Q: What has been learned recently about GNSS RF jamming and spoofing events? What tools are available online to track and investigate these events? - Inside GNSS - Global Navigation Satellite Systems Engineering, Policy, and Design (2024)

A: Radio frequency interference (RFI) events have grown in frequency and scope to become a paramount concern for commercial, military and (especially)safety-of-life critical applications of GNSS since the Russian invasion of Ukraine in February 2022 and the Hamas attack on Israel in October 2023.

ZIXI LIU, SHERMAN LO, TODD WALTER AND SAM PULLEN, STANFORD UNIVERSITY

These events come in many different forms and can cause signal loss (“jamming”) and deliberate errors (“spoofing”), making their impacts difficult to assess and categorize. While RFI from unintentional emitters (e.g., RF transmitters for other applications such as television and radar) continues to occur as it has historically, the dominant threats to GNSS navigation now appear to come from deliberate denial or warping of service by military combatants. This RFI is generally not targeted at civil users but is nevertheless causing significant and unexpected GNSS degradations [1].

This article is a follow-up to the March/April 2024 GNSS Solutions column [2]. It describes an updated, comprehensive methodology for RFI detection and localization and shows recent results from it [3]. It also introduces an online tool developed by Stanford University(rfi.stanford.edu) that automatically collects publicly available Automatic Dependent Surveillance (ADS)-B messages and generates estimates of GNSS RFI locations and impacts [4].

Q: What has been learned recently about GNSS RF jamming and spoofing events? What tools are available online to track and investigate these events? - Inside GNSS - Global Navigation Satellite Systems Engineering, Policy, and Design (1)

Using ADS-B Messages and NIC Values

As explained in [2], our research uses ADS-B observations that contain GNSS-derived aircraft position information along with corresponding signal quality metrics and are updated every 0.4 to 0.6 seconds at the 1090 MHz frequency. ADS-B data provides good coverage of high-altitude aircraft and allows us to create a “crowdsourced” sensor network by collecting information from multiple aircraft simultaneously. ADS-B data is available from several public sources such as the OpenSky Network [5] and ADS-B Exchange [6], and it is used by GPSJam [7] and the Zurich University of Applied Sciences (ZHAW)and SKAI Data Services [8] to show locations and times of apparent RFI.

As explained in [2], GNSS RFI analysis using ADS-B relies upon the values for Navigation Integrity Category (NIC) defined by the RTCA ADS-B MOPS (DO-260C) [9] that estimate the transmitting aircraft’s GNSS position quality. NIC gives the 2D horizontal error radius (or “containment radius”) that should bound the actual horizontal position error with a probability of 0.99999 (i.e., the probability of unknowingly violating this bound is 10-5or lower).Figure 1(repeated from [2] for convenience) shows the NIC values that can be transmitted and their corresponding containment radii. Higher NIC integer values correspond to smaller error bounds and thus better performance.

NIC values are used to distinguish between aircraft with apparently nominal GNSS measurements and those that are degraded due to (most likely) RFI. A NIC of 7 corresponds to a horizontal containment radius of 370.4 meters. This is taken to be the smallest NIC value (largest containment radius) that corresponds to nominal behavior (typically, nominal NIC values are 8 or higher). Any NIC below this (especially NIC=0) is treated as representative of RFI.

Q: What has been learned recently about GNSS RF jamming and spoofing events? What tools are available online to track and investigate these events? - Inside GNSS - Global Navigation Satellite Systems Engineering, Policy, and Design (2)
Q: What has been learned recently about GNSS RF jamming and spoofing events? What tools are available online to track and investigate these events? - Inside GNSS - Global Navigation Satellite Systems Engineering, Policy, and Design (3)

Example Spoofing Events

Figure 2shows three examples of spoofing from ADS-B observations on August 15, 2024 (left and middle plots) and November 25, 2023 (right plot) [3]. In the first example (left plot), multiple aircraft were spoofed into a static position at Beirut-Rafic Hariri International Airport in Lebanon. The second event (middle plot), over Smolensk Oblast, Russia, spoofed aircraft into circular flight paths. In the third example (right plot), spoofed aircraft were diverted into false landing trajectories over the runway at Belbek Airport near Sevastopol, Crimea. These cases demonstrate that spoofed positions can remain static or change dynamically. Powerful jamming and spoofing events continue to occur, underscoring the importance of quickly detecting and localizing such events.

