Blind Code Estimation of GNSS SCER Spoofing Based on Conditional Entropy Measurement
JieSong1,2Emailsongjie16@nudt.edu.cn
ZukunLu1,2✉Emailluzukun@nudt.edu.cn
HuiZhang3Emailzhanghui1983@hnu.edu.cn
WeiXiao1,2Emailxiaowei12@nudt.edu.cn
GuangfuSun1,2Emailgfsun@nudt.edu.cn
1College of Electronic Science and TechnologyNational University of Defense Technology410073ChangshaChina
2National Key Laboratory for Positioning, Navigation and Timing Technology410073ChangshaChina
3College of Computer Science and Electronic EngineeringHunan University410082ChangshaChina
Jie Song1,2, Zukun Lu1,2*, Hui Zhang3, Wei Xiao1,2, Guangfu Sun1,2
1College of Electronic Science and Technology, National University of Defense Technology, Changsha, 410073, China.
2National Key Laboratory for Positioning, Navigation and Timing Technology, Changsha, 410073, China.
3College of Computer Science and Electronic Engineering, Hunan University, Changsha, 410082, China.
*Corresponding author(s). E-mail(s): luzukun@nudt.edu.cn; Contributing authors: songjie16@nudt.edu.cn; zhanghui1983@hnu.edu.cn; xiaowei12@nudt.edu.cn; gfsun@nudt.edu.cn
Abstract
The SCER spoofing attack constitutes an advanced spoofing targeting non-cooperative GNSS receivers, wherein the accuracy of code estimation governs the SCER effectiveness. The employment of non-disclosed signal structure in non-cooperative GNSS terminals constrains prior knowledge pertinent to code estimation accuracy solely to relative signal-to-noise ratio (SNR). Current approaches primarily rely on high-gain antennas to improve SNR and reduce bit error rate (BER), while the estimation accuracy is fundamentally constrained by practical hardware costs. This paper proposes a conditional entropy-based technique for code uncertainty measurement and estimation, eliminating antenna cost augmentation. By quantifying the impact of intra-chip SNR on polarity decision posterior probabilities, a chip-level conditional entropy model is constructed to transform code uncertainty into measurable prior knowledge for correction guidance. Following a descending conditional entropy strategy, chips within an optimal correction ratio range are reconstructed into local PRN codes. Ultimately, the optimal estimation result is identified through a comparative correlation analysis based on the local signals with both positive and negative polarities. Simulations with GPS L1 P(Y) signal and practical experiments with GPS L1 C/A signal demonstrate that the proposed method demonstrated maximum reductions in BER of 10.2\% and 8.8\%, respectively.
Keywords:
SCER spoofing attack
Non-cooperative GNSS terminal
Code Estimation
Uncertainty Measurement
Correction Priority
A
1 Introduction
As signal encryption becomes a significant trend in satellite navigation for Global Navigation Satellite System (GNSS) civilian terminals, the security code estimation and replay(SCER) spoofing attack serve as effective countermeasures against unauthorized operations of such devices. Civil satellite navigation terminals increasingly employ encrypted signals to prevent unauthorized access and interference (Zhang et al., 2022). For instance, the Low Earth Orbit (LEO) navigation augmentation signals often feature partially or fully undisclosed structures (Li et al., 2024b), and Galileo offers open service navigation message authentication and commercial authentication service for spoofing detection (Motella et al., 2018)(Islam et al., 2024). However, rapid development of emerging electronic systems, typified by unmanned aerial vehicles (UAVs), coincides with immature regulatory frameworks. This gap creates significant risks of illegal operations threatening critical national infrastructure and military security (Damy et al., 2023). GNSS spoofing provides an airspace management solution for countering non-cooperative terminals like unauthorized UAV operations by falsifying navigation signals to manipulate positioning and timing information (He et al., 2019). From the spoofer’s perspective, receivers relying on encrypted signals constitute noncooperative targets (Ardizzon et al., 2024). Among counter-spoofing techniques, the SCER attack represents a viable countermeasure against such non-cooperative GNSS receivers (Humphreys, 2013).
