The Effects of Jamming On GPS-GNSS Signals.

Logan Scott, President, LS Consulting
loganscott53@gmail.com
6 February 2013 Logan Scott / LS Consulting 1
Sponsored By:
Rohde & Schwarz
The expert in
test and measurement,
broadcasting,
secure communications,
radiomonitoring and radiolocation

Company profile and GNSS expertise | 3
Company overview
l History
Established 1933 in Munich, Germany
l Type of enterprise
Independent family-owned company
l Global presence
In over 70 countries, approx. 60 subsidiaries
l Net revenue
EUR 1.8 billion (FY 11/12, July through June)
l Export share
Approx. 90 percent
l Employees
8700 worldwide, with approx. 5600 in Germany
l Success
A leading international supplier in all of its business fields

Business fields
Test and measurement

Broadcasting

Secure
communications

Radiomonitoring and
radiolocation

Services
All business fields
contribute to the
aerospace and
defense sector

Simulating GNSS scenarios
l GPS (C/A and P code), Glonass and Galileo
l Up to 24 satellites for hybrid scenarios and multipath
simulation
l Static and moving receiver simulation with predefined
trajectories and HIL for realtime movement definition
l Simulation of real-world scenarios, including
l Ionospheric and tropospheric effects
l Obscuration and automatic multipath through vertical obstacles
(rural, suburban, urban canyons, etc.)
l Antenna pattern / body mask for cars, aeronautical and military
vehicles/objects plus antenna characteristics
l Spinning and attitude for A&D applications
l General purpose vector signal generator
supporting many other standards

Features in italics coming soon
R&S
SMBV100A
vector signal generator
with GNSS options

Detection and location of GPS/GNSS interferers
l Detect and find interference
l R&S
PR100 portable
receiver
l Manual direction finding
Triangulation on a map as option
l Locate interference quickly and precisely
l R&S
DDF007 portable direction finder

Automatic direction finding with compact DDF
antennas; car-mobile or stationary
l R&S
RAMON mobile locator

Automatic PC homing software for the
R&S
DDF007

For details, see www.rohde-schwarz.com
Logan Scott, President, LS Consulting
loganscott53@gmail.com
Sponsored By:
GPS Jamming and Spoofing (Military)
Denial of Navigation to Opposing Forces
Create Confusion / Lessen Effectiveness

GPS Jamming and Spoofing (Civil)
Accidental
Deliberate
Financial Exploit (More Likely Reason)
Terroristic Exploit (Less Likely Reason)

Jammings Objective
Denial of Navigation Service by Masking GPS Signals
With Noise
Tends Towards Area Denial

Spoofings Objective
Convince You That You Are Somewhere or Sometime
You Are Not
Overlaying Real Signals With False Signals
Cyber Attack (Lying)
Usually Targets A Specific Victim

Structure Jamming Can Act Like Uncontrolled
Spoofing

What are We Trying to Track?
Block IIA/IIR
Block III Block IIR-M, IIF
III: IIF capabilities &
Improved civil signal (L1C)
Increased accuracy (4.8-1.2m)
Navigation surety
Increased A/J power (+20 dB)

IIA / IIR: Basic GPS
C/A civil signal (L1C/A)
Std Service, 16-24m SEP
Precise Service, 16m SEP
L1 & L2 P(Y) nav

Modernization
IIR-M: IIA/IIR capabilities &
2nd civil signal (L2C)
New military code
Flex A/J power (+7dB)

IIF: IIR-M capability plus
3rd civil signal (L5)
GPS modernization balances military and civil needs
6 February 2013 13 Logan Scott / LS Consulting

