a "reciever". What the article states is that they started by modifying a receiver that is used in research, reprogramming it to act as both receiver and transmitter.

 

I am guessing what is going on is that when the modified unit receives a signal, it "tweaks" the recieved signal and re-transmits it, at a higher power level. By modifying or delaying the psuedo-random code, the user's receiver would therefore calulate the time offset wrong, and therefore distance to the satellite wrong.

 

If you do this with enough signals, and coordinate the offsets, you could potentially make the user's receiver calculate that it is in a totally different location.

Link to comment
BBWolf+3Pigs

+BBWolf+3Pigs

Posted
Posted

Very interesting concept. While it might be possible to construct a spoofing device, I'm not sure how well it would work. If one could construct several of them and put them in an area, it might be possible to have someone wandering around for quite a while before they realized something was wrong with the signal in the area.

 

But think of the military implications. An incoming missile's GPS sees it is in the wrong place (even if only a small amount) and course corrects. Oops..no longer on target and the missiles flies somewhere else.

Link to comment
TheAlabamaRambler

+TheAlabamaRambler

Posted
Posted

I don't believe they made a mistake about labelling the device a "reciever". What the article states is that they started by modifying a receiver that is used in research, reprogramming it to act as both receiver and transmitter.

 

I am guessing what is going on is that when the modified unit receives a signal, it "tweaks" the recieved signal and re-transmits it, at a higher power level. By modifying or delaying the psuedo-random code, the user's receiver would therefore calulate the time offset wrong, and therefore distance to the satellite wrong.

 

If you do this with enough signals, and coordinate the offsets, you could potentially make the user's receiver calculate that it is in a totally different location.

It's over my head, but the author offers more detail at http://www.ion.org/meetings/gnss2008/abstr...mp;session=5#p6

 

Overview

Session C5, Paper #6

 

Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer

T.E. Humphreys, B.M. Ledvina, M.L. Psiaki, P.M. Kintner, Jr., Virginia Tech

Download this paper (registered attendees only)

 

A portable civilian GPS spoofer is implemented on a digital signal processor (DSP) and used to characterize spoofing effects and to develop defenses against civilian spoofing. This work is intended to equip GNSS users and receiver manufacturers with authentication methods that are effective against unsophisticated spoofing attacks. The work also serves to refine the civilian spoofing threat assessment by demonstrating the challenges involved in mounting a spoofing attack.

In 2001, the U.S. Department of Transportation (USDOT) assessed the U.S. transportation infrastructure´s vulnerability to GPS disruption. Their report warned of a pernicious type of intentional interference: GPS spoofing. In a spoofing attack, a GPS receiver is fooled into tracking counterfeit GPS signals. Spoofing is more sinister than intentional jamming because the targeted receiver cannot detect a spoofing attack and so cannot warn users that its navigation solution is untrustworthy. The USDOT report noted the absence of any ``off the shelf´ defense against civilian spoofing and recommended a study to characterize spoofing effects and observables. Seven years later, civilian GPS receivers remain as vulnerable as ever to this threat.

 

The unfortunate reality is that only a change in the civilian GPS signal structure or an augmentation to GPS can completely protect a civilian receiver against a spoofing attack. For example, spreading code authentication, the most effective defense against civilian spoofing, would require a modification of the L2C, L5, or L1C spreading codes on the Block IIF and Block III GPS satellites [1]. Such changes appear extremely unlikely in the short term because, as one experienced observer noted, "signal definition inertia is enormous" [2]. Meanwhile, it is essential to provide civilian users the greatest possible measure of protection against spoofing.

 

Fortunately, user-equipment-based countermeasures can be developed against all but the most sophisticated spoofing attacks. For example, coupling a GPS receiver with a low-drift-rate inertial measurement unit significantly reduces its vulnerability to spoofing. Likewise, employing two or more antennas whose outputs are referenced to the same receiver clock permits differential carrier phase measurements that would be impossible to reproduce with a single radiated spoofing signal. While effective, these defenses are probably too expensive for widespread adoption in the short term. Software-defined defenses such as absolute or relative signal power level monitoring appear more practical, if less effective, over the next few years. Further development of clever countermeasures will require a detailed understanding of possible spoofer implementations.

