A Navigation Message Authentication Proposal for the Galileo Open Service

Copyright © 2016 Institute of Navigation. GNSS vulnerabilities have become evident in the last decade. Authentication of the GNSS signals and data can be an important building block contributing to mitigating these vulnerabilities. This paper presents a Navigation Message Authentication (NMA) scheme based on the Timed Efficient Stream Loss-tolerant Authentication (TESLA) protocol and a novel concept based on a single one-way chain for all senders and cross-authentication. The paper presents an NMA implementation in the Galileo Open Service (OS) navigation message that should provide similar navigation performance to data-authenticated users and standard non-authenticated users in terms of time to first fix, accuracy, and availability even in difficult reception conditions. The proposal also maintains a high level of signal unpredictability to help receivers protect against replay attacks. The scheme and implementation proposed yield significant improvements compared to the state of the art, offering the opportunity for Galileo to become the reference GNSS in civil navigation authentication.