Patrotest Wiki

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
gp_simulator:operation_manual [2019/02/26 09:27]
admin [Conducted testing]
gp_simulator:operation_manual [2019/02/27 12:18] (current)
yasko
Line 1: Line 1:
 =====GP-Simulator Operation Manual===== =====GP-Simulator Operation Manual=====
 ====GUI Description==== ====GUI Description====
-===Init Position ​Folder===+===Init Position ​Tab=== 
 +In the "Init position"​ tab, you can configure the connection to the UBLOX receiver for getting the current coordinates,​ accuracy, as well as time, and information about the satellites being observed. 
 {{:​gp_simulator:​gp-simulator_init_position.png?​600|}}\\ {{:​gp_simulator:​gp-simulator_init_position.png?​600|}}\\
 \\ \\
-On this tab, you can configure the connection to the receiver UBLOX to get current coordinates,​ accuracy, time and information about the satellites being observed+
 ===Almanac and Ephemeris Folder=== ===Almanac and Ephemeris Folder===
 +Once the current time is determined, you can download the Ephemeris and Almanac files.
 +
 {{:​gp_simulator:​gp-simulator_almanac.png?​600|}}\\ {{:​gp_simulator:​gp-simulator_almanac.png?​600|}}\\
 +
 \\ \\
-Once the current time is determined, you can download the Ephemeris and Almanac files. +
-\\+
 <WRAP left round info 60%> <WRAP left round info 60%>
-You need internet to download files.+You need internet ​connection ​to download ​the corresponding ​files.
 </​WRAP>​\\ ​ </​WRAP>​\\ ​
 \\  \\ 
 \\ \\
 <WRAP left round info 60%> <WRAP left round info 60%>
-You can preload the Ephemeris and Almanac files onto your computer and simply point the way to them.+You can preload the Ephemeris and Almanac files on your computer and then define ​the path to the files in the corresponding fields.
 </​WRAP>​ </​WRAP>​
 \\  \\ 
Line 22: Line 26:
 \\ \\
 \\ \\
-===USRP ​Folder===+===USRP ​Tab=== 
 +The "​USRP"​ tab provides the following settings/​adjustments:​ 
 +\\ 
 {{:​gp_simulator:​gp-simulator_usrp.png|}}\\ {{:​gp_simulator:​gp-simulator_usrp.png|}}\\
-  * USRP name - the name of your USPR board, what you already setted ​in [[gp_simulator:​NI-USRP Configuration Utility]] +  ​* **USRP name** - the name of your USPR board that you preset ​in [[gp_simulator:​NI-USRP Configuration Utility]]; 
-  * IQ Rate - IQ sample rate. The minimal value is 1.5 MHz. The maximal value is 5 MHz. The higher the value you put, the more CPU of your computer ​will be loaded. +  ​* **IQ Rate** - IQ sample rate. The minimal value is "1.5 MH." ​The maximal value is "5 MHz." ​The higher the value you input, the more CPU on your computer ​devices is used/loaded; 
-  * 10 MHz Ref - The source of 10 MHz reference frequency: External or GPSDO. In case you work with antenna, GPSDO on your USRP board will be spoofed, so you need to use external high quality reference source. +  ​* **10 MHz Ref** - The source of "10 MHz" ​reference frequency: External or GPSDO. In the cases when you work with antennas, GPSDO on your USRP board will be spoofed, so you need to use external high quality reference source; 
-  * Spoofing mode - AsynchronousSynchronous. ​Read our [[https://​gpspatron.com/​chapter-1-asynchronous-spoofing-attacks/​|article about different types of spoofing]]. +  ​* **Spoofing mode** - Asynchronous ​or Synchronous. ​To learn more, read our [[https://​gpspatron.com/​chapter-1-asynchronous-spoofing-attacks/​|article about different types of spoofing]]; 
-  * Start delay, s - Generation start offset for synchronous mode. Can be used to study the required accuracy of signal synchronization. +  ​* **Start delay, s** - Generation start offset for synchronous mode. Can be used to study the required accuracy of signal synchronization; 
-  * Conducted connection flag - set it in case you use cable connection to the DUT. In case you work on antenna ​unset it. +  ​* **Conducted connection flag** Should be set in case you use cable connection to the DUT. In case you work with an antenna, do not uncheck the corresponding box; 
-  * Opened flag - in case of successful USRP initialization. +  ​* **Opened flag** Displayed ​in case of successful USRP initialization; 
