E-GIANTS Project Concludes Study on GNSS Authentication and Security Improvements

The E-GIANTS (European GNSS Improved Authentication Solutions) project was commissioned by the European Commission and technically supervised by EUSPA. The project responds to the growing threat posed by quantum computing to traditional cryptographic methods, which could compromise the security of GNSS services in the coming decade. The study highlights that while quantum computers threaten classic asymmetric cryptography (like RSA and ECDSA), symmetric mechanisms—properly configured—remain secure, guiding the project's design choices.

The project’s scope encompassed three main work objectives:

1. SBAS and OSNMA Key Management: Focused on developing a comprehensive authentication solution for Satellite-Based Augmentation Systems (SBAS) and the Galileo OSNMA (Open Service Navigation Message Authentication) service, using symmetric cryptography to ensure bandwidth efficiency and post-quantum resilience. The solution centres on a TESLA-based (Timed Efficient Stream Loss-tolerant Authentication) protocol, optimised for low authentication latency (about 1 second) and robust message recovery using Reed-Solomon encoding.
2. Additional Dissemination and Improvements of OSNMA: Proposed and validated improvements to the Galileo OSNMA protocol, including the distribution of cryptographic material via secure internet protocols (MQTTS and NTPs) for receivers with connectivity. These enhancements reduce authentication delays, improve cold-start performance, and introduce strategies for cross-constellation authentication, paving the way for integrating GPS and Galileo authentication in the future. The project also explored post-quantum resistant Merkle tree architectures for OSNMA, though further study is needed for large-scale deployment.
3. SBAS Authentication for Non-Aviation Users: Extended authentication solutions to new SBAS services (EGNOS-Next), particularly for non-aviation sectors like maritime, road, and rail. The approach adapts the TESLA-based protocol to high data rate channels (E5C/E5D), ensuring rapid, authenticated access to critical navigation and integrity messages for a broader user base.

Key outcomes of the project include:

• Post-Quantum Resilience: By relying on symmetric cryptography and hash-based structures, the solutions are designed to withstand attacks from future quantum computers, avoiding the bandwidth-heavy hybridisation of classic and post-quantum asymmetric algorithms.
• User-Centric Design: Extensive stakeholder interviews shaped requirements, emphasising minimal receiver hardware/software impact, low authentication delays, and standardised, interoperable solutions.
• Enhanced OSNMA Protocol: The project identified improvements to the OSNMA framework, including asynchronous broadcasting of subframes across the Galileo constellation. This ensures more consistent authentication performance, even in areas with limited satellite visibility. Additionally, the proposal for cross-constellation authentication aims to extend OSNMA’s capabilities to non-Galileo satellites, enhancing its versatility.
• Secure Data Distribution: A new method for distributing cryptographic material to GNSS receivers with internet connectivity was introduced, identifying MQTTS (Message Queuing Telemetry Transport over TLS) and NTPs (Network Time Protocol) as the most suitable network protocols. The implementation of non-SIS services, either independently or in conjunction with SIS, was found to improve authentication, especially in challenging environments.
• System-Level Roadmap: A detailed deployment plan was developed, outlining a roadmap for standardisation, prototyping, and phased implementation, aligning with EGNOS V3 service upgrades and future GNSS receiver capabilities. The roadmap emphasises security analysis, system design, and integration with existing GNSS infrastructure.
• Key Management Innovations: The project addressed vulnerabilities in current cryptographic practices, including the risk of quantum computing threats to classical asymmetric algorithms like ECDSA. Recommendations for resilient key management strategies were proposed to future-proof authentication systems.

By integrating these advancements, the project underscores the importance of robust authentication in maintaining the integrity of GNSS services. The findings and technical proposals from E-GIANTS will contribute to the evolution of Galileo and EGNOS’s capabilities, ensuring its role as a trusted enabler for critical infrastructure across Europe and beyond.

The E-GIANTS consortium recommends further prototyping and experimentation to validate full-scale implementations, as well as continued analysis of internet-based cryptographic material distribution and time synchronization services. Standardization activities are underway to harmonize these authentication mechanisms across European and global SBAS systems.

The complete final report can be found here.

Media note: This feature can be republished without charge provided the European Union Agency for the Space Programme (EUSPA) is acknowledged as the source at the top or the bottom of the story. You must request permission before you use any of the photographs on the site. If you republish, we would be grateful if you could link back to the EUSPA website.