See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/371589468

An Experimental Performance Assessment of Galileo OSNMA

Conference Paper · June 2023

DOI: 10.1109/ICL-GNSS57829.2023.10148928

CITATIONS READS
2 85

4 authors, including:

Mohammad Zahidul H. Bhuiyan

Finnish Geospatial Research Institute
84 PUBLICATIONS 1,202 CITATIONS

SEE PROFILE

All content following this page was uploaded by Mohammad Zahidul H. Bhuiyan on 21 June 2023.

The user has requested enhancement of the downloaded file.

 An Experimental Performance Assessment of
Galileo OSNMA
Toni Hammarberg, José M. Vallet García, Jarno N. Alanko, and M. Zahidul H. Bhuiyan
Navigation and Positioning Department
Finnish Geospatial Research Institute, National Land Survey of Finland
Espoo, Finland
Email:name.surname@nls.fi

Abstract—We present Galileo Open Service Navigation Mes- prompt and real-time notifications to drivers and autonomous
sage Authentication (OSNMA) observed operational information vehicles with instructions to avoid the damaged areas and route
and key performance indicators (KPIs) from the analysis of a four recommendations to even the road wear [2]. In the ESRIUM
day long dataset collected in static open sky condition in southern
Finland and using our in-house developed OSNMA implemen- project we rely on Galileo’s services for a) increasing the
tation. In particular, we present a timeline with authentication positioning accuracy of both, the sensor vehicle mapping the
related events such as authentication status and type, dropped road and the end-user vehicle receiving the notifications, and
navigation pages and failed cyclic redundancy checks. We also b) the authentication of the position estimates using Galileo
report KPIs such as the number of simultaneously authenticated OSNMA, in order to increase the security and robustness of
satellites over time, percentage of authenticated fixes and time
to first authenticated fix, and study how the satellite visibility the whole solution and to detect possible spoofing attacks.
affects these figures. Finally, we analyze situations where it was Despite OSNMA being a relatively new and modern tech-
not possible to reach an authenticated fix, and offer our findings nology still in its test phase, there is already relevant literature
on the observed patterns.
Index Terms—Galileo, OSNMA, GNSS, authentication related to it encompassing both theoretical work [3]–[8] and
practical performance assessments [9]–[20]. In addition to this,
I. I NTRODUCTION there are a few open source implementations of the OSNMA
protocol [21]–[23], and some companies already support it in
During the last decade, major concerns have arisen within some of their products, such as Septentrio [24].
the global navigation satellite system (GNSS) community on
how to improve the robustness and resilience against attacks This paper expands on the practical OSNMA performance
with counterfeit GNSS-like signals, also known as spoofing. assessments made in the previously cited papers. Similar to
One method to prevent spoofing is by ensuring that the [9] and [15], we present operational information and some
information reaching the receiver is authentic and originating key performance indicators (KPIs) of OSNMA, such as a
from the legitimate claimed source. Galileo’s Open Service timeline showing relevant authentication events, number of
Navigation Message Authentication (OSNMA) is designed to authenticated satellites (that is, number of satellites whose
enable this at the receiver end in a manner that virtually navigation message has been successfully authenticated by
eliminates the need of a chain of trust with dependence on OSNMA) over time, and number of satellites transmitting
external third party services. This service, the first of its kind OSNMA data over time. In addition to this, we show the
in the civilian segment, opens the door to many and diverse dependency of some of the KPIs on the elevation mask. We
new applications that require authenticated position. also take a closer look at the cases where a satellite fails
At present, OSNMA has been in the public observation to reach an authenticated status. More specifically, we take
(PO) test phase for little over a year. In this phase interested a look at the possible failure of navigation pages’ cyclic
users are invited to implement the service at the receiver redundancy checks (CRCs), and analyze the cases in which
level, test it and give feedback to the European Union Space having a low number of satellites transmitting OSNMA data
Program Agency (EUSPA). The Navigation and Positioning poses problems. Having made an OSNMA implementation,
department of the Finnish Geospatial Research Institute (FGI) we are in a position to discuss and suggest some practical
has created an implementation following the pertinent interface strategies to optimally handle these cases.
control document (ICD) [1] and the receiver guidelines for The content of the paper is organized as follows. In Section
the test phase (version 1.1 at the time of this writing), with II we give an overview on the OSNMA protocol focusing
the particularity that it is to be executed in a computing on the details needed to understand the rest of this paper. In
platform outside of the receiver. This implementation, hence- Section III we then explain the experimental setup. Section
forth denoted as FGI-OSNMA, has been created within the IV presents operational information, KPIs and other related
frame of the Horizon2020 funded ESRIUM project, which analysis. We then discuss the results and present our observa-
aims at creating road wear-maps with accurate information tions in Section V, and conclude the paper summarizing our
about the position and shape of road damage, and to send findings in Section VI.

