Prepare for tomorrow. Find Vulnerabilities today.
Old jamming testing method without BroadSim
Users required to attach a separate signal generator for each interference waveform to be generated
The number of interference sources is limited to the number of signal generators available
Signal generators would need to be integrated into software or be operated real-time by an engineer
Jamming power levels were determined based on what signal level was to be received at the receiver front end independent of the location of the simulated jammer or transmit power
New jamming testing method with BroadSim
Unlimited number of interference signals can be generated with 1 RF output
Each interference signal within 1 RF output can have different power levels, modulations, and locations
Jamming can be turned on and off through the SDX GUI and API
Users can specify the location and power of jamming transmitters and BroadSim will calculate the received power at the receiver based on the location to the transmitted and user-selected loss model
Enables users to create real-world threat laydowns to better support the warfighter.
For the Joint Navigation Conference (JNC) our engineers created and designed a plugin for the computer game Kerbal Space Program (KSP) which allowed for the demonstration of BroadSim’s hardware in the loop (HILT) capability as well as the new advanced jamming feature.
The aircraft seen in the video is being controlled by user input through a joystick. The path of the actual flight is shown by the red trail. As the user is controlling the airplane in KSP, the computer is sending the location of that plane in real-time to BroadSim which is generating and transmitting the corresponding RF signals to a uBlox GNSS receiver and a spectrum analyzer. The receiver and spectrum analyzer data are simultaneously being collected by the computer and plotted on the same screen. The reported location of the receiver is shown by the green trace and the spectrum from the spectrum analyzer is shown in the lower right-hand corner (center at GPS L1).
Within the flight space of the program were 6 red spheres as seen in the video. Each red sphere represents a different jammer. Each jammer has a different frequency, power level, and modulation. The jammer (red sphere) shown in the video is a group of CW tones offset by 1MHz with different power levels.
Notice how the receiver responds when the user approaches and flies directly through the jammer. The receiver is jammed to the point in which it cannot track the GNSS signals and begins to drift in a straight line away from the jamming source.
By leveraging the Skydel 1000Hz navigation engine and USRP radios, simultaneous simulation of GNSS signals across multiple constellations can be achieved, including advanced jamming and spoofing:
GPS Open: L1-C/A, L1C, L1-P, L2-P, L2C, L5 GPS Encrypted: L1-Y, L2-Y, L1-M-AES, L2-M-AES, L1-MNSA, L2-MNSA
GLONASS: G1, G2 BeiDou: B1, B2 Galileo: E1, E5a, E5b QZSS: L1-C/A SBAS: WAAS, EGNOS, MSAS