In GPS (Part 2), I had announced that Section 4 "Artificial Errors" from GPS (Part 2), due to the current situation and from the point of view of increasing importance for GNSS use in a separate GPS (Part 3) will by me closer illuminated .
It is already clear to me that I'm moving in a border area between real disruptive influences on the GNSS functionality and artificially conjured influences under laboratory conditions and in experimental setups, which show the various possibilities of vulnerability of GNSS, but have partly little to do with reality.
In my considerations, I refer exclusively to merchant shipping to clarify this from the outset.
The vulnerability of GNSS in shore-based use is definitely different and to be regarded as much more risky than on the high seas.
The balancing act between conjectures, assumptions, unproven theories and media exploited reports of alleged spoofing attacks is another extremely explosive minefield compared to the real threat. often are the required evidence missing to reconstruct published accusations in order to be able to understand it both technically and physically. Which, of course, questions the credibility of such reports, because unfortunately the propaganda cudgel is often unpacked in order to beat political capital out of it.
I have to say first that these categories of errors, with which I deal in this article, are technical errors that are based on other technical systems used by humans, using electromagnetic waves that cause interference that affects the used GNSS frequencies with disruptions which massively influenced with wrong positions and movement parameter and sometimes they are so hard disturbed that receivers aren't able for an usage. Of course, this has decisive negative effects on the position determination and movement parameters using GNSS.
Like all systems that work on the basis of electromagnetic waves, GNSS is a system that is also susceptible to interference due to the use of electromagnetic waves. This is where factors come into play that are of great importance because they can have a massive negative impact on all current GNSS. All electromagnetic systems have one thing in common, they can be intentionally or unintentionally disturbed by other or the same electromagnetic technical systems, so that their use is restricted or even impossible. This shows the vulnerability of all electromagnetic systems, which should not be underestimated.
Civilian GNSS' in particular, and here in particular GPS, which have made their way into everyday life, technology and business, pose an immense risk of being manipulated.
I want to deal with these problems in the following comments on "Artificial Errors" in order to clarify to users of GNSS which possibilities of technical manipulation of GNSS exist and how they are noticeable.
I connect the error classification according to the classification of the error categories used in GPS (part 2) and continue with the 4th section mentioned in part 2.
4. Artificial errors
Here we have to make clear distinctions between:
-intentional errors
a) Selective Availability (S / A)
-accidental interference
a) GNSS receiver antenna error
b) Radar systems
c) Radio navigation systems
d) Telecommunications
e) Pseudolites
f) Wi-Fi
-intended interference
a) Jamming
b) Spoofing
c) Meaconing
4.1. Deliberate errors
In GPS (Part 1) I gave remarks into the technical possibilities of being able to trigger targeted position falsifications by operators of GNSS and thus influence the accuracy of GNSS.
S/A (Selective Availability) is not a unique selling point of GPS. Every operator of GNSS has the possibility to put such a tool S / A into operation. Especially with the background that GNSS is also used in military use.
GPS (USA), GLONASS (Russia) are originally military systems that are released for civil use with restrictions, but are under the control of the national ministries of defense.
BAIDOU, the Chinese GNSS, is being build up with the clear goal of becoming independent of GPS and it is obvious that here, in addition to civil use, the military use by China's armed forces is the goal.
GALILEO, the European GNSS is, according to GSA (European Global Navigation Satellite System Authority), an open system that is under the civilian control of the EU. However, the legitimate question is how long this civilian control can be maintained, given that it should also be available to NATO. So it is a question of time how the following requirement can be derived:
"There is a need for GPS/Galileo interoperability for NATO military capabilities that are dependent on space-based systems to ensure their reliability and integrity. Galileo has a civilian portion and a public regulated service (PRS), which is an encrypted navigation service, restricted to governments that use it mainly in military applications. PRS has anti-jamming and anti-spoofing capabilities, and is reserved for certain users within EU member states. The US needs to negotiate access to the PRS signals. When and if GPS fails to operate, Galileo is designed to provide civilian and military services for the US as well as for Europe. There is no interoperability issue between Galileo and GPS, as these points were discussed and solved in the framework of the EU–US agreement of 2004. The US needs to negotiate access to PRS signals. There is no agreement yet for Galileo to replace GPS in case of the latter’s failure”
www.chathamhouse.org/publication/cybersecurity-nato-s-space-based-strategic-assets/2019-06-27-Space-Cybersecurity-2.pdf
It should be clear to all users of GNSS, that the accuracy can be significantly influenced by operational owner. Independent which system will be used. These deviations can be in range from several hundred meters to several nautical miles. Even if S/A was switched off for GPS in 2000, it does not mean that it cannot be reactivated. This applies to all GNSS.
4.2. Accidental interference
I would like to say in advance that I have been following headlines and reports relating to GNSS faults, especially GPS, for a long time. I enjoy many of these reports with great caution, because I get the impression that elementary factual arguments are completely ignored here and that there are obvious trends that have large question marks.
4.2.1. Frequency basics
Anyone who knows a little about frequency and radio technics know, knows that satellite signals with a power of <100 W (102 W ≈ 20 dBW) are sent on the journey. This is due to the fact that satellites only have limited technical capacities, including in terms of transmission power. Given the distance of the Earth's orbits from GNSS satellites of more than 19000 km, it can be explained from the physical logic that these signals have to accept a not inconsiderable loss of signal strength due to the physical influences described in the previous chapters. So that a signal of only -160 dBW (≈10-16 W) arrives at the receiver. So a very weak signal, which can be disturbed by any stronger signal that meets the physical requirements. As a comparison: Mobile radio signals have a level of -80 dBW, which is a considerably stronger signal than GNSS satellite signals. To get an idea of what I'm writing here, a little explanation:
The signal strength is measured using a negative scale in decibels milli watts (dBm) or decibels watts (dBW).
The higher the measured value, i.e. the closer to 0, the stronger the signal. A value of e.g. -50 dBm (-80 dBW, (≈10-8 W) is for GSM/ UMTS very good signal, a value of -113 dBm (-143 dBW, ≈ 5 * 10-15 W) is a very weak signal with GSM / UMTS. As a reminder, a GNSS satellite signal has a signal strength of -160 dBW at the receive
4.2.2. Possible sources of accidental interference
The extremely low reception power of a GPS signal provides prerequisites for its susceptibility to unintended interference, such as interference by out-of-band emissions. These can originate from telecommunications and electronic systems that operate in neighboring bands or in bands that are relatively far from GPS bands, such as FM / TV transmitter harmonics, AM transmitters and mobile phone networks. These disturbances are unintentional interferences with the GNSS satellite signals.