979-8-3503-2308-5/23/$31.00 ©2023 IEEE

 II. OSNMA OVERVIEW It is important to note that in practice not all Galileo
satellites will transmit OSNMA data. Instead, the satellites that
The goal of OSNMA is to enable the users to verify that the do transmit OSNMA data will also transmit tags that allow the
navigation message received through the signal-in-space (SIS) authentication of navigation messages from other satellites as
is both unmodified and authentic. The OSNMA authentica- well. This process is called cross-authentication. The impor-
tion system is based on the TESLA broadcast authentication tance of cross-authentication is that is adds redundancy to the
protocol [25]. In this section we give an overview of the system, and in theory, cross-authentication is not limited to
TESLA variant used in the OSNMA protocol. For the sake Galileo satellites. In the future it may be used to authenticate
of clarity, we focus on the main technical details necessary to satellites from other constellation as well.
understand the content of this article. A more comprehensive The last thing the reader should understand about OSNMA
review of modern TESLA variants can be found in [26], and is that the tags and authentications are associated with a so-
the full details regarding OSNMA can be found in the official called authentication data and key delay (ADKD) numbers.
specification documents [1], [27]. The ADKD specifies what data is authenticated by the tag
The TESLA protocol is a method of transmitting a sequence and it informs about a potential key delay. The ADKD=0
of authentication keys through a one-way communication specifies that the tag authenticates ephemeris, clock, and
channel from a transmitter to a receiver via an untrusted the status of the satellite. The ADKD=4 specifies that the
communication channel. In OSNMA each key is then used tag authenticates Galileo constellation (not satellite) specific
to generate a truncated message authentication code (MAC), timing information. Lastly the ADKD=12, also known as Slow
called a tag, which authenticates the navigation message sent MAC, authenticates the same data as ADKD=0, but with an
by a satellite in a previous subframe. This key sequence is additional 10 subframes delay for the key transmission. For the
generated by starting from a random seed Ki , where i is sake of simplicity, in the coming sections when we say that
very large, and the rest of the keys Ki−k are obtained by a satellite is authenticated, we mean that its ephemeris, clock,
iterating a cryptographic hash function h such that Ki−1 = and status are authenticated by an ADKD=0 or ADKD=12
T (h(Ki ||ti ||α)), where || denotes the concatenation operation tag.
of bit-level representations of the operands, T is the truncation Each satellite transmitting OSNMA data transmits tags in
operation, ti is the time at which key Ki was transmitted, and a fixed seqeuence, which spans over two subframes or one
α is a hash salt that is set in the protocol parameters. Then the minute. This sequence, however, may change over time and
keys K1 , K2 , K3 , ... are transmitted one by one at regular time the possible sequences are described in the OSNMA ICD [1].
intervals and in reverse order with respect to their generation. During the experiment the transmitted tag sequence was 00S,
Due to this construction, the verification that Ki+1 is part of 00E, 04S, 00E, 12S, 00E, 00S, 00E, 00E, 12S, 00E, 12E. Here
the correct key chain is a matter of simple hashing, while due the first two characters of the tag identifier specify the ADKD
to the properties of cryptographic hash functions (pre-image type and the third character specifies whether the tag is for
resistance, collision resistance), it is practically impossible to self or cross-authentication (S=self, E=cross).
compute or forge the next key.
Since the authenticity of the keys is verified using previously III. E XPERIMENTAL S ETUP
authenticated keys, the protocol requires that the receiver has The data used in this study was collected with a Septentrio
access to a single trusted key Kj from the past. Usually this is Mosaic X5 receiver loaded with the 4.12.1 firmware (FW)
the so-called root key. In OSNMA, the root key is transmitted version and connected to a Septentrio PolaNt Choke Ring
with the SIS along with an Elliptic Curve Digital Signature antenna. The antenna was statically mounted in the roof of
Algorithm (ECDSA) signature that proves the authenticity of a building in FGI’s premises in Espoo in southern Finland
the key. The signature is verified against the Galileo public and in an open-sky environment. The data used in the present
key, which is available at the European GNSS Service Centre study was collected between 24.10.2022 and 28.10.2022, with
(GSC) website, though this can also be retrieved or renewed a total duration of 95 hours, or approximately four days.
via the SIS. The public key is further verified against a Merkle The X5 receiver makes available the raw 234 bits of a
tree, the root of which is meant to be pre-installed in the Galileo I/NAV navigation page via the GALRawINAV block,
receiver hardware. Therefore the OSNMA utilizes a variety which includes the even and odd pages concatenated and
of well tested cryptographic methods, yet adapts these to the after deinterleaving and Viterbi decoding [28, Sec. 4.2.5].
satellite specific use case. The inputs to our OSNMA implementation are these blocks,
The nominal navigation pages contain 40 bits of OSNMA which are then parsed to obtain the different pieces of in-
related data, which is divided into header and root key (HK- formation involved in the authentication protocol. Note that
ROOT) (8 bits) and MAC and key (MACK) (32 bits) sections. the receiver with the referred FW version already supports
This data is accumulated over the course of 15 nominal pages, OSNMA processing, but we used our implementation in this
or one subframe, to form a 120 bit HKROOT and 480 bit analysis because it gives us more control over the process and
MACK messages. The HKROOT contains status updates and better capabilities for in-depth investigation.
the data needed for the initialization, while the tags and keys All of the processing in this paper has then been done using
are contained in the MACK section. our own OSNMA implementation, which we call the FGI-
 Figure 1: Authentication events over the test period.

