Space - Use of GNSS-based positioning for road Intelligent Transport System (ITS) - Specification of the test facilities, definition of test scenarios, description and validation of the procedures for field tests related to security performance of GNSS-based positioning terminals

This document regards the test procedures for assessment of robustness to security attacks.
Starting from the definition of security attacks taxonomy and security metrics, this TR aims to:
1. Specify test facilities to be used in the tests of GPBT. This comprises both hardware and software equipment.
2. Define relevant test scenarios applicable to security performances. Also the field test needed for validation of scenarios will be properly described.
3. Define end-to-end test procedures comprising experimental validation of the whole test chain.
The results will benefit to the operational basis of EN16803-3 "Assessment of security performances of GNSS based
positioning terminals".

Spezifikation der Testeinrichtungen, Definition von Testszenarien, Beschreibung und Validierung der Verfahren für Feldtests in Bezug auf die Sicherheitsleistung von GNSS-basierten Ortungsterminals

Espace - Utilisation de la localisation basée sur les GNSS pour les systèmes de transports routiers intelligents (ITS) - Spécification des installations d’essais, définition des scénarios d’essais, description et validation des procédures d'essais sur le terrain en matière de performances de sécurité des terminaux de positionnement basés sur les GNSS

Vesolje - Ugotavljanje položaja z uporabo sistema globalne satelitske navigacije (GNSS) pri inteligentnih transportnih sistemih (ITS) v cestnem prometu - Specifikacija preskusnih naprav, definicija preskusnih scenarijev, opis in ovrednotenje postopkov za terensko preskušanje varnosti terminalov GNSS za ugotavljanje položaja

General Information

Status
Published
Public Enquiry End Date
05-Feb-2020
Publication Date
17-May-2020
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
12-May-2020
Due Date
17-Jul-2020
Completion Date
18-May-2020

Buy Standard

Technical report
SIST-TP CEN/TR 17475:2020 - BARVE
English language
135 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day
Technical report
kSIST-TP FprCEN/TR 17475:2020 - BARVE
English language
135 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST-TP CEN/TR 17475:2020
01-julij-2020
Vesolje - Ugotavljanje položaja z uporabo sistema globalne satelitske navigacije
(GNSS) pri inteligentnih transportnih sistemih (ITS) v cestnem prometu -
Specifikacija preskusnih naprav, definicija preskusnih scenarijev, opis in
ovrednotenje postopkov za terensko preskušanje varnosti terminalov GNSS za
ugotavljanje položaja

Space - Use of GNSS-based positioning for road Intelligent Transport System (ITS) -

Specification of the test facilities, definition of test scenarios, description and validation of

the procedures for field tests related to security performance of GNSS-based positioning

terminals

Spezifikation der Testeinrichtungen, Definition von Testszenarien, Beschreibung und

Validierung der Verfahren für Feldtests in Bezug auf die Sicherheitsleistung von GNSS-

basierten Ortungsterminals
Espace - Utilisation de la localisation basée sur les GNSS pour les systèmes de

transports routiers intelligents (ITS) - Spécification des installations d’essais, définition

des scénarios d’essais, description et validation des procédures d'essais sur le terrain en

matière de performances de sécurité des terminaux de positionnement basés sur les

GNSS
Ta slovenski standard je istoveten z: CEN/TR 17475:2020
ICS:
35.240.60 Uporabniške rešitve IT v IT applications in transport
prometu
49.140 Vesoljski sistemi in operacije Space systems and
operations
SIST-TP CEN/TR 17475:2020 en

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST-TP CEN/TR 17475:2020
---------------------- Page: 2 ----------------------
SIST-TP CEN/TR 17475:2020
TECHNICAL REPORT
CEN/TR 17475
RAPPORT TECHNIQUE
TECHNISCHER BERICHT
April 2020
ICS 33.060.30; 03.220.20; 35.240.60
English version
Space - Use of GNSS-based positioning for road Intelligent
Transport System (ITS) - Specification of the test facilities,
definition of test scenarios, description and validation of
the procedures for field tests related to security
performance of GNSS-based positioning terminals

Espace - Utilisation de la localisation basée sur les Spezifikation der Testeinrichtungen, Definition von

GNSS pour les systèmes de transports routiers Testszenarien, Beschreibung und Validierung der

intelligents (ITS) - Spécification des installations Verfahren für Feldtests in Bezug auf die

d'essais, définition des scénarios d'essais, description Sicherheitsleistung von GNSS-basierten

et validation des procédures d'essais sur le terrain en Ortungsterminals
matière de performances de sécurité des terminaux de
positionnement basés sur les GNSS

This Technical Report was approved by CEN on 7 March 2020. It has been drawn up by the Technical Committee CEN/CLC/JTC

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,

Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,

Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,

Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.
CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels

© 2020 CEN/CENELEC All rights of exploitation in any form and by any means Ref. No. CEN/TR 17475:2020 E

reserved worldwide for CEN national Members and for
CENELEC Members.
---------------------- Page: 3 ----------------------
SIST-TP CEN/TR 17475:2020
CEN/TR 17475:2020 (E)
Contents Page

European foreword ....................................................................................................................................................... 4

1 Scope .................................................................................................................................................................... 5

1.1 Purpose of the document ............................................................................................................................. 5

1.2 Overview of the document ........................................................................................................................... 5

2 Normative references .................................................................................................................................... 5

3 Terms and definitions ................................................................................................................................... 6

4 List of acronyms ............................................................................................................................................ 10

5 GNSS Threats overview .............................................................................................................................. 11

5.1 General ............................................................................................................................................................. 11

5.2 Denial of service: jamming ....................................................................................................................... 11

5.3 Deception of service: spoofing and meaconing ................................................................................. 13

6 Security metrics ............................................................................................................................................ 16

6.1 General approach ......................................................................................................................................... 16

6.1.1 Introduction ................................................................................................................................................... 16

6.1.2 Notes on empirical CDF .............................................................................................................................. 17

6.1.3 ECDF with loss of samples ......................................................................................................................... 19

6.2 Considered metrics ...................................................................................................................................... 22

6.2.1 General ............................................................................................................................................................. 22

6.2.2 Accuracy .......................................................................................................................................................... 22

6.2.3 Integrity ........................................................................................................................................................... 24

6.2.4 Availability and continuity ....................................................................................................................... 28

6.3 Other metrics ................................................................................................................................................. 30

6.3.1 Time To Fist Fix (TTFF) .............................................................................................................................. 31

6.3.2 Excluded metrics .......................................................................................................................................... 31

6.4 Robustness concept: a summary metric .............................................................................................. 32

7 Test approach ................................................................................................................................................ 32

7.1 SDR concept .................................................................................................................................................... 33

7.2 Interference hardware impact ................................................................................................................ 33

7.2.1 General ............................................................................................................................................................. 33

7.2.2 Antenna-LNA .................................................................................................................................................. 34

7.2.3 AGC .................................................................................................................................................................... 34

7.2.4 ADC .................................................................................................................................................................... 34

7.2.5 Digital post-correlation processing ....................................................................................................... 35

7.3 Record and replay choice .......................................................................................................................... 37

7.4 Jamming testing architecture .................................................................................................................. 38

7.5 Spoofing testing architecture................................................................................................................... 40

7.6 File size and scenario length .................................................................................................................... 42

7.7 Hybridization issue ..................................................................................................................................... 43

8 Test scenarios ................................................................................................................................................ 43

8.1 Relevant realistic scenarios ..................................................................................................................... 44

8.1.1 Nominal scenarios ....................................................................................................................................... 44

8.1.2 Clear sky scenario as a special case ....................................................................................................... 44

---------------------- Page: 4 ----------------------
SIST-TP CEN/TR 17475:2020
CEN/TR 17475:2020 (E)

8.1.3 Scenario VS Data set VS Datafile .............................................................................................................. 45

8.1.4 Scenario-management authority ............................................................................................................ 45

8.2 Interference scenarios selection ............................................................................................................. 45

8.2.1 Jamming proposed scenarios ................................................................................................................... 46

8.2.2 Spoofing proposed scenarios ................................................................................................................... 47

8.2.3 Meaconing assessment ............................................................................................................................... 49

8.2.4 Meaconing proposed scenarios ............................................................................................................... 49

9 Test facilities specification ........................................................................................................................ 50

9.1 Data set record testbed............................................................................................................................... 50

9.1.1 General ............................................................................................................................................................. 50

9.1.2 Jamming data generation........................................................................................................................... 50

9.1.3 Spoofing data recording ............................................................................................................................. 54

9.2 Replay testbed ............................................................................................................................................... 55

9.2.1 RF transmitters calibration ...................................................................................................................... 55

9.2.2 Replay testbed schemes ............................................................................................................................. 57

10 End-to-end validation ................................................................................................................................. 58

10.1 Devices under test ........................................................................................................................................ 58

10.2 Nominal scenario recording and validation ....................................................................................... 60

10.2.1 Nominal scenario recording ..................................................................................................................... 60

10.2.2 Analytical tools .............................................................................................................................................. 63

10.2.3 Nominal scenario validation ..................................................................................................................... 65

10.3 Jamming test results .................................................................................................................................... 73

10.3.1 General ............................................................................................................................................................. 73

10.3.2 Jamming scenarios generation ................................................................................................................ 73

10.3.3 Interferences on AsteRx3 HDC ................................................................................................................. 75

10.3.4 Interferences on Ublox 8 ............................................................................................................................ 92

10.4 Spoofing test results ................................................................................................................................. 106

10.4.1 Spoofing scenario recording .................................................................................................................. 106

10.4.2 Spoofing on AsteRx-3 HDC ...................................................................................................................... 106

10.4.3 Spoofing on Ublox 8 .................................................................................................................................. 110

Annex A (informative) AGC principles and impact ..................................................................................... 115

Annex B (informative) GNSS SDR Format standardization ...................................................................... 118

Annex C (informative) Spoofing insights ........................................................................................................ 120

C.1 General .......................................................................................................................................................... 120

C.2 Range error impact ................................................................................................................................... 121

C.3 Oscillator error impact ............................................................................................................................ 121

C.4 Propagation channel impact .................................................................................................................. 122

Annex D (informative) Noise amplification ................................................................................................... 124

D.1 Theory of noise amplification ............................................................................................................... 124

D.2 Experimental validation.......................................................................................................................... 128

Annex E (informative) Accuracy and continuity simulations ................................................................. 130

Bibliography .............................................................................................................................................................. 135

---------------------- Page: 5 ----------------------
SIST-TP CEN/TR 17475:2020
CEN/TR 17475:2020 (E)
European foreword

This document (CEN/TR 17475:2020) has been prepared by Technical Committee CEN-CENELEC/TC 5

“Space”, the secretariat of which is held by DIN.

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. CEN shall not be held responsible for identifying any or all such patent rights.

---------------------- Page: 6 ----------------------
SIST-TP CEN/TR 17475:2020
CEN/TR 17475:2020 (E)
1 Scope
1.1 Purpose of the document

This document is the CEN Technical Report WP2-D2 of the GP-START project, regarding the test

procedures for assessment of robustness to security attacks.

Starting from the definition of security attacks taxonomy and security metrics highlighted in CEN/TR

17464, this task aims to:

1. Specify test facilities to be used in the field tests. This comprises both hardware and software

equipment.

2. Define relevant test scenarios applicable to security performances. Also, the field test needed for

validation of scenarios will be properly described.

3. Define end-to-end test procedures comprising experimental validation of the whole test chain.

The results will serve as the operational basis for field testing of robustness against security attacks.

1.2 Overview of the document
The outline of the document is as follows:

• Clause 5 provides a review of security metrics, in line with the other deliverables of the project and

in particular with CEN/TR 17465 and CEN/TR 17464.

• Clause 6 consolidates the test approach with respect to jamming and spoofing oriented scenarios.

• Clause 7 provides a definition of relevant test scenarios, applicable to security testing, starting from

outcomes of CEN/TR 17464.

• Clause 8 provides an in-depth discussion regarding test facilities, focusing on both data recording

and replay.

• Clause 9 concludes with a set of real-life tests, for a preliminary end-to-end validation of the

procedures.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

EN 16803-1:2016, Space — Use of GNSS-based positioning for road Intelligent Transport Systems (ITS) —

Part 1: Definitions and system engineering procedures for the establishment and assessment of

performances

ETSI TS 103 246-3, Satellite Earth stations and systems (SES) —GNSS-based location systems — Part 3:

Performance requirements

CEN/TR 17447, Space — Use of GNSS-based positioning for road Intelligent Transport System (ITS) —

Mathematical PVT error model

CEN/TR 17448, Space — Use of GNSS-based positioning for road Intelligent Transport Systems (ITS) —

Metrics and Performance levels detailed definition
---------------------- Page: 7 ----------------------
SIST-TP CEN/TR 17475:2020
CEN/TR 17475:2020 (E)

CEN/TR 17464, Space — Use of GNSS-based positioning for road Intelligent Transport System (ITS) —

Security attacks modelling and definition of performance features and metrics related to security

CEN/TR 17465, Space — Use of GNSS-based positioning for road Intelligent Transport Systems (ITS) —

Field tests definition for basic performances

ISO/IEC 27001:2013, Information technology — Security techniques — Information security management

systems — Requirements
3 Terms and definitions

For the purposes of this document, the terms and definitions given in EN 16803-1:2016,

ETSI TS 103 246-3 and ISO/IEC 27001:2013 apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

• ISO Online browsing platform: available at http://www.iso.org/obp
• IEC Electropedia: available at http://www.electropedia.org/
3.1
attack

attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use

of an asset
3.2
authentification

provision of assurance that the location-related data associated with a location target has been derived

from real signals associated with the location target
3.3
availability
property of being accessible and usable upon demand by an authorized entity
3.4
continuity

likelihood that the navigation signal-in-space supports accuracy and integrity requirements for duration

of intended operation

Note 1 to entry: Continuity aids a user to start an operation during a given exposure period without an

interruption of this operation and assuming that the service was available at beginning of the operation. Related to

the Continuity concept, a Loss of Continuity occurs when the user is forced to abort an operation during a specified

time interval after it has begun (the system predicts service was available at start of operation).

3.5
continuity risk

probability of detected but unscheduled navigation interruption after initiation of an operation

3.6
data

collection of values assigned to base measures, derived measures and/or indicators

---------------------- Page: 8 ----------------------
SIST-TP CEN/TR 17475:2020
CEN/TR 17475:2020 (E)
3.7
electromagnetic interference

any source of RF transmission that is within the frequency band used by a communication link, and that

degrades the performance of this link
Note 1 to entry: Jamming is a particular case of electromagnetic interference.
3.8
integrity

general performance feature referring to the trust a user can have in the delivered value of a given

Position or Velocity component

Note 1 to entry: In this document, this feature is expressed by 2 (two) quantities: the Protection level and the

associated Integrity risk.
3.9
integrity risk

for Positioning terminals providing a Protection level as integrity indicator, refers to the probability that

the actual error on a given Position or Velocity component exceeds the associated Protection level

provided with this quantity
3.10
jamming

deliberate transmission of interference to disrupt processing of wanted signals (which in this case are

GNSS or telecommunications signals)
3.11
level of risk

magnitude of a risk expressed in terms of the combination of consequences and their likelihood

3.12
likelihood
chance of something happening
3.13
localisation
process of determining the position or location of a location target
3.14
performance

measurable result, performance can relate either to quantitative or qualitative findings

3.15
performance class

for a given performance metric, designates a domain delimited by 2 (two) boundaries

3.16
performance feature

a given characteristic used to qualify and quantify the service provided by a system, for example

horizontal accuracy for a Positioning system
---------------------- Page: 9 ----------------------
SIST-TP CEN/TR 17475:2020
CEN/TR 17475:2020 (E)
3.17
performance metric

precise definition of the means of measuring a given performance feature of a given output of a system

Note 1 to entry: An example of accuracy metric can be the median value of an error sample acquired during a

given test following a given protocol.
3.18
protection level

estimation of an upper bound for the error made on a Position or Velocity component (e.g. the plane

position) associated with a given probability called Integrity risk

Note 1 to entry: Like the actual error, this feature can be characterized by its distribution function. The

P ε >< PL I I

protection level PL is upper bound to the position error such that: ( ) , where is the integrity

risk risk
risk and ε is the actual position error.
3.19
Pseudo-Random Noise Code (PRN)

unique binary code (or sequence) transmitted by a GNSS satellite to allow a receiver to determine the

travel time of the radio signal from satellite to receiver
3.20
reference GNSS receiver

in this document, refers to a widely used and off-the-shelf high sensitivity GNSS receiver offering a good

availability and a high sensitivity to the multipath and NLOS phenomena) whose production can be

guaranteed for a long period
3.21
reference trajectory

series of time-stamped positions (and possibly speeds) of a reference point on a mobile object

(test vehicle), produced by a Reference trajectory measurement system
3.22
Reference Trajectory Measurement System (RTMeS)

term used in this document for a measurement means capable of accuracy performances better than at

least one order of magnitude than those of the Positioning terminal being tested
3.23
requirement
need or expectation that is stated, generally implied or obligatory
3.24
robustness

the degree to which a system or component can function correctly in the presence of invalid inputs or

stressful environmental conditions
3.25
security

function of a location system that aims at ensuring that the location-related data is safeguarded against

unapproved disclosure or usage inside or outside the location system, and that it is also provided in a

secure and reliable manner that ensures it is neither lost nor corrupted
---------------------- Page: 10 ----------------------
SIST-TP CEN/TR 17475:2020
CEN/TR 17475:2020 (E)
3.26
spoof/spoofing

transmission of signals intended to deceive location processing into reporting false location target data

3.27
threat

potential cause of an unwanted incident, which may result in harm to a system or organisation

3.28
time-to-alert

time from when an unsafe integrity condition occurs to when an alerting message reaches the user

3.29
trajectory
series of time-stamped positions (and possibly speeds) of a mobile object
3.30
vulnerability
weakness of an asset or control that can be exploited by one or more threats
---------------------- Page: 11 ----------------------
SIST-TP CEN/TR 17475:2020
CEN/TR 17475:2020 (E)
4 List of acronyms
ADAS Advanced Driver Assistance Systems
ADC Analog to Digital Converter
AGC Automatic Gain Control
CDF Cumulative Distribution Function
CEN Comité Européen de Normalization (European
Committee for Standardization)
CENELEC Comité Européen de Normalization
Électrotechnique (European Committee for
Electrotechnical Standardization)
COTS Commercial On The Shelves
DOS Denial Of Service
DUT Device Under Test
ECEF Earth Centred Earth Fixed
ETSI European Telecommunications Standards Institute
GBPT GNSS-Based Positioning Terminal
GDOP Geometrical Diluition Of Precision
GNSS Global Navigation Satellite Systems
HPL Horizontal Protection Level
IID Independent identically distributed
IMU Inertial Measurement Unit
ITS Intelligent Transport Systems
KOM Kick-Off Meeting
OCXO Oven-controlled crystal oscillator
PPK Post Processed Kinematic
PPS Pulse Per Second
PVT Position Velocity and Time
RAIM Receiver Autonomous Integrity Monitoring
RFCS Radio Frequency Constellation Simulator
RMS Root Mean Square
RTK Real Time Kinematic
SBAS Satellite Based Augmentation System
SDR Software Defined Radio
SIS Signal In Space
TCXO Temperature-controlled crystal oscillator
TTFF Time To First Fix
VPL Vertical Protection Level
VST Vector Signal Transceiver
---------------------- Page: 12 ----------------------
SIST-TP CEN/TR 17475:2020
CEN/TR 17475:2020 (E)
5 GNSS Threats overview
5.1 General

In this clause, a description of the most relevant security scenarios is provided, based on what described

in CEN/TR 17464. The analysis is focused on the intentional RF threats scenarios since they represent a

worst case with respect to unintentional interference. Furthermore, intentional attacks encompass a

wide variety of cases that allow a more flexible, representative and controllable analysis.

The possible attacks on GNSS can be divided in 2 (two) macro areas:
• Denial of service (DoS):
• jamming;
• Deception of Service:
• spoofing;
• meaconing.

The jamming threats are in general based on the transmission of an interfering signal on the GNSS bands.

The disturbance impairs the receiver performance, preventing it to perform PVT operation. The jamming

is not only intentional, but it can be generated by RF equipment employed in other applications as well.

The equipment may emit signals that interfere with the GNSS band, causing unintentional jamming. DVB

harmonics CEN/TR 17464 are examples of this kind of interference.

Deception of service attacks are instead focused on making a receiver computing a false PVT solution

(position, velocity and time). This effect is achieved through the transmission of false signal generated

from fake GNSS constellation or through the re-tr
...

SLOVENSKI STANDARD
kSIST-TP FprCEN/TR 17475:2020
01-februar-2020

Vesolje - Ugotavljanje položaja z uporabo GNSS za cestne inteligentne transportne

sisteme (ITS) - Specifikacija preskusnih naprav, definicija preskusnih scenarijev,

opis in ovrednotenje postopkov za terensko preskušanje varnosti terminalov
GNSS za ugotavljanje položaja

Space - Use of GNSS-based positioning for road Intelligent Transport System (ITS) -

Specification of the test facilities, definition of test scenarios, description and validation of

the procedures for field tests related to security performance of GNSS-based positioning

terminals

Spezifikation der Testeinrichtungen, Definition von Testszenarien, Beschreibung und

Validierung der Verfahren für Feldtests in Bezug auf die Sicherheitsleistung von GNSS-

basierten Ortungsterminals
Espace - Utilisation de la localisation basée sur les GNSS pour les systèmes de

transports routiers intelligents (ITS) - Spécification des installations d’essais, définition

des scénarios d’essais, description et validation des procédures d'essais sur le terrain en

matière de performances de sécurité des terminaux de positionnement basés sur les

GNSS
Ta slovenski standard je istoveten z: FprCEN/TR 17475
ICS:
35.240.60 Uporabniške rešitve IT v IT applications in transport
prometu
49.140 Vesoljski sistemi in operacije Space systems and
operations
kSIST-TP FprCEN/TR 17475:2020 en

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
kSIST-TP FprCEN/TR 17475:2020
---------------------- Page: 2 ----------------------
kSIST-TP FprCEN/TR 17475:2020
TECHNICAL REPORT
FINAL DRAFT
FprCEN/TR 17475
RAPPORT TECHNIQUE
TECHNISCHER BERICHT
November 2019
ICS
English version
Space - Use of GNSS-based positioning for road Intelligent
Transport System (ITS) - Specification of the test facilities,
definition of test scenarios, description and validation of
the procedures for field tests related to security
performance of GNSS-based positioning terminals

Espace - Utilisation de la localisation basée sur les Spezifikation der Testeinrichtungen, Definition von

GNSS pour les systèmes de transports routiers Testszenarien, Beschreibung und Validierung der

intelligents (ITS) - Spécification des installations Verfahren für Feldtests in Bezug auf die

d'essais, définition des scénarios d'essais, description Sicherheitsleistung von GNSS-basierten

et validation des procédures d'essais sur le terrain en Ortungsterminals
matière de performances de sécurité des terminaux de
positionnement basés sur les GNSS

This draft Technical Report is submitted to CEN members for Vote. It has been drawn up by the Technical Committee

CEN/CLC/JTC 5.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,

Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,

Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,

Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are

aware and to provide supporting documentation.

Warning : This document is not a Technical Report. It is distributed for review and comments. It is subject to change without

notice and shall not be referred to as a Technical Report.
---------------------- Page: 3 ----------------------
kSIST-TP FprCEN/TR 17475:2020
FprCEN/TR 17475:2019 (E)
Contents Page

European foreword ....................................................................................................................................................... 4

1 Scope .................................................................................................................................................................... 5

1.1 Purpose of the document ............................................................................................................................. 5

1.2 Overview of the document ........................................................................................................................... 5

2 Normative references .................................................................................................................................... 5

3 Terms and definitions ................................................................................................................................... 6

4 List of acronyms ............................................................................................................................................ 10

5 GNSS Threats overview .............................................................................................................................. 11

5.1 General ............................................................................................................................................................. 11

5.2 Denial of service: jamming ....................................................................................................................... 11

5.3 Deception of service: spoofing and meaconing ................................................................................. 13

6 Security metrics ............................................................................................................................................ 16

6.1 General approach ......................................................................................................................................... 16

6.1.1 Introduction ................................................................................................................................................... 16

6.1.2 Notes on empirical CDF .............................................................................................................................. 17

6.1.3 ECDF with loss of samples ......................................................................................................................... 19

6.2 Considered metrics ...................................................................................................................................... 22

6.2.1 General ............................................................................................................................................................. 22

6.2.2 Accuracy .......................................................................................................................................................... 22

6.2.3 Integrity ........................................................................................................................................................... 24

6.2.4 Availability and continuity ....................................................................................................................... 28

6.3 Other metrics ................................................................................................................................................. 30

6.3.1 Time To Fist Fix (TTFF) .............................................................................................................................. 31

6.3.2 Excluded metrics .......................................................................................................................................... 31

6.4 Robustness concept: a summary metric .............................................................................................. 32

7 Test approach ................................................................................................................................................ 32

7.1 SDR concept .................................................................................................................................................... 33

7.2 Interference hardware impact ................................................................................................................ 33

7.2.1 General ............................................................................................................................................................. 33

7.2.2 Antenna-LNA .................................................................................................................................................. 34

7.2.3 AGC .................................................................................................................................................................... 34

7.2.4 ADC .................................................................................................................................................................... 34

7.2.5 Digital post-correlation processing ....................................................................................................... 35

7.3 Record and replay choice .......................................................................................................................... 37

7.4 Jamming testing architecture .................................................................................................................. 38

7.5 Spoofing testing architecture................................................................................................................... 40

7.6 File size and scenario length .................................................................................................................... 42

7.7 Hybridization issue ..................................................................................................................................... 43

8 Test scenarios ................................................................................................................................................ 43

8.1 Relevant realistic scenarios ..................................................................................................................... 44

8.1.1 Nominal scenarios ....................................................................................................................................... 44

8.1.2 Clear sky scenario as a special case ....................................................................................................... 44

---------------------- Page: 4 ----------------------
kSIST-TP FprCEN/TR 17475:2020
FprCEN/TR 17475:2019 (E)

8.1.3 Scenario VS Data set VS Datafile .............................................................................................................. 45

8.1.4 Scenario-management authority ............................................................................................................ 45

8.2 Interference scenarios selection ............................................................................................................. 45

8.2.1 Jamming proposed scenarios ................................................................................................................... 46

8.2.2 Spoofing proposed scenarios ................................................................................................................... 47

8.2.3 Meaconing assessment ............................................................................................................................... 49

8.2.4 Meaconing proposed scenarios ............................................................................................................... 49

9 Test facilities specification ........................................................................................................................ 50

9.1 Data set record testbed............................................................................................................................... 50

9.1.1 General ............................................................................................................................................................. 50

9.1.2 Jamming data generation........................................................................................................................... 50

9.1.3 Spoofing data recording ............................................................................................................................. 54

9.2 Replay testbed ............................................................................................................................................... 55

9.2.1 RF transmitters calibration ...................................................................................................................... 55

9.2.2 Replay testbed schemes ............................................................................................................................. 57

10 End-to-end validation ................................................................................................................................. 58

10.1 Devices under test ........................................................................................................................................ 58

10.2 Nominal scenario recording and validation ....................................................................................... 60

10.2.1 Nominal scenario recording ..................................................................................................................... 60

10.2.2 Analytical tools .............................................................................................................................................. 63

10.2.3 Nominal scenario validation ..................................................................................................................... 65

10.3 Jamming test results .................................................................................................................................... 73

10.3.1 General ............................................................................................................................................................. 73

10.3.2 Jamming scenarios generation ................................................................................................................ 73

10.3.3 Interferences on AsteRx3 HDC ................................................................................................................. 75

10.3.4 Interferences on Ublox 8 ............................................................................................................................ 92

10.4 Spoofing test results ................................................................................................................................. 106

10.4.1 Spoofing scenario recording .................................................................................................................. 106

10.4.2 Spoofing on AsteRx-3 HDC ...................................................................................................................... 106

10.4.3 Spoofing on Ublox 8 .................................................................................................................................. 110

Annex A (informative) AGC principles and impact ..................................................................................... 115

Annex B (informative) GNSS SDR Format standardization ...................................................................... 118

Annex C (informative) Spoofing insights ........................................................................................................ 120

C.1 General .......................................................................................................................................................... 120

C.2 Range error impact ................................................................................................................................... 121

C.3 Oscillator error impact ............................................................................................................................ 121

C.4 Propagation channel impact .................................................................................................................. 122

Annex D (informative) Noise amplification ................................................................................................... 124

D.1 Theory of noise amplification ............................................................................................................... 124

D.2 Experimental validation.......................................................................................................................... 128

Annex E (informative) Accuracy and continuity simulations ................................................................. 130

Bibliography .............................................................................................................................................................. 135

---------------------- Page: 5 ----------------------
kSIST-TP FprCEN/TR 17475:2020
FprCEN/TR 17475:2019 (E)
European foreword

This document (FprCEN/TR 17475:2019) has been prepared by Technical Committee CEN-

CENELEC/TC 5 “Space”, the secretariat of which is held by DIN.
This document is currently submitted to the vote on TR.
---------------------- Page: 6 ----------------------
kSIST-TP FprCEN/TR 17475:2020
FprCEN/TR 17475:2019 (E)
1 Scope
1.1 Purpose of the document

This document is the CEN Technical Report WP2-D2 of the GP-START project, regarding the test

procedures for assessment of robustness to security attacks.

Starting from the definition of security attacks taxonomy and security metrics highlighted in

FprCEN/TR 17464:2019, this task aims to:

1. Specify test facilities to be used in the field tests. This comprises both hardware and software

equipment.

2. Define relevant test scenarios applicable to security performances. Also, the field test needed for

validation of scenarios will be properly described.

3. Define end-to-end test procedures comprising experimental validation of the whole test chain.

The results will serve as the operational basis for field testing of robustness against security attacks.

1.2 Overview of the document
The outline of the document is as follows:

• Clause 5 provides a review of security metrics, in line with the other deliverables of the project and

in particular with FprCEN/TR 17465:2019 and FprCEN/TR 17464:2019.

• Clause 6 consolidates the test approach with respect to jamming and spoofing oriented scenarios.

• Clause 7 provides a definition of relevant test scenarios, applicable to security testing, starting from

outcomes of FprCEN/TR 17464:2019.

• Clause 8 provides an in-depth discussion regarding test facilities, focusing on both data recording

and replay.

• Clause 9 concludes with a set of real-life tests, for a preliminary end-to-end validation of the

procedures.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

EN 16803-1:2016, Space — Use of GNSS-based positioning for road Intelligent Transport Systems (ITS) —

Part 1: Definitions and system engineering procedures for the establishment and assessment of

performances

ETSI TS 103 246-3, Satellite Earth stations and systems (SES) —GNSS-based location systems — Part 3:

Performance requirements

FprCEN/TR 17447:2019, Space — Use of GNSS-based positioning for road Intelligent Transport System

(ITS) — Mathematical PVT error model

FprCEN/TR 17448:2019, Space — Use of GNSS-based positioning for road Intelligent Transport Systems

(ITS) — Metrics and Performance levels detailed definition
---------------------- Page: 7 ----------------------
kSIST-TP FprCEN/TR 17475:2020
FprCEN/TR 17475:2019 (E)

FprCEN/TR 17464:2019, Space — Use of GNSS-based positioning for road Intelligent Transport System

(ITS) — Security attacks modelling and definition of performance features and metrics related to security

FprCEN/TR 17465:2019, Space — Use of GNSS-based positioning for road Intelligent Transport Systems

(ITS) —Field tests definition for basic performances

ISO/IEC 27001:2013, Information technology — Security techniques — Information security management

systems — Requirements
3 Terms and definitions

For the purposes of this document, the terms and definitions given in EN 16803-1:2016,

ETSI TS 103 246-3 and ISO/IEC 27001:2013 apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

• ISO Online browsing platform: available at http://www.iso.org/obp
• IEC Electropedia: available at http://www.electropedia.org/
3.1
attack

attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use

of an asset
3.2
authentification

provision of assurance that the location-related data associated with a location target has been derived

from real signals associated with the location target
3.3
availability
property of being accessible and usable upon demand by an authorized entity
3.4
continuity

likelihood that the navigation signal-in-space supports accuracy and integrity requirements for duration

of intended operation

Note 1 to entry: Continuity aids a user to start an operation during a given exposure period without an

interruption of this operation and assuming that the service was available at beginning of the operation. Related to

the Continuity concept, a Loss of Continuity occurs when the user is forced to abort an operation during a specified

time interval after it has begun (the system predicts service was available at start of operation).

3.5
continuity risk

probability of detected but unscheduled navigation interruption after initiation of an operation

3.6
data

collection of values assigned to base measures, derived measures and/or indicators

---------------------- Page: 8 ----------------------
kSIST-TP FprCEN/TR 17475:2020
FprCEN/TR 17475:2019 (E)
3.7
electromagnetic interference

any source of RF transmission that is within the frequency band used by a communication link, and that

degrades the performance of this link
Note 1 to entry: Jamming is a particular case of electromagnetic interference.
3.8
integrity

general performance feature referring to the trust a user can have in the delivered value of a given

Position or Velocity component

Note 1 to entry: In this document, this feature is expressed by 2 (two) quantities: the Protection level and the

associated Integrity risk.
3.9
integrity risk

for Positioning terminals providing a Protection level as integrity indicator, refers to the probability that

the actual error on a given Position or Velocity component exceeds the associated Protection level

provided with this quantity
3.10
jamming

deliberate transmission of interference to disrupt processing of wanted signals (which in this case are

GNSS or telecommunications signals)
3.11
level of risk

magnitude of a risk expressed in terms of the combination of consequences and their likelihood

3.12
likelihood
chance of something happening
3.13
localisation
process of determining the position or location of a location target
3.14
performance

measurable result, performance can relate either to quantitative or qualitative findings

3.15
performance class

for a given performance metric, designates a domain delimited by 2 (two) boundaries

3.16
performance feature

a given characteristic used to qualify and quantify the service provided by a system, for example

horizontal accuracy for a Positioning system
---------------------- Page: 9 ----------------------
kSIST-TP FprCEN/TR 17475:2020
FprCEN/TR 17475:2019 (E)
3.17
performance metric

precise definition of the means of measuring a given performance feature of a given output of a system

Note 1 to entry: An example of accuracy metric can be the median value of an error sample acquired during a

given test following a given protocol.
3.18
protection level

estimation of an upper bound for the error made on a Position or Velocity component (e.g. the plane

position) associated with a given probability called Integrity risk

Note 1 to entry: Like the actual error, this feature can be characterized by its distribution function. The

P ε >< PL I I

protection level PL is upper bound to the position error such that: ( ) , where is the integrity

risk
risk
risk and ε is the actual position error.
3.19
Pseudo-Random Noise Code (PRN)

unique binary code (or sequence) transmitted by a GNSS satellite to allow a receiver to determine the

travel time of the radio signal from satellite to receiver
3.20
reference GNSS receiver

in this document, refers to a widely used and off-the-shelf high sensitivity GNSS receiver offering a good

availability and a high sensitivity to the multipath and NLOS phenomena) whose production can be

guaranteed for a long period
3.21
reference trajectory

series of time-stamped positions (and possibly speeds) of a reference point on a mobile object

(test vehicle), produced by a Reference trajectory measurement system
3.22
Reference Trajectory Measurement System (RTMeS)

term used in this document for a measurement means capable of accuracy performances better than at

least one order of magnitude than those of the Positioning terminal being tested
3.23
requirement
need or expectation that is stated, generally implied or obligatory
3.24
robustness

the degree to which a system or component can function correctly in the presence of invalid inputs or

stressful environmental conditions
3.25
security

function of a location system that aims at ensuring that the location-related data is safeguarded against

unapproved disclosure or usage inside or outside the location system, and that it is also provided in a

secure and reliable manner that ensures it is neither lost nor corrupted
---------------------- Page: 10 ----------------------
kSIST-TP FprCEN/TR 17475:2020
FprCEN/TR 17475:2019 (E)
3.26
spoof/spoofing

transmission of signals intended to deceive location processing into reporting false location target data

3.27
threat

potential cause of an unwanted incident, which may result in harm to a system or organisation

3.28
time-to-alert

time from when an unsafe integrity condition occurs to when an alerting message reaches the user

3.29
trajectory
series of time-stamped positions (and possibly speeds) of a mobile object
3.30
vulnerability
weakness of an asset or control that can be exploited by one or more threats
---------------------- Page: 11 ----------------------
kSIST-TP FprCEN/TR 17475:2020
FprCEN/TR 17475:2019 (E)
4 List of acronyms
ADAS Advanced Driver Assistance Systems
ADC Analog to Digital Converter
AGC Automatic Gain Control
CDF Cumulative Distribution Function
CEN Comité Européen de Normalization (European
Committee for Standardization)
CENELEC Comité Européen de Normalization
Électrotechnique (European Committee for
Electrotechnical Standardization)
COTS Commercial On The Shelves
DOS Denial Of Service
DUT Device Under Test
ECEF Earth Centred Earth Fixed
ETSI European Telecommunications Standards Institute
GBPT GNSS-Based Positioning Terminal
GDOP Geometrical Diluition Of Precision
GNSS Global Navigation Satellite Systems
HPL Horizontal Protection Level
IID Independent identically distributed
IMU Inertial Measurement Unit
ITS Intelligent Transport Systems
KOM Kick-Off Meeting
OCXO Oven-controlled crystal oscillator
PPK Post Processed Kinematic
PPS Pulse Per Second
PVT Position Velocity and Time
RAIM Receiver Autonomous Integrity Monitoring
RFCS Radio Frequency Constellation Simulator
RMS Root Mean Square
RTK Real Time Kinematic
SBAS Satellite Based Augmentation System
SDR Software Defined Radio
SIS Signal In Space
TCXO Temperature-controlled crystal oscillator
TTFF Time To First Fix
VPL Vertical Protection Level
VST Vector Signal Transceiver
---------------------- Page: 12 ----------------------
kSIST-TP FprCEN/TR 17475:2020
FprCEN/TR 17475:2019 (E)
5 GNSS Threats overview
5.1 General

In this clause, a description of the most relevant security scenarios is provided, based on what described

in FprCEN/TR 17464:2019. The analysis is focused on the intentional RF threats scenarios since they

represent a worst case with respect to unintentional interference. Furthermore, intentional attacks

encompass a wide variety of cases that allow a more flexible, representative and controllable analysis.

The possible attacks on GNSS can be divided in 2 (two) macro areas:
• Denial of service (DoS):
• jamming;
• Deception of Service:
• spoofing;
• meaconing.

The jamming threats are in general based on the transmission of an interfering signal on the GNSS bands.

The disturbance impairs the receiver performance, preventing it to perform PVT operation. The jamming

is not only intentional, but it can be generated by RF equipment employed in other applications as well.

The equipment may emit signals that interfere with the GNSS band, causing unintentional jamming. DVB

harmonics FprCEN/TR 17464:2019 are examples of this kind of interference.

Deception of service attacks are instead focused on making a receiver computing a false PVT solution

(position, velocity and time). This effect is achieved through the transmission of false signal generated

fro
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.