全球导航卫星系统（GNSS）可以为地面用户提供高精度授时服务，已成为各类基础设施网络实现广域时间同步的主要解决方案。因此，GNSS授时过程的安全性也已成为保障重大基础设施稳定运行的关键环节。其中，如何应对欺骗干扰攻击是GNSS授时安全面临的一个重要问题。已有诸多研究验证，通过合理设计并播放伪造的导航卫星信号，欺骗攻击方可以篡改目标设备的GNSS授时结果。同时若能满足各类约束条件，授时欺骗攻击将可以具备一定的隐蔽性。而面对此类隐蔽攻击，已有研究尚未完全解决常规GNSS授时设备的欺骗防御问题。针对该问题，本文首先研究此类授时欺骗攻击的信号特征。根据此类攻击需要在信息层满足的基本约束条件，本文归纳发现了授时欺骗信号需要具备的一种一致性变化特征。该信号特征可作为防御此类攻击的原理基础。之后，本文以商用授时设备为目标开展不同欺骗攻击的对比测试，验证了该信号特征是欺骗攻击保持隐蔽的必要条件，同时也展示了常规授时设备难以防御此类攻击的现实问题。在上述研究基础上，本文设计了一套无需改变常规设备硬件架构的授时欺骗检测与抑制策略，仅通过软件升级便可提升相应设备的反欺骗能力。其中，为弥补已有方法检测能力不足的问题，本文提出了两种针对前述授时欺骗信号特征的检测方法。前者是一种基于信号子钟漂同步偏移的授时欺骗检测方法，可以在时间信息层面检测欺骗攻击带来的异常一致性影响；后者是一种基于信号相关峰同步畸变的授时欺骗检测方法，可以在信号层检测不同卫星信号参数所受的同步篡改影响。两方法均可单独应用，但更适合通过协同的检测窗长选择，开展联合应用，以互补各自性能短板。另外，在实际应用中欺骗检测统计量的计算需要足够长度的信号观测量累积，因此在欺骗启动后，检测告警结果难免存在一定延迟。在这样的检测延迟期间，欺骗攻击将可以有效篡改授时结果——可能在欺骗检测之前，授时误差便已超过后续应用的安全容限。本文又针对这一问题，提出了一种可应用于GNSS授时过程的新息受限卡尔曼滤波方法。相较于传统授时解算方法，该滤波方法通过动态约束未经验证的观测量新息，能提供对欺骗早期影响的抑制能力。而与已有的欺骗抑制方法相比，该方法不需要依赖检测结果便可即时生效，有助于在检测延迟期间，及时抑制授时欺骗攻击影响。上述所提方法的性能优势，均在本文所开发的基于实时卫星信号的反欺骗算法测试平台上得到了验证。

The Global Navigation Satellite System (GNSS) can provide high-precision timing services for users on earth and has become the main solution for wide-area time synchronizing in various infrastructure networks. Therefore, the authenticity of this timing service has also become an essential key to ensuring the safety of major infrastructures. One important issue in securing the GNSS timing process is dealing with spoofing attacks, or known as Time Synchronization Attacks (TSA). Many studies have confirmed that by designing and broadcasting forged satellite signals, attackers can completely deceive the GNSS timing results of the target. Moreover, if certain conditions are met, TSA signals can obtain high stealthiness, which can make it rather hard for existing anti-spoofing methods, without additional hardware, to address.In response to this issue, this article first studies the signal characteristics of such TSAs. Based on the basic constraints that such attacks need to meet at the information layer, this article summarizes and discovers an additional consistent changing feature that TSA signals need to possess. This signal feature can serve as the theoretical basis for defending against such attacks. Afterward, this article conducted comparative tests on different TSAs targeting commercial time service devices, verifying that the signal feature is a necessary condition for TSAs to remain stealthy. At the same time, it also demonstrated the practical problem of conventional GNSS timing services being difficult to defend against such attacks.Based on the above research, this article designs a TSA detection and suppression strategy that does not require changing the hardware architecture of conventional devices. Only by upgrading the software can the anti-spoofing ability of the corresponding devices be improved. Among them, to compensate for the insufficient detection ability to existing methods, this article proposes two detection methods aiming at the aforementioned TSA signal features. First is a signal clock drift synchronization offset detection method. It can detect the abnormal consistency impact caused by TSA attacks at the time information level. The Second is a signal correlation peak synchronous distortion detection method. It can detect the synchronization tampering effects on different satellite signal parameters at the signal layer. Both methods can be applied separately, but they are more suitable for collaborative detection window length selection and joint application to complement each other‘s performance shortcomings. In addition, in practical applications, the calculation of TSA detection statistics requires a sufficient length of signal observation accumulation, so there is inevitably a certain delay in the detection alarm results after TSA started. During such detection delays, TSA attacks can effectively tamper with the timing results. Possibly before spoofing detection, the timing error has exceeded the security tolerance of subsequent applications. This article proposes an Innovation Bounded Kalman filtering method that can be applied to the GNSS timing process to address this issue. Compared to traditional time-solving methods, this filtering method can provide the ability to suppress the early effects of TSAs by dynamically constraining unvalidated observational innovations. Compared with existing spoofing suppression methods, the proposed method can take effect immediately without relying on detection results, which helps to timely suppress the impact of TSAs during detection delays. The superior performances of the three proposed methods all have been verified on a high-fidelity GNSS anti-spoofinng algorithm test bed developed in this study.