1

Assessment of the Vulnerability to Spoofing Attacks

of GNSS Receivers Integrated in Consumer Devices
Akmal Rustamov∗† , Neil Gogoi∗ , Alex Minetto∗ , Fabio Dovis∗ ∗ Department of Electronics and
Telecommunications, Politecnico di Torino, Turin, Italy † Turin Polytechnic University in Tashkent, Tashkent,
Uzbekistan

Abstract—In this paper, we investigate the effects of spoofing unit which is typically interfaced to an application layer, the
attacks on the mass-market positioning and navigation units position information is exchanged to other services or stored
integrated in modern day Android™ smartphones. In order in remote databases. Such an architecture is prone to a wide
to operate spoofing in a real environment, we designed and
implemented a portable, configurable, low-cost GPS spoofer range of spoofing attacks, especially if it is based on products
exploiting a software-defined radio (SDR) implementation and which are low-cost, Commercially available and Off-The-
a low-cost front-end. Such a tool has been exploited to set up a Shelf (COTS). These use the aforementioned satellite-based
test campaign trying to mislead the Position, Velocity and Time positioning services and standard unencrypted communication
computation of different Android™ smartphones. The effects of services. As a consequence, it is worth examining the potential
such simplistic spoofing attack on the smartphone GNSS has
been assessed observing raw measurements and the evaluated effects of intentional interference on the low-cost GNSS units
positions and time. The main findings of this work showed embedded in mass market receivers as well as assessing the
that modern Android™ devices have a remarkable resilience resilience of the receiver itself. Many studies are available on
to simplistic spoofing attacks, highlighting in parallel further defence against civil GNSS spoofing attacks. In [5], Unicorn
potential weaknesses to be protected by means of practical Team showed the spoofing technology using MATLAB® to
defence mechanisms and countermeasures to spoofing.
Record GPS signal by a USRP™ B210 and Replay the signal
Index Terms—Global navigation satellite system, Global Position- by a SDR BladeRF™ to spoof PVT of a smartphone. The
ing System, Smart devices, Radiofrequency interference team presented the vulnerability of smartphones even if the
trial regarded a limited number of devices. In addition, work
developed in [6] showed how easy it is to spoof the navigation
I. I NTRODUCTION
solution in the phone using software radios and additional

W ITH the use of Global Navigation Satellite Systems

(GNSS) in many applications and services, a con-
stantly growing attention is being devoted to the security and
equipment. A study of spoofing in road navigation, developed
in [7], presents a spoofing attack under practical constraints
with a fake road map. In [8], a technique based on monitoring
safety of the technologies needed to process navigation signals the correlation peaks of the Carrier-to-Noise density ratio
and estimate the positions. Current GNSS signals used for (C/N0 ) is suggested in order to reduce the effect of the
mass-market applications (e.g. GPS L1 C/A, E1 Galileo and threats. In [9], the authors proposed a detection method based
GLONASS) do not provide any means to ensure the authentic- on low-cost Inertial Measurements Units (IMUs) for spoofing
ity of the transmitting source or to protect the receiver against detection. In the spoofing scenario, the coherence between
possible spoofing attacks [1], [2], [3]. Galileo is planning the IMU and GNSS measurements is evaluated using acceleration
use of the Open Service Navigation Message Authentication and rotation rate vectors. In [10], mitigation countermeasures
Signal (OSNMA) and the Commercial Authentication Service at hardware level are proposed, such as multi-antenna receivers
(CAS), with the aim of allowing users to calculate Position, [11], [12]. Similarly, in [13], [14], the impact of spoofing
Time and Velocity (PVT) solution based on trusted signals. attacks on mobile phones is analysed and specific techniques
Nevertheless, currently, GNSS receivers are vulnerable to in- are suggested to enhance security such as the use of cheap
tentional interference and this opens opportunities for attackers acceleration sensors. In [15], inertial navigation sensors such
who want to impair or mislead them [4]. This constitutes a as magnetometer, accelerometer, and barometer are used for
threat to many applications based on GNSS receivers, thus, triggering possible spoofing events in smartphones. Several
making them vulnerable and in some cases can also have countermeasures are still at research stages and most low-cost
a cascading effect onto interconnected systems and critical commercial devices are yet to implement even basic detection
infrastructures. From a general perspective, the GNSS receiver mechanisms [16]. Despite the proposed solutions, there is
plays a core role providing the only absolute estimation of the as yet no fully proven defence against GNSS spoofing and
position in most positioning units. Such units may also include no extensive investigation carried out on Android™ domain.
several exteroceptive and proprioceptive sensors like Inertial Smartphones account for almost 80% of the global installed
Measurement Units (IMUs), Barometers, Ultra-Wide Band base of GNSS devices [17] and in 2020 the number of smart-
(UWB) ranging and proximity sensors, etc. aiding or refining phone users is forecast to reach almost 3.5 billion [18]. In light
the positioning solution. In the general scheme of a positioning of this, a comparative analysis of the resilience of Android™
978-1-7281-6455-7$31.00 © 2020 IEEE domain to intentional disturbances is performed in this paper.

