In December, the European Space Agency activated its Galileo satellite constellation, which is used for global satellite navigation. It made the European Union the third international actor with its own global navigation satellite system, joining the ranks of the United States' GPS and Russia's GLONASS satellite navigation systems.
But unlike the US and Russian satellite navigation systems, the EU's Galileo system provides unprecedented positioning accuracy and, more importantly, information security to civilians.
Satellite navigation such as GPS works by having at least three satellites constantly transmit location and time data, which is received by a GPS-enabled device. This device then calculates how far it is from each of those satellites to determine its location on the ground. While this system has revolutionized the way we travel, it is also vulnerable to spoofing, a type of cyberattack that basically tricks a GPS-enabled device into thinking it is receiving a GPS signal from a satellite, when it is really receiving a signal from the ground.
Since satellite GPS signals are relatively weak, a spoofing device can easily overpower the satellite signal and begin to transmit false location data. Depending on the GPS-device that is being attacked, the fallout can be relatively benign (causing the device's user to travel to the wrong location) or potentially deadly, such as steering a ship off course. Indeed, this latter scenario was proven in 2013 by a handful of University of Texas students who built a spoofing device for about $3,000 and used it to commandeer a yacht's navigation system undetected.
On Friday, the European Union announced its Galileo Commercial Service Implementing Decision. This memo essentially outlined how the first generation of Galileo satellites will offer commercial users highly accurate positioning and robust signal encryption for a fee. But, more importantly, it also noted that Galileo will make Navigation Message Authentication—a way of digitally signing satellite signals so that a satellite navigation enabled device, such as a smartphone or car, won't fall victim to spoofing attacks—freely available to all civilian users.
The Galileo constellation currently consists of 18 satellites, with four more expected to be added this year. When it is fully operational in 2020, it will have a total of 24 working satellites and six spare satellites in orbit. Once fully operational, Galileo will offer two main services: an open service that is freely accessible to the public with navigation capabilities accurate to the nearest three feet, and a commercial service that uses encrypted signals for and is accurate to the nearest decimeter (about 4 inches). For the sake of comparison, the American GPS system used by smartphones is only accurate to about 16 feet.
The European Union's commitment to developing a satellite navigation system that provided unprecedented positioning accuracy to civilians around the world was already a noble goal. But its commitment to Galileo's public information security has raised the bar still higher.
Since the US began developing its GPS satellite constellation in the late 70s, it has had two separate signal bands that were used by GPS receivers on the ground. One was an incredibly precise encrypted military signal band, while the other was a civilian signal band that was not only unencrypted, but intentionally degraded so that GPS positioning wasn't very accurate. In 2000, the US government announced that by 2006, all efforts at intentionally degrading civilian GPS signals would cease and the third generation of GPS satellites launched in 2007 were the first to not come equipped with this capability.
Encrypted navigation signals, such as those used on the military GPS band or the forthcoming Galileo commercial service, can only be jammed, not spoofed. But for civilian users receiving unencrypted satellite navigation signals, spoofing remains a real threat—for example, it has already been used to commandeer and crash commercial drones. So unlike the American GPS system, which offers no intrinsic anti-spoofing protection for civilian users, Galileo will include a built in method of digitally signing satellite signals to protect users from spoofing attacks.
This will be accomplished through message authentication protocol called Time Efficient Stream Loss-tolerant Authentication (TESLA). This decision was announced on Monday after Vincent Rijmen, a professor of computer security at Katholieke Universiteit Leuven, had advised the European Commission on ways to fight against spoofing attacks in the Galileo system. Rijmen advocated for TESLA for a number of reasons, although its primary benefit was that it was the digital signatures are small (only 100 bits) and the protocol could be easily implemented in the existing Galileo system.
TESLA still needs to be tested on the Galileo satellites, but according to Rijmen the TESLA authentication service is scheduled to become available on existing Galileo satellites in 2018. The main hurdle is developing a special receiver that is capable of verifying the digital signatures from the Galileo satellites, but Rijmen said these receivers are currently in development.
Get six of our favorite Motherboard stories every day by signing up for our newsletter .