When the carrier frequency and phase from the spoofing device align with an authentic signal that is originally locked by the target receiver, the lower limit of the spoofing-signal ratio required for a spoofing device to seize control of a receiver code loop is deduced in reference [15]. We have the following:
When the phase discriminator spacing of the target receiver is equal to 0.5 chip, the lower limit of the spoofing-signal ratio is as follows:
$$ \left\{\begin{array}{l}\begin{array}{cc}\operatorname{inf}\left\{\eta \right\}=1& {\tau}_0\le 1\\ {}\operatorname{inf}\left\{\eta \right\}=\frac{1}{2-{\tau}_0}& 1.5>{\tau}_0>1\end{array}\\ {}\operatorname{inf}\left\{\eta \right\}=\infty \kern0.5em 1.5\le {\tau}_0\end{array}\right. $$
(4)
When the phase discriminator spacing of the target receiver is less than 0.5 chip, the lower limit of the spoofing-signal ratio is as follows:
$$ \left\{\begin{array}{l}\begin{array}{cc}\operatorname{inf}\left\{\eta \right\}=1& {\tau}_0\le 1\\ {}\operatorname{inf}\left\{\eta \right\}=\frac{2d}{1+2d-{\tau}_0}& 1+d>{\tau}_0>1\end{array}\\ {}\operatorname{inf}\left\{\eta \right\}=\infty \kern0.5em 1+d\le {\tau}_0\end{array}\right. $$
(5)
When the phase discriminator spacing of the target receiver exceeds 0.5 chip, the lower limit of the spoofing-signal ratio is as follows:
$$ \left\{\begin{array}{l}\begin{array}{cc}\operatorname{inf}\left\{\eta \right\}=1& {\tau}_0\le 2d\\ {}\operatorname{inf}\left\{\eta \right\}=\frac{2\left(1-d\right)}{2-{\tau}_0}& 1+d>{\tau}_0>2d\end{array}\\ {}\operatorname{inf}\left\{\eta \right\}=\infty \kern0.5em 1+d\le {\tau}_0\end{array}\right. $$
(6)
Here τ0 represents the code phase difference between a spoofing signal and an authentic signal; this error is caused by an inaccurate estimation of the target receiver position by the spoofer. d represents the phase discriminator spacing of the target receiver. inf{η} is the lower limit of the spoofing-signal ratio required for successful spoofing under various τ0.
In a real scenario, a spoofing signal has difficulty aligning with an authentic signal carrier received by the target receiver, or achieving this alignment is extremely expensive, e.g., high precision distance measurement technology (radar) can be employed to measure the relative position of the two signals. Therefore, these conclusions are only meaningful in a laboratory environment and have a very limited reference value for actual spoofing and anti-spoofing practice. This paper focuses on a scenario with a misaligned carrier and analyzes and deduces the lower limit of the spoofing-signal ratio required for successful spoofing.
The mechanism of a receiver-spoofer is as follows: the code phase of a spoofing signal is gradually changed to influence the code loop phase discriminator output and the disrupt receiver lock-in process on an authentic signal; the phase of the receiver local replicate code in the code loop is gradually induced to align with the code phase of the spoofing signal and drift from the authentic signal, after which receiver control is seized [3]. Assume that the spoofing signal code waits for the loop phase discriminator to stabilize before changing phases. Each phase change is referred to as a traction.