The SCER attack constitutes an advanced GNSS spoofing strategy where in the security code of target signals is estimated in real time (Wang et al., 2022). Security codes comprise pseudo-random noise (PRN) codes and navigation data messages (Psi- aki and Humphreys, 2016)(Seco-Granados et al., 2021a). The spoofer subsequently broadcasts counterfeit GNSS signals embedded with the estimated security codes (Gal- lardo and Yuste, 2020). This approach proves more effective than generative spoofing when targeting non-cooperative receivers (Wu et al., 2020). By executing dynamic security code estimation and signal replay, SCER circumvents cryptographic protections within encrypted signals, causing target receivers to accept fraudulent positioning solutions (Spanghero and Papadimitratos, 2025). Inaccurate security code estimation by the attacker induces discrepancies between replayed and authentic GNSS signals (Seco-Granados et al., 2021b). Such signal misalignment may render SCER attack detectable by receiver. Therefore, achieving high-accuracy code estimation constitutes the critical enabling technology for effective SCER attacks.
PRN code estimation for non-cooperative GNSS signals confronts the fundamental challenge stemming from the complete absence of prior knowledge. In communication systems, substantial research has been conducted on code estimation, with systematic advancements particularly in the estimation of non-periodic long codes (Kim et al., 2023) (QIU et al., 2021). However, such signals do not exhibit complete uncorrelation over long code sequences. Instead, their correlations are inherently non-periodic.
A
Consequently, signal periodicity can be reconstructed via segmental correlation to extract code characteristics (Choi and Moon, 2020). By contrast, non-cooperative GNSS signals typically employ long-code encryption that eliminates periodic correlation features. Consequently, the code estimation has no reliance on prior information derived from the signal structure.Achieving minimal BER constitutes the primary objective for the code in noncooperative GNSS terminals. Code estimation uncertainty constitutes a primary contributor to BER degradation. Current blind code estimation methods exhibit severe SNR-dependent performance degradation due to the theoretical monotonic relationship between BER and SNR (Li et al., 2024a). With conventional BPSK/QPSK modulation, the orthogonality allows for the separation of the in-phase (I) and quadrature (Q) branch signals, enabling direct chip determination using various criteria (Kumar and Kumari, 2016). For modern GNSS employing frequency-multiplexed multi-component signals, constellation diagram templates and similar techniques are employed for signal reconstruction (Gansekoele et al., 2025) (Xiao et al., 2018). However, all polarity-dependent code estimation techniques are susceptible to errors caused by noise. Existing mitigation strategies typically rely on high-gain antenna arrays to enhance signal reception quality for acquisition (Xiao, 2021). For instance, a 40element antenna array is employed to improve received signal quality, enabling optimal PRN code estimation using a matched filter (D¨otterb¨ock et al., 2023). However, the required hardware cost grows prohibitively fast as BER targets become stricter, rendering them economically impractical for real-world deployment.
To overcome the performance limitations of BER imposed by SNR constraints, this study proposes a blind estimation method for GNSS PRN codes utilizing conditional entropy measurement. Intra-chip noise directly impacts the reliability of chip estimation, representing exploitable prior information. Conditional entropy quantifies the residual uncertainty under this kind of knowledge. Therefore, chip-level conditional entropy is measured by SNR to serve as a probabilistic reliability metric for codes correction. The main contributions of this study are as follows:
An uncertainty measurement model based on intra-chip conditional entropy for code estimation is proposed, introducing conditional entropy theory into SCER spoofing code estimation for the first time.
A priority correction criterion based on descending conditional entropy is proposed, which prioritizes the correction of chips exhibiting the highest uncertainty by quantifying the relationship between chip-level conditional entropy and the misdetection probability.
The structure of this paper is organized as follows: Sec.2 introduces the code estimation method based on the maximum conditional entropy strategy. Sec.3 presents comparative simulation and practical experimental results under GPS L1 signals. Sec.5 provides a discussion on the method’s performance characteristics and optimal correction ratio. Finally, Sec.5 concludes the paper.
2 Method
2.1 Uncertainty Measurement
This subsection derives the Bayesian posterior probability for code estimation, measuring the intra-chip conditional entropy based on the prior knowledge of intra-chip SNR. Simulation analysis is further conducted to verify the correlation between conditional entropy and code estimation uncertainty, establishing the theoretical framework necessary for assessing the monotonic relationship between SNR and conditional entropy.