-  * GPS locked flag - in case of successful USRP GPSDO 3D-fix. ​Synchronous generation available only if this flag is setted. +  ​* **GPS locked flag** Displayed ​in case of successful USRP GPSDO 3D-fix. ​If the corresponding ​flag is set, only synchronous generation is available; 
-  * Cable Length, m - The total length of all applied cables. ​It is used for Total Path Gain calculation. +  ​* **Cable Length, m** - The total length of all applied cables. ​Used for calculating the Total Path Gain; 
-  * USRP Cal Factor, dB - USRP calibration value. ​Calibration ​procedure described ​there -  [[gp_simulator:​USRP Calibration Procedure]] +  ​* **USRP Cal Factor, dB** - USRP calibration value. ​The calibration ​procedure described ​in -  [[gp_simulator:​USRP Calibration Procedure]]; 
-  * Amplifier Gain, dB - set the gain of the external RF power amplifier ​in case radiated test.  +  ​* **Amplifier Gain, dB** In the cases of radiated testing, ​set the gain of the external RF power amplifier 
-  * Attenuator, dB - total path attenuation in cables and\or attenuators  +  ​* **Attenuator,​ dB** The total path of attenuation in the cables and\or attenuators 
-  * Antenna Gain, dB - set the antenna gain in case radiated test.  +  ​* **Antenna Gain, dB** In the cases of radiated testing, ​set the corresponding ​antenna gain 
-  * Sidelobe, dB - Sidelobe of the receiving antenna ​of the DUT, taking ​into account ​the angle of arrival ​of the signal. Used to calculate the signal power of the simulator ​in the phase center of the DUT antenna. +  ​* **Sidelobe, dB** - Sidelobe of the DUT'​s ​receiving antenna ​that takes into account ​signal'​s ​angle of arrival. Used for calculating simulator'​s ​signal power in the phase center of the DUT antenna; 
-  * Max Generator EIRP, dBm - Maximum ​available ​Effective Isotropic Radiated Power of the generator ​with particular amplifier, antenna and cables. +  ​* **Max Generator EIRP, dBm** - Maximum ​availability of the generator'​s ​Effective Isotropic Radiated Power with particular amplifier, antennaand cables; 
-  * Total Path Gain, dB - calculated ​taking into account the antenna gain, power amplifier, attenuation in cables and sidelobe of the receiver antenna +  ​* **Total Path Gain, dB** Calculated ​taking into account the antenna gain, power amplifier, ​as well as attenuation in cables and sidelobe of the receiver antenna; 
-  * Max distance to target - Maximum available distance to the DUT. +  ​* **Max distance to target** - Maximum available distance to the DUT. 
-===DUT ​Folder=== + 
-Here you can set the distance and direction to the sample ​in case of field testing:+\\ 
 + 
 +===DUT ​Tab=== 
 + 
 +In the "​DUT"​ tab, you can set the distance and direction to the sample ​when carrying out field testing: 
 +\\ 
 {{:​gp_simulator:​gp-simulator_dut.png|}}\\ {{:​gp_simulator:​gp-simulator_dut.png|}}\\
-The user can determine the distance to the sample using two methods: + 
-  * The distance to the DUT on the ground and the height of the DUT +The user can determine the distance to the sample using the following ​two methods: 
-  * The distance ​to get on the ground and in line of sight. +  * Calculating the distance to the DUT on the ground and the height of the DUT; 
-===Start ​Folder=== +  * Calculating the distance ​required for getting ​on the ground and in the line of sight. 
-In this tab, the user can start the generation and also distort the signal.\\+ 
 +\\ 
 + 
 +===Start ​Tab=== 
 +In the "​Start" ​tab, you can start the generation and also distort the signal.\\ 
 {{:​gp_simulator:​gp-simulator_time_shift.png|}}\\ {{:​gp_simulator:​gp-simulator_time_shift.png|}}\\
-==Time shift== +
-Here you can shift the 1PPS or timestamp of the DUT in different ways.+
 \\ \\
-{{:​gp_simulator:​gp-simulator_time_shift_controls.png|}}\\ + 
-  * Current 1PPS offset, s - Adds an offset to the generated sequence in such a way as to shift the 1PPS signal of the DUT. +==Time Shift Tab== 
-  * Current GPS Time of week offset, s - Dramatically changes the ToW in HOW in all subframes. The position of all satellites is recalculated based on the new time. Thus, the receiver ​is temporarily ​lost tracking the satellites. Make sure that the power level of the generated signal is sufficient to block the real signals. +In the "Time shift" tab, you can shift the 1PPS or timestamp of the DUT in different ways. 
