Nowadays, GNSS-based navigation is moving more and more to critical applications. Global Navigation Satellite Systems (GNSS), which in the past used to be represented by the American GPS and the Russian GLONASS are now growing in number and performance. The European systemGalileo
...
Nowadays, GNSS-based navigation is moving more and more to critical applications. Global Navigation Satellite Systems (GNSS), which in the past used to be represented by the American GPS and the Russian GLONASS are now growing in number and performance. The European systemGalileo and the Chinese systemBeidou are being deployed, while GPS and GLONASS are being modernized. The availability of a larger number of satellites to provide measurements, together with a new frequency dedicated to civil use, are strongly increasing the application potential of GNSS technology. To be used in aviation, in particular during critical phases of flight as approach and landing, satellite navigation shall provide a very high level of service. Correctness—within tight bounds—of the position solution, shall be guaranteed to extremely high levels of probability. In operating an aircraft, the risk for so-called HazardouslyMisleading Information (HMI) due to the navigation systemis typically budgeted at the 10−7 to 10−9 level. These extremely tight requirements constitute a guarantee of safety, which is called integrity. More formally, integrity is about the trust that a user can have in the navigation service (and more specifically, the indicated position information). The trust is measured by the probability of HMI (or integrity risk), which is the probability that the position error exceeds a certain tolerance, without being detected and an Alert being raised in time.
Commonly, a distinction is made between system-level integrity and user-level integrity. At system level, integrity is monitored directly by the GNSS control segment and can be monitored by additional external augmentation systems. At user level, integrity is monitored directly by the user via statistical methods. This dissertation focuses on user-level integrity monitoring, also called Receiver Autonomous IntegrityMonitoring (RAIM). In a RAIM method, integrity ismonitored by exploiting the redundancy of theGNSS signals as collected at the receiver. Calculations are performed within the user equipment itself to check the measurements’ consistency. RAIM computations are possible as long as a number of satellites
larger than the minimumnecessary for a position fix (four in case of single constellation) is visible.
RAIM algorithms have been investigated since the late 1980s, starting with publications by Lee, Brown and Brenner. As main representative and reference of the first generation RAIM algorithms we cite the Weighted RAIM algorithm, also referred to as Least-Squares-Residuals (LS) RAIM, proposed by Walter and Enge. This algorithm is still in use today, typically implemented in aviation grade GPS receivers, to provide low-precision lateral integrity only. As of today no RAIM implementation exists for any application requiring integrity in the vertical plane (i.e. precision approaches), which has more stringent certification requirements. To serve this scope second generation RAIMalgorithms are nowbeing developed and tested, as for instance the Advanced RAIM(ARAIM), proposed by the Stanford group.
Different approaches being around show that the community has not reached convergence on the subject of integrity of GNSS for aviation yet, especially on RAIM. The Least Squares residuals RAIM, was the staple of the first generation RAIM: its algorithmwas found to be not completely flawless from a theoretical point of view and is not designed to deal with a multi-constellation system. The ARAIM is currently being tested but has not reached yet a definitive shape and has not fully convinced the community because of its high computational load, its convoluted structure and supposed approximations. New alternative approaches are also being proposed.
This dissertation offers to the community a critical review of the most popular RAIM algorithms currently available or under development (in particular LS RAIMand ARAIM), and highlights their major strengths and shortcomings. Furthermore it reviews the DIA procedure, a well-established method for gross error detection in geodesy developed by TU Delft, and proposes its application to the RAIMproblem. A connection is made fromthe DIA concept of reliability to integrity risk and a method to evaluate RAIM performance parameters (False Alarm and HMI rates) for a multi-step exclusion/adaptation procedure is proposed (by means of the concept of worst-case bias). The study performed shows the viability of
the DIA procedure as an alternative RAIMprocedure, and its competitive performance compared to the algorithms currently in use or under development in aviation (LS RAIM and ARAIM). Simulation results show that in several scenarios the DIA method performs significantly better than the others. Points of improvement are nevertheless individuated, also in the DIA, and recommendations are given for the development of the RAIMof the future.
In particular, as a result of the algorithms review and the simulation results, it is concluded that all RAIM algorithms discussed, including the DIA procedure, have room for improvement. Both ARAIM and DIA show safe performance (i.e. risk is never larger than required/announced), but some of the approximations employed in ARAIM seem rather conservative and its exclusionmechanismseems not particularly effective. At the sametimealso the DIA exclusion mechanismdoes not appear to performoptimally, fromthe integrity maximization point of view. From a reliability analysis point of view — i.e. prior computation of the probability of HMI (PHMI) based on the satellite geometry alone — the DIA performs better than ARAIM, i.e. can guarantee higher availability (and higher continuity in a faulty scenario). On the other hand one of the mainweaknesses of the RAIMalgorithms analyzed is the Exclusion (or Adaptation) mechanism. Both ARAIM and DIA procedures recognize that in many geometries—given a requirement on the continuity—attempting exclusion introduces more risk than just declaring Alert. This suggests that further investigation is required to develop a more robust and reliable exclusion method for integrity.@en