Man-made threats to Global Navigation Satellite System (GNSS)-dependent infrastructures are constantly evolving as malicious actors strive to stay one step ahead of security safeguards. A GNSS receiver that satisfies a certain standard of resilience in 2023 may not be sufficient by the end of the decade if a brand-new or previously unknown type of interference emerges in the meantime. GNSS spoofing is a significant concern as it is an intentional form of interference that aims to deceive a receiver into accepting counterfeit signals as genuine. The technical challenges of spoofing GNSS receivers are higher compared to jamming, and the consequences can be more severe, as the receiver may use tampered signals for Positioning, Navigation, and Timing (PNT), resulting in misleading position and time information. This paper analyzes the potential impact of spoofing on commercial- and mass-market-grade GNSS receivers. The impact analysis is also be supported by an in-house open-source software-defined research receiver named ‘FGI-GSRx’. Additionally, findings from the real-world spoofing test conducted during Jammer test campaign 2022 in Norway, are also be presented.

Jammertest 2022 was a week-long series of satellite navigation and timing signal jamming and spoofing exercises carried out on the Norwegian island of Andøya in September of 2022. Organized via a collaboration between the Norwegian spectrum management authority, defense research establishment, public roads administration, metrology service, and others, the result was the largest known GNSS jamming and spoofing event open to international collaboration and provided an open-access data and publication policy for participants. This paper reviews the event’s organization, scheduled tests, noteworthy jamming observations, noteworthy spoofing observations, and the unexpected observations found during the event and also presents information on what data are publicly available to interested parties, along with the contact information needed to obtain these data.

NovAtel has recently leveraged its expertise in both receiver design and anti-jam technology to develop solutions for space- and weight-constrained applications in challenged GNSS environments. Robust Dual-Antenna Receiver (RoDAR), is based on a commercial dual-antenna receiver, originally designed for attitude determination, and employs special firmware to mitigate jammers and spoofers without an increase in size or power consumption. With RoDAR, the multi-frequency, multi-constellation dual-antenna receiver is capable of null-steering at two different frequency bands (e.g., L1 and L5). In September 2022, the Norwegian Public Roads Administration hosted JammerTest, a live, over-the-air broadcast jamming and spoofing test. This paper presents the jamming and spoofing detection and mitigation performance of RoDAR during this live broadcast test. The interference detection provides spectrum monitoring and jamming characterization on all GNSS bands. The mitigation is carried out by steering a null formed on-board the receiver towards a jamming/spoofing source at GPS L1 and L5 bands. The null steering performance is characterized as a function of signal and position availability compared to a non-protected NovAtel receiver. The effectiveness of the anti-jam and anti-spoofing technology is demonstrated using representative complex spoofing and jamming test cases during this event.

The European Commission (EC) Joint Research Centre (JRC), in the frame of a scientific and technical support activity with the Satellite Navigation Unit of the EC Directorate General Defence Industry and Space (DEFIS) and the European Union Agency for the Space Programme (EUSPA), has agreed to facilitate testing and demonstrations activities of Research and Development (R&D) Actions under the European Union (EU) Global Navigation Satellite System (GNSS) Programmes. In this context, Horizon Europe and Galileo Fundamental Elements project consortia are invited to come to the JRC and access the GNSS testing facilities based in its Ispra Site. With the aim to promote this testing activities, a reference document providing an up-to-date inventory of the GNSS testing capabilities was published in July 2021 and now, with the present inventory, is updated and extended. From the first release of the inventory, the JRC keeps on improving its GNSS laboratory testing capabilities, addressing in the best manner the new challenges and evolving user needs in the GNSS domain, all with a clear focus on Galileo. Since the declaration of the initial services in 2016, Galileo has enriched its portfolio of services, introducing clear differentiators with respect to other GNSS systems. In particular, the Galileo Open Service (OS) has been upgraded with an improved navigation message, acting as a boost of the robustness and time to first fix, the High Accuracy Service (HAS) enables a decimetre-level accuracy through real-time corrections broadcast by Galileo satellites, the OS Navigation Message Authentication (OSNMA) strengthens the security and resilience against spoofing attacks, the Safety-of-Life (SoL) service enables the implementation of horizontal ARAIM service, responding the requirements of civil aviation. This report is structured as follows. Firstly, it sets the general terms and conditions to request the access to the testing facilities, and secondly, it provides a comprehensive summary of the GNSS testing capabilities that are currently available at the JRC. In many occasions, a reference to past testing campaigns is made to illustrate the typical testbeds and results that were produced. With this reference document at hand, interested project consortia should be able to specify an initial test plan with the required level of detail.