And this should also be taken into account that satellites of the GNSS can also transmit non-standard C/A codes during their maintenance phases, which have a disruptive effect on GPS operation.
4.2.2.1. Ultrawide band technology
There has been a discussion for some time now to extend the Ultrawide Band Technology (UWB) to the GPS frequency band. This new, interesting frequency technology is expected to provide many new, innovative applications in wireless networking through short-range communication of short-range IT components, the so-called indoor location. This technology is also used in the outdoor area. However, tests have now shown side effects that have a negative effect on GNSS and can seriously disrupt the GNSS position determination.
4.2.2.2. Computer games / programs based on virtual satellites
For this, electronic games must also be counted, which are able to negatively influence GNSS on the basis of virtual satellites (up to a maximum of 12 satellites). "PokémonGO" is undoubtedly one of the most famous electronic games. But there are also a number of other providers that offer such GPS variants.
As already mentioned above, it is possible to inadvertently interfere with or overlay GNSS signals by other radio systems. This ranges from influences to falsify the receiver positions to complete signal interference that can make position determination impossible. There are now extensive scientific and technical publications in the specialist literature, which have been confirmed by numerous laboratory and practical tests. It clearly indicate that this interference can also be triggered by frequency bands that are further away from GPS.
4.2.2.3. VHF frequencies (radio stations)
It is now known and also proven that under very specific conditions FM frequencies are able to interfere with GNSS signals. The following example gives an insight into how this can be done:
For example, the 15th harmonic (14th overtone) of the mixing oscillator falls exactly on the civil GPS frequency L1 (1575.42 MHz) if a frequency of 94.3 MHz is set on an FM radio. This can lead to reception errors on the GPS receiver in the immediate vicinity of the radio.
Briefly to explain what is meant by harmonics and overtone:
In classical physics and technic, a harmonic is a harmonic oscillation whose frequency is an integral multiple of a fundamental frequency. A harmonic above the fundamental frequency is also called upper vibration, sometimes also upper wave and in the music it will be called overtone.
The fundamental is the 1st harmonic, an octave above it is the 2nd harmonic, which is the 1st overtone. The overtone is always numerically smaller than the harmonic. Even numbered harmonics are odd overtones and vice versa.
4.2.2.4 Mobile networks (GSM / UMTS / LTE / WLAN)
It is known that WLAN networks in the ports, which are used to locate containers by gantries and vehicles, massively interfere with GPS reception in some ports of the world, and even make it impossible. Only after completing the loading work, when the WLAN port systems were switched off and gantries moved to the starting position, could GPS reception be unimpeded again. I have observed this phenomenon several times in some ports and of course I was interested in finding the reason for it. After initial ambiguities, it quickly became clear when looking at the respective national frequency plans that the originators of this were WLAN and mobile networks, which were either close to the GPS frequencies and sometimes even overlapped. So a relatively clear matter of unintended interference.
It is also known that in port entries, canals and on rivers, i.e. surrounded by land, GNSS can be impaired, which leads to incorrect position / course / speed information.
In addition to mobile radio / WLAN frequencies, multipath transmission of the satellite signals must also be taken into account here.
4.2.2.4.1 In-band Jamming
In general, the signal frequency of the interfering transmitter in the case of in-band interference is very close to the RF center frequency of the transmitter. The figure on the left shows the case of a GPS transmitter. These in-band noise signals are mainly caused by upper oscillations, bus systems, etc.
4.2.2.4.2 Out-band Jamming
In the case of out-band interference, the signal frequency of the interfering transmitter differs from the RF center frequency of the transmitter. The figure on the left shows the out-of-band interference signal with the carrier frequency of the GPS transmitter. These out-of-band interference signals are mainly caused by nearby radio transmitters from other systems such as GSM (Global System of Mobile Communication - is replaced by UMTS/ LTE), WCDMA (Wideband Code Division Multiple Access - UMTS / 3G), LTE Term Evolution - 3G / 4G / 5G), WLAN, Bluetooth etc. caused.
www.rfwireless-world.com/Terminology/rf-jammer.html
I deliberately avoid the term jamming, but rather relate it to interference, although this type of interference can be equated with jamming.
4.2.2.4.3. Are mobile networks able to interfere with GNSS signals? - A possible physical-technical explanation
Again and again one finds interference of the GNSS signals by mobile networks in Asia, also known as Outband Jamming. This is by no means the exception, especially in regions with high GSM / UMTS / LTE coverage. Shanghai is a highlighted example. Baoshan and the Huangpu River in particular, which is also used by seagoing vessels because there are several terminals. This region is an examples of the fact that extensively expanded mobile networks, UMTS (3G), LTE (4G) and now also 5G mobile networks, are not without effects on GNSS receivers remain and sometimes leading to completely inexplicable jumps in position. Which could be based, on a logical explanation
In China, UMTS FDD and TDD (Time Division Duplex) are used in contrast to Europe, where almost only UMTS FDD (Frequency Division Duplex) is used. With UMTS TDD, the mobile and base stations transmit in the same frequency band, but at different times. While with UMTS FDD mobile and base station transmit in two different frequency ranges. The mobile device sends in the uplink channel and the base station in the downlink channel.
In China, 1800 MHz and 1900 MHz are used for (4G) LTE (Long Term Evaluation).
It is known that in China and not only there, but also in other parts of the world, the 1710 MHz band and 1810 MHz band are occupied with UMTS and GSM communication. Both systems have high transmission powers.
The 3rd order out-of-band intermodulation of the LNA (Low Noise Amplifier) at 1710 MHz and 1810 MHz frequency
result in distortion components in the GPS bands. And here is an interesting constellation:
Assume: UMTS FDD 1800: f1 = 1713 MHz
UMTS FDD 1900: f2 = 1851 MHz
then it is possible to find the 3rd order component, which results as follows:
f3 = 2 * f1 - f2; this results in the frequency 1571 MHz,
and this in turn corresponds to the L1 frequency of GPS. However, the amplitude of this component depends heavily on linearity of the LNA (Low Noise Amplifier).
