Add work on the OSNMA description

gnss-sdr · Jul 15, 2024 · 9b37fae · 9b37fae
1 parent 800a45a
commit 9b37fae
Showing 1 changed file with 19 additions and 7 deletions.
diff --git a/_posts/2024-07-11-osnma.md b/_posts/2024-07-11-osnma.md
@@ -1,5 +1,5 @@
 ---
-title: "Introducing GNSS Signal Authentication"
+title: "Introducing GNSS Navigation Message Authentication"
 excerpt: "GNSS-SDR now implements Galileo's Open Service Navigation Message Authentication (OSNMA)."
 header:
   teaser: /assets/images/OSNMA_teaser.png
@@ -121,7 +121,7 @@ If the result of all these steps is successful the user can consider the navigat
   {: style="text-align: center;"}
 
 
-OSNMA defines different Authentication Data & Key Delay (ADKD) types. Each type authenticates different parts of the I/NAV data transmitted by satellites which is used to generate the associated tag. A tag is defined as a truncated Message Authentication Code (MAC). The currently defined types are:
+OSNMA defines different Authentication Data & Key Delay (ADKD) types. Each type authenticates different parts of the I/NAV data transmitted by satellites which is used to generate the associated tag. A tag is defined as a truncated Message Authentication Code (MAC). The currently defined types (others could be defined in future versions of the ICD) are:
 
 - **Tag ADKD 0 - Galileo I/NAV Ephemeris, Clock and Status:**  The tag authenticates I/NAV data transmitted in the previous I/NAV sub-frame. The data authenticated are Word Types 1 to 5, retrieved from either E1-B or E5b-I, including: IODnav, Ephemeris, SISA(E1,E5b), SVID, Clock correction, Ionospheric correction, BGDs, HS and DVS flags.
 
@@ -149,21 +149,31 @@ The tags are obtained by generating a certain MAC, following the specific inform
 
 The OSNMA-equipped receiver must store these sequences of tags. In the next sub-frame (or ten sub-frames later for ADKD 12), it will receive the TESLA key that allows it to compute the MAC and, consequently, the tags. The receiver can then compare the computed tags to the received sequence. If they match, the received data can be declared authenticated.
 
+
 ## Implementation of cryptographic functions
 
 The OSNMA protocol requires the availability of two secure hash standards (SHA-256 and SHA3-256), two message authentication code functions (HMAC-SHA-256 and CMAC-AES) for tag verigication, and two Elliptic Curve Digital Signature Algorithms (ECDSA P-256 and ECDSA P-521) for the verification of the TESLA root key. In the testing phase, only SHA-256, HMAC-SHA-256, and ECDSA P-256 are used, but the others could be used in the future.
 
 Implementing cryptographic functions in C++ from scratch is often unnecessary and inefficient. Instead, leveraging well-known, reliable, and actively maintained open-source libraries ensures robust and secure implementations. These libraries undergo continuous testing and updates, benefiting from scrutiny by a vast user base. In the GNSS-SDR implementation, the objective was to enable the OSNMA service across the broadest possible range of hardware and software environments, covering diverse setups such as embedded SoC/FPGA-based platforms, a Raspberry Pi 5, an x86-64-based personal computer, or even a macOS-based Apple silicon processor. The required open-source dependency options, which are transparent to the user and automatically picked up by the build configuration system upon availability, are:
 