 

Software-defined GPS receivers are a natural platform for the study of civilian spoofing and its effects. In a software GPS receiver, the real-time correlators, tracking loops, and navigation solver are all implemented in software on a programmable processor. The current authors have pioneered some of the efficient correlation techniques and other implementation strategies that have enabled the development of remarkably capable PC- and DSP-based software receivers [1-3].

 

The reconfigurability and signal processing power of a software GPS receiver allow it to be easily converted for use as a portable receiver/spoofer hybrid. In the most straightforward approach, the device operates as usual on signals from the receiving antenna to determine its position and timing solution. As part of normal receiver operation, the device generates local carrier and code replicas for correlation with incoming GPS signals. In its role as a spoofer, the device modifies these local signal replicas, combines the signals from all active channels, performs a digital-to-analog conversion, and mixes the resulting waveform up to the L1 (and possibly L2) frequency(s) for transmission on a separate spoofing antenna. When placed near a target GPS receiver, the receiver/spoofer uses its known location to align a weak composite spoofing signal to the combination of signals seen at the target receiver´s antenna. It then gradually increases the carrier-to-noise ratio of its transmitted signal to perform "liftoff" of the target receiver´s code tracking loops. At this point, the receiver/spoofer has complete control over the undefended target receiver´s navigation solution. Other spoofing techniques, such as modification of the navigation data message, are also possible.

 

The process of developing a complete portable civilian spoofer allows one to explore the range of practical spoofing techniques. By this exercise, one discovers which aspects of spoofing are hard and which are easy to implement in practice. With this information, receiver developers can prioritize their spoofing defenses by choosing countermeasures that are effective against easily-implementable spoofing techniques.

 

[1] Scott, L., "Location assurance," GPS World, July 2007, pp. 14--18

 

[2] Stansell, T. A., "Location assurance commentary," GPS World, July 2007, p. 19

 

[3] Ledvina, B. M., Cerruti, A. P., Psiaki, M. L., Powell, S. P., and Kintner, Jr., P. M., "Performance Tests of a 12-Channel Real-Time GPS L1 Software Receiver," Proc. 2003 ION GPS Conf., Institute of Navigation, Portland, OR, 2003.

 

[4] Ledvina, B. M., Psiaki, M. L., Powell, S. P., and Kintner, Jr., P. M., "Real-Time Software Receiver Tracking of GPS L2 Civilian Signals using a Hardware Simulator," Proc. 2005 ION GNSS Conf., Institute of Navigation, Long Beach, CA, September 2005.

 

[5] Humphreys, T. E., B. M. Ledvina, M. L. Psiaki, and P. M. Kintner, Jr., "GNSS receiver implementation on a DSP: Status, challenges, and prospects," Proc. 2006 ION GNSS Conf., Institute of Navigation, Fort Worth, TX, 2006.

Link to comment
BBWolf+3Pigs

+BBWolf+3Pigs

Posted
Posted

Fortunately, user-equipment-based countermeasures can be developed against all but the most sophisticated spoofing attacks. For example, coupling a GPS receiver with a low-drift-rate inertial measurement unit significantly reduces its vulnerability to spoofing.

 

There goes the price og GPS receivers! The IMU would measure x/y/z velocities or velocity integrals, and compare them with the values as calculated by the GPS component. Any sort of large variations are flagged and hte user is notified. I see this as being reasonable only in high end units. Low drift rate IMU aren't cheap.

 

The reconfigurability and signal processing power of a software GPS receiver allow it to be easily converted for use as a portable receiver/spoofer hybrid. In the most straightforward approach, the device operates as usual on signals from the receiving antenna to determine its position and timing solution. As part of normal receiver operation, the device generates local carrier and code replicas for correlation with incoming GPS signals. In its role as a spoofer, the device modifies these local signal replicas, combines the signals from all active channels, performs a digital-to-analog conversion, and mixes the resulting waveform up to the L1 (and possibly L2) frequency(s) for transmission on a separate spoofing antenna. When placed near a target GPS receiver, the receiver/spoofer uses its known location to align a weak composite spoofing signal to the combination of signals seen at the target receiver´s antenna. It then gradually increases the carrier-to-noise ratio of its transmitted signal to perform "liftoff" of the target receiver´s code tracking loops. At this point, the receiver/spoofer has complete control over the undefended target receiver´s navigation solution. Other spoofing techniques, such as modification of the navigation data message, are also possible.

