GNSS jammers are an ongoing

Similar documents
Every GNSS receiver processes

GPS receivers built for various

It is well known that GNSS signals

Vector tracking loops are a type

UTILIZATION OF AN IEEE 1588 TIMING REFERENCE SOURCE IN THE inet RF TRANSCEIVER

Assessing & Mitigation of risks on railways operational scenarios

Implementation and Performance Evaluation of a Fast Relocation Method in a GPS/SINS/CSAC Integrated Navigation System Hardware Prototype

An Experiment Study for Time Synchronization Utilizing USRP and GNU Radio

GNSS RFI/Spoofing: Detection, Localization, & Mitigation

How Effective Are Signal. Quality Monitoring Techniques

Security of Global Navigation Satellite Systems (GNSS) GPS Fundamentals GPS Signal Spoofing Attack Spoofing Detection Techniques

The Case for Recording IF Data for GNSS Signal Forensic Analysis Using a SDR

Ron Turner Technical Lead for Surface Systems. Syracuse, NY. Sensis Air Traffic Systems - 1

Satellite Interference Geolocation Considerations May 2016

Indoor Positioning by the Fusion of Wireless Metrics and Sensors

Real-Time Spectrum Monitoring System Provides Superior Detection And Location Of Suspicious RF Traffic

Localization in Wireless Sensor Networks

Inertially Aided RTK Performance Evaluation

UHF Phased Array Ground Stations for Cubesat Applications

LOW POWER GLOBAL NAVIGATION SATELLITE SYSTEM (GNSS) SIGNAL DETECTION AND PROCESSING

Experimental Characterization of a Large Aperture Array Localization Technique using an SDR Testbench

UNDERSTANDING AND MITIGATING

Modelling GPS Observables for Time Transfer

The Application of Clock Synchronization in the TDOA Location System Ziyu WANG a, Chen JIAN b, Benchao WANG c, Wenli YANG d

B SCITEQ. Transceiver and System Design for Digital Communications. Scott R. Bullock, P.E. Third Edition. SciTech Publishing, Inc.

Design of Simulcast Paging Systems using the Infostream Cypher. Document Number Revsion B 2005 Infostream Pty Ltd. All rights reserved

Differential and Rubidium-Disciplined Test Results from an Iridium-Based Secure Timing Solution

New precise timing solutions and their application in JUNO project Jauni precīzā laika risinājumi un to izmantošana JUNO projektā

UNIT 1 - introduction to GPS

3D-Map Aided Multipath Mitigation for Urban GNSS Positioning

GNSS Technologies. GNSS Acquisition Dr. Zahidul Bhuiyan Finnish Geospatial Research Institute, National Land Survey

Wireless Communication in Embedded System. Prof. Prabhat Ranjan

GPS-free Geolocation using LoRa in Low-Power WANs. Bernat Carbonés Fargas, Martin Nordal Petersen 08/06/2017

Currently installed Local

GNSS Interference Detection and Localization using a Network of Low Cost Front-End Modules

RECOMMENDATION ITU-R SA Protection criteria for deep-space research

t =1 Transmitter #2 Figure 1-1 One Way Ranging Schematic

Assessment of GNSS Ionospheric Scintillation and TEC Monitoring Using the Multi-constellation GPStation-6 Receiver

Wireless LAN Applications LAN Extension Cross building interconnection Nomadic access Ad hoc networks Single Cell Wireless LAN

Channel Modeling ETIN10. Wireless Positioning

The Galileo signal in space (SiS)

High Performance Imaging Using Large Camera Arrays

Distributed receive beamforming: a scalable architecture and its proof of concept

Experiences in. Flight Inspecting GBAS

Automotive Radar Sensors and Congested Radio Spectrum: An Urban Electronic Battlefield?

