PROTECTED POSITIONING, NAVIGATION, OR TIMING SIGNALS RESISTANT TO SPOOFING

Abstract

Positioning, navigation, and timing (PNT) signals, such as those used in GNSS or LORAN systems, may be vulnerable to spoofing attacks. To generate trustworthy time and location data at a receiver, one must at least reduce the likelihood of or be capable of detecting spoofing attacks. Embodiments of the present invention, as presented herein, provide solutions for detecting spoofing of PNT signals. Various aspects incorporated into the described embodiments which assist in detecting spoofing attacks may include but are not limited to: monitoring the SNR of received PNT signals of a first modality and switching over to an alternate PNT modality when an anomaly is detected, comparing data associated with signals of multiple PNT modalities to identify a discrepancy indicative of spoofing on one of the multiple PNT modalities, and implementing a security regime to prevent spoofers from being able to produce perceivably authentic, but corrupt, replica signals of a PNT modality.

Claims

1. A method for monitoring authenticity of an open radio navigation signal based on receipt of a closed radio navigation signal at a receiver, comprising: receiving a closed radio navigation signal at the receiver; receiving an open radio navigation signal at the receiver; interpreting the closed radio navigation signal based on a priori information regarding the closed radio navigation signal to derive first data from the closed radio navigation signal, the first data comprising at least one of position, navigation, or time data; deriving second data from the open radio navigation signal comprising data corresponding to the first data; and comparing the first data to the second data to monitor authenticity of the open radio navigation signal based on the relationship of the first data to the second data.

2. The method of claim 1, wherein the closed radio navigation signal comprises an encrypted portion.

3. The method of claim 2, further comprising: attempting to decrypt the encrypted portion of the closed radio navigation signal using the a priori information which comprises an encryption key, wherein the encryption key is passed to the receiver using a secure channel that is different than a channel through which either the open or closed radio navigation signals are received.

4. The method of claim 3, further comprising: determining that the closed radio navigation signal is inauthentic based on a failure to decrypt the encrypted portion of the closed radio navigation signal.

5. The method of claim 3, further comprising: decrypting the encrypted portion of the closed radio navigation signal; and determining, as a result of the decrypting, that the closed radio navigation signal is authentic.

6. The method of claim 5, wherein the first data comprises a first time and the second data comprises a second time, and wherein the method further comprises: ascertaining a time difference comprising a difference between the first and second times.

7. The method of claim 6, wherein the method further comprises: determining whether the open radio navigation signal is authentic by comparing the time difference to an historical time difference value, wherein an anomaly between the time difference and the historical time difference value indicates that the open radio navigation signal is inauthentic.

8. The method of claim 7, wherein the closed radio navigation signal is propagated using a first modality and the open radio navigation signal is propagated using a second modality.

9. The method of claim 8, wherein the first modality is eLORAN and the second modality is GNSS.

10. The method of claim 7, wherein the closed and open radio navigation signals are propagated using a same modality.

11. The method of claim 10, wherein the modality is eLORAN and the closed and open radio navigation signals are sent from one transmitter within one group repetition interval.

12. A method for verifying authenticity of radio navigation signals, comprising: storing, at a secure receiver, information regarding a pseudo-random offset timing regime comprising a covert offset time, wherein the covert offset time corresponds to a delay between transmission of a first open radio navigation signal and transmission of a first closed radio navigation signal; transmitting the first open radio navigation signal and the first closed radio navigation signal from a LORAN transmitter chain utilizing the covert offset time; receiving, at the secure receiver, a first received open radio navigation signal.

13. The method of claim 12, further comprising: receiving, at the secure receiver, a first received closed radio navigation signal; calculating a received offset time comprising a relationship between a time of receipt of the first received open radio navigation signal and a time of receipt of the first received closed radio navigation signal; and comparing the received offset time with the covert offset time to determine authenticity of the first received open radio navigation signal.

14. The method of claim 12, further comprising: determining that a PNT signal comprising the first received open radio navigation signal is spoofed based on the PNT signal being deficient of a closed radio navigation signal.

