CN114428261A - Detection method and detection device for satellite time synchronization device cheating attack - Google Patents
Detection method and detection device for satellite time synchronization device cheating attack Download PDFInfo
- Publication number
- CN114428261A CN114428261A CN202210096583.7A CN202210096583A CN114428261A CN 114428261 A CN114428261 A CN 114428261A CN 202210096583 A CN202210096583 A CN 202210096583A CN 114428261 A CN114428261 A CN 114428261A
- Authority
- CN
- China
- Prior art keywords
- time
- satellite
- satellite time
- condition
- synchronization device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 21
- 238000000034 method Methods 0.000 claims abstract description 36
- 238000004590 computer program Methods 0.000 claims abstract description 23
- 238000012545 processing Methods 0.000 claims abstract description 10
- 238000003860 storage Methods 0.000 claims abstract description 8
- 230000008569 process Effects 0.000 claims description 5
- 238000004891 communication Methods 0.000 description 4
- 238000009826 distribution Methods 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000005259 measurement Methods 0.000 description 3
- 238000009795 derivation Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 101100021559 Bacillus subtilis (strain 168) lon2 gene Proteins 0.000 description 1
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 206010033799 Paralysis Diseases 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- DDVBPZROPPMBLW-IZGXTMSKSA-N latrunculin A Chemical compound C([C@H]1[C@@]2(O)C[C@H]3C[C@H](O2)CC[C@@H](\C=C/C=C/CC\C(C)=C/C(=O)O3)C)SC(=O)N1 DDVBPZROPPMBLW-IZGXTMSKSA-N 0.000 description 1
- NSHPHXHGRHSMIK-IWQSFCKSSA-N latrunculin B Natural products C[C@H]1CC[C@@H]2C[C@@H](C[C@@](O)(O2)[C@@H]3CSC(=O)N3)OC(=O)C=C(C)/CCC=C/1 NSHPHXHGRHSMIK-IWQSFCKSSA-N 0.000 description 1
- DDVBPZROPPMBLW-UHFFFAOYSA-N latrunculin-A Natural products O1C(=O)C=C(C)CCC=CC=CC(C)CCC(O2)CC1CC2(O)C1CSC(=O)N1 DDVBPZROPPMBLW-UHFFFAOYSA-N 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001902 propagating effect Effects 0.000 description 1
- 230000005855 radiation Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01S—RADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
- G01S19/00—Satellite radio beacon positioning systems; Determining position, velocity or attitude using signals transmitted by such systems
- G01S19/38—Determining a navigation solution using signals transmitted by a satellite radio beacon positioning system
- G01S19/39—Determining a navigation solution using signals transmitted by a satellite radio beacon positioning system the satellite radio beacon positioning system transmitting time-stamped messages, e.g. GPS [Global Positioning System], GLONASS [Global Orbiting Navigation Satellite System] or GALILEO
- G01S19/42—Determining position
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01S—RADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
- G01S19/00—Satellite radio beacon positioning systems; Determining position, velocity or attitude using signals transmitted by such systems
- G01S19/01—Satellite radio beacon positioning systems transmitting time-stamped messages, e.g. GPS [Global Positioning System], GLONASS [Global Orbiting Navigation Satellite System] or GALILEO
- G01S19/13—Receivers
- G01S19/21—Interference related issues ; Issues related to cross-correlation, spoofing or other methods of denial of service
- G01S19/215—Interference related issues ; Issues related to cross-correlation, spoofing or other methods of denial of service issues related to spoofing
-
- G—PHYSICS
- G01—MEASURING; TESTING
- G01S—RADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
- G01S19/00—Satellite radio beacon positioning systems; Determining position, velocity or attitude using signals transmitted by such systems
- G01S19/01—Satellite radio beacon positioning systems transmitting time-stamped messages, e.g. GPS [Global Positioning System], GLONASS [Global Orbiting Navigation Satellite System] or GALILEO
- G01S19/13—Receivers
- G01S19/24—Acquisition or tracking or demodulation of signals transmitted by the system
- G01S19/25—Acquisition or tracking or demodulation of signals transmitted by the system involving aiding data received from a cooperating element, e.g. assisted GPS
- G01S19/256—Acquisition or tracking or demodulation of signals transmitted by the system involving aiding data received from a cooperating element, e.g. assisted GPS relating to timing, e.g. time of week, code phase, timing offset
Landscapes
- Engineering & Computer Science (AREA)
- Radar, Positioning & Navigation (AREA)
- Remote Sensing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Position Fixing By Use Of Radio Waves (AREA)
Abstract
The present application relates to a method of detecting spoofed attacks on a satellite time synchronizer, a detection apparatus, a computer device, a storage medium and a computer program product. The method comprises the following steps: acquiring physical parameter data of the satellite time synchronization device; the physical parameter data comprises position information, received power field intensity and satellite time; respectively processing the position information, the received power field intensity and the satellite time to determine that a timekeeping instruction is output under the condition that the current condition of deception attack is met; the time keeping instruction is used for indicating the satellite time synchronization device to enter a time keeping holding state and outputting time keeping time. By adopting the method, the cheating attack can be effectively defended, and the output of wrong time signals is avoided.
