Ensuring trust in GNSS Applications: The Promise of Galileo's OSNMA

In an era marked by the proliferation of Global Navigation Satellite System (GNSS) interference incidents, the integrity and reliability of satellite navigation have never been more critical. Over the air attacks, especially in the form of spoofing (imitating a GNSS satellite's signal) and record-and-replay (rebroadcasting a captured GNSS signal), pose a significant threat, misleading GNSS receivers into reporting incorrect locations undetectably.

Addressing this challenge, the European GNSS constellation, Galileo, is rolling out an authentication system designed to detect malicious signals named OSNMA (Open Service - Navigation Message Authentication). This anti-spoofing service enables Galileo-compatible receivers to detect potential spoofing attempts.

The OSNMA solution works by incorporating cryptographic techniques into the navigation message itself:

  • Signed Navigation Message: Galileo satellites utilize a secret key to generate a digital signature for the navigation data they transmit.
  • Signature and Key Broadcasted: This digital signature, along with a temporary key, are included  in the  navigation message and sent to receivers.
  • Receiver Verification: OSNMA-enabled receivers possess a public key that allows them to verify the authenticity of the temporary key. Once verified, the receiver uses both the temporary key and the signature to confirm the legitimacy of the navigation data.

Through this cryptographic handshake, OSNMA allows receivers to authenticate  the navigation data received from the satellites, frustrating attempts to inject false or re-broadcasted navigation messages.

OSNMA Transmission via Galileo I/NAV (E1-B), source: GALILEO´S OSNMA SiS ICD

Challenges

Two challenges have to be addressed by navigation receivers aiming at exploiting Galileo navigation message authentication service:

  • Implementing an OSNMA client on resource-constrained embedded platforms.
  • Delivering reliable authentication in GNSS environments with degraded signal reception (e.g., urban canyons, under dense foliage, etc…).

Rokubun’s SPEAR OSNMA SDK overcomes these challenges by providing a lightweight OSNMA client designed specifically for resource-limited embedded devices. It offers robust authentication capabilities even in harsh GNSS environments, making it a valuable tool for securing navigation in GNSS-reliant applications. SPEAR OSNMA addresses OSNMA authentication on a page-by-page basis, improving resilience in harsh environments where some I/NAV message pages may be dropped.


Resilience tests

During field trials, we observed that the availability of an authenticated PVT (that is a PVT computed with 4 or more authenticated satellites) was severely reduced when circulating in deep urban scenarios. Obstructions in the GNSS signal directly impacted the full reception of the cryptographic materials (tags and Tesla chain keys) needed to authenticate the message.

We modelled this behaviour and implemented a mechanism to simulate degraded reception in harsh environments.

SPEAR OSNMA’s operational resilience in harsh environments has been tested using the official EUSPA OSNMA test vectors. These vectors comprise synthetic datasets containing navigation messages that cover a wide range of relevant scenarios. To simulate degraded reception in harsh environments, we used the above mechanism to selectively degrade the test vectors in order to mimic real world reception conditions.

Missing navigation data pages (I/NAV) directly affect the time it takes to complete the navigation message and collect the required OSNMA data blocks. To assess performance under degraded conditions, we ran simulations with page-dropping rates ranging from 0% to 60%. We also varied the number of Galileo satellites providing OSNMA data (between 4 and 9).

The simulations measured the Time to First Authentication Fix (TTFAF). This is the time required to successfully authenticate navigation data from at least four different Galileo satellites. Due to the random nature of TTFAF for each page-dropping rate combination, a high number of simulations (500) were run to calculate the average TTFAF.

Additionally, SPEAR OSNMA’s performance was assessed across various initialization states, including:

  • Cold-start: the receiver neither possesses the Public Key nor the TESLA Root Key and they need to be retrieved from the Galileo I/NAV message.
  • Warm-start: The receiver stores the Public key in non-volatile memory and therefore can retrieve and verify the TESLA Root Key and then proceed with the navigation data authentication.
  • Hot-start: the receiver stores both the verified Public Key and a TESLA Root or Chain key in non-volatile memory so that it can immediately proceed with the navigation data authentication.

Results

  • Initialization State: The OSNMA client's initialization state affects the lower bound of TTFAF. This is because the amount of data required for authentication differs depending on the state. A cold-start scenario needs more data compared to a hot-start which only requires navigation data.
  • Number of Visible OSNMA Satellites: At high page-dropping rates, the TTFAF increases faster when there are fewer OSNMA-providing satellites visible. This is due to the redundancy provided by having more satellites transmitting the same data. With fewer satellites, there's less chance of finding the necessary data for authentication, leading to a quicker rise in TTFAF.
Figures illustrating how the TTFAF behaves under different conditions.

Conclusion

While OSNMA offers a robust solution for GNSS spoofing detection, receiver conditions can significantly impact its effectiveness. This is particularly concerning for applications that rely on trusted positioning data.

This webpost addressed the challenges of OSNMA on resource-constrained devices and in harsh environments. We have tested SPEAR OSNMA SDK using various factors including initialization state, number of visible satellites, and degraded signal reception. The results showcase the effect of these factors on the time to achieve a reliable authentication fix.

SPEAR OSNMA SDK offers improved performance in these scenarios with degraded data reception, making it a valuable tool for maintaining reliable navigation and positioning even in GNSS challenging environments.