OSNMA: the latest in GNSS anti-spoofing security

As technological advances allow GPS/GNSS[1] devices to be more reliable, our lives are becoming increasingly dependent on accurate positioning and timing. Today, GNSS time is used to synchronize telecom and energy grids, while precise positioning is used to navigate drones and self-driving cars, as well as to automate agricultural and construction machinery. As new use cases pop-up on regular basis our reliance on GNSS grows globally. This means that having a secure spoof-proof communication channel between satellite and receiver becomes increasingly important to ensure trustworthy or Assured PNT (Positioning, Navigation, and Time) especially in critical and industrial applications.

To further improve transmission reliability, the European GNSS system, Galileo, has developed the OSNMA anti-spoofing service, which allows secure end-to-end transmission from Galileo satellites to OSNMA-enabled GNSS receivers. OSNMA (Open Service Navigation Message Authentication) will soon be available free of charge to users and has recently moved into the final testing phase. As ESA’s long-term partner, Septentrio has been contributing to the design and testing of the Galileo system since its inception 20 years ago. Today Septentrio is playing a key role in the OSNMA testing efforts, with its receivers being the first to authenticate live OSNMA test signals.

car-in-tree-GPS-GNSS-spoofed
Figure 1: During a spoofing attack, modified GPS/GNSS data is sent into the target receiver, fooling it into showing a wrong location

Securing GNSS receivers against jamming and spoofing

OSNMA is one component of a vast array of technologies that protect GNSS receivers from interference. Both jamming and spoofing are a type of radio interference, which happen when weak GNSS signals are overpowered by stronger radio signals on the same frequency. Jamming is a kind of “white noise” interference, causing accuracy degradation or even loss of positioning.

Spoofing is a more sophisticated form of interference which fools a receiver into calculating a wrong location. During a spoofing attack, a nearby radio transmitter sends fake GNSS signals to the target receiver. For example, a cheap SDR (Software Defined Radio) can fool a smartphone into showing its current location on top of Mount Everest!  

You might have caught some spoofing events presented in the recent news. For example, C4ADS, an NGO conducting data-driven analysis of conflict and security matters, concluded that Russia has been extensively using GNSS spoofing to divert aerial drones from entering airspace in the vicinity of governmental figures, airports and sea ports [2].

Highly secure anti-spoofing protection with OSNMA

OSNMA secures Galileo signals against spoofing by enabling authentication of navigation data, which carries information about satellite location. Navigation data security is important because any modification of this information would result in erroneous positioning calculation.

OSNMA makes use of a hybrid Symmetric/Asymmetric cryptography technique. A secret key on the satellite is used to generate a digital signature. Then both signature and key are appended to the navigation data and transmitted to the receiver. OSNMA is designed to be backwards compatible, so that positioning without OSNMA will still work.

Authentication with OSNMA-enabled receivers

A sophisticated algorithm within the OSNMA-enabled receiver uses a public key to check the authenticity of the transmitted key. It then uses the transmitted key and the digital signature to check the authenticity of the navigation data. If a satellite signal is flagged as spoofed, it is excluded from the positioning calculation.

Septentrio-Galileo-OSNMA-GNSS-signals-authentication
Figure 2: A cryptographic algorithm inside an OSNMA-enabled GNSS receiver authenticates Galileo OSNMA signals

OSNMA is one piece of the puzzle comprising a sophisticated interference defense system, such as AIM+ (see image below). For example, AIM+ can also detect spoofing by searching for signal anomalies, such as unusually high power. It also works together with RAIM+ integrity algorithm to ensure range (distance to satellite) validity by comparing ranging data from various satellites.  

AIM+ won’t even be fooled by an advanced GNSS signal generator, i.e. Spirent GSS9000. Even with realistic power levels and valid navigation data, AIM+ still identifies the simulated signal as “not authentic”.

Other advanced anti-spoofing techniques such as using a dual-polarized antenna are being developed today, read more about this method here.

Future-proof receivers for today and tomorrow

OSNMA is already being implemented today to secure synchronization of telecom networks, in the GSA-led ROOT project, with Septentrio as a key partner. 

Septentrio-Inteference-Mitigation-AIM+
Figure 3 : OSNMA is one piece of the puzzle comprising a sophisticated interference defense system: AIM+ (Advanced Interference Mitigation) protecting the GNSS receiver against jamming and spoofing

In the framework of this project, the mosaic-T GNSS module, equipped with AIM+ technology, provides resilient and accurate timing solution to mission critical infrastructure. Various global players such as Airbus are the first to try out OSNMA authentication of live Galileo signals with specialized Septentrio GNSS receivers.

The American GPS system is also developing their own authentication mechanism called Chimera. Future-proof GNSS receivers are designed in such a way that allows users to take advantage of OSNMA, Chimera and other GNSS value-added services as soon as they become publicly available. Integrating future-proof receivers in high-accuracy solutions, allows companies to be the first to market with products or services offering the latest in PNT resilience.

 

Footnotes:

[1] GNSS: Global Navigation Satellite System including the American GPS, European Galileo, Russian GLONASS, Chinese BeiDou, Japan’s QZSS and India’s NavIC. These satellite constellations broadcast positioning information to receivers which use it to calculate their absolute position.

[2] Spoofing incidents are regularly reported in the news, read findings about recent spoofing attacks from C4ADS.



*Main image credit:© ESA-Pierre Carril

For more information on spoofing see our previous insight: What is spoofing and how to ensure GNSS security

Read more about the ROOT project that uses OSNMA to Secure Synchronization of Telecom Networks.
 

 

Related brochures:

Related webinars: