Python implementation of an anti-replay method for Galileo OSNMA using sample-level partial-correlation metrics
Galileo’s Open Service Navigation Message Authentication (OSNMA) strengthens civil GNSS against spoofing by authenticating the E1-B I/NAV navigation message [1]. Nevertheless, OSNMA is a data-level mechanism and does not inherently guarantee the freshness of range observables. A sophisticated advers...
| Autor: | |
|---|---|
| Tipo de recurso: | tesis de maestría |
| Fecha de publicación: | 2026 |
| País: | España |
| Institución: | Departament de Salut de la Generalitat de Catalunya (DS) |
| Repositorio: | O2, repositorio institucional de la UOC |
| OAI Identifier: | oai:openaccess.uoc.edu:10609/154002 |
| Acceso en línea: | https://hdl.handle.net/10609/154002 |
| Access Level: | acceso abierto |
| Palabra clave: | GNSS authentication Galileo OSNMA spoofing anti-replay SCER partialcorrelation detector unpredictable symbols sample-level detection Open source software -- TFM Programari lliure -- TFM |
| Sumario: | Galileo’s Open Service Navigation Message Authentication (OSNMA) strengthens civil GNSS against spoofing by authenticating the E1-B I/NAV navigation message [1]. Nevertheless, OSNMA is a data-level mechanism and does not inherently guarantee the freshness of range observables. A sophisticated adversary may therefore attempt near-zero-delay Security Code Estimation and Replay (SCER) attacks by estimating unpredictable symbol content on the fly and re-radiating a forged signal with minimal delay [2]. This real-time estimation constraint inevitably introduces transient chip-level inconsistencies at the beginning of each symbol [2, 3], which can be exploited for detection. This thesis proposes a sample-level, software-only anti-replay detector based on within-symbol partial correlations for Galileo E1-B. The detector compares an early window—where SCER artifacts are expected—against a reference window later in the same symbol. To operate under OSNMA’s unpredictability, the receiver applies a realistic wipe-off strategy using an internal sign estimate derived from full-symbol correlation, enabling coherent aggregation over multiple symbols. Evidence is accumulated into global decision statistics, focusing on the R2 and R3 metrics proposed in [3]. The approach is implemented in a modular Python chip-level simulator including signal generation, an SCER spoofer model with running sign estimation, an AWGN channel, and the partial-correlation detector. Performance is assessed through Monte Carlo simulation with quantile-based threshold calibration under nominal reception and split-based validation to avoid optimistic bias, and is reported in terms of achieved false-alarm probability, detection probability under SCER, and ROC/AUC behavior. The results show that both R2 and R3 can be calibrated in a stable and interpretable manner, and that detection performance improves sharply with evidence accumulation, highlighting a clear latency–performance trade-off for practical OSNMA-enabled anti-replay monitoring. |
|---|