 

This is the type of stuff I had in mind (but stated in much more detail!).

Link to comment
Vater_Araignee

+Vater_Araignee

Posted
Posted

I'm ignoring the ins and outs and getting down to the evil.

 

The cache & spoofer are at the correct coords but the cache page would say that "There is a Signal Anomaly in the area, Trust the reciver to find stage one."

The correct coords wile spoofed, lead you to stage one.

Inside stage one is a transmitter with a button and a note that reads... You have 10 minutes to find the next stage once you press the button or you have to come back." pressing the button would send a signal to the spoofer and tell it to send a new off set signal for ten minutes. Repeat the set up for several stages until stage × which deactivates the spoofer for 10 minutes.

Link to comment
trainlove

+trainlove

Posted
Posted

But think of the military implications. An incoming missile's GPS sees it is in the wrong place (even if only a small amount) and course corrects. Oops..no longer on target and the missiles flies somewhere else.

Sorry. But the military uses the P-channel that our receivers do not get. No missiles are going to go anywhere other than where they were intended.

Plus there are anti spoofing error correcting codes that they use.

Link to comment
Dread_Pirate_Bruce

+Dread_Pirate_Bruce

Posted
Posted

If you are really intent on making a cache that is deliberately hard to find with a GPS, how about simply failing to place it where you say it is ... or place it at all? You save the money it would cost for the spoofer and for the cache container!

 

Besides, lots of cachers now punch up a satellite map when their GPSs seem to wiggy to make a find. When the map shows GZ is by a lamp post or a newspaper machine or even the third big rock, it is a lot easier to just go there than wander around with a wiggy GPS.

 

BTW: Is there a way to set up a PQ so that it ignores all the caches hidden by a given cacher?

Link to comment
Vater_Araignee

+Vater_Araignee

Posted
Posted

Great, so now every time I fly I have to worry about some cacher with just enough knowledge to be dangerous setting up a transmitter that's gonna screw with the plane's GPS. :P:D

Only if the pilot is flying at 800' or less...

Any pilot looking at gps that low is simply a ***ktard.

Any autopilot using gps will be in and out of the zone so fast it would barely register as a hiccup and any pilot setting an autopilot that low is a ***ktard.

 

So unless the pilot is a ***ktard you have no worries. :laughing:

Link to comment
TheAlabamaRambler

+TheAlabamaRambler

Posted
Posted (edited)

Great, so now every time I fly I have to worry about some cacher with just enough knowledge to be dangerous setting up a transmitter that's gonna screw with the plane's GPS. :D:D

Only if the pilot is flying at 800' or less...

Any pilot looking at gps that low is simply a ***ktard.

Any autopilot using gps will be in and out of the zone so fast it would barely register as a hiccup and any pilot setting an autopilot that low is a ***ktard.

 

So unless the pilot is a ***ktard you have no worries. :D

Not sure what a "***ktard" is but it don't sound good.

 

My comment was a joke, but since you've tried to make out like it was serious, where do you get your 800' limit? Guys in my ham radio club talk all over the nation on 9-volt half-watt QRP transmitters built in Altoids cans. :P

Edited by TheAlabamaRambler
Link to comment
Vinny & Sue Team

+Vinny & Sue Team

Posted
  • Author
Posted

Great, so now every time I fly I have to worry about some cacher with just enough knowledge to be dangerous setting up a transmitter that's gonna screw with the plane's GPS. :D:D

Only if the pilot is flying at 800' or less...

Any pilot looking at gps that low is simply a ***ktard.

Any autopilot using gps will be in and out of the zone so fast it would barely register as a hiccup and any pilot setting an autopilot that low is a ***ktard.

 

So unless the pilot is a ***ktard you have no worries. :D

Not sure what a "***ktard" is but it don't sound good.