To simplify the deduction of the lower limit of the spoofing-signal ratio, assume that the frequencies of the spoofing signal, authentic signal, and receiver local replicate code are identical. This assumption requires that a spoofing device can accurately obtain velocity information about the target receiver, which is achievable in most spoofing scenarios, including a stationary receiver, ships, and steadily moving vehicles. With this assumption, fe and fe' in Formula (3) are approximately equal to 0. Therefore, Formula (3) is simplified as follows:
$$ {\displaystyle \begin{array}{l}{S}_{\mathrm{K}}=\sqrt{{\left({I}_{\mathrm{K}}+I{\hbox{'}}_{\mathrm{K}}\right)}^2+{\left({\mathrm{Q}}_{\mathrm{K}}+Q{\hbox{'}}_{\mathrm{K}}\right)}^2}=\\ {}=\sqrt{{\left(A\cdot R\left({\tau}_{\mathrm{K}}\right)\right)}^2+{\left(\eta A\cdot R\left(\tau {\hbox{'}}_{\mathrm{K}}\right)\right)}^2+2\eta {A}^2R\left({\tau}_{\mathrm{K}}\right)R\left(\tau {\hbox{'}}_{\mathrm{K}}\right)\cos \left(\phi -{\phi}^{\hbox{'}}\right)}\\ {}K=E,L\end{array}} $$
(7)
The impact of the frequency difference is removed. The phase discrimination result is directly affected by the code phase difference and the carrier phase difference between an authentic signal and a spoofing signal, as well as the spoofing-signal ratio. Therefore, the lower limit of the spoofing-signal ratio is determined by the other two parameters. The phase discriminator spacing will affect the calculation of the correlation R. In the following sections, the formula for the lower limit of the spoofing-signal ratio for different phase discriminator spacings is discussed.
Phase discriminator spacing of target receiver = 0.5 chip
Assume that the spoofing signal enters the code loop traction range at t0. After the spoofing signal enters the code loop, the code loop attains an equilibrium state at t1. Assume that at t0 and t1, the code phase difference between an authentic signal and a spoofing signal is τ0 and stabilizes. The definition of the code loop equilibrium state is that the early correlation of the code loop is equal to the late correlation, i.e., E = L. In the deduction in Reference [15], an initial conclusion is obtained: at t1, the phase difference between the spoofing signal and the local code is τS(t1); the code phase difference between an authentic signal and the local code is τR(t1); and once τR(t1) < d and τS(t1) > d, spoofing will fail. Assume that the receiver local replicate code aligns with an authentic signal at t0, i.e., τR(t0) = 0. At this moment, the following expressions hold:
$$ \left\{\begin{array}{l}E\left({t}_1\right)=L\left({t}_1\right)\\ {}{\tau}_{\mathrm{S}}\left({t}_1\right)+{\tau}_{\mathrm{R}}\left({t}_1\right)={\tau}_0\end{array}\right. $$
(8)
where E(t1) and L(t1) represent the lead correlation and lag correlation at t1; τ0 represents the code phase difference between a spoofing signal and an authentic signal at t0 and t1. The correlation function R(τ) of the PN codes can be expressed in Formula (9) as follows:
$$ \left\{\begin{array}{ccc}{R}_{\mathrm{E}}\left(\tau \right)=0,& {R}_{\mathrm{L}}\left(\tau \right)=A\left(1+d+\tau \right),& -1-d\le \tau <-d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=A\left(1-d+\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)=A\left(1-d-\tau \right),& -d\le \tau <d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=A\left(1+d-\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)=0,& d\le \tau \le 1+d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=0,& {R}_{\mathrm{L}}\left(\tau \right)=0,& \mathrm{other}\end{array}\right. $$
(9)
where d represents the phase discriminator spacing; τ represents the code phase difference between the signal and the local replicate code.
