Galileo Open Service Navigation Message Authentication adds another layer of protection against GNSS interference

GNSS interference is on the rise, with spoofing signals every day, providing unreliable or even fake positioning information.
When spoofing tricks our smartphone or vehicle navigation system into believing it is metres, if not kilometres, away from its actual location, it’s a nuisance. When it targets critical applications in sectors such as transportation, finance or telecommunications, it can lead to important service disruptions with associated economic losses. In sectors such as aviation or maritime, this can lead to serious safety risks.
An added layer of protection
The Galileo Open Service Navigation Message Authentication, or OSNMA, is a new authentication mechanism that lets Galileo Open Service users verify the authenticity of their GNSS information. It will be available on 24 July.
“With OSNMA, we increase assurance that the data users receive is indeed coming from Galileo and has not been modified in any way,” says EUSPA Executive Director Rodrigo da Costa.
While the OSNMA does increase the ability to detect spoofing events, it does not prevent their occurrence. Nor does it protect against jamming. “Nonetheless, by amplifying the overall robustness and resilience of the Galileo Open Service, this added layer of protection helps keep users one step ahead of hackers,” adds da Costa.
Galileo is the first GNSS system to offer protection from spoofing attacks as part of its Open Service worldwide. The OSNMA declaration of service follows an extensive testing phase where GNSS manufacturers, integrators and application developers utilised the Signal in Space (SiS) to assess the service’s performance across a range of scenarios and use cases.
Giving Galileo signals a unique digital signature
An integral function of the Galileo Open Service, OSNMA provides data authentication to all enabled receivers. Specifically, the OSNMA authenticates data for geolocation information from the Open Service through the Navigation Message (I/NAV) broadcast on the E1-B signal component. This is realised by transmitting authentication-specific data in the previously reserved fields of the E1 I/NAV message.
By using these previously reserved fields, OSNMA does not introduce any overlay to the system; thus, the OS navigation performance remains untouched.
When OSNMA-enabled receivers receive the signals, they can decode the cryptographic data and, thanks to a previously downloaded public key, verify the authenticity of the position and time data.
Because the OSNMA is transmitted in the Galileo Open Service signal, which is already used in most devices, receivers only need to implement the protocol and download the certified public keys from the European GNSS Service Centre (GSC) website. OSNMA relies as well on the implementation of a trusted time source to start up the protocol, accurate to at least five minutes, and a dedicated logic on the receiver side to guarantee the end-to-end authentication process. The service does not require the storage and management of secret keys on the user side, which facilitates the adoption in different communities. All details can be found in the OSNMA Receiver Guidelines.
The Galileo OSNMA delivers
OSNMA also makes Galileo signals unpredictable, thereby making them difficult to replay. This, combined with basic consistency checks in the receiver and the authentication service in general, makes spoofing an OSNMA-enabled receiver considerably more challenging.
For those segments that rely on accurate positioning information – automotive, timing and synchronisation, professional, maritime, aviation, drones – this is nothing short of a game-changer. Furthermore, and in the context of the frequent spoofing events experienced in recent years, Galileo OSNMA is now being included in the standards for civil aviation receivers, the first step for its adoption by the civil aviation community.
“Stakeholders have clearly articulated the need for more robust GNSS services,” concludes da Costa. “The Galileo OSNMA delivers this robustness and, in doing so, provides enhanced security in positioning and timing solutions.”
“The OSNMA Initial Service declaration has been authorised by the EU Space SAB following independent security checks and cooperation with the Programme to define risk mitigation measures. The cooperation between the SAB, the Commission and EUSPA was instrumental to getting through this very important milestone.” Philippe Bertrand, EU Space Security Accreditation Chair
“With this new capability, the EU is delivering on its commitment to provide secure, reliable space infrastructure that supports critical sectors and protects users across the globe”, says Christoph Kautz, Director for Satellite Navigation and Earth Observation, at DG DEFIS, European Commission
The OSNMA will be provided by EUSPA, which serves as the Galileo service provider.
About Galileo
Galileo, the EU´s Global Navigation Satellite System (GNSS), provides improved navigation, positioning and timing information. More than 4 billion users are already benefitting from Galileo.
The Galileo Programme is owned by the EU. The European Commission, as the Programme Manager, oversees the implementation of all activities. EUSPA is responsible for the operational management of the services, ensuring that they are delivered with the defined performance and without interruption. Galileo's system design and system evolution are entrusted by EUSPA to ESA .
Media note: This feature can be republished without charge provided the European Union Agency for the Space Programme (EUSPA) is acknowledged as the source at the top or the bottom of the story. You must request permission before you use any of the photographs on the site. If you republish, we would be grateful if you could link back to the EUSPA website.