So it becomes apparent that it has little to do with spoofing. Since the mobile radio frequencies have a higher reception field strength, an unintentional negative influence on the GPS data, such as position, course and speed, is within the realm of possibility. This could be avoided if appropriate high-quality filters are used that suppress the interference signals.
Taking into account the serious differences in the signal strengths of GNSS signals and mobile networks that I mentioned are interference not a devil's work of spoofing, but rather the result of unintentional interference that results from overlaying and thus disturbs the GNSS signal. Which of course can lead to incorrect GNSS information. The public media reaction and unwrap the Spoofing and Jamming hammer especially by US institutes, does not exactly testify to really trying to get to the bottom of the causes of such events, but to exploit the whole thing as a populist campaign.
Thereto an interesting case of C4ADS
4.2.2.4.3.1. Who is C4ADS?
C4ADS (Center for Advanced Defense Studies) is a non-profit organization based in Alexandria, Virginia, near Washington D.C. The majority of its staff consists of former members of the US Armed Forces and special agents. There is concentrated IT knowledge represented by MIT and Intel. And yet I am critical of these reports, because they are obviously one-way.
In November 2019, C4ADS reported alleged jamming and spoofing attacks on the Huangpu River in Shanghai and one of the container terminals that were registered by a ship in the US- Madlock Container fleet in August 2019. The Captain had reported jumps in the AIS position, of approx. 3 km southeasterly direction of the original position and as well course and speed jumps.
Unfortunately there is no information on the GPS values from the GPS submenus of the GPS receivers for the "GPS status" (such as PRN, HDOP, VDOP, GDOP, SNR, satellite height, number of satellites, RAIM status, DGPS beacon information). These could provide a first indication of external influences. The included graphics are unfortunately insufficient to allow a clear problem assignment.
4.2.2.4.3.2. A “Spoofing Case” analysis
For a brief explanation, since I know this area from my own experience:
The CT Terminal PTC is located on the west bank of the Huangpu River, 3.4 nm southeast is the Shanghai Pudong Jingao Electric Coal Power Plant, which is seen in the graphics below as a ring-shaped output of the faults. Normally in this section of the river is not navigated with using GPS as main source for vessels position, but visually and using radar navigation due to an extensive traffic. GPS is only used as a backup.
I have taken the trouble to analyze the part of the report on MS "Manukai" published by C4ADS. Because from my understanding it is not understandable why the Chinese should do spoofing / jamming there. That doesn't give logic.
Using my own local knowledge, the C4ADS report, Google Earth and the city map of Shanghai, it can be seen that the C4ADS report did not look at the local locations at all. Then it should have been recognized that the supposed spoofing / jamming source is located on the site of the Shanghai Pudong Jiangao coal power plant, very close to the generator house and the transformer station. So it cannot be ruled out that the electromagnetic fields of the transformers can influence the environment and thus GPS signals. Because wherever high-voltage systems of 110 KV -380 KV and more are located, it is obvious that electromagnetic fields are initiated. However, I don't think it is possible to influence GPS, especially not at a distance of 3.4 nm. It also makes no sense to falsify the position of the power plant, since it is even visible from the Yangtze River. The picture on the left is a comparison that confirms that the source named by C4ADS is located exactly on the site of the named coal power plant.
SKYTHRUST images even show the exact location of the source of origin on the roof of the generator house of the Shanghai Pudong Jingao Coal Power Plant. Unfortunately, exactly at this position it is not possible to see what the cause of such disturbances should be.
I want to make it clear that spoofing and jamming cannot be excluded. I am also one of those who dismiss spoofing and jamming not as fantasy stories, but see it as a serious security problem. However, there is always the question of the meaning and purpose of such actions.
The occasional assumption that the Chinese Navy is to be seen as the originator of spoofing makes no sense at all. Anyone who knows the local conditions knows that there is a naval base of the Chinese Navy at the mouth of the Huangpu River to the Yangtze River, which has to pass through every ship entering / leaving the Huangpu River. So what is there to be veiled when everyone can see which naval ships are stationed there. The position of this naval base has been known for decades.
As can be registered at all, that there are huge westerly efforts to interpret the alleged spoofing capability of China and the Chinese ports.
4.2.2.5. Aviation navigation systems TACAN / DME
Numerous publications can be found in the specialist literature that deal with the negative effects of interference from distance measuring systems of aviation at airports, such as TACAN / DME on GPS signals. It is pointed out again and again that such interferences in no way exclude falsifying GPS positions and can lead to incorrect course and speed information on GPS receivers. This has also been proven experimentally.
4.2.2.5.1 A further “Spoofing Case” analysis
In August 2017, the online edition of “New Scientist” reported on an incident in June 2017 in the port of Novorossiysk in the Black Sea / Russia, in which a captain reported that his AIS GPS position was approx. 32 km (approx. 17 nm) was relocated inland, to the Russian airport Gelendzhik. 20 other ships are said to have been affected by this incident. Their AIS GPS positions are also said to have all been relocated to Gelendzhik Airport.
The picture below gives an overview of the region, the location of the airport and the VORTAC type of navigation system used there. The details of the flight navigation system shown are original aerial photographs of the airport. The specified frequencies are based on ITU and ICAO frequency allocation tables, so they are real.
C4ADS reported that from 2016 to 2018 there was regular impairment of GPS AIS data from ships in this region and assigned the authorship to the Russians. It opens the question why are only the GPS AIS data effected. What is about the GPS receivers which were used for navigation? Then they should have been affected too. Are in AIS GPS receivers and GPS navigation receivers different filter systems or antenna constellations installed to reduce the risk to be effected by jamming and spoofing? Why are there no information published about data in submenu "GPS Status"?
I spent a longer time in the Black Sea in late spring and summer 2017 with port stays and can say with a clear conscience that I have not encountered any such disturbances during this time.