According to Formula (7), for E and L, as well as Formula (9) for the correlation function R(τ), when τR(t1) < d and τS(t1) > d is substituted into Formula (8), the solution for τR(t1) and τS(t1) is as follows:
$$ \left\{\begin{array}{l}{\tau}_{\mathrm{R}}\left({t}_1\right)=\Big(\pm \sqrt{\left({\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4\right){\eta}^2+4d{\eta \alpha \tau}_0+8 d\eta \alpha -4{\eta \alpha \tau}_0-8\eta {d}^2\alpha +4{d}^2-8d+4}\\ {}-2 d\eta \alpha +2d+d{\eta}^2-{\eta}^2{\tau}_0+{\eta}^2+{\eta \alpha \tau}_0-2\Big)/\left(-{\eta}^2+2\eta \alpha \right)\\ {}{\tau}_{\mathrm{S}}\left({t}_1\right)={\tau}_0-{\tau}_{\mathrm{R}}\left({t}_1\right)\end{array}\right. $$
(10)
where α = cos(ϕ − ϕ') represents the cosine of the carrier phase difference between an authentic signal and a spoofing signal. The sign “±” in Formula (10) should be “+” when −η2 + 2ηα is greater than 0, and it should be “−” when −η2 + 2ηα is less than 0. Once the spoofing-signal ratio η of the spoofing signal is in the range for which a solution for τS(t1) and τR(t1) in Formula (10) exists, τR(t1) < d and τS(t1) > d, this spoofing-signal ratio will cause spoofing failure. The solution space S for this condition is calculated, and the complementary set \( \overline{S} \) is calculated to obtain the spoofing-signal ratio required for successful spoofing.
The necessary condition for the τR(t1) solution is that the radical in Formula (10) is greater than or equal to 0.
$$ \left({\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4\right){\eta}^2+4d{\eta \alpha \tau}_0+8 d\eta \alpha -4{\eta \alpha \tau}_0-8\eta {d}^2\alpha +4{d}^2-8d+4\ge 0 $$
(11)
To solve inequation (11), first, the solutions for the following equation are obtained:
$$ \left({\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4\right){\eta}^2+4d{\eta \alpha \tau}_0+8 d\eta \alpha -4{\eta \alpha \tau}_0-8\eta {d}^2\alpha +4{d}^2-8d+4=0 $$
The solutions are
$$ \left\{\begin{array}{l}{\eta}_1=\frac{2\alpha \left({\tau}_0-2d+2{d}^2-d{\tau}_0\right)-4\sqrt{3d{\tau}_0-2d-{\tau}_0+2d{\alpha}^2-3{d}^2{\tau}_0+{d}^3{\tau}_0+{\alpha}^2{\tau}_0+2{d}^3-{d}^4-{\alpha}^2-2{d}^3{\alpha}^2+{d}^4{\alpha}^2-3d{\alpha}^2{\tau}_0+3{d}^2{\alpha}^2{\tau}_0-{d}^3{\alpha}^2{\tau}_0+1}}{\alpha^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4}\\ {}{\eta}_2=\frac{2\alpha \left({\tau}_0-2d+2{d}^2-d{\tau}_0\right)+4\sqrt{3d{\tau}_0-2d-{\tau}_0+2d{\alpha}^2-3{d}^2{\tau}_0+{d}^3{\tau}_0+{\alpha}^2{\tau}_0+2{d}^3-{d}^4-{\alpha}^2-2{d}^3{\alpha}^2+{d}^4{\alpha}^2-3d{\alpha}^2{\tau}_0+3{d}^2{\alpha}^2{\tau}_0-{d}^3{\alpha}^2{\tau}_0+1}}{\alpha^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4}\end{array}\right. $$
(12)
Second, the coefficient of η2 in Formula (11) is considered:
$$ A={\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4 $$
(13)
When A < 0, the solution space of inequation (11) is
$$ {S}_1=\left[\min \left({\eta}_1,{\eta}_2\right),\max \left({\eta}_1,{\eta}_2\right)\right] $$
(14)
When A > 0, the solution space of inequation (11) is
$$ {S}_1=\left[-\infty, \min \left({\eta}_1,{\eta}_2\right)\right]\cup \left[\max \left({\eta}_1,{\eta}_2\right),\infty \right] $$
(15)
To ensure that τR(t1) < d, inequation (16) holds.