TEST RESULTS OF A DIGITAL BEAMFORMING GPS RECEIVER FOR MOBILE APPLICATIONS

It is well recognized that the spacequalified. GNSS Solutions: Atomic clocks on satellites and mitigating multipath

It is common knowledge in the

SPREAD SPECTRUM CHANNEL MEASUREMENT INSTRUMENT

Simulating and Testing of Signal Processing Methods for Frequency Stepped Chirp Radar

Digital Audio Broadcasting Eureka-147. Minimum Requirements for Terrestrial DAB Transmitters

Wideband Spectral Measurement Using Time-Gated Acquisition Implemented on a User-Programmable FPGA

Appendix D Brief GPS Overview

An alternative way of WAM system time synchronization. Presented by Vojtěch Stejskal ATM Madrid 2015

Instruction manual for T3DS software. Tool for THz Time-Domain Spectroscopy. Release 4.0

Integration of GPS with a Rubidium Clock and a Barometer for Land Vehicle Navigation

Indoor Navigation Test Results using an Integrated GPS/TOA/Inertial Navigation System

RFI Impact on Ground Based Augmentation Systems (GBAS)

Test Results of a 7-Element Small Controlled Reception Pattern Antenna

Determining Times of Arrival of Transponder Signals in a Sensor Network using GPS Time Synchronization

Design and Experiment of Adaptive Anti-saturation and Anti-jamming Modules for GPS Receiver Based on 4-antenna Array

MULTIPATH EFFECT MITIGATION IN SIGNAL PROPAGATION THROUGH AN INDOOR ENVIRONMENT

Working Party 5B DRAFT NEW RECOMMENDATION ITU-R M.[500KHZ]

Bird Model 7022 Statistical Power Sensor Applications and Benefits

LOCALIZATION WITH GPS UNAVAILABLE

Introduction to Global Navigation Satellite System (GNSS) Signal Structure

SOQPSK Software Defined Radio

Planning Your Wireless Transportation Infrastructure. Presented By: Jeremy Hiebert

Three Wishes. and an elaboration. For Reception of. Professor Bradford Parkinson Stanford University. (these are my personal views)

Satellite Navigation Principle and performance of GPS receivers

High Level Design Group: RF Detection Group Members: Joey Py e, André Magill, Shane Ryan, John Docalovich, Zack Bennett Advisor: Dr.

Wide-Area Persistent Energy-Efficient Maritime Sensing

Mobile Positioning in Wireless Mobile Networks

Final Report for AOARD Grant FA Indoor Localization and Positioning through Signal of Opportunities. Date: 14 th June 2013

Instantaneous Inventory. Gain ICs

A CubeSat Radio Beacon Experiment

Alternative Positioning, Navigation and Timing (APNT) for Performance Based Navigation (PBN)

Software Defined Radar

GPS Signal Degradation Analysis Using a Simulator

Adaptive Array Technology for Navigation in Challenging Signal Environments

WPI Precision Personnel Location System: Synchronization of Wireless Transceiver Units

GNSS Solutions: Do GNSS augmentation systems certified for aviation use,

Vidyut: Exploiting Power Line Infrastructure for Enterprise Wireless Networks. Vivek Yenamandra and Kannan Srinivasan

Robust Positioning for Urban Traffic

SMART CARPET A DISTRIBUTED COGNITIVE RADIO

Software for Partial Discharge and Localization

3 USRP2 Hardware Implementation

A Hybrid Indoor Tracking System for First Responders

The Technologies behind a Context-Aware Mobility Solution

NovAtel s. Performance Analysis October Abstract. SPAN on OEM6. SPAN on OEM6. Enhancements

CS263: Wireless Communications and Sensor Networks

Update on GPS L1C Signal Modernization. Tom Stansell Aerospace Consultant GPS Wing

Understanding GPS: Principles and Applications Second Edition

GPS Time Synchronization with World-Class Accuracy using a Few Selected Satellites

IOT GEOLOCATION NEW TECHNICAL AND ECONOMICAL OPPORTUNITIES

ABSOLUTE CALIBRATION OF TIME RECEIVERS WITH DLR'S GPS/GALILEO HW SIMULATOR

MOBILE COMPUTING 1/28/18. Location, Location, Location. Overview. CSE 40814/60814 Spring 2018

Passive Radar at home

HIGH GAIN ADVANCED GPS RECEIVER

Boosting Microwave Capacity Using Line-of-Sight MIMO

Transcription:

