GPS Spoofing Detection Techniques

US 20150226858A1
Filed: 02/13/2014
Published: 08/13/2015
Est. Priority Date: 02/13/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing a plurality of anti-spoofing techniques, wherein the plurality of anti-spoofing techniques detect interference with data provided by one or more navigation devices for a plurality of threat situations;

analyzing positioning, timing and frequency characteristics associated with the one or more navigation devices in order to identify a threat situation among the plurality of threat situations; and

executing one or more of the anti-spoofing techniques based on the identified threat situation, wherein multiple anti-spoofing techniques can be executed substantially in parallel.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are system, method, and computer program product embodiments for detecting spoofing of a navigation device. A plurality of anti-spoofing techniques are provided. The plurality of anti-spoofing techniques detect interference with data provided by one or more navigation devices for a plurality of threat situations. Positioning, timing and frequency characteristics associated with the one or more navigation devices are analyzed in order to identify a threat situation among the plurality of threat situations. Based on the identified threat situation one or more of the anti-spoofing techniques are executed. The one or more anti-spoofing techniques can be executed in parallel in order to provide various anti-spoofing detection techniques at the same time.

67 Citations

View as Search Results

30 Claims

1. A method comprising:
- providing a plurality of anti-spoofing techniques, wherein the plurality of anti-spoofing techniques detect interference with data provided by one or more navigation devices for a plurality of threat situations;
  
  analyzing positioning, timing and frequency characteristics associated with the one or more navigation devices in order to identify a threat situation among the plurality of threat situations; and
  
  executing one or more of the anti-spoofing techniques based on the identified threat situation, wherein multiple anti-spoofing techniques can be executed substantially in parallel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the analyzing comprises:
    - receiving data associated with a first navigation device;
      
      processing the data to determine a reported position of the first navigation device;
      
      comparing the reported position of the first navigation device to a surveyed-in position of the navigation device; and
      
      determining if there is a mismatch between the reported position of the first navigation device and the surveyed-in position of the first navigation device.
  - 3. The method of claim 2, further comprising:
    - generating a threat-alert when it is determined that there is a mismatch, wherein the threat-alert indicates a transmission signal of the first navigation device is compromised.
  - 4. The method of claim 2, wherein the comparing is performed on a pulse per second periodic.
  - 5. The method of claim 1, wherein each of the plurality of navigation devices is a Global Navigation Satellite System (GNSS) receiver.
  - 6. The method of claim 1, wherein the analyzing comprises:
    - receiving a first set of data associated with a first navigation device;
      
      receiving a second set of data associated with a second navigation device;
      
      processing the first set of data and the second set of data to determine a first reported position for the first navigation device and a second reported position for the second navigation device;
      
      comparing the first reported position with the second reported position; and
      
      determining if a difference between the first reported position and the second reported position is below a position threshold.
  - 7. The method of claim 6, further comprising:
    - generating a threat alert when it is determined that the difference between the first reported position and the second reported position is below the position threshold.
  - 8. The method of claim 6, wherein the position threshold is based on a known distance between the first navigation device and the second navigation device.
  - 9. The method of claim 6, wherein the comparing is performed on a pulse per second periodic.
  - 10. The method of claim 1, wherein the executing comprises:
    - receiving data associated with a navigation device;
      
      processing the data in order to determine a power measurement and a distortion measurement for the navigation device;
      
      comparing the power measurement to a predetermined power threshold and the distortion measurement to a predetermined distortion threshold; and
      
      determining whether the distortion measurement and power measurement indicate that the navigation device is compromised based on the comparison.
  - 11. The method of claim 10, wherein the determining comprises:
    - determining whether the distortion measurement is related to at least one of a spoofing attack and a multi-pass of the data received from the navigation device; and
      
      generating a threat alert when the distortion measurement is related to a spoofing attack.
  - 12. The method of claim 10, wherein the processing further comprises:
    - determining the power measurement based on an automatic gain control of the navigation device.

13. A system, comprising:
- a memory; and
  
  at least one processor coupled to the memory and configured to;
  
  provide a plurality of anti-spoofing techniques, wherein the plurality of anti-spoofing techniques detect interference with data provided by one or more navigation devices for a plurality of threat situations;
  
  analyze positioning, timing and frequency characteristics associated with the one or more navigation devices in order to identify a threat situation among the plurality of threat situations; and
  
  execute one or more of the anti-spoofing techniques based on the identified threat situation, wherein multiple anti-spoofing techniques are executed substantially in parallel.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The system of claim 13, wherein the at least one processor is further configured to:
    - receive data associated with a first navigation device;
      
      process the data to determine a reported position of the first navigation device;
      
      compare the reported position of the first navigation device to a surveyed-in position of the navigation device; and
      
      determine if there is a mismatch between the reported position of the first navigation device and the surveyed-in position of the first navigation device.
  - 15. The system of claim 14, wherein the at least one processor is further configured to:
    - generate a threat-alert when it is determined that there is a mismatch, wherein the threat-alert indicates a transmission signal of the first navigation device is compromised.
  - 16. The system of claim 14, wherein the at least one processor is configured to compare the reported position of the first navigation device to a surveyed-in position of the navigation device, at a pulse per second periodic.
  - 17. The system of claim 13, wherein each of the plurality of navigation devices is a Global Navigation Satellite System (GNSS) receiver.
  - 18. The system of claim 13, wherein the at least one processor is further configured to:
    - receive a first set of data associated with a first navigation device;
      