Description
Technical Field
The present invention relates to the field of time synchronization system technologies, and in particular, to a detection method and a detection device for spoofing attack on a satellite time synchronization device.
Background
The Global Satellite timing System comprises a Global Positioning System (GPS) Global Satellite NAvigation positioning System in the united states, a Global NAvigation Satellite System (GLONASS) GLONASS Satellite NAvigation positioning System in russia, a galileo Satellite NAvigation positioning System in the european union and a beidou Satellite NAvigation positioning System in china, wherein the Satellite timing systems widely used in China are the GPS System and the beidou Satellite NAvigation positioning System.
At present, in systems such as electric power, traffic, finance, communication, logistics and medical treatment, a satellite time synchronization device is generally used as a reference source of system time, and the satellite time synchronization device can receive an interference signal and a deception attack signal while receiving a satellite signal, so that the satellite time synchronization device outputs wrong positioning and time service information, thereby bringing huge potential safety hazards to the fields such as power grid time reference, traffic transportation and financial transaction, and therefore, the problem that the satellite time synchronization device is interfered or deception attacked needs to be solved.
Disclosure of Invention
In view of the above, it is necessary to provide a method for detecting spoofed attack on a satellite time synchronization apparatus, a detection apparatus, a computer device, a computer readable storage medium, and a computer program product.
In a first aspect, the application provides a method for detecting spoofing attack on a satellite time synchronization device. The method comprises the following steps:
acquiring physical parameter data of the satellite time synchronization device; the physical parameter data comprises position information, received power field intensity and satellite time;
processing the position information, the received power field intensity and the satellite time respectively to determine that a time keeping instruction is output under the condition that the current deception attack condition is met; the time keeping instruction is used for indicating the satellite time synchronization device to enter a time keeping holding state and outputting time keeping time.
In one embodiment, the spoofed attack condition includes any one or any combination of the following conditions: a first, second, and third spoofing attack condition;
the position information, the received power field intensity and the satellite time are respectively processed to determine that a time keeping instruction is output under the condition that the current deception attack condition is met; the time keeping instruction is used for indicating the satellite time synchronization device to enter a time keeping holding state and outputting the time keeping time:
determining whether the first spoofing attack condition is currently satisfied based on the location information;
determining whether the second deception attack condition is met currently or not according to the received power field intensity;
determining whether the third spoof attack condition is currently satisfied based on the satellite time.
In one embodiment, the step of determining whether the first spoof attack condition is currently satisfied based on the location information includes:
acquiring fixed position information of the satellite time synchronization device;
obtaining distance data based on the position information and the fixed position information;
and if the distance data is larger than a distance threshold value, determining that the first cheating attack condition is met currently.
In one embodiment, the step of determining whether the first spoof attack condition is currently satisfied based on the location information includes:
acquiring fixed position information of the satellite time synchronization device;
based on a distance threshold value, obtaining an allowable position range according to the fixed position information;
and if the position information does not fall into the allowable position range, determining that the first cheating attack condition is met currently.
In one embodiment, the step of determining whether the second spoofing attack condition is currently satisfied according to the received power field strength includes:
acquiring the reference receiving power field intensity of the satellite time synchronization device;
and determining whether the second spoofing attack condition is met currently according to the comparison result of the received power field intensity and the reference received power field intensity.
In one embodiment, the step of determining whether the third spoofed attack condition is currently satisfied based on the satellite time includes:
acquiring internal timekeeping time of the satellite time synchronization device, and acquiring a time difference between the satellite time and the internal timekeeping time;
and if the time difference is greater than the allowable time difference value, determining that the third cheating attack condition is currently met.
In a second aspect, the application further provides a device for detecting spoofing attack on a satellite time synchronization device.
The device comprises:
the data acquisition module is used for acquiring physical parameter data of the satellite time synchronization device; the physical parameter data comprises position information, received power field intensity and satellite time;
a spoofed attack detection module, configured to process the location information, the received power field strength, and the satellite time, respectively, to determine that a timekeeping instruction is output when a spoofed attack condition is currently satisfied; the time keeping instruction is used for indicating the satellite time synchronization device to enter a time keeping holding state and outputting time keeping time.
In a third aspect, the application also provides a computer device. The computer device comprises a memory storing a computer program and a processor implementing the following steps when executing the computer program:
acquiring physical parameter data of the satellite time synchronization device; the physical parameter data comprises position information, received power field intensity and satellite time;
respectively processing the position information, the received power field intensity and the satellite time to determine that a timekeeping instruction is output under the condition that the current condition of deception attack is met; the time keeping instruction is used for indicating the satellite time synchronization device to enter a time keeping holding state and outputting time keeping time.
