The use of GNSS Open Service (OS) for Safety-of-Life (SoL) applications requires a thorough analysis of the system performances and properties. Galileo and GPS need to demonstrate a certain level of robustness and show that the system behaviour can be accurately modelled, even under non-nominal conditions. Therefore, the characterization of feared events relevant for integrity services such as ARAIM and augmentation systems such as DFMC SBAS is carried out in the Galileo and EGNOS Monitoring of Performance by Member States (GEMOP) project under a Partnership Framework Agreement (FPA) with the Galileo Reference Centre of the EU Agency for the Space Programme (EUSPA).
In this paper the results of more than 7 years of performance monitoring of the Galileo and GPS satellites are reported. This period covers the Open Service Initial Operational Capability of Galileo from the beginning of 2017 (cf. the OS Initial Service was declared on December 26th 2016) up to June 2025. Several key metrics, such as Psat or sigma URA, that are broadcast through the Galileo Integrity Support Message (ISM) are evaluated for both GNSS constellations. Based on the reported metrics, a user evaluation is performed, moving from a theoretical performance evaluation to an actual user performance.
In this paper, the Signal in Space Error (SISE) at the Worst User Location (WUL) and number of events where thresholds are exceeded are identified . From this data, the exposure time can be derived and the a-posteriori probability of satellite failure Psat constructed. Moreover, from the SISE, also the user range accuracy (URA) is derived, which serves as a bound to the user accuracy up to a required failure probability of Psat. Lastly, also the bound to the broadcast-group delay is reported, closing the loop with the ISM message.
With the key metrics in the ISM defined, the user performance is evaluated with service volume simulations. The positioning and integrity performance of the ARAIM service is reported with metrics such as availability of the service and 95th percentile of the protection levels, given requirements following from general aviation standards (e.g. LPV-200, ICAO Annex 10). A comparison is made between legacy ISM values reported in literature and the values found over the evaluated period. A further evaluation is provided where the metrics are compared to those reported by the EUSPA based on their user performance evaluation.
Lastly, a performance comparison is performed for a user that applies this ISD to its receiver located in the Netherlands. Both static and dynamic performance are evaluated. The feared events that have been identified and characterised during the evaluation period are then injected in post-processing to test the user performance under degraded performance. This paper therefore provides a full analysis of realistic bounds to Galileo and GPS performance in context of the ARAIM service.

An increasing number of spoofing attacks on Global Navigation Satellite Systems (GNSS) all around the world, means that spoofing detection and mitigation in GNSS receivers has become more important than ever before. Detection and mitigation of spoofing have traditionally revolved around protecting the receiver from deceitful radio frequency (RF) signals with similar characteristics to true GNSS satellite signals. While this is no doubt the most common type of spoofing attack, more advanced users that require external corrections for improved accuracy are also vulnerable to spoofing of the correctional data.

Relative spoofing is one such attack specifically targeting users of real-time kinematic (RTK) receivers. These users are vulnerable, as the RTK method depends on external observations often transmitted over the internet in the open RTCM format, making them susceptible to malicious manipulation. Relative spoofing consists of carefully altering data in the RTCM messages that carry base station observations to achieve a spoofing effect in the RTK rover receiver – effectively applying a vector-offset to the true rover position. This can be done in a way that ensures that the rover maintains the belief of a fixed position with cm-level accuracy, although it is being spoofed several meters off its true position. The method was successfully demonstrated by (Larsen, et al.) who used the Base Station Simulator (BaSSim) code to spoof three mass-market RTK receivers. These tests, however, were all performed in good, static conditions in a controlled environment, and with the base station close by (<5 km baseline).

Therefore, the purpose of this study is to fully assess the threat of relative spoofing to actual autonomous systems relying on RTK positioning. To make this assessment, manipulated base station data from BaSSim is injected into the navigation system of an autonomous tractor with a GNSS heading receiver based on a dual-antenna setup. The autonomous system is then subjected to a various relative spoofing attacks at a test-range in Jutland, Denmark, assessing the impact of relative spoofing and how it is influenced by the RTK baseline, the magnitude of the spoofing vector, the dynamics of the rover receiver, and the dual-antenna navigation system.

The study will also evaluate several means of detecting the relative spoofing attack, such as quality control of the base station data, error-analysis of the rover positioning solution, monitoring velocity estimates from rover observables, and more.

Thus, the aim of this study is to provide a thorough threat assessment of relative spoofing attacks, evaluate how vulnerable autonomous systems are to these kinds of attacks, and suggest the best means of detection and mitigation.

References:
Larsen, Søren Reime, Lehmann, Lasse, Olesen, Daniel H., Jensen, Anna B.O., "Relative Spoofing: Real-Time Manipulation of GNSS Correction Data Streams." Proceedings of the 38th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2025). Baltimore, Maryland, September 2025, pp. 1486-1500.

In the second half of 2025, the Royal Institute of Navigation commissioned a report investigating the impacts of GNSS vulnerabilities in the Maritime sector. This talk will provide an overview of the findings of that report, and its key recommendations into the Maritime sector and the PNT community.

Part of the data gathering process for the report was the running of an extensive survey, which attracted almost 300 responses from mariners who have transited GNSS interference regions and experienced first hand the impacts on their various systems. The data provided by them has provided a unique insight into the degree of vulnerability to GNSS interference suffered by various systems onboard a modern vessel, and provides a coarse estimate of the probability of disruption to each system when encountering GNSS interference.

The report highlights a number of serious safety concerns which need to be urgently addressed by the maritime community, and also provides the first "GNSS connectivity map" for a modern digital vessel, which highlights the sheer scale of the issue at hand - the surprising number of systems onboard a modern vessel which are connected to a GNSS receiver for either position or time.

In this talk the presenter will also be able to provide an update on any new information that has come to light since the report's initial publication in January 2026