Practical Spoofing Attacks on Galileo Open Service Navigation Message Authentication
Haiyang Wang, Yuanyu Zhang, Xinghui Zhu, Ji He, Shuangtrui Zhao, Yulong Shen, Xiaohong Jiang
TL;DR
The paper exposes two practical OSNMA vulnerabilities, ATS and IMA, and demonstrates concrete spoofing methods that bypass Galileo OSNMA by forcing TS compliance and exploiting authentication interruptions. It introduces real-time and non-real-time TS-comply replay, TS-comply forgery, and concatenating replay attacks, and validates them through real-world experiments using a Septentrio OSNMA receiver, SDRs, Galileo-SDR-SIM, and OSNMAlib. The TSF attack shows arbitrary-location spoofing by forging navigation data and tags with a disclosed key, while the CR attack exploits IMA during active tracking with tight replay timing (delay <= $1.4$ s). Together, these findings reveal practical weaknesses in OSNMA’s timing and continuity protections and emphasize the need for robust anti-spoofing measures beyond TS compliance. The work has significant implications for GNSS security, highlighting how timing manipulation and authentication interruptions can undermine even cryptographically authenticated navigation data.
Abstract
This paper examines the Galileo Open Service Navigation Message Authentication (OSNMA) and, for the first time, discovers two critical vulnerabilities, namely artificially-manipulated time synchronization (ATS) and interruptible message authentication (IMA). ATS allows attackers falsify a receiver's signals and/or local reference time (LRT) while still fulfilling the time synchronization (TS) requirement. IMA allows temporary interruption of the navigation data authentication process due to the reception of a broken message (probably caused by spoofing attacks) and restores the authentication later. By exploiting the ATS vulnerability, we propose a TS-comply replay (TSR) attack with two variants (real-time and non-real-time), where attackers replay signals to a victim receiver while strictly complying with the TS rule. We further propose a TS-comply forgery (TSF) attack, where attackers first use a previously-disclosed key to forge a message based on the OSNMA protocol, then tamper with the vitcim receiver's LRT correspondingly to comply with the TS rule and finally transmit the forged message to the receiver. Finally, we propose a concatenating replay (CR) attack based on the IMA vulnerability, where attackers concatenate replayed signals to the victim receiver's signals in a way that still enables correct verification of the navigation data in the replayed signals. To validate the effectiveness of the proposed attacks, we conduct real-world experiments with a commercial Galileo receiver manufactured by Septentrio, two software-defined radio (SDR) devices, open-source Galileo-SDR-SIM and OSNMAlib software. The results showed that all the attacks can successfully pass the OSNMA scheme and the TSF attack can spoof receivers to arbitrary locations.