The GNSS signal received power lies below the thermal noise and a correlation with the known spreading sequence is needed in order to recover it. The use of GNSS for tracking vehicles or goods has incentivized the malicious use of personal privacy devices (PPD) or jammers in order to disrupt the service. Usually jammers achieve denial of service (DoS) by the transmission of high power interfering signals, making it difficult for the victim receiver to correctly track the genuine signal. The approach of a traditional jamming attack can be seen as brute-force: it disrupts the service over a certain area rather than selectively targeting a particular device or signal. This work will examine a new class of low power GNSS jammers, that target each ranging signal individually and aim at disrupting the PNT capability for a specific receiver, by directly attacking its correlation process. Instead of overwhelming the legitimate signal with a high power interfering signal, the proposed jammer aims at disrupting the lock indicators used by receiver, e.g., the code lock indicator or the phase lock indicator. Indeed, if the these metrics are degraded, the receiver is led to discard the signal and does not produce observables. Moreover, this jamming signal can pass undetected to the traditional jamming indicators and it is much harder to filter. The paper will derive the optimal jamming waveform for this class of attacks and experimental results performed with Software Defined Radio (SDR) and real receivers will be presented.
Low power selective denial of service attacks against GNSS
Caparra, Gianluca;Ceccato, Silvia;Formaggio, Francesco;Laurenti, Nicola;Tomasin, Stefano
2018
Abstract
The GNSS signal received power lies below the thermal noise and a correlation with the known spreading sequence is needed in order to recover it. The use of GNSS for tracking vehicles or goods has incentivized the malicious use of personal privacy devices (PPD) or jammers in order to disrupt the service. Usually jammers achieve denial of service (DoS) by the transmission of high power interfering signals, making it difficult for the victim receiver to correctly track the genuine signal. The approach of a traditional jamming attack can be seen as brute-force: it disrupts the service over a certain area rather than selectively targeting a particular device or signal. This work will examine a new class of low power GNSS jammers, that target each ranging signal individually and aim at disrupting the PNT capability for a specific receiver, by directly attacking its correlation process. Instead of overwhelming the legitimate signal with a high power interfering signal, the proposed jammer aims at disrupting the lock indicators used by receiver, e.g., the code lock indicator or the phase lock indicator. Indeed, if the these metrics are degraded, the receiver is led to discard the signal and does not produce observables. Moreover, this jamming signal can pass undetected to the traditional jamming indicators and it is much harder to filter. The paper will derive the optimal jamming waveform for this class of attacks and experimental results performed with Software Defined Radio (SDR) and real receivers will be presented.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.