In a fourth aspect, the present application further provides a computer-readable storage medium. The computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of:
acquiring physical parameter data of the satellite time synchronization device; the physical parameter data comprises position information, received power field intensity and satellite time;
respectively processing the position information, the received power field intensity and the satellite time to determine that a timekeeping instruction is output under the condition that the current condition of deception attack is met; the time keeping instruction is used for indicating the satellite time synchronization device to enter a time keeping holding state and outputting time keeping time.
In a fifth aspect, the present application further provides a computer program product. The computer program product comprising a computer program which when executed by a processor performs the steps of:
acquiring physical parameter data of the satellite time synchronization device; the physical parameter data comprises position information, received power field intensity and satellite time;
respectively processing the position information, the received power field intensity and the satellite time to determine that a timekeeping instruction is output under the condition that the current condition of deception attack is met; the time keeping instruction is used for indicating the satellite time synchronization device to enter a time keeping state and outputting time keeping time.
According to the detection method, the detection device, the computer equipment, the storage medium and the computer program product for detecting the deception attack of the satellite time synchronization device, the acquired position information, the received power field intensity and the satellite time are processed, and then a timekeeping instruction is output under the condition that the current deception attack condition is met; the method and the device can judge whether the satellite time synchronization device is interfered or deceived and trigger the satellite time synchronization device to adopt a time keeping mode under the condition that the satellite time synchronization device is determined to be interfered or deceived, so that the satellite time synchronization device is prevented from outputting wrong time signals.
Drawings
FIG. 1 is a schematic flow chart illustrating a method for detecting spoofing attacks on a satellite time synchronization apparatus according to an embodiment;
FIG. 2 is a flowchart illustrating steps for determining whether a first spoof attack condition is currently satisfied based on location information in one embodiment;
FIG. 3 is a flowchart illustrating steps for determining whether a first spoof attack condition is currently satisfied based on location information in another embodiment;
FIG. 4 is a flowchart illustrating the steps of determining whether a second spoofing attack condition is currently satisfied based on the received power field strength in one embodiment;
FIG. 5 is a flowchart illustrating the steps of determining whether a third spoofed attack condition is currently satisfied based on satellite time in one embodiment;
fig. 6 is a schematic structural diagram of a spoofing attack detection device for a satellite time synchronization device in one embodiment.
Detailed Description
To facilitate an understanding of the present application, the present application will now be described more fully with reference to the accompanying drawings. Embodiments of the present application are set forth in the accompanying drawings. This application may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein in the description of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application.
GNSS (Global Navigation Satellite System, referred to as GNSS for short) is an important means for time service at present, and has become a main time service mode for major infrastructures such as substations, communication base stations, and financial exchanges due to its advantages of high precision, weather, wide coverage, etc. However, GNSS time service products face various interference threats in the electromagnetic environment which is becoming more complex, and deceptive interference is more covert and destructive.
The satellite time synchronizer in China simultaneously adopts time mark signals of a GPS and a Beidou satellite navigation positioning system as external time reference signals, and because the satellite time synchronizer and the GPS/Beidou satellite adopt civil codes which lack an encryption authentication mechanism for communication, interference signals and deception attack signals can be received while satellite signals are received, so that wrong positioning and time service information can be output. According to the generation mode of the deception signal, the deception jamming comprises generative deception jamming and forwarding deception jamming; the generated deception jamming is that firstly a real navigation satellite signal is received, then a deception signal synchronous with the real signal is generated according to prior information in the received signal, and the deception signal is a deception signal generated by a deception source through simulating information such as a pseudo code, a navigation message and the like of the satellite navigation signal; the forwarding type deception jamming is characterized in that a forwarding deception simulation source directly receives a real satellite signal, the power of the signal is properly amplified after a certain time delay, and finally the signal is forwarded out through a transmitting antenna to induce a target receiver to receive deception signals with higher power, so that an error positioning result is generated. With the continuous development of the deception jamming mode, means for preventing deception jamming are also diversified, if more modes are adopted for preventing deception jamming, the complexity of a program is increased, the requirements on hardware are synchronously improved, the corresponding equipment cost and the requirements on a use environment are synchronously improved, and therefore the reliability of equipment is reduced.
The satellite time synchronization device includes a receiving unit, a clock unit, an output unit, and a monitoring unit, and generally includes: when the receiving unit loses an external time reference signal, the clock unit enters a function of keeping a state at watch, and the function is started when the receiving unit cannot receive a signal transmitted by a satellite; when the satellite information deception attack is met, the output unit can immediately output the time for setting up deception information, so that phenomena such as communication interruption, financial transaction confusion, electric power system paralysis and the like occur, and unpredictable damage is brought.