15. The method of claim 14, further comprising: entering a holdover mode in which a local clock is maintained in accordance with a time calculated prior to receipt of the first received open radio navigation signal.

16. The method of claim 13, further comprising: determining from the comparing that a PNT signal comprising the first received open radio navigation signal and first received closed radio navigation signal is authentic as a function of the covert offset time corresponding to the received offset time.

17. The method of claim 16, wherein the first received closed radio navigation signal conveys data to the secure receiver useful for calculating at least one of position, navigation, or time.

18. The method of claim 17, further comprising: encrypting, at a transmitter, the pseudo-random offset timing regime; and decrypting, at the secure receiver, the pseudo-random offset timing regime.

19. The method of either claim 17 or claim 18, wherein the pseudo-random offset timing regime further comprises a second offset time which is different than the first offset time and corresponds to a delay between transmission of a second open radio navigation signal and transmission of a second closed radio navigation signal; and the method further comprises: receiving, at the secure receiver, a second received open radio navigation signal and second received closed radio navigation signal; calculating a second received offset time corresponding to reception of the second received open radio navigation signal and reception of the second received closed radio navigation signal; and comparing the second offset time to the second received offset time.

20. (canceled)

21. The method of claim 12, wherein the pseudo-random offset timing regime is received at the secure receiver via a secondary channel which is different than a radio communication channel on which open radio navigation signals or closed radio navigation signals are transmitted, wherein the secondary channel is an internet-accessible wired or wireless network connection.

22.-30. (canceled)

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0051] FIG. 1 illustrates a traditional eLORAN pulse sequence.

[0052] FIG. 2 illustrates known methods used in eLORAN applications for incorporating additional data into a standard signal.

[0053] FIG. 3 illustrates a method of mapping differential GPS data to modulated pulses of a LORAN data channel.

[0054] FIG. 4 illustrates an exemplary covert signal in accordance with an embodiment of the present disclosure.

[0055] FIG. 5 illustrates a method of modulating an encrypted covert signal at a transmitter.

[0056] FIG. 6 illustrates an exemplary method of decrypting a covert signal at a secure receiver.

[0057] FIG. 7 illustrates a method of using covert signals to verify data and an associated time.

DETAILED DESCRIPTION

[0058] While this disclosure is susceptible to various modifications and alternative forms, specific embodiments thereof have been shown by way of example in the drawings and are herein described in detail. It should be understood, however, that it is not intended to limit the disclosure to the particular form disclosed, but rather, the disclosure is to cover all modifications, equivalents, and alternatives falling within the scope as defined by the claims.

[0059] FIG. 1 illustrates a traditional (i.e., open) eLORAN pulse sequence 100. The burst sequence 101 transmitted from a master station comprises nine pulses while sequences 102a, 102b transmitted by secondary stations comprise eight pulses. The pulses within a burst are spaced about 1 ms apart. Generally, the GM of eLORAN is about 100 ms. That is, the whole train of bursts from all stations in a chain repeat transmissions every 100 ms. In other words, the beginning of a burst from the master station will occur 100 ms after the beginning of the previous burst from the master station. Notably, the open signals occupy less than 10 percent of the GM, leaving ample capacity for inserting additional bursts, for example, covert signal bursts as described above.

[0060] Existing eLORAN systems have experimented with adding data to traditional LORAN pulses 201 through various methods, some of which are illustrated in FIG. 2. For example, in the Ninth Pulse model 203, a LORAN Data Channel (LDC) (e.g., a side channel) may be created by adding an extra pulse 204 to the burst from each station (e.g., a 10.sup.th burst from the master station and a 9.sup.th burst from secondary stations). Each additional pulse may take on one of 32 possible states ranging from 0 to 157.75 s. Alternatively, as in the Eurofix model 202, each of the last six pulses in time 205 may be modulated by +1, 0, or 1 s (pulse position modulation). In this regard, each of six pulses from each station may have one of three states (early, prompt, or late).

