Understanding the Difference Between Anti-Spoofing and AntiJamming

Overview

When the GPS signals were designed in the early 1970s, the principles of electronic
warfare were already well understood. Generally speaking, adversaries may attempt to
disrupt position, navigation and time solutions derived from GPS in one of two ways:
spoofing (making a GPS receiver calculate a false position); and jamming
(overpowering GPS satellite signals locally so that a receiver can no longer operate).
Spoofing and jamming are two different problems, and the potential mitigation solutions
for the user differ accordingly.
Spoofing
To spoof a receiver, an adversary needs to faithfully recreate the signals from multiple
satellites and then transmit that spoofing signal to capture a local GPS receiver. (See
Figure 1.) If the targeted GPS receiver is unable to tell the difference between the real
satellite signals and the spoofed signals, the spoofing will fool the target receiver into
appearing to be at a different location.

Figure 1

The legacy GPS signals include an encrypted binary code of 1s and 0s known as Ycode that is transmitted on the L1 and L2 frequencies, with these signals only intended
for military use. This encrypted binary code changes 10.23 million times per second,
and the Y-code does not repeat over the course of an entire week (in other words, a
unique sequence of 6.18 trillion 1s and 0s per satellite per week).
Without the encryption keys it is virtually impossible for an adversary to generate the Ycode and, hence, virtually impossible to spoof a GPS receiver set to track Y-code. The
legacy GPS signals also includes a Coarse Acquisition, or C/A code, that was originally
meant to aid acquisition of the Y-code, but is now used for all civilian GPS receivers.

The C/A code is unencrypted, the 1s and 0s change 1.023 million times a second, and
the code itself repeats every millisecond (a unique sequence of 1,023 1s and 0s every
millisecond). As the C/A code structure is openly published in a public signal-in-space
interface specification, it can be recreated by a relatively competent adversary who can
then generate a spoofed version of the GPS signal with which to capture a receiver.
How can we protect against spoofing?
The best way to protect against spoofing is to directly track the encrypted Y-code. Of
course, this is only possible by using a GPS receiver that has a Selective Availability
Anti-Spoofing Module (SAASM). SAASM receivers can track Y-code only when loaded
with the currently valid decryption key, and the modules are tamper-proof to prevent
reverse engineering by adversaries.
SAASM receivers such as the NovAtel OEM625s are only available to
governmentauthorized customers, and the sales and distribution of these units are
tightly controlled by the United States Department of Defense.
For civil users, multi-constellation receivers that can track multiple GNSS such as GPS,
GLONASS, Galileo, and BeiDou simultaneously can be effective against spoofers,
because an adversary would have to produce and transmit all possible GNSS signals
simultaneously to spoof the target receiver.
An additional measure of protection can beadded by aiding the navigation solution with
an inertial measurement unit (IMU), as an adversary cannot spoof the Earth's
gravitational field or vehicle dynamics and cause the inertial unit to think it has moved in
a way that it hasn't.
Jamming
A low received signal power makes all CDMA signals, not just GNSS, susceptible to
accidental interference and intentional interference (jamming). Once the interference
level passes a certain limit, the GNSS signal will be lost within the interfering signal.
(See Figure 2.)

Figure 2

The fact that the Y-code is transmitted at 10 times the code rate of the C/A code
provides an inherent improvement in jamming performance. This arises from the
spreading of P/Ycode power over 10 times the frequency range, allowing Y-code
receivers to handle 10 times the jamming power of C/A code receivers.
The same improvement in jamming performance can be seen with some of the newer
and faster civilian signals such as GPS L5, Galileo E5a, and Galileo E5b. But if the
interference level is high enough, both low-code rate and high-code rate signals will
eventually be overpowered; so, even SAASM receivers can be jammed.
How can we protect against jamming?
Luckily, we have multiple mitigation strategies to help us overcome interference:
1. Filtering in the receiver. The first line of defense for interference of any type in any RF
system is to filter out as much of the interference as possible as soon as it reaches the
receiver. This is especially effective for what we call out-of-band signals, or signals that
are not directly in the GNSS frequencies that we are trying to receive. Unfortunately, if a
signal falls directly in-band it may still overpower the receiver.
2. Aid the receiver with an IMU. IMUs are impervious to radio frequency interference
and can provide a navigation solution to bridge gaps of seconds to a few minutes in
GNSS performance.
3. Null the interfering signal by using an adaptive antenna array. By using multiple
antenna elements spaced a known distance apart, signal-processing techniques can be
employed to discern the direction from which an interfering signal is arriving and then

adaptively change the apparent receiving strength of the antenna array, creating lower
gain (nulls) in the antenna receiving pattern. By pointing these nulls towards the
source of interference, the receiver can be protected from interference arriving from that
direction. (See Figure 3.) Controlled reception pattern antennas, or CRPAs such as
NovAtel's GAJT anti-jam antenna (Figure 4.), are extremely effective at mitigating all
types of interference, even if that interference falls within the GNSS frequency band.

- See more at: http://www.novatel.com/tech-talk/velocity/velocity-2013/understandingthe-difference-between-anti-spoofing-and-anti-jamming/#sthash.FsFALJt0.dpuf