利用 Galileo 的 OS-NMA 服务实现反欺骗功能

从诞生伊始，u-blox M9 和 F9 GNSS 接收机就采用众所期待的 Galileo 的采用身份验证技术的 GNSS 信号。

在过去的二十年中，基于卫星的定位已成为我们不断依赖的必不可少的日常技术，即使在没有意识到的情况下也是如此。随着应用和用例的不断扩展（很大程度上是由于拥有成本的下降和定位精度的提高），很快地球上的每个人都会拥有一个正在运行的 GNSS 接收机。但是现在，随着精度挑战几乎均已得到解决，安全性正成为延缓新型、利润丰厚的业务模型和新兴关键应用的发展速度的关键因素。

这就是欧盟全球导航卫星系统 Galileo 的一项新服务令人如此兴奋的原因。Galileo 于 2013 年首次提出，其开放服务导航电文身份验证 (OS-NMA) 系统能够让 GNSS 接收机确保其接收到的卫星信号确实来自 Galileo 卫星，并且未经篡改。该方法导致黑客和其他不良行为者更难以通过向其发送欺诈信号来欺骗 GNSS 接收机。欧洲 GNSS 星座将是首个免费向民用用户提供经过身份验证的导航电文的机构。

欧洲 GNSS 机构 (GSA) 用来验证信号的方法已在互联网上的数字通信中得到充分证明。该方法包括将加密的身份验证签名附加到 GNSS 导航电文，该签名可用于基于混合对称/非对称密钥方法来验证消息（更多详情请访问此处）。

该服务仅适用于能够安全存储用于解密身份验证消息并确保其可信任的公钥副本的先进的 GNSS 接收机。为了确保 Galileo 导航服务的当前用户不会遇到服务中断，在 Galileo 的 E1B 频段上广播的新导航电文将完全向下兼容。这意味着，老款接收机用户仍将能够使用该接收机来确定位置，仅是享受不到消息认证的增值服务。

实现完全安全的定位的一个关键步骤
GSA 此举是为了响应各行业对安全定位技术不断增长的需求。欧洲 GNSS 机构 (GSA) 市场开发主管 Fiammetta Diani 表示：“在 GSA，我们与业界紧密合作，设计并利用 Galileo 的独特功能，并迅速开发了新的应用来满足用户需求。”

OS-NMA 是该机构的计划的第一步，该步骤不会完全解决 GNSS 安全挑战。但是，该步骤将大幅提高进行此类攻击所需的复杂程度，从而使经常成为欺骗攻击目标的各种应用受益。此类应用包括用于卡车、出租车和拼车车辆的智能行车记录仪，以及用于商业货船和渔船的跟踪设备。可靠地标记欺骗企图将导致相关公司更难以通过篡改 GNSS 接收机来规避立法。 

GNSS 数据身份验证还将在所谓的关键任务用例中扮演重要角色，包括高级驾驶辅助系统、自动驾驶或任何数量的易发风险的商业活动。而且，毫无疑问，通过缓解 GNSS 的主要漏洞，该功能还将为零售和物流、智能城市和互联行业中的非关键型用例增加价值。

从一开始就利用 OS-NMA
作为 GNSS 车联网解决方案的领先供应商，u-blox 长期以来一直处于将 OS-NMA 的益处带给客户的前线。举例来说，通过积极参与由欧盟牵头的智能行车记录仪专家小组，我们正在帮助推动 OS-NMA 的实施。因此，我们最新的 GNSS 平台（u-blox M9 适用于标准精度定位，u-blox F9 适用于高精度定位）从诞生伊始就采用了利用 Galileo 的经过身份验证的导航信号的设计。

“我们很高兴看到 GNSS 制造领域的关键参与者，包括 u-blox，已经期待利用 Galileo 的新功能，特别是开放服务导航电文身份验证，来为欧洲道路以及其他道路的安全运输做出贡献”，GSA 的 Fiammetta Diani 说。

OS-NMA 是我们提高 GNSS 接收机的安全性和可靠性的方法的基石之一。该系统通过同时监视多个频段上的几个 GNSS 星座的信号，以及集成惯性传感器输入等其他数据来实现改进。尽管如此，对于 Galileo 和 u-blox 而言，OS-NMA 仅是向着实现完全安全的基于 GNSS 的定位技术迈出的又一步。

That’s why there is so much excitement around a new service from Galileo, the EU’s global navigation satellite system. First conceived in 2013, Galileo’s open service navigation message authentication (OSNMA) system lets GNSS receivers ensure that the satellite signals they receive are, indeed, from Galileo satellites, and that they have not been modified.  The approach makes it more difficult for hackers and other bad actors to spoof GNSS receivers by feeding them fraudulent signals. The European GNSS constellation will be the first to offer authenticated navigation messages to civilian users free of charge.

The approach the European GNSS Agency (GSA) adopted to authenticate the signals is already well established for digital communication on the internet. It consists of appending an encrypted authentication signature to GNSS navigation messages, which can be used to verify the messages based on a hybrid symmetric / asymmetric key approach (described in more detail here).

The service will only be available to advanced GNSS receivers that are able to securely store a copy of the public key used to decrypt the authentication message and to ensure that it can be trusted. To ensure that current users of Galileo’s navigation services do not see their service interrupted, the new navigation messages, broadcast on Galileo’s E1B frequency band, will be fully backward compatible. This means that older receivers will still be able to use them to determine their position, simply without the value-add of message authentication.

A critical step towards fully-secure positioning

The move by the GSA comes in response to growing demand across industries for secure positioning technology. “At the GSA, we work in close collaboration with the industry to design and leverage Galileo’s unique capabilities and rapidly develop new applications to respond to user needs,” said Fiammetta Diani, Head of Market Development at the European GNSS Agency (GSA).

OSNMA, step one in the agency’s plans, will not entirely solve the GNSS security challenge. It will, however, considerably raise the level of sophistication that such attacks require, benefiting a variety of applications that are frequent targets of spoofing attacks. These include smart tachographs used in trucks, taxis and ride-sharing vehicles, and tracking devices used in commercial cargo and fishing vessels. Reliably flagging spoofing attempts will make it more difficult for companies to skirt legislation by tampering with the GNSS receivers.  

GNSS data authentication will also play an important role in so-called mission critical use cases - think advanced driver assistance systems, autonomous driving, or any number of risk-prone commercial activities. And, by mitigating on of GNSS’s main vulnerabilities, it will no doubt add value in less critical ones as well, in retail and logistics, smart cities, and connected industries.

Leveraging OSNMA from day one

As a leading supplier of GNSS receives for telematics solutions, we at u-blox have long been at the front line in bringing the benefits of OSNMA to our customers. Through our active involvement in the EU-led group of experts on the smart tachograph, for example, we are helping drive the implementation of OSNMA. That’s why it should hardly come as a surprise that our latest GNSS platforms (u-blox M9 for standard precision positioning, u-blox F9 for high precision positioning, u-blox X20 all-band high precision positioning, as well as our F10 GNSS timing receiver) are designed to leverage Galileo’s authenticated navigation signals from the day they go live.

“We are glad to see that a key player in GNSS manufacturing, such as u-blox, is already looking forward to exploit Galileo new features and in particular the Open Service Navigation Message Authentication to contribute to safer road transportation in European roads, and beyond,” says GSA’s Fiammetta Diani.

OSNMA is one of the cornerstones of our approach to increase the security and reliability of our GNSS receivers. It adds to improvements made by concurrently monitoring signals from several GNSS constellations on multiple frequency bands, as well as integrating other data, such as input from inertial sensors. That being said, for Galileo and for u-blox, OSNMA is just one more stepping stone towards fully-secured GNSS-based positioning technology.