Detecting Single-antenna Spoofing Attacks by Correlation in Time Series of Raw Measurements

Global Navigation Satellite System (GNSS) receivers are vulnerable to intentional radio frequency interferences, posing significant risks to their performance and reliability. Among these threats, it has been widely argued that modern GNSS-equipped Android™ smartphones are resilient to non-coherent spoofing attacks. This study challenges such a perception by highlighting the vulnerability of GNSS-equipped Android™ smartphones to single-antenna, non-coherent spoofing attacks and proposing a novel, application-level detection technique solely based on raw GNSS observables, i.e., carrier-to-noise-density time series. The analysis demonstrated the capability of successfully detecting such attacks by observing the cross-correlation among Global Navigation Satellite System (GNSS) measurements time series. Cross-correlation quantified by Pearson’s correlation coefficients shows a relevant increment during harmful spoofing attacks. Under these conditions, the proposed methodology allows to rise a spoofing alarm in about 5 seconds with a false alarm probability of 1.5%. Furthermore, the proposed technique does not require low-level signal access, making it suitable for implementation at the application layer in a large number of smart devices with limited knowledge of their low-level system architecture. A validation campaign has been performed by testing 18 different Android™ devices and chipsets, thus demonstrating the applicability of the proposed method independently from the device under test.