Unmanned Aircraft Capture and Control Via GPS Spoofing

The theory and practice of unmanned aerial vehicle UAV capture and control via Global Positioning System GPS signal spoofing are analyzed and demonstrated. The goal of this work is to explore UAV vulnerability to deceptive GPS signals. Specifically, this paper 1 establishes the necessary conditions for UAV capture via GPS spoofing, and 2 explores the spoofer's range of possible post-capture control over the UAV. A UAV is considered captured when a spoofer gains the ability to eventually specify the UAV's position and velocity estimates. During post-capture control, the spoofer manipulates the true state of the UAV, potentially resulting in the UAV flying far from its flight plan without raising alarms. Both overt and covert spoofing strategies are considered, as distinguished by the spoofer's attempts to evade detection by the target GPS receiver and by the target navigation system's state estimator, which is presumed to have access to non-GPS navigation sensor data. GPS receiver tracking loops are analyzed and tested to assess the spoofer's capability for covert capture of a mobile target. The coupled dynamics of a UAV and spoofer are analyzed and simulated to explore practical post-capture control scenarios. A field test demonstrates capture and rudimentary control of a rotorcraft UAV, which results in unrecoverable navigation errors that cause the UAV to crash.

[1]  Michael S. Braasch,et al.  GPS receiver architectures and measurements , 1999, Proc. IEEE.

[2]  Todd E. Humphreys,et al.  An Evaluation of the Vestigial Signal Defense for Civil GPS Anti-Spoofing , 2011 .

[3]  Todd E. Humphreys,et al.  A combined symmetric difference and power monitoring GNSS anti-spoofing technique , 2013, 2013 IEEE Global Conference on Signal and Information Processing.

[4]  Todd E. Humphreys,et al.  CASES: A smart, compact GPS software receiver for space weather monitoring , 2011 .

[5]  Dennis M. Akos,et al.  Who's Afraid of the Spoofer? GPS/GNSS Spoofing Detection via Automatic Gain Control (AGC) , 2012 .

[6]  W.C. Lindsey,et al.  A survey of digital phase-locked loops , 1981, Proceedings of the IEEE.

[7]  Daniel P. Shepard,et al.  Evaluation of Smart Grid and Civilian UAV Vulnerability to GPS Spoofing Attacks , 2012 .

[8]  T. Humphreys,et al.  Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer , 2008 .

[9]  Todd E. Humphreys,et al.  Detection Strategy for Cryptographic GNSS Anti-Spoofing , 2013, IEEE Transactions on Aerospace and Electronic Systems.

[10]  Per K. Enge,et al.  Global positioning system: signals, measurements, and performance [Book Review] , 2002, IEEE Aerospace and Electronic Systems Magazine.

[11]  Nicholas Roy,et al.  RANGE–Robust autonomous navigation in GPS‐denied environments , 2011, J. Field Robotics.

[12]  B.R. Rao,et al.  Radiation Pattern Analysis of Aircraft Mounted GPS Antennas and Verification Through Scale Model Testing , 2006, 2006 IEEE/ION Position, Location, And Navigation Symposium.

[13]  Todd E. Humphreys,et al.  Practical cryptographic civil GPS signal authentication , 2011 .

[14]  Phillip W. Ward,et al.  GPS receiver RF interference monitoring, mitigation, and analysis techniques , 1994 .

[15]  Todd E. Humphreys,et al.  The Texas Spoofing Test Battery: Toward a Standard for Evaluating GPS Signal Authentication Techniques , 2012 .

[16]  David M. Bevly,et al.  Characterization of Various IMU Error Sources and the Effect on Navigation Performance , 2005 .

[17]  W. Zhuang,et al.  Performance analysis of GPS carrier phase observable , 1996, IEEE Transactions on Aerospace and Electronic Systems.

[18]  David W. Murray,et al.  Wide-area augmented reality using camera tracking and mapping in multiple regions , 2011, Comput. Vis. Image Underst..

[19]  T. Humphreys,et al.  Real-Time Spoofing Detection Using Correlation Between two Civil GPS Receiver , 2012 .

[20]  Matthew A. Garratt,et al.  Vision‐based terrain following for an unmanned rotorcraft , 2008, J. Field Robotics.