[0061] The Eurofix method may be utilized for transmission of application data such as differential GPS information as shown in the method 300 of FIG. 3. The transmission of a 56-bit differential GPS message 301 with 14-bit cyclic redundancy check 302 includes forware error correction using a 140-bit Reed-Solomon parity 303. Regardless of which method is used, an LDC may carry relevant information such as differential eLORAN correction, UTC time of day and date information, eLORAN integrity information, differential GPS information (DGPS), GPS integrity information, etc.

[0062] An exemplary covert signal is illustrated in FIG. 4. In an aspect of the present invention, a covert signal 400 may be added that is encrypted and transmitted within the unused transmission time during the 100 ms ground repetition interval. As shown, a covert signal 400 may comprise an encrypted preamble 401 and encrypted data 402. An encrypted preamble 401 may be used solely for authentication of the signal or may convey additional data as well. The transmission of a covert signal 400 may occur at a standard position within each GRI (e.g., 40 ms into the GRI) or may follow a pseudo-random offset timing regime as discussed above. Notably, preamble 401 and encrypted data 402 are illustrated as each comprising eight pulses but it should be appreciated that they may comprise any suitable number of pulses.

[0063] FIG. 5 illustrates a method 500 of modulating an encrypted covert signal at a transmitter. A fixed preamble 501 is processed with an encryption algorithm 502a which incorporates a time 503a and an encryption key 504a. This step may assign a pseudo-random offset time to the preamble 501. The preamble 501 may be used for validation of the covert signal at a receiver. It may also be effective for transferring time to a receiver at an arbitrarily determined time precision (e.g., 1 s as shown in FIG. 6). Data (e.g., DGPS data) 505 is combined with a cyclic redundancy checksum and frame error checksum 506. Then, similar to the preamble 501, the data 505 is processed with an encryption algorithm 502b (may or may not use the same encryption algorithm 502a, encryption key 504a, or time 503a as the preamble 501). The preamble 501 and data 505 are then combined 507 before being mapped to a time slot and modulated 508. In conformance with existing transmitters, covert signal bursts (which may be a single pulse or a sequence of pulses) may follow a standard modulation process of emitting a teardrop pulse (or an acceptable waveform variant) sequence wherein each pulse transmission has an approximately 10 s pulse width time. It should be noted the described method is just one example of processing for a covert signal and is not limiting. Any known appropriate method of encryption, mapping, or modulation may be used.

[0064] FIG. 6 illustraets an exemplary method 600 of decrypting a covert signal 609 (e.g., transmitted covert signal 509 of FIG. 5) at a secure receiver. The receiver may have advanced knowledge (via a back-channel) of a fixed preamble 601 and encryption key(s) 604. This information may be fed into a decryption algorithm 602, along with a time 603, before being mapped 608a to a time slot. When a signal 609 is received, it may be demodulated 608b using this information. The signal 609 may then be fed into a decryption algorithm 602b for analysis 610 of the encrypted preamble. In the absence of a preamble, the covert signal 609 may be determined to be spoofed. If a preamble is present, real time pulses are correlated 611 to a time accurate to 1 s and the data may be demodulated and decoded.

[0065] FIG. 7 illustrates a method 700 of using covert signals to verify data and an associated time. An eLoran time 701 may be generated using open LORAN signals and a trusted time 702 may be generated using covert signals. These two times may be compared 703 to verify that they match. Notably, the times may match even if different, so long as a relationship between the two times corresponds to observed historical differences. If the times do not match 704, a secure receiver may cease using open signals and instead default to only using the coverts signals. If the times do match 705, the receiver may continue using the open signals appropriately.

[0066] While the foregoing has illustrated and described several embodiments in detail in the drawings and foregoing description, such illustration and description is to be considered as exemplary and not restrictive in character. For example, certain embodiments described hereinabove may be combinable with other described embodiments and/or arranged in other ways (e.g., process elements may be performed in other sequences). Accordingly, it should be understood that only a preferred embodiment and variants thereof have been shown and described and that all changes and modifications that come within the spirit of the disclosure are desired to be protected.