ADS-B-Based Spoofing Analysis Methodology

Stanford has developed a multi-step spoofing detection and localization approach that is described in detail in [3]. The steps of this method are summarized as follows:

1.Position jump detection:The detection algorithm searches for position jumps for each aircraft in the ADS-B database using a Kalman filter (KF) to reduce errors in the reported aircraft positions. The Kalman filter estimates aircraft velocity from position data. If the estimated velocity for a particular aircraft exceeds 650 m/s (approximately Mach 2 at an altitude of 12,000 ft or 3,660 m), the corresponding aircraft locations are flagged as potentially spoofed.

Figure 3presents a flight on November 25, 2023, with a position jump detected by this method. The left side displays the aircraft’s flight trajectory color-coded by the NIC values reported by ADS-B. The yellow diamond indicates the starting point prior to the jump, while the pink square represents the endpoint after the jump. This flight was spoofed from its original trajectory near Bucharest to Belbek Airport, resulting in a sudden trajectory jump that suggested an unrealistic and non-physical velocity exceeding Mach 2 because the aircraft was spoofed into that path rather than actually flying it.

2.Analysis of flagged locations:Potentially spoofed points detected across all aircraft are clustered temporally using the Density-Based Spatial Clustering of Applications with Noise (DBSCAN) algorithm [10].Figure 4shows how DBSCAN is used for this. The logic behind DBSCAN is shown in the left-hand graphic and involves setting a minimum number of points (mmin) and a maximum allowable distance (ε) between points within each cluster. Points are considered “density-reachable” from one another (and thus form a group) based on these criteria. Unlike other clustering algorithms, DBSCAN does not require pre-specification of the number of clusters. This is important because the number of RFI events occurring at any given time is unknown. On the right, an example group from the worldwide clustering results identifies the Belbek Airport spoofing event. The trajectories are color-coded by aircraft to illustrate how multiple aircraft were spoofed into false paths on the runway at Belbek Airport during this event.

Q: What has been learned recently about GNSS RF jamming and spoofing events? What tools are available online to track and investigate these events? - Inside GNSS - Global Navigation Satellite Systems Engineering, Policy, and Design (4)
Q: What has been learned recently about GNSS RF jamming and spoofing events? What tools are available online to track and investigate these events? - Inside GNSS - Global Navigation Satellite Systems Engineering, Policy, and Design (5)

3.Interpolation within spoofed regions:Once an apparent spoofing event is detected, the identified spoofed points are used to attempt to locate it. First, specific spoofed points are identified, allowing us to determine the last observed position before spoofing and the first observed position after recovery from spoofing. These mark the start and end of the spoofed segment. To reconstruct the flight path, we first remove spoofed points from the trajectory. We then interpolate the complete flight path using locations from the non-spoofed points. Each spoofed point is then mapped to its corresponding interpolated position based on its timestamp. An example of this is shown in the upper two plots inFigure 5that show where one aircraft was actually flying on November 25, 2023, while being spoofed. Applying this method to all affected aircraft provides an estimate of the region affected by spoofing and its spatial extent, as depicted in the lower two plots ofFigure 5.

4.Line-of-Sight Localization Analysis:The second phase of localization involves line-of-sight analysis. Any spoofer within the line of sight of a potentially spoofed point can influence that point. This avoids requiring any assumptions regarding the type of antenna used by the spoofer. A 2D grid of ground locations is constructed to represent all possible spoofer transmitter locations. For each spoofed point, a circle is drawn with a radius equal to the radar horizon range. The spoofer must be located within or on the boundary of these circles to impact the corresponding spoofed locations.

The region with the greatest overlap among the circles is identified as the most likely spoofer location with the constraint that the spoofer’s location should not be in an area that would also affect non-spoofed points. For each spoofed point, only those non-spoofed points that are observed within the same millisecond are included in this constraint. This approach helps prevent errors that may arise when spoofer transmissions are intermittent (see [3] for details).

