With GPS/GNSS signals traveling approximately 20,000 kilometers from satellites to GNSS receivers, it is technically possible to generate a fake GNSS signal from a ground station.
ArduSimple, a provider of user-friendly and cost-effective RTK GNSS solutions for drones and robotics, explains that this can mislead a GNSS receiver about its location, an issue becoming increasingly problematic for GNSS systems used on aircraft.
To enhance signal security and allow GNSS receivers to identify counterfeit signals, the European GNSS system, Galileo, has introduced the OSNMA anti-spoofing service. This service ensures secure, end-to-end communication from Galileo satellites to receivers enabled for OSNMA.
In essence, the satellite and GNSS receiver exchange a password or “key” that allows the receiver to verify if the signal is genuine. If a signal is identified as spoofed, it will be excluded from positioning calculations.
This step-by-step guide will help users retrieve and insert the necessary keys into the Septentrio receiver to activate the OSNMA service. You can repeat this process on receivers powered by mosaic-H and mosaic-X5 modules with the latest firmware versions.
Note: Galileo and Septentrio are still testing this feature, results may not be fully consistent.
Required Hardware:
- simpleRTK3B Pro
- Budget Survey Tripleband GNSS Antenna (IP66)
- A PC or laptop
Step 1: Retrieve OSNMA Service Keys
1. Log in to your account on the EUSPA website.
2. Navigate to SUPPORT TO DEVELOPERS > OSNMA PUBLIC OBSERVATION TEST PHASE and complete the form to join the OSNMA Public Observation Test Phase.
- After registering, you will receive a confirmation email, which may take around a week. Once confirmed, you can download the required key.
3. After confirmation, proceed to:
- GSC Products > OSNMA_PublicKey to download the public key (.crt file).
- GSC Products > OSNMA_MerkleTree to download the Merkle Tree root (.xml file).
4. Convert the downloaded keys into a format compatible with your receiver. For the public key, OpenSSL can be used (often pre-installed on most Linux distributions, and available for Windows as OpenSSL Light).To convert the key, enter the following command:
openssl x509 -in “C:\Users\User\Downloads\OSNMA_PublicKey_20240115100000_newPKID_1.crt” -pubkey -noout -out key.pub
Make sure to replace the folder path and key file name with those obtained in step 3.
5. Use the type key.pub command to verify the key, or open the key.pub file with a text editor. It will show as an image. Copy the key for later use.
6. Ensure there is no extra space (CRLF) between the first and second lines of the key to avoid error messages.
7. Open the Merkle Tree “.xml” file in a browser by right-clicking and selecting Open with. Locate the “x_ji” parameter of “TreeNode j4” (highlighted below).
Step 2: Configure the OSNMA Public Key and Merkle Tree Root in the Septentrio Receiver
8. Connect the receiver to your computer using the USB port labeled POWER+GPS.
9. Open a web browser and type 192.168.3.1 to access the Septentrio web interface. Go to Admin > About to check your firmware version.
- If your firmware is version 4.14.4 or later, proceed to step 11.
10. If your firmware is older than 4.14.4, follow the video tutorial provided to update it.
11. Connect the antenna to your receiver and place it outdoors to test functionality.
12. Navigate to GNSS > OSNMA. In OSNMA Configuration, select loose, and set NTP Client Configuration to off.
- In Advanced Settings, paste the Merkle Tree root from step 7 under Merkle Tree root, and paste the key obtained in step 6 under Key1.
- Click Ok and save the configuration so that you do not have to re-enter the key in the future.
13. After a few minutes, the Status should change from initializing to Authenticating. You can now view the number of Galileo satellites identified as spoofed. You are now set up to test the OSNMA service on your Septentrio receiver.
ArduSimple provides all the necessary equipment for this tutorial:
- simpleRTK3B Pro
- Budget Survey Tripleband GNSS Antenna (IP66)