Trace: • GP-Simulator Operation Manual
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| gp_simulator:operation_manual [2019/02/26 13:22] admin [Conducted testing] | gp_simulator:operation_manual [2019/02/27 12:18] (current) yasko | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| =====GP-Simulator Operation Manual===== | =====GP-Simulator Operation Manual===== | ||
| ====GUI Description==== | ====GUI Description==== | ||
| - | ===Init Position Folder=== | + | ===Init Position Tab=== | 
| + | In the "Init position" tab, you can configure the connection to the UBLOX receiver for getting the current coordinates, accuracy, as well as time, and information about the satellites being observed. | ||
| {{:gp_simulator:gp-simulator_init_position.png?600|}}\\ | {{:gp_simulator:gp-simulator_init_position.png?600|}}\\ | ||
| \\ | \\ | ||
| - | On this tab, you can configure the connection to the receiver UBLOX to get current coordinates, accuracy, time and information about the satellites being observed | + | |
| ===Almanac and Ephemeris Folder=== | ===Almanac and Ephemeris Folder=== | ||
| + | Once the current time is determined, you can download the Ephemeris and Almanac files. | ||
| + | |||
| {{:gp_simulator:gp-simulator_almanac.png?600|}}\\ | {{:gp_simulator:gp-simulator_almanac.png?600|}}\\ | ||
| + | |||
| \\ | \\ | ||
| - | Once the current time is determined, you can download the Ephemeris and Almanac files. | + | |
| - | \\ | + | |
| <WRAP left round info 60%> | <WRAP left round info 60%> | ||
| - | You need internet to download files. | + | You need internet connection to download the corresponding files. | 
| </WRAP>\\  | </WRAP>\\  | ||
| \\ | \\ | ||
| \\ | \\ | ||
| <WRAP left round info 60%> | <WRAP left round info 60%> | ||
| - | You can preload the Ephemeris and Almanac files onto your computer and simply point the way to them. | + | You can preload the Ephemeris and Almanac files on your computer and then define the path to the files in the corresponding fields. | 
| </WRAP> | </WRAP> | ||
| \\ | \\ | ||
| Line 22: | Line 26: | ||
| \\ | \\ | ||
| \\ | \\ | ||
| - | ===USRP Folder=== | + | ===USRP Tab=== | 
| + | The "USRP" tab provides the following settings/adjustments: | ||
| + | \\ | ||
| {{:gp_simulator:gp-simulator_usrp.png|}}\\ | {{:gp_simulator:gp-simulator_usrp.png|}}\\ | ||
| - | * USRP name - the name of your USPR board, what you already setted in [[gp_simulator:NI-USRP Configuration Utility]] | + | * **USRP name** - the name of your USPR board that you preset in [[gp_simulator:NI-USRP Configuration Utility]]; | 
| - | * IQ Rate - IQ sample rate. The minimal value is 1.5 MHz. The maximal value is 5 MHz. The higher the value you put, the more CPU of your computer will be loaded. | + | * **IQ Rate** - IQ sample rate. The minimal value is "1.5 MH." The maximal value is "5 MHz." The higher the value you input, the more CPU on your computer devices is used/loaded; | 
| - | * 10 MHz Ref - The source of 10 MHz reference frequency: External or GPSDO. In case you work with antenna, GPSDO on your USRP board will be spoofed, so you need to use external high quality reference source. | + | * **10 MHz Ref** - The source of "10 MHz" reference frequency: External or GPSDO. In the cases when you work with antennas, GPSDO on your USRP board will be spoofed, so you need to use external high quality reference source; | 
| - | * Spoofing mode - Asynchronous, Synchronous. Read our [[https://gpspatron.com/chapter-1-asynchronous-spoofing-attacks/|article about different types of spoofing]]. | + | * **Spoofing mode** - Asynchronous or Synchronous. To learn more, read our [[https://gpspatron.com/chapter-1-asynchronous-spoofing-attacks/|article about different types of spoofing]]; | 
| - | * Start delay, s - Generation start offset for synchronous mode. Can be used to study the required accuracy of signal synchronization. | + | * **Start delay, s** - Generation start offset for synchronous mode. Can be used to study the required accuracy of signal synchronization; | 
| - | * Conducted connection flag - set it in case you use cable connection to the DUT. In case you work on antenna unset it. | + | * **Conducted connection flag** - Should be set in case you use cable connection to the DUT. In case you work with an antenna, do not uncheck the corresponding box; | 
| - | * Opened flag - in case of successful USRP initialization. | + | * **Opened flag** - Displayed in case of successful USRP initialization; | 
| - | * GPS locked flag - in case of successful USRP GPSDO 3D-fix. Synchronous generation available only if this flag is setted. | + | * **GPS locked flag** - Displayed in case of successful USRP GPSDO 3D-fix. If the corresponding flag is set, only synchronous generation is available; | 
| - | * Cable Length, m - The total length of all applied cables. It is used for Total Path Gain calculation. | + | * **Cable Length, m** - The total length of all applied cables. Used for calculating the Total Path Gain; | 
| - | * USRP Cal Factor, dB - USRP calibration value. Calibration procedure described there - [[gp_simulator:USRP Calibration Procedure]] | + | * **USRP Cal Factor, dB** - USRP calibration value. The calibration procedure described in - [[gp_simulator:USRP Calibration Procedure]]; | 
| - | * Amplifier Gain, dB - set the gain of the external RF power amplifier in case radiated test. | + | * **Amplifier Gain, dB** - In the cases of radiated testing, set the gain of the external RF power amplifier; | 
| - | * Attenuator, dB - total path attenuation in cables and\or attenuators | + | * **Attenuator, dB** - The total path of attenuation in the cables and\or attenuators; | 
| - | * Antenna Gain, dB - set the antenna gain in case radiated test. | + | * **Antenna Gain, dB** - In the cases of radiated testing, set the corresponding antenna gain; | 
| - | * Sidelobe, dB - Sidelobe of the receiving antenna of the DUT, taking into account the angle of arrival of the signal. Used to calculate the signal power of the simulator in the phase center of the DUT antenna. | + | * **Sidelobe, dB** - Sidelobe of the DUT's receiving antenna that takes into account signal's angle of arrival. Used for calculating simulator's signal power in the phase center of the DUT antenna; | 
| - | * Max Generator EIRP, dBm - Maximum available Effective Isotropic Radiated Power of the generator with particular amplifier, antenna and cables. | + | * **Max Generator EIRP, dBm** - Maximum availability of the generator's Effective Isotropic Radiated Power with a particular amplifier, antenna, and cables; | 
| - | * Total Path Gain, dB - calculated taking into account the antenna gain, power amplifier, attenuation in cables and sidelobe of the receiver antenna | + | * **Total Path Gain, dB** - Calculated taking into account the antenna gain, power amplifier, as well as attenuation in cables and sidelobe of the receiver antenna; | 
| - | * Max distance to target - Maximum available distance to the DUT. | + | * **Max distance to target** - Maximum available distance to the DUT. | 
| - | ===DUT Folder=== | + | |
| - | Here you can set the distance and direction to the sample in case of field testing: | + | \\ | 
| + | |||
| + | ===DUT Tab=== | ||
| + | |||
| + | In the "DUT" tab, you can set the distance and direction to the sample when carrying out field testing: | ||
| + | \\ | ||
| {{:gp_simulator:gp-simulator_dut.png|}}\\ | {{:gp_simulator:gp-simulator_dut.png|}}\\ | ||
| - | The user can determine the distance to the sample using two methods: | + | |
| - | * The distance to the DUT on the ground and the height of the DUT | + | The user can determine the distance to the sample using the following two methods: | 
