GNSS Jamming: A Short Survival Guide Daniele Borio 15-16 November 2016 International Technical Symposium on Navigation and Timing (ITSN 2016) The European Commission s science and knowledge service 1 Joint Research Centre
2
Jamming the act of intentionally directing electromagnetic energy towards a communication (and navigation) system to disrupt or prevent signal transmission/reception Jamming is all about getting sufficient energy into the victim receiver at the right time and in the right place Adrian Graham. Communications, Radar and Electronic Warfare. John Wiley & Sons, January 2011. GNSS: from electronic warfare to privacy protection 3
Jamming Encounters Growing number of jamming events reported all around the world Newark Airport case: RFI events since 2009, impact on GBAS system In 2012, use of direction finding techniques to identify the jamming source: a red Ford F-150 pickup. Truck driver fired and fined ($31875) Jammers: used by burglars and for criminal activities State-based jamming 4
On the Road Car test - approximately 30 min (~65 Km) Highway test: open sky conditions no obstructions or tunnels PDOP < 2.5 Android phone used to collect data and to perform jamming detection Possible jamming events detected comparing a decision statistic with a decision threshold 5
On the Road: Detection Metrics 6
Highway section a) 7
Highway sections b) & c) 8
Jamming Signals (know you enemy) i( t) Aexp j2 f ( t) t j j Almost constant amplitude Almost periodic frequency pattern Large sweep ranges in the frequency domain Signals with a single frequency component Signals on several frequency bands (not only GNSS) 9
Sweep Parameters Significant variability among sweep parameters Noticeable differences also among jammers of the same model: effect of cheap local oscillators Sweep periods: from about 5 to 40 µs in the L1 band 9 µs: most typical value Large sweep ranges: greater than 10 MHz Signals in non-gnss bands: much slower sweep periods (6 times larger for J03) Statistics obtained combining experimental results (JRC) with the findings from (Mitch et al. 2011) 10
Power Levels Significant variability among power parameters, also among jammers of the same model Cigarette lighter jammers: lower power levels than multifrequency battery jammers Signals in non-gnss bands: much more powerful (up to 4W) Statistics obtained combining experimental results (JRC) with the findings from (Mitch et al. 2011) 11
Defenses Internal Modulation defenses Antenna defenses Front-end level defenses Signal Processing defenses Obs & Nav Level defenses Receiver Level Techniques: Detection and Mitigation External Detection and Location Systems Dedicated Infrastructures: threat Detection and Location Back-up Systems Dedicated Infrastructures: e.g. eloran 12
Receiver Level Defenses Detection: process of revealing the presence of jamming it is a hypothesis testing problem (GNSS signal acquisition: determine the GNSS signal presence) Mitigation: process of reducing the jamming impact ideally: remove jamming signals which need to be reconstructed it is an estimation problem (analogy with GNSS signal tracking) Detection and mitigation are often implemented together Natural GNSS Signal Immunity: GNSS signals use DSSS modulations: de-spreading as natural defense against interference. Use interference mitigation techniques only when strictly necessary 13
Detection and Mitigation: Where Antenna defenses* Signal Processing Units *The availability of several antennas allows advanced interference detection and mitigation techniques Frontend Correlator Correlator Correlator Measurement Unit Measurement Measurement Unit Unit Navigation Solution Front-end based techniques Pre-correlation techniques Post-correlation techniques Measurement level techniques 14
The Multi-frequency Opportunity Multi-frequency mitigation strategies F 1 Frontend Correlator Correlator Correlator Measurement Unit Measurement Measurement Unit Unit F 2 Frontend Correlator Correlator Correlator Measurement Unit Measurement Measurement Unit Unit Navigation Solution F N Frontend Correlator Correlator Correlator Measurement Unit Measurement Unit Measurement Unit 15