OSNMA. The design and implementation of FGI-OSNMA has

been made with special emphasis in its modularity, usability
in real time and integrability as a library in third party
applications. FGI-OSNMA will be made openly available in
the near future, and its main characteristics will be explained
along its release. The correctness of the implementation has
been validated by using the official test vectors published
by EUSPA, and by comparing the performance against that
obtained with other available OSNMA implementations, such
as OSNMAlib [21] or the Septentrio implementation. In
particular, the FGI-OSNMA and OSNMAlib give equivalent
authentication results on the EUSPA test vectors.
Figure 2: Distribution of the number of simultaneously au-
IV. R ESULTS AND A NALYSIS thenticated satellites available during our tests.
We now present OSNMA operational information and KPIs
pertaining our tests. Fig. 1 shows what we denote as the satel-
lite authentication status timeline. This timeline represents the presents some statistics related to these graphs. One important
occurrence of authentication related events as reported by FGI- statistic is the percentage of time during which a receiver
OSNMA. In addition to the authentication status and type (i.e. can compute an authenticated position, velocity and time
ADKD number), the timeline in Fig. 1 shows events where (PVT). The condition for this to be possible is that there
navigation pages were dropped and page CRCs failed. We must be at least four authenticated satellites at the same
consider that visualizing the occurrence of these events in the time. We henceforth use the term authenticated fix to refer
graph gives a valuable and informative view of when and how to cases where the before-mentioned condition is met. From
often they can naturally occur. In addition, their occurrence the statistics presented in Table I, we observe that there were
will be analyzed later in this article. We now proceed to present four or more authenticated satellites visible, and therefore
some observed trends and KPIs associated to Fig. 1 in more authenticated fixes, 99.74% of the time. Correspondingly, it
detail. was not possible to compute authenticated fixes 0.26% of the
Fig. 2 shows the distribution of the number of simultane- time.
ously authenticated satellites (that is, the count of satellites
with authenticated status at a given time instant), and Table I
 Table I: Statistics related to the authentication. the elevation mask increases. The percentage of authenticated
Statistic Value fixes decreases slowly at first, but rapidly drops as the elevation
mask grows.
Simultaneous authenticated satellites: 5% percentile 6
Fig. 4 and Table III present the dependency of the TTFAF
Simultaneous authenticated satellites: average 9.14
(that is, how long it would take to a receiver to achieve a first
Simultaneous authenticated satellites: 95% percentile 11 authenticated fix) as a function of the applied elevation mask.
Percentage of authenticated fixes 99.74% The results are computed by running the OSNMA engine over
Self-authentications out of all ADKD=0 authentications 37.91% our data one thousand times per elevation mask value, each
Cross-authentications out of all ADKD=0 authentications 62.09% run starting from a random time point selected from a uniform
distribution, and letting the engine run until four satellites
become authenticated. Fig. 4 graphically shows the average
Other noteworthy patterns in the authentication timeline of
Fig.1 include the following.
• While looking fully continuous in the Fig. 1, the Galileo
constellation specific timing information (ADKD=4) was
authenticated 99.74% of the time. Because the ADKD=4
information is authenticated once every 60 seconds, this
means that the timing information was authenticated in
all but 15 subframes.
• In the authentication scheme the satellites alternate rela-
tively frequently between self-authentication (which also
means that the satellite is transmitting OSNMA data)
and cross-authentication following a seemingly random
pattern. In relation to this pattern, the specification states
that it is indeed unpredictable for the user [1, Sec. 5.2]. Figure 3: Average number of satellites with authenticated
• There are numerous cases of failed cyclic redundancy status (red) and percentage of authenticated fixes (blue) as
checks (CRCs) or gaps in the subframe (i.e. a subframe a function of the elevation mask.
missing nominal navigation pages). These are associated
with poor signal quality. In the dataset used in this study, Table II: Percentage of authenticated fixes and percentiles
these occurred exclusively when the satellites were rising of the number of simultaneous authenticated satellites as a
over or disappearing below the horizon, in other words, in function of the elevation mask.
cases in which satellites have low elevation and therefore Elevation Number of Authenticated sats. count
poor signal reception quality. It then comes as no surprise mask authenticated fixes Percentiles: 5%, 50%, 95%
that we observed data reception problems from satellites 0° 99.74% 6, 9, 11
with low elevation.
5° 99.66% 6, 9, 11
Next we investigate how the satellite visibility affects the 10° 99.0% 5, 8, 10
OSNMA performance. We do this by applying an elevation
20° 92.33% 3, 6, 8
mask. The process is similar to how GNSS receivers discard
30° 66.83% 2, 4, 6
satellites with low elevation due to high probability of having
poor signal quality. We run the OSNMA engine and compute 40° 22.24% 0, 3, 4
the KPIs using data only from satellites with an elevation
higher than the value configured in the mask. The effect of the
elevation mask in the OSNMA KPIs computed in this manner
can be used as an approximation of what could be the expected
performance in environments with limited satellite visibility.
For example, in urban environments tall buildings will block
the signals coming from satellites with low elevation. The
effect of this in the OSNMA performance can be approximated
by applying an appropriate elevation mask in the OSNMA
processing as explained before.
Fig. 3 shows how the elevation mask affects the aver-
age number of authenticated satellites and the percentage
of authenticated fixes, and Table II presents some related
statistics. From the figure we can observe a gradual and Figure 4: Average time to first authenticated fix (TTFAF) as
continuous decrease of the percentage of authenticated fixes as a function of the elevation mask
values of these realizations, and Table III shows the numerical
values of some associated statistics. We present the results for
both warm and hot start scenarios. In the OSNMA literature,
the warm-start scenario refers to the case where the Galileo
public key is available to the receiver beforehand. If in addition
to this the TESLA root key is available, the scenario is referred
as hot-start. The hot-start case is the most favorable scenario,
and is also the most likely in practice when the receiver is in
frequent use. As we can observe, and similarly as with other
KPIs, the elevation mask can significantly affect the TTFAF.
However, the hot-start scenario is visibly less affected until
we reach very high levels of elevation mask.
Figure 5: Number of satellites transmitting OSNMA data over
Overall, from Fig. 3 and 4, and their respective statistics
time and percentiles of its distribution.
from Table II and III, we see that the OSNMA service and
usability can be significantly affected by the satellite visibility.
We now proceed to analyze in more detail the cases in
which an authenticated fix could not be attained. The following
studies are done using a zero elevation mask, that is: including
all the information from all the visible satellites.
Some causes of non-authentication are related to the nat-
urally occurring transmission issues: as previously observed,
transmission problems can occur during the start or the end
of each satellite’s visibility period. However, more often the
problem seems to be related to the number of satellites
transmitting OSNMA data. Fig. 5 and 6 present the number
of visible satellites transmitting OSNMA data and the number
of authenticated satellites over time, respectively. From Fig. 5 Figure 6: Number of authenticated satellites plotted over time.
we observe that the number of visible satellites transmitting The times when only two or less satellites are transmitting
OSNMA data can drop very low, even down to zero. In Fig. OSNMA data are marked with a red vertical line.
6 one can see a clear correlation between the drops in the
number of authenticated satellites with the times when a low Table IV: Statistics related to OSNMA data transmission. Most
number of visible satellites (e.g. two or less) are transmitting of the time the number of satellites transmitting OSNMA data
OSNMA data. is adequate to facilitate fully authenticated fixes, but there are
occasional drops in this number.
While occurring quite rarely, having a low number of
visible satellites transmitting OSNMA data can then act as Statistic Value
a bottleneck to OSNMA performance. As an example, and Number of satellites transmitting OSNMA data: average 5.49
as seen in Fig. 6, the situations with the lowest number of Number of satellites transmitting OSNMA data: 1% percentile 2
authenticated satellites are naturally highly correlated with a
Number of satellites transmitting OSNMA data: 5% percentile 3
low number of satellites transmitting the OSNMA data. In fact,
in our dataset all but one failure to reach an authenticated fix Number of satellites transmitting OSNMA data: 95% percentile 7
were a result of a low number of visible satellites transmitting Percentage of time one or less satellites transmit OSNMA data 0.3%
OSNMA data.