[21]  Roland Siegwart,et al.  Fusion of IMU and Vision for Absolute Scale Estimation in Monocular SLAM , 2011, J. Intell. Robotic Syst..

[22]  Roland Siegwart,et al.  Monocular‐SLAM–based navigation for autonomous micro helicopters in GPS‐denied environments , 2011, J. Field Robotics.

[23]  Per Enge,et al.  Adaptive Array Processing for GPS Interference Rejection , 2005 .

[24]  Todd E. Humphreys,et al.  Civilian GPS Spoofing Detection based on Dual- Receiver Correlation of Military Signals , 2011 .

[25]  J. H. Kim A baro-altimeter augmented INS / GPS navigation system for an uninhabited aerial vehicle , 2003 .

[26]  A. Krener,et al.  Nonlinear controllability and observability , 1977 .

[27]  Todd E. Humphreys,et al.  Characterization of Receiver Response to Spoofing Attacks , 2011 .

[28]  Eric N. Johnson,et al.  A Compact Guidance, Navigation, and Control System for Unmanned Aerial Vehicles , 2006, J. Aerosp. Comput. Inf. Commun..

[29]  J. B. Thomas,et al.  Controlled-root formulation for digital phase-locked loops , 1995 .

[30]  Todd E. Humphreys,et al.  Evaluation of the vulnerability of phasor measurement units to GPS spoofing attacks , 2012, Int. J. Crit. Infrastructure Prot..

[31]  Antonio Visioli,et al.  Digital Control Engineering: Analysis and Design , 2009 .

[32]  Girish Chowdhary,et al.  GPS‐denied Indoor and Outdoor Monocular Vision Aided Navigation and Control of Unmanned Aircraft , 2013, J. Field Robotics.

[33]  Thiagalingam Kirubarajan,et al.  Estimation with Applications to Tracking and Navigation , 2001 .

[34]  Farid Kendoul,et al.  Survey of advances in guidance, navigation, and control of unmanned rotorcraft systems , 2012, J. Field Robotics.

[35]  S.C. Gupta,et al.  Phase-locked loops , 1975, Proceedings of the IEEE.

[36]  Jan Wendel,et al.  An integrated GPS/MEMS-IMU navigation system for an autonomous helicopter , 2006 .

[37]  Santanu Chattopadhyay,et al.  A new look into the acquisition properties of a second-order digital phase locked loop , 1994, IEEE Trans. Commun..

[38]  Gérard Lachapelle,et al.  GNSS Spoofing Detection Based on Receiver C/No Estimates , 2012 .

[39]  Srdjan Capkun,et al.  On the requirements for successful GPS spoofing attacks , 2011, CCS '11.

[40]  Ali Broumandan,et al.  GNSS spoofing detection in handheld receivers based on signal spatial correlation , 2012, Proceedings of the 2012 IEEE/ION Position, Location and Navigation Symposium.

[41]  Chong Un,et al.  Performance Analysis of Digital Tanlock Loop , 1982, IEEE Trans. Commun..

[42]  Per Enge,et al.  Gps Signal Structure And Theoretical Performance , 1996 .

[43]  J. S. Warner,et al.  A Simple Demonstration that the Global Positioning System ( GPS ) is Vulnerable to Spoofing , 2012 .

[44]  Greg M. Bernstein,et al.  Nonlinear dynamics of a digital phase locked loop , 1989, IEEE Trans. Commun..

[45]  Hugh F. Durrant-Whyte,et al.  Simultaneous localization and mapping: part I , 2006, IEEE Robotics & Automation Magazine.

[46]  Nicholas Roy,et al.  RANGE - robust autonomous navigation in GPS-denied environments , 2010, 2010 IEEE International Conference on Robotics and Automation.

[47]  Todd E. Humphreys,et al.  GPS Spoofing Detection via Dual-Receiver Correlation of Military Signals , 2013, IEEE Transactions on Aerospace and Electronic Systems.

[48]  Todd E Humphreys,et al.  Modeling the Effects of Ionospheric Scintillation on GPS Carrier Phase Tracking , 2010, IEEE Transactions on Aerospace and Electronic Systems.

[49]  Bradford W. Parkinson,et al.  Global positioning system : theory and applications , 1996 .