The carrier-stripped branch signal awaiting estimation can be represented as (Jia et al., 2025):
1
where 
denotes the GNSS signal after carrier removal, 
is Gaussian white noise, and the noise variance is defined as 
.
Initially, the confidence metric for the decision on the m-th chip is:
2
where, 
denotes the sampling length of a single chip, 
and 
are the lower and upper bounds of the sampling points for the 
-th chip, respectively, and 
represents the sign function:
3
4
5
The Bayesian formula for estimating the 
-th chip as 
can be expressed as (Ferrero et al., 2015):
6
The conditional distribution of the received signal statistic 
is given by:
7
The Bayesian formula is derived by substituting (7) into (6):
8
Defining the parameter 
, then:
9
where, 
represents the received signal SNR, 
is the mean value of the received signal, and 
is the noise variance. As 
increases, the signal becomes stronger while the noise diminishes, resulting in the posterior probability 
approaching 1 and the entropy decreasing.
When the m-th chip is estimated to be − 1, the Bayesian formula is given by:
10
11
The chip 
is a binary random variable, and the received signal 
is continuous-valued. The chips are mutually, leading to:
12
Evaluation of code uncertainty is required, necessitating decomposition of the global conditional entropy into individual chip-level calculations.
13
The conditional entropy of the m-th chip is:
14
After the receiver completes the initial code estimation, 
is assigned the specific value 
, and the conditional probability 
can be calculated precisely. At this stage, the conditional entropy is derived as:
15
Given that the chip c[m] is a binary random variable constrained to ± 1, define:
16
The conditional entropy is subsequently simplified to:
17
When 
, the system exhibits no information uncertainty (
). When 
, the condition conforms to the maximum entropy principle, signifying complete uncertainty (
). For 
, the entropy decreases monotonically with increasing certainty, where 
, indicating an uncertain state.
The conditional entropy was calculated for PRN codes under SNR of 5 dB and -5 dB, as shown in Fig.1 and Fig.2. The figures present histograms of the information entropy distributions for both correct and incorrect code estimations. Fig.1 demonstrates the relationship between conditional entropy and code estimation accuracy at an SNR of -5 dB. Under low SNR conditions, the observations are severely corrupted by noise, rendering integrated statistics incapable of symbol discrimination. Consequently, the probability p1 0.5, which is equivalent to random guessing. In this scenario, the conditional entropy approaches 1 for both correct and incorrect chip estimations. Notably, the entropy distribution of correctly estimated chips concentrates in the mid-to-high entropy range, whereas the entropy distribution of incorrectly estimated chips exhibits an overall higher entropy level. Fig.2 illustrates the conditional entropy at an SNR of 5 dB. With BER approaching 0, the conditional entropy diminishes to 0, indicating near-perfect code discrimination. By comparing Fig.1 and Fig.2, it is evident that the conditional entropy demonstrates a systematic relationship with varying SNR.
Fig. 1
Conditional entropy correlates with correct/incorrect code estimation: SNR = 5dB
Fig. 2
The roles of non-cooperative GNSS signal quality monitoring encompass: 1) System monitoring, 2) Anomaly detection, and 3) Support high-security-demanding applications.
2.2 Dependence of Conditional Entropy on SNR
Based on the conditional entropy model, an inverse monotonic relationship between the conditional entropy and intra-chip SNR is established and analyzed in this subsection. Theoretical analysis across varying SNR regimes confirms that conditional entropy decreases strictly monotonically with increasing SNR for each chip, which enabling precision-targeted correction of chips exhibiting high uncertainty.
The conditional entropy of the m-th code can be quantitatively characterized by the parameter η:
18
Let 
, where 
denotes a definitional equality. Subsequently, Eq. (18) can be reformulated as:
19
Substituting 
back into Eq. (19):
20
Differentiate the conditional entropy function 
with respect to 
. Prove that for all 
, the conditional entropy strictly decreases with code-level SNR.