4.2.2.5.1.1. Short introduction about Gelendzhik airport
Gelendzhik Airport is an exclusively national Russian civil airport, which is 24 km (approx. 13 nm) SE from Novorossiysk, operated by BASEL Aero, a Russian consortium with Japanese participation (also the airports of Sotchi, Anapa and Krasnodar) and located directly on the coast. Gelendzhik is one of the most famous Russian holiday resorts on the Black Sea and Gelendzhik Airport is a joint venture with the Changhi Airport Group in Singapore. So the term inland is not applicable and 32 km (approx. 17 nm) from Novorossiysk is also questionable.
The above incident was categorized as spoofing activity by C4ADS and it was speculated that the Russians may have tested a new spoofing system. But there is no evidence to support this conjecture. The alleged spoofing attack by a Russian submarine has not been confirmed and, in my view, very far-fetched.
DME / TACAN - what purpose do they serve?
Airports operate a DME (Distance measuring equipment) / TACAN (Tactical Air Navigation) system for flight navigation.
4.2.2.5.2. Explanation for TACAN and DME
TACAN
is a military tactical navigation system based on aviation beacons, which enables 2-dimensional flight navigation (inclined slant range measurement, target course measurement from the aircraft to the airport and reverse). The range measurement system can also be used for civil aviation and can also be coupled with a VOR whose name is then given as VORTAC
It is interesting to know that the TACAN signal strength at the receiver is specified by manufacturers as -94 dBm (-124 dBW) to -70 dBm (-100 dBW). This means that their signals, are significantly strengthen than the received signal strengths from GNSS .
Incidentally, TACAN is also used in the navy on board ships intended for the use of helicopters and airplanes
For Gelendzhik, the following information can be found in the frequency allocation tables of ICAO and ITU:
Gelendzhik Airport is equipped with a VORTAC system and works on the TACAN / DME channel 90X GNZ, which means:
VOR works at 114.30 MHz,
TACAN / DME works in Airborne (Interrogate) mode at 1114 MHz
in Ground based (Reply) mode at 1177 MHz,
pulse code 12 μs
These frequencies are permanently assigned internationally and can’t be changed arbitrarily
DME
is a civil aviation radio navigation system for pure slant range measurement between aircraft and airport. The DME is based on secondary radar technology.
Secondary radar: is a radar that works with active targets and can therefore work with less power. An interrogator sends a data signal that the transponder actively replies with a "reply". This answer can contain additional information on the altitude, as well as friend-foe detection.
The distance measurement component of the DME can also be used for military aviation.
To enable two-dimensional navigation, it is combined with VOR (VHF Omnidirectional Range), a system for determining the azimuth), also known as VOR / DME. Both frequencies are coupled with each other.
TACAN and DME have in common that they can both be coupled with components of the ILS [Instrument Landing System (ILS) / Localizer (LOC) / MLS (Microwave Landing system). Also referred to as ILS / DME, LOC / DME, VORTAC.
ILS is based on two radio beacons and is used by the pilot to align the aircraft between these beacons horizontally and vertically during the approach to the runway and to enable a safe landing.
ext.eurocontrol.int/aixm_confluence/download/attachments/
4.2.2.5.2.1. Principe of TACAN/ DME Operation
TACAN / DME are operated together in the UHF frequency range from 962 MHz to 1213 MHz using the following procedure:
The call frequencies from the aircraft (interrogative) and response frequencies (reply) from the airport are assigned to different channels with different frequencies
X-Mode: Channel 1 (1025 MHz, interrogative - 962 MHz, reply) to
Channel 126 (1150 MHz, interrogative - 1213 MHz, reply),
pulse interval interrogative - 12 μs,
reply - 12 μs,
delay - 50 μs
Y-Mode: Channel 1 (1025 MHz, interrogative - 1088 MHz, reply,) to
Channel 126 (1150 MHz, interrogative - 1087 MHz, reply),
pulse interval interrogative - 36 μs,
reply - 30 μs,
delay - 56 μs
Depending on the height range, the DME transponder ranges are:
DME terminal (ground), transponder range 25 nm
DME LOW Altitude <18000 ft, transponder range 40 nm
DME HIGH Altitude 18000 - 45000 ft, transponder range 130 nm
In US publications are reported reliable signals in light if sight altitudes ranges up to 199 nm (always under consideration of slant distance).
VOR , works in the VHF frequency: range between 108 MHz and 117.95 MHz
So we find in the frequency range from 962 - 1213 MHz DM/TACAN frequencies that overlap with GNSS frequencies. As already sufficiently stated, GNSS are operate in the frequency range from 1164 to 1610 MHz.
Therefore, in many countries, but not all, there is an agreement to keep a frequency hole centered on the frequency of 1176.45 MHz to protect the GPS L5 frequency from interference. L5 is primarily used for aviation.
GNSS frequencies:
GPS L1: 1575,42 MHz/ L2: 1227,6 MHz/ L5: 1176,45 MHz
GLONASS M 1: 1246 MHz L2: 1602 MHz /
GLONASS K L1: 1600,995 MHz, L2: 1248,06 MHz/ L3: 1202,25 MHz/
GLONASS KM 1575,42 MHz/ 1176,45 MHz (GLONASS in future)
BEIDOU B1/ B2 : 1569,098 MHz/ 1207,14 MHz / B3: 1286,52 MHz
In the future, VOR/DME and ILS/DME are to be replaced by GBAS (Ground Based Augmentation System), which is broadly comparable to the DGPS-System of maritime shipping to increase accuracy. (DME approx. 180 m / GBAS approx. 5 m)
But back to Gelendzhik. Since it is an exclusively national Russian airport, it can be assumed that GLONASS and not GPS is used for flight navigation. From the background alone, to be autonomous in satellite navigation and not to be dependent on GPS. After all, with GLONASS the Russians have their own tried and tested satellite navigation system. What it enables to work independently of GPS.
4.2.2.5.2.2. Accidental interference by TACAN / DME from maritime GNSS - is spoofing a fiction or reality?
The supposed GPS manipulation by spoofing by the Russians regarding the events published in the Western media does not make any real sense, even considering all known technical possibilities.
However, what makes sense is the fact, that in specialist literature are reported, which are been proven on the basis of scientific studies, that DME/ TACAN is very well capable of disrupting GNSS and in this specific case reference was made to GPS. DME/ TACAN can overlay and influence GPS signals under very specific conditions, which can be reflected in the significantly distorted position information of ships compared to the actual position. An accidental interference, also derived from the TACAN/ DME signal ranges listed above, cannot be excluded.