GNSS SOLUTIONS Is it possible to build a low-cost system to detect and locate a single GNSS jammer in near-real time? GNSS Solutions is a regular column featuring questions and answers about technical aspects of GNSS. Readers are invited to send their questions to the columnist, Dr. Mark Petovello, Department of Geomatics Engineering, University of Calgary, who will find experts to answer them. His e-mail address can be found with his biography below. MARK PETOVELLO is a Professor in the Department of Geomatics Engineering at the University of Calgary. He has been actively involved in many aspects of positioning and navigation since 1997 including GNSS algorithm development, inertial navigation, sensor integration, and software development. Email: mark. petovello@ucalgary.ca GNSS jammers are an ongoing threat to the reliable use of GNSS. The problem of geolocating GNSS jammers can be addressed using a time-difference-ofarrival (TDOA) processing technique; however, this problem is quite different than geolocating jammers in other radio frequency systems. The two main differences are: (1) No GNSS are available to use as a timing reference. (2) The signal of interest (i.e., the GNSS signals) are weak. This contrast with other applications (e.g., mobile phone jamming) where the signal of interest is much stronger. The first point forces the TDOA technique to be unconventional, but still possible. The second point eliminates the complexities of having to discern desired versus undesired signals in the band. To address these issues the Communications Research Centre (CRC) Canada, which is the Government of Canada s primary laboratory for wireless research, has been doing work in this area. Two complementary systems were devised to solve the problem of geolocating a single GPS jammer: igeoloc GPS (interference Geolocation) and (jammer situational awareness). can geolocate GPS band interference, but the effect on a GPS receiver is unknown. can indicate if a GPS receiver is jammed, but not geolocate the jammer source. The uses a 5 MHz bandwidth centered at GPS L1. The examines all outputs of a GPS timing receiver for both timing and position errors and other irregularities. In order to facilitate testing with an illegal device, a typical GPS chirp jammer was frequency-translated to a nearby experimental-licensed band and will be referred to as the translated-jammer. The jammer will refer to a signal source originating from either an intentional jammer device or a source of unintentional interference. Intentional or not, both sources can degrade a GPS receiver. System Level First, let s take a look at the overall jammer detection systems under consideration. Description. In some cases only awareness that the onsite GPS signal is being disrupted is required. is meant to answer the question: Do we have a jamming problem? This stationary sensor uses the number and received power of satellites, positional drift, GPS receiver lock status, and the accuracy of the pulseper-second (PPS) output to determine the status of a GPS receiver. The PPS error is measured using the internal phase meter of a chip scale atomic clock (CSAC). The phase meter measures the time difference, with a resolution of 45 picoseconds, between the internal CSAC 1 PPS and the externally applied PPS from the GPS receiver. In order to use the phase meter the CSAC is always configured in 1 PPS discipline mode with a 1-second time constant, and the PPS time difference is reported once a second (cycle to cycle) in nanoseconds. If the PPS time difference exceeds 1 nanoseconds, the position drifts more than a threshold, or a sudden change occurs in satellite informa- 32 InsideGNSS JANUARY/FEBRUARY 217 www.insidegnss.com