21
Figure 3 illustrates the variation in conditional entropy as a function of SNR during PRN code estimation. Three types of conditional entropy are depicted: the mean conditional entropy for correctly estimated codes (H1), incorrectly estimated codes (H0), and all codes combined (Hsum). As demonstrated in the figure, both H1 and H0 approach 1 at low SNR, signifying that the system persists in a state of high uncertainty irrespective of the estimation correctness. At high SNR,the uncertainty associated with correctly estimated chips decreases markedly, and Hsum converges towards H1. With increasing SNR, all categories of conditional entropy display a monotonically decreasing trend.
Fig. 3
Impact of SNR on Conditional Entropy
2.3 Code Estimation Method Based on the Descending Conditional Entropy
Building upon the derived intra-chip conditional entropy, a PRN code estimation method based on a descending-order entropy prioritization criterion is proposed in this subsection. The algorithm flowchart is shown as Fig. 4.
Fig. 4
Algorithm flowchart
Arrange the codes in descending order based on conditional entropy and prioritize correcting those with higher entropy, specifically those demonstrating greater uncertainty.
22
where, 
denotes the operation that returns a sequence of sorted indices, 
indicates the chip index corresponding to the 
-th priority, 
, and 
represents the maximum number of correlation corrections performed according to the priority sequence.
For the mg-th chip assigned the g-th priority, generate two local PRN code sequences where the mg-th chip is assigned to be σ, with σ taking the values of ± 1.
23
The local signal is synthesized utilizing the local PRN code sequence.
24
25
Calculate the correlation value between the local signal and the received signal.
26
27
The decision for the 
-th code is determined by comparing the correlation values for 
states: assign 
if 
, otherwise 
.
3 Comparative Experiment
3.1 Simulation Experiment
3.1.1 Simulation Experiment Setup
As defined in the official Global Positioning System (GPS) Interface Control Document (ICD) (Flores, 2022), the experiment simulates the GPS L1 signal. BPSK is employed to modulate the composite signal, which consists of both the P(Y) code and C/A code components. The P(Y) code consists of a randomly generated binary 0/1 symbol sequence, while the C/A code employs a predefined PRN code sequence. The signal power of the P(Y) signal is 3 dB higher than that of the C/A code. The detailed simulation parameters are presented in Table 1.
Symbol | Parameter Description | Value |
|---|---|---|
SNR | Signal-to-noise ratio | −20dB ∼ 0 dB |
 | Sampling frequency | 30MHz ∼ 130 MHz |
 | GPS P(Y) signal bandwidth | 10.23 MHz |
 | GPS C/A signal bandwidth | 1.023 MHz |
δ | Correction ratio | 60% |
 | Center frequency of IF signal | 2 MHz |
PRN | Satellite PRN number | G1 |
 | Signal duration | 1 ms |
To systematically validate the performance advantages of the proposed method, two PRN code blind estimation techniques are selected for comparative experiments:
Comparative Method 1: Intra-chip integration. This classical GNSS solution estimates the code through chip-level sample integration and decision, serving as the benchmark approach in the field.
Comparative Method 2: Sequential correction. Retaining the signal reconstruction and correlation correction framework, this method employs sequential (front-to-back) chip correction ordering. This comparative ablation test specifically aims to verify the necessity of the descending conditional entropy criterion.
3.1.2 Simulation Experiment Result
This subsection analyzes the performance advantages of the proposed method using the aforementioned simulation parameters and comparative methods. The evaluation examines performance superiority under varying Fs and SNR conditions, and quantifies performance improvements over comparative methods across diverse experimental scenarios.
Figure 5 presents the BER comparison for different code estimation methods across Fs ranging from 30 MHz to 100 MHz at a fixed SNR of -10 dB. All methods exhibit substantially increasing BER with higher sampling rates. Relative to comparative method 1, the proposed technique yields maximum and average BER reductions of 9.79% and 8.61%, respectively. When benchmarked with comparative method 2, it achieves corresponding maximum and average BER reductions of 5.61% and 4.45%. Crucially, the performance improvement of the proposed method demonstrates a consistent positive correlation with increasing Fs.
Fig. 5
Comparative performance at different Fs
Figure 6 compares the BER performance of code estimation techniques across SNR ranging from − 15 dB to 15 dB at a fixed 100 MHz. The proposed method demonstrates consistent performance superiority throughout the evaluated range. Within the low-SNR regime from − 15 dB to -6 dB, it maintains stable synchronization enhancement, achieving average BER reductions of 7.54% and 4.39% relative to Comparative Methods 1 and 2, respectively. Corresponding maximum BER reductions reach 8.31% and 4.97%. Under high-SNR conditions, as channel quality approaches theoretical limits, the BER convergence across all methods results in progressive reduction of the proposed technique’s performance margin.