?
*
Block III will introduce the new L1C signal
BPSK: Binary Phase Shift Keying
BOC: Binary Offset Carrier
Propagation
Delay
AA/demo_code.m
x
=
x
=
f
ch
= PN sequence chip rate rate
f
c
= RF center frequency
PN Code
Generator
f
ch
Sin(2tf
c
t)
BPSK Modulator
PN(t)
spreading sequence
D(t)
data
(Only on Data Channel)
f
squ
= subcarrier frequency = square wave frequency
f
ch
= PN sequence chip rate rate
f
c
= RF center frequency
1/f
squ
PN Code
Generator
f
ch
Sin(2tf
c
t)
BPSK Modulator
squ(t)
PN(t)
D(t)
data
spreading sequence
Only on Data Channel
From: Holmes and Dafish Matched Filter Mean Acquisition Time Performance For P(Y), BOC(10,5), and MAN(10)
Codes With FFT Aiding and Noncoherent Combining ION 57th Annual Meeting/CIGTF 20th Biennial Guidance
Test Symposium, 11-13 June 2001, Albuquerque, NM

x
=
f
0
= 10,230,000 Hz
f
1
= f
0
/10 = 1,023,000 Hz
f
squ
= m * f
1

f
ch
= n * f
1

M-code is BOC(10,5)
f
squ
= 10 * f
1
= 10,230,000 Hz
f
ch
= 5 * f
1
= 5,115,000 Hz

P(Y)-code is BPSK(10)
f
ch
= 10 * f
1
= 10,230,000 Hz

C/A-code is BPSK(1)
f
ch
= 1 * f
1
= 1,023,000 Hz

L1 Center Frequency
f
c
= 154 * f
0
=1575.42 MHz

L2 Center Frequency
f
c
= 120 * f
0
=1227.60 MHz

L5 Center Frequency
f
c
= 115 * f
0
=1176.45 MHz

M-Code
P(Y)-Code
L1C
*
C/A-Code
*L1C also has a BOC(6,1) Component (Not Shown)
Signal Format Table.xlsx
Signal Availability
Spectral
Format
First Supporting
Satellite
Generation
Current Number of
Satellites
Transmitting This
Signal
L1 C/A Civil BPSK(1) All 32
L1C Civil BOC(1,1)

III 0
L1 P(Y) Military BPSK(10) All 32
L1 M Military BOC(10,5) IIR-M 10
L2C Civil BPSK(1) IIR-M 10
L2 P(Y) Military * BPSK(10) All 32
L2 M Military BOC(10,5) IIR-M 10
L5 Civil BPSK(10) IIF 3
L1C also has a BOC(6,1) Component / * L2Y is used in some civil applications
BPSK Spectral Properties
Equivalent Noise Bandwidth ~ f
ch
2
sin
) (
)
`
=
f
f
f
f f S
ch
ch BPSK
t
t
2
2
cos
sin
2
sin
) (
)
`
=
squ
ch squ
ch BOC
f
f
f
f
f
f
f
f f S
t
t
t t
BOC Spectral Properties (f
squ
= k f
ch
)
Equivalent Noise Bandwidth ~ 2.0 f
ch
for

f
squ
> 2f
ch
Equivalent Noise Bandwidth ~ 1.6 f
ch
for

f
squ
= f
ch

GPS Signal Type(s) Used
Signal Spectrum
L1 C/A has Structure Vulnerabilities

Jamming Type / Spectrum

Radio Propagation Factors

Jamming Mitigation Factors
External Sensor Aiding Configuration
Loose vs. Tight vs. Ultratight Coupling
Antenna Patterns & Adaptation Performance
Frequency and/or Time Domain Excision
Backups/Alternative Signals

Brute Force Jamming

Noise
Broadband unstructured
signal intended to
swamp the receiver
Spectrum matched
jammer is most effective

CW
A constant tone (typically
at or near L1) intended to
force loss of lock on
desired signal
Smart/intelligent Jamming*

Pulsed Noise or Pulsed CW
Jammer achieves higher peak power for same
average power; keeps receiver off-balance
Attacks AGC, tracking loops & data reading

Swept Tone (against L1 C/A)
Captures carrier loop; pulls it off-center
Can capture all receiver channels regardless of
Doppler; can exploit C/A code spectral lines

Gold Code (against L1 C/A)
Takes Advantage of Gold Code Crosscorrelation
Properties
*Methods to jam more efficiently with same average power constraint.
PN Code
Generator
Sin(2tf
c
t)
Satellite
PN(t)
D(t)
data
PN Code
Generator
Receiver
PN(t-t)
D(t)
data
50 Hz
BPF
Sin(2tf
c
t)
Jammer
2
1
3
4
5
1
2
3
Jammer PSD
Signal PSD
4
Jammer PSD
Signal PSD
5
Jammer PSD
50 Hz