Q: What has been learned recently about GNSS RF jamming and spoofing events? What tools are available online to track and investigate these events? - Inside GNSS - Global Navigation Satellite Systems Engineering, Policy, and Design (6)
Q: What has been learned recently about GNSS RF jamming and spoofing events? What tools are available online to track and investigate these events? - Inside GNSS - Global Navigation Satellite Systems Engineering, Policy, and Design (7)

Results for December 25, 2023

The method described above supports daily worldwide detection and localization of spoofing events observed in ADS-B transmissions.Figure 6presents example detection results for December 25, 2023, portions of which were previously documented in [2].Figure 7shows the corresponding region affected by those spoofing events. On that day, five significant spoofing events were observed. The first event affected aircraft that were flying across the southwest portion of the Black Sea and spoofed them into fake landing trajectories at Belbek Airport near Sevastopol, Crimea. The second event contains multiple affected regions crossing the borders of Latvia, Lithuania, Belarus and Russia in which aircraft were spoofed into circular trajectories near Smolensk. The other three were instances of static spoofing into fixed positions. The first event spoofed flights near the coastline of Lebanon into static positions at Beirut Airport. The second event spoofed flights along Baghdad and Kuwait to static locations near Najaf, Iraq. The third event spoofed flights passing through the center of Iraq to static locations near Samarra, Iraq and Baghdad [3].

Q: What has been learned recently about GNSS RF jamming and spoofing events? What tools are available online to track and investigate these events? - Inside GNSS - Global Navigation Satellite Systems Engineering, Policy, and Design (8)
Q: What has been learned recently about GNSS RF jamming and spoofing events? What tools are available online to track and investigate these events? - Inside GNSS - Global Navigation Satellite Systems Engineering, Policy, and Design (9)

Worldwide Visualization

Our lab recently activated a website(rfi.stanford.edu) that uses these methods to translate ADS-B observations into visualizations of where RFI is occurring and how severe and widespread it is.Figure 8shows a screenshot of the home page of this site with the (adjustable) date set to October 23, 2024. This page shows a “heat map” of RFI locations east of 125ºW longitude and west of 70ºE longitude (although the entire world is shown online) based on the percentage of aircraft in each map cell with low NIC (< 7). Most areas of the world are green because no aircraft with low NIC values were observed. Red regions are those with more than 10% of aircraft with low NIC and strongly suggest the presence of RFI during at least part of the day. The parts of the map shown in white either have low levels of air traffic or are difficult to obtain ADS-B measurements from. The online map supports zooming in to more precisely see where significant RFI is occurring.

Each location with a blue pointer inFigure 8represents a detected RFI event. Clicking on any of these events presents a more detailed map of the aircraft and region affected.Figure 9shows the map of the event near Muscat, Oman, on this day. It identifies actual aircraft paths with low NIC (in red) that appear to be affected by RFI along with aircraft paths with high NIC (mostly in gray, representing NIC=8). There is some overlap between low and high NIC points, but an approximate identification of the locations affected by RFI effects can be made. A movie showing aircraft movement around this region over the entire day is also presented on this page to help refine this estimate in both space and time.

The website includes observations stretching back to the beginning of 2024 and will automatically collect new results going forward. Thus, it supports comparisons of RFI locations and impacts over time.Figure 10shows aircraft affected by the same RFI event detected near Muscat, Oman on January 23, 2024 (nine months earlier than the results inFigure 9). The regions affected inFigure 10are similar to those inFigure 9,suggesting the same interference source. This event is also present (with minor variations) on the 23rd day of several other months randomly checked between January and October.

Q: What has been learned recently about GNSS RF jamming and spoofing events? What tools are available online to track and investigate these events? - Inside GNSS - Global Navigation Satellite Systems Engineering, Policy, and Design (10)
Q: What has been learned recently about GNSS RF jamming and spoofing events? What tools are available online to track and investigate these events? - Inside GNSS - Global Navigation Satellite Systems Engineering, Policy, and Design (11)

Clicking the “Dashboard” link on the upper left side of the screenshot inFigure 8 brings up a series of plots for the month selected (in this case, October 2024 up to October 24).Figure 11shows one of these plots with the overall number of detected RFI events on each day. This number varies between 60 and 80, suggesting the degree and extent of RFI remained relatively constant over the month.

The website is continually updated and will soon incorporate additional information focused on detected and located spoofing events.

Summary

While RFI jamming and spoofing events have become troublesome for civil users and are likely to continue to increase, more information than ever is available to help identify their location, extent, frequency and severity. Position and NIC information in recorded ADS-B transmissions makes it possible to evaluate RFI locations and impacts over most of the populated world and to better understand them. The methodology described here makes use of this wealth of data to detect and locate RFI events in an automated fashion so that the results can be accessed and investigated online.

This analysis supplements the recently released report on GPS spoofing observations and aviation impacts provided by the GPS Spoofing Workgroup 2024 [1]. One of the key findings in [1] is, “The Workgroup noted many misconceptions about the reason GPS Spoofing is occurring. With few exceptions, GPS Spoofing is conducted by state actors as a result of regional conflict. The Workgroup found no examples of a direct, targeted attack on a civilian aircraft.”