Fig. 6
Comparative performance at different SNR
As depicted in Fig. 7, the BER reduction metric of the proposed methodology relative to comparative method 1 demonstrates a consistent, non-monotonic relationship with increasing forward optimization ratios. Across all tested conditions, low optimization ratios yield marginal BER reduction, while incremental ratio elevation produces progressive BER enhancement until reaching an optimum point, beyond which performance degrades. This performance peak robustly occurs within the backward optimization ratio domain, reaching a maximum BER reduction of 10.2%.
Fig. 7
BER reduction with comparative method 1
Figure 8 quantifies the BER reduction achieved by the proposed method relative to comparative method 2 across varying forward optimization ratios. The code synchronization performance similarly manifests a non-monotonic trajectory characterized by initial improvement followed by degradation. All BER enhancement curves exhibit a critical optimization ratio threshold. Maximum performance gain is achieved within the 50%-60% optimization ratio range, beyond which progressive gain attenuation occurs, with peak enhancement measuring 5.75%. Crucially, performance superiority monotonically amplifies under lower SNR conditions while demonstrating positive correlation with increasing Fs.
Fig. 8
BER reduction with comparative method 2
3.2 Practical Experiment
3.2.1 Practical Experiment Setup
This study implements a practical platform designed for open-field GNSS signal analysis, incorporating: (i) a high-gain GNSS antenna for signal reception enhancement, (ii) signal acquisition and storage instrumentation, and (iii) a dedicated signal processing module. The platform architecture is illustrated in Fig. 9. The high-gain antenna subsystem elevates received SNR through directional gain optimization. Following signal integrity verification via software-defined receiver and spectrum analyzer validation, digital signal acquisition is performed using a GNSS recorder/playback unit. Acquired datasets undergo subsequent processing on the computational terminal.
Fig. 9
Practical experiment platform
The measured data processing workflow is depicted in Fig. 10. The key parameters of the measurement platform are summarized in the table. The high-gain antenna provides approximately 18 dB gain within the GPS L1 frequency band, receiving signals of GPS G20. Signal acquisition occurs at 50 MHz Fs with 8-bit resolution, yielding an initial SNR of approximately − 2.8 dB. Controlled SNR degradation is implemented via programmable attenuation to generate GPS L1 signals across low-SNR operational regimes, ranging from − 25 dB to -15 dB. Given the absence of ground truth for the encrypted P(Y) code, estimation is performed on the C/A code, for which the true sequence is fully known (Jacobs and Moeneclaey, 2009). Comparative methodology retains two established techniques of intra-chip integration and sequential correction. Analysis utilizes the initial 60% segment of code sequences. All subsequent results represent statistical aggregates derived from 1,000 consecutive 1 ms data epochs.
Fig. 10
Flowchart of practical process
3.2.2 Practical Experiment Result
Due to the fixed Fs of the signal record-playback equipment, performance comparisons focus exclusively on PRN code estimation under varying SNR conditions. Figure 11 and Fig. 12 present measured means, standard deviations, and fitted curves. The scatter points represent the mean results from 1000 independent experimental datasets, with error bars indicating the standard deviation of the measured data. Fitted curves were generated by applying a fourth-degree polynomial least squares fit to the mean data.
Fig. 11
BER performance of practical comparision under varing SNR
Fig. 12
BER reduction of proposed method in practical experiment
Figure 11 demonstrates the PRN code estimation performance of the proposed method and two baseline approaches, measured by BER. Experimental results indicate decreasing BER for all methods with increasing SNR. Comparative analysis reveals the proposed method achieves optimal estimation accuracy, followed by the sequential correction technique, while the industry-standard intra-chip integration approach demonstrates relatively inferior performance.
Figure 12 quantifies the BER reduction of the proposed method relative to the comparison methods. Experimental measurements demonstrate average BER reductions of 7.68% versus comparative method 1 and 4.77% against comparative method 2 across the operational SNR range. Specifically, the proposed method achieves BER reduction ranges of 5.6 dB to 8.8 dB and 3.0 dB to 5.7 dB compared to 2 comparative methods, respectively.
