SeaSpoofFinder -- Potential GNSS Spoofing Event Detection Using AIS

This paper investigates whether large-scale GNSS spoofing activity can be inferred from maritime Automatic Identification System (AIS) position reports. A data-processing framework, called SeaSpoofFinder, available here: seaspooffinder.github.io/ais_data, was developed to ingest and post-process global AIS streams and to detect candidate anomalies through a two-stage procedure. In Stage 1, implausible position jumps are identified using kinematic and data-quality filters; in Stage 2, events are retained only when multiple vessels exhibit spatially consistent source and target clustering, thereby reducing false positives from single-vessel artifacts. The resulting final potential spoofing events (FPSEs) reveal recurrent patterns in several regions, including the Baltic Sea, the Black Sea, Murmansk, Moscow, and the Haifa area, with affected footprints that can span large maritime areas. The analysis also highlights recurring non-spoofing artifacts (e.g., back-to-port jumps and data gaps) that can still pass heuristic filters in dense traffic regions. These results indicate that AIS-based monitoring can provide useful evidence for identifying and characterizing potential spoofing activity at scale, while emphasizing that AIS-only evidence does not provide definitive attribution.

Implementation Considerations for ACAS and Simulation Results

The Assisted Commercial Authentication Service (ACAS) is a semi-assisted signal authentication concept currently being defined for Galileo, based on the E6-C encrypted signal. Leveraging the assumption that the true E6-C encrypted signal always arrives before any inauthentic signal, we define user concepts for signal detection, including vestigial signal search. We define three mitigation levels, each level defending against an increasing set of threats, incorporating the described concepts and additional checks. The concepts are analyzed and implemented in a simulation environment, and tested in both nominal conditions and under advanced spoofing attacks. The results suggest that even advanced attacks can be detected and mitigated by ACAS receivers.