On Thu, May 11, 2000 at 11:01:08AM -0700, Phil Karn wrote:
>
> The GPS C/A chipping sequences (known as Gold Codes) are openly
> published, so you can generate them yourself with just a few shift
> registers and some combinatorial logic. There are 32 different
> sequences, each 1023 chips long, one for each satellite in the
> constellation. No need to observe the satellites you're jamming.
>
> You'll also need to impress the 50bps navigation message on the
> chipping sequence, but again this is all openly documented (except for
> the reserved fields that are apparently carrying encrypted data).
>
> In many ways, a GPS spoofer is a much simpler device than a GPS
> receiver.
One point about such a simple spoofer that is relevant to
detecting the integrity of GPS timing is that such a spoofer generates a
fake signal which yields the same exact position indication for every
observer receiving it. This is because the relative timing of the Gold
sequences of the simulated satellites (pseudoranges) determine the
position the spoofed GPS displays, and presumably all of these simulated
satellite signals would be generated once and mixed together and
amplified and radiated out a single antenna in such a spoofer.
This makes it quite possible to detect this kind of simple
spoofing by using two or more GPS antennas located a known distance from
each other and checking to see that the positions computed from the
signal out of each one differ by the known distances. This monitoring
can be made even more effective by comparing the actual psuedoranges to
all the visible satellites from each of the observation sites and
checking to see that they are consistant with the geometry of the
antenna positions and the satellite signal arrival angles.
Obviously such a ground based constellation of GPS antennas
could be spoofed by a very sophisticated spoofing system that generated
a different signal for each antenna but correctly coordinated each of
the signals so they matched when compared between the antennas, but this
greatly raises the complexity of such a spoofer and implies much better
access to the target to be spoofed than single antenna GPS spoofing
does. A single antenna spoofer could operate from a parking lot or a
nearby building, or an overflying aircraft or various other rather easy
platforms whilst a coordinated spoofer capable of fooling an array of
separated GPS antennas would almost certainly have to have separate
individual transmit antennas located very near to each of the members of
the GPS antenna array. Such is possible, but much much more
detectable.
Another tactic to detect local spoofing is to use the USCG
differential corrections for GPS signals (DGPS) transmitted over LF
radio and various other media including geostationary satellite, the
Internet, and FM radio SCA subcarriers. These widely diseminated
public corrections would not match most spoofed signals and the errors could
be readily flagged and alarmed. Granted of course that a really
determined spoofer could also attempt to spoof these signals as seen by
the observer, but of course this raises the bar a bit further.
>
> Phil
>
>
>
--
Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass.
PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