The method for detecting the deception attack on the satellite time synchronization device can improve the safety and reliability of GNSS time service products, trigger equipment to enter a function of keeping a state of keeping time under the conditions of interference and deception attack, achieve the purpose of preventing attack, and output accurate time signals.
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
In one embodiment, as shown in fig. 1, a method for detecting spoofing attacks on a satellite time synchronization device is provided, which may include the following steps:
step S110, acquiring physical parameter data of the satellite time synchronization device; the physical parameter data comprises position information, received power field intensity and satellite time;
specifically, the satellite time synchronization device is generally installed indoors, the satellite antenna is placed at an upward space open place such as a roof, a roof and the like, and after the satellite time synchronization device locks a signal, physical parameter data of the satellite time synchronization device can be obtained, and further, physical parameter data such as real-time position information, received power field intensity, satellite time and the like of the satellite time synchronization device can be obtained; wherein the position information is actually spatial position information of a satellite antenna placed at a high position; the received power field strength is the signal power of the satellite signal to the ground receiver.
Step S120, the position information, the received power field intensity and the satellite time are processed respectively to determine that a timekeeping instruction is output under the condition that the current condition of deception attack is met; the time keeping instruction is used for indicating the satellite time synchronization device to enter a time keeping holding state and outputting the time keeping time.
Specifically, the acquired position information, the received power field strength and the satellite time of the satellite time synchronization device are analyzed and processed to judge whether the current condition of being attacked by deception is met, and a timekeeping instruction is output under the condition that the current condition of being attacked by deception is determined to be met; further, the timekeeping instruction may instruct the satellite time synchronization apparatus to enter an active defense state, i.e., a timekeeping hold state, in which the satellite time synchronization apparatus will not accept the satellite time information, but output the timekeeping time until the condition of being attacked by spoofing completely disappears.
In some examples, in the event that it is determined that a spoofed attack condition is currently satisfied, and if there is another time reference signal present at the satellite time synchronization device, a switch instruction and alarm information are output, the switch instruction further instructing the satellite time synchronization device to switch the internal time signal to the other network time reference signal.
According to the detection method for the satellite time synchronization device subjected to the spoofing attack, whether the satellite time synchronization device is currently subjected to the interference or the spoofing attack can be judged through analyzing and processing the position information, the received power field intensity and the satellite time which are obtained in real time, so that the satellite time synchronization device is triggered to adopt a time-keeping mode and output a correct time signal under the condition that the satellite time synchronization device is determined to be subjected to the interference or the spoofing attack, and the spoofing interference is effectively resisted.
In one embodiment, the spoofed attack condition includes any one or any combination of the following conditions: a first, second, and third spoofing attack condition;
respectively processing the position information, the received power field intensity and the satellite time to determine that a timekeeping instruction is output under the condition that the current condition of being attacked by deception is met; the time keeping instruction is used for indicating the satellite time synchronization device to enter a time keeping holding state and outputting the time keeping time:
determining whether a first spoofing attack condition is currently satisfied based on the location information;
determining whether a second deception attack condition is met currently or not according to the received power field intensity;
based on the satellite time, it is determined whether a third spoofing attack condition is currently satisfied.
Specifically, based on the acquired location information, it may be determined whether a first spoofing attack condition is currently satisfied; whether a second spoofing attack condition is currently met or not can be determined based on the acquired received power field intensity; based on the acquired satellite time, it may be determined whether a third spoofing attack condition is currently satisfied; in some examples, the foregoing methods of determining whether the first spoof attack condition is satisfied, determining whether the second spoof attack condition is satisfied, and determining whether the third attack condition is satisfied may be implemented using software code.
In one embodiment, as shown in fig. 2, the step of determining whether the first spoofing attack condition is currently satisfied based on the location information includes:
step S210, acquiring fixed position information of the satellite time synchronization device;
step S220, obtaining distance data based on the position information and the fixed position information;
in step S230, if the distance data is greater than the distance threshold, it is determined that the first spoofing attack condition is currently satisfied.
Specifically, when the satellite antenna is fixed at an upward space open place such as a roof, a roof and the like, and the satellite time synchronization device is installed and fixed on site, fixed position information after a signal is locked by the satellite time synchronization device is obtained, the fixed position information is actually position information of a high end point of the satellite antenna, the position information is kept and locked as reference data, and distance data can be obtained based on the fixed position information and the obtained real-time position information;
in some examples, the obtained fixed location information as well as the real-time location information may be expressed in terms of latitude and longitude; assuming that the obtained fixed position is a point A, the longitude and latitude are (lonA, LatA), the obtained real-time position is a point B, the longitude and latitude are (lonB, LatB), and a three-dimensional sphere space can be formed by taking the point A at the fixed position as the center of a circle and the distance from the point A to the point B as a radius R; according to the standard of 0 degree warp, the east warp takes a positive value (Longitude), the west warp takes a negative value (-Longitude), the north weft takes a 90-Latitude value (90-Latitude), the south weft takes a 90+ Latitude value (90+ Latitude), then the processed A point Longitude and Latitude are (MlonA, MLatA), the B point Longitude and Latitude are (MlonB, MLatB), and further, according to triangle derivation, a triangle derivation value C based on a fixed position A point and a real-time position B point can be obtained through the following formula:
C=sin(MLatA)*sin(MLatB)*cos(MlonA-MlonB)+cos(MLatA)*cos(MLatB)
further, according to the above-mentioned triangle derived value C, the distance data R between the two points a and B can be calculated by the following formula:
R=(R1*cos-1(C)*pi)/180
wherein R1 represents the average radius of the earth, and has a specific value of 6371.004 kilometers, the unit of R is the same as that of R1, the unit of R is kilometer, and pi is the circumferential rate pi;
in some examples, the distance data R between the two points a and B may also be implemented by the following software code:
further, a distance threshold value R0 is set, and if the distance data is greater than the distance threshold value, namely R > R0, it is determined that the first spoofing attack condition is currently met; in one particular example, the distance threshold R0 may be set to 10 meters, and if the distance data is detected to exceed 10 meters, it is determined that the first spoof attack condition is currently satisfied.
In another embodiment, as shown in fig. 3, the step of determining whether the first spoofing attack condition is currently satisfied based on the location information includes:
step S310, acquiring fixed position information of the satellite time synchronizer;
step S320, obtaining an allowable position range according to the fixed position information based on the distance threshold;
in step S330, if the location information does not fall within the allowable location range, it is determined that the first spoofing attack condition is currently satisfied.
Specifically, determining whether the first spoofing attack condition is currently met based on the position information may also be implemented by obtaining fixed position information in the same manner, and obtaining an allowable position range based on a distance threshold, and if the position information exceeds the allowable position range, that is, if the position information does not fall within the allowable position range, determining that the first spoofing attack condition is currently met;
in some examples, the center of a circle is determined according to fixed position information, that is, the position of a high end point of a satellite antenna is used as the center of the circle, further, a distance threshold is used as a radius to determine a three-dimensional sphere space, each point on the surface of the sphere has corresponding longitude and latitude position information, and all corresponding longitudes necessarily have a maximum value and a minimum value, and a latitude also has a maximum value and a minimum value, then an allowable position range of longitude may be determined to be longitude minimum value to longitude maximum value, and an allowable position range of latitude may be latitude minimum value to latitude maximum value, further, if the longitude of the obtained real-time position information does not fall into the allowable position range of longitude, and/or the latitude of the real-time position information does not fall into the allowable position range of latitude, it is determined that the first spoofing attack condition is currently satisfied.
In one embodiment, as shown in fig. 4, the step of determining whether the second spoofing attack condition is currently satisfied according to the received power field strength includes:
step S410, acquiring the reference receiving power field intensity of the satellite time synchronization device;
step S420, determining whether the second spoofing attack condition is currently satisfied according to the comparison result between the received power field strength and the reference received power field strength.
Specifically, the satellite signals are easy to be interfered by various complex electromagnetic environments when propagating in the space, and belong to weak signals, the signal power reaching a ground receiver is low, for example, the minimum level of a Beidou satellite signal reaching the ground receiver is only-160 dBm, the maximum receiving power of the GPS signal does not exceed-150 dBW, wherein the receiving power of frequency points L1, L2 and L5 is generally between-150 dBW and-162 dBW, and is easily influenced by suppressive interference, the experimental result shows that the target (satellite receiver) at 25km can be interfered when the effective radiation power of an interference machine is 1W (30dBm), because the satellite receiver is required to capture and track the signals by cheating attack in an error manner, the power of the cheating signals is larger than the real signal power, and therefore a reasonable upper power limit, namely, the reference deception receiving power field intensity is set, then, detecting and identifying deception signals by limiting signal power according to the comparison result of the received power field intensity and the reference received power field intensity, and determining whether a second deception attack condition is met currently;
in some examples, assuming that the received power field strength obtained in real time is P, the reference received power field strength P0 of the satellite time synchronizer is obtained, considering that the satellite signal is transmitted to the ground, the received power field strength P is a variable quantity, and many factors such as electromagnetic environment, altitude, weather conditions and the like are affected, so that the engineering coefficient is set to N, and the specific value of the engineering coefficient needs to be adjusted and set by an engineer according to the actual situation after the satellite time synchronizer is installed on site;
further, if at a certain time, the received power field strength is greater than the reference received power field strength of N times, i.e., P > NP0, it is determined that the second spoofing attack condition is currently satisfied.
