In a message dated 96-04-10 10:33:19 EDT, D. Denning allegedly writes:

For two-way authentication, the reverse process would be performed. In the current implementation, location signatures are 20,000 bytes. For continuous authentication, an additional 20 bytes per second are transferred. Re- authorization can be performed every few seconds or longer. The location signature is virtually impossible to forge at the required accuracy. This is because the GPS observations at any given time are essentially unpredictable to high precision due to subtle satellite orbit perturbations, which are unknowable in real-time, and intentional signal instabilities (dithering) imposed by the U.S. Department of Defense selective availability (SA) security policy. Further, because a signature is invalid after five milliseconds, the attacker cannot spoof the location

Umm, excuse me, but doesn't it take longer than 5 ms for a data packet to transit from point A to point B? We ARE talking about transmitting via the Net here, aren't we?

by replaying an intercepted signature, particularly when it is bound to the

Replaying an intercepted signature would completely unnecessary. GPS positions are calculated by comparing the phase differential between several different satellite signals. It would be trivial for anyone who understands the inner workings of reprogram their GPS receiver (or build a hacked one) to give a false location. Simply calculate the distances to the satellites relative to your position, (GPS already does this to determine your position) and then calculate them in reference to another location. (This other location would have to be close enough to receive signals from four of the same satellites that you are receiving, if I remember GPS specs correctly.) Phase-shifting the signals according to the distance differences between your true location and the other location yields a signal set that can be fed into any GPS receiver to yield the other location, in real time.

message (e.g., through a checksum or digital signature). Continuous authentication provides further protection against such attacks.

See above. Is this a troll? Jonathan Wienke