ESA title


  • ACTIVITYFeasibility Study
  • STATUSCompleted
  • THEMATIC AREAInfrastructure & Smart Cities, Transport & Logistics, Safety & Security, Maritime and Aquatic

Objectives of the service

GNSS Jamming and Spoofing attacks pose a severe risk for all services based on GNSS.

Due to this risk, this project performs a feasibility study on the injection of space-recorded raw data into the existing proprietary algorithm called CMCU (Central Machine learning Computation Unit), making the possibility of having a worldwide detection system for GNSS Jamming and Spoofing a reality.

The flexibility of the Machine Learning Algorithms inside of the CMCU allows the combination of ground and space-recorded raw signals uniquely, providing a powerful tool to end-users whose services and processes depend on reliable GNSS signals.
During the last few years, GNSS attacks have received considerable media attention, and the current geopolitical situation makes the need for countermeasures key for any GNSS-dependent businesses. The main goals of the system are to enable quick identification of the attack and support decision-makers in their assessments of events.

Use Case 1 considers an API (Application Programming Interface) for end-users, allowing them to receive automated alerts of events in the area of interest. Use Case 2 implements a web interface with an interactive map, allowing end-users to get historical information regarding events in a particular area.

Users and their needs

The service is oriented toward two main user communities worldwide: 

  1. Companies providing added value services to their customers based on GNSS reference stations (e.g., GNSS corrections).

  2. Maritime users (maritime fleet operators and users that operate maritime testbeds).

During the execution of the project, the needs in terms of critical infrastructure (i.e. maritime ports and airports) were made clear by the users.

The service added value for end-users is:

  1. Risk reduction when using external receiver networks. 

  2. Savings due to reliability and savings in reduced time for troubleshooting their infrastructure

  3. Savings in KPIs infractions.

  4. Savings in maintenance costs.

  5. Historical information for decision-making support to the design of new routes (to maritime vessels fleets operators).

Service/ system concept

RESIST is set to be a service to add robustness to GNSS services. The product will evaluate the presence of human attacks on the GNSS signal. The CMCU (Central ML Computation Unit), based on Machine Learning (ML) implements the core of the system to analyse the satellite-recorded raw data and allows the detection of GNSS attacks.

RESIST shall act as the means to implement a worldwide GNSS attacks detector. The system is intended to operate on a real-time basis and offers a range of services.

The high-level blocks associated with the RESIST are detailed in Figure 2 High-level blocks of the RESIST system.


Raw data will be collected from satellite providers. Signals are recorded from LEO constellations and given to the core of the RF Analytics to analyse them.

The input handler is composed by:

  • Satellite data ingestion functions: The data provided by the LEO constellation operators will need to be received and managed by the RF Analytics system. These functionalities will implement the external ICD towards the data provider, as agreed with the different providers. 

  • Data Transformation functions: Depending on the provider, the signal can be formatted in different ways. To perform the evaluation in the Data Processor function, an initial pre-processing and format adaptation is required.

  • Internal secure reporter functions: This function will implement the internal ICDs between the Input Handler functionalities and the data processor. Allowing the reception of the data by the CMCU, along with the distribution of the geolocation data to the following functional blocks. Based on the geolocation, the CMCU processing will be sorted so that those critical areas (Use Case 1) shall be computed with priority against the areas from Use Case 2.


To evaluate the input data, the processing in this block is split. The geographical information related to the record of the signals is needed to be estimated. Next, the raw data is evaluated by the CMCU, the core algorithm of the system. It will analyse the presence of a Jamming/Spoofing attack and report the results in a database.

  • Geolocation service functions: Groups of functionalities associated with the geolocation estimation of the signal originator.

  • CMCU: The raw data is evaluated by the CMCU, the main algorithm of the system. It will analyse the presence of a Jamming/Spoofing attack and report the results in a database.

  • Results aggregation layer: Groups of functionalities responsible for evaluating the output from the CMCU algorithm. This component sorts the data adding metadata to deliver this information to the user. 

  • Reporting Database: Groups of functionalities associated with the storing and transmission of the aggregation layer information. The information will contain the following:

    • Timestamp: Time when the evaluation is made.

    • Latitude and Longitude: Geographic position of the reporting signal.

    • RFI: Radio Frequency Interference 

    • Spoofer: Determines the presence of the spoofer.

    • SVID: Indicates the satellite on which the evaluation has been made.

    • Other


By means of the User Interface, the user is allowed to access the RESIST core algorithm reports. The interface use will depend on the case of use and the user’s needs.

  • User Management: A group of functionalities dedicated to communicating the web interface with the information obtained by the data management.

  • Event Launcher: In Use Case 1, when an event is detected for a determined location, it is reported to the user. Raw data from the event may be stored for forensic analysis and Machine Learning training.

  • Interactive Map: In Use Case 2, the web interface allows one to search for reports in the different areas from a map.


The support and control functions group the functionalities related to monitoring and controlling the RESIST elements and required support functionalities.

  • Backup management functions: Groups the required functionalities for information backup and recovery.

  • Monitoring and control functions: Groups the functionalities associated with monitoring the RESIST operation and performance, modification of the RESIST component variables and configuration, visualisation of the different operation and performance variables and operator console.

  • Fault detection and isolation: Groups the set of functionalities which allow failure detection, supporting the identification and isolation of the failed component.


Space Added Value

Using satellite-recorded data allows for expanding the GNSS threats monitoring networks quickly and reliably on a global scale.

This Space data usage unblocks the possibility of monitoring areas without close ground infrastructure and reduces the cost of deployment protection techniques. RESIST usage of satellite signals sets the basis for providing a real-time global framework for safe GNSS operations.

Current Status

The feasibility study completed successfully in June 2023.

The System design was performed and approved. Several workshops with end-users were held to understand their needs and gather feedback about the proposed system and the related system requirements. A second round of workshops was held with the users to show them the laboratory and test environment of the system, gathering feedback on the user interface’s look and feel.

The Installation, Operations and Maintenance procedures catalogue was produced. The implementation of the proof of concept is now completed, and the system has been validated.

Figure 3 The RESIST UIH Interface showing a Spoofer for several Galileo satellites (E1) in Paris


Figure 4 RESIST Commander interface, showing the model update options of CMCU.

Prime Contractor(s)

Status Date

Updated: 25 July 2023