wavedone

GNSS Signal Authentication: Galileo OSNMA and GPS Chimera

Introduction

Global Navigation Satellite Systems (GNSS) have become critical infrastructure for modern society, supporting everything from financial transactions to aviation navigation. However, the vulnerability of GNSS signals to spoofing and manipulation has emerged as a significant security concern. Two major initiatives—Galileo’s Open Service Navigation Message Authentication (OSNMA) and GPS’s Chimera (Chips-Message Robust Authentication)—represent the forefront of efforts to secure civilian GNSS signals through cryptographic authentication.

OSNMA Technical Overview

Galileo OSNMA is a free authentication service that provides authentication of the navigation message data broadcast by Galileo satellites on the E1-B signal component. Officially transitioning from testing to operational status on July 24, 2025, OSNMA represents a major milestone in GNSS security.

Architecture and Protocol

OSNMA adapts the TESLA (Timed-Efficient Stream Loss-Tolerant Authentication) protocol, optimized for transmission through Galileo’s navigation message. The system operates on a delayed key disclosure principle:

  • MAC Generation: Authentication data is transmitted in previously reserved fields of the E1 I/NAV message, containing Message Authentication Codes (MACs) generated using symmetric keys.
  • Key Chain: TESLA uses a one-way key chain where each key is derived from the previous one. Keys are disclosed with a delay, allowing receivers to verify authenticity.
  • Root Key Verification: The TESLA root key is authenticated using ECDSA public key cryptography and Merkle tree structures, providing a secure bootstrap mechanism.

Message Structure

OSNMA transmits authentication information through several message types:

  • MACK (Message Authentication Code Key): Contains MACs for navigation data and chain keys.
  • DSM-KROOT: Distributes the TESLA root key and chain parameters.
  • DSM-PKR: Provides ECDSA public keys for root key verification.

Receivers must implement cryptographic functions to retrieve OSNMA fields, verify MACs, and validate the key chain. The verified public key and Merkle tree root are distributed through the European GNSS Service Centre (GSC) website.

GPS Chimera Specifications

Chimera (Chips-Message Robust Authentication) is the U.S. approach to civilian GPS signal authentication, designed for the modernized L1C signal. Unlike OSNMA’s message-level authentication, Chimera operates at both the code (chips) and message levels, providing dual-layer protection.

Technical Implementation

Chimera inserts encrypted digital signatures and watermarks directly into the L1C signal structure:

  • Slow Channel Authentication: Provides navigation message authentication similar to OSNMA, with cryptographic signatures embedded in the data message.
  • Fast Channel Authentication: Authenticates the spreading code itself through watermarking techniques, enabling rapid spoofing detection at the signal processing level.
  • TESLA Variant: Chimera employs a specialized TESLA implementation (documented in IS-IGT-101) optimized for GPS signal characteristics.

Signal Structure

The L1C signal uses a multiplexed structure with separate data and pilot components. Chimera’s authentication overlays are integrated into both components:

  • Subframe 3 of the L1C message carries “pages” of ancillary navigation data, with flexible page definitions to accommodate authentication data.
  • Encrypted watermarks are embedded in the spreading code, invisible to legacy receivers but detectable by Chimera-capable devices.

Location Verification Capability

A unique feature of Chimera is its ability to enable users to verify their location to third parties. By recording the complete authenticated signal (including watermarks) before key rotation, receivers can provide cryptographic proof of their position and time to external verifiers—a capability valuable for regulatory compliance and security applications.

Authentication Protocols Comparison

Feature Galileo OSNMA GPS Chimera
Signal E1-B (Galileo Open Service) L1C (GPS Civilian)
Authentication Level Navigation Message Message + Code (Chips)
Cryptographic Protocol TESLA + ECDSA TESLA Variant + Watermarking
Operational Status Operational (July 2025) Under Development/Testing
Key Distribution Delayed Disclosure (TESLA) Delayed Disclosure + Embedded Keys
Bootstrap Method ECDSA + Merkle Tree Root PKC Bootstrap (similar)
Third-Party Verification Limited Supported (Location Proof)

Security Properties

Both systems provide protection against:

  • Meaconing: Simple rebroadcast attacks are detected through time-sensitive key disclosure.
  • Generation Spoofing: Cryptographic authentication prevents adversaries from generating valid authenticated signals without access to secret keys.
  • Record-and-Replay: Time-limited key validity prevents delayed replay attacks.

