Cross-correlations of unknown encrypted signals between two civilian GNSS receivers are used to detect spoofing of known open-source signals. This type of detection algorithm is the strongest known defense against sophisticated spoofing attacks if the defended receiver has only one antenna. The attack strategy of concern starts by overlaying false GNSS radio-navigation signals exactly on top of the true signals. The false signals increase in power, lift the receiver tracking loops off of the true signals, and then drag the tracking loops and the navigation solution to erroneous, but consistent results. This paper develops codeless and semi-codeless spoofing detection methods for use in inexpensive, narrow-band civilian GNSS receivers. Detailed algorithms and analyses are developed that use the encrypted military P(Y) code on the L1 GPS frequency in order to defend the open-source civilian C/A code. The new detection techniques are similar to methods used in civilian dual-frequency GPS receivers to track the P(Y) code on L2 by cross-correlating it with P(Y) on L1. Successful detection of actual spoofing attacks is demonstrated by off-line processing of digitally recorded RF data. The codeless technique can detect attacks using 1.2 sec of correlation, and the semi-codeless technique requires correlation intervals of 0.2 sec or less. This technique has been demonstrated in a narrow-band receiver with a 2.5 MHz bandwidth RF front-end that attenuates the P(Y) code by 5.5 dB.

Cite and download the paper:
Psiaki, M.L., B.W. O'Hanlon, J.A. Bhatti, D.P. Shepard, T.E. Humphreys, "Civilian GPS Spoofing Detection based on Dual-Receiver Correlation of Military Signals," Proceedings of ION GNSS, Portland, Oregon, 2011.