Man-made threats to Global Navigation Satellite System (GNSS)-dependent infrastructures are constantly evolving as malicious actors strive to stay one step ahead of security safeguards. A GNSS receiver that satisfies a certain standard of resilience in 2023 may not be sufficient by the end of the decade if a brand-new or previously unknown type of interference emerges in the meantime. GNSS spoofing is a significant concern as it is an intentional form of interference that aims to deceive a receiver into accepting counterfeit signals as genuine. The technical challenges of spoofing GNSS receivers are higher compared to jamming, and the consequences can be more severe, as the receiver may use tampered signals for Positioning, Navigation, and Timing (PNT), resulting in misleading position and time information. This paper analyzes the potential impact of spoofing on commercial- and mass-market-grade GNSS receivers. The impact analysis is also be supported by an in-house open-source software-defined research receiver named ‘FGI-GSRx’. Additionally, findings from the real-world spoofing test conducted during Jammer test campaign 2022 in Norway, are also be presented.

Global Navigation Satellite Systems (GNSS) are fundamental in ubiquitously providing position and time to a wide gamut of systems. Jamming remains a realistic threat in many deployment settings, civilian and tactical. Specifically, in Unmanned Aerial Vehicles (UAVs) sustained denial raises safety critical concerns. This work presents a strategy that allows detection, localization, and classification both in the frequency and time domain of interference signals harmful to navigation. A high-performance Vertical Take Off and Landing (VTOL) UAV with a single antenna and a commercial GNSS receiver is used to geolocate and characterize RF emitters at long range, to infer the navigation impairment. Raw IQ baseband snapshots from the GNSS receiver make the application of spectral correlation methods possible without extra software-defined radio payload, paving the way to spectrum identification and monitoring in airborne platforms, aiming at RF situational awareness. Live testing at Jammertest, in Norway, with portable, commercially available GNSS multi-band jammers demonstrates the ability to detect, localize, and characterize harmful interference. Our system pinpointed the position with an error of a few meters of the transmitter and the extent of the affected area at long range, without entering the denied zone. Additionally, further spectral content extraction is used to accurately identify the jammer frequency, bandwidth, and modulation scheme based on spectral correlation techniques.

Global Navigation Satellite Systems are widely used in critical infrastructure and safety of life applications such as aviation, maritime and land transportations. With such widespread use, open signal descriptions, and a crowded RF spectrum, jamming and spoofing are well-known threats to GNSS. GNSS Resilience and Integrity Technology (GRIT) is a firmware suite developed for NovAtel OEM7 receivers to expand situational awareness and interference detection and mitigation tools across applications and environments to protect against GNSS threats including jamming and spoofing attacks. GRIT includes Interference toolkit (ITK) and spoofing detection toolkit (SK) to identify when a GNSS signal is under threat. Recently, open service navigation massage authentication (OSNMA) implementation joins the NovAtel’s multi-layer protection suite against malicious attack. OSNMA enhances the GNSS security by cryptologic protection by implementing on the newly developed Galileo E1B Open Service Navigation Message.

Jammertest is the largest known GNSS jamming, meaconing, and spoofing test event in the world which has an open policy towards both user participation and user communication with no restrictions on the sharing of data or publication of results. The organizers implemented several changes and enhancements within the 2023 test campaign to further broaden the appeal and applicability of the tests for as many demographics of GNSS users as possible. More than 200 participants from 19 nations took part in person from 18-22 September at the test sites along the west coast of the Andøy island. This paper summarizes the design and motivation of the tests and test venue with particular attention to the efforts taken to provide users with precision timing and frequency references independent of the denied and disrupted GNSS signals. Aspects of surveilling and enforcing unintentional emissions, and real time communication and coordination to the large number of distributed participants are also discussed.

Global Navigation Satellite Systems enable precise localization and timing even for highly mobile devices, but legacy implementations provide only limited support for the new generation of security-enhanced signals. Inertial Measurement Units have proved successful in augmenting the accuracy and robustness of the GNSS-provided navigation solution, but effective navigation based on inertial techniques in denied contexts requires high-end sensors. However, commercially available mobile devices usually embed a much lower-grade inertial system. To counteract an attacker transmitting all the adversarial signals from a single antenna, we exploit carrier phase-based observations coupled with a low-end inertial sensor to identify spoofing and meaconing. By short-time integration with an inertial platform, which tracks the displacement of the GNSS antenna, the high-frequency movement at the receiver is correlated with the variation in the carrier phase. In this way, we identify legitimate transmitters, based on their geometrical diversity with respect to the antenna system movement. We introduce a platform designed to effectively compare different tiers of commercial INS platforms with a GNSS receiver. By characterizing different inertial sensors, we show that simple MEMS INS perform as well as high-end industrial-grade sensors. Sensors traditionally considered unsuited for navigation purposes offer great performance at the short integration times used to evaluate the carrier phase information consistency against the high-frequency movement. Results from laboratory evaluation and through field tests at Jammertest 2024 show that the detector is up to 90% accurate in correctly identifying spoofing (or the lack of it), without any modification to the receiver structure, and with mass-production grade INS typical for mobile phones.

We present a method to determine GNSS protection levels using multiple antennas under spoofing conditions. We evaluate these protection levels with real GNSS measurements affected by actual spoofing events. These protection levels could help evaluate the potential of two-antenna set ups to detect the effect of GNSS spoofing.