In some examples, the step of determining whether the second spoofing attack condition is currently satisfied according to the received power field strength may be implemented by the following software code:
in one embodiment, as shown in fig. 5, the step of determining whether the third spoof attack condition is currently satisfied based on the satellite time includes:
step S510, obtaining internal timekeeping time of the satellite time synchronization device, and obtaining time difference between the satellite time and the internal timekeeping time;
and step S520, if the time difference is greater than the allowable time difference value, determining that a third cheating attack condition is currently met.
Specifically, the satellite time and the internal timekeeping time in the satellite time synchronization device are differenced to obtain the time difference between the satellite time and the internal timekeeping time, wherein the internal timekeeping time and the timekeeping time output by the satellite time synchronization device are the same time; if the time difference is greater than the set allowable time difference value, it is determined that the third spoofing attack condition is currently satisfied, in a specific example, the allowable time difference value may be 3 seconds, that is, if the time difference is greater than 3 seconds, it is determined that the third spoofing attack condition is currently satisfied;
in some examples, the step of determining whether the third spoofed attack condition is currently satisfied based on the satellite time may be implemented by software code as follows:
in some examples, the method for detecting spoofed attack on the satellite time synchronizer may also be applied to other time service receivers, such as a Phasor Measurement Unit PMU (Phasor Unit), a line traveling wave fault location device, a lightning positioning system, a fault recorder event sequence recording device, an electrical Measurement and control Unit, a remote terminal, a protection and Measurement and control integrated device, a microcomputer protection device, a safety automatic device, a distribution network terminal device, a distribution network automation system electric energy acquisition device, a load/power utilization monitoring terminal device, an electrical equipment on-line state detection terminal device or an automatic recorder and a control center scheduling mechanism digital display clock, and a system for charging, protection information management, power market technical support and the like of a thermal power plant, a hydraulic power plant, a substation computer monitoring system master station, a load monitoring, a power utilization management system master station, a power distribution network management system and the like, A distribution network automation/management system master station, a scheduling production and enterprise management system, an electronic wall clock and the like.
The method for detecting the deception attack on the satellite time synchronization device can achieve the purpose of defending the deception attack by upgrading software of the satellite time synchronization device (satellite synchronization clock equipment) on the basis of not changing the hardware structure of most satellite time synchronization devices in the market, has higher feasibility for millions of stock markets at present in China, and has great economic significance.
It should be understood that, although the steps in the flowcharts related to the embodiments as described above are sequentially displayed as indicated by arrows, the steps are not necessarily performed sequentially as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a part of the steps in the flowcharts related to the embodiments described above may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the execution order of the steps or stages is not necessarily sequential, but may be rotated or alternated with other steps or at least a part of the steps or stages in other steps.
Based on the same inventive concept, the embodiment of the application also provides a deception attack detection device of the satellite time synchronization device, which is used for realizing the deception attack detection method of the satellite time synchronization device. The implementation scheme for solving the problem provided by the device is similar to the implementation scheme recorded in the method, so that specific limitations in the embodiment of the device for detecting spoofed attack on the satellite time synchronization device provided below can be referred to the limitations on the method for detecting spoofed attack on the satellite time synchronization device, and are not described herein again.
In one embodiment, as shown in fig. 6, there is provided a satellite time synchronization apparatus spoofed attack detection apparatus, including: a data acquisition module 610 and a spoofed attack detection module 620, wherein:
a data acquisition module 610, configured to acquire physical parameter data of a satellite time synchronization apparatus; the physical parameter data comprises position information, received power field intensity and satellite time;
a spoofed attack detection module 620, configured to process the position information, the received power field strength, and the satellite time, respectively, to determine that a timekeeping instruction is output when a spoofed attack condition is currently satisfied; the time keeping instruction is used for indicating the satellite time synchronizer to enter a time keeping state and outputting the time keeping.
The modules in the device for detecting spoofed attack of the satellite time synchronization device can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the above-described method embodiments when executing the computer program.
In particular, in some examples, the product form of the computer device may be a chip, on which a memory and a processor are integrated, the memory storing a computer program, and the processor implementing the steps in the above method embodiments when executing the computer program.
In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
In an embodiment, a computer program product is provided, comprising a computer program which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high-density embedded nonvolatile Memory, resistive Random Access Memory (ReRAM), Magnetic Random Access Memory (MRAM), Ferroelectric Random Access Memory (FRAM), Phase Change Memory (PCM), graphene Memory, and the like. Volatile Memory can include Random Access Memory (RAM), external cache Memory, and the like. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others. The databases referred to in various embodiments provided herein may include at least one of relational and non-relational databases. The non-relational database may include, but is not limited to, a block chain based distributed database, and the like. The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic devices, quantum computing based data processing logic devices, etc., without limitation.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present application shall be subject to the appended claims.