P-Code C/A Code
Signal Chipping Rate (Hz) 10,230,000 1,023,000
Equivalent Noise Bandwidth (Hz) 10,230,000 1,023,000
Post Code Mixing CW Jammer Bandwidth (Hz) 10,230,000 1,023,000
Data Filter Bandwidth (Hz) 50 50
Fraction of Jammer Energy That Gets Through
Data Filter 50 / 10,230,000 50 / 1,023,000
= =
1 / 204,600 1 / 20,460
How Much Stronger Jammer Has To Be Relative
to Signal to Yield Equal Post Correlation Power 204,600 20,460
Required Post Correlation Ratio of Signal
Strength to Jammer Strength Needed to Track 10 10
How Much Stronger Jammer Can Be Relative to
Signal And Can Track (J/S numeric) 20,460 2,046
J/S (dB) = 10 log10 (J/S numeric) 43.1 33.1
Processing
Gain
C/A Code
Temporal
Sidelobes
C/A Code Repeats
Itself with 1 msec
Period So Lines are 1
kHz Apart
Logan Scott / LS Consulting 40
PRN 3 Response
acq/stage1i.m
6 February 2013
Tracking
Loops Can
Lock on To
These
Affects Only C/A code Reception
Can Adversely Affect Military Receiver Signal Acquisition

Autocorrelation Value Probability
0 dB wrt peak
-23.9 dB wrt peak
-24.2 dB wrt peak
-60.2 dB wrt peak
0.098 %
12.5%
12.5%
75%
C/A Code Periodic Autocorrelation Values (Integer Code Phase Offsets)
C/A Code Periodic Cross-Correlation Values (Integer Code Phase Offsets)
Cross Correlation
Value
Probability
-23.9 dB wrt peak
-24.2 dB wrt peak
-60.2 dB wrt peak
12.5%
12.5%
75%
PRN 3 Response
acq/stage1i.m
6 February 2013
Tracking
Loops Can
Lock on To
These
PRN 3 Response
PRN 3 Response
PRN 3 Response
PRN 3 Response
No Jamming
Gaussian Jamming
CW Jamming
PRN1 Jamming
PRN 3 Response
No Jamming
PRN 3 Response
PRN1 Jamming (J/S=24)
PRN 3 Response
PRN1 Jamming (J/S=24)
PRN 3 Response
No Jamming
L1
C/A
L1C
PRN 3 Response
acq/stage1i.m
6 February 2013
L1C
O
Overlay
Code will Make
False Peaks
Ephemeral; You
Wont Lock onto
Them
Can Still Be
Jammed
Accounting for Signal And Interference Spectral Shapes
M-Code
P(Y)-Code
L1C
*
C/A-Code
After: John W. Betz, Effect of Narrowband Interference on GPS Code Tracking
Accuracy, presented at ION NTM 2000, 26-28 January 2000, Anaheim, CA
} }
}

+
(
(
=
+
=
(
2 /
2 /
2 /
2 /
0
2 /
2 /
0
) ( ) ( ) (
) (
r
r
r
r
r
r
df f G f G C df f G N
df f G C
I N
C
N
C
s t t s
s s
effective
|
|
|
|
|
|
I Use Numerical
Integration to Evaluate
This Equation
Density Spectral Power Noise Thermal : N
Power Jammer Received :
1 ) (
Spectrum Power Normalized s Jammer' : ) (
Power Signal Received :
1 ) (
Spectrum Power Normalized s Signal' : ) (
0
t
t
t
s
s
s
C
df f G
f G
C
df f G
f G
}
}

=
=
C/No numeric
N
C
(Hz) Bandwidth Filter End Front
(sec) Separation Early/Late
(sec) time n integratio on predetecti T
(Hz) bandwidth loop code B
o
r
L
=
=
=
=
=

Incident J /S
P
(dB wrt S=-160.5 dBW)
E
f
f
e
c
t
i
v
e

C
/
N
0

(
d
B
-
H
z
)
All Cases:T
ant.
=130K, NF=2 dB, L=1 dB,
G
sig
=0dBiC, G
jam
=0dBiC ,24 MHz Passband
M-code
P(Y)-code
C/A-code
Assuming No
Receiver
Saturation!
M-Code
P(Y)-Code
L1C
*
C/A-Code