| - | * The distance to get on the ground and in line of sight. | + | * Calculating the distance to the DUT on the ground and the height of the DUT; | 
| - | ===Start Folder=== | + | * Calculating the distance required for getting on the ground and in the line of sight. | 
| - | In this tab, the user can start the generation and also distort the signal.\\ | + | |
| + | \\ | ||
| + | |||
| + | ===Start Tab=== | ||
| + | In the "Start" tab, you can start the generation and also distort the signal.\\ | ||
| {{:gp_simulator:gp-simulator_time_shift.png|}}\\ | {{:gp_simulator:gp-simulator_time_shift.png|}}\\ | ||
| - | ==Time shift== | + | |
| - | Here you can shift the 1PPS or timestamp of the DUT in different ways. | + | |
| \\ | \\ | ||
| - | {{:gp_simulator:gp-simulator_time_shift_controls.png|}}\\ | + | |
| - | * Current 1PPS offset, s - Adds an offset to the generated sequence in such a way as to shift the 1PPS signal of the DUT. | + | ==Time Shift Tab== | 
| - | * Current GPS Time of week offset, s - Dramatically changes the ToW in HOW in all subframes. The position of all satellites is recalculated based on the new time. Thus, the receiver is temporarily lost tracking the satellites. Make sure that the power level of the generated signal is sufficient to block the real signals. | + | In the "Time shift" tab, you can shift the 1PPS or timestamp of the DUT in different ways. | 
| - | * Sats clock corr offset, s - Sinhronius simulates clock drift on all satellites. Leads to a smooth drift of 1PPS impulse of the DUT | + | \\ | 
| - | ==DUT movement== | + | |
| + | {{:gp_simulator:gp-simulator_time_shift_controls.png|}} | ||
| + | \\ | ||
| + | |||
| + | * **Current 1PPS offset, s** - Adds an offset to the generated sequence in the way that it shifts the 1PPS signal of the DUT; | ||
| + | * **Current GPS Time of week offset, s** - Dramatically changes the ToW in HOW in all subframes. The position of all satellites is recalculated based on the new time. Thus, the receiver temporarily stops tracking the satellites. Make sure that the power level of the generated signal is sufficient enough to block the real signals; | ||
| + | * **Sats clock corr offset, s** - Synchronously simulates clock drift on all satellites. Leads to a smooth drift of the DUT 1PPS impulse. | ||
| + | \\ | ||
| + | |||
| + | ==DUT Movement Tab== | ||
| + | In the "DUT movement" tab, you can move the coordinates of the DUT for a certain number of meters for a certain time period. | ||
| + | \\ | ||
| {{:gp_simulator:gp-simulator_dut_movement_controls.png|}}\\ | {{:gp_simulator:gp-simulator_dut_movement_controls.png|}}\\ | ||
| - | Here you can move the coordinates of the DUT for a certain number of meters for a certain time | + | |
| - | ==DUT ECEF impairment== | + | \\ | 
| + | |||
| + | ==DUT ECEF Impairment Tab== | ||
| + | This tab is experimental. In the "DUT ECEF impairment" tab, can you add a fixed offset and noise to the coordinates of the DUT and noise to the Doppler offset. You can also set the "Mean" value and the standard deviation (STD) of the noise. | ||
| + | \\ | ||
| {{:gp_simulator:gp-simulator_dut_ecef_impairment_controls.png|}}\\ | {{:gp_simulator:gp-simulator_dut_ecef_impairment_controls.png|}}\\ | ||
| - | This is the experimental tab. Where can you add an fixed offset and noise to the coordinates of the DUT and the noise to Doppler offset. You can set the mean value and the standard deviation of the noise. | + | |
| - | ==Satellites  impairment== | + | \\ | 
| + | |||
| + | ==Satellites  Impairment Tab== | ||
| + | In the "Satellites  impairment" tab, you can set the relative power, pseudorange offset and Doppler offset for each satellite. | ||
| + | \\ | ||
| {{:gp_simulator:gp-simulator_satellites_impairment_controls.png|}}\\ | {{:gp_simulator:gp-simulator_satellites_impairment_controls.png|}}\\ | ||
