With trillions of devices connected in large scale systems in a wired or wireless manner, positioning and synchronization become vital. Global Navigation Satellite System (GNSS) is the first choice to provide global coverage for positioning and synchronization services. From small mobile devices to aircraft, from intelligent transportation systems to cellular networks, and from cargo tracking to smart grids, GNSS plays an important role, thus, requiring high reliability and security protection.       

However, as GNSS signals propagate from satellites to receivers at distance of around 20 000 km, the signal power arriving at the receivers is very low, making the signals easily jammed or overpowered. Another vulnerability stems from that civilian GNSS signals and their specifications are publicly open, so that anyone can craft own signals to spoof GNSS receivers: an adversary forges own GNSS signals and broadcasts them to the victim receiver, to mislead the victim into believing that it is at an adversary desired location or follows a false trajectory, or adjusts its clock to a time dictated by the adversary. Another type of attack is replaying GNSS signals: an adversary transmits a pre-recorded GNSS signal stream to the victim receiver, so that the receiver calculates an erroneous position and time. Recent incidents reported in press show that the GNSS functionalities in a certain area, e.g., Black Sea, have been affected by cyberattacks composed of the above-mentioned attack types.        

This thesis, thus, studies GNSS vulnerabilities and proposes detection and mitigation methods for GNSS attacks, notably spoofing and replay attacks. We analyze the effectiveness of one important and powerful replay attack, the so-called Distance-decreasing (DD) attacks that were previously investigated for wireless communication systems, on GNSS signals. DD attacks are physical layer attacks, targeting time-of-flight ranging protocols, to shorten the perceived as measured distance between the transmitter and receiver. The attacker first transmits an adversary-chosen data bit to the victim receiver before the signal arrives at the attacker; upon receipt of the GNSS signal, the attacker estimates the data bit based on the early fraction of the bit period, and then switches to transmitting the estimate to the victim receiver. Consequently, the DD signal arrives at the victim receiver earlier than the genuine GNSS signals would have, which in effect shortens the pseudorange measurement between the sender (satellite) and the victim receiver, consequently, affecting the calculated position and time of the receiver. We study how the DD attacks affect the bit error rate (BER) of the received signals at the victim, and analyze its effectiveness, that is, the ability to shorten pseudorange measurements, on different GNSS signals. Several approaches are considered for the attacker to mount a DD attack with high probability of success (without being detected) against a victim receiver, for cryptographically unprotected and protected signals. We analyze the tracking output of the DD signals at the victim receiver and propose a Goodness of Fit (GoF) test and a Generalized Likelihood Ratio Test (GLRT) to detect the attacks. The evaluation of the two tests shows that they are effective, with the result being perhaps more interesting when considering DD attacks against Galileo signals that can be cryptographically protected.       

Moreover, this thesis investigates the feasibility of validating the authenticity of the GNSS signals with the help of opportunistic signals, which is information readily available in modern communication environments, e.g., 3G, 4G and WiFi. We analyze the time synchronization accuracy of different technologies, e.g., Network Time Protocol (NTP), WiFi and local oscillator, as the basis for detecting a discrepancy with the GNSS-obtained time. Two detection approaches are proposed and one testbench is designed for the evaluation. A synthesized spoofing attack is used to verify the effectiveness of the approaches.       

Beyond attack detection, we develop algorithms to detect and exclude faulty signals, namely the Clustering-based Solution Separation Algorithm (CSSA) and the Fast Multiple Fault Detection and Exclusion (FM-FDE). They both utilize the redundant available satellites, more than the minimum a GNSS receiver needs for position and time offset calculation. CSSA adopts data clustering to group subsets of positions calculated with different subsets of available satellites. Basically, these positions, calculated with subsets not containing any faulty satellites, should be close to each other, i.e., in a dense area; otherwise they should be scattered. FM-FDE is a more efficient algorithm that uses distances between positions, calculated with fixed-size subsets, as test statistics to detect and exclude faulty satellite signals. As the results show, FM-FDE runs faster than CSSA and other solution-separation fault detection and exclusion algorithms while remaining equally effective.

 Global Navigation Satellite Systems (GNSS) provide ubiquitous precise localization and synchronization for a wide gamut of applications, spanning from location-based service to core industrial functionalities in communications and large infrastructure. Civilian use of GNSS relies on publicly available signals and infrastructure designed to operate at a high level of interoperability. Nevertheless, such systems proved to be vulnerable to voluntary and involuntary interference aiming to deny, modify, and falsify the GNSS-provided solution. This poses a significant threat to the robustness of satellite-based timing and localization. A decreasing entry threshold from the knowledge and tools accessibility perspective makes mounting such attacks feasible and effective even against low-value targets. In this work, this issue is targeted, with a practical approach, from three directions, by cross-checking the navigation solution with alternative providers of time, by localizing the interference source and characterizing it, and by relying on specific receiver dynamics to eliminate falsified signals. We discuss protection mechanisms targeting the consumer market based on available infrastructure or on sensing supported by sensors embedded in the GNSS-enabled platform itself. These efforts collectively aim to improve the robustness of consumer GNSS solutions, without modifying the GNSS receiver or the signal structure, to provide secure and reliable navigation and timing in an increasingly adversarial environment.

Globala system för satellitnavigering (eng. global navigation satellite systems, GNSS) tillhandahåller allestädes närvarande precis platsbestämning och synkronisering för ett brett spann av tillämpningar, från platsbaserade tjänster till industriella kärnfunktioner i kommunikation och stora infrastrukturer. Civil användning av GNSS förlitar sig på allmänt tillgängliga signaler och infrastruktur som är designad att användas på en hög nivå av interoperabilitet. Dessa system har visat sig sårbara för störningar som söker att neka, modifiera och falsifiera GNSS-lösningar. Detta utgör ett allvarligt hot mot tillförlitligheten av satellitbaserad tids- och platsbestämning. En sänkning av tröskeln för tillgängligheten av kunskap och verktyg gör det möjligt och effektivt att inleda sådana attacker, även mot lågvärdesmål. I detta verk angrips problemet praktiskt via tre tillvägagångssätt: genom dubbelkontroll av navigationslösningen med alternativa internettidsleverantörer, genom lokalisering av störningskällan och karaktärisera den, och genom att förlita sig på specifik mottagardynamik för att eliminera falsifierade signaler. Vi diskuterar skyddsmekanismer ämnade för konsumentmarknaden baserat på tillgänglig infrastruktur eller m.h.a. mätningar från inbyggda sensorer i GNSS-plattformen i sig. Dessa ansträngningar söker att gemensamt förbättra tillförlitligheten hos konsument GNSS-lösningar, utan att modifiera GNSS-mottagaren eller signalstrukturen, för att erbjuda säker ochpålitlig navigation och tid i en alltmer fientlig miljö