V. D ISCUSSION
Table III: Percentiles of the TTFAF as a function of the As can be seen from the results, OSNMA enabled authen-
elevation mask in warm- and hot-start scenarios. ticated positioning 99.74% of the time in our experiments in
Elevation Warm-start Hot-start
open-sky and high satellite visibility conditions. With respect
mask (Percentiles: 10%, 50%, (Percentiles: 10%, 50%, to the cases in which it was not possible to reach an authen-
90%) 90%) ticated fix, we observed that there were mainly two causes.
0° 104, 150, 232 74, 86, 98 First of all, when the satellite elevation is low, the signal
10° 116, 166, 262 74, 86, 98 quality is degraded, which will cause some navigation pages
20° 136, 208, 338 74, 88, 116
to be corrupted. Consequently, this will cause some subframes
to be incomplete. This is of course not related to the OS-
30° 168, 262, 424 78, 102, 152
NMA specification and similar effects can be expected in any
40° 200, 318, 570 86, 128, 454
satellite-based application. We highlight that for real-world
applications, it is beneficial that the OSNMA implementation Another important note is that the application of an elevation
extracts any usable data from the subframe, incomplete or not. mask results in valuable authentication information being
Even incomplete subframes are likely to contain useful data. discarded from some satellites. In that sense, we note that,
Therefore, it is better to process the data on a page level, while receivers commonly apply a 5-15 degree elevation mask
instead of subframe level. in the tracking and/or PVT computation phases, it is better
We now list a few ways in which dropped pages can affect not to apply the same mask to OSNMA processing. While the
the OSNMA performance. positioning accuracy is known to get better after applying an
appropriate satellite elevation mask, for OSNMA processing
• The data in the HKROOT message does not require fast
having more data available for processing is better. A low
reaction, not to mention that the root key (contained in
elevation satellite might still cross-authenticate other satellites,
the HKROOT) message transmission uses redundancy: all
and as previously noted, the number of satellites transmitting
of the satellites transmitting OSNMA data will transmit
OSNMA data is occasionally very low. In these cases, dis-
the same message, but they transmit the blocks in dif-
carding that information can have a significant impact.
ferent order. This makes the root key transmission both
fast and robust. Therefore, the impact of receiving an VI. C ONCLUSIONS
incomplete HKROOT message from one satellite is not
very significant. Some information from the HKROOT In the analysis of our 4-day long dataset, we observed
message is required to start the authentication process. that 99.74% of the time a receiver would be able to produce
Therefore a delay in parsing the HKROOT due to an authenticated fixes. The cases where an authenticated status
incomplete subframe will cause a delay in the first set could not be attained were mostly due to having a low
of authentications. However, in the so-called hot start number of satellites transmitting OSNMA data available to the
case (which is the usual one) the receiver has stored a receiver. While in our open-sky dataset this had little impact
previous HKROOT, and as long as the TESLA key chain on the overall OSNMA performance, we suspect that this can
does not change, the receiver can start the authentication have a great effect in a more challenging environments, such
immediately without the need to wait for the HKROOT as in urban environments where the satellite visibility might be
messages. Therefore, moderate navigation page drops significantly degraded. This potential performance degradation
have little effect on the HKROOT processing. was further suggested by our studies involving elevation
• If the key (contained in the MACK message) in the masks. For example, applying a 30°elevation mask resulted