What is striking in this regard is that several cases have already been reported in which anomalies of GPS receivers on ships were observed, particularly in the vicinity of airports.
C4ADS even goes so far that spoofing attacks towards Novorossiysk/ Gelendzhik have been registered from Vnukovo airport near Moscow, 1215 km as the crow flies north of Gelendzhik. I think that's more than questionable, if not to say adventurous. The maximum possible range for DME, even after the U.S. Aeronautical Information Manual, is given as 199 nm, whereby a slant distance must be assumed here and not a horizontal distance.
We also find similar phenomena off the Egyptian Mediterranean coast near Port Said, here too US speaks of spoofing, which I doubt. A look at the Egyptian frequency plan regarding TACAN/ DME frequencies gives the analog picture, as in the Novorossiysk case. Here in Port Said there is also an airport with TACAN / DME directly on the coast.
The GPS interferences occurring on the Syrian coast is associated with the Russian military base in Latakia. This might be but a clear evidence doesn't exist.
Surprisingly, almost no word is said about the GNSS interference occurring and registered off the Israeli coast.
4.2.2.6. Pseudolites
Terrestrial transmitters that emit signals that mimic those of a satellite are named as Pseudolites (pseudo satellites). They serve to increase the local measurement accuracy of GNSS and are primarily used in aviation, but also have other areas of application. For GNSS receivers, pseudolites appear as additional satellites. With a correspondingly high signal level, they are able to superimpose original GNSS signals, which can lead to distortions in the position information.
In order to ensure economic use of the available resources, i.e. GNSS receivers and pseudolite frequencies, the carrier frequencies of the pseudolites are designed so that they can be received with the existing hardware, i.e. GNSS receivers. So they use similar frequency ranges that are in the range of the L1 frequency of GPS, but not exactly the same. When using the same or similar carrier frequencies, the signaling problem referred to as the NEAR FAR Problem arises with the following background. The signal strength of the transmitters of the pseudolites is strongly dependent on the distance between transmitter and receiver, while GNSS signals have a relatively constant signal strength at a very low level, which has the following effects:
Short range: The pseudolite signal is stronger than the GNSS reception signal, which means that it is overlaid.This causes receiver noise at the GNSS receiver, similar to jamming (<= 50 m)
Intermediate range: The pseudolite signal and the GNSS receive signal are approximately equally strong,
which means that both can be received by the GNSS receiver (> 50 m to 50 km)
Far range: The pseudolite signal is too weak to be received (> 50 km)
This shows that even for GNSS receiver on vessels, if the airports are located directly on the coast, a negative influence by pseudolites can't be ruled out, which might be reflected in incorrect positions.
I is not known whether and to what extent pseudolites are used for Airport Gelendzhik, but would possibly explain some of the abnormalities described.
The European GLNSS Galileo also uses pseudolites to increase accuracy. Corresponding known test areas for Galileo were established in Bavaria and in Lower Saxony / Germany.
In 2013/2014, the experimental project SEA GATE (GAlileo TEst) was initiated on the shipping level in the Rostock overseas port by the Institute for Earth Measurement at the Leibnitz University in Hanover. With the topic – “Positioning and navigation in seaports” -, based on pseudolites and Galileo GNSS. Interestingly, it was found that the GPS L1 frequency broke off several times when passing the pseudolites, as described above under Near-Far Problem. As well was registered that WLAN antennas in the closer area also triggered such an effect.
4.2.2.7 Illustration - what power interference signals need to interfere with GNSS reception.
The German Aerospace Center (DLR) in the Helmholtz Association gives the following statement:
To disrupt the signal, relatively low powers are sufficient for this. To get a reference to this, I will go into aviation.
Assuming, for example, the limit values of -102.5 dBm interference power (free space spread) valid for European aviation, a low interference power of 1 mW within a radius of 2 km (approx. 1 nm) would violate this limit value. A 1 W transmitter would do this within a radius of approx. 65 km (approx. 35 nm). Here you have to be aware, however, that 1 W can be the approximate radiation power of a cell phone, but also the harmonic of a radio station that transmits at 1 MW, but is attenuated by 60 dB by the transmitting filters.
These values can easily be transferred to seafaring.
I is not known whether and to what extent pseudolites are used for Airport Gelendzhik, but would possibly explain some of the abnormalities described.
4.2.2.8. Media jamming / spoofing campaigns
In the past had been sensational pronouncements by the media around the world published and reported about jamming and spoofing activities, in which the ability to usage of GNSS / GPS for ships or aircrafts had been shown as very limited or manipulated. Strangely enough, countries are repeatedly mentioned which would use GNSS spoofing / jamming capacities. This is all only based on assumptions. So far, really hard verifiable and reconstructible evidence has not been presented. All published graphics found do not provide conclusive answers about the causes of such interferences.
No matter if Russia, China, Iran, Syria, North Korea and others. It is portrayed as if only these countries have such capabilities to disrupt or manipulate GNSS. The by media's lead analyzes of such pronouncements are primarily based on US sources such as C4ADS, the USCG Navigation Center (USCG NAVCEN) and MARAD (US Maritime Administration).
Surprisingly I found nowhere a published report from Russia, China, Iran, North Korea about GNSS Spoofing and Jamming activities by western countries. May be they treat such activities as secret and it must be reminded too that Russia with GLONASS and China with BAIDOU have their own GNSS, which are not so mass used like GPS used. This reduces obviously the danger to become interfered.
Norwegian and Finnish authorities have also pointed out several times in the recent past that their northern regions, presumably starting from Russia's northwest, are interfered by jamming methods what hampers the use of GPS, particularly in aviation and for the SAR organization in this region sensitively. For this purpose, the Russian Foreign Minister Lavrov, who rejected these allegations as baseless, specially arranged a meeting with Russian representatives in Oslo with the Norwegian authorities to discuss the allegations and their evidence. Unfortunately, nothing has been announced about the results of these discussions. It would be interesting to know what is true or fiction about these allegations.
