News from the European Space Agency (ESA)
In a first for any satellite navigation system, Galileo has achieved a positioning fix based on open-service navigation signals carrying authenticated data. Intended as a way to combat malicious spoofing of satnav signals, this authentication testing began at ESA’s Navigation Laboratory — the same site where the very first Galileo positioning fix took place back in 2013.
These historic first authenticated signal position, velocity and timing fixes were made using a total of eight Galileo satellites for around two hours on Nov. 18. The tests represent a first proof of concept for an eventual operational service offering positioning with authenticated data to users.
Spoofing has, for instance, been demonstrated as a means of forcing down drones or redirecting ships, while some high security locations — as well as disrupted international borders — have become notorious for spoofing signals that prevent the reliable use of satnav in their vicinity.
The Galileo Control Centres send the navigation signal to the GSC for the addition of the authentication code, which is then returned for uplink to the satellites.
“When a receiver picks up a navigation signal from a satellite, up until now it has no way of confirming that was indeed its source,” said navigation engineer Stefano Binda, overseeing the project for ESA. “This can result in spoofing — malicious people and organisations using false signals to mislead users about their actual position. This authentication service offers a way to prevent such deception.”
“In recent years, this problem has become sufficiently pronounced as a weak point that the European Commission, ESA and European GNSS Agency (GSA) decided to develop signal authentication as a differentiator for Galileo,” Binda said.
An ESA Navigation Directorate team at the Agency’s ESTEC technical centre in the Netherlands worked with its GSA counterparts at the twin Galileo Control Centres (GCCs) in Italy and Germany and the Galileo Service Centre (GSC) in Spain. “In everyday authentication you might send a document that has been digitally signed, where both sender and recipient use compatible cryptographic keys to validate the document’s source of origin,” Binda said.
“In this case we were working with a constrained amount of bandwidth within the navigation signal, so instead opted for a ‘delayed key’ approach. This means the initial data come along together a short tag which, within a short stretch of time usually not exceeding 30 seconds, is followed by a key, which is able to validate the tag and authenticate the data associated with it.”
During the test campaign, the Galileo Control Centres send the navigation signal to the GSC for the addition of the authentication code, which is then returned for uplink to the satellites, to be received and authenticated by the test receivers at ESTEC’s Navigation Lab and elsewhere in Europe, in participating laboratories.
To enabled the authentication test campaign, Thales Alenia Space in France served as prime contractor to upgrade of the Galileo Mission Segment — the world-spanning system that determines and create the navigation messages broadcast by Galileo satellites. Thales Alenia Space in Italy was responsible for the system level integration.
No modification of onboard satellite systems has been required to support Open Service Navigation Message Authentication (OSNMA), as spare bandwidth was made use of.
“We used our standard laboratory Septentrio test user receivers with a software add-on,” Binda said. “The beauty of this approach is that receivers will be able to make use of the future authenticated service without needing any new hardware, only software updates — apart from additional measures that might be mandated for operation in practice.”
ESA and GSA are continuing their authentication testing, with a view to introducing an operational Open Service Navigation Message Authentication service for users in the near future.