tion, a GPS outage is reported until the signals are stable for 1 seconds. Description. The current (Figure 1) uses four semi-transportable sensing nodes (A, B, C and D) connected in two separate networks: a real-time data network and a Wi-Fi control network. Each sensing node receives the translated-jammer band and retransmits it in its own dedicated backhaul band to the processing node (Figure 6, 8, and 9). This continuous real-time frequency translation is referred to as the data network. The jammer geolocation is calculated at the processing node using a TDOA technique followed by a geolocation algorithm. No waveform assumptions are used. A blind crosscorrelation is computed between all pairs of sensing node datasets to determine their relative time differences of arrival. A common jammer signal must be detected by at least three sensing nodes. This permits at least two time differences to be calculated and then used to generate possible hyperbolic intersections and hence possible geolocation points (in the horizontal plane). The TDOA cross-correlation and geolocation processing works with 218 complex samples per node and has a 4 Sensing Nodes Bubble Scope Cam RPI USB USRP 1 GPS Stand-alone Status Monitor RPI USB GPS Rx + CSAC USRP BackHaul Freq Reference Freq Jammer Freq 1 Processing Node USRP TDOA processing server 1 mobile GPS Jammer Jammer GPS Rx + CSAC latency of 6 to 1 seconds. As the processing node continuously receives all sensing node data, geolocation points can be continuously produced with the aforementioned latency. In order to achieve greater sensitivity, the low-level processing is required to do overlapped crosscorrelations of different sizes across all three combinations of sensing node data. These cross-correlations are then mode filtered, multipath-filtered, parabolically interpolated, and given a quality metric. Cross-correlation qualities that are greater than a predefined threshold are then fed into the Bancroft geolocation algorithm, which enable one to obtain a direct solution of the receiver position and the clock offset without requesting any a priori knowledge for the receiver location. The geolocation results can then be enhanced by an optional snap to the road filter. We will provide details of these steps in the following sections. Sensing Nodes. Each sensing node contains two softwaredefined radios and the necessary RF filters and amplifiers to perform the previously mentioned frequency translation for the data network. Each sensing node is controlled by a small micro-processing computer that controls and configures both the radios and a camera attached to a panoramic lens. A panoramic photo is taken once a second, providing context to the geolocation results. The computer communicates on the Wi-Fi control network. The component cost of a sensing node is approximately $5, CAD (about US$3,777). (See Figure 2) Processing Node. The processing node uses an appropriate RF antenna, filters and amplifiers to Data BackHaul Control Receive translated- Jammer BubbleScope Spherical Lens and Raspberry Pi Came Transmit calibration 27 MHz Receive Ref FIGURE 1 CRC Testbed : one translated-jammer, detected by four sensing nodes, processed at one node for geolocation using separate data and control networks. : actual GPS outage monitor FIGURE 2 Sensing Node www.insidegnss.com JANUARY/FEBRUARY 217 InsideGNSS 33

GNSS SOLUTIONS 12, 1, 8, 6, 4, 2, 1 2 3 4 Time Delay FIGURE 3 Cross-correlation output 12, 1, 8, 6, 4, 2, 4913 4914 4915 4916 4917 4918 Time Delay FIGURE 4 Cross-Correlation result with multiple peaks allow a software-defined radio with a custom field-programmable gate array (FPGA) design to receive the four sensing node backhaul bands and digitally down-convert them synchronously to baseband. The previously described processing chain (cross-correlation through geolocation) is then performed. The component cost of the processing node was approximately $2, CAD (about US$15,18), which can be reduced by using a low-cost alternative to a server-class computer for signal processing. Reference Frequency 27 Megahertz. The sensing nodes radios have RF local oscillators (LOs) that can drift relative to each other unless provided with a common reference. To avoid this, the processing node generates and transmits a continuous one-watt constant 27-megahertz tone as the reference signal. The 27-megahertz tone is in an industrial, scientific, and medical (ISM) RF band and in the range of the radios acceptable reference phase locked loop (PLL) frequency (5 to 14 megahertz). The implementation of this reference scheme encountered standard HF difficulties, of large antenna dimensions and high RF power. Cross-Correlation Processing. Traditionally TDOA is performed by calculating the difference of arrival between two signals with absolute timestamps. Since a difference is a relative measure, it does not need to be derived from two absolute measurements; the difference can be obtained from a cross-correlation process with a known relative offset between the two signals. A calibration process (described later) ensures that the offsets in a set of node-pair differences form a consistent set of equations for computing the jammer s location. The cross-correlations are performed using 262,144 complex samples. With a bandwidth of five megahertz, a stationary assumption can be used for a source travelling at highway speeds. An overlapped method that varies the data block size by multiples of 8,192 complex samples was created to generate more cross-correlation results over the dataset that could then be used for the mode filtering (described later). The five-megahertz sensing bandwidth also allows for cross-correlation peak determination with a resolution of 2 nanoseconds (59.95 meters). Figure 3 shows an example crosscorrelation result. Multipath Mitigation. CRC developed a cross-correlation quality metric to ensure that only reliable data is used for locating the jammer. The metric is defined to be the magnitude difference between the highest and second-highest cross-correlation peaks in the cross-correlation function. To illustrate the need for this metric, Figure 4 shows how multiple cross-correlation peaks can result from multipath effects. These can sometimes be discerned based on having longer delays than the true signal, but this is not always possible. The peaks considered were above a noise level where the noise level is defined as the first peak, sorted in descending order (by magnitude), that is at most two-thirds the amplitude of the next-highest peak. The system considered a maximum of two peaks and took the peak with the least delay; otherwise the cross-correlation was not used. Finally, a parabolic interpolation between samples was done to provide accuracies better than the 59.95- meter resolution mentioned earlier. Mode Filtering. Low-level data processing involves mode filtering. In order to distinguish it from noise, a true crosscorrelation peak should be consistent through a great majority of all the overlapped cross-correlations in the dataset. The geolocation algorithm only uses cross-correlations with a mode value greater than 7 percent occurrence. Calibration of Sensing Node s Local Oscillators. The 27-megahertz common reference frequency locks (synchronizes) all the sensing nodes; however, it will arrive at the nodes at different phases. The phase difference between nodes will be a constant error. The system can calibrate out any constant errors as the TDOA technique is based on a difference in time that is relative. The calibration stage produces an offset for each combination of node pairs that compensates for all constant errors. A recalibration is required every time 34 InsideGNSS JANUARY/FEBRUARY 217 www.insidegnss.com