Jamming Detection (I/II) An hypothesis testing problem (as the acquisition process) Performed at almost all the receiver stages (front-end, pre- and post-correlation, measurements, ) Choose between the two hypotheses: H : r[ n] y[ n] [ n] [ n] 0 H1 r n n : [ ] y[ n] i[ n] [ ] i[ n] [ n] The GNSS signal is usually neglected The decision is not immediate and N samples can be used for the detection A verification stage can also be present General solution: rn [ ] Signal Transform Decision variable T h decision threshold 16
Jamming Detection (II/II) Front-end Hardware indicators: AGC count Noise floor indicator [6, 13, 33, 34, 35, 38, 39] Correlation Channel Correlation Signal Processing Units (Acquisition /Tracking) Digital samples: Statistical analysis Transformed domain techniques [14, 22, 34, 41, 46] Channel Correlation Channel References in: Borio et al. Impact and Detection of GNSS Jammers on Consumer Grade Satellite Navigation Receivers, IEEE Proceedings, June 2016 Post-Correlation outputs: Correlators C/N 0 Measurements [25, 34, 35, 50, 54] 17
Transform Domain Techniques The jamming signal is projected into a domain where it has a sparse representation Chirp transform in [ ] ik [ ] More revealing representation of the signal samples In the transformed domain, the energy of the signal is concentrated over few samples (to be used for detection) Popular transforms: DFT (FFT), STFT, Time- Frequency, Wavelet 18
C/N 0 Monitoring The estimated C/N 0 can reveal the presence of interfering signals Remark: the estimation technique used to determine the C/N 0 can hide the presence of interference jamming effect on C/N 0 A possible approach is to verify if C/N 0 measurements are affected by correlated changes 19
Jamming Mitigation: the IC Principle First goal of a GNSS receiver: estimate the GNSS signal parameters If the jamming signal were known, then the ML estimates of the useful GNSS signal parameters would be: N 1 1 fd r n i n c nts j fif fd nts j, fd, N n0 interference cancellation local code local carrier ˆ, ˆ, ˆ arg max [ ] [ ] exp 2 i[n] unknown: it needs to be estimated Interference is removed before applying standard correlation based processing Most interference mitigation techniques: form of interference cancellation Different ways of estimating the jamming signal 20
Mitigation as an Estimation Problem r[ n] - To standard processing Interference detection Interference estimation Interference reconstruction Jamming mitigation: estimation and reconstruction of the jamming signal E.g./ ML estimates: i[ n] Aexp j2 fints j 1 2 N 1 i arg max in [ ] exp 2 Ts arg max I( f ) I fi f N f n0 fˆ 2 j fn ˆ ˆ Frequency almost constant on a short period of time ML estimation: useful when a parametric model is available. 21
Interference Model Dependence The performance : dependence on the model adopted for designing the interference estimation block: parametric techniques: the functional form of i[n] is fully specified (low number of parameters) non-parametric techniques: generally based on the projection of the signal on a transformed domain (different basis) Model dependence: Not specified Partially specified Fully specified Performance (under design condition) Robustness Flexibility Negative Computational load Model specification Positive 22
Notch Filtering Adaptive filter with transfer function of which (in principle) strongly attenuates only a single frequency All the other signal components: unchanged Ideally Hnf f 0 1 for f f otherwise i Adaptation block which tracks the jamming instantaneous frequency Hnf f f i f 23
IIR Notch Filters H nf Notch filter zero 0 1 z 1 z0z 1 z z k 0 1 1 k Pole contraction factor Before notch filtering Frequency estimated by the NF fi z0 Aexp j2 fs z 0: adaptively adjusted After notch filtering minimization of the energy of the signal at the output of the filter 24
Code Break Benefits of notch filtering on the acquisition of GPS signals corrupted by jamming Anechoic chamber test 25
The Future of (anti-)jamming Jamming: Brute force: more power, more frequencies + mainly for specialized applications (e.g. car burglaries) + not only GNSS Smart jamming: more efficient forms of jamming exploiting the knowledge of the GNSS signal + well known in wireless networks (deceptive and reactive jamming) + hit where it hurts most (preamble, time mark, CRC, parity, Attacks and defenses is just a question of rising the bar 26