subframe is incomplete, it is not possible to authenticate in a decrease of the percentage of authenticated fixes from
the previous set of tags immediately. However, all of the 99.74% to 66.83%. On the receiver side, it would be beneficial
satellites transmit the same key, not to mention that the not to discard data from satellites with low elevation: while
receiver may wait for the next key from which it can using these satellites in the PVT computation might not be
recover the missing key with hash iteration. Therefore, beneficial, using the OSNMA data that they carry increases the
page drops affecting the key have minimal effect. chances of cross-authenticating visible satellites, which in turn
• The tags are the critical part of the transmission: they will makes more authenticated satellites available to the PVT
are the most important part of the authentication process engine. In addition, in the OSNMA service side, increasing
and cannot be recovered later. The tags are naturally the number of satellites that are transmitting OSNMA data
independent of each other, meaning that even if some of will consequently increase the overall probability of attaining
the tags are missing due to dropped pages, the others can authenticated fixes, which would be especially beneficial in
still be extracted. Also, multiple satellites may transmit obstructed environments.
a tag for the same satellite. Therefore, OSNMA offers ACKNOWLEDGMENT
some redundancy for protecting the data. We consider
missing tags due to dropped pages to be the worst case This work was conducted in the scope of the ESRIUM
scenario. However, in our experiments we found barely Project, which has received funding from the EUSPA as part of
any problem with this. EU-Horizon 2020 research and innovation programme under
grant agreement No 101004181.
The second reason for failures found during the analysis of
our dataset was that the number of (visible) satellites trans- R EFERENCES
mitting OSNMA data occasionally dropped quite low. This
[1] E. Union, “OSNMA user ICD for the test phase, issue 1.0,” European
behaviour was also noted in [9]. This acts as a bottleneck for Union, Tech. Rep., Nov. 2021.
OSNMA performance, as each satellite transmitting OSNMA [2] “ESRIUM project web page,” https://esrium.eu/, accessed: 2023-01-31.
data can only cross-authenticate a limited number of other [3] I. Fernández-Hernández, T. Ashur, V. Rijmen, C. Sarto, S. Cancela, and
D. Calle, “Toward an operational navigation message authentication ser-
satellites. In our favorable environmental conditions (open vice: Proposal and justification of additional OSNMA protocol features,”
sky), the impact of this was minimal, but it can become apr 2019.
critical in applications where the satellite visibility is poor. In [4] I. Fernández-Hernández, V. Rijmen, G. Seco-Granados, J. Simon, I. Ro-
dríguez, and J. D. Calle, “A navigation message authentication proposal
particular, our elevation mask studies showed that the elevation for the galileo open service,” Navigation, vol. 63, no. 1, pp. 85–102,
mask can have a significant impact on OSNMA performance. mar 2016.
 [5] D. Margaria, G. Marucco, and M. Nicola, “A first-of-a-kind spoofing [27] E. Union, “OSNMA receiver guidelines for the test phase, issue 1.0,”
detection demonstrator exploiting future galileo E1 OS authentication,” European Union, Tech. Rep., Nov. 2021.
apr 2016. [28] Septentrio, “mosaic-x5 reference guide,” Tech. Rep., Apr. 2022, appli-
[6] B. Motella, M. Nicola, and S. Damy, “Enhanced GNSS authentication cable to version 4.12.1 of the Firmware.
based on the joint CHIMERA/OSNMA scheme,” IEEE Access, vol. 9,
pp. 121 570–121 582, 2021.
[7] M. Motallebighomi, H. Sathaye, M. Singh, and A. Ranganathan, “Cryp-
tography is not enough: Relay attacks on authenticated GNSS signals,”
arXiv preprint arXiv:2204.11641, 2022.
