Protecting GNSS Open Service Navigation Message Authentication Against Distance-Decreasing Attacks

As the security of global navigation satellite systems (GNSSs) for civilian usage is increasingly important, navigation message authentication (NMA) significantly improves resilience to spoofing attacks. However, not all attacks can be effectively countered: a strong variant of replay/relay attacks, distance-decreasing (DD) attacks, can shorten pseudorange measurements, without manipulating the cryptographically protected navigation message, thus manipulating the position, velocity, and time solution undetected. First, we discuss how DD attacks can tamper with GNSS signals, demonstrating the attack effectiveness on a recorded Galileo signal. DD attacks might introduce bit errors to the forged signals, but the adversary can keep this error rate very low with proper attack parameter settings. Then, based on our mathematical model of the prompt correlator output of the tracking phase at the victim receiver, we find that the correlator output distribution changes in the presence of DD attacks. This leads us to apply hypothesis testing to detect DD attacks, notably a goodness-of-fit (GoF) test and a generalized likelihood ratio test (GLRT), depending on the victim’s knowledge on the DD attacks. Monte Carlo simulations are used to evaluate the detection probability and the receiver operating characteristic curves for two tests, for different adversary configuration and noise settings. Then, we evaluate the effectiveness of the GoF test and the GLRT with a synthesized DD signal. Both tests can detect DD attacks with similar performance in high-signal-to-noise-ratio (SNR) environments. The GLRT detection probability is approximately 20% higher than that of the GoF test in low-SNR environments.


I. INTRODUCTION
A multitude of applications and emerging systems, such as autonomous vehicles, unmanned aerial vehicles and intelligent transportation systems, rely on civilian global navigation satellite system (GNSS) signals for position, velocity, and timing (PVT) services. However, civilian GNSS signals are vulnerable to spoofing attacks, because of their public signal structures and predictable navigation messages. Researchers have demonstrated that one can build a GPS spoofer with dual frequency at a cost of $250-$400, based on a Raspberry Pi and a software-defined radio (SDR) [1], [2].
Significant work has been done on proposing countermeasures. One approach is to augment the GNSS receiver, in order to detect attacks. Some researchers propose to detect the presence of an attacker with abnormalities of the received signal strength, e.g., through monitoring the automatic gain control (AGC) level [3], [4] and received power monitoring [5]- [7]. Moreover, a properly designed receiver can determine signal arrival angles with especially designed antennas [8]- [10], because adversarial signals are usually transmitted from a same device/antenna. Comparing GNSS measurements with additional positioning information, e.g., from an inertial navigation system, to detect the replaying/spoofing attacks [11]- [14] was also proposed. Moreover, the detection based on GNSS-attack-induced clock drift can be used to limit the extent of adversarial manipulation [5], [6], [15]. Receiver autonomous integrity monitoring can also detect attacks, by checking the consistency of receiver positions calculated based on subsets of all available satellites, being effective when the adversary attacks a subset of available satellites [16]- [20]. The authors of [21]- [25] propose to monitor the signal quality by statistically testing the symmetric character of early correlator E and late correlator L or extra-correlator pairs.
Another approach is to enhance the GNSS system infrastructure, providing security features, notably signal authentication/encryption and navigation data authentication/encryption [26]- [31]. Military signals use signal encryption and/or navigation data encryption to restrict the access to the signals [32]- [34], e.g., the GPS M-code signals, the Galileo Public Regulated Service signals, and the BeiDou authorized signals. The European GNSS Agency developed and begun testing the civilian Galileo Open Service Navigation Message Authentication (NMA), to thwart spoofing attacks, with cryptographic message authentication code (MAC) [35], [36].
However, authenticated signals, in particular NMA, cannot alone effectively protect receivers from replay/relay attacks, including classic replay attacks, e.g., meaconing [37], security code estimation and replay (SCER) attacks [28], forward estimation attacks (FEAs) [38], [39], and distancedecreasing (DD) attacks [40], [41]. The SCER attack estimates authenticated data or secret code and generates a spoofed signal with a small or zero delay. While the FEA exploits the redundancy in the authentication message introduced by the forward error coding, to guess parts of the message, even prior to its transmission. DD attacks, first introduced in [42], are physical layer attacks against secure ranging and distance-bounding protocols. Their feasibility and effectiveness against ultrawide band [43]- [46] and chirp spread spectrum [47] systems was analyzed first. In the GNSS context, even with cryptographic protection in place, DD attacks can still decrease pseudorange measurements in real time.
DD attacks can be seen as a sophisticated replay/relay attack [15], adding, essentially, to a record-and-replay attack [37], the ability to perform real-time record and replay and to reduce the perceived satellite-receiver distance. The DD adversary needs a receiver and a transmitter that are interconnected. The adversarial transmitter (ATX) emits an adversary-chosen bit/symbol value before the adversarial receiver (ARX) has the corresponding value(s) transmitted by the satellite(s). Unlike legitimate receivers, the adversarial receiver seeks to estimate early each bit/symbol, i.e., using only a fraction of its duration. It can then relay this estimated (early detected) value to the ATX, which, in turn, can adjust its transmission to ensure that the legitimate receiver under attack obtains the value originally transmitted by the satellite. This is crucial to avoid data alteration and, thus, detection based on the cryptographic protection. The adversary's gain is the mistakenly early arrival of the signal at the victim receiver: due to the early detection (ED) and the in parallel initiated bit/symbol transmission, the legitimate receiver perceives the adversarial signal arrival to be earlier than the arrival of the actual signal. This allows the adversary, performing the attack for the entire navigation message, to reduce the computed pseudorange by an amount that corresponds to a fraction of a bit/symbol. Zhang and Papadimitratos [41] investigated how DD attacks can be launched, with differing consequences on different GNSS signals. A preliminary result on countermeasure against the DD attacks is provided in [48]. The literature did not investigate in detail how effective DD attacks can be against modern civilian cryptographically protected signals and did not extensively evaluate the detection power at various adversary setups. Another question is how and how much we can improve the detection method. These are the gaps this work seeks to address.
More specifically, in this article, we contribute: 1) an investigation of the effectiveness of DD attacks against Galileo E1 OS signals in different noise environments; 2) the design of statistical tests, based on the prompt correlator outputs of the victim receiver, as countermeasures; and 3) the evaluation of the countermeasures with Monte Carlo simulation and with a synthesized Galileo signal. The statistical tests rely on the nature of the attack, notably the fact that the adversary-chosen value in the DD signals significantly affects the amplitude of the prompt correlator output: the correlator output follows a normal distribution in the absence of attacks, but not so in the presence of a DD attack. A Shapiro-Wilk test [49] tests normality of the correlator output, or the generalized likelihood ratio test (GLRT) [50] examines the ratio of likelihood of legitimate signals and likelihood of DD signals. We find that the two tests can effectively detect the DD attacks even in noisy environments when the adversary wants to shorten a large pseudorange measurement.
The rest of this article is organized as follows. Section II introduces the DD attacks on GNSS signals and details the adversary model. Section III demonstrates the performance, i.e., symbol error rate, of the receiving component of DD attacker on the Galileo E1 OS signals, and illustrates the correlator outputs of the victim receiver. Then, Section IV provides the mathematical model for attack detection and the design of two tests for the DD attack detection. It also presents the Monte Carlo simulation results of the tests, followed by detection results on a synthesized signal. Finally, Section V concludes this article.

II. ADVERSARY MODEL
The adversary is equipped, similarly to replay/relay/meaconing attackers [37], [51], with one or more radios that transmit GNSS signals the adversary wishes to manipulate. We term this the ATX. Unlike the replay of GNSS signals, which can be recorded over a period of time and then replayed by the ATX, the DD attack acts in real time, relaying GNSS signals received by an adversarial receiver (ARX) and passed to the ATX.
Section II-A explains how a DD attack is mounted in two stages, two adversarial components acting in unison: the "ED" running on the ARX, elaborated in Section II-B, and the "late commit (LC)," running on the ATX, as per Section II-C. Essentially, one or more satellite signals are received and early detected by the ARX, with the information passed over a fast link to the ATX, which has already initiated and adjusts accordingly an LC transmission. The sought result is to mislead the victim receiver that the pseudorange measurements are shorter than that they actually are. This, in turn, allows the manipulation of the computed position and time offset by acting solely at the physical layer, without any modification or guessing of the cryptographically protected parts of the navigation messages.
DD attacks are essentially an enhancement that allows such selective manipulations of authenticated signals/messages. They extend, or enhance from the adversarial viewpoint, replay/relay/meaconing attacks. For the simplified record-and-replay attack [37], let us consider two cases.
1) The adversary cannot manipulate each signal separately, using only one receiving antenna (and one transmitting antenna). The victim receiver would compute its position to be the same as the position as the adversarial recorder and an erroneous clock offset, thus, false time. The DD attack is more potent than this type of the record-and-replay attack: it can manipulate each signal individually and reduce the perceived honest transmitter (HTX)-honest receiver (HRX) signal propagation delay.
2) The record-and-replay attacker is equipped with multiple antenna elements, which can isolate each signal individually. This attack type would be closer to the DD attack but still would lack the ability to reduce the perceived HTX-HRX signal propagation delay, which can offer finer-grained attack options (control of the victim PVT solution) and compensate the recorder and the replay latency; it eventually allows real-time record and replay.
Mounting a DD attack is orthogonal to the method chosen or needed for the ATX-sent LC signals to be received by the victim receiver, in lieu of the legitimate signals. The ATX can either transmit higher power DD signals that overshadow legitimate signals, so that the victim receiver locks on DD signals, or jam the victim and then transmit its DD LC signals [15], or implement a takeover attack [52]. The choice of action subjects to considerations pertinent to any spoofing attack and receiver possible reactions.
The exposition in Sections II-B and II-C will reveal the DD-specific considerations and how the adversary would need to act toward maximizing its chance to succeed with the DD attack, which is precisely meant to stealthily manipulate, as per the adversarial needs and in real time, pseudorange measurements. We emphasize that the DD-capable adversary is assumed to be cognizant of the DD-specific countermeasures in place, any potential countermeasure and notably those developed and evaluated in Section IV. The same is true in general, for countermeasures and receiver functionality that can mitigate (e.g., detect and/or reject) adversarial signals irrespective of the DD design. We do not dwell on the general-purpose countermeasures, but provide a discussion.
Overall, our adversarial model does not constrain the knowledge of the adversary in terms of countermeasures in place. Put differently, the countermeasures developed in Section IV do not rely on "security by obscurity." In fact, based on the evaluation in Section IV, an attack variant seeking to defeat the known DD countermeasure is identified. Our DD attack formulation is per signal and per pseudorange measurement, and it generalizes to multiple signals. It can further generalize to multiple ATX and ARX devices, as the sophistication and complexity of the attacker grows.
A. DD Attacks DD attacks are physical layer attacks, illustrated in Fig. 1(a), aiming at shortening time-of-flight-based distance measurements, between an HTX and an HRX. To achieve intended manipulation, the adversary needs to act in two phases, with distinct components: 1) ED at the ARX and 2) LC at the ATX. The ATX starts transmitting signals based on an adversary-chosen bit/symbol value during T LC period. When the ARX receives the data from the HTX, it estimates the data value only based on the early fraction of the bit period, T ED . Hereafter, the ARX informs the estimated value to the ATX. Upon receipt, the ATX switches the transmission of the adversary-chosen value to the estimate. In consequence, the DD signal appears as if it arrives a time T DD earlier than the legitimate HTXoriginating signal at the HRX, thus shortening the measured distance between the HTX and the HRX by T DD · V C . Here, T DD = T LC − T ED − T d and V C is the speed of light, with T d being the delay introduced by the attacker, including processing and transmission time, at the ARX and the ATX and their communication.
The adversary deploys a pair of ARX-ATX for each targeted signal, as shown in Fig. 1(b). The ARX estimates the symbol value within the T ED period and sends the estimated data value along with other signal parameters to the ATX. The ATX assembles new signals based on the ARX-provided values and sends the assembled signals to the HRX. More specifically, the ARX and the ATX can be located on the same hardware platform or can be connected across a dedicated high-rate data link; then, the communication delay between them is negligible, compared to data bit length of the GNSS signals, e.g., Galileo E1 OS symbol length is 4 ms. However, each ARX does not have to be a dedicated hardware receiver. The ARX could be a processing thread/channel operating on each satellite signal with ARXs sharing one receiver antenna. The same is true for the ATX. Undoubtedly, a sophisticated DD attacker can have multiple distinct ARX and/or ATX devices. An advantage, for example, of having multiple antennas is that the adversary would be able to imitate the arriving angles of received signals at the HRX as if they originate from different satellites.
As discussed in the beginning of this section, DD attacks offer more flexibility from the adversarial viewpoint, compared to simple record-and-replay attack [53]. Without elaborating on this here, we discuss briefly how DD attacks can be used by the adversary. A GNSS receiver position can be obtained with where Y is the pseudorange measurements, H is the observation matrix, X is the receiver state, including the 3-D coordinates and the clock offset, and v is the noise. Let the adversary-reduced shift of the victim receiver be X , from its true state, more specifically X = ( x, y, z, t ). If x = y = z = 0 and t = 0, the attack would be a synchronization attack, which only shifts the clock of the victim. Otherwise, for any or all of x, y, and z not being zero, the attack modifies the position of the victim receiver too. Then, the adversary can estimate how much each pseudorange measurement it can modify to achieve this goalˆ T is a vector of pseudorange measurement changes corresponding to the n available signals. Based on this, the adversary can decide how to configure T LC and T ED to obtain the required change on each pseudorange measurement with , assuming that T d is known to or under the control of the attacker. Moreover, the adversary could lengthen the pseudorange measurement if needed, by making T DD < 0 by choosing proper T LC and T ED .

B. ED on GNSS Signals
The signals transmitted by the satellites are written as where P 0 is the power of the signals, k is the satellite index, f is the signal frequency, and g(t ) is a function of spreading sequence and data bits. At the ARX, the received signals at baseband can be written as where P is the received signal power, τ is the time delay, f d is the Doppler frequency, φ is the carrier phase, and N (t ) is the Gaussian noise. The ARX, similarly to any legitimate receiver, has information on the signal modulation and navigation message format, including the preamble code. Each ARX first needs to lock on the satellite signal it wants to attack, so that the attacker has a precise estimate of the signal parameters.
With those precise estimates, the ARX can estimate the symbol value with coherent demodulation [54] by multiplying R(t ) with the local carrier wave and spreading code, without loss of generality, for satellite 1: where PN 1 is the pseudonoise sequence of satellite 1.
By integrating x p (t ) over ED period T ED , we obtain where S is the desired content of the decision statistic that is used to determine bit value, and ζ is a random variable, representing both environment noise and multiple access interference (MAI) from other spreading code sequences [55], [56]. We have where b is the bit value.
Considering K available satellite signals in total, without loss of generality, the MAI for the first signal, k = 1, from the remaining ones can be written as follows: where τ and φ are modeled as two independent uniformly distributed variables, over [0, T b ] and [0, 2π ], respectively. Thus, MAI is a random variable with zero mean and variance [57] Var{MAI} = NT 2 where T c is the chip length and N is the number of chips over ED period.
Therefore, the bit error rate, while considering noise and MAI, is written as [57] where N 0 /2 is the two-sided power spectral density of the Gaussian noise in ζ .

C. LC on GNSS Signals
The ATX can be positioned in a way that is best for transmitting the adversarial signals to the HRX; for instance, the ATX having a good view of the HRX and/or being close enough to the HRX in order to relatively easily achieve, for example, similar reception power to that of authentic signals, allowing the ATX to adjust its transmission power and other parameters accordingly.
In the LC phase, the adversary adopts different approaches to craft the DD signals. In [41], four different approaches were discussed, on how to craft the transmitted signals for each bit/symbol/chip. Take an example of the Galileo E1 OS signals; the choices that can be applied are: 1) the adversary-chosen part for each symbol is a fixed value, +1 or −1, and 2) the adversary-chosen part is the same value as the last symbol that has already been decoded.
The signal assembled by the ATX for each symbol is written as where f 1 (t ) is a function of the adversary-chosen symbol value, spreading code, and carrier wave, and f 2 (t ) is a function of the ARX-estimated symbol value, spreading code, and carrier wave. As the second part of each symbol, f 2 (t ), is the one that needs to essentially convey the estimation of the actual HTX value as estimated by the ARX, so the accumulated energy by the HRX should be dominated by the second part in order to correctly decode the symbol. Therefore, we have which is rewritten as Therefore, the adversary can configure A 1 and A 2 properly to allow higher T LC , so that the ARX has more flexibility to set T ED and higher effect on T DD , due to In order to force the HRX lock on DD signals, the adversary can either jam the reception of legitimate signals, then transmits the DD signals, or implements a smooth takeover attack, but the latter is difficult in practice. Therefore, with a jamming attack, the HRX loses its tracking on legitimate signals and then tries to do satellites re-acquisition. A within-symbol transition is not allowed for satellite acquisition, which must be considered while crafting the DD signals. The adversary can solve this challenge by starting assembling the DD signals from the preamble code [58], [59], since the preamble code is known publicly. Hence, the preamble code is transmitted correctly without a withinsymbol transition. Then, the victim receiver will acquire and lock on the DD signals successfully.
Finally, the signals arriving at the HRX can be written as where the terms with DD subscript are for the assembled DD signals, otherwise for the authentic signals. τ DD = τ − T DD indicates that the DD signals arrive T DD earlier than the authentic signals.

III. DD ATTACK EFFECTIVENESS
As the European GNSS Agency is testing the Galileo E1 OS NMA service, we conduct experiments on the Galileo E1 OS signals in this article. Composite binary offset carrier (6, 1, 1 11 ) modulation is used in the Galileo E1 OS signals, which consists of two components: 1) the data component on channel B and 2) the dataless component on channel C. The composite signal, i.e., g(t ) in (15), can be written as [58] where D(t ) is the data message, C E 1B (t ) and C E 1C (t ) are ranging codes for channels B and C separately, sc X,s (t ) = sgn(sin(2πR X,s t )) is the subcarrier, with rate, 138 MHz, α = √ 10/11, β = √ 1/11, and the composite signal is modulated on a carrier wave for transmission.
Based on the navigation message structure of the Galileo E1 OS signals, each nominal page of the data message is illustrated in Fig. 2 [58]. One proposal for NMA in Galileo E1 OS signals is to have 40 bits of the "Reserved 1" field assigned for the MAC and keys [36]. The convolutional encoding for all data pages is performed with coding rate 1/2, and the resultant symbols are written as D(t ) in (15). These symbol values are the "targets" that the ARX tries to estimate during the ED phase, as presented in (5).
The digitized RF signal we used for the evaluation is recorded by NT1065_USB3 [60] after the receiver frontend, with four Galileo E1 satellite signals: PRN [3,5,9,22]. We developed a software receiver, based on [61], for the Galileo E1 OS signal and its message structure [58]. In the Galileo software receiver, we define two more correlators, Very Early (VE) and Very Late (VL), in addition to the three correlators in the GPS software receiver in [49], Early (E), Prompt (P), and Late (L), to avoid tracking a local maximum instead of a global maximum of the cross-ambiguity function [61], [62].
We synthesize the attack signals as follows: the ARX locks on to one signal; then, the adversary starts assembling the DD signal at the ATX with an adversary-chosen symbol value. After T DD , the ARX starts ED on the received signal over period T ED . Then, the ARX conveys the estimated parameters to the ATX. Hereafter, the ATX switches to transmitting the estimated value from the ARX. Finally, the mixture of the crafted signal and original signals is fed to the HRX.
The error probability of the ED phase is first evaluated for different signal-to-noise ratio (SNR) and T ED . Since there is only one SNR value for each recorded signal, so we add simulated Gaussian noise with desired power to the signal during T ED to manually change the signal SNR for the sake of evaluation. Consequently, the error probability of the ED phase can be evaluated based on a large range of SNR not present in the recorded signals.
In the dataset, the estimated carrier-to-noise ratio, notably C/N 0 , of the signal is 47 dB · Hz [dark blue line in Fig. 3(a)]. Together with the true C/N 0 , Fig. 3(a) shows the synthesized noise environment, C/N 0 = 31 ∼ 45 dB · Hz, by adding the corresponding noise. The SNR at the tracking output is calculated based on the synthesized C/N 0 [63] C/N 0 (dB · Hz) = SNR(dB) − 10log 10 (T coh ) (16) where T coh is the coherent time, which is T ED for the ED phase. In Fig. 3, specifically in Fig. 3(b), we see the theoretical symbol error rate as per (10) as a function of C/N 0 , which can be converted to the SNR with the help of (16). As shown in Fig. 3(c), the ED performance, i.e., symbol error rate, at the ARX matches the theoretical results in the synthesized noise environment.
This provides the adversary a guidance about the choice of a proper T ED based on its environment. A low T ED is preferable, because it gives a wide range of choice for T LC and T DD , given T DD = T LC − T ED − T d . However, the ED phase introduces unnegligible symbol errors with a low T ED in a noisy environment, e.g., T ED < 700 chips at C/N 0 = 38 dB · Hz, as shown in Fig. 3(c). In Fig. 3(b) and (c), the lowest value in the y-axis represents zero symbol error rate. It requires higher T ED to avoid introducing symbol errors in noisier environment, C/N 0 < 38 dB · Hz. Thus, the adversary needs to set a higher T LC accordingly; in consequence, it requires the ATX to transmit the second part of the DD signal with a higher power, which can be a clear indication of an attack. Therefore, deployed at an open location to achieve high C/N 0 , e.g., C/N 0 > 45 dB · Hz in Fig. 3(b) and (c), the ARX can attain almost zero symbol errors even with a low T ED .
In the simulation, the ATX assembles the first ten symbols with the preamble code, i.e., 0101100000, of the signal, allowing the HRX to acquire the DD signals correctly. The preamble code occurs every 2 s for the Galileo E1 OS signals; therefore, the attacker has exact information about when the next preamble code will come; thus, the ATX can start assembling the DD signals T DD ahead of the actual preamble code reception time. Fig. 4 illustrates how the five correlator outputs perform at the HRX with different synthesized noise environment. The parameters for this illustration example are: T LC = 1522 chips and A 2 /A 1 = 6.5 (12). In Fig. 4(a) and (b), the left corner plot is I-Q (in-phase and quadrature) prompt plot that represents symbol binary value constellation; the top right corner plot gives the in-phase prompt correlator output, i.e., I P ; the bottom plot is the correlation results of the five correlators, which shows that the power of the prompt correlator is much higher than that of other correlators when the receiver is locking on the signals. When the receiver has low SNR, as presented in Fig. 4(a), the DD signal gives similar correlator outputs as a legitimate signal. However, with a high SNR, as shown in Fig. 4(b), there is a clear separation of the in-phase prompt correlator output, due to that the adversary needs to transmit some predefined value before obtaining the estimation from the ARX. This is also the motivation of our proposed countermeasure presented in the next section.

IV. THWARTING DD ATTACKS
The main observation of (11) is that the DD attack signal has a special feature that can be used to counter the attack: the transition within each symbol. The reason is that in the LC phase of a DD attack, each symbol has two independent parts, i.e., a within-symbol transition that is not present in a legitimate signal. Therefore, we can design a statistical test to examine the DD attack in a GNSS receiver with a software patch, providing a real-time countering solution.

A. Mathematical Model for Attack Detection
During the tracking phase in a GNSS receiver, the input signal is multiplied with a locally generated spreading code and carrier wave. Then, the result, x(i), goes through a lowpass filter and is integrated over period T int , which finally yields the outputs of different correlator, e.g., I P and Q P for prompt correlators.
For legitimate signals, the in-phase arm of the prompt correlator, i.e., I P , of the HRX provides energy integration over period T int , same length as the symbol period, i.e., T b . With precise estimate of carrier phase and code delay, multiplying the received legitimate signal with local spreading code and carrier wave, we have the following sampled output: is the local spreading code, cos(.) is the local carrier wave, and T s = 1/ f s is the sampling interval.
Accumulating the sample energy, we have the accumulator output, for symbol n: where b is the data value: {+1, −1}, and N 0 is the Gaussian noise. Therefore, I 0 P , representing legitimate signals, follows a normal distribution where we define E = P 2 · f s · T int , and I 0 P + and I 0 P − represent positive and negative elements of I 0 P , separately, which give +1 and −1 soft decision of the symbol value, respectively.
With the DD signals, i.e., S ATX in (11), we have where u(t ) is the unit step function. By accumulating the energy over T int , for symbol n, we have (21) where b pre is the adversary-chosen symbol value, and A is the amplitude ratio of the two parts within each symbol [as defined for (11)] Therefore, I DD p follows where b = +1 or − 1 is the true symbol value. If b pre is chosen based on approaches in Section II-C and b is assumed being generated by a binary signal source, then b pre has 50% probability to be b or −b; therefore, I DD p has equal probability to follow either distribution in (23).
Specifically, for b = +1, we have which clearly presents the difference while comparing with I 0 P + in (19). The difference between means of the two normal distributions in (23) is which shows that the distance between two normal distributions depends on T LC . The bigger T LC is, the easier the DD signals can be detected. Assuming that the phase noise is negligible, the local generated carrier is perfectly aligned with the received signals, so that the noise power in the quadrature arm is same as the noise power in the in-phase arm. Therefore, the parameter of the noise, N i ∼ N (0, σ 2 i ) i = {1, 2}, can be estimated through the quadrature arm of the prompt correlator, Q P . For the samples of the quadrature arm, when we multiply S ATX with locally generated code and carrier wave, we obtain Same as the in-phase arm, x Q P (i) is fed to a low-pass filter, and then, its energy, Q P , is accumulated over T int . And by assuming that x Q p (i) are uncorrelated with E {x Q p (i)} = 0, Q P can be used to estimate the noise power with the following: Applying (26) to (27), we can get the variance of Q P for cases when b pre = b and b pre = −b in (28), shown at the bottom of this page. We see that the variance of Q P is higher if b pre = b, compared to b pre = −b. This explains the difference between two pair of eyes in the I-Q plot of Fig. 4(b): the variance of Q P of the two outside eyes, drawn for case b pre = b, is higher compared to that of the two inside eyes, drawn for case b pre = −b.

B. Designing Hypothesis Tests
Depending on whether the HRX has knowledge about the special feature, i.e., within-symbol transition, of the DD attacks, one can design different tests to detect the attacks.
1) Without Knowledge of DD Signals: Without the knowledge of the DD attacks, the HRX can design a test with the following hypothesis: Null hypothesis: Alternative hypothesis: where μ 0 is and σ 2 are unknown. Without prior information about the attacks, the HRX can only test whether the correlator output follows a normal distribution or not, referring to (19) and (29). For such circumstances, we design a goodness-of-fit (GoF) test to detect the existence of attacks. The Kolmogorov-Smirnov test, the Anderson-Darling test, the Shapiro-Wilk test, and the Chi-squared test are typically used for GoF testing [64]. The Chi-squared test is used for categorical data that is not our case, and in [65], it was found that the Shapiro-Wilk test has the best power for a given significance level compared to where x (i) is the ith-smallest value in the sorted data samples (order statistics),x = (x 1 + · · · + x n )/n is the sample mean. The coefficients, a i , are (a 1 , . . ., a n ) = m T where m = (m 1 , . . ., m n ) T is the vector of expected values of the order statistics of independent and identically distributed (i.i.d.) random variables sampled from the standard normal distribution, and V is the covariance matrix of those order statistics.
2) With Knowledge of DD Signals: If the HRX has the knowledge, i.e., within-symbol transition, of the DD attacks and wants to detect the attacks based on that I DD P is a combination of two different Gaussian distribution, referring to (23), one can design a hypothesis test as Null hypothesis: where μ i and σ 2 i , i = 0, 1, 2, are unknown, K = 2 indicates two components, and φ i is mixture weight with K i=1 φ i = 1. More specifically, the alternative hypothesis is that I P follows a Gaussian mixture model [66].
Given the null hypothesis in 31, I P follows the distribution which can be written in the same format as the alternative hypothesis For the alternative hypothesis, I P follows the distribution where the two components have different mean and variance. Therefore, given a model f ( Thus, a GLRT [67] can be used with the test statistic = lik max (μ 1 = μ 2 , σ 2 1 = σ 2 2 ) lik max (μ 1 = μ 2 , σ 2 1 = σ 2 2 ) where lik(.) is the likelihood function, i.e., with i.i.d. I P samples, like(μ 1 , μ 2 , σ 2 1 , σ 2 2 ) = N i=1 f (I P,i |μ 1 , μ 2 , σ 2 1 , σ 2 2 ), and η is the threshold that is calculated given significance level-α: The numerator of (36) is maximized when I P follows a normal distribution, and the denominator is maximized when I P follows a Gaussian mixture model with two components. For the null hypothesis, we know that the maximum likelihood estimation of μ i=1,2 and σ 2 i=1,2 iŝ For the alternative hypothesis, there are five parameters to be estimated. Given a series of observations, x 1 , . . ., x N , of the normal mixture model, we have the joint probability distribution of x 1 , . . .x N : where f (x i |μ 1 , μ 2 , σ 2 1 , σ 2 2 ) is derived from (34) by replacing I P with x i . Thus, the probability distribution can be rewritten as which is the likelihood function to estimate φ 1 , μ i=1,2 and In order to find the maximum likelihood estimates, we set the first derivative of the natural logarithm of the likelihood function to zero where the solution for φ 1 , μ i=1,2 , and σ 2 i=1,2 cannot be obtained analytically. The most popular method to find the maximum likelihood estimate is through the expectationmaximization algorithm [68]- [71], which iterates between an expectation (E) step, which builds an expectation function of the log-likelihood evaluated using the current estimate of the parameters, and a maximization (M) step, which computes parameters maximizing the expected likelihood function at the E step. The estimated parameters are used to calculate the posterior probability of the latent observations in the next E step.

C. Parameters for Test Evaluation
In order to effectively evaluate the performance of the tests, we conduct simulations with parameters in (19) and (23) based on certain constraints. On the one hand, the attacker needs to transmit DD signals with power larger than the legitimate signals. On the other hand, the power of DD signals should not be too high since high power is also an indication of attack. Another parameter is T LC , which has a constraint: Therefore, we consider the following settings for the DD signals for the evaluation: 1) 1 < P DD /P Legitimate < 10; 2) T LC ≥ 1 ms, i.e., 1023 chips for Galileo E1 OS signals.
Based on (23), we know that when b pre = −b and We know that the signal power with b pre = −b is lower than that with b pre = b, so we let the lower power of I DD P satisfy P low which yields Then, we let the higher power of I DD P , i.e., when b pre = b, satisfy which, given A > 1, provides Based on (45) and (47), we have which provides the bound of T LC T int , constrained by signal power.  In particular, if the adversary attacks Galileo E1 OS signals, with T LC ≥ 1 ms, i.e., T LC /T int > 1/4, as the lower bound of T LC /T int , we can bound where T int = 4 ms for Galileo E1 OS signals.
REMARK Note that the Galileo E1 OS signals are not the only signals that the DD signals can be applied to. Moreover, the T LC value varies based on choice and objectives of the adversary and the length of T int for different GNSS signals. Fig. 5 is plotted based on the relation between A and T LC /T int , i.e., (49), where there is a range of T LC /T int corresponding to each A. With these constraints, we can see that the allowable T LC /T int is small when A is set to be a small value, and the adversary can define a larger T LC , in order to shorten higher pseudorange measurements, by setting a properly large A.

D. Monte Carlo Results
We first use the Monte Carlo method to evaluate the detection performance of the Shapiro-Wilk test and GLRT on the DD signals for the theoretical results. The simulation setup is illustrated in Table I, where 2 × 10 7 data samples are generated following the distribution of (19) and (23), separately, and the significance level is set to be α = 0.01 for detection probability evaluation. With help of Fig. 5 The simulation results show the power of the Shapiro-Wilk test, i.e., the detection probability, for different T LC , as a function of SNR, shown in Fig. 6(a). We can see that the detection probability starts approaching to 100%, when SNR ≥ 14 dB, for T LC /T int = 0.494, e.g., T LC = 1.976 ms for Galileo E1 OS signals. With high SNR, e.g., SNR > 22 dB, the detection probability can reach 100% with very low T LC , T LC /T int = 0.25, e.g., T LC = 1 ms for Galileo E1 OS signals. Thus, the Shapiro-Wilk test is a powerful test against the DD attacks. Moreover, we see that when the adversary attempts to shorten higher pseudorange measurements, i.e., attempt a longer T LC , the Shapiro-Wilk test can detect the DD attacks even with very low SNR. For instance, the simulation shows that the detection probability approaches 100% with T LC /T int = 0.7136, i.e., T LC = 2.854 ms for Galileo E1 OS signals, even when SNR = 10 dB. Essentially, one confirms that the more aggressive, the more impact the adversary attempts to be, i.e., the higher T DD is, the higher T LC is, the more likely to be detected. Moreover, Fig. 6(b) shows the power of the GLRT against DD attacks when the significance level is 0.01. We can see that the GLRT is also very powerful on detecting the DD attacks when T LC /T int > 0.494, at low SNR, i.e., SNR = 14 dB, which is similar to the GoF test. And the detection performance is also good, almost 90%, when T LC /T int > 0.372 at SNR = 16 dB. Overall, the longer T LC is, the larger the adversarial pseudorange measurements decrease, and thus the easier to detect the attacks. For a particular case when T LC /T int = 0.372, i.e., T LC = 1.488 ms for Galileo E1 OS signals, the adversary has a very narrow space to shorten pseudorange measurements due to T LC > T ED + T d ; however, the GLRT can still provide 100% detection probability of the DD attacks when SNR > 18 dB.