Claims (10)
1. A method for detecting spoofing attacks on a satellite time synchronization device, the method comprising:
acquiring physical parameter data of the satellite time synchronization device; the physical parameter data comprises position information, received power field intensity and satellite time;
respectively processing the position information, the received power field intensity and the satellite time to determine that a timekeeping instruction is output under the condition that the current condition of deception attack is met; the time keeping instruction is used for indicating the satellite time synchronization device to enter a time keeping holding state and outputting time keeping time.
2. The method of claim 1, wherein the spoofed attack condition comprises any one or any combination of the following conditions: a first, second, and third spoofing attack condition;
the position information, the received power field intensity and the satellite time are processed respectively to determine that a timekeeping instruction is output under the condition that the current condition of deception attack is met; the time keeping instruction is used for indicating the satellite time synchronization device to enter a time keeping holding state and outputting the time keeping time:
determining whether the first spoofing attack condition is currently satisfied based on the location information;
determining whether the second deception attack condition is met currently or not according to the received power field intensity;
determining whether the third spoof attack condition is currently satisfied based on the satellite time.
3. The method of claim 2, wherein the step of determining whether the first spoof attack condition is currently satisfied based on the location information comprises:
acquiring fixed position information of the satellite time synchronization device;
obtaining distance data based on the position information and the fixed position information;
and if the distance data is larger than a distance threshold value, determining that the first cheating attack condition is met currently.
4. The method of claim 2, wherein the step of determining whether the first spoof attack condition is currently satisfied based on the location information comprises:
acquiring fixed position information of the satellite time synchronization device;
based on a distance threshold value, obtaining an allowable position range according to the fixed position information;
and if the position information does not fall into the allowable position range, determining that the first cheating attack condition is met currently.
5. The method of claim 2, wherein the step of determining whether the second spoof attack condition is currently satisfied based on the received power field strength comprises:
acquiring the reference receiving power field intensity of the satellite time synchronization device;
and determining whether the second spoofing attack condition is met currently according to the comparison result of the received power field intensity and the reference received power field intensity.
6. The method of claim 2, wherein the step of determining whether the third spoof attack condition is currently satisfied based on the satellite time comprises:
acquiring internal timekeeping time of the satellite time synchronization device, and acquiring a time difference between the satellite time and the internal timekeeping time;
and if the time difference is greater than the allowable time difference value, determining that the third cheating attack condition is currently met.
7. A satellite time synchronization apparatus spoofing attack detection apparatus, the apparatus comprising:
the data acquisition module is used for acquiring physical parameter data of the satellite time synchronization device; the physical parameter data comprises position information, received power field intensity and satellite time;
a spoofed attack detection module, configured to process the location information, the received power field strength, and the satellite time, respectively, to determine that a timekeeping instruction is output when a spoofed attack condition is currently satisfied; the time keeping instruction is used for indicating the satellite time synchronization device to enter a time keeping holding state and outputting time keeping time.
8. A computer device comprising a memory and a control processor, the memory storing a computer program, characterized in that the control processor realizes the steps of the method of any one of claims 1 to 6 when executing the computer program.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 6.
10. A computer program product comprising a computer program, characterized in that the computer program realizes the steps of the method of any one of claims 1 to 6 when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210096583.7A CN114428261A (en) | 2022-01-26 | 2022-01-26 | Detection method and detection device for satellite time synchronization device cheating attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210096583.7A CN114428261A (en) | 2022-01-26 | 2022-01-26 | Detection method and detection device for satellite time synchronization device cheating attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114428261A true CN114428261A (en) | 2022-05-03 |
Family
ID=81312500
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210096583.7A Pending CN114428261A (en) | 2022-01-26 | 2022-01-26 | Detection method and detection device for satellite time synchronization device cheating attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114428261A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116009379A (en) * | 2023-03-28 | 2023-04-25 | 深圳市天辰防务通信技术有限公司 | Time system equipment system control method |