-- [OpenSSL](https://www.openssl.org/) is a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication. Versions 1.x were published under a dual-license scheme that was incompatible with the GPLv3.0 license, preventing the library from being a mandatory dependency for GNSS-SDR in most GNU/Linux distributions. OpenSSL 1.1.1, relesed on 11 Sep 2018, already implemented the required OSNMA functions. The licensing issue was resolved in OpenSSL version 3.0.0, which transitioned to the Apache License 2.0, fully compatible with GPLv3.0. Released on September 7th, 2021, OpenSSL 3.0.0 and its subsequent updates support the implementation of all cryptographic functions required by the OSNMA service and have been incorporated into major GNU/Linux distributions released since 2022. For instance, in Debian/Ubuntu-based distributions it can be installed as ```sudo apt install libssl-dev```.
-- [GnuTLS](https://www.gnutls.org/) is used as a fallback if OpenSSL is not found in the host system when building GNSS-SDR. This Transport Layer Security library, published under the GNU Lesser General Public License (LGPL), is available even in older GNU/Linux distributions. However, some operating systems may omit the optional (but necessary) SSL module. For instance, in Debian/Ubuntu-based distributions it can be installed as ```sudo apt install libgnutls-openssl-dev```. In is known to implement all the required OSNMA functions since version 3.6.13, released on 24 Apr 2020.
+- [OpenSSL](https://www.openssl.org/) is a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication. Versions 1.x were published under a dual-license scheme that was incompatible with the GPLv3.0 license, preventing the library from being a mandatory dependency for GNSS-SDR in most GNU/Linux distributions. OpenSSL 1.1.1, relesed on Sep 11th, 2018, already implemented the required OSNMA functions. The licensing issue was resolved in OpenSSL version 3.0.0, which transitioned to the Apache License 2.0, fully compatible with GPLv3.0. Released on Sep 7th, 2021, OpenSSL 3.0.0 and its subsequent updates support the implementation of all cryptographic functions required by the OSNMA service and have been incorporated into major GNU/Linux distributions released since 2022. For instance, in Debian/Ubuntu-based distributions it can be installed as ```sudo apt install libssl-dev```.
+- [GnuTLS](https://www.gnutls.org/) is used as a fallback if OpenSSL is not found in the host system when building GNSS-SDR. This Transport Layer Security library, published under the GNU Lesser General Public License (LGPL), is available even in older GNU/Linux distributions. However, some operating systems may omit the optional (but necessary) SSL module. For instance, in Debian/Ubuntu-based distributions it can be installed as ```sudo apt install libgnutls-openssl-dev```. It is known to implement all the required OSNMA functions since version 3.6.13, released on Apr 24th, 2020.
+
+
+## Usage of OSNMA data in GNSS-SDR
+
+...
 
-## Other OSNMA implementations
 
-- **[OSNMAlib](https://github.com/Algafix/OSNMA)** is an open-source Python library that can be used for research purposes or be integrated into existing receivers (among them, GNSS-SDR) and applications to incorporate navigation message authentication to the positioning process.
+## Other open-source OSNMA implementations
+
+Apart from the work presented in this page, there are other very interesting open-source implementations of the OSNMA protocol:
+
+- **[OSNMAlib](https://github.com/Algafix/OSNMA)** is an open-source Python library that can be used for research purposes or be integrated into existing receivers (among them, GNSS-SDR) and applications to incorporate navigation message authentication to the positioning process. The authors have made relevant contributions to the OSNMA protocol itself, and proposed techniques for shortening the Time To First Authenticated Fix.[^Galan24]
 
 - **[galileo-osnma](https://github.com/daniestevez/galileo-osnma)** is a Rust implementation of the OSNMA protocol that can be used in some embedded microcontrollers.
 
+- **[FGI-OSNMA](https://github.com/nlsfi/fgi-osnma)** is an open-source Python library implementing the OSNMA protocol, and it is delivered by the National Land Survey of Finland. At the moment it only supports the Septentrio Binary Format (SBF), though the SBF can be read from either a file, network socket, or serial port.
 
 ## Conclusions
 The integration of OSNMA within GNSS-SDR represents a significant step forward in enhancing GNSS receiver security.
@@ -185,4 +195,6 @@ The integration of OSNMA within GNSS-SDR represents a significant step forward i
 
 [^OSNMA-RG]: [Galileo Open Service Navigation Message Authentication (OSNMA) Receiver Guidelines](https://www.gsc-europa.eu/sites/default/files/sites/all/files/Galileo_OSNMA_Receiver_Guidelines_v1.3.pdf), Issue 1.3, January 2024.
 
-[^Perrig03]: A. Perrig, J. D. Tygar, "TESLA broadcast authentication," Secure Broadcast Communication: In Wired and Wireless Networks, Springer (Kluwer), pp. 29–53, 2003.
+[^Perrig03]: A. Perrig, J. D. Tygar, "TESLA broadcast authentication," Secure Broadcast Communication: In Wired and Wireless Networks, Springer (Kluwer), pp. 29–53, 2003.
+
+[^Galan24]: A. Galan, I. Fernández-Hernández, W. De Wilde, S. Pollin, G. Seco-Granados, [Improving Galileo OSNMA Time To First Authenticated Fix](https://arxiv.org/pdf/2403.14739v1), arXiv, Mar 2024.