(source: https://thebarentsobserver.com/en/security/2019/03/04, Jamming of GPS signals in the period during NATO exercise Trident Juncture, 2018. Map-illustration: Norwegian Intelligence Service)
4.2.2.9 Brief Summary to "Accidental Interferences"
It is possible to inadvertently interfere with or overlay GNSS signals through other radio systems. This ranges from influences to falsify the receiver positions to complete signal interference that can make position determination impossible. There are now extensive scientific and technical publications in the specialist literature, which have been confirmed by numerous laboratory and practical tests. It clearly indicate that this interferences can also be triggered by frequency bands that are further away from GNSS frequency band.
4.3. Intended Interferences
By intended interferences we mean targeted interventions in the function of GNSS by means with extern technical systems with the aim of deception, concealment, disability and functional incapacity. So there is always a concrete intention to pursue a very specific goal. In military sector, this is also known as ELECTRONIC WARFARE. Meanwhile, the term NAVWAR (NAVigation WARfare) has found its way into military usage. NAVWAR is defined by the US Department of Defense as follows:
„Deliberate defensive and offensive action to assure and prevent positioning, navigation, and timing information through coordinated employment of space, cyberspace, and electronic warfare operations.”
(Source: US Department of Defence, Dictionary of Military and Associated Terms)
With appropriate background knowledge of the principles and goals in electronic warfare, it becomes obvious that GNSS, as a globally used satellite-based radio navigation system, is of course the target of electronic warfare for civilian and military users. Its obvious. As a former head of a Combat Intelligence Center (CIC) aboard of frigates of the German Navy, electronic warfare is therefore not a book with seven seals for me. Except for the fact that NAVWAR didn't play such an important role in my active service time, as in presence. Even more important it will become in the future.
The mass introduction of GNSS into everyday life naturally also brings to the light those forces who have made it their business to use GNSS for their purposes as a means of electronic warfare. The susceptibility of civilian systems to such attacks is many times higher, since they are designed to minimize costs, so that security-relevant components are naturally subject under cost aspects to neglect. While military systems have to meet the requirements of high security. And therefore security-relevant components have to be implemented from the outset.
Electronic warfare is not limited to the "axis of the bad guys", as is presented to the public in the lurid "Spoofing and Jamming Messages" of the western media world. This is completely unrealistic. All governments, their secret services and their armed forces, which have the technical potential to wage electronic warfare, make extensive use of this. Active and passive disturbance of sensors (e.g. sea and airspace surveillance radars, weapon control radars etc.) and communication with the target - the disturbance of data acquisition, target acquisition and control of effectors (e.g. missiles) is one of the most essential components of electronic warfare in interaction with electronic surveillance and reconnaissance. This does include satellite communication systems and satellite navigation systems. The fact that GNSS is now being used in large numbers in civilian and military use also makes it a to focus in electronic warfare. Civil shipping is affected in any case, even if great efforts are made to reduce these vulnerabilities by means of technical solutions.
But it has to be clearly pointed out again that not everything that is reported as jamming or spoofing has to do with it, but must be searched in the category "Accidental interference" due to overlaps with is related to other radio electronic systems. It is not always apparent at first glance that this is an unintentional interference.
4.3.1. What types of NAVWAR are there?
4.3.1.1. Jamming
GNSS Jammers are jammers for the signals from GNSS / GPS, i.e. satellite-based systems for worldwide positioning. I deliberately do not separate into GNSS and GPS, because all operated GNSS can be deliberately disturbed by jamming. The principle is simple:
The British Royal Academy of Engineers describes jamming as follows:
“The crudest form of jamming simply transmits a noise signal across one or more of the GNSS frequencies, to raise the noise level or overload the receiver circuitry and cause loss of lock.”
(Source: The Royal Academy of Engineering, 2011, “Global Navigation Space Systems: reliance and vulnerabilities”, page 22)
Jammers vary in power and capability and used to block GPS enabled tracking. It can also be used for harassment, to disorientate navigation and positioning information.
The principle is simple. Jammers with higher used reception signal strengths overlay the very small reception signal strengths of the satellite signal and disturbe them. If these jammers are provided with additional noise modulation, the reception signal from the satellite becomes unusable for the receiver and can no longer be recognized. The result is a total failure of the GNSS receiver. Position information / course and speed values of the ship are heavily falsified or impossible for the period of the disruption.
Due to the low level of interference energy required, a GPS jammer for the near field (approx. 10 m) can be very small.
Jamming over long distances requires more technical effort and is easier to recognize.
The risk of GPS interference in civil and military areas increases significantly with the increasing use of GNSS. This is also due to the fact that more and more frequencies are being made available for commercial use, so that interference with GNSS frequencies occurs that can only be detected indirectly and cannot be excluded. Even if they are sometimes far outside the used GNSS frequency window
In addition, everyone can buy jammers at a very cheap price and their dimensions can be hidden in almost any location
Why private individuals buy such jammers is an interesting question, because strictly speaking they are not needed by private individuals and their use is illegal. Unless certain questionable goals will be pursued. Like, to avoid toll costs on highways and streets or to use them to disguise criminal acts, what had been in past proven. Organized crime is known to be able to work with the most modern systems to cover up its activities.
Mobile jammers are small, handy and you are able to achieve large interference effects on GNSS signals with little effort. However, they are spatially limited to a few 10 m to 100 meters.
Of course, it must be pointed out that at open sea it can't be assumed that such jammers as are used ashore will be used. However, one should be aware, despite ISPS, it takes little effort to get mobile jammers on board, which are able to make navigation by GPS impossible. Especially since they can be easily hidden in switch cabinets of the bridge equipment and can even be provided with a main connection. Although there is the option of installing standard LNA (Low Noise Amplifiers) that are effective against jamming, they are not able to completely prevent jamming. This then requires greater technical effort. Today's satellite receivers used in civil shipping on board are currently not adequately equipped with technical antidotes in such scenarios.
It is currently believed that the European Galileo GNSS is able to reduce jamming due to its possible compatibility with GPS and additional frequency bands. But they can't be completely prevented.
4.3.1.2. Spoofing
is an active external intervention in the GNSS operating system. It is an active data manipulation by means of an external radio transmitter, in which falsified data overlaps / overwrites the original GPS / GNSS signal because they are much stronger than the GNSS signal. As a result, incorrect or incorrect positions are manipulated, which of course represent a serious interference in navigation security in all areas of the use of GNSS. They require a slightly higher technical effort as jamming.