[8] C. O’Driscoll and I. Fernández-Hernández, “Mapping bit to symbol
unpredictability in convolutionally encoded messages with checksums,
with application to galileo OSNMA,” in Proceedings of the 33rd
International Technical Meeting of the Satellite Division of The Institute
of Navigation (ION GNSS+ 2020), 2020, pp. 3751–3765.
[9] M. Nicola, B. Motella, M. Pini, and E. Falletti, “Galileo OSNMA public
observation phase: Signal testing and validation,” IEEE Access, vol. 10,
pp. 27 960–27 969, 2022.
[10] M. T. Gamba, M. Nicola, and B. Motella, “Computational load analysis
of a galileo OSNMA-ready receiver for ARM-based embedded plat-
forms,” Sensors, vol. 21, no. 2, p. 467, jan 2021.
[11] B. Motella, M. T. Gamba, and M. Nicola, “A real-time OSNMA-ready
software receiver,” feb 2020.
[12] M. T. Gamba, M. Nicola, and B. Motella, “Galileo OSNMA: an
implementation for ARM-based embedded platforms,” jun 2020.
[13] ——, “Computational load analysis of a galileo OSNMA-ready receiver
for ARM-based embedded platforms,” Sensors, vol. 21, no. 2, p. 467,
jan 2021.
[14] L. Cucchi, S. Damy, M. Paonni, M. Nicola, M. T. Gamba, B. Motella,
and I. Fernandez-Hernandez, “Assessing galileo OSNMA under different
user environments by means of a multi-purpose test bench, including a
software-defined GNSS receiver,” oct 2021.
[15] C. Sarto, O. Pozzobon, S. Fantinato, S. Montagner, I. Fernández-
Hernández, J. Simon, J. D. Calle, S. C. Díaz, P. Walker, D. Burkey,
G. Seco-Granados, and E. Göhler, “Implementation and testing of
OSNMA for galileo,” nov 2017.
[16] L. Cucchi, S. Damy, M. Paonni, M. Nicola, and B. Motella, “Receiver
testing for the galileo E1 OSNMA and I/NAV improvements,” in
Proceedings of the 35th International Technical Meeting of the Satellite
Division of The Institute of Navigation (ION GNSS+ 2022), 2022, pp.
808–819.
[17] S. Damy, L. Cucchi, and M. Paonni, “Impact of OSNMA configurations,
operations and user’s strategies on receiver performances,” in Proceed-
ings of the 35th International Technical Meeting of the Satellite Division
of The Institute of Navigation (ION GNSS+ 2022), 2022, pp. 820–827.
[18] S. Cancela, J. D. Calle, and I. Fernández-Hernández, “CPU consumption
analysis of TESLA-based navigation message authentication,” in 2019
European Navigation Conference (ENC). IEEE, 2019, pp. 1–6.
[19] G. Seco-Granados, D. Gómez-Casco, J. A. López-Salcedo, and
I. Fernández-Hernández, “Detection of replay attacks to GNSS based
on partial correlations and authentication data unpredictability,” Gps
Solutions, vol. 25, no. 2, p. 33, 2021.
[20] S. Cancela, J. Navarro, D. Calle, T. Reithmaier, A. D. Chiara, G. D.
Broi, I. Fernández-Hernández, G. Seco-Granados, and J. Simón, “Field
testing of GNSS user protection techniques,” in Proceedings of the 32nd
International Technical Meeting of the Satellite Division of The Institute
of Navigation (ION GNSS+ 2019), 2019, pp. 1824–1840.
[21] A. Galan, I. Fernandez-Hernandez, L. Cucchi, and G. Seco-Granados,
“OSNMAlib: An open python library for galileo OSNMA,” in 2022
10th Workshop on Satellite Navigation Technology (NAVITEC), 2022,
pp. 1–12.
[22] D. Estevez, “galileo-osnma,” https://github.com/daniestevez/
galileo-osnma, 2022.
[23] “osnmaPython,” https://github.com/astromarc/osnmaPython, 2023.
[24] Septentrio, “Release notes and installation guide of the mosaic-
x5 firmware package v4.12.1,” https://www.septentrio.com/system/
files/support/mosaic-x5_firmware_v4.12.1_release_notes.pdf, 2023,
[Retrieved 1-March-2023].
[25] A. Perrig, J. Tygar, A. Perrig, and J. Tygar, “TESLA broadcast au-
thentication,” Secure Broadcast Communication: In Wired and Wireless
Networks, pp. 29–53, 2003.
[26] K. Eledlebi, C. Y. Yeun, E. Damiani, and Y. Al-Hammadi, “Empirical
studies of TESLA protocol: properties, implementations, and replace-
ment of public cryptography using biometric authentication,” IEEE
Access, vol. 10, pp. 21 941–21 954, 2022.

View publication stats