Authorized licensed use limited to: Chaitanya Bharathi Institute of Tech - HYDERABAD. Downloaded on August 21,2020 at 11:15:22 UTC from IEEE Xplore. Restrictions apply.
 2

The experimental work presented hereafter provides one of the power which is increased slowly till the receiver has acquired
first investigations on the use of a portable spoofer to threaten and started to track the spoofed signals. In [22], research
Android™ smartphones. The portable low-cost spoofer has conducted sophisticated spoofing scenarios in a multi-layered
been developed, based on open source signal generator and processing architecture. However, this type of spoofing uses
low-cost electronics and radio-frequency equipment and then multiple antennas to broadcast GNSS signals to overcome
used to carry out spoofing attacks on different Android™ standard anti-spoofing techniques. Thus, it is rarely used due
smartphones. The rest of the paper is organised as follows: to its high cost and complexity.
In Section II, background of a spoofing attack, spoofing tech-
niques and the state of vulnerability of receivers are explained.
Section III provides a methodology of the experimental setup B. Spoofing attacks to integrated GNSS receivers in smart-
and test. Results and analysis on the performance of the phones
smartphones under the spoofing attack is discussed in Section Some demonstrations of spoofing against Google Android™
IV. Conclusions and further research are then drawn in Section OS are presented in [23] with realistic spoofing and fake
V. Google Maps™ integration. This work demonstrated that
spoofing might impact the device’s navigation unit affecting
II. BACKGROUND in turn a popular Location Based Service (LBS). Since the
version 7 onwards of Android™ OS gives access to raw GNSS
A. Spoofing attacks measurements, it can be exploited to study and detect the effect
Spoofing methodologies are typically classified on the basis of spoofed signals in applicable smartphones. The raw GNSS
of the difficulty in inducing the attack and on the possibility measurements may include internal clock measurements like
to detect it from a receiver point of view. Compared to a the time of signal reception, clock drift, clock discontinuities,
jamming disturbance to a GNSS receiver, which could signif- etc. and the GNSS receiver measurements such as received
icantly impair the receiver at a signal processing stage, thus, GNSS satellite time, Doppler frequency, carrier phase mea-
allowing easy detection, a spoofing disturbance challenges surements, constellation status, navigation messages, etc. [24]
potential detection as the receiver operation is not interrupted. . More recently, the Google Service Framework™ also provides
Depending on the features of the spoofing and the complexity Automatic Gain Control (AGC) measurements in its Android™
of the attack, it is possible to classify these disturbances location modules with the release of Android™ Android Ap-
into three categories: simplistic, intermediate and sophisticated plication Program Interface (API) 9.0. However, not all the
[19], [20]. GNSS chipsets or software of the different Android™ devices
a) Simplistic spoofing: It is characterised as a transmission are compatible with such measurements and the quality of the
of locally generated RF signals forcing receivers to compute a raw GNSS measurements vary between device to device [25],
fake PVT solution. A lack of synchronisation between spoofers [26].
