Galileo Open Service Navigation Message Authentication (OSNMA)

What is Galileo OSNMA?

Open Service Navigation Message Authentication (OSNMA) is a data authentication function for the Galileo Open Service worldwide users, freely accessible to all. OSNMA provides receivers with the assurance that the received Galileo navigation message is coming from the system itself and has not been modified.

OSNMA is authenticating data for geolocation information from the Open Service through the Navigation Message (I/NAV) broadcast on the E1-B signal component. This is realised by transmitting authentication-specific data in previously reserved fields of the E1 I/NAV message. By using these fields, OSNMA does not introduce any overhead to the system, thus the OS navigation performance remains untouched.

Additional details about service characterisation, potential target markets and roadmap of the OSNMA service can be found in Galileo OSNMA Info Note.

Galileo OSNMA scheme

OSNMA adapts an existing standard lightweight broadcast authentication protocol named TESLA (Timed-Efficient Stream Loss-Tolerant Authentication) for optimal transmission through Galileo.

An OSNMA capable receiver differs from a generic OS receiver by the additional capabilities required to:

  1. Retrieve the OSNMA dedicated fields in the navigation message.
  2. Implement the required cryptographic functions to process these OSNMA data.
  3. Synchronize to the Galileo System Time (GST) before receiving and processing OSNMA information. The time synchronization requirement is set between 30 and 300 seconds for the processing of OSNMA data depending on the operating mode.
  4. Maintain the integrity of the stored OSNMA cryptographic material (confidentiality is not required).
     

Figure 1: OSNMA scheme


All details about OSNMA processing logic and related cryptographic operations can be found in the Galileo OSNMA Receiver Guidelines.

Galileo OSNMA user segment

To achieve data authentication at user level, the receiver OSNMA implementation shall be compliant with the requirements provided in the Galileo OSNMA receiver guidelines.

To benefit from the OSNMA, the receiver must be able to perform the key management activities which consist of:

  1. Receiver initialisation: installing and storing the certified cryptographic material in the user receiver (Merkle tree root). This is a one-off operation, requiring a connection to the GSC and EUSPA sites that will provide the necessary material.
  2. Receiver key renewal/update: renewing or updating the public key stored in the receiver. This operation can be performed through over-the-air rekeying (OTAR) transmitted as part of the Signal In Space (SIS) data or via connection to the GSC and EUSPA sites to retrieve the new material.

OSNMA is based on a delayed disclosure protocol. This means that the user segment needs to guarantee that the receiver internal time is not off by a certain amount versus GST. More details on how this check should be performed can be found in the receiver guidelines.

OSNMA user community can find additional information and functions through the GSC, which plays a central role in the OSNMA chain by publishing:

  • OSNMA public keys, cryptographic material, and associated certificates.
  • Notifications, and information updates on the OSNMA service status for all user communities.
  • NAGUs and Service Notices about planned public key renewal, unplanned public key revocation, planned key chain renewal and unplanned key chain revocation, and any service incident will be available for the service phase.

OSNMA users can find more details on how to retrieve the OSNMA cryptographic material and associated certificates from the GSC interface (GSC website and OSNMA SFTP server) and the EUSPA web portal here.

Galileo OSNMA roadmap

OSNMA Public Observation Phase started on the 15th of November 2021, and it lasted until OSNMA Initial Service declaration.


OSNMA Initial Service was declared operational on the 24th of July 2025.

 

Galileo OSNMA target markets

The following picture provides an overview of the most relevant market segments and applications that can benefit from Galileo OSNMA authentication feature:
 

Figure 2: Summary of most relevant Galileo OSNMA target applications

 


Additional details about target applications that will benefit from Galileo OSNMA can be found in the Galileo OSNMA Info Note.

Any question?

Visit the dedicated FAQ section or contact us at helpdesk@gsc-europa.eu  or through the Galileo Helpdesk form.