Metres 1 5 5 1 5 5 Metres FIGURE 5 Multiple Solutions due to Hyperbolic intersections Sensing Nodes (A,B,C) are circles. Blue and black hyperbolas intersect at two points. the radios LO changes, which is on reconfiguration, restart or reboot. A linear system of equations is empirically obtained by transmitting white noise in the translated-jammer band, from one node at a time and cross correlating the receiving nodes to get the corresponding delay. This noise is generated by a pseudorandom bit sequence (PRBS) in the softwaredefine radios of the sensing nodes. A minimum of three node pairs are required to be determined empirically, and the others can be solved analytically. Geolocation Algorithm. The geolocation is accomplished using Bancroft s Algorithm to solve the multilateration equations. However, this can result in multiple solutions due to the multiple points of intersecting hyperbolas, an example of which is shown in Figure 5. A simple clustering algorithm is used to determine the best points. The clustering criterion is the number of neighbors within a pre-defined threshold distance. The remaining points can also be displayed, as shown in Figure 6. The clustering is only meant to aid a system operator and suffices for a stationary jammer, as the best points should be close together. However, if the jammer is believed to be mobile, a snap-to-road filter can be employed. The snap-to-road filter uses the OSRM (open source routing machine) project (<https://github.com/project-osrm/ osrm-backend>). Offline maps are generated for use with the OSRM algorithm, which uses a Hidden Markov Model as the probabilistic approach in determining route feasibilities. No U-turns is the only constraint used with the OSRM routing algorithm. Figure 7 shows the estimated jammer position after applying the snap-to-road filter. Geolocation to Google Earth Testbed Visualization In order to visualize the system, the processing node creates keyhole markup language (KML) files that describe the translated-jammer s position and the generated geolocation point(s). These KML files along with the sensor nodes photos are sent over a one-kilometer Wi-Fi link to an office computer to display the results in Google Earth in near real-time (Figure 8 and Figure 9). FIGURE 6 Color clustering multiple results for one geolocation (red caution = jammer position, green stars = best solutions, white stars = other solutions). The blue trajectory illustrates the true jammer trajectory. FIGURE 7 Jammer location after applying the snap-to-road filter www.insidegnss.com JANUARY/FEBRUARY 217 InsideGNSS 35