-  * Sats clock corr offset, s - Sinhronius ​simulates clock drift on all satellites. Leads to a smooth drift of 1PPS impulse ​of the DUT +\\ 
-==DUT movement==+ 
 +{{:​gp_simulator:​gp-simulator_time_shift_controls.png|}} 
 +\\ 
 + 
 +  ​* **Current 1PPS offset, s** - Adds an offset to the generated sequence in the way that it shifts ​the 1PPS signal of the DUT; 
 +  ​* **Current GPS Time of week offset, s** - Dramatically changes the ToW in HOW in all subframes. The position of all satellites is recalculated based on the new time. Thus, the receiver temporarily ​stops tracking the satellites. Make sure that the power level of the generated signal is sufficient ​enough ​to block the real signals; 
 +  ​* **Sats clock corr offset, s** Synchronously ​simulates clock drift on all satellites. Leads to a smooth drift of the DUT 1PPS impulse. 
 +\\ 
 + 
 +==DUT Movement Tab== 
 +In the "DUT movement"​ tab, you can move the coordinates of the DUT for a certain number of meters for a certain time period. 
 +\\ 
 {{:​gp_simulator:​gp-simulator_dut_movement_controls.png|}}\\ {{:​gp_simulator:​gp-simulator_dut_movement_controls.png|}}\\
-Here you can move the coordinates of the DUT for a certain number ​of meters for a certain time + 
-==DUT ECEF impairment==+\\ 
 + 
 +==DUT ECEF Impairment Tab== 
 +This tab is experimental. In the "DUT ECEF impairment"​ tab, can you add a fixed offset and noise to the coordinates of the DUT and noise to the Doppler offset. You can also set the "​Mean"​ value and the standard deviation (STD) of the noise. 
 +\\ 
 {{:​gp_simulator:​gp-simulator_dut_ecef_impairment_controls.png|}}\\ {{:​gp_simulator:​gp-simulator_dut_ecef_impairment_controls.png|}}\\
-This is the experimental ​tab. Where can you add an fixed offset and noise to the coordinates of the DUT and the noise to Doppler offset. You can set the mean value and the standard deviation of the noise+ 
-==Satellites ​ impairment==+\\ 
 + 
 +==Satellites ​ Impairment Tab== 
 +In the "​Satellites ​ impairment" ​tab, you can set the relative power, pseudorange ​offset and Doppler offset ​for each satellite
 +\\ 
 {{:​gp_simulator:​gp-simulator_satellites_impairment_controls.png|}}\\ {{:​gp_simulator:​gp-simulator_satellites_impairment_controls.png|}}\\
-On this tab you can set the relative power, pseudorange offset and Doppler offset for each satellite.+ 
 +\\ 
 ====Conducted testing==== ====Conducted testing====
-Below is typical DUT testing ​diagram ​for valuentabilities ​to spoofing and jamming:+Below is displayed the diagram of typical DUT testing for vulnerabilities ​to spoofing and jamming.\\ 
 + 
 +{{:​gp_simulator:gp-simulator_conducted_testing.png?​600}}
 \\ \\
 +We recommend using a directional coupler for injecting the simulated signal into the real one. Oscilloscope is used for measuring 1PPS impulse offset. ​
 \\ \\
-We recommend using a directional coupler to suspend the signal from the simulator to the real signal. +  
-==Application ​settings== +==Application ​Settings== 
-Wait for the UBLOX M8T status to become ​3D Fix. Download ​almanac and ephemeris files. ​On USRP folder ​set: +First, wait for the "UBLOX M8T" ​status to display "3D Fix." Then, sownload ​almanac and ephemeris files. ​ 
-  * 10 MHz Ref to GPSDO +\\ 
-  * check Conducted Connection + 
-  * Set Attenuator value based on cables, attenuators and directional coupler. +After that, set the following in the "​USRP"​ tab
-On Start folder setup +  ​* **10 MHz Ref** to **GPSDO**; 
-  * DUT input power. ​Usualy ​it is within -100 dBm +  * Check the "Conducted Connection" box; 
-  * Push Start button +  * Set the "Attenuator" ​value based on cables, attenuators and the directional coupler. 
