POSTER: Testing network-based RTK for GNSS receiver security
Marco Spanghero, Panos Papadimitratos
TL;DR
The paper investigates the security of network-based RTK GNSS corrections by focusing on reference-station attacks such as spoofing and jamming. It builds an RTK test bed with real hardware and attack tools to assess impact on rover PNT under synchronous spoofing, asynchronous spoofing, and jamming. A key finding is that synchronous multi-constellation spoofing can cause severe degradation of the rover’s RTK solution and that standard receivers may converge on corrupted corrections rather than rejecting them. The work highlights the need for validation mechanisms and hardening strategies for RTK infrastructure to preserve centimeter-level positioning in adversarial environments.
Abstract
Global Navigation Satellite Systems (GNSS) provide precise location, while Real Time Kinematics (RTK) allow mobile receivers (termed rovers), leveraging fixed stations, to correct errors in their Position Navigation and Timing (PNT) solution. This allows compensating for multi-path effects, ionospheric errors, and observation biases, enabling consumer receivers to achieve centimeter-level accuracy. While network distribution of correction streams can be protected with common secure networking practices, the reference stations can still be attacked by GNSS spoofing or jamming. This work investigates (i) the effect RTK reference station spoofing has on the rover's PNT solution quality and (ii) the potential countermeasures towards hardening the RTK infrastructure.