4 Discussion
The core performance advantages of the proposed methodology is critically analyzed in the discussion section, with specific emphasis on elucidating the operational principles underlying the conditional entropy-based chip reliability decision mechanism. This section further examines the method’s performance boundaries under extreme operating conditions, while empirically validating the operational effectiveness of the descending conditional entropy criterion.
4.1 Analyzation Based on Simulation Data
The impact of the forward optimization ratio on BER is illustrated in Fig. 13. As the optimization ratio increases, the BER decreases initially and subsequently increases, suggesting the presence of an optimal ratio that minimizes the BER. At this optimal ratio, substantial performance enhancements can be realized with comparatively low complexity, achieving a maximum BER reduction of 10.84%. However, when the optimization ratio surpasses this optimal value, the BER increases, resulting in a maximum degradation of 3.26%, accompanied by increased processing complexity.
Fig. 13
Impact analysis of BER on forward correction ratio
The determination of the optimal correction ratio based on conditional entropy priority is examined. Figure 14 depicts the optimal correction ratios across varying Fs and SNRs. The ratio increases monotonically with both higher SNR and sampling rates, reflecting enhanced code estimation reliability and reduced conditional entropy under improved signal conditions. This trend significantly mitigates performance degradation risks associated with high-entropy regions at low Fs and SNR. However, an anomalous ratio increase occurs at 30 MHz. This reduced sampling rate exacerbates code inversion uncertainty, demanding enhanced correction to address initial estimation bias.
Fig. 14
Optimal correction ratio analysis.
Figure15 illustrates the error correction capabilities across different priority segments. The PRN code sequence is divided into ten segments, where the i-th segment contains the highest-priority i 10% of data according to the correction priority index. Corrected BER are evaluated per segment, with the dashed line indicating the initial BER obtained through conventional estimation. The proposed method shows significant performance variation across segments, with superior correction performance of higher priority segments compared to lower-priority segments. Relative to the initial BER, maximum BER reduction reaches approximately 2.66% in high-priority segments, while performance degradation in the lowest-priority segments exceeds 1.67%.
Fig. 15
Error correction capability of different priority segmentation interval
Algorithm performance analysis reveals distinct patterns in code estimation under varying conditions. Figure 16 demonstrates the recovery performance when correcting only the top 60% of codes across different Fs and SNRs. A significant negative correlation exists between SNR and BER regarding PRN code estimation performance. As the SNR increases, the overall BER exhibits a decreasing trend. Furthermore, at a constant SNR, the BER gradually decreases with increasing Fs. This improvement is fundamentally driven by the higher sampling density achievable at increased Fs, which significantly augments the information content acquired and enables superior statistical discrimination for accurate code estimation.
Fig. 16
Code estimation performance under different Fs and SNR
4.2 Analyzation Based on Practical Data
The descending intra-chip conditional entropy criterion was validated using practical measurements. Given the fixed sampling rate constraints of the experimental platform, the analysis focused exclusively on performance across varying SNR regimes. In Fig. 17 and Fig. 18, the bar chart displays the mean values of the measured results, with error bars representing the standard deviation, and the mean deviation of these error bars is zero. The dashed lines indicate the initial BER estimation used to evaluate the performance of the proposed methodology.
Fig. 17
Practical measured BER under different correction ratios
Fig. 18
Practical measured BER under different correction segment
The measured BER under varying optimization ratios are shown in Fi.17. The BER initially decreases with increasing optimization ratio, reaching a minimum value. However, further optimization leads to increased computational complexity and performance degradation. The maximum reduction in BER occurred within the 50–60% forward optimization ratio range. At SNR of -18 dB, -20 dB, and − 22 dB, the maximum measured BER reduction were 7.96%, 7.94%, and 7.77%, respectively.
