Unlike interference where GNSS is denied by overpowering the satellite signal, spoofing tricks the receiver into reporting an incorrect position. Spoofing is done by first jamming the GNSS receiver then providing a false satellite signal that is either created by a signal generator or is a rebroadcast of a real recorded GNSS signal. Unlike interference, spoofing is always an intentional attack.

To deny GNSS by spoofing, the attacker broadcasts a signal with the same structure and frequency as the GNSS signal. The spoofing signal controls its transmitted power level, so the receiver will lock onto the spoofed signal rather than the real GNSS signal. In the spoofed signal, the message is changed so that the receiver will calculate an incorrect position or time.

The most effective way to protect against spoofing is to track encrypted signals (such as the Y-code and M-code signals on GPS L1 and L2) that are broadcast by several of the GNSS constellations. Access to the encrypted signals is restricted and not available to all users; however, there are mitigation methods that can be used with open signal receivers.

The complexity of spoofing increases greatly if the attacker attempts to simultaneously spoof more than one GNSS frequency or constellation. So, a receiver that can track multiple frequencies and/ or multiple constellations can be used to detect and overcome a possible spoofing attempt.

Other navigation sensors, such as GNSS+INS, can be used to detect and overcome a spoofing attempt as the measurements from the IMU cannot be spoofed.

Chapter 7: GNSS threats