Article by Dr. Gianluca Marucco (LINKS Foundation)
GNSS is a key enabling technology for a new generation of Location Based Services (LBS), which are able to support highly scalable pervasive applications where a large number of geographically distributed users can be engaged in immersive games or services from public authorities as well as commercial providers. However, GNSS can be prone to threats such as spoofing attacks which can alter the estimated users’ position. This risk has prevented LBS to be used in those mass-market applications that are potentially highly rewarding or where users’ health is involved.
GOEASY is aiming to fill this gap and to enable more secure and privacy-savvy mass-market applications with its two security pillars:
- An end-to-end, adaptive framework for dependable and trusted exchange of information built upon existing open architectures for e-Security;
- The distinctive Galileo authentication feature in its Open Service, the so-call OSNMA (Open Service Navigation Message Authentication).
The GOEASY architecture has been already described in this blog by Dr. Sisay Chala (Fraunhofer FIT). Here we will focus on the second of the abovementioned pillars, i.e. the OSNMA and its implementation in the GOEASY platform.
Galileo OSNMA is provided on the E1-B signal at data level and offered for free. “Navigation Message Authentication” means that the system guarantees to users that the received data are authentic, i.e. have not been modified and come from the Galileo satellites and not from any other source. This feature protects users against specific threats with relatively high likelihood: spoofing attacks feasible with low-cost hardware.
OSNMA is intended to be exploitable from a standalone Galileo receiver without the need of any external assistance. In this case, the time necessary to decode all the required information from the satellites is of the order of some minutes, specifically from three to seven minutes, depending on the algorithm configuration of the OSNMA service provider. Furthermore, signal propagation issues and specific implementation choices in receivers (e.g. power saving) can also affect the actual performances. However, if the receiver is in hot/warm start condition or it can obtain OSNMA data from other sources (e.g. any form of assistance), the Time Before Authentication (TBA) can be greatly reduced.
A GNSS receiver operating in the GOEASY ecosystem falls in the second case, because it operates in a connected framework and it can obtain some information by other connected components.
The GOEASY platform foresees that connected devices can authenticate themselves and exchange data in a secure way. In such an infrastructure, the secure channel can be exploited to send OSNMA related data. Considering this aspect, GOEASY takes full advantage of its platform and provides navigation message authentication using the so-called client-server approach.
The GOEASY implementation of this method is based on:
- A set of reference Galileo receivers that, for each Galileo satellite in view, decode and send to the GOEASY platform the content of the navigation message including the portion allocated to the NMA. These data are associated with a proper time stamp (the Galileo time).
- A database (included in the GOEASY platform) that stores all the decoded navigation messages.
- The GOEASY devices that collect the data from the same satellites in view to the reference receivers and send these data to the GOEASY platform.
- The End-to-End Galileo Authentication component (E2EA) that compares the data collected by the mobile devices to the corresponding data decoded by the reference receivers.
A position is assumed authentic if the Galileo messages, coming from the satellites which are used by the mobile device to compute its position, are authenticated. Strictly speaking, this assumption is not fully correct, because only the navigation messages can be considered as authentic and this is true for every method based on OSNMA. However, this inference is reasonable for the scope of the services offered by GOEASY, since this technique provide a good protection against those types of attack having both the following characteristics:
- are likely, i.e. not too complex to be launched by a malicious attacker;
- can provide an advantage to the (self)attacker, e.g. can simulate a virtuous behaviour eligible of rewarding.