GALILEO OPEN SERVICE NAVIGATION MESSAGE AUTHETICATION (OS-NMA)

Print

The new generation of satellite enabled applications is relying on resilient and accurate GNSS signals as a key element for many critical projects to ensure highly accurate Positioning, navigation, and Timing (PNT) data.

Safran offers GNSS testing and simulation solutions designed to ensure the performance, resilience and accuracy of your system for complex GNSS applications. Safran Electronics & Defense is with you every step of the way, building in the intelligence that gives you a critical advantage in observation, decision-making and guidance.

The Challenges of Jamming and Spoofing Attacks

GNSS technology is the primary global technology for positioning, navigation & timing (PNT), and it is critical that it continues to evolve and become more secure and resilient. Jamming and spoofing attacks are becoming increasingly more common on GNSS systems and technologies.

Jamming is simply the ability to overpower the GNSS signals that are transmitted from satellites since they have traveled long distances. Spoofing is a more sophisticated attack where fake GNSS signals are transmitted to fool a receiver into misrepresenting its location and timing.

IMAGE

Open Service Navigation Message Authentication (OS-NMA)

Open Service Navigation Message Authentication (OS-NMA) is an authentication service that is emerging for GNSS technology – specifically in the Galileo satellite constellation. OS-NMA allow GNSS receivers to verify the authenticity of received data in order to protect against potential jamming or spoofing attacks that can result in service disruptions, denial incidents, and more severe consequences. OS-NMA will be a free service for Galileo Open Service users but does require a compatible receiver to decode and authenticate.

The OS-NMA service will help to build a more robust and resilient GNSS service for the European Union (EU).

The European Union Agency for the Space Programme (EUSPA) launched the test phase in
November 2020, and Galileo satellites began transmitting the authentication data. This data is currently being transmitted for public observation and evaluation. Full operational capability (FOC) is targeted for availability in 2023.

OS-NMA Authentication & Architecture

The data authentication used by Galileo OS-NMA can be summarized as follows:

  • The receiver demodulates the navigation data and a Message Authentication Code (MAC) that authenticates the plaintext navigation message.
  • The receiver demodulates the Timed Efficient Stream Loss-tolerant Authentication
    (TESLA) key required to authenticate the MAC. This key is broadcast by the system with some delay (with respect the associated MAC).

IMAGE

  • The receiver authenticates the TESLA key using a previous key from the chain that is
    considered authentic or from the root key. This key is part of a pre-generated one-way
    chain (which has a public root), and which is transmitted in reverse order with respect to its generation.
  • The receiver re-generates the MAC key with the data, which should match the previously received MAC.

Safran + OS-NMA

Safran will provide Galileo OS-NMA simulation support in the form of two phased and
separate solutions. These solutions will be available to customers that have purchased
the Galileo constellation.

Solution 1

This solution is well-suited for most receiver integrators that want to test the OS-NMA
capability of a receiver with the official test vectors from EUSPA.

Available at no charge within Q1-2023, this solution will support the available official test
vectors sample data, which supports the verification of OS-NMA functionality implementation.

Safran is basing this solution on the EUSPA (OS-NMA) Receiver Guidelines (Issue 1.0 – December 2022), and will also include:

  • List of test vectors (CSV format) and cryptographic materials (Public Key and Merkle tree root).
    Accessible from the EUSPA website, this raw data will be shared.
  • Skydel format (SDX) scenarios.
    Users will simply need to load a scenario corresponding to the test vector they wish to simulate.
    This solution allows users to easily and quickly customize their scenarios. For example, users can load an OS-NMA scenario, then add a jammmer/spoofer.
  • Safran use cases documented in a dedicated application note.

Solution 2

This solution will provide full flexibility in the configuration of the scenario (time, navigation message, etc.) as well as the OS-NMA authentication parameters (keys, encryption algorithms, message sequences, etc.). It will be useful for advanced users (e.g.: receiver manufacturers) that test receivers in a wide range of edge and corner cases.

Available later in 2023, this phase will include the following elements in Skydel:

  • A new Skydel engine supporting OS-NMA SIS ICD 1.0.
  • Authentication of the Galileo E1 OS Navigation Message.
  • Support for the Timed Efficient Stream Loss-tolerant Authentication (TESLA) protocol.
  • Useful crypto material for running user-programmable simulation tests scenarios.
  • This feature will be ready for future software updates in accordance with the next phases recommended by EUPSA.

Related Resources Related Resources

Andre Demers
ABOUT THE AUTHOR
Andre Demers

Andre Demers is the Technical Product Marketing Manager for GNSS products and solutions at Safran. Andre leverages his decades of experience in the simulation software industry to craft stories and articles that resonate with the GNSS community. Previously at Autodesk, CM Labs, Ultra Electronics, and CAE, Andre’s approach to marketing technology is both user-focused and pragmatic. Based in Montreal, Canada, Andre is a full-stack marketer that has managed marketing teams, planned global events, published e-books, and produced an award-winning documentary. With Safran since August 2022, Andre holds a BA in English form Concordia University and has been certified with Pragmatic Marketing and HubSpot.