Looking at Fig. 6(a) and (b) together, we see that the GLRT outperforms the GoF test, with about 20% higher detection probability, for settings that the detection probability is close to 100%. For instance, when T LC /T int = 0.372 and SNR = 16 dB, the detection probability of GLRT is 88%, while it is 71% for the GoF test. We also see that the detection probability is similar for T LC /T int = 0.494 and T LC /T int = 0.616. The reason is that the performance depends on the separation of two normally distributed components. According to [72], the separation of two normal distributions in a mixed data samples can be qualitatively analyzed with where μ i=1,2 and σ 2 i=1,2 are means and variances of two distributions, respectively. The larger D is, the better separation they have. With the settings in Table I . Moreover, the value of D for T LC /T int = 0.494 is slightly bigger than that for T LC /T int = 0.616, which also explains and confirms that the detection probability for T LC /T int = 0.494 is slightly higher than that for T LC /T int = 0.616, even the former has smaller T LC .
As the detection heavily depends on the SNR, a noise generator could be used by the adversary, preferably close to the victim receiver. The adversary can transmit additive noise to reduce the C/N 0 at the receiver, with the SNR at the tracking output decreasing accordingly. Consequently, detection capability degrades due to the adversary-induced low SNR. The procedure, for such an augmented attack, a DD attack with the noise transmitter in parallel, can be as follows: the adversary can estimate approximately the victim receiver's C/N 0 due to its proximity to the receiver; together with a known T LC chosen by the adversary, the adversary can estimate the level of noise to transmit to the victim receiver so that the detection degrades, while the HRX still decodes correctly the DD-crafted symbols. We can term this a "DD with adversarial noise (DD-AN)" attack. However, the DD-AN can be countered by updating the HRXs, to reject or mark as suspicious signals in very low C/N 0 conditions-setting a threshold and flagging the possibility of this variant of DD attack and, consequently, the computed PVT as not trustworthy. This would prevent the success of the DD-AN attack but, of course, would result in converting it, intended to be an attack that manipulates the victims PVT, into flagged suspicious setting and eventually a denial of service (exclusion of signals and no PVT computation).
Furthermore, we evaluate the optimality of the GOF test on detecting the DD attacks based on the receiver operating characteristic (ROC) curves [67], plotting the probability of detection, P D , against the probability of false alarm, P FA , in different settings, as shown in Fig. 7. These ROC curves can be beneficial for both parties: the adversary and the HRX. For instance, if the adversary estimates SNR at the HRX as 18 dB approximately, and the adversary does not want the HRX to detect the attack with high P D and low P FA , then the adversary can design the DD signals around T LC /T int = 0.25. On the HRX side, if the attack detection targets are P FA < 5% and P D > 93% for situations of SNR > 12 dB, the HRX knows that this test can satisfy the targets when T LC /T int ≥ 0.494. If the HRX wants to achieve the targets for lower T LC , the HRX should try to increase the SNR accordingly with different techniques, e.g., adjusting tracking loop filter parameters or adopting a better low-noise amplifier with higher gain and lower noise figure.
Meanwhile, the ROC curves of the GLRT for different SNR and T LC /T int values are shown in Fig. 8. The ROC curves can also serve both adversary and GNSS receiver for their purposes, as discussed for the GoF test. Looking at Figs. 7 and 8, we see that the GLRT outperforms the GoF test slightly at various settings. The reason behind this is that the receiver has prior knowledge about DD attacks, e.g., there are two Gaussian components in the alternative hypothesis. This prior information provides some help in accelerating the testing the hypotheses that the GLRT has better detection performance at low SNR with same T LC settings. Taking T LC /T int = 0.616 as an example, the area under the ROC curve of SNR = 12 dB in GLRT is larger than that in the GoF test. For high SNR, both the GoF test and the GLRT provide very good performance, high or practically 100% probability of detection with very low false alarm probability.
Regarding the effectiveness at low SNR (this is the estimated SNR at the tracking output), in Fig. 6, we see that the countermeasures are not effective when the SNR is lower than 10 dB. With SNR = 10 dB, we can calculate the corresponding C/N 0 , according to (16) C/N 0 = SNR − 10log10(T coh ) = 10 − 10 log 10(4e − 3) = 34 dB · Hz (53) when the coherence time is 4 ms. This C/N 0 is already very small, so the countermeasures work even with these weak signals when T LC is large. But, of course, at higher SNR, the detection performance is better.

E. Test Results on Synthesized DD Attack
Furthermore, we check the detection performance of the two tests, analyzed in Section IV with the help of simulations, now using a synthesized DD signal at a software-defined receiver. The synthesized signal is a DDreplayed version of an original signal recorded with an NT1065_USB3 front-end. The tests proposed in this work are based on examining the distribution of prompt correlator outputs at the victim receiver, not checking any possible symbol errors occurred at the victim receiver/HRX, which actually would be detected due to cyclic redundancy check. Moreover, for an NMA-protected receiver, symbol errors in MAC can be detected by validation with its corresponding key. Therefore, to evaluate solely the effectiveness of the two tests on DD attack detection, we assume that the adversary configures parameters to minimize DD-induced errors, as presented in Section III, so that the ED phase and the ARX-ATX communication provide the ATX with a correct symbol value, the actual value transmitted by the HTX (satellite).
