Skydel's New OS-NMA Functionality

Galileo Open Service Navigation Message Authentication (OS-NMA)

The new generation of satellite enabled applications is relying on resilient and accurate GNSSGlobal navigation satellite system (GNSS): A general term describing any satellite constellation that provides positioning, navigation, and timing (PNT) services on a global or regional basis. See also signals as a key element for many critical projects to ensure highly accurate Positioning, navigation, and Timing (PNTPosition, Navigation, and Timing: PNT and map data combine to create the GPS service.) data.

Safran offers GNSS testing and simulation solutions designed to ensure the performance, resilience and accuracy of your system for complex GNSS applications.

The Challenges of Jamming and Spoofing Attacks

GNSS technology is the primary global technology for positioning, navigation & timing (PNT), and it is critical that it continues to evolve and become more secure and resilient. Jamming and spoofing attacks are becoming increasingly more common on GNSS systems and technologies.

Jamming is simply the ability to overpower the GNSS signals that are transmitted from satellites since they have traveled long distances. Spoofing is a more sophisticated attack where fake GNSS signals are transmitted to fool a receiver into misrepresenting its location and timing.

Open Service Navigation Message Authentication (OS-NMA)

Open Service Navigation Message Authentication (OS-NMA) is an authentication service that is emerging for GNSS technology – specifically in the Galileo satellite constellation. OS-NMA allows GNSS receivers to verify the authenticity of received data in order to protect against potential spoofing attacks that can result in service disruptions, denial incidents, and more severe consequences. OS-NMA will be a free service for Galileo Open Service users but does require a compatible receiver to decode and authenticate.

The OS-NMA service will help to build a more robust and resilient GNSS service for the European Union (EU).

The European Union Agency for the Space Programme (EUSPA) launched the test phase in November 2020, and Galileo satellites began transmitting the authentication data. This data is currently being transmitted for public observation and evaluation. Full operational capability (FOCFull Operational Capability refers to military acquisition missions that have been completed the development phase. This phase comes after an initial operational capability phase.) is targeted for availability in 2023.

OS-NMA Authentication & Architecture

The data authentication used by Galileo OS-NMA can be summarized as follows:

• The receiver demodulates the navigation data and a Message Authentication Code (MAC) that authenticates the plaintext navigation message.
• The receiver demodulates the Timed Efficient Stream Loss-tolerant Authentication (TESLA) key required to authenticate the MAC. This key is broadcast by the system with some delay (with respect the associated MAC).

• The receiver authenticates the TESLA key using a previous key from the chain that is considered authentic or from the root key. This key is part of a pre-generated one-way chain (which has a public root), and which is transmitted in reverse order with respect to its generation.
• The receiver re-generates the MAC key with the data, which should match the previously received MAC.

Safran + OS-NMA

Safran will provide Galileo OS-NMA simulation support in the form of two phased and separate solutions. These solutions will be available to customers that have purchased the Galileo constellation.

Solution 1

This solution is well-suited for most receiver integrators that want to test the OS-NMA capability of a receiver with the official test vectors from EUSPA.

Available at no charge within Q1-2023, this solution will support the available official test vectors sample data, which supports the verification of OS-NMA functionality implementation. Safran is basing this solution on the EUSPA (OS-NMA) Receiver Guidelines (Issue 1.0 – December 2022), and will also include:

• List of test vectors (CSV format) and cryptographic materials (Public Key and Merkle tree root).Accessible from the EUSPA website, this raw data will be shared.
• Skydel format (SDX) scenarios.

Users will simply need to load a scenario corresponding to the test vector they wish to simulate. This solution allows users to easily and quickly customize their scenarios. For example, users can load an OS-NMA scenario, then add a jammmer/spoofer.

• Safran use cases documented in a dedicated application note.

Solution 2

This solution will provide full flexibility in the configuration of the scenario (time, navigation message, etc.) as well as the OS-NMA authentication parameters (keys, encryption algorithms, message sequences, etc.). It will be useful for advanced users (e.g.: receiver manufacturers) that test receivers in a wide range of edge and corner cases.

Available later in 2023, this phase will include the following elements in Skydel:

• A new Skydel engine supporting OS-NMA SIS ICD 1.0.
• Authentication of the Galileo E1 OS Navigation Message.
• Support for the Timed Efficient Stream Loss-tolerant Authentication (TESLA) protocol.
• Useful crypto material for running user-programmable simulation tests scenarios.
• This feature will be ready for future software updates in accordance with the next phases recommended by EUSPA.