Article: 541 of rec.aviation.products Path: newshost.ncd.com!ncd.com!olivea!grapevine.lcs.mit.edu!ginger.lcs.mit.edu!mikec From: mikec@ginger.lcs.mit.edu (Mike Ciholas) Newsgroups: rec.aviation.products Subject: Re: GPS Glitchos Date: 20 Jul 1993 21:44:19 GMT Organization: MIT Laboratory for Computer Science Lines: 96 Message-ID: <22hovj$jf4@GRAPEVINE.LCS.MIT.EDU> References: <1993Jul20.200141.794@microunity.com> NNTP-Posting-Host: ginger.lcs.mit.edu In article <1993Jul20.200141.794@microunity.com> stick@microunity.com (Bruce Bateman) writes: >In article eric@ithaca.com (Eric Wagner) writes: >> [in vicinity of CCR get GPS dropout] >> >>The Garmin folks haven't heard of the problem, and they suggest >>that there could be some sort of "jamming" signal coming from >>the Naval Weapons Station close to CCR. Really??? >I find the "jamming" theory to be "interesting" because I have been >lead to believe that one of the GREAT features of GPS is that it >"can't" be jammed. This is supposedly because the signal strength >received from the satellites is actually below the background noise >level and the receivers integrate over multiple signal transmissions >to "cancel out" the random noise. Thus, in order to jam the signal, >it is not sufficient to just dump a lot of random "junk" onto the >frequency, but one would have to know the exact data and timing of >the signal. Any experts know better? Depends on what you mean by "jam". I might define "jam" as meaning the GPS receiver is unable to function due to interference from an offending transmitter (but it does not produce erroneous position reports), and I would define "spoof" as the GPS receiver continues to output position information, but it is *wrong*, and this error is caused by an interfering transmitter. In the GPS system, "jam" is moderately easy, and "spoof" is really hard (especially for a moving receiver like in an airplane). Conventional radio modulation uses a carrier on a single frequency that is then modulated with the desired information (audio, video, etc). GPS satellites transmit their information using a radio modulation technique known as spread spectrum. In this system, the carrier frequency is "spread" over a fairly wide range of frequencies by using a pseudo random noise generator. To the conventional receiver, this looks just like noise. But to a receiver which knows the same noise generating sequence, it can "undo" the spread and recover the information. In order to "undo" the signal, the receiver must have exactly the same pseudo random noise pattern and be synchronized so that it noise pattern is at the same point as the transmitter. This need to have the sync between the transmitter and receiver is used in GPS to measure the time delay of the transmitted wave. By noting the relative time offset of the two noise patterns, we can determine how much time elapsed between transmission and reception. Spread spectrum has another feature besides synchronization, that is several transmitters can share the same bandwidth if they are all given different noise patterns (aka "spreading codes"). The receiver can then despread each transmitters output separately (a "parallel" receiver can do each satellite simultaneously, while a "serial" receiver must do each satellite one at a time, parallel is better). Now, to jam a GPS receiver you can do it two different ways: By brute force you can send such a strong signal that the satellite signals are lost in the overwhelming signal you are generating. This requires a great deal of power since the aircraft has a direct line of sight to the satellite and the GPS antenna is on top of its metal surface (so a ground interferer needs a *lot* of power). The more sophisticated approach is to use the noise pattern on one of the satellites which can cause the GPS receiver to lock on it and not on the satellite. Of course, you may be receiving more than the minimum required satellites, so the jammer has to knock out maybe 2 or 3 satellites. In either case, the jammer is easy to find with relatively simple homing gear (you can imagine a military missile with a "GPS jammer sniffer" that guides it to the source of the jamming). To spoof GPS, well, that takes a lot of effort because you have to generate a complete set of satellite signals, strong enough to have the GPS receiver lock on them, and the data from those signals must decode into a reasonable position solution (can't be out in space or underground, which means only an extremely small part of the solution space is meaningful). If the target moves relative to the spoofing signal, the spoofer must adjust the timing of all the satellite noise patterns to keep the GPS receiver fooled. And this spoofing will work only for one target, as the timing will be wrong everywhere else. In the specific case above, the GPS receiver may start to loose satellites (resulting in small position "jumps" of about 100 or so meters that can cause ground speed calculations to be messed up). Then it may loose them all due to some interference (maybe the Garmin 55 front end is a little "loose" and a strong pulsed radar could disrupt it). It then takes a while to reinitialize (download an almanac, emphemeris, achieve satellite lock, etc.). The interesting question is "Did it report erroneous positions?" and if so "Is that due to the design of the receiver or is it inherent in the GPS system?". Mike Ciholas mikec@lcs.mit.edu