What is Galileo OSNMA?
Open Service Navigation Message Authentication (OSNMA) is a data authentication function for the Galileo Open Service worldwide users, freely accessible to all. OSNMA provides receivers with the assurance that the received Galileo navigation message is coming from the system itself and has not been modified.
OSNMA is authenticating data for geolocation information from the Open Service through the Navigation Message (I/NAV) broadcast on the E1-B signal component. This is realised by transmitting authentication-specific data in previously reserved fields of the E1 I/NAV message. By using these previously reserved fields, OSNMA does not introduce any overlay to the system, thus the OS navigation performance remains untouched.
Additional details about service characterisation, potential target markets and roadmap of the OSNMA service can be found in Galileo Open Service Navigation Message Authentication (OSNMA) Info Note.
Galileo OSNMA scheme
OSNMA adapts an existing standard lightweight broadcast authentication protocol named TESLA (Timed-Efficient Stream Loss-Tolerant Authentication) for optimal transmission through Galileo.
An OSNMA capable receiver diﬀers from a generic OS receiver by the additional capabilities required to:
- Retrieve the OSNMA dedicated fields in the navigation message.
- Process these data to confirm whether the data is authentic.
- Implement a time synchronization requirement versus Galileo System Time (GST) from below 15 seconds to a few minutes, depending on the operating mode, to process OSNMA.
- Maintain integrity of stored OSNMA cryptographic material (no confidentiality applies).
Figure 1: OSNMA scheme
Additional details about OSNMA processing logic can be found in the Galileo Open Service Navigation Message Authentication (OSNMA) Info Note. Details regarding the processing the receiver cryptographic operations are provided in the OSNMA receiver guidelines.
Galileo OSNMA user segment
To achieve data authentication at user level, the receiver OSNMA implementation shall be fully compliant with the requirements provided in the OSNMA receiver guidelines.
To benefit from the OSNMA, the receiver must be able to perform the key management activities which consist on:
- Receiver initialisation: installing and storing the certified cryptographic material in the user receiver. This is a one-off operation, requiring a connection to the GSC that will supply the necessary material.
- Receiver key renewal/update: renewing or updating the public key stored in the receiver. This operation can be performed through over-the-air rekeying (OTAR) transmitted as part of the Signal In Space (SIS) authentication data or through contacting the OSNMA server in GSC, which will keep the history of the public keys status.
OSNMA is based on a delayed disclosure protocol. This means that it needs to guarantee that the receiver internal time is not off by a certain amount versus GST. More details can be found in the receiver guidelines.
OSNMA user community can find additional information and functions through the Galileo Service Center (GSC), which plays a central role in the OSNMA chain by publishing:
- OSNMA public keys, crypto material, and associated certificates.
- Notifications, and information updates on the OSNMA service status for all user communities.
- NAGUs and Service Notices about planned public key renewal, unplanned public key revocation, planned key chain renewal and unplanned key chain revocation, and any service incident will be available for the Service Phase.
Galileo OSNMA roadmap
The deployment of the Galileo OSNMA capability is following the roadmap presented below:
Figure 2: Galileo OSNMA implementation roadmap
Galileo OSNMA target markets
The following picture provides an overview of the most relevant market segments and applications that can benefit from Galileo OSNMA authentication feature:
Figure 3: Summary of most relevant Galileo OSNMA target applications
Additional details about target applications that will benefit from Galileo OSNMA can be found in the Galileo Open Service Navigation Message Authentication (OSNMA) Info Note.
A compilation of the most common questions can be found in the dedicated section for the OSNMA Frequently Asked Questions (FAQ). For any additional information, please contact our Galileo Helpdesk at email@example.com or directly through the Galileo Helpdesk form.