The project activities gave birth to a fully integrated and secure Multi-GNSS module, able to detect GNSS signal spoofing, jamming attempts and interference, protected against cyber-attack and delivering authenticated information to the application. When an inconsistency or anomaly is detected, the application is warned and the module enters into dead reckoning navigation providing an estimate of the true position. Besides, it provides ciphered or digitally signed information ensuring authenticity and integrity of the delivered information.
The module integrates in a single casing a multi-constellation GNSS chipset (TESEO III from STMicroelectronics), a secure MCU (ST33 from STMicroelectronics) and several motion sensors. It offers a set of interfaces such as CAN bus to take advantages of external information depending on the application context.
Module key features include:
- GNSS spoofing, jamming/interference detection,
- GNSS anti-replay protection,
- PVT Level of Confidence (LOC) indicator,
- Estimate of true position under attack (dead reckoning support),
- Firmware and hardware integrity control,
- Secure memory for sensitive data,
- Secure firmware upgrade and module configuration,
- Secure NMEA stream data (digitally signed),
- Fully compliant with Smart DT ISO7816-4 protocol.
The development started with the specification, design and development of a breadboard, representative of the final module but freed from the hardware integration constraints. The breadboard was used to test concurrent technologies, validate the module design and easily test and debug the hardware on a large size board. It was also used to early start the firmware development. 8 breadboards were manufactured in 3 batches, each implementing corrections and/or evolutions according to technology and architectures trade-offs and selection.
Based on the return on experience achieved with the breadboard, the module was specified, designed and developped. 25 module samples were manufactured in 2 generations.
In parallel, a dedicated standalone evaluation board (EVB) was developped. It offers several serial communication interfaces and is designed to ease vehicle field tests. 7 EVBs were manufactured in 2 generations supporting respectivelly the module first and second generation.
The specification, design and development of the firmware (FW) and software (SW) progressed in parallel to the hardware. The module FW includes the GNSS part and the Secure part. The GNSS part manages the detection of attack attempts and characterization, the computation of PVT Level of Confidence (LOC) and the provision of an estimate of true position under attack. The Secure part manages in particular boot sequence, FW integrity protection, crypto operation and the interface with application. In addition, several test tools SW were developped to test the module performances such as jamming and spoofing generation, record and replay of GNSS and CAN data, display of specific module information.
The final development step consisted in merging the validated SW and FW on the module hardware and in performing validation and qualication activities. In addition to laboratory tests, a car was equipped with a module and several thousands km of road field tests were performed in France and Italy. The tests results were used to validate, calibrate and tune the FW algorithms. The module was also tested in collaboration with the EC JRC EMSL in Ispra in February 2017. All attacks launched on the module were detected, even high grade attacks. Besides, Navcert successfully performed Radio Equipment Directive and UNECE Advanced Emergency Call System Regulation type-approval pre-testing activities.
Last but not least, the module was integrated into a geo-location on-board unit (OBU) adapted to Novacom’s business solutions in order to be tested in the field for:
- tranport of critical dangerous goods, increasingly worried about potential threats (terrorism, theft) in which GNSS deception techniques (jamming, spoofing) can be used (French transporter),
- humanitarian missions, often impacted by GNSS jamming events in conflit zones (World Food Programme in Afghanistan).
The pilots preparation included user needs and requirements analysis, new system and service specification, solution design, development, test and validation. 4 units were sent for installation in trucks operating in France and Afghanistan. The 4 months pilot operation provided high quality results and confirmed that the tracking service leveraging on the FOSTER module is a robust solution. GNSS attacks detection and alerting worked well and positioining was stable even under attack.
The module commercial exploitation was carefully prepared with its market potential analysis consolidation, a thorough industry and competitive analysis, the product range and value proposition in the target markets definition. Finally, the business and exploitation plan was matured and strategic partnerships carefully defined.
Various activities were carried to promote the project progress and key results, including the development of a project website, 2 scientific papers for the ITS WC 2005 and ION GNSS 2017congresses, a flyer and a leaflet, at least 4 videos and the module promotion at the most relevant GNSS, ITS and Electronic component trade fairs. Last but not least, a module showcase event was organised during the ITS World Congress 2018 in Copenhagen.
In conclusion, the FOSTER-ITS project gave birth to the first Secure GNSS prototype module, resilient to GNSS jamming and spoofing threats and responds to the increased demand for security in the ITS market and beyond. FOSTER module samples and evaluation kit are available for testing. The module commercialisation is expected from 2019.