Acknowledgments

The authors would like to thank the FAA for its support of this research as well as the other members of our laboratory and Prof. Dennis Akos of the University of Colorado for their contributions to this research. We also thank the ADS-B data sources used in our analyses and atrfi.stanford.edu: the OpenSky Network [5] and the ADS-B Exchange [6].

References

(1)GPS Spoofing: Final Report of the GPS Spoofing Workgroup, OPSGROUP, Sept. 2024. https://ops.group/blog/gps-spoofing-final-report/

(2)Z. Liu, S. Lo, et al., “GNSS Solutions” column,Inside GNSS,Vol. 19, No. 2, March/April 2024, pp. 28-35. https://lsc-pagepro.mydigitalpublication.com/publication/?m=61061&i=818266&p=28&ver=html5

(3)Z. Liu, S. Lo, et al., “GNSS Spoofing Detection and Localization Using ADS-B Data,” Proceedings of ION GNSS+ 2024, Baltimore, MD, Sept. 2024 (forthcoming).

(4)“GNSS Interference Detection Using ADS-B (website)” GPS Laboratory, Stanford University, https://rfi.stanford.edu or https://waas-nas.stanford.edu

(5)“The OpenSky Network—Free ADS-B and Mode S data for Research,” https://opensky-network.org/

(6)“ADS-B Exchange: World’s largest source of unfiltered flight data,” https://www.adsbexchange.com/

(7)J. Wiseman, “GPSJam: Daily Maps of GPS Interference,” https://gpsjam.org/

(8)“Live GPS Spoofing and Jamming Tracker Map,” https://spoofing.skai-data-services.com/

(9)Minimum Operational Performance Standards for 1090 MHz Extended Squitter Automatic Dependent Surveillance—Broadcast (ADS-B) and Traffic Information Services—Broadcast (TIS-B). Washington, DC, RTCA DO-260C, Dec. 17, 2020.

(10)M. Ester, H.-P. Kriegel, et al., “A density-based algorithm for discovering clusters in large spatial databases with noise,” Proc. of AIAA KDD-96, pp. 226–231 (1996).

Authors

Zixi Liuis a Ph.D. candidate at the GPS Laboratory at Stanford University. She received her B.Sc. degree from Purdue University in 2018 and her M. Sc. degree from Stanford University in 2020.

Sherman Lois a senior research engineer at the Stanford GPS Laboratory and the executive director of the Stanford Center for Position Navigation and Time. He received his Ph.D. in Aeronautics and Astronautics from Stanford University in 2002. He has and continues to work on navigation robustness and safety, often supporting the FAA. He has conducted research on Loran, alternative navigation, SBAS, ARAIM, GNSS for railways and automobiles. He also works on spoof and interference mitigation for navigation. He has published over 100 research papers and articles. He was awarded the ION Early Achievement Award.

Todd Walteris a Research Professor in the Department of Aeronautics and Astronautics at Stanford University. He is also a member of the National Space-Based Positioning, Navigation, and Timing (PNT) Advisory Board. His research focuses on implementing satellite navigation systems for safety-of-life applications. He has received the Institute of Navigation (ION) Thurlow and Kepler awards. He is also a fellow of ION and has served as its president.

Related Posts:

  • Q: What is the significance of the NANUs provided by…
  • China's Compass/Beidou: Back-Track or Dual Track?
  • Timing Sources for Wireless Carriers, Critical…
  • Orbital Insight, DoD Will Use Commercially Available…
Q: What has been learned recently about GNSS RF jamming and spoofing events? What tools are available online to track and investigate these events? - Inside GNSS - Global Navigation Satellite Systems Engineering, Policy, and Design (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Kimberely Baumbach CPA

Last Updated:

Views: 5944

Rating: 4 / 5 (61 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Kimberely Baumbach CPA

Birthday: 1996-01-14

Address: 8381 Boyce Course, Imeldachester, ND 74681

Phone: +3571286597580

Job: Product Banking Analyst

Hobby: Cosplaying, Inline skating, Amateur radio, Baton twirling, Mountaineering, Flying, Archery

Introduction: My name is Kimberely Baumbach CPA, I am a gorgeous, bright, charming, encouraging, zealous, lively, good person who loves writing and wants to share my knowledge and understanding with you.