But even here it is possible to do spoofing with relatively little technical and financial effort and with cheap options < 300 euros, the software can be downloaded from the Internet as open source software by everyone. Which is also an indication that everyone who knows a little about frequency technology is able to manipulate GNSS using spoofing.
However, it must also be made clear that these cheap technical variants can only have negative effects on GNSS only in the coastal area. At high sea they have no effects to GNSS signals and receiver. As is easy to see, also in this case I am writing GNSS and not GPS. For a good reason, since all existing satellite navigation systems are affected, including GPS!
I have repeatedly found that the media reported that AIS positions were falsified. Read carefully: AIS positions. AIS is a passive satellite reception system whose position data is received by GPS / GNSS, the active data exchange between ships and shore stations takes place via VHF. And what about the GPS receiver data for navigating a ship? Are they not involved in these GPS manipulations?
Let's note that it is now common practice in electronic nautical charts that, for example, electronic sea markings in coastal areas are given a virtual AIS identifier, but are not available as real objects. So what are these sensational "news" that AIS can be manipulated. This has been known for a long time.
Every object, including a ship, can be virtually brought to another position, with completely wrong information on course, speed and position data. To keep making the headlines that the Chinese are pioneer in thus field is complete nonsense. Any nation with the technical prerequisites can do that. And there are quite a lot of them.
However, it must be clearly restricted that these tools have no effects on the high seas.
A small addendum to think about, the manipulative moving of an AIS target to a completely different position by spoofing to hide it only makes sense if there is a cloud cover what the affected target/ object conceals against prying eyes from space. Today's possibilities of satellite photo / IR / UV reconnaissance are able to unmask spoofing. And even relatively quickly.
Spoofing as a measure to irritate the ship command in coastal waters, on harbour approaches or confined areas sometimes reported as take over of the control of a ship is if all regulation of careful navigation are followed nonsense. To this point more in a following section.
4.3.1.3 Meaconing
Meaconing is derived from Masking Beacon.
It is a special form of spoofing. A signal received at the antenna is manipulated in real time and sent back with another antenna with a higher signal level, with the aim that the manipulated signals are read on the GNSS receiver and thus position, course and speed are falsified.
In its 2011 publication, The Royal Academy of Engineering defined in "Global Navigation Space Systems: reliance and vulnerabilities" - meaconing in the following sense:
“Meaconing is the interception and forwarding of navigation signals. These signals are retransmitted on the received frequency, usually at a higher power than the original signal, to confuse enemy navigation. As a result, planes or ground stations receive inaccurate bearings.
Meaconing is a bigger problem for the staff in the navigation assessment than for the radio operators. However, communication transmitters are often used to send navigation signals. Since the communication staff operates the transmitters, they need to know how to deal with communication problems that arise from meaconing.
Successful meaconing can result in planes being lured into "hot" (ambush-capable) landing zones or into enemy airspace, distracting ships from their intended routes, bombers are deploying on their weapons to wrong targets, or receiving inaccurate bearings or position information from ground.”
4.3.2. Are spoofing and jamming to detect with common ship GNSS receiver systems?
The current GNSS receivers offer only limited possibilities to recognize this, in particular the antennas currently in use on board are not able to recognize the direction of the cause of the fault.
The specialist literature repeatedly states that spoofing is difficult for GNSS users to recognize. This is true for the GNSS user ashore
I see this more nuanced for seafaring. Because if we take a closer look at the technical details of the GNSS receiver used on board, including their analysis tools for the GNSS status, a roughly estimate can very well be made in the combination of all available analysis tools. Which gives opportunities to detect probabely manipulations. However, this presupposes that the operator also knows the system on board, including the existing analysis tools. And here are unfortunately significant deficits of the navigation officers.
There is the possibility of recognizing spoofing roughly using on-board means. The submenus of the GNSS receivers are helpful for this. So if there is an assumption that the GNSS receiver could be affected by spoofing, which through
-inexplicable jumps in position,
-incorrect course and speed information
noticeable would be, then a look at the submenus for the GPS status on the receiver should be taken.
Look at the values of
-HDOP, VDOP, GDOP,
-SNR
-Elevation
-PRN and number of satellites,
-RAIM status,
-DGPS beacon information
-Receiver time
I had explained in GPS part 2 what meaning each parameter has and what rough values they must have in order to provide usable position information
Particular attention should be paid to the following parameters:
-PRN(pseudorandom number)
an ID number is permanently assigned to each satellite in the respective GNSS. If you find the same number twice for satellites or satellites without an assigned number, then external manipulation can be assumed
-Elevation / VDOP (Vertical Dilution of Position)/ SNR (Signal Noise Reduction) -
Take a look at the satellite elevation - low satellite height <15 ° means a large to very large VDOP, so the use of a satellite for positioning is unsuitable.
Take a look at SNR - the lower the satellite elevation and the larger the VDOP, the lower the value for SNR, which describes the quality of the received signal.
The low altitude of the satellite means greater atmospheric interference. If they receive a very good reception signal despite the very low satellite altitude, they will become suspicious. Because that's a sign of spoofing. Under normal circumstances, radio transmitters for spoofing are located at the height of the coast at a very low height of <15 ° and below!
-Receiver time
take a close look at the receiver time and compare it with your system time on board or at the Sat C terminal, since spoofing also changes the receiver time. It is either moved to the past or the future. It is one of the most striking signs that something is wrong
If all the components mentioned are compared and multiple irregularities are found, then it can be assumed that the GNSS receiver is disturbed externally and can assigned relatively precisely whether it is spoofing.
There are GNSS receivers that allow you to change manually the satellite elevation up to 30° As a result, all received signals with an elevation < 30° are ignored, which offers initial protection against manipulation from the coast / ashore.
Change the elevation to the 30° and check your GNSS receiver and his shown data. When there are no more disturbances in the receiver function, than it is a safe sign that spoofing in lower elevation had been executed.
Jamming can also be determined via these submenus.
Because jamming means nothing more that on GNSS receiver the satellite reception signal is superimposed with a strong noise and the displays in the submenus are disturbed. Which means that they no longer display anything useful or the show nothing more , so GNSS can no longer be used. The receiver time is also incorrect to illegible.
