By Ronak Shah and Rich Battista

U.S. military weapon system platforms and commercial aircraft leverage radio frequency (RF) signals for navigation, timing, communications, and more. As electronic warfare and cyber capabilities intensify, GPS spoofing is becoming an increasing method of interference, with adversaries falsifying navigation data to mislead critical onboard systems and disrupt operations. These attacks pose serious risks, including mission failure, loss of situational awareness, collision, and major safety hazards for military operators and civilian passengers.

Defending Navigation Systems Against GPS Spoofing

To combat this rising threat, Shift5 built an RF-based detection method to rapidly identify early warning indicators of GPS spoofing, providing earlier visibility into navigation threats for increased awareness and safety. With Shift5’s latest detection method, platform operators and commercial pilots have abilities to:

• Detect GPS spoofing faster by analyzing incoming RF signals before they’re processed by a platform’s receiver.
• Receive early warning notifications for suspected GPS spoofing attempts, up to 200 nautical miles in advance.
• View in-cockpit notifications by integrating insights with electronic flight bag (EFB) systems, including ForeFlight.
• Validate their platform’s GPS by cross-referencing internal navigation data with independent RF GPS signals.
• Strengthen defenses by analyzing historical data to identify recurring patterns, regional hotspots, and more.

Detecting GPS Spoofing at the Edge

GPS spoofing is a form of signal deception where an adversary transmits signals with false position, timing, and velocity to a platform or aircraft. These deceptive signals can override legitimate GPS data to trick platforms into operating with compromised data, causing grave safety and mission risks. Unlike GPS jamming, which involves overwhelming a platform with signals that cause degraded or denied navigation, GPS spoofing is more sophisticated, often goes undetected, and is more difficult to combat.

Our GPS spoofing detections assist operators and pilots in guarding against several methods of attack, including:

• Fixed Position Spoof: This is the most prevalent and easiest spoof attack to implement, in which an attacker can transmit a fake GPS signal that represents a fixed location and time.
• Moving Position Spoof: This attack transmits a fake GPS signal in which the position and time change at a different location and time.
• Diverging Path Spoof: This occurs when an attacker’s spoof position matches the actual position and time of a platform, with the spoof position slowly moving away over time to avoid triggering built-in anti-spoof detection mechanisms.
• Parallel Path Spoof: This occurs when an attacker’s spoof position matches the actual position and time of a platform/commercial aircraft with a small, undetectable position offset, which can cause an autopilot to slowly steer off course.

How We Do This

1. We install our Manifold 4 data collection device containing a software-defined radio (SDR) directly on-platform (with an additional hardwire connection to the platform receiver) to continuously process incoming RF data during live missions.
2. The SDR within the Manifold 4 transforms the RF signals into digital signal data to enable advanced, on-platform data analytics.
3. Shift5 software continuously analyzes incoming RF data on-platform to flag suspicious activity that indicates GPS interference.
4. A notification can be sent directly to platform operators and pilots via an Electronic Flight Bag (EFB), such as Foreflight. Historical insights on GPS activity across regions of interest is also available to be viewed in Shift5’s native desktop user interface (UI) or third-party application for further analysis.

RF vs Serial Bus Threat Detection

The RF spectrum is a range of electronic signals that enable systems like GPS, wireless communication, and sensors between a platform and its external environment. In contrast, serial bus data reflects the data transmission across internal onboard systems and components. Pairing serial bus detections and RF detections provides a more comprehensive security posture by both anticipating incoming GPS spoofs and monitoring any resulting impact on navigation systems. Combining RF and serial bus insights can help operators and pilots validate threats faster, identify root causes, and take more precise defensive action.

The Shift5 Platform evolves continually – delivering new detections, analytics models, and mission-relevant capabilities for added operational value over time.