Corrections were individually applied to data within each optimization segment, with results depicted in Fig. 18. Analysis reveals an inverse correlation between segment priority and error-correction efficacy. Higher-priority segments significantly reduce BER, while lower-priority segments introduce additional errors. At the 5th?6th decile segments, the correction mechanism transitions from optimization to systemic performance degradation. This phenomenon robustly validates the effectiveness of the conditional entropy descending criterion proposed in this work. Under SNR of -18 dB, -20 dB, and − 22 dB, the initial 10% optimization segment achieved BER reductions of 3%, 2.34%, and 2.14% respectively. Conversely, BER degradation in the terminal 10% segment reached 1.26%, 2.02%, and 2.15%.
5 Conclusion
To overcome the theoretical limitation that GNSS PRN code estimation performance is fundamentally constrained by SNR, this paper proposes a novel code estimation method based on conditional entropy measurement. The method quantifies estimation reliability by calculating the conditional entropy derived from the posterior probability distribution of code decisions. This forms the foundation for establishing a code correction criterion based on decreasing conditional entropy, whereby iterative signal reconstruction and correction are prioritized for chips exhibiting high conditional entropy. Extensive simulations and experimental results demonstrate that the proposed method significantly outperforms two existing benchmark methods in reducing BER, achieving maximum reductions in BER of 10.2% and 8.8%, respectively. By efficiently identifying and prioritizing the correction of high-uncertainty chips under low SNR conditions, the proposed method effectively reduces BER while simultaneously avoiding the high computational overhead associated with global correction. This approach provides a practical new pathway for the development of low-cost, high-performance GNSS code estimation in SCER spoofing attack.
Acknowledgements.
Not applicable
Declarations
• No Funding.
• No moral or ethical issues exist.
• The authors declare that they have no competing interests.
Consent for publication
Data availability:
Not applicable
• Materials availability: Not applicable
• Code availability: Not applicable
A
Author Contribution
Jie Song proposed the method and wrote the paper. Zukun Lu improved the method. Hui Zhang helped with the manuscript revision. Wei Xiao was responsible for the experimental design. Guangfu Sun was responsible for supervision. All authors reviewed the manuscript.
References
Ardizzon F, Crosara L, Tomasin S et al (2024) On mixing authenticated and nonauthenticated signals against gnss spoofing. IEEE Trans Inf Forensics Secur 19:4480–4493. https://doi.org/10.1109/TIFS.2024.3381473
Choi H, Moon H (2020) Blind estimation of spreading sequence and data bits in directsequence spread spectrum communication systems. IEEE Access 8:148066–148074
Damy S, Cucchi L, Mennella A et al (2023) Increasing the robustness of drone operations with galileo open service navigation message authentication (osnma). In: 2023 International Conference on Localization and GNSS (ICL-GNSS), pp 1–6. https://doi.org/10.1109/ICL-GNSS57829.2023.10148917
D¨otterb¨ock D, Pany T, Lesjak R et al (2023) Prn sequence estimation with a selfcalibrating 40-element antenna array. Journal of the Institute of Navigation, NAVIGATION, p navi600
Ferrero A, Prioli M, Salicone S (2015) Conditional random-fuzzy variables representing measurement results. IEEE Trans Instrum Meas 64(5):1170–1178. https://doi.org/10.1109/TIM.2014.2357581
Flores RA (2022) Incorporation of irn-is-200k-001 through irn-is-200k-004. Interface Standard IS-GPS-200L, GPS Enterprise Space & Missile Systems Center (SMC) LAAFB, URL https://www.gps.gov/technical/icwg/IS-GPS-200L.pdf
A
Gallardo F, Yuste AP (2020) Scer spoofing attacks on the galileo open service and machine learning techniques for end-user protection. IEEE Access pp 85515–85532Gansekoele A, Balatsoukas-Stimming A, Brusse T et al (2025) Joint demapping of qam and apsk constellations using machine learning. IEEE Open J Commun Soc pp 1695–1709
