The role of GNSS in driverless cars

August 1, 2018  - By

Authenticated localization in driverless cars

Growing awareness of the vulnerabilities of GNSS signals — weak, unencrypted and easily jammed or spoofed — have made GNSS less important to steering the driverless vehicle. What’s up with that?

Extensive visual map databases are being created that, when coupled with cameras, radars and lidars on the vehicle and processed by artificial intelligence (AI) algorithms, enable the driverless car to be steered much the way humans drive. Pattern recognition processing in the vehicle allows it to “read” street signs and recognize landmarks, registering its position on the map.

This is the way a person drives in his or her home town, where they always know their orientation and don’t need GNSS. The AI processing “brain,” with access to huge map databases, either through local storage or a network connection, will always be in its familiar home environment: continuously knowing its own position and properly oriented for navigation.

So, will GNSS become unnecessary in the car of the future? Probably not.

First, no one method of navigation is foolproof, and today, GNSS is our primary method of navigating our cars. It is a cost-effective, accurate way of determining position in real time, and with the integration of inertial navigation sensors to handle cases when GNSS is intermittently unavailable, it is improving.

Second, it is not just the car itself that needs to know its location for navigation, but also others outside the car. Ride-sharing apps like Uber and Lyft, car-sharing, usage-based insurance apps, dynamic toll charging, and parking apps all depend on knowing where the car is at all times. GNSS offers sufficient accuracy for all these apps by providing location coordinates. Therefore, a GNSS receiver will most likely remain in the car.

The case for jamming and spoofing

Recall, however, that one of the weaknesses of GNSS is its open, unencrypted format. It is becoming increasingly easier to spoof these signals. Car-sharing, usage-based insurance and dynamic toll charging apps all create a monetary incentive for fraud that can be implemented with a spoofer. For example, a car in a car-sharing network can report a fake position indicating that it is safely parked in a secure area — while in reality, a thief is busy driving it away.

(Image: Orolia)

(Image: Orolia)

Let’s assume that all wireless connections to and from the car are secure. This is a reasonable assumption, although recently there have been demonstrations of carjacking via unsecure remote links. Standard SSL encryption, similar to what is used to enter credit card information on the internet, works well here. We have both the awareness and the technology now to prevent such carjackings from ever reoccurring.

However, even if communication links are secure, a GNSS spoofer in the car can fool the GNSS receiver into reporting a fake “safe” position right as it is being stolen. The same is true for insurance or toll apps. And the fraud does not have to be sophisticated. A simple, low-cost jammer can deny proper position just long enough to skirt payment. A secure location method is needed.

Other signals for localization

What would an ideal signal for localizing a driverless car look like?

  • It needs to be much stronger than GNSS so it is not easily jammed.
  • It needs to be encrypted so it cannot be spoofed.
  • It must be ubiquitous, available worldwide.
  • It must be reliable and robust — with 99.999% availability or better.
  • It must be practical and priced for the mass-market automotive application.

Though accuracy is always important, the signal used for localization does not have to be as accurate as GNSS is today. Accuracy to 10s of meters is sufficient for all these applications needing fraud protection since it would not be used for steering the car, but rather, only localization. It can also be used in tandem with GNSS to authenticate a reported position when a GNSS signal is available.

Such a signal is available today, worldwide: STL (Satellite Time and Location). Carried on the Iridium satellites, it is a special purpose signal that is more than 30 dB stronger than GNSS and encrypted for anti-spoof protection. Decoding of this signal is available via a subscription model to users.

Here’s how it would work using a car-sharing example. A group of people subscribe to a car-sharing service that provides X number of cars to serve Y number of people, where X is less than Y. The service optimally schedules people when and where a car will be available. The service provider needs to know the whereabouts of the cars at all times to maximize utilization of the fleet, so every car has a GNSS receiver in it.

But to ensure the authenticity of these reports, they also have a secure localization receiver. This receiver is assigned a unique ID that is authorized to decode the encrypted signal. (Eventually, we expect this receiver and GNSS to converge into one device much the way multi-GNSS receivers operate today).

If a position report does not agree with the authentic localization report, the fleet manager can act to recover the car immediately. Insurance providers who cover secure localization-equipped cars would also give preferential rates as an anti-theft device.

(Image: Pavel Vinnik/Shutterstock.com)

(Image: Pavel Vinnik/Shutterstock.com)

Could PRS do it?

The new Public Regulated Service (PRS) from Galileo is encrypted and could provide a similar level of authentication protection, if made available. However, it is still a weak GNSS signal that can easily be jammed. Of course, any signal can be jammed, even one that is a thousand times stronger than GNSS.

However, given the robust nature of a very strong signal, the managing system that is monitoring the cars — the insurance, toll or car-sharing system, for example — can alarm upon the loss of positioning information. Such alarms on a GNSS-only car would be frequent and often erroneous due to simple fades, yielding so many false alarms that it would render the monitoring system useless. But a loss of both the strong localization signal and GNSS would likely be considered suspicious and result in a valid alarm.

GNSS navigation is truly one of the great advances of the modern era, giving us precise time and location for any place in the world. Its two major weaknesses — that it is easy to jam and spoof — can be overcome by augmenting it with other stronger encrypted signals, such as STL, providing robust jam-resistance and positive authentication.