GPS Background Information
Key Points:
1. GPS receivers utilize a form of triangulation to determine it's location (latitude, longitude, altitude, time) from at least four GPS satellites orbiting the Earth.
2. Four satellites should be visible from most point on the Earth, each satellite transmits it's own location and time (ephemeris data) as well as other control information (almanac, more information below) to the GPS receiver.
3. The GPS receiver needs to take into account the time of arrival, speed of light, and the time of flight in order to correctly get a fix on it's location.
4. Everyday GPS systems can utilize this information in addition to compass, speed, and gyroscopic readings to smooth out and correctly predict data even when a GPS signal momentarily drops out.
What does a GPS satellite transmit?
1. Pseudorandom Code: Used as a specific GPS satellites "ID"
2. Current Date and Time (atomic clock is used for high accuracy and precision)
3. Ephemeris Data: Precise orbital information for the transmitting satellite (actual location)
4. Almanac Data: Imprecise orbital information (predicted location) for ALL satellites
- This is why first acquiring a GPS signal takes some time, this information needs to be received in order to make any kind of accurate prediction.
<- click on this
Pseudorandom Code (Coarse/Acquisition Code)
Explanation taken from this article: https://en.wikipedia.org/wiki/GPS_signals#Coarse/acquisition_code
We want each GPS "ID" code to be as orthogonal (different) from each other as possible to avoid conflicts since each GPS transmit on a small band of frequencies. These "ID" codes are generated as a function of the navigation message as well as an onboard chip which makes the "ID" as unique as possible to the transmitting satellite. The more precise mathematical definition is given in the link above.
Ephemeris Data
This is the data that contains the precise location of the transmitting satellite as well as health of the given satellite. This data is typically considered invalid after four hours. The GPS receiver will use this data to determine it's location. This information is located in subframes 2-3, pages 3-10.
Almanac Data
This data is used to acquire a set of GPS satellites based on a stored time and location, this data remains valid for 180 days. This data is transmitted in subframes 4-5, subpages 3-10.
The data contains coarse orbit information for all the satellites in the constellation of satellites, an ionospheric model (which model that is a function of the location, altitude, day of the year, phase of the sunspot cycle, and geomagnetic activity), and the necessary information to relate the GPS time to UTC. This large amount of information needs a total of 25 frames to transmit (12.5 minutes).
The GPS receiver first uses this information to assist in the acquisition of GPS satellites it knows it should be able to see based on it's own stored position and time. Then the almanac contains the necessary information for the GPS receiver to translate GPS satellite time into human readable UTC time. Finally, the ionospheric model helps in more precisely calculating the delay due to the atmosphere in transmission.
Data Packet Structure
Any given navigation message consists of 30-second frames that are 1,500 bits long. Each frame is divided into 5 subframes of ten 3-bit words each. Each subframe contains the GPS time in 6-second intervals.
Subframe 1 contains the GPS date and any satellite clock correction information, as well as the GPS health and status (i.e., if it is being recalibrated).
Subframes 2-3 contain the ephermeris data.
Subframes 4-5 contains the almanac data. The almanac is always 15,000 bits long, as a result takes 12.5 minutes to transmit completely.
Each GPS week starts with a frame that transmits page 1 of the almanac.
It also should be noted that each subframe begins with a telemetry word that helps detect the beginning of subframe and for the receiver to check it's own clock time. It also contains a handover word which gives the satellite time and subframe counter. The rest of the frame contain the data as described above as well as parity bit correction at the end.
Naive Attack Techniques
1. Replay Attack
- Retransmit genuine GPS signals that have been captured at a previous time
2. Carry-Off Attack
- Start by synchronizing our spoofing signals with the genuine signals and gradually step up the power signal of our spoofing signal until our target accepts the spoofing signal instead.
Experimental Attack Techniques
1. Spoofing the almanac
- This might make it possible for us to spoof our own satellite.
- This might be difficult to do because we would need to be able to create our own CDMA code but this could be an interesting approach.