$$ \frac{\pm \sqrt{\left({\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4\right){\eta}^2+4d{\eta \alpha \tau}_0+8 d\eta \alpha -4{\eta \alpha \tau}_0-8\eta {d}^2\alpha +4{d}^2-8d+4}-2 d\eta \alpha +2d+d{\eta}^2-{\eta}^2{\tau}_0+{\eta}^2+{\eta \alpha \tau}_0-2}{-{\eta}^2+2\eta \alpha}<d $$
(16)
Similarly, the solution for the equation
$$ \frac{\pm \sqrt{\left({\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4\right){\eta}^2+4d{\eta \alpha \tau}_0+8 d\eta \alpha -4{\eta \alpha \tau}_0-8\eta {d}^2\alpha +4{d}^2-8d+4}-2 d\eta \alpha +2d+d{\eta}^2-{\eta}^2{\tau}_0+{\eta}^2+{\eta \alpha \tau}_0-2}{-{\eta}^2+2\eta \alpha}=d $$
(17)
is
$$ \left\{\begin{array}{l}{\eta}_3=\frac{2 d\alpha -\alpha -\sqrt{4{d}^2{\alpha}^2-4{d}^2-4d{\alpha}^2+4d+{\alpha}^2}}{2d-{\tau}_0+1}\\ {}{\eta}_4=\frac{2 d\alpha -\alpha +\sqrt{4{d}^2{\alpha}^2-4{d}^2-4d{\alpha}^2+4d+{\alpha}^2}}{2d-{\tau}_0+1}\end{array}\right. $$
(18)
When τ0 > 1 + d, the spoofing signal cannot enter the phase discriminator traction range, so τ0 ≤ 1 + d. Therefore, the coefficient of η2 in inequation (16) is expressed as follows:
$$ {A}^{\hbox{'}}=2d-{\tau}_0+1>0 $$
(19)
The solution space for inequation (16) is expressed as follows:
$$ {S}_2=\left[\min \left({\eta}_3,{\eta}_4\right),\max \left({\eta}_3,{\eta}_4\right)\right] $$
(20)
The spoofing-signal ratio η that leads to spoofing failure should be in S1 ∩ S2; the complementary set \( S=\overline{S_1\cap {S}_2} \) is the spoofing-signal ratio η range for successful spoofing. Based on Formulae (14), (15), and (20), when A = α2τ02 − 4α2τ0 + 4α2 + 4d2 − 4dτ0 + 4τ0 − 4 < 0,
$$ S=\overline{S_1\cap {S}_2}=\left(-\infty, \max \right(\min \left({\eta}_1,{\eta}_2\right),\min \left({\eta}_3,{\eta}_4\right)\left]\cup \right[\min \left(\max \left({\eta}_1,{\eta}_2\right),\max \left({\eta}_3,{\eta}_4\right)\right),+\infty \Big) $$
(21)
and when A = α2τ02 − 4α2τ0 + 4α2 + 4d2 − 4dτ0 + 4τ0 − 4 > 0,
$$ S=\overline{S_1\cap {S}_2}=\left(-\infty, \min \left({\eta}_3,{\eta}_4\right)\right]\cup \left[\min \left({\eta}_1,{\eta}_2\right),\max \left({\eta}_1,{\eta}_2\right)\right]\cup \left[\max \left({\eta}_3,{\eta}_4\right),+\infty \right) $$
(22)
Formulae (21) and (22) and η > 1 are combined to obtain the lower limit of the spoofing-signal ratio required for successful spoofing.
$$ \left\{\begin{array}{l}\operatorname{inf}\left(\eta \right)=\min \left(\max \left({\eta}_1,{\eta}_2\right),\max \left({\eta}_3,{\eta}_4\right)\right),\kern0.5em \begin{array}{cc} if& {\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4<0\end{array}\\ {}\operatorname{inf}\left(\eta \right)=\max \left(\min \left({\eta}_1,{\eta}_2\right),\min \left({\eta}_3,{\eta}_4\right)\right),\begin{array}{cc}& \begin{array}{cc} if& {\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4>0\end{array}\end{array}\end{array}\right. $$
(23)
When d = 0.5 and no carrier phase difference between authentic signals and spoofing signals is observed, i.e., α = cos(ϕ − ϕ') = cos 0 = 1, Formula (23) is simplified as follows:
$$ \operatorname{inf}\left\{\eta \right\}=\frac{1}{2-{\tau}_0} $$
(24)
This result matches the conclusion in Reference [15].
Phase discriminator spacing of target receiver < 0.5 chip
When the phase discriminator spacing of the target receiver is under 0.5 chip, the spoofing failure condition is τR(t1) < d and 1 − d < τS(t1) (Reference [15]). Similar to the deduction in Section 3.1, Formula (8) for E and L and the correlation function R(τ) for τR(t1) < d and 1 − d < τS(t1) (Formula (25) are substituted into Formula (8):
$$ \left\{\begin{array}{ccc}{R}_{\mathrm{E}}\left(\tau \right)=0,& {R}_{\mathrm{L}}\left(\tau \right)=A\left(1+d+\tau \right),& -1-d\le \tau <d-1\\ {}{R}_{\mathrm{E}}\left(\tau \right)=A\left(1-d+\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)=A\left(1+d+\tau \right),& d-1\le \tau <-d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=A\left(1-d+\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)=A\left(1-d-\tau \right),& -d\le \tau \le d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=A\left(1+d-\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)=A\left(1-d-\tau \right),& d<\tau \le 1-d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=A\left(1+d-\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)=0,& 1-d<\tau \le 1+d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=0,& {R}_{\mathrm{L}}\left(\tau \right)=0,& \mathrm{other}\end{array}\right. $$
(25)
The solution for τR(t1) is as follows:
$$ \left\{\begin{array}{l}{\tau}_{\mathrm{R}}\left({t}_1\right)=\Big(\pm \sqrt{\left({\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4\right){\eta}^2+4d{\eta \alpha \tau}_0+8 d\eta \alpha -4{\eta \alpha \tau}_0-8\eta {d}^2\alpha +4{d}^2-8d+4}\\ {}-2 d\eta \alpha +2d+d{\eta}^2-{\eta}^2{\tau}_0+{\eta}^2+{\eta \alpha \tau}_0-2\Big)/\left(-{\eta}^2+2\eta \alpha \right)\\ {}{\tau}_{\mathrm{S}}\left({t}_1\right)={\tau}_0-{\tau}_{\mathrm{R}}\left({t}_1\right)\end{array}\right. $$
(26)
Similar to the solution in Section 3.1 for τR(t1), at this moment, the formula for the lower limit of the spoofing-signal ratio is similar to Formula (23).
Similarly, when no carrier phase difference between an authentic signal and a spoofing signal is observed, i.e., α = cos(ϕ − ϕ') = cos 0 = 1, the formula for the lower limit of the spoofing-signal ratio is simplified as follows:
$$ \operatorname{inf}\left\{\eta \right\}=\frac{2d}{2d-{\tau}_0+1} $$
(27)
This result matches the conclusion in Reference [15].