      receive a second set of data associated with a second navigation device;
      
      process the first set of data and the second set of data to determine a first reported position for the first navigation device and a second reported position for the second navigation device;
      
      compare the first reported position with the second reported position; and
      
      determine if a difference between the first reported position and the second reported position is below a position threshold.
  - 19. The system of claim 18, wherein the at least one processor is further configured to:
    - generate a threat alert when it is determined that the difference between the first reported position and the second reported position is below the position threshold.
  - 20. The system of claim 18, wherein the position threshold is based on a known distance between the first navigation device and the second navigation device.
  - 21. The system of claim 13, wherein the at least one processor is further configured to:
    - receive data associated with a navigation device;
      
      process the data in order to determine a power measurement and a distortion measurement for the navigation device;
      
      compare the power measurement to a predetermined power threshold and the distortion measurement to a predetermined distortion threshold; and
      
      determine whether the distortion measurement and power measurement indicate that the navigation device is compromised based on the comparison.
  - 22. The system of claim 21, wherein at least one processor is further configured to:
    - determine whether the distortion measurement is related to at least one of a spoofing attack and a multi-pass of the data received from the navigation device; and
      
      generate a threat alert when the distortion measurement is related to a spoofing attack.

23. A tangible computer-readable device having instructions stored thereon that, when executed by at least one computing device, causes the at least one computing device to perform operations comprising:
- providing a plurality of anti-spoofing techniques, wherein the plurality of anti-spoofing techniques detect interference with data provided by one or more navigation devices for a plurality of threat situations;
  
  analyzing positioning, timing and frequency characteristics associated with the one or more navigation devices in order to identify a threat situation among the plurality of threat situations; and
  
  executing one or more of the anti-spoofing techniques based on the identified threat situation, wherein multiple anti-spoofing techniques are executed substantially in parallel.

24. A method, comprising:
- processing a set of first data accessed from a validated source at different intervals of time;
  
  processing a set of second data accessed from an unvalidated source, wherein the validated source is independent of the unvalidated source;
  
  determining a threat detection value based on averaging the set of first data and averaging the set of second data during an adjustable interval of time; and
  
  when the threat detection value meets a configurable threat detection threshold, generating a threat alert message, wherein the threat alert message identifies an anomaly in either the validated source or the unvalidated source.
- View Dependent Claims (25)
- - 25. The method of claim 24, wherein the determining further comprises:
    - detecting a frequency offset between the validated source and the unvalidated source, wherein the frequency offset; and
      
      determining whether the frequency offset indicates that the unvalidated data source is compromised.

26. A system, comprising:
- a memory; and
  
  at least one processor coupled to the memory and configured to;
  
  process a set of first data accessed from a validated source at different intervals of time;
  
  process a set of second data accessed from an unvalidated source, wherein the validated source is independent of the unvalidated source;
  
  determine a threat detection value based on averaging the set of first data and averaging the set of second data during an adjustable interval of time; and
  
  when the threat detection value meets a configurable threat detection threshold, generate a threat alert message, wherein the threat alert message identifies an anomaly in either the validated source or the unvalidated source.
- View Dependent Claims (27)
- - 27. The system claim 26, wherein the at least one processor is further configured to:
    - detect a frequency offset between the validated source and the unvalidated source, wherein the frequency offset; and
      
      determine whether the frequency offset indicates that the unvalidated data source is compromised.

28. A method, comprising:
- receiving a first set of data associated with a first navigation device;
  
  receiving a second set of data associated with a second navigation device;
  
  processing the first set of data and the second set of data to determine a first reported position for the first navigation device and a second reported position for the second navigation device;
  
  comparing the first reported position with the second reported position;
  
  generating a first threat alert when a difference between the first reported position and the second reported position is below a position threshold;
  
  processing a set of third data accessed from a validated source at different intervals of time, wherein the validated source operates independently of the first navigation device and the second navigation device;
  
  determining a threat detection value based on averaging the set of first data, averaging the set of second data, and averaging the set of third data during an adjustable time range; and
  
  generating a second threat alert when the threat detection value meets a configurable threat detection threshold, wherein the first threat alert and second threat alert are indicative of an anomaly in at least one of the first navigation device, the second navigation device, and the validated source.
- View Dependent Claims (29)
- - 29. The method of claim 28, wherein the generation of the first threat alert and the generation of the second threat alert are performed in parallel.

30. A method, comprising:
- receiving a first set of data associated with a first mobile device;
  
  receiving a second set of data associated with a second mobile device;
  
  processing the first set of data and the second set of data to determine a first reported position associated with the first mobile device and a second reported position associated with the second mobile device;
  
  performing a stationary positioning check and a dual positioning check for the first mobile device and the second mobile device based on the respective processed sets of data, wherein the stationary positioning check and the dual positioning check are performed in parallel; and
  
  generating at least one threat alert when one or more threat detection values meet a configurable distance threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mitre Corporation
Original Assignee
Mitre Corporation
Inventors
LEIBNER, Darrow Paine, Lundberg, Erik T.

Granted Patent

US 10,495,759 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G01S 19/215   issues related to spoofing

H04K 3/224   with countermeasures at tra...

H04K 3/255   based on redundancy of tran...

H04K 3/65   using deceptive jamming or ...

H04K 3/90   related to allowing or prev...

GPS Spoofing Detection Techniques

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

67 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

GPS Spoofing Detection Techniques

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links