GIPSIE ® (6.0.0)

# General Remarks

# Carrier Frequencies

The following carrier frequencies are available in the simulation:

Name Frequency [MHz]
L1/E1 1575.42
L2 1227.60
L5/E5a 1176.45
E5b/B2 1207.14
G1 1602.00
G2 1246.00
B1 1561.098

# Channels

The following channels are available in the simulation:

Channel GNSS Carrier Detail
GPS L1 C/A GPS L1 Coarse/Acquisition
GPS L2 C GPS L2 C-NAV moderate + long
GPS L5 I/Q GPS L5 C-NAV data + pilot
Galileo E1 OS Galileo L1 = E1 I/NAV data + pilot
Galileo E5a OS Galileo L5 = E5a F/NAV data + pilot
Galileo E5b OS Galileo E5b I/NAV data + pilot
SBAS L1 C/A SBAS L1 Coarse/Acquisition, includes EGNOS, WAAS & MSAS
GLONASS G1 C/A GLONASS G1 Coarse/Acquisition
GLONASS G2 C/A GLONASS G2 Coarse/Acquisition
BeiDou B1 I BeiDou B1 D1-NAV data
BeiDou B2 I BeiDou E5b = B2 D1-NAV data

# Trajectory Definition

Note

Trajectories can be defined for:

  • Receiver
  • Jammer
  • Spoofer
    • Spoofer Position
    • Simulated Receiver Position
    • Target Position

The receiver path is set by sequential way-points defined by:

Parameter Description
Time offset A time offset (in seconds) from the scenario start epoch
Position Ellipsoidal coordinates in WGS84 reference frame (Latitude [°], Longitude [°], Height [m])
Velocity A velocity state vector is defined in the local-level frame with the position as it's origin and the following components:
  • North [m/s]
  • East [m/s]
  • Up [m/s]
Acceleration A acceleration state vector is defined in the local-level frame with the position as it's origin and the following components:
  • North [m/s²]
  • East [m/s²]
  • Up [m/s²]
  • A static receiver is defined by a single position with a time offset of 0 seconds and both of velocity and acceleration vector set to 0.
  • A receiver trajectory can be defined by adding/removing single way-points using the or buttons left of the table.
  • A receiver trajectory can be edited by using the button within the table.
  • The receiver path is computed via a defined model. The user can choose between two models (see Receiver Path Model for details).

The trajectory can also be imported from a file . Currently NMEA or KML files are supported to import way-points.

  • The NMEA file must contain valid GPGGA messages. All other NMEA message types are currently not considered. The data from the file will replace all existing way-points.
  • The KML file must contain <Placemark> tags accompanied with a <TimeStamp> record. For more information on the KML format see KML File Format.

# Spoofing Trajectory definition

In order to cover several possible spoofing options, three different trajectories concerning spoofing have to be defined.

Position Types

Position Type Description
Spoofer position

The position of the spoofer, defined as state.
Simulated Receiver Position

Receiver position as simulated by the spoofer.
Target Position

Estimation of the receiver position done by the spoofer.

spoofing-positions

Note

In order to perform optimized spoofing, the target position should be defined exactly as the receiver position of the receiver to be spoofed. This ensures, that correlation peaks of the spoofed signals overlap with the authentic satellite signals received by the receiver.

On the other hand, if an authentic spoofing scenario is required, then the attacker is probably unaware of the exact victim (receiver) position, thus the definition of the target position is provided.

Details

The defined target position is a way to simulate imperfect synchronized spoofing scenarios, in that the attacker does not know the exact victim receiver position. The difference between the real receiver position and the target position is called target mismatch and is applied to every pseudorange computed for the spoofed signal. The derivate of the target mismatch is applied to the Doppler observables.

spoofing-positions-schema

# Spectrum-matched Jammer definition

# Signal

The authentic GNSS signal can be written as:

where

  • ... signal power
  • ... navigation message
  • ... PRN code
  • ... carrier wave

The spectrum-matched jammer transmits a signal where the navigation message is omitted and an artificial synchronization error is added to the PRN code signal component, so that the correlation process of the receiver under attack is disturbed:

# Trajectory

The spectrum-matched jammer trajectory is defined by two positions, the jammer position and the target position.

spectrum-jammer-schema

Position Type Description
Receiver Position

The real receiver position, defined as state. Configured in the Receiver tab.
Spectrum-matched Jammer position

The position of the jammer, defined as state.
Target Position

Estimation of the receiver position done by the jammer

Details

The defined target position is a way to simulate imperfectly synchronized spectrum-matched jammer scenarios, in which the attacker does not know the exact victim receiver position. The error is called synchronization error and consists of two components:

  • Target Mismatch
  • Synchronization Error standard deviation based on the Gaussian Normal Distribution , where is set to 0, as the target mismatch is already accounted for.

The total synchronization error is the sum of the target mismatch and the standard deviation of the synchronization error:

The synchronization error and is applied to every code delay (= pseudorange) computed for the spectrum-matched jamming signal. The derivative of the target mismatch is applied to the Doppler observables.

Simulation Results