-====Radiated ​testing====+ 
 +In the "Startfolder setup 
 +  * DUT input power. ​Usually ​it is within ​the  "-100 dBm" range; 
 +  * Click on the "Start" ​button
 +\\ 
 + 
 +====Radiated ​Testing====
 <WRAP left round info 60%> <WRAP left round info 60%>
-Attention. +**NOTE**: ​The use of radiated radio signals may be illegal in your country. Please familiarize yourself with your local legal laws on the regulation of the radio spectrum before using this app.
-The use of radiated radio signals may be illegal in your country. Please familiarize yourself with your legislation ​on the regulation of the radio spectrum before using this app.+
 We are not responsible for your actions. We are not responsible for your actions.
-</​WRAP>​\\  +</​WRAP>​  
-\\ +
 \\  \\ 
 +
 \\ \\
 +
 \\ \\
 +
 \\ \\
-Below is a typical ​scheme ​of using our equipment for field testing of devices ​for exposure ​to GPS spoofing:+ 
 +Below is displayed the diagram of a typical ​use case of our equipment for field testing ​vulnerability ​of various ​devices to GPS spoofing ​exposure.\\ 
 +{{:​gp_simulator:gp-simulator_radiated_testing.png?​1000|}}\\ 
 \\ \\
 +
 +In the case of radiated testing, you cannot use internal USRP GPSDO as a "10 MHz" reference source, because it will be spoofed. Thus, you should use external high quality reference source. The frequency stability should be better than "**25 ppb**."​\\
 +
 +==Application Settings==
 +First, wait for the "UBLOX M8T" status to display "3D Fix." After that, download almanac and ephemeris files. ​
 \\ \\
-In case of radiated testing you cann't use internal USRP GPSDO like 10 MHz reference source, because it will be spoofed. You have to use external high quality reference source. Frequency stability should be better than 25 ppb.\\ 
-==Application settings== 
-Wait for the UBLOX M8T status to become 3D Fix. Download almanac and ephemeris files. On USRP folder set: 
-  * 10 MHz Ref to External 
-  * uncheck Conducted Connection 
-  * Set Amplifier Gain, Attenuator, Anteanna Gain according to your connected equipment. 
-On DUT folder setup: 
-  * direction to the DUT 
-  * and known distances 
-On Start folder setup 
-  * DUT input power. Usualy it is within -100 dBm 
-  * Push Start button 
-====Asynchronous mode==== 
-under construction 
-====Synchronous mode==== 
-under construction 
  
 +In the "​USRP"​ tab, set the following:
 +  * **10 MHz Ref** to **External**;​
 +  * Uncheck the "​Conducted Connection"​ box;
 +  * Set "​Amplifier Gain," "​Attenuator,"​ and "​Antenna Gain" according to your connected equipment.
 +
 +In the "​DUT"​ tab, set the following:
 +  * **Direction** to **DUT**;
 +  * and known distances.
 +
 +In the "​Start"​ tab, set up the following:
 +  * DUT input power that is usually it is within the "-100 dBm" range;
 +  * Click on the "​Start"​ button.
 +
 +\\
 +
 +====Synchronous and asynchronous mode====
 +In the case of an asynchronous attack, a spoofer transmits false signals that are stronger than the original ones, causing the receiver to lose track of the satellites and lock on to the overpowering spoofing signal(s). On the other hand, synchronous attacks imply transmitting signals that are synchronized with the original ones and then gradually overpowering the latter.\\
 +You can learn more about the difference between synchronous and asynchronous attacks in our dedicated article on [[https://​gpspatron.com/​chapter-1-asynchronous-spoofing-attacks/​|this page]].
 +\\
 +
 +In the "​Synchronous"​ mode, our simulator generates a signal that is aligned with the real one up to "100 ns." To select a particular spoofing mode, go to the "​USRP"​ tab.
 +\\
 +
 +{{:​gp_simulator:​gp-simulator_spoofing_mode_selection.png|}}\\
 +\\
 +
 +If you select the "​Synchronous"​ mode, then you can set an additional offset for the start of the generation. This is convenient for examining the DUT correlation analysis window.\\
 +\\
 +
 +
 +To work in the "​Synchronous"​ mode, you need to wait for the following flag: "GPS Locked":​
 +
 +\\
 +{{:​gp_simulator:​gp-simulator_gpsdo_locked_flag.png|}}\\
 +\\
 +
 +In the "​Synchronous"​ mode, the generation does not start immediately,​ but only at a particular time:
 +\\
  
 +{{:​gp_simulator:​gp-simulator_start_time.png|}}