Letter to the Editor: Automatic Gain Control, Spoofing

July 1, 2012  - By

Cover: GPS WorldJust for the record: what is reported in “Detecting False Signals With Automatic Gain Control” (April GPS World) is what we introduced a long time ago and is reflected in one of our videos, and implemented in all of our GNSS receivers. AGC information is one of the four ways, and the least significant way, that we show interferences. There is a big difference between showing something in the laboratory and in some receivers, compared with having technology in mass production that everyone can understand and use.
— Javad Ashjaee
JAVAD GNSS, San Jose, California

Author Dennis Akos replies:
I am sure JAVAD receivers work quite well to leverage AGC to flag RFI (it was not the survey-grade model I used for the paper, though). The original Nordnav R30 GPS receiver showed both AGC and the L1 frequency spectrum back in 2004. u-blox has an RFI flag in its receiver, which is based on AGC. Others likely do as well.

In any event, AGC detection of RFI (and you could say spoofing) is not new. I coauthored an ION GPS paper with Bastide and others back in 2003 showing how powerful AGC could be to detect interference. In 1997 Per Enge had a student, Awele Ndili, working with the Plessey chipset, who did something similar, checking the AGC for signs of RFI.

So when all the hubbub came up about spoofers a couple years back, I tried to flag the question — why be concerned about this? AGC can tell when more power is coming in the frequency band and thus flag RFI or spoofing is happening. So spoofing is no more of a threat than simple jamming, should one be concerned about it and make a relatively small effort to check for it.

I was quite impressed with the spoofer design Humphreys/Psiaki/Ledvina came up with (“Straight Talk on Anti-Spoofing,” January 2011, and “Assessing the Spoofing Threat,” January 2009). Quite neat, needs very little additional energy with the lift and carry-off approach. But also very hard to leverage for any dynamic case where the victim receiver did not want to be spoofed (spoofing a dynamic receiver with the approach? Doable, but really hard, and would still inject more RF energy). So it left the threat, in my mind, to those who are being monitored and want to spoof their device: very small subset — the fisherman in illegal waters, the prisoner with ankle monitoring. This is the hardest detection case, but I am still fairly confident AGC can work here.

Main motivation for the article: I was troubled that I did not see the need for folks to be up in arms any more about spoofing than plain old jamming.

Again, my premise: in the great majority of cases spoofing is easily detected using technology already in a majority of receivers, making it no worse than jamming, and the harder cases should still be detectable with additional effort/sensors. But it is important for all to remain vigilant, as these AGC-based techniques do need to be implemented/leveraged to avert the spoofing threat — and Humphreys/Psiaki/Ledvina deserve credit for bringing this potential to light. Even with successful spoofing detection it will appear as much less sophisticated jamming, not allowing the receiver to obtain position/time information.

So that is why I worked with the Swedes to try and show this and get that message out. It would have been great to test with one of the more sophisticated jammers (perhaps will have a chance to do so with an upcoming test), but I did not have one, so we just did simple repeater jamming.

I am glad Javad is preaching the same message. It would be great to see him to more widely disseminate that message and put much of these concerns to rest.

Regarding the video: Thanks, Javad. Really some nice features. I need to get a TRIUMPH-VS or two here at Colorado University to work with. Quite curious as to the sensitivity of the AGC. But the receiver has a great feature set!

One quick comment. In the video where you tested the RX with the jammer — I might go back and qualify that indicated you did the test under controlled/allowed conditions. I recall we published an GPS RFI test back about 10 years ago, and we had some official inquires for more details on the testing and why we were broadcasting in the GPS band. No idea how/where you did your testing (assuming 746th Jamfest or similar), but unless you state otherwise, it might bring some unwelcome attention.

This article is tagged with , , , and posted in OEM, Opinions