GNSS Protection 9 Layer Model GNSS Vulnerabilities Mitigation

GNSS Protection 9 Layer Model GNSS Vulnerabilities Mitigation for Timing Applications Omer Sharar – Focus Telecom

GNSS Vulnerabilities - Jamming • Critical Infrastructures, both Commercial & Defense, are totally GPS dependent • A good, Rubidium based atomic clock (like the MAC) helps maintain good holdover which is a great short term solution for jamming • BUT even the greatest Rb based timing system will not comply with today’s stringent timing requirements for a long time without GPS Common GNSS jammers available online: DIY GPS jammer diagram:

GNSS Vulnerabilities- Spoofing A spoofing attack tricks the receiver with false position / time Could cause SEVERE damage for any network

1 en 2 3 4 5 6 7 : er b / ver OC Lay Th XO er : PT e N P w et ith wo AP rk TS La y /R e. P e H RT ol do C Th 8 Do e C ma lie in. T nt im Lay e I er I : Th er : ay t. L GP e F Sd ro om nt Th e f -En e An M ro d nt La te a -e ye nn sk nd r a E La pr : lev ye ot Th at r: ec i C o e tio Ex n M on n te Cu rn to as figu al ff k ra ble GP La S S ye wi r: Th tch Blu e F e. S ire ky wa GP ll S F La Th ire yer wa : M e. R ult ec ll ipl ei e c ve on r L ste ay lla er: Th tio G NS n Tim e M S e. P an ict ag ra em Th Introducing: The GNSS Protection 9 -Layer Model APTS PTP 9

Layer 1: The Front-end Layer – GPSdome • • Standalone, retrofit, dual antenna module Applies CRPA, null steering algorithm Rejects disruptions by nullifying their energy Compatible with any GPS system Introduces minimal latency to RF signal (50 ns) Deterministic fixed delay Qualified by INPL

Layer 2: The Mask Layer • A SW configurable option of Microsemi timing systems receivers • Allows for rejection of lower-elevation satellites • Allows for protection from multi-path • Allows for rejection of spoofing attempts

Layer 3: The Cutoff Layer – Focus Telecom’s GPS Switch • An external, standalone module which cuts off the GNSS feed to the receiver and the DC back to the antenna • Minimizes exposure to GNSS • With 2 modes of operation: – Remote controlled: remotely turned on or off from control center – Preprogrammed: Disconnected GPS for X hours/days, then connect for Y hours/days

Layer 4: The Firewall Layer – Microsemi’s Blue. Sky GPS Firewall • Microsemi’s Blue. Sky GPS FW assures correct GPS data and autonomous time scale • Analyzes GPS data and flags anomalies according to IS-GPS-200 H with user configurable abilities • When anomaly is flagged, GNSS is cut off and hardened GPS data is synthesized allowing the receiver to continue working uninterrupted • Optional external input from atomic standard enables extended holdover and enhanced detection capabilities “Hardened” GPS data Validated GNSS data

Layer 5: The Receiving Layer • A multiple-constellation GNSS receiver receives satellites from more than a single constellation • Allows for more satellites in view • Allows for sanity checks of constellation • Avoids dependency on US owned GPS system • More resistant to narrow-band jamming

Layer 6: The Management Layer – Microsemi’s Time. Pictra NMS • Monitor all sync elements in the network • Allows for comparison between multiple units geographically apart • Allows to track anomalies e. g. shifting position in stationary units • Allows for statistical data of satellite reception trends • Provides gauges on time quality the network provides (PTP)

Layer 7: The Holdover Layer – From OCXOs to e. PRTC • Optimal time HO is achieved Microsemi’s e. PRTC (ITU-T G. 8272. 1 and G. 811. 1) • Better than PRTC (100 ns) to UTC for over 2 weeks without GPS • Microsemi’s Rb technology (MAC and XPRO) provides for optimal local holdover (<1 u. S and <250 ns @ 24 hours) • Patented temperature-compensation technology allows for <25 u. S holdover with an OCXO

Layer 8: The Network Layer – PTP with APTS • Backup network edge timing from Core • IEEE 1588 PTP with APTS (Assisted Partial Timing Support) allows for accurate source of time • Implementation of Microsemi’s APTS at the network edge compensates for network asymmetry of 30 different paths from the Core • When GNSS is not available, a fallback on PTP will not compromise accuracy at the network edge

Layer 9: The Client Layer – Microsemi’s Domain. Time II • Time Management system (for IT NTP/PTP networks) • Monitors time all the way to the client • Implemented on the DC, DTII SW could receive time from multiple sources and compare them for inconsistencies • With auditing capabilities, the accuracy of each client could be measured, recorded analyzed