Phase discriminator spacing of target receiver > 0.5 chip
When the phase discriminator spacing of the target receiver exceeds 0.5 chip, the spoofing failure condition is τR(t1) < 1 − d and d < τS(t1) (Reference [15]). Similar to the deduction in Section 3.1, Formula (7) for E and L and the correlation function R(τ) for τR(t1) < 1 − d, d < τS(t1) (Formula (28)) are substituted into Formula (8):
$$ \left\{\begin{array}{ccc}{R}_{\mathrm{E}}\left(\tau \right)=0,& {R}_{\mathrm{L}}\left(\tau \right)={A}_{\mathrm{s}}\left(1+d+\tau \right),& -1-d\le \tau <-d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=0,& {R}_{\mathrm{L}}\left(\tau \right)={A}_{\mathrm{s}}\left(1-d-\tau \right),& -d\le \tau <d-1\\ {}{R}_{\mathrm{E}}\left(\tau \right)={A}_{\mathrm{s}}\left(1-d+\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)={A}_{\mathrm{s}}\left(1-d-\tau \right),& d-1\le \tau \le 1-d\\ {}{R}_{\mathrm{E}}\left(\tau \right)={A}_{\mathrm{s}}\left(1-d+\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)=0,& 1-d<\tau \le d\\ {}{R}_{\mathrm{E}}\left(\tau \right)={A}_{\mathrm{s}}\left(1+d-\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)=0,& d<\tau \le 1+d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=0,& {R}_{\mathrm{L}}\left(\tau \right)=0,& \mathrm{other}\end{array}\right. $$
(28)
The solution for τR(t1) is as follows:
$$ \left\{\begin{array}{l}{\tau}_{\mathrm{R}}\left({t}_1\right)=\Big(\pm \sqrt{\left({\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4\right){\eta}^2+4d{\eta \alpha \tau}_0+8 d\eta \alpha -4{\eta \alpha \tau}_0-8\eta {d}^2\alpha +4{d}^2-8d+4}\\ {}-2 d\eta \alpha +2d+d{\eta}^2-{\eta}^2{\tau}_0+{\eta}^2+{\eta \alpha \tau}_0-2\Big)/\left(-{\eta}^2+2\eta \alpha \right)\\ {}{\tau}_{\mathrm{S}}\left({t}_1\right)={\tau}_0-{\tau}_{\mathrm{R}}\left({t}_1\right)\end{array}\right. $$
(29)
This finding is similar to the solution for τR(t1) in Section 3.1. However, the condition changes to τR(t1) < 1 − d and d < τS(t1). Therefore, the solutions for inequation (30) are required.
$$ \frac{\pm \sqrt{\left({\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4\right){\eta}^2+4d{\eta \alpha \tau}_0+8 d\eta \alpha -4{\eta \alpha \tau}_0-8\eta {d}^2\alpha +4{d}^2-8d+4}-2 d\eta \alpha +2d+d{\eta}^2-{\eta}^2{\tau}_0+{\eta}^2+{\eta \alpha \tau}_0-2}{-{\eta}^2+2\eta \alpha}<1-d $$
(30)
The solutions are
$$ \left\{\begin{array}{l}{\eta}_3=\frac{2-2d}{2-{\tau}_0}\\ {}{\eta}_4=\frac{2d-2}{2-{\tau}_0}\end{array}\right. $$
(31)
Because the phase discriminator spacing d > 1 is meaningless, d < 1 and τ0 ≤ 1 + d < 2. Therefore, η3 > η4 and Formula (23) is rearranged as follows:
$$ \left\{\begin{array}{l}\operatorname{inf}\left(\eta \right)=\min \left(\max \left({\eta}_1,{\eta}_2\right),{\eta}_3\right),\kern0.5em \begin{array}{cc}\mathrm{if}& {\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4<0\end{array}\\ {}\operatorname{inf}\left(\eta \right)=\max \left(\min \left({\eta}_1,{\eta}_2\right),{\eta}_4\right),\begin{array}{cc}& \begin{array}{cc}\mathrm{if}& {\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4>0\end{array}\end{array}\end{array}\right. $$
(32)
Similarly, when no carrier phase difference is observed between an authentic signal and a spoofing signal, i.e., α = cos(ϕ − ϕ') = cos 0 = 1, the formula for the lower limit of the spoofing-signal ratio is simplified as follows:
$$ \operatorname{inf}\left\{\eta \right\}=\frac{2-2d}{2-{\tau}_0} $$
(33)
This finding matches the conclusion in Reference [15].
Based on the initial conclusions in Reference [15], when the carrier phases of authentic and spoofing signals are misaligned, the lower limit of the spoofing-signal ratio required for successful spoofing is deduced. When the carrier phases of authentic and spoofing signals are aligned, the formula for the lower limit matches the conclusion in Reference [15]. In the next section, the validity of these conclusions is verified via testing.
