Mixed-integer models arise in several geodetic problems, including precise positioning and remote sensing in Global Navigation Satellite Systems (GNSS), as well as deformation monitoring through Interferometric Synthetic Aperture Radar (InSAR) or fringe phase observations from Very Long Baseline Interferometry (VLBI). These problems generally involve two types of unknowns: integer ambiguities a∈Z^n and real-valued parameters b∈R^p, whose accuracy can be significantly improved by correctly resolving the ambiguities. However, in some cases, a large number of ambiguity components are involved and need to be correctly resolved; therefore the ambiguity resolution process becomes a bottleneck for the computations.

One research question is therefore how to effectively tackle the challenges of high-dimensional ambiguity resolution and its computational complexity, while ensuring a successful resolution of the ambiguities. Additionally, a second question arises regarding whether it is possible to solve this challenging problem in the domain of real-valued parameters, e.g. positioning coordinates, given that those are usually the parameters of interest for the user. In response to such questions, this doctoral dissertation is structured in two main parts: the first one looks in the integer ambiguity domain, presenting new flexible estimators and algorithms, ultimately merged into the new Least-squares AMBiguity Decorrelation Adjustment (LAMBDA) 4.0 toolbox; the second one focuses on the real-valued parameter domain where the integerness of ambiguities is still taken into account, where novel dual estimators are presented and an optimal, globally convergent solution is constructed using the branch-and-bound method.

Satellite-based Positioning, Navigation, and Timing (PNT) technologies, including Global Navigation Satellite Systems (GNSS) and emerging Low Earth Orbit (LEO) constellations, alongside Terrestrial Networked Positioning Systems (TNPS) and various other sensors for positioning (e.g., inertial measurement units, cameras, LiDAR), are used and of interest for safety-critical applications across automotive, aviation, rail, and maritime domains. An important positioning safety criterion for these applications is represented by the probability of positioning failure, defined as the probability that a position estimator falls outside an application-specific safety-region. Rigorous quantification of this probability, denoted P_F, is essential to verify compliance with safety requirements and to support the design and evaluation of positioning algorithms and systems.

This thesis addresses the challenges associated with computing  P_F when the position estimator results from a combined parameter estimation and statistical hypothesis testing procedure for model misspecifications in the positioning model. A key challenge is posed by the multimodality of the probability density function (PDF) of the position estimator, which renders analytical integration methods intractable. Another key challenge is represented by the stringent requirements that  P_F must satisfy for safety-critical applications (e.g., below 10^-5), which implies that the event of positioning failure F must be rare—rendering standard Monte Carlo techniques computationally too expensive. Therefore, a novel method is developed in this thesis which addresses these challenges and is grounded in rare event simulation techniques, specifically Importance Sampling and the Cross-Entropy method. This method enables the construction of a 'failure-tree' that decomposes P_F into components conditioned on the hypothesis testing decisions, thereby supporting rigorous positioning safety analyses during the design stage of positioning algorithms, and systems, for safety-critical applications.

The positioning safety is assessed in several representative scenarios. The importance of accounting for estimation–testing dependence is emphasized in a scenario involving cooperative positioning of automated vehicles, where neglecting this dependence results in probabilities of positioning failure being underestimated by an order of magnitude. Furthermore, positioning safety analyses for Unmanned Aerial Vehicles (UAVs) across multiple European airspace regions reveal substantial variability in the probabilities of positioning failure due to changes in receiver-satellite geometry over time, highlighting the importance of comprehensive simulation-based assessments. Additionally, an example is shown in which the probability of positioning failure is computed while accounting for multidimensional model misspecifications (e.g., multiple simultaneous outliers, or faults, in the observations). Collectively, the contributions and findings of this thesis highlight a rigorous approach to computing probabilities of positioning failure and conducting positioning safety analyses.

The use of Global Navigation Satellites Systems is increasing rapidly. More and more applications use positioning and/or timing information form a Global Navigation Satellite System (GNSS). Also more and more people and applications rely on high-precision positioning based on GNSS. The high-precision solution of GNSS is achieved with the use of example augmentation data. For example real-time kinematic (RTK)-GNSS enables centimetre-level positioning. Commonly the augmentation data is sent with the use of internet. At the moment an unsecure internet link is used to sent this augmentation data from the reference station to the user. The aim of this study was to find out if it is possible to manipulate the augmentation data for DGNSS using a cyber attack without being detected, and what the consequences could be for the final estimated parameters of interest. The parameters of interest can be the position and/or the timing. The augmentation data is sent using the Networked Transport of RTCM via Internet Protocol (NTRIP). What is found is that this is an unsecure connection. For an attacker it is possible to use a man-in-the middle attack, where the augmentation data is sent from the reference station, via the hacker, to the user. The data is not encrypted and therefore it is possible for the hacker to see and alter the data. Based on a man-in-the-middle attack this study found that it is possible to manipulate the DGNSS augmentation data, without detection. The model that is used to manipulate the augmentation data is based on a Single Point Positioning model. As long as the manipulation is in the range of the design matrix of the used model, it is not detectable. This means that the manipulation only contributes to the so called influential bias and not, or minimal, to the testable bias. As the name suggest, the result of this manipulation is that the final solution is manipulated due to the effect in the influential bias, and without detection since the testable bias is not changed. GNSS processing is based on non-linear observation equations. This means that those models are linearised before the final solution is estimated based on the least squares estimation. The effect of this non-linearity is minimal, but it means that a (very) small part of the manipulation contributes to the testable bias. This study points out that this small increase of the testable bias is insignificant when the observations are tested based on an overall model test and the w-test. The conclusion of this study is that it is possible to spoof the augmentation data when NTRIP is used to sent the augmentation data. Furthermore, the consequence of augmentation data spoofing is that it can be exactly manipulated by the hacker, based on a certain direction and distance, as long as the magnitude of the manipulation is in the order of 2 to 3 meter.