 

My comment was a joke, but since you've tried to make out like it was serious, where do you get your 800' limit? Guys in my ham radio club talk all over the nation on 9-volt half-watt QRP transmitters built in Altoids cans. :P

TAR, the portable GPSr spoofing devices seem to have very limited range, even a far shorter range than the small portable GPSr jamming/blocking devices that are so readily available on the market. So, in light of this fact, we could likely not expect a small portable GPSr spoofer to have an effective spoofing range of much more than 100 to 200 feet at best.

 

.

Link to comment
Vater_Araignee

+Vater_Araignee

Posted
Posted

Great, so now every time I fly I have to worry about some cacher with just enough knowledge to be dangerous setting up a transmitter that's gonna screw with the plane's GPS. :D:D

Only if the pilot is flying at 800' or less...

Any pilot looking at gps that low is simply a ***ktard.

Any autopilot using gps will be in and out of the zone so fast it would barely register as a hiccup and any pilot setting an autopilot that low is a ***ktard.

 

So unless the pilot is a ***ktard you have no worries. :D

Not sure what a "***ktard" is but it don't sound good.

 

My comment was a joke, but since you've tried to make out like it was serious, where do you get your 800' limit? Guys in my ham radio club talk all over the nation on 9-volt half-watt QRP transmitters built in Altoids cans. :P

I knew it was a joke, it gave me the perfect opertunity to throw out that word around.

Think "Hey ya'll watch this!" but add "Sweet, I'ma try it too!!"

Just from random spinets of information I have read about having to overcome the many signals, nobody is saying that these things are capable of more than 600'. I have a very weak grasp on basic electronics and I can amplify a Fm car MP3 adapter by about 30% without soldering so I made the assumption that a jo blo shmo could do the same with any short range transmitter. Maybe not a correct assumption but hey 600' would make a pilot seem that much stupider.

 

As for the amateur radio operators, what modulation scheme are they using in the can? I wont even pretend to know anything beyond it being an analog scheme and some schemes wont even make it out of their neighborhood (maybe even block) on a 9v.

Link to comment
Muniman

+Muniman

Posted
Posted

I can think of several more creative, less expensive to make a cache difficult to find. Although I did like the idea of the 10 minute timer. Who is going to put batteries in that thing for the next few years?

 

1) As to the Evil-ness of it, I would put it in the same category as inaccurate coords. Think about puting the cache in a place where GPS reception is already difficult. Here is an example. I placed a cache in a heavy wooded area and let my GPS average 1500 points. The coords were still 30 yards off. Maybe my unit was off (although I have placed since then with very accurate coords).

 

2) Invest your time in Great Camo. I feel that the best "evil" caches are the ones that you can look right at, even touch, and not know it.

 

3) Use "Natural" GPS jammers. Overhead power High Voltage Lines

 

I think to debate the ethics of blocking the signal people need to find your hide is foolish. It would move the cache to my Ignore list with Juniper hides ;) . You may as well post your Cache as a Mystry/Puzzle and make them find it with a compass and map.

 

-My 2 cents...OK maybe 4 cents

 

Muniman

Link to comment
Vater_Araignee

+Vater_Araignee

Posted
Posted

I can think of several more creative, less expensive to make a cache difficult to find. Although I did like the idea of the 10 minute timer. Who is going to put batteries in that thing for the next few years?

 

1) As to the Evil-ness of it, I would put it in the same category as inaccurate coords. Think about puting the cache in a place where GPS reception is already difficult. Here is an example. I placed a cache in a heavy wooded area and let my GPS average 1500 points. The coords were still 30 yards off. Maybe my unit was off (although I have placed since then with very accurate coords).

 

2) Invest your time in Great Camo. I feel that the best "evil" caches are the ones that you can look right at, even touch, and not know it.

 

3) Use "Natural" GPS jammers. Overhead power High Voltage Lines

 

I think to debate the ethics of blocking the signal people need to find your hide is foolish. It would move the cache to my Ignore list with Juniper hides ;) . You may as well post your Cache as a Mystry/Puzzle and make them find it with a compass and map.

