Galileo OSNMA, the new message authentication feature

What is the OSNMA message authentication function?

Galileo OSNMA is a GNSS-embedded feature that ensures secure end-to-end transmissions from Galileo satellites to GNSS receivers. Designed to prevent GNSS spoofing attacks, the feature assures GNSS receivers that the Galileo navigation message comes from the system itself and has not been tampered with, enhancing the GNSS receiver’s robustness by increasing its ability to detect spoofing attempts.

With the data authentication that Galileo OSNMA provides, it is possible to:

Protect the authenticity of navigation messages transmitted by the Galileo satellites.

Enhance the reliability of GNSS positioning and timing information.

Mitigate spoofed signals by selecting others.

Cross-check other constellations.

Galileo is the first and so far the only GNSS constellation to offer authentication to civilian users.

OSNMA in 7 steps

Message generation. Satellite systems generate navigation messages containing critical information about satellite orbits, clocks, and health. These messages are crucial for ensuring accurate positioning by user equipment.

Key generation. Satellite system operators generate and distribute a secret cryptographic key known only to them.

MAC computation. With this secret cryptographic key, a MAC is computed for each navigation message, which is generated by applying a cryptographic algorithm to the message content. The MAC thus serves as a unique signature for that specific message based on the message content and the secret key.

Inclusion of MAC in the message. The MAC is appended to the navigation message.

Message transmission. The satellite transmits this combined message, including the original navigation message and the MAC.

Key verification. The user equipment can access the secret key of the satellite system operator, which is made public after a certain delay. The receiver calculates a MAC for the received navigation message with this key, relying on the same cryptographic algorithm.

MAC comparison. The user receiver compares the calculated MAC with the MAC received in the message. If the two MACs match, the navigation message has not been tampered with during transmission. This means the message is authentic and can be trusted for use in calculating a position.

Applications

Automotive (ADAS). Galileo OSNMA promises to be a critical feature for the security of vehicles with ADAS functionalities. One of the primary use cases in ADAS is the combination of GNSS’s absolute position and velocity data with relative position information from ranging sensors and cameras. In addition, processing GNSS timing information for interconnected sensors, cameras, and processing units is crucial to maintain synchronization. This synchronized timing is essential for real-time data processing and decision-making. Given the safety and security criticality of these GNSS-based functions, Galileo OSNMA authentication can be a fundamental element of the ADAS security architecture, supporting compliance with standards such as ISO 21434.

Timing. Critical infrastructure, such as telecommunications networks, data centers, and power grids, rely on GNSS for timing and synchronization. These applications require extremely high levels of security because failures can provoke severe consequences. OSNMA helps protect these critical applications against GNSS spoofing attacks.

Numerous servers and devices operate in concert in data centers. Synchronizing timing ensures efficient data processing, which helps prevent disruptions and bottlenecks. Galileo OSNMA empowers telecom providers and data center operators to achieve consistent and synchronized time across their infrastructure. It supports the ever-increasing demands of modern communications and computing systems.

Further applications: surveying, fishing regulations, and agricultural subsidies. Galileo OSNMA may find applications in these different environments. Government organizations may mandate the use of Galileo OSNMA to ensure the authenticity of survey points, preventing surveyors from falsifying data. Regulators of the fishing industry may require fishing boats to submit navigation logs authenticated by Galileo OSNMA to verify that they have only fished in designated areas, thereby protecting against falsified records. Another application could be the monitoring of agricultural subsidies. Under the Common Agricultural Policy, Galileo OSNMA could be used to reduce fraud by ensuring that farmers do not manipulate data to improperly collect subsidies.

The benefits

For engineers:

Security: Engineers can design systems with confidence in the integrity of Galileo data, knowing it's protected from spoofing.

Reliability: Reliable GNSS data enables more robust and fail-safe system designs, especially for security-critical GNSS applications.

For other users: In general, users at various levels should be able to trust that their data is authenticated, providing an additional layer of protection. For example, if automated systems cannot authenticate the data, they could go into a safe state, just like a jamming detector. Governments can also ensure that a user is not hacking the system. Another example could be an insurance company using the feature to monitor driver behavior.

Galileo OSNMA is no longer on the horizon. It is here.

Galileo OSNMA has officially entered its operational phase, bringing real-time signal authentication to Galileo’s Open Service. This milestone marks a significant leap forward in satellite navigation security. At u-blox, we are proud to offer OSNMA-enabled GNSS receivers that authenticate Galileo signals in real time. These solutions provide enhanced protection against spoofing and ensure trusted positioning for critical applications. By embracing the latest in GNSS security, we continue to deliver technology that is both reliable and resilient.