He D, Liu H, Chan S et al (2019) How to govern the non-cooperative amateur drones? IEEE Network 33(3):184–189. https://doi.org/10.1109/MNET.2019.1800156
Humphreys TE (2013) Detection Strategy for Cryptographic GNSS AntiSpoofing 49(2):1073–1090. https://doi.org/10.1109/TAES.2013.6494400, URL http
//ieeexplore ieee.org/document/6494400/
Islam S, Bhuiyan MZH, Liaquat M et al (2024) An open gnss spoofing data repository: characterization and impact analysis with fgi-gsrx open-source software-defined receiver. GPS Solutions p 176
Jabbour MG, Datta N (2022) A tight uniform continuity bound for the arimoto-r´enyi conditional entropy and its extension to classical-quantum states. IEEE Trans Inf Theory 68(4):2169–2181. https://doi.org/10.1109/TIT.2022
Jacobs L, Moeneclaey M (2009) Effect of mmse channel estimation on ber performance of orthogonal space-time block codes in rayleigh fading channels. IEEE Trans Commun 57(5):1242–1245. https://doi.org/10.1109/TCOMM.2009
Jia Q, Zhang L, Wu R (2025) Low-power interference identification based on convolutional neural networks. IEEE Trans Instrum Meas 74:1–17. https://doi.org/10.1109/TIM.2025.3538089
Kim D, Choi Y, Yoon D (2023) Blind estimation of a scrambler in long-code direct sequence spread spectrum systems. In: 2023 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI), IEEE, pp 1–6
Kumar P, Kumari A (2016) BER Analysis Of BPSK, QPSK, 16-QAM & 64-QAM Based OFDM System Over Rayleigh Fading Channel. IOSR J Electron Communication Eng 11(04):66–74. https://doi.org/10.9790/2834-1104036674
Li X, Lu Z, Yuan M et al (2024a) Tradeoff of code estimation error rate and terminal gain in scer attack. IEEE Trans Instrum Meas 73:1. https://doi.org/10.1109/TIM.2024.3406807
Li X, Yuan Y, Han X et al (2024b) Toward wide-area and high-precision positioning with leo constellation augmented ppp-rtk. IEEE Trans Instrum Meas 73:1–13. https://doi.org/10.1109/TIM.2023.3332396
Motella B, Margaria D, Paonni M (2018) Snap: An authentication concept for the galileo open service. In: 2018 IEEE/ION Position, Location and Navigation Symposium (PLANS), IEEE, pp 967–977
Psiaki ML, Humphreys TE (2016) Gnss spoofing and detection. Proceedings of the IEEE 104(6):1258–1270. https://doi.org/10.1109/JPROC.2016.2526658
QIU Z, LI T, ZHA X (2021) Blind synchronization and estimation for pn code of nplc-dsss signal. J Electron Inform Technol 43(8):2171–2180
Seco-Granados G, G´omez-Casco D, L´opez-Salcedo JA et al (2021a) Detection of replay attacks to gnss based on partial correlations and authentication data unpredictability. GPS Solutions p 33
Seco-Granados G, G´omez-Casco D, L´opez-Salcedo JA et al (2021b) Detection of replay attacks to gnss based on partial correlations and authentication data unpredictability. GPS Solutions p 33
Spanghero M, Papadimitratos P (2025) Time-based gnss attack detection. IEEE Trans Aerosp Electron Syst 61(3):5594–5610. https://doi.org/10.1109/TAES.2024.3516708
Tao K, Xu M, Wang Q et al (2025) Vibration signal essa-cvmd and entropy method for the leakage assessment of pipe. IEEE Trans Instrum Meas 74:1–13. https://doi.org/10.1109/TIM.2025.3540124
Wang Y, Sun FP, Hao JM et al (2022) Reduction research on performance index system of satellite navigation system spoofing. GPS Solutions, p ARTN43
Wu Z, Zhang Y, Yang Y et al (2020) Spoofing and Anti-Spoofing Technologies of Global Navigation Satellite System: A Survey 8:165444–165496. https://doi.org/10.1109/ACCESS.2020.3022294, URL https://ieeexplore.ieee.org/document/9187240/
Xiao W (2021) Research on gnss channel optimization and signal quality evaluation method for high-precision ranging technology. Doctoral thesis, National University of Defense Technology
Xiao W, Liu W, Mou W et al (2018) Research into a recovery method of gnss authorized service signal component. IEEE Access 6:27651–27658. https://doi.org/10.1109/ACCESS.2018.2839679
Zhang K, Larsson EG, Papadimitratos P (2022) Protecting gnss open service navigation message authentication against distance-decreasing attacks 58(2):1224–1240. https://doi.org/10.1109/TAES.2021.3122512