 

-My 2 cents...OK maybe 4 cents

 

Muniman

Considering the cost invested in building a spoofer and protecting it from the elements, it would be cheap to spend another $130.00 on solar panel and charge regulator/inverter combo.

And like TheAlabamaRambler said about ham transmitters going across the country on 9v power supply, you could certainly get a quick burst to travel a few hundred feet on 1.5v so those would be powered with modified solar yard light. I bought 6 at family dollar for $19.95 and the batteries lasted in them for 18 months give or take a couple weeks I'm sure high quality batteries would last longer.

 

BTW it wouldn't be a mystery if the final is at the true coords.

What would make it hilarious is when several cachers are hunting at the same time constantly changing the broadcast on each other.

 

I would like to think I understood the set up after finding the first leg and would try to get out of range and break out the lensatic compass.

Link to comment
Rich the Bushwhacker

+Rich the Bushwhacker

Posted
Posted

If anyone decides to build one of these, keep in mind GPS is becoming more and more vital to navigation, health and safety applications and commercial uses. It's not just for geeks and surveyors any more.

 

The FAA would not be amused if someone put one near an airport. GPS with WAAS has become an integral part of navigation for aircraft. Google FAA and GPS if you want to see the details of their Nextgen naviagation program.

Link to comment
Lil Devil

+Lil Devil

Posted
Posted

OK, I just got home from a trip, and finally took the time to digest this discussion. At first I called B.S. but then I wrote out the following scenario and realized that they are really on to something, but the article is so badly presented that the writer should just be shot on the spot.

 

Almost instantly, the reprogrammed [transmitter] sent out a false signal that the GPS-based navigation device took for the real thing.

The problem here is that it makes it sound like one transmitter is solely responsible for telling a receiver where it is. The reality is that GPS devices do not get their position from any one transmitter (satellite). It takes four or more satellites and even then the satellites don't tell the receiver where it is. Rather, the satellites say where they are, and send out a timing signal. The receiver then computes it's own location based on those timing signals.

 

(Satellite 1) "I'm over Maine, and here's my timer.. beep beep." Receiver computes that it takes 69.456789 milliseconds to receive this signal.

(Satellite 2) "I'm over Texas, and here's my timer.. beep beep." Receiver computes that it takes 68.123456 milliseconds to receive this signal.

(Satellite 3) "I'm over California, and here's my timer.. beep beep." Receiver computes that it takes 67.45678 milliseconds to receive this signal.

Now based on these signals it becomes obvious that the receiver is closer to California than it is to Texas or Maine, and might compute that it is in Nevada.

But then comes...

(Satellite 4) "I'm over France, and here's my timer.. beep beep." Receiver computes that it takes 67.3799472 milliseconds to receive this signal.

 

Now a decent receiver at this point should say "Wait a minute that signal just isn't possible given the other signals I've received. There must be an error in Satellite 4 so I'll ignore it."

 

Sadly I bet most consumer grade receivers will probably try to use the bad data and come to the conclusion that they are somewhere in the Atlantic Ocean, at a depth (!) of 20,000 miles.

 

Also consider that most of the time your GPS receiver is computing it's position based on 8, 10, 12, or more satellites. The way I see it, one fake one would only be able to throw the result by a few hundred miles or so. But for most nefarious purposes, it would only need to throw the result by a mile or two.

 

It seems to me a simple solution is to just add error checking into the receiver and throw away any satellite data that does not jive with the other satellites. The final computed position should be somewhere between the Earth's surface and 100 miles or so up. It shouldn't be more than x distance from the last computed position (typically one second ago). And it should be moving in roughly the same direction as the last computed movement.

Link to comment
BBWolf+3Pigs

+BBWolf+3Pigs

Posted
Posted

 

Almost instantly, the reprogrammed [transmitter] sent out a false signal that the GPS-based navigation device took for the real thing.

The problem here is that it makes it sound like one transmitter is solely responsible for telling a receiver where it is. The reality is that GPS devices do not get their position from any one transmitter (satellite). It takes four or more satellites and even then the satellites don't tell the receiver where it is.