| - | On this tab you can set the relative power, pseudorange offset and Doppler offset for each satellite. | + | |
| + | \\ | ||
| ====Conducted testing==== | ====Conducted testing==== | ||
| - | Below is a typical DUT testing diagram for valuentabilities to spoofing and jamming:\\ | + | Below is displayed the diagram of typical DUT testing for vulnerabilities to spoofing and jamming.\\ | 
| {{:gp_simulator:gp-simulator_conducted_testing.png?600}} | {{:gp_simulator:gp-simulator_conducted_testing.png?600}} | ||
| \\ | \\ | ||
| - | We recommend using a directional coupler to suspend the signal from the simulator to the real signal. Oscilloscope is used for measurement of 1PPS impulse offset.  | + | We recommend using a directional coupler for injecting the simulated signal into the real one. Oscilloscope is used for measuring 1PPS impulse offset.  | 
| - | ==Application settings== | + | \\ | 
| - | Wait for the UBLOX M8T status to become 3D Fix. Download almanac and ephemeris files. On USRP folder set: | + | |
| - | * 10 MHz Ref to GPSDO | + | ==Application Settings== | 
| - | * check Conducted Connection | + | First, wait for the "UBLOX M8T" status to display "3D Fix." Then, sownload almanac and ephemeris files.  | 
| - | * Set Attenuator value based on cables, attenuators and directional coupler. | + | \\ | 
| - | On Start folder setup | + | |
| - | * DUT input power. Usualy it is within -100 dBm | + | After that, set the following in the "USRP" tab: | 
| - | * Push Start button | + | * **10 MHz Ref** to **GPSDO**; | 
| - | ====Radiated testing==== | + | * Check the "Conducted Connection" box; | 
| + | * Set the "Attenuator" value based on cables, attenuators and the directional coupler. | ||
| + | |||
| + | In the "Start: folder setup | ||
| + | * DUT input power. Usually it is within the "-100 dBm" range; | ||
| + | * Click on the "Start" button. | ||
| + | \\ | ||
| + | |||
| + | ====Radiated Testing==== | ||
| <WRAP left round info 60%> | <WRAP left round info 60%> | ||
| - | Attention. | + | **NOTE**: The use of radiated radio signals may be illegal in your country. Please familiarize yourself with your local legal laws on the regulation of the radio spectrum before using this app. | 
| - | The use of radiated radio signals may be illegal in your country. Please familiarize yourself with your legislation on the regulation of the radio spectrum before using this app. | + | |
| We are not responsible for your actions. | We are not responsible for your actions. | ||
| - | </WRAP>\\ | + | </WRAP> | 
| - | \\ | + | |
| \\ | \\ | ||
| + | |||
| \\ | \\ | ||
| + | |||
| \\ | \\ | ||
| + | |||
| \\ | \\ | ||
| - | Below is a typical scheme of using our equipment for field testing of devices for exposure to GPS spoofing: | + | |
| + | Below is displayed the diagram of a typical use case of our equipment for field testing vulnerability of various devices to GPS spoofing exposure.\\ | ||
| + | {{:gp_simulator:gp-simulator_radiated_testing.png?1000|}}\\ | ||
| \\ | \\ | ||
| + | |||
| + | In the case of radiated testing, you cannot use internal USRP GPSDO as a "10 MHz" reference source, because it will be spoofed. Thus, you should use external high quality reference source. The frequency stability should be better than "**25 ppb**."\\ | ||
| + | |||
| + | ==Application Settings== | ||
| + | First, wait for the "UBLOX M8T" status to display "3D Fix." After that, download almanac and ephemeris files.  | ||
| \\ | \\ | ||
| - | In case of radiated testing you cann't use internal USRP GPSDO like 10 MHz reference source, because it will be spoofed. You have to use external high quality reference source. Frequency stability should be better than 25 ppb.\\ | + | |
| - | ==Application settings== | + | In the "USRP" tab, set the following: | 
| - | Wait for the UBLOX M8T status to become 3D Fix. Download almanac and ephemeris files. On USRP folder set: | + | * **10 MHz Ref** to **External**; | 
| - | * 10 MHz Ref to External | + | * Uncheck the "Conducted Connection" box; | 
| - | * uncheck Conducted Connection | + | * Set "Amplifier Gain," "Attenuator," and "Antenna Gain" according to your connected equipment. | 
| - | * Set Amplifier Gain, Attenuator, Anteanna Gain according to your connected equipment. | + | |
| - | On DUT folder setup: | + | In the "DUT" tab, set the following: | 
| - | * direction to the DUT | + | * **Direction** to **DUT**; | 
| - | * and known distances | + | * and known distances. | 
| - | On Start folder setup | + | |
| - | * DUT input power. Usualy it is within -100 dBm | + | In the "Start" tab, set up the following: | 
| - | * Push Start button | + | * DUT input power that is usually it is within the "-100 dBm" range; | 
| + | * Click on the "Start" button. | ||
| + | |||
| + | \\ | ||
| ====Synchronous and asynchronous mode==== | ====Synchronous and asynchronous mode==== | ||
| In the case of an asynchronous attack, a spoofer transmits false signals that are stronger than the original ones, causing the receiver to lose track of the satellites and lock on to the overpowering spoofing signal(s). On the other hand, synchronous attacks imply transmitting signals that are synchronized with the original ones and then gradually overpowering the latter.\\ | In the case of an asynchronous attack, a spoofer transmits false signals that are stronger than the original ones, causing the receiver to lose track of the satellites and lock on to the overpowering spoofing signal(s). On the other hand, synchronous attacks imply transmitting signals that are synchronized with the original ones and then gradually overpowering the latter.\\ | ||
| - | In more detail, the differences are synchronous and asynchronous attack you can read in our [[https://gpspatron.com/chapter-1-asynchronous-spoofing-attacks/|article]].\\ | + | You can learn more about the difference between synchronous and asynchronous attacks in our dedicated article on [[https://gpspatron.com/chapter-1-asynchronous-spoofing-attacks/|this page]]. | 
| - | In synchronous mode, our simulator generates a signal that is aligned with real up to 100 ns.\\ | + | \\ | 
| - | The selection of the spoofing mode can be made in the USRP tab:\\ | + | |
| + | In the "Synchronous" mode, our simulator generates a signal that is aligned with the real one up to "100 ns." To select a particular spoofing mode, go to the "USRP" tab. | ||
| + | \\ | ||
| {{:gp_simulator:gp-simulator_spoofing_mode_selection.png|}}\\ | {{:gp_simulator:gp-simulator_spoofing_mode_selection.png|}}\\ | ||
| \\ | \\ | ||
| - | If you selected the synchronous mode, then you can set an additional offset for the start of generation. This is convenient for examining the DUT correlation analysis window.\\ | + | |
| + | If you select the "Synchronous" mode, then you can set an additional offset for the start of the generation. This is convenient for examining the DUT correlation analysis window.\\ | ||
| + | \\ | ||
| + | |||
| + | |||
| + | To work in the "Synchronous" mode, you need to wait for the following flag: "GPS Locked": | ||
| \\ | \\ | ||
| - | To work in synchronous mode, you must wait for the flag: "GPS Locked":\\ | ||
| {{:gp_simulator:gp-simulator_gpsdo_locked_flag.png|}}\\ | {{:gp_simulator:gp-simulator_gpsdo_locked_flag.png|}}\\ | ||
| \\ | \\ | ||
| - | In synchronous mode, the generation does not start immediately, but only at a certain time:\\ | + | |
| + | In the "Synchronous" mode, the generation does not start immediately, but only at a particular time: | ||
| + | \\ | ||
| {{:gp_simulator:gp-simulator_start_time.png|}} | {{:gp_simulator:gp-simulator_start_time.png|}} | ||