This paper examines the Galileo Open Service Navigation Message Authentication (OSNMA) and, for the first time, discovers two critical vulnerabilities, namely artificially-manipulated time synchronization (ATS) and interruptible message authentication (IMA). ATS allows attackers falsify a receiver's signals and/or local reference time (LRT) while still fulfilling the time synchronization (TS) requirement. IMA allows temporary interruption of the navigation data authentication process due to the reception of a broken message (probably caused by spoofing attacks) and restores the authentication later. By exploiting the ATS vulnerability, we propose a TS-comply replay (TSR) attack with two variants (real-time and non-real-time), where attackers replay signals to a victim receiver while strictly complying with the TS rule. We further propose a TS-comply forgery (TSF) attack, where attackers first use a previously-disclosed key to forge a message based on the OSNMA protocol, then tamper with the vitcim receiver's LRT correspondingly to comply with the TS rule and finally transmit the forged message to the receiver. Finally, we propose a concatenating replay (CR) attack based on the IMA vulnerability, where attackers concatenate replayed signals to the victim receiver's signals in a way that still enables correct verification of the navigation data in the replayed signals. To validate the effectiveness of the proposed attacks, we conduct real-world experiments with a commercial Galileo receiver manufactured by Septentrio, two software-defined radio (SDR) devices, open-source Galileo-SDR-SIM and OSNMAlib software. The results showed that all the attacks can successfully pass the OSNMA scheme and the TSF attack can spoof receivers to arbitrary locations.

翻译：本文研究了伽利略开放服务导航消息认证（OSNMA）方案，并首次发现两个关键漏洞：人为操控的时间同步（ATS）与可中断的消息认证（IMA）。ATS允许攻击者在仍满足时间同步（TS）要求的前提下，伪造接收机信号和/或本地参考时间（LRT）。IMA则使得导航数据认证过程可因接收破损消息（可能由欺骗攻击导致）而暂时中断，并在后续恢复认证。通过利用ATS漏洞，我们提出了一种符合TS规则的重放（TSR）攻击，包含实时与非实时两种变体，攻击者在严格遵循TS规则的前提下向受害接收机重放信号。我们进一步提出符合TS规则的伪造（TSF）攻击：攻击者首先使用先前披露的密钥基于OSNMA协议伪造消息，随后相应篡改受害接收机的LRT以满足TS规则，最终将伪造消息传输至接收机。最后，基于IMA漏洞我们提出级联重放（CR）攻击，攻击者将重放信号与受害接收机信号进行拼接，使得重放信号中的导航数据仍能通过正确验证。为验证所提攻击的有效性，我们使用Septentrio生产的商用伽利略接收机、两台软件定义无线电（SDR）设备、开源Galileo-SDR-SIM及OSNMAlib软件进行了真实环境实验。结果表明，所有攻击均能成功通过OSNMA验证，且TSF攻击可将接收机欺骗至任意指定位置。