 

But you only need one transmitter for spoofing, since the C/A and P codes are transmitted on single frequencies. As the article quoted above states

 

In its role as a spoofer, the device modifies these local signal replicas, combines the signals from all active channels, performs a digital-to-analog conversion, and mixes the resulting waveform up to the L1 (and possibly L2) frequency(s) for transmission on a separate spoofing antenna.

 

The single transmitter actually sends out a single transmission with "outputs" from multiple satellites.

Link to comment
Vinny & Sue Team

+Vinny & Sue Team

Posted
  • Author
Posted (edited)

 

Almost instantly, the reprogrammed [transmitter] sent out a false signal that the GPS-based navigation device took for the real thing.

The problem here is that it makes it sound like one transmitter is solely responsible for telling a receiver where it is. The reality is that GPS devices do not get their position from any one transmitter (satellite). It takes four or more satellites and even then the satellites don't tell the receiver where it is.

 

But you only need one transmitter for spoofing, since the C/A and P codes are transmitted on single frequencies. As the article quoted above states

 

In its role as a spoofer, the device modifies these local signal replicas, combines the signals from all active channels, performs a digital-to-analog conversion, and mixes the resulting waveform up to the L1 (and possibly L2) frequency(s) for transmission on a separate spoofing antenna.

 

The single transmitter actually sends out a single transmission with "outputs" from multiple satellites.

I do agree that the author of the article made so many annoying technical errors in writing the article that it is shameful.

 

As for the recent discussions, well please bear in mind that some folks are likely assuming that a single transmitter can transmit on only a single frequency. This is not at all true, and many transmitters can transmit on a number of different (but usually fairly close) frequencies in short order (as in spread-spectrum communications) or even on multiple frequencies (again, these frequencies are usually fairly close to each other).

 

It is my impression that for a GPS spoofing device to work effectively, it would likely need to transmit on at least three or four frequencies simultaneously.

 

And, to answer some of the questions/issues raised earlier about range, in general, the effective range of a portable GPS spoofing device will be far shorter than that of a portable GPS jamming/blocking device drawing the same amount of battery power. That is because a simple jammer/blocker can get away with transmitting at far lower power levels, since all that is required to accomplish jamming is to transmit Gaussian or modified-Gaussian signals on some GPS satellite channels, to cause interference to the signals received from the satellite. A portable GPS spoofer on the other hand, will need to draw far more power to have the same effective range as a portable GPS jammer (aka GPS blocker), since it must transmit on multiple channels and the power level on each of those channels must be quite strong, strong enough to eclipse the true satellite signal which is reaching the antenna, and convince the receive that it is the correct signal.

 

It is also true that cheap consumer GPSrs are somewhat more susceptible to effects of spoofing transmitters than are higher-end GPS receivers, and for several reasons. And, it is also possible to engineer a consumer GPS receiver -- that is, using only the GPS satellite signals available for civilian use -- that would be extremely resistant to spoofing. The method most commonly employed uses a type of synchronous coherent reception sometimes known as "self-synchronous" coherent receiving [see footnote #1]; and it requires that the receiver have onboard an incredibly stable time standard/oscillator and chips to accomplish sophisticated phase-locked tracking for synchronous coherent reception. All this technology is eminently doable in a consumer GPSr, but it is costly, and such a GPSr would likely cost at least 8 to 10 times more than an equivalent "spoofable" consumer GPSr.

 

Footnote #1: There is a convenient analogy available: for those of you who are hams or Lowfers (low frequency radio experimenters), you need only to think of the coherent synchronous carrier CW methods that we use sometimes for extremely weak-signal CW communications, where the carrier signal may sit 10 or 20 dB below the ambient RF noise floor. The synchronous coherent tracking PLL technology that we use for such work is rather similar to, but more elementary than, the coherent synchronous anti-spoofing algorithm/process that I mentioned above. Similar synchronous coherent tracking methods are often used by NASA for receiving signals from distant satellites, where the signal may be 25 dB below the ambient noise floor by the time it reaches the antennas of NASA's contractors here on earth.

 

.

Edited by Vinny & Sue Team
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Followers 3
Go to topic listing
×
×
  • Create New...