GNSS SOLUTIONS Interference Geolocation Results Parameters and results from recent experimentation performed at the CRC Testbed for the geolocation were as follows: (interference geolocation) Tracked route of a mobile 2-megawatt GPS jammer Four sensing nodes covering a 45x3 meter track ~1second latency, with a 2- meter error These excellent performance results led to some further validation tests outside of the CRC testbed, where we expected very poor performance due to the large network size and poor measurement geometry and obstructed propagation paths. The results were as follows: Range Tracked approximate position of mobile 1,2-megawatt GPS jammer Some detections were 1.4 kilometers away (Figure 1) Jammer Situational Awareness ( ) Results The results for the situational awareness are: (jammer situational awareness) detected only disruptive GPS jammers up to 2 25 meters away at highway speeds one-second delay, measured actual GPS outage time To validate the previously described translated jammer testbed, was brought to a site along the highway in Ottawa where illegal GPS jammers were initially found in 211. The sensor was used to trigger a low-cost spectrum recorder, with a multi-second ring buffer, upon jammer detection. A post-processing algorithm found some chirp jammers in the triggered spectrum collection. However, other unknown events were detected that resulted in similar GPS outage periods, as were caused by FIGURE 8 CRC Testbed showing igeoloc Geolocation and jaware Detection. jaware at the processing node (which is hidden by the message box) detects the translated-jammer, and igeoloc geolocates it close to Node C. FIGURE 9 CRC Testbed showing igeoloc Geolocation with Photo. igeoloc geolocates the translated-jammer close to Node D and is spotted on camera. the identified GPS jammers. Further investigation is warranted and is being undertaken. Figure 12 illustrates a correlation amplitude of a - detected chirp jammer event and can be contrasted against Figure 11 where no jammer is present. A GPS status report across the country, similar to a weather report, could be generated by networking sensors along major highways to report current and forecast future GPS status. If such a system were in place, a GPS outage could be seen moving along a highway, and an outage forecast could be generated for critical infrastructure (e.g., outage approaching airports). Conclusions This effort has proven that it is possible to build a low-cost system to detect and locate GNSS jammers in near-real time. In just more than one year CRC has designed, built, and tested such a system using many novel and sophisticated techniques to achieve impressive results. The and systems are new tools that can protect GNSS from the perils of jammers. The GNSS community can now employ these tools, empowering its spectral awareness. Manufacturers The GPS timing receiver used was the Mini-T GPS Disciplined Clock Board from Trimble, Sunnyvale, California 36 InsideGNSS JANUARY/FEBRUARY 217 www.insidegnss.com

3 2 1 6 4 2 2 Doppler Offset (Hz) 4 6 4 2 2 4 Time Offset (us) FIGURE 11 correlation amplitude, no jammer PRN Response, 5-ms integration time 3 FIGURE 1 Range result processed in four seconds (red caution = jammer position, green star = only solution) 2 1 6 4 2 2 4 Doppler Offset (Hz) 6 4 4 2 2 Time Offset (us) FIGURE 12 correlation amplitude, highway jammer effect on PRN response, 5-ms integration time USA. The software-defined radios in the igeolocgps sensing nodes and the processing node were, respectively, B2 USRP boards and X3 USRP units, from Ettus Research (a National Instruments (NI) company), Santa Clara, California USA. The sensing nodes were also equipped with Raspberry Pi computers to control the units, and the imaging was done using Raspberry Pi cameras from the Raspberry Pi Foundation, Cambridge, United Kingdom, attached to BubbleScope lenses by BubblePix Ltd., Newcastle-upon-Tyne, United Kingdom. The chip-scale atomic clock is the Quantum SA.45s from Microsemi Corporation, Aliso Viejo, California USA. Author Alexis Bose is a system design engineer from the University of Waterloo. Although he was accepted to the University of McGill for a Master s in Signal Processing, Alexis chose to work as a DSP/FPGA Engineer for eight years and as a research engineer at the Communications Research Centre (CRC) Canada for the last five years. Alexis enjoys solving real world problems, by developing a concept and carrying it through to implementation. He recently was the Project Manager and Technical Authority for the Geolocation of Jammers project at CRC. He received a Director General Award of Merit for this geolocation project. Acknowledgement The author would like to thank the dedicated team members Wayne Brett, Dr. Paul Guinand, and Russell Matt as well as the CRC for making this project a success. www.insidegnss.com JANUARY/FEBRUARY 217 InsideGNSS 37

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback