Five Minute Facts About Packet Timing
In a previous post I talked about GNSS jamming and how to mitigate it. Today I will discuss GNSS spoofing. Once again GNSS means Global Navisgation Satellite System, which includes not only GPS, but similar systems like the European Galileo. GNSS jamming is bad, but at least you always know that there is a problem. Your time server will alarm that the GNSS signal is lost and go into holdover or switch to another source of time. With GNSS Spoofing, however, your receiver might think that everything is fine, you just have the wrong time. Nasty!
GNSS spoofing is not as prevalent as GNSS jamming, at least not yet, but it is occurring more often. There are numerous reports of GNSS spoofing, especially in or near Russia and in nautical shipping lanes near China. You are safe, though, since your time server is no where near those parts of the world. Right? Sorry, it gets worse. Just as we found that it was quite inexpensive to buy GNSS jammers, it is also inexpense to build a GNSS spoofer. The tech world has created software defined radio modules like the one in Figure 1.
Such modules are fantastic resources for laboratory experiments and RF product prototyping, but they can also turn to the dark side and spoof GPS, Galileo, etc. The software which makes it easy can be downloaded from GitHub, so a hacker doesn’t even need specialized technical expertise. If it isn’t already happening, then people will use this technology to do naughty things like hijack trucks, and accidentally, or maybe on purpose, corrupt the time of your time server.
Some of the steps recommend to mitigate jamming, also work for spoofing. Make sure that your timeserver has a good enough holdover oscillator for your timing requirements. My philosophy is that spending money on a good oscillator is well worth it. It helps protect your timing system not just from GNSS jammers and spoofers, but from any kind of damage to or failure of your GNSS antenna, cable and receiver. Spoofing from a small software controlled radio will be local, so getting time from different physical locations gives you a backup source of time. This could include using GPS down converter and fiber optic cable as I discussed in the last post, or getting time from another timeserver at a nearby (But not too near) locations via PTP. Lastly anti-jamming GNSS antennas, which block signals from ground levels are likely to defeat many spoofers, since they are also likely to be ground based.
Unlike jamming, before your time server can go into alarm and holdover, or switch another source of time, it has to know that it is being jammed. One way to do this with a smart algorithm which detects the telltale traces of spoofing, like Meinberg’s Trusted Reference Source algorithm, depicted in Figure 2.
The TRS algorithm detects unexpected time steps and ramp errors, sounds an alarm and puts the clock in holdover. The local oscillator must be one with very low frequency drift, so that it can detect even a slow ramp error. Meinberg uses a Rubidium oscillator. A side benefit of this type of scheme, is that the step error or ramp error does not have to be due to GNSS spoofing. The error could be due to some other failure in the GNSS antenna, cable, receiver system.
If you have any questions about packet timing, don’t hesitate to send me an email at doug.arnold@meinberg-usa.com, or visit our website at www.meinbergglobal.com.
If you enjoyed this post, or have any questions left, feel free to leave a comment or question below.