| CN116430414A (en) * | 2023-04-10 | 2023-07-14 | 北京辉羲智能科技有限公司 | Software and hardware cooperation chip and system for preventing GNSS spoofing attack |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106526621A (en) * | 2016-12-16 | 2017-03-22 | 杭州中科微电子有限公司 | Satellite positioning receiving system capable of preventing real-time radio frequency cheating and method thereof |
| CN106772521A (en) * | 2016-12-16 | 2017-05-31 | 杭州中科微电子有限公司 | A kind of the satellite fix reception system and its method of the preventing RF deception based on the Big Dipper |
| CN107329151A (en) * | 2017-07-18 | 2017-11-07 | 国家电网公司 | A kind of GPS cheat detecting methods of power patrol unmanned machine |
| CN111158024A (en) * | 2019-12-31 | 2020-05-15 | 中国南方电网有限责任公司超高压输电公司 | Anti-cheating method and device for time service terminal |
| CN111308514A (en) * | 2020-04-01 | 2020-06-19 | 湖南航天电子科技有限公司 | Satellite navigation deception detection method in wireless synchronous communication network |
| CN112162301A (en) * | 2020-09-29 | 2021-01-01 | 海南大学 | Satellite navigation positioning method and chip for resisting deception jamming |
-
2022
- 2022-01-26 CN CN202210096583.7A patent/CN114428261A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106526621A (en) * | 2016-12-16 | 2017-03-22 | 杭州中科微电子有限公司 | Satellite positioning receiving system capable of preventing real-time radio frequency cheating and method thereof |
| CN106772521A (en) * | 2016-12-16 | 2017-05-31 | 杭州中科微电子有限公司 | A kind of the satellite fix reception system and its method of the preventing RF deception based on the Big Dipper |
| CN107329151A (en) * | 2017-07-18 | 2017-11-07 | 国家电网公司 | A kind of GPS cheat detecting methods of power patrol unmanned machine |
| CN111158024A (en) * | 2019-12-31 | 2020-05-15 | 中国南方电网有限责任公司超高压输电公司 | Anti-cheating method and device for time service terminal |
| CN111308514A (en) * | 2020-04-01 | 2020-06-19 | 湖南航天电子科技有限公司 | Satellite navigation deception detection method in wireless synchronous communication network |
| CN112162301A (en) * | 2020-09-29 | 2021-01-01 | 海南大学 | Satellite navigation positioning method and chip for resisting deception jamming |
Non-Patent Citations (1)
| Title |
|---|
| 黄龙 等: "针对GNSS授时接收机的转发式欺骗干扰技术研究", 《国防科技大学学报》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116009379A (en) * | 2023-03-28 | 2023-04-25 | 深圳市天辰防务通信技术有限公司 | Time system equipment system control method |
| CN116430414A (en) * | 2023-04-10 | 2023-07-14 | 北京辉羲智能科技有限公司 | Software and hardware cooperation chip and system for preventing GNSS spoofing attack |
| CN116430414B (en) * | 2023-04-10 | 2023-11-28 | 北京辉羲智能科技有限公司 | Software and hardware cooperation chip and system for preventing GNSS spoofing attack |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106093978B (en) | A kind of anti-spoofing formula interference signal processing method of GNSS time service type satellite receiver | |
| CN114428261A (en) | Detection method and detection device for satellite time synchronization device cheating attack | |
| CN103806005A (en) | Intelligent remote monitoring method for protecting cathode of underground pipeline | |
| WO2004111675A1 (en) | Security system including a method and system for acquiring gps satellite position | |
| CN113204032B (en) | Satellite navigation deception jamming detection method based on generalized RDSS positioning | |
| CN105204092A (en) | Thunder and lightening prewarning system with honeycomb layout | |
| CN113031020B (en) | Satellite navigation deception jamming detection method based on multiple correlation peaks | |
| Jin et al. | Ionospheric correlation analysis and spatial threat model for SBAS in China region | |
| JP2016218069A (en) | Earthquake occurrence prediction device, earthquake occurrence prediction method, and computer program | |
| Zhang et al. | Review on GPS spoofing‐based time synchronisation attack on power system | |
| CN204556822U (en) | Bank basic matrix row GNSS reflected signal tide and many wave parameters synthesis detection system | |
| Gong et al. | Time stamp attack in smart grid: Physical mechanism and damage analysis | |
| CN116148888B (en) | Anti-deception jamming method, device, system and storage medium | |
| CN110161541B (en) | Navigation time deception jamming method and device | |
| Fan et al. | Closed-form solution for synchrophasor data correction under GPS spoofing attack | |
| CN113204033B (en) | Multi-dimensional domain satellite navigation deception jamming detection method based on double-frequency fusion | |
| CN115629376A (en) | Target positioning method and device, electronic device and storage medium | |
| KR102350194B1 (en) | Method for GPS Spoofing Detection with GPS Receivers Leveraging Inaccuracies of GPS Spoofing Devices and Apparatus Therefore | |
| CN104918213A (en) | Method and apparatus for geo-fence detection | |
| Trinkle et al. | GPS anti-spoofing techniques for smart grid applications | |
| De Falcis | Best Sync Practices & Architecture Strategies for Secure, Resilient PNT in Smart Grids | |
| Dziadak et al. | Some practical problems of communications reliability inenviromental monitoring systems | |
| Adityawan et al. | Development of a tsunami early warning system on the coast of Palu based on maritime wireless communication | |
| CN116990596B (en) | Lightning positioning detection system and method based on offshore platform | |
| Carroll et al. | Global positioning system timing criticality assessment–preliminary performance results |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220503 |