Telecoms, Datacoms, Wireless, IoT

Out-of-the-box spoofing mitigation with Galileo’s OS-NMA service

29 May 2020 Telecoms, Datacoms, Wireless, IoT

Over the past two decades, satellite-based positioning has become an indispensable, everyday technology that we constantly rely on – often even without being aware of it.

With the relentless expansion of applications and use cases, driven largely by falling cost of ownership and improvements in positioning accuracy, there will soon be one GNSS receiver in operation for every person on the planet. But now, with the accuracy challenge all but solved, security is becoming a key factor slowing the development of new, lucrative business models and emerging critical applications.

That’s why there is so much excitement around a new service from Galileo, the EU’s global navigation satellite system (GNSS). First conceived in 2013, Galileo’s open service navigation message authentication (OS NMA) system lets GNSS receivers ensure that the satellite signals they receive are, indeed, from Galileo satellites and that they have not been modified. The approach makes it more difficult for hackers and other bad actors to spoof GNSS receivers by feeding them fraudulent signals. The European GNSS constellation will be the first to offer authenticated navigation messages to civilian users free of charge.

The approach the European GNSS Agency (GSA) adopted to authenticate the signals is already well established for digital communication on the Internet. It consists of appending an encrypted authentication signature to GNSS navigation messages, which can be used to verify the messages based on a hybrid symmetric/asymmetric key approach.

The service will only be available to advanced GNSS receivers that are able to securely store a copy of the public key used to decrypt the authentication message and to ensure that it can be trusted. To ensure that current users of Galileo’s navigation services do not see their service interrupted, the new navigation messages, broadcast on Galileo’s E1B frequency band, will be fully backward compatible. This means that older receivers will still be able to use them to determine their position, simply without the value-add of message authentication.

A critical step towards fully secure positioning

The move by the GSA comes in response to growing demand across industries for secure positioning technology. “At the GSA, we work in close collaboration with the industry to design and leverage Galileo’s unique capabilities and rapidly develop new applications to respond to user needs,” said Fiammetta Diani, head of market development at the GSA.

OS NMA, step one in the agency’s plans, will not entirely solve the GNSS security challenge. It will, however, considerably raise the level of sophistication that such attacks require, benefiting a variety of applications that are frequent targets of spoofing attacks. These include smart tachographs used in trucks, taxis and ride sharing vehicles and tracking devices used in commercial cargo and fishing vessels. Reliably flagging spoofing attempts will make it more difficult for companies to skirt legislation by tampering with the GNSS receivers.

GNSS data authentication will also play an important role in so-called mission critical use cases – think advanced driver assistance systems, autonomous driving, or any number of risk-prone commercial activities. And, by mitigating one of GNSS’s main vulnerabilities, it will no doubt add value in less critical ones as well, in retail and logistics, smart cities and connected industries.

Leveraging OS NMA from day one

As a leading supplier of GNSS receivers for telematics solutions, we at u-blox have long been at the front line in bringing the benefits of OS NMA to our customers. Through our active involvement in the EU-led group of experts on the smart tachograph, for example, we are helping drive the implementation of OS NMA. That’s why it should hardly come as a surprise that our latest GNSS platforms (u-blox M9 for standard precision positioning, u-blox F9 for high precision positioning) are designed to leverage Galileo’s authenticated navigation signals from the day they go live.

“We are glad to see that a key player in GNSS manufacturing, such as u-blox, is already looking forward to exploit Galileo new features and in particular the open service navigation message authentication to contribute to safer road transportation in European roads and beyond,” says GSA’s Fiammetta Diani.

OS NMA is one of the cornerstones of our approach to increase the security and reliability of our GNSS receivers. It adds to improvements made by concurrently monitoring signals from several GNSS constellations on multiple frequency bands, as well as integrating other data, such as input from inertial sensors. That being said, for Galileo and for u-blox, OS NMA is just one more stepping stone towards fully secured GNSS-based positioning technology.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Antennas to meet all connectivity requirements
Electrocomp Telecoms, Datacoms, Wireless, IoT
Kyocera AVX RF antennas meet today’s connectivity demands in the LTE, Wi-Fi, Bluetooth, GNSS, and ISM wireless bands, available in surface mount, patch or external configurations.

Introducing SIMCom’s new A7673X series
Otto Wireless Solutions Telecoms, Datacoms, Wireless, IoT
SIMCom recently released the A7673X series, a Cat 1 bis module that supports LTE-FDD, with a maximum downlink rate of 10 Mbps and an uplink rate of 5 Mbps.

18 W monolithic microwave amplifier
RFiber Solutions Telecoms, Datacoms, Wireless, IoT
The CHA8612-QDB is a two stage, high-power amplifier operating between 7,9 and 11 GHz. The monolithic microwave amplifier can typically provide 18 W of saturated output power and 40% of power-added efficiency.

LoRaWAN-certified sub-GHz module
Altron Arrow Telecoms, Datacoms, Wireless, IoT
The STM32WL5M from ST Microelectronics is the company’s first LoRaWAN-certified module which incorporates two cores, one of them being a wireless stack to optimise the creation of sub-GHz applications.

3D depth sensing sensor
Avnet Silica Telecoms, Datacoms, Wireless, IoT
A recent announcement by STMicroelectronics has revealed an all-in-one, direct Time-of-Flight (dToF) 3D LiDAR (Light Detection And Ranging) module with 2,3k resolution.

Nordic expands nRF91 series
RF Design DSP, Micros & Memory
Nordic Semiconductor has announced the expansion of its nRF91 series cellular IoT devices with the introduction of the nRF9151 System-in-Package (SiP).

Quectel announces module for RedCap comms
Quectel Wireless Solutions Telecoms, Datacoms, Wireless, IoT
The Quectel RG255G offers downlink performance of 220 Mbps, and uplink performance of 121 Mbps on 256QAM or 91 Mbps on 64QAM.

Wide-Bandgap Developer Forum
Infineon Technologies Telecoms, Datacoms, Wireless, IoT
This year marks a new chapter for this exclusive event series – all specialist presentations will be broadcasting live from a studio in Munich.

Multimode smart LTE module with GNSS
Quectel Wireless Solutions Telecoms, Datacoms, Wireless, IoT
The AW200Z LTE module is equipped with Bluetooth and Wi-Fi functionalities, and is powered by Qualcomm's advanced 64-bit quad-core Cortex-A53 processors, coupled with an integrated Adreno 702 GPU.

LEXI-R10 series cellular module
RF Design Telecoms, Datacoms, Wireless, IoT
The LEXI-R10 Series from u-blox are LTE Cat 1 bis modules that support multi-band LTE-FDD, and are designed for size-constrained devices.