and GNSS timescale can be often used to detect occurring
attacks. This type of spoofer can be also built by using a
III. M ETHODOLOGY
signal simulator which re-transmit fake signal or SDR low-
cost components. A. A low-cost, portable spoofer
b) Intermediate spoofing: the spoofer has a built-in receiver In our experiment we used a low-cost spoofer based on a Great
that collects and tracks the satellite signal parameters in order Scott Gadgets™ HackRF One™ platform and a Raspberry™ PI
to generate a new signal that is consistent with real GNSS 4B. The HackRF One™ is a low-cost, open-source Software-
signals. It receives real time GNSS signals, changes the signal Defined Radio allowing fast and accurate RF signal transmis-
properties based on its need and transmits GNSS signals sion from binary files. This front-end can receive and transmit
synchronised with real GNSS time to the targeted victim signals from 1 MHz to 6 GHz with adjustable power and
receiver. An intermediate spoofing hardware might have GNSS channel capacity. The software used to numerically generate
receiver integrated with front-end or conventionally designed the spoofed GPS signal is GPS-SDR-SIM [27], an open GPS
for spoofing purposes. A drawback of Intermediate spoofing L1 C/A signal generator toolbox distributed with a MIT
attack, is that it require certain target information which is licence [28]. A scheme of the device is provided in Figure
difficult to implement. For successfully misleading the target, 1.
different factors must be theoretically evaluated and combine
with experimental verification. Some implementations of in-
termediate spoofing scenario is made of civilian GPS with
L1 Stick
modified software defined receiver integrated with front-end Battery Pack Antenna
[4].
Raspberry Py 4B HackRF One RF Coaxial
c) Sophisticated spoofing: also referred to as ’nulling’ trans- Cable
mits a destructive interference signal along with fake spoofed GPS-SDR-SIM RF SMA Interface
USB Cable
signals. Sophisticated spoofing is the most dangerous because Data/Power
USB 3.0 Interface USB 3.0 Interface
it takes control of the target receiver without being detected.
As described in [21], the attack principle is soft-take-over or
time-synchronised transmission. It starts with a low level of Fig. 1. High-level schematic of the low-cost portable spoofer.

Authorized licensed use limited to: Chaitanya Bharathi Institute of Tech - HYDERABAD. Downloaded on August 21,2020 at 11:15:22 UTC from IEEE Xplore. Restrictions apply.
 3

TABLE I
D EVICES UNDER TEST.

ID Model System on cheap (SOC) GNSS chipset

S1 S8 Qualcomm Exynos 8890 BCM 4774
S2 MI 8 Qualcomm Snapdragon 845 BCM 47755
S3 MI 8 PRO Qualcomm Snapdragon 845 BCM 47755

The attack was planned simulating a static position and all the
visible satellites belonging to GNSS constellations and their
signals were transmitted to the SDR equipment. An optional
reference clock can be used to discipline the signal generation
at an increased cost of the overall equipment. For the scope of
the paper, reference oscillator was not connected to the front-
end. Power supply can be provided through a mass-market,
10000 mAh battery pack according to the supply specification
of the Raspberry Pi 4B. The HackRF One can be then supplied
by the Raspberry Pi itself through the USB 3.0 interface. The
spoofing attack can be performed through the portable spoofer
according to the following steps:

1) Trajectory generation. The fake trajectory was generated

in Linux OS implementing a National Marine Electron- Fig. 2. Experimental setup consisting of a HackRF One, (1) equipped
with an L1 stick antenna, (2), a Raspberry PI 4B, (3) a u-blox™
ics Association (NMEA) GGA stream and a .csv file Neo-M8N GNSS, (4) with an active GNSS antenna, (5) and a set of
containing the Earth-centered Earth-fixed (ECEF) posi- smartphones, (6) listed in Table I.
tion with a 10 Hz sampling rate. The file is transmitted
through the USB interface of the Raspberry Py4.
2) Numerical signal generation. The trajectory is then The raw GNSS measurements of the smartphones were pro-
injected to the GPS-SDR-SIM. The software generates cessed on the MATLAB®® GPS measurement-tools software1
a file with In-phase/Quadrature (I/Q) samples of the [29]. For the purpose of this paper, the following raw mea-
baseband signal complex envelope that is ready to be surements are mainly analysed to test the effects of spoofing:
injected to the SDR front-end (i.e. HackRF One). a) Carrier-to-Noise Density Ratio (C/N0 ): : It is a basic indi-
3) Digital to analogue conversion and RF signal trans- cator of received satellite signal quality. Abrupt variations to it
mission. The front-end (HackRF One™ ) is in charge can indicate the presence of interference while an unnaturally
to perform the digital-to-analogue conversion mixing high value could also indicate presence of a fake satellite
the baseband signal provided at step 2 to the carrier signal.
frequency (i.e. GPS L1), thus, offering quadrature mod- b) Automatic Gain Control (AGC): : The AGC implementa-
ulation in L1 band. tion in a smartphone acts as a variable gain amplifier adjusting
the power of the incoming signal. Changes in the value are
typically indicative of power fluctuations of the input signal
in the frequency band foreseen this measurement [24]. AGC
B. Test devices
is extremely useful in detecting spoofing attacks and has been
Following the direction of testing the chosen simplistic used in the past to detect defective signals [30].
portable spoofing methodology on consumer GNSS devices, c) Time of Signal Transmission and Reception: : The GPS
three different commercial smartphones were chosen among Time of signal Transmission, tT X , is demodulated from the
those equipped with Google Android™ 8 Operating System received signal and used to compute the pseudorange from the
(OS). These are detailed in Table I and are referred to as particular satellite along with The Time of signal Reception,
S1, S2 and S3 respectively in the following analysis. In tRX , which is taken either from the cellular or Wi-Fi net-
order to identify and procure GNSS raw measurements, the work in the smartphone. A remarkable difference in the two
GNSS Logger Android application provided by Google™ was timestamps could indicate an altered tT X data coming from a
installed in the android devices. The devices PVT solutions spoofed signal or a faulty satellite. Generally, it is in the range
were logged through the Android application NMEA tools, of 60 − 100 ms.
which provides the GNSS raw position of the smartphone
in standard NMEA format. Figure 2 shows the set-up of C. Spoofing scenario
different Android™ devices and the transmitting antenna of the A 15-minutes spoofing scenario was tested in a controlled
developed spoofer. Additionally, a commercial GNSS receiver outdoor environment with open sky conditions. By acting
was also used as a benchmark for data collection and PVT
estimation. 1 Apache Licence 2.0 (http://www.apache.org/licenses/LICENSE-2.0)

Authorized licensed use limited to: Chaitanya Bharathi Institute of Tech - HYDERABAD. Downloaded on August 21,2020 at 11:15:22 UTC from IEEE Xplore. Restrictions apply.
 4

TABLE II measurements of the three different subset of satellites. The

S ATELLITE S UBSETS data analysed is from smartphone S3 but similar results were
also achieved with S2. GNSS raw measurement could not
Subset SV ID Number
be retrieved from S1 after the spoofer was turned on. The
Real 24,25,28,19,17,15,13,12
Fake 8,16,27
effect on position computation of the smartphone as retrieved
Common 10,20,32 from the Android location API was also analyzed, as reported
in the following. The u-blox™ Neo-M8N receiver position
shifted to the coordinates provided by the spoofer within 1
minute from the start of the spoofing action, thus, validating
the effectiveness of the attack.
28 10
20
A. Effect on Real satellites
20
10
Figure 4 compares the C/N0 and pseudoranges of two real
24 17 SV IDs during the entire test period with SV ID 24 and 25
19
being at high and low elevations respectively. Naturally this
8
8 90
will affect their signal strength and pseudorange distance as
seen in the Figure 3. It is clear that the spoofer acts as a
32
32
25 12
27
27
source of interference over the L1 frequency band disturbing
the healthy satellites during the spoofing timespan and tracking
15
13
of low elevation satellites being lost. This effect is seen for
the L1 signals of constellations as well.
16
16

Fig. 3. Sky-plot showing real and spoofed satellite signals. 40

SPOOFING TIMESPAN
30 SV ID 25
SV ID 24
on the HackRF One transmitting power, the range of the 20
spoofer antenna was kept to within 1-3 m to not provide
10
any disturbance beyond the range of the controlled environ- 0 100 200 300 400 500 600 700 800 900
ment. The smartphones were positioned at a location with
coordinates 45.064406 N, 7.661922 E (Turin, Italy) starting 107

UTC time of February 11, 2020, 14.21.41 and for the first 2.4 SPOOFING TIMESPAN
5 minutes, they received live GNSS signals without any 2.3 SV ID 24
SV ID 25
other interference. Then the portable spoofer was switched 2.2
2.1
on, broadcasting spoofing signals over GPS L1 band with
2
coordinates 45.470111 N, 9.179874 E (Milan, Italy) and UTC 0 100 200 300 400 500 600 700 800 900
time February 10, 2020, 12.00.00 which was 144 km away
from the test location. The spoofing signals were broadcasted Fig. 4. Effect on real satellites (SV ID 24 and 25) during the test
for 5 minutes after which the spoofer was switched off. For the duration.
remaining duration, the smartphones received only live GNSS
signals. The u-blox™ Neo-M8N GNSS receiver was used for B. Fake and Real satellites comparison
cross validation of the test measurements. 14 GPS satellites Figure 5 plots the AGC dB values of the S3 GNSS receiver
were considered in the overall scenario. As seen in Table II, during the test period. It is observed that the effect of turning
the satellites could be divided into three different subsets. The on the spoofer is similar to what in-band jamming or inter-
first subset (Real) consists of the real in-view Satellite Vehicle ference would do. Due to the presence of powerful spoofing
Identifiers (SV IDs) which were received by each device and signals, the receiver reduces the amplification of the incoming
not part of the satellites transmitted by the spoofer. The second sign which, while disturbing real signals, allows fake signals
subset (Fake) consists of the SV IDs which were transmitted to be easily acquired. This is clear when comparing the C/N0
by the spoofer and visible to all the smartphones, but their real of a fake (SV ID 16) and real signal (SV ID 24) in Figure
counterparts were not in view during the test period [8, 16, 6. An important difference captured between the two satellite
27]. The third subset (Common) consists of the overlapping signals is the tT X , whose values in a real signal was within
Satellite Vehicle (SV) IDs which were both in-view real time the standard 100 ms of the tRX throughout the test, while fake
and transmitted by the spoofer as well [10, 20, 32]. The overall signals had tT X and tRX difference values over 105 seconds.
satellite skyplot during the test is shown in Figure 3. This naturally gives a hugely and unrealistic pseudorange
value for the fake satellite. Nevertheless, it has to be remarked
IV. R ESULTS AND A NALYSIS that no effect is experienced on the time provided, since the
This section is roughly divided based on the effect of the connected device is kept synchronised to the communication
spoofing described in Section III-C on GPS L1 GNSS raw network infrastructure (cellular or Wi-FI).

Authorized licensed use limited to: Chaitanya Bharathi Institute of Tech - HYDERABAD. Downloaded on August 21,2020 at 11:15:22 UTC from IEEE Xplore. Restrictions apply.
 5

55
be speculated that the smartphones maintain their true position
SPOOFING TIMESPAN
with the help of multi-constellation, multi-frequency GNSS
50
capabilities along with network positioning and other sensors.
45 It is interesting to notice that S1 carries the Broadcom™ BCM
40 4774 chipset without dual frequency GNSS capabilities and it
35 is affected the most, comparatively.
30
0 100 200 300 400 500 600 700 800 900
Error in ECEF X coordinate
SPOOFING TIMELAPSE
Fig. 5. Effect of Spoofing on AGC.

50
Error in ECEF Y coordinate
40 SPOOFING TIMESPAN

30 SPOOFING TIMELAPSE

20
SV ID 16 Error in ECEF Z coordinate
SV ID 24
10 S3
SPOOFING TIMELAPSE
0 100 200 300 400 500 600 700 800 900 S2
S1

Fig. 6. Comparison of Fake (SV ID 16) and Real (SV ID 24) satellite’s
C/N0 .
Fig. 8. Effect on Smartphone GNSS Position.
C. Effect on Common satellites
Figure 7 plots the effect of spoofing on the C/N0 , Pseudorange V. C ONCLUSION AND FURTHER RESEARCH
and Carrier phase measurements of a Common satellite (SV ID In this work, a portable GPS L1 spoofer was implemented
10) present among the live satellites and in the set of spoofed and a spoofing strategy was proposed for the calculation of
signals. It can be seen that the receiver does not acquire the intentionally misleading PVT solution on a GNSS receiver.
fake satellite signal with the same SV ID during the spoofing Comparative analysis is addressed on the performance of
timespan and only looses acquisition of the real signal. It modern commercial smartphones and it is comprehensively
reacquires the real satellite after spoofing stops as also seen seen that a simplistic spoofing attack is not fully successful on
by the carrier phase measurement. such smartphones in ope -sky conditions. Spoofer transmitted
satellites though acquired, are not used by the smartphone
40 GNSS receivers except in the case of overlapping satellites
30
20
SPOOFING TIMESPAN where they are not present in the set of already acquired
10 signals. The spoofer acted more as an interference agent to
0 100 200 300 400 500 600 700 800 900
the smartphones in the L1 band and their GNSS receiver
clocks are not affected by it. The effect of a longer duration
SPOOFING TIMESPAN
of spoofing than presented in this paper and multi-frequency
(L1 and L5) spoofer implementation are to be seen. This
suggests that a proper attack should implement as well an
initial jamming phase before presenting the fake signals to the
30
receiver for acquisition. An important follow up of this work
20 SPOOFING TIMESPAN
is the development of an intermediate portable spoofer to gain
10
0 100 200 300 400 500 600 700 800 900
success in spoofing modern day smartphones and then develop
proper counter measures since such spoofers are already a
reality today.
Fig. 7. Common Satellite (SV ID 10) analysis.

R EFERENCES
D. Effect on smartphone GNSS position estimation.
[1] European Space Agency (ESA), “Galileo open service, Signal-In-Space
Figure 8 shows the error in position of the ECEF coordinates Interface Control Document (OS SIS ICD),” 2008.
of the three different smartphones during the test. The spoofing [2] Coordination Scientific Information Center, “Global Navigation Satellite
time span is delayed compared to the previous plots as NMEA System GLONASS Interface Control Document (ICD),” 2002.
Tools app was initialised before GNSS Logger app. It can be [3] K. Linux, “Penetration testing and ethical hacking linux distribution,”
seen that spoofing achieves only a few metres of deviation 2018.
in the position output of the GNSS receiver which can be at- [4] F. Dovis, GNSS interference threats and countermeasures. Artech
tributed to the loss of some satellites due to interference. It can House, 2015.

Authorized licensed use limited to: Chaitanya Bharathi Institute of Tech - HYDERABAD. Downloaded on August 21,2020 at 11:15:22 UTC from IEEE Xplore. Restrictions apply.
 6

[5] L. Huang and Q. Yang, “Low-cost GPS simulator GPS spoofing by [25] N. Gogoi, A. Minetto, N. Linty, and F. Dovis, “A controlled-
SDR,” in Proceedings of DEFCON, 2015. environment quality assessment of android GNSS raw measurements,”
Electronics, vol. 8, no. 1, p. 5, Dec 2018. [Online]. Available:
[6] S. Lo, Y. H. Chen, T. Reid, A. Perkins, T. Walter, and P. Enge, http://dx.doi.org/10.3390/electronics8010005
“The benefit of low cost accelerometers for GNSS anti-spoofing,” in
Proceedings of the ION 2017 Pacific PNT Meeting, 2017, pp. 775–796. [26] G. Galluzzo, M. Navarro-Gallardo, and M. Sunkevic, “Using GNSS raw
measurements on android devices-tutorial part i,” 2017.
[7] K. Wang, S. Chen, and A. Pan, “Time and position spoofing with open
source projects,” black hat Europe, vol. 148, 2015. [27] “Software-defined GPS signal simulator,” https://github.com/osqzss/gps-
sdr-sim, accessed: 2020-02-10.
[8] J. Nielsen, V. Dehghanian, and G. Lachapelle, “Effectiveness of GNSS
spoofing countermeasure based on receiver CNR measurements,” Inter- [28] “MIT licence,” https://opensource.org/licenses/mit-license.php,
national Journal of Navigation and Observation, vol. 2012, 2012. accessed: 2020-02-10.
[9] J. T. Curran and A. Broumendan, “On the use of low-cost IMUs for [29] “Google GNSS logger,” https://github.com/google/gps-measurement-
GNSS spoofing detection in vehicular applications,” in Proceedings of tools/, accessed: 2020-02-10.
ITSNT, 2017.
[30] F. Bastide, D. Akos, C. Macabiau, and B. Roturier, “Automatic gain
[10] S. Daneshmand, A. Jafarnia-Jahromi, A. Broumandan, and control (AGC) as an interference assessment tool,” 2003.
G. Lachapelle, “A low-complexity GPS anti-spoofing method using a
multi-antenna array,” a a, vol. 2, p. 2, 2012.
[11] S. Han, L. Chen, W. Meng, and C. Li, “Improve the security of GNSS
receivers through spoofing mitigation,” IEEE Access, vol. 5, pp. 21 057–
21 069, 2017.
[12] A. Broumandan, A. Jafarnia-Jahromi, V. Dehghanian, J. Nielsen, and Akmal Rustamov is a PhD candidate at the Department of Electronics
G. Lachapelle, “GNSS spoofing detection in handheld receivers based and Telecommunications of Politecnico di Torino. His research is focused
on signal spatial correlation,” in Proceedings of the 2012 IEEE/ION on implementation and resilience test of a GNSS positioning systems for
Position, Location and Navigation Symposium, April 2012, pp. 479– road applications. He received his MSc degree in the field of Mechanical
487. Engineering in 2016 at Turin Polytechnic University in Tashkent. He involved
[13] D. Miralles, N. Levigne, D. M. Akos, J. Blanch, and S. Lo, “Android in teaching assistant part of the course ”Electrical Machines and Circuit
raw GNSS measurements as a new anti-spoofing and anti-jamming theory” at Polytechnic University of Turin in Tashkent.
solution,” in Proceedings of the 31st International Technical Meeting
of The Satellite Division of the Institute of Navigation (ION GNSS+
2018), Miami, Florida, 2018, pp. 334–344.
[14] S. Ceccato, F. Formaggio, G. Caparra, N. Laurenti, and S. Tomasin,
“Exploiting side-information for resilient GNSS positioning in mobile
phones,” in 2018 IEEE/ION Position, Location and Navigation Sympo-
sium (PLANS). IEEE, 2018, pp. 1515–1524. Neil Gogoi completed his 1st and 2nd Level Masters at the University of
Nottingham, U.K and Politecnico di Torino, Italy respectively in the field
[15] D. M. S. L. D. A. Dong-Kyeong Lee, Matthias Petit, “Analysis of raw of Navigation technology. His past work includes Multi-Constellation GNSS
gnss measurements derived navigation solutions from mobile devices performance investigation and GNSS deformation monitoring. Currently he is
with inertial sensors,” in Proceedings of the 32nd International Technical pursuing a PhD at Politecnico di Torino within the NavSAS group with the
Meeting of the Satellite Division of The Institute of Navigation (ION support of PIC4SeR. His aim is developing effective navigation systems for
GNSS+ 2019), Miami, Florida, 2019, pp. 3812 – 3831. robotic vehicles with current focus on the feasibility of Android smartphones
and cooperative algorithms towards it.
[16] L. Dobryakova and E. Ochin, “On the application of GNSS signal
repeater as a spoofer,” Zeszyty Naukowe/Akademia Morska w Szczecinie,
2014.
[17] European GNSS Agency. GSA GNSS market report issue 5. [Online].
Available: https://www.gsa.europa.eu/market/market-report
[18] GSA. Gsa gnss market report issue 6. [Online]. Available:
https://www.gsa.europa.eu/market/market-report Alex Minetto is a PhD candidate at the Department of Electronics and
Telecommunications of Politecnico di Torino within the Navigation Signal
[19] A. Broumandan, A. Jafarnia-Jahromi, and G. Lachapelle, “Spoofing Analysis and Simulation (NavSAS) group. His research is focused on GNSS-
detection, classification and cancelation (SDCC) receiver architecture based cooperative positioning algorithms. He developed his Master Thesis
for a moving GNSS receiver,” Gps Solutions, vol. 19, no. 3, pp. 475– at European Organization for the Exploitation of Meteorological Satellites
487, 2015. (EUMETSAT) in Darmstadt (Germany), addressing the development of a new
precise detection algorithm for radar pulses sent from Metop satellites during
[20] J. R. v. d. Merwe, X. Zubizarreta, I. Lukčin, A. Rügamer, and W. Felber, their calibration campaign.
“Classification of spoofing attack types,” in 2018 European Navigation
Conference (ENC), 2018, pp. 91–99.
[21] C. Gunther, in A Survey of Spoofing and Counter-Measures. Navigation,
2014, pp. 159–177.
[22] J. N. A. Jafarnia-Jahromi, A. Broumandan and G. Lachapelle, “GPS vul-
nerability to spoofing threats and a review of antispoofing techniques,”
in International Journal of Navigation and Observation, vol.2012, 2012, Fabio Dovis is an associate professor at the Department of Electronics and
pp. 1–16. Telecommunications of Politecnico di Torino as a member of the Navigation
Signal Analysis and Simulation (NavSAS) group. His research interests cover
[23] K. C. Zeng, Y. Shu, S. Liu, Y. Dou, and Y. Yang, “A practical GPS the design of GPS and Galileo receivers and advanced signal processing
location spoofing attack in road navigation scenario,” in Proceedings for interference and multipath detection and mitigation. He has a relevant
of the 18th International Workshop on Mobile Computing Systems and experience in European projects in satellite navigation as well as cooperation
Applications, 2017, pp. 85–90. with industries and research centers.
[24] Google Developers. GNSSmeasurement. [Online]. Available:
https://developer.android.com/reference/android/location/GnssMeasurement

Authorized licensed use limited to: Chaitanya Bharathi Institute of Tech - HYDERABAD. Downloaded on August 21,2020 at 11:15:22 UTC from IEEE Xplore. Restrictions apply.