However, both protocols depend on proper parameter selection for TESLA security, and both require secure bootstrapping through public key cryptography. Recent research has examined quantum-resistant cryptographic approaches for future OSNMA enhancements, acknowledging the long-term security implications.

Implementation Challenges

Receiver Modifications

OSNMA and Chimera require significant receiver-side changes:

  • Processing Overhead: Cryptographic verification adds computational load, particularly challenging for low-power IoT devices.
  • Memory Requirements: Storing key chains, public keys, and Merkle tree structures requires additional memory.
  • Time to First Authentication: Receivers must wait for key disclosure delays (typically 30 seconds to several minutes) before verifying signals, impacting time-to-first-fix for authenticated positioning.

Key Management

Secure distribution and storage of cryptographic materials present ongoing challenges:

  • Initial public key and Merkle root acquisition requires secure channels (typically via internet).
  • Key updates and revocation mechanisms must be robust against communication outages.
  • Long-term key storage in receivers must be protected against physical tampering.

Interoperability

The coexistence of multiple authentication systems creates complexity:

  • Multi-constellation receivers must implement multiple authentication protocols.
  • Cross-system authentication verification is not currently standardized.
  • Legacy receivers remain vulnerable, creating a mixed-security environment during the transition period.

Performance Trade-offs

Authentication introduces latency and potential availability impacts:

  • Authentication verification time competes with time-critical applications.
  • Signal acquisition may be delayed while waiting for authentication data.
  • Loss of authentication capability (e.g., inability to verify keys) must be handled gracefully without complete service denial.

Adoption Timeline and Status

Galileo OSNMA

  • 2020-2024: Testing and validation phase with limited satellite transmission.
  • July 24, 2025: Official transition to operational status.
  • 2025-2026: Early adopter phase—major receiver manufacturers (u-blox, Septentrio, Trimble) releasing OSNMA-capable devices.
  • 2026-2028: Expected broader adoption in critical infrastructure, aviation, and maritime applications.
  • Future: Plans to extend OSNMA support to other Galileo services, including Assisted Commercial Authentication Service (ACAS).

GPS Chimera

  • 2017-2019: Initial specification development (IS-AGT-100A, IS-IGT-101).
  • 2019-2024: Air Force Research Laboratory (AFRL) testing and demonstration.
  • 2024-2026: Continued development and receiver manufacturer engagement.
  • 2027+: Anticipated deployment as L1C signal becomes more widely available with GPS III and GPS IIIF satellites.

Market Adoption

Receiver manufacturers are responding to authentication capabilities:

  • u-blox: Announced OSNMA support in next-generation modules, with production devices expected in 2025-2026.
  • Septentrio: High-precision receivers with advanced anti-spoofing capabilities, including authentication support.
  • Trimble, NovAtel, Hemisphere: Developing authentication-capable receivers for survey, agriculture, and machine control applications.

Regulatory Drivers

Adoption is being accelerated by regulatory requirements:

  • Aviation authorities (FAA, EASA) evaluating authentication requirements for PNT (Positioning, Navigation, Timing) in critical phases of flight.
  • Maritime organizations considering authenticated GNSS for e-navigation and port operations.
  • Financial sector exploring authenticated timing for transaction timestamping.
  • Telecommunications industry examining authenticated PNT for 5G synchronization.

Conclusion

GNSS signal authentication through OSNMA and Chimera represents a critical evolution in securing civilian positioning infrastructure. While OSNMA has achieved operational status and Chimera continues development, both systems face similar challenges in receiver adoption, key management, and performance optimization.

The next 3-5 years will be decisive for authentication adoption. As receiver costs decrease and regulatory requirements strengthen, authenticated GNSS is likely to transition from a specialized security feature to a standard expectation for critical applications. However, the coexistence of authenticated and legacy signals will persist for years, requiring careful system design and risk management.

For organizations dependent on GNSS, the message is clear: authentication is no longer optional for high-security applications. Evaluation of OSNMA and Chimera-capable receivers should begin now, with deployment planning aligned to operational timelines and risk profiles.