Incident J /S
P
E
f
f
e
c
t
i
v
e

C
/
N
0

(
d
B
-
H
z
)
All Cases:T
ant.
=130K, NF=2 dB, L=1 dB,
G
sig
=0dBiC, G
jam
M-code
P(Y)-code

Incident J /S
P
E
f
f
e
c
t
i
v
e

C
/
N
0

(
d
B
-
H
z
)
All Cases:T
ant.
=130K, NF=2 dB, L=1 dB
G
sig
=0dBiC, G
jam
M-code
C/A-code
P-code
The Role of Propagation and Jamming Type

Appropriate under Line Of Sight Conditions (1
st
Fresnel Zone)
Rarely Appropriate in Ground Mobile Analysis

S
received
= S
transmitted
+ G
t
+ G
r
+ 20 log
10
(/4R)

where:

S
received
is received signal power (dBW)
S
transmitted
is transmitted signal power (dBW)
G
t
is transmitter antenna gain in the direction of the receiver (dBiC)
G
r
is receiver antenna gain in the direction of the transmitter (dBiC)
is the signals wavelength (19 cm @ L1, 24 cm @ L2)
R is spatial Tx/Rx separation in same units as wavelength
0
10
20
30
40
50
60
70
80
90
100
1 10 100 1000
Range (km)
J/S (dB wrt -133
dBm Signal)
1000 Watt EIRP
100 Watt EIRP
10 Watt EIRP
1 Watt EIRP
Nominal Unaided P-code
Receiver J/S Threshold

C/A Code Signal
M Code Signal
P(Y) Code Signal
28 dB-Hz
Nominal
Phaselock
Threshold
Reflected Path Can Add to Direct Path Either Destructively or Constructively
Depending on Geometry

At Longer Ranges, Signal Strength Falls Off at R
4
Rate

Can Also Apply In Ground Jammer to Airborne Receiver Cases

Ground
D
ire
c
t P
a
th
R
e
f
l
e
c
t
i
o
n

P
a
t
h
Transmitter
Receiver
Two Ray Propagation Model
fresnel3.m
Two Ray
Model
Hata/Okumura Empirical Signal Strength Models

Modified Models Are Described In ETSI GSM 03.30

Considers Six Types of Area:
Large City Open Area
Large City Suburban
Large City Urban
Small City Open Area
Small City Suburban
Small City Urban

Mission Planning Tools Such as GIANT (GPS Interference And Navigation
Tool) Can Accurately Model Jamming Coverage
Includes Topographic Data Base
Can Model Combined Multiple Jammer Effectiveness

10
0
10
1
10
2
-20
0
20
40
60
80
100
Range (km)
M
e
d
i
a
n

J
/
S

(
d
B

w
r
t

-
1
6
0
d
B
W
)
1000 Watt EIRP Jammer at 100 feet AGL, Receiver at 5 feet AGL
free space
Hata Urban
Hata Suburban
Hata Rural Quasi-Open
Hata Rural Open
Nominal Unaided P-code
Receiver J/S Threshold
Part II: Jamming & Spoofing Mitigations for Military and Civil
GPS/GNSS
Jamming has long been of concern to military users and recently, has
also become a concern for civil users. This webinar first provides an
overview of classic military mitigations against interference including
robust front end design, adaptive arrays, inertially aided tracking, and
other techniques. The current civil jamming environment is then
described and the prospects for applying classic techniques to civil
users are examined. An overview of spoofing and jamming detection
methods is also included and it is argued that civil user equipments
should maintain situational awareness.

Wednesday, March 6, 2013

Registration at:
http://www.microwavejournal.com/Webinar_6mar13

Sponsored By:

The Effects of Jamming On GPS-GNSS Signals.

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

The Effects of Jamming On GPS-GNSS Signals.

Uploaded by

Copyright:

Available Formats

Logan Scott, President, LS Consulting

DDF007 portable direction finder

RAMON mobile locator

You might also like