4.4. Conclusions
From the explanations and case studies I have made it becomes clear how easily GNSS can be influenced from the outside. Precisely because GNSS is now an integral part of everyday life. The mass use of GNSS, the increasing use of frequencies for new communication areas, which have so far been excluded from use, contribute to the higher vulnerability of GNSS due to external interference. As a result, GNSS positions and movement parameters of ships become falsified or even unusable.
The focus of the considerations that I put on the shipping industry inevitably led to an extended consideration of the areas of use of electromagnetic waves, because they have a direct or indirect influence on the use of GNSS in shipping, which at first glance can't be seen and therefore need to be more deeply illuminated.
However, I clearly point out that it is not possible for me to consider all areas. I have limited myself to the interferences that may or may not have a direct impact on the use of GNSS in maritime shipping
For those interested, I would like to refer to the extensive scientific publications. They give a lot of answers, but also ask a lot of new questions at the same time.
I definitely maintain the critical observation of reporting on external GNSS manipulations that I repeatedly noted in the article. The evidence is too thin for that. I clearly point out that deliberate targeted manipulative interventions from outside into the existing GNSS can never be excluded. Because there are very different interests, whether political, military or characterized by criminal energy, that misuse or use GNSS for their purposes.
However, we also have to accept that numerous cases of disturbed GNSS are not due to deliberate data manipulation by humans and technical systems, but are based on physical processes that are unintentionally brought about.
It can be assumed that in the future there will be something moving in the field of extended application security for GNSS in the maritime sector and that GNSS will also become more reliable. Because this is an essential prerequisite for being able to discuss MASS at all. The GNSS / GPS receiver systems currently in use are insufficiently equipped for this. Hardware solutions such as advanced antenna systems and improved filters for GNSS receivers are part of this. The assignment of additional GNSS frequencies, the improvement of cryptographic procedures for the GNSS frequencies, but also for the service messages for GNSS and IT security software are important steps to increase the reliability of GNSS. I have not yet encountered the GPS firewall listed in the literature, which does not mean that it does not exist. But the mass of ships in merchant shipping has never heard of it. In the cruise shipping segment and sensitive seafaring fields, it is quite possible that it will be used.
Remains to be noted. The possibility of manipulating GNSS on the high seas with technical systems based on electromagnetic waves is limited. Rather, there is only the possibility to manipulate the data exchange between the ground station - satellite - ship. Which can be limited with intelligent IT security software solutions.
The risk of being exposed to GNSS manipulations near the coast is many times higher. But these can also be severely restricted with intelligent technical solutions for the receiving systems on board. Partly it is this realized.
The fact is that there is no 100% guarantee that you will be protected against GNSS manipulation. However, the risk can be minimized. It is helpful if the users on board know their GNSS reception systems and have technical background knowledge in order to be able to draw the correct conclusions from the information in the submenus on the GNSS / GPS status in order to obtain a rough orientation whether as to one is exposed to manipulation or not.
4.5. Finally, the following reminder to all navigators:
A failure of GNSS / GPS does not mean that navigation becomes impossible. It would be highly recommended to remember that for more than 3000 years seafarers have found their way to the nearest port without GPS in the most adverse conditions.
Start thinking and don't consider traditional navigation techniques as antiquated or no longer needed. They are long time proven and will remain so.
Everyone, whether IMO, state authorities, shipping companies, ship management, technical and nautical inspections, classification societies and navigators should be aware that in the event of a global military conflict, GNSS / GPS is no longer available because it will be switched off or by the military opponent destroyed. It is enough to destroy the entire ground infrastructure.
Then you will be forced to switch to traditional conventional navigation methods. It is all the more incomprehensible that there are classification societies that no longer consider sextants to be necessary equipment on board. This shows that their relationship to seafaring is to be regarded as limited, although they should have known better.
From the examples shown so far, which have accidental and intended negative influences on GNSS, in particular GPS, it is therefore an unconditional requirement to use the possibilities of radar navigation, radio navigation, terrestrial and depth line navigation as navigation methods near the coast. I would recommend to use celestial navigation in the open sea as backup for GPS positions using a cross check with a second method of position determination. I clearly recommend in coastal navigation and on harbour approaches to use radar navigation as first choice and GPS as a backup. The throw-in, which that radar systems are linked with GPS and would therefore also be faulty, can be quickly rebutted by the fact that the position and speed sensor can be changed at any time in radar systems, to "EP" and "Log". And if the radar will switched to representation mode "Relative Motion / Head Up" is always a well radar navigation possible without any GNSS.
If the following procedure is used if GNSS fails, you will always have the situation under control
Basis of all subsequent navigation, in the event that you have come to the conclusion that you are affected by GNSS manipulations:
1) Use the last clearly known position for further navigation and set a logbook entry with position information
2) Set ECDIS and RADAR to position sensor "EP"
3) Set ECDIS and RADAR to speed sensor "Log"
4) Check the position of the different GNSS receivers and AIS position, if there are the same data errors at the same time, data manipulation is likely.
5) Check the entries in the submenus for GPS status of the GNSS receivers, as in Para 4.3.2. described to find out what is causing the data loss.
6) If you find out that the entries in the GPS Status menu are contradictory, incorrect or completely missing, then make notes about the entries.
7) Send a well-founded error message with precise error information to your shipping company, with urgent request to be forwarded to the responsible authorities for further investigation.
8) Use traditional navigation methods for the open sea and especially in coastal navigation. Enter all procedures for determining position in the logbook or bridge bell book!
9) If GNSS / GPS should return to the normal function status, then carefully check the GPS status and its parameters in order to exclude position manipulation by jamming, spoofing or meaconing and set a logbook entry with position information again
And something else should be noted. Yes, traditional navigation methods are inferior to the accuracy of satellite navigation. But only in it. And if we are completely honest, what is an accuracy of 1 m required on the open endless ocean, especially when the ships are 400 m long and over 60 m wide? This is nonsense, and it has no marginal impact on fuel consumption and travel time.
Just a reminder, I am able to safely move any ship on harbour approaches with competent radar navigation and blind pilotage procedures and bring it to the pier. It works without GPS if nothing else works. That distinguishes the really good navigator. Because we practiced this successfully every day before the era of GPS.
© Copyright 2020, Capt. Gunter Schütze. Replication or redistribution in whole or in part is expressly prohibited without the prior written consent by Capt. M.Eng. Gunter Schütze