The synthesized attack signal is 110 s long, generated based on (11), with parameters A and T LC /T int set in Table II.  The intermediate frequency DD signal is crafted based on   TABLE II Evaluation Setup of Tests on a Synthesized Signal one satellite signal of the recorded signals. The different noise environments, i.e., SNR, are obtained by adjusting added Gaussian noise and modifying loop noise bandwidth of the tracking phase at the receiver. We implement a detection module at the receiver, which collects 1000 I P samples, i.e., 1000 × 4 ms = 4 s for Galileo E1 OS signals, for each test. It means that the module provides a decision about existence of DD attack to the receiver every 4 s and triggers an alarm when the test is positive. Fig. 9 shows the detection results with the two test methods, from which we can see that when the adversary configures T LC as a small value, e.g., T LC /T int = [0.25, 0.372], both the GoF test and the GLRT cannot detect the crafted DD signal both at low SNR, i.e., SNR = 15 dB. And at reasonably high SNR, i.e., SNR = 22 dB, both the GoF test and the GLRT can detect the crafted DD signal even with the lowest T LC , i.e., T LC /T int = 0.25. Fig. 9. Detection results of synthesized DD signal with GoF (top plot) and GLRT (bottom plot) for two SNR with significance level being 0.01: one detection result every four seconds; "1" indicates that the attack is detected and "0" indicates negative result.

F. Discussion on DD Attack Practicality
In practice, advanced GNSS receivers are equipped with protection methods to thwart spoofing or replay attacks. The adversary may need to consider this while mounting DD attacks. A basic detection method is signal power monitoring or AGC monitoring, which alone is not very strong but certainly a straightforward and effective method. The adversary can defeat this detection method by increasing its adversarial signal power gradually or starting transmitting the DD signals when the legitimate signals are blocked or disrupted, for instance when the receiver enters and exits a tunnel. A use case for NMA is when a user himself is the attacker, for example, to pay less for car insurance [73], transmitting DD signals while exiting a tunnel.
Correlation-based methods, both multicorrelator, e.g., [23], and our proposed method, can detect the DD attacks. The detection results of the correlation-based methods heavily depend on the C/N 0 of the received signals. Therefore, an attacker can transmit additive noise to the victim receiver to lower its C/N 0 of received signals to further degrade the detection results.
Another practical problem is that the ARX and the ATX should have stable and synchronized clocks, so that the attacker can coordinate the ATX transmitting the DD signals prior to the ARX receiving legitimate signals. If the ARX and the ATX are colocated (part of a platform), one clock can be used to synchronize their actions. If the ARX and the ATX are physically distinct, two devices possibly remote; then legitimate GNSS signals can be used to synchronize the clocks of the ARX and the ATX.
DD attacks have a scope limitation, in the sense that not all civilian GNSS signals are vulnerable to them. DD attacks are applicable to the signals that have same symbol length as the primary code, e.g., Galileo E1-B and GPS L2C CM signals. However, DD attacks will provoke a failed bit/symbol boundary detection when the primary code length is shorter than the symbol length, e.g., for GPS L1 C/A and Galileo E5a-I signals. For instance, in GPS L1 C/A signals, each bit is multiplied by 20 spreading codes. Therefore, the adversary-crafted LC signals may include a sign change within the bit period, depending on the early detected value. Consequently, the prompt correlator output would result in a failed bit boundary detection, e.g., based on the histogram approach [74]. In contrast, the Galileo E1-B and GPS L2C CM symbols are multiplied by one primary spreading code, with no need for bit/symbol synchronization, and, thus, not a failure due to the DD (LC) symbol construction.

V. CONCLUSION
In this article, we analyzed the ED and LC phases of DD attacks on GNSS signals. Furthermore, we quantified the ED performance, i.e., bit error rate, at the ARX and showed how the DD signal differs from the legitimate signal at the HRX. And we found that in reasonable, not difficult to implement, setups, the adversary can configure DD attacks to be effective, notably with low (or negligible) error probability and significant margins for reducing pseudorange measurements. Taking the Galileo E1 OS signals as an example, as shown in Fig. 3, the ARX only needs 0.5 ms to achieve almost 0 detection errors with C/N 0 = 40 dB · Hz; thus, with T LC > 2 ms and T d = 1 ms, T DD = T LC − T ED − T d > 0.5 ms, equivalent to shortening 150-km pseudorange measurement.
Based on the tracking performance at the HRX, we presented the mathematical model of the prompt correlator output for the legitimate signals and DD signals, separately. This leads to the countermeasure based on statistic tests against the DD attacks, which are divided into two groups according to the knowledge of the HRX: a Shapiro-Wilk test when the HRX has no knowledge, i.e., within-symbol transition, about the DD attacks and a GLRT when the HRX has the knowledge.
We also provided the theoretical detection results based on our derived model with a Monte Carlo simulation. The results show that detection probability of GLRT is higher than GOF, around 20%, when the detection probability is close to 100%. Then, we gave the detection results with a synthesized DD signal based on a recorded signal, which confirms the theoretical results: the GoF test and the GLRT can detect the DD attack at high SNR even when T LC is as small as T LC /T int = 0.25; both tests cannot detect the DD attack with low SNR and small T LC at the HRX, e.g., SNR =15 dB, with T LC /T int < 0.372.
In future, we plan to implement the DD attacks with SDR and test its effectiveness against a real GNSS receiver in a real environment, an open space with regulation permission or an isolated space.