No matter where you go, there they are.

Paul_Koning/US/3Com%3COM at smtp1.isd.3com.com Paul_Koning/US/3Com%3COM at smtp1.isd.3com.com
Sat Apr 13 04:59:29 PDT 1996


>While we may disagree with Ms. Denning on a number of political matters,
>she's quite intelligent; I suspect the paper is well-founded.

Yes, that was my initial reaction too, but the content just don't support that.
I suspect this is a case of a person well-qualified in one area (crypto)
working in very different area (GPS) where she is not qualified and does
not understand what is going on.

>GPS receivers are line-of-sight only; only a small portion of the earth can
>see the same satellites.

Well, sort of.  The satellites are up at 11,000 miles, which makes for a large
footprint.  You'd certainly see most of the same satellites from several
states away.

>It might be possible to seperately record the signals from several
>different satellites, delay them each just the right amount of time, and
>then recombine them to simulate being at another nearby location (within
>several hundred miles). 

Right, that's what several of us have been saying.

>However, this might not be possible. Examine the
>following quote from Denning's paper:
>
>:The location signature is virtually impossible to forge at the
>:required accuracy. This is because the GPS observations at any given time
>:are essentially unpredictable to high precision due to subtle satellite
>:orbit perturbations, which are unknowable in real-time, and intentional
>:signal instabilities  (dithering) imposed by the U.S. Department of Defense
>:selective availability (SA) security policy.

Sure, but that is nonsense.  Here's why.

The time delay you need to introduce a 200 mile shift is 1 ms.  The effects
Denning et al. are talking about are LOW FREQUENCY effects.  This is
obvious for orbital perturbations, since we're talking about small motions of
large heavy objects here, and it is also true for the S/A dither. Indeed
it has to be that way, since any high frequency jitter would prevent the
receiver from locking on the spread spectrum code that's at the core of
how GPS works.  In other words, at the millisecond  level, none of those 
effects exist.

Re Hal's comments:
>Note however that Denning did not mention the Internet in her spiel.
>
>I believe her method would be workable across lower latency networks, if such
>exist or eventually exist.  Perhaps direct connections or leased lines would
>provide low enough latency; I don't know.  In any case networks are likely
>to become faster in the future and her method might eventually work.
>Actually the issue is not just latency but whether the latency can be
>lied about, and for some kinds of networks that would be harder.

What a checking system actually observes is: at time T2 it receives
a message that claims to have been generated at time T1 by a system
at location X.  It would accept the authentication as valid if the elapsed
time T2-T1 is small enough to be believable.  How small this is depends
on (a) the transmission latency, (b) the processing delay in X and in
the checker.  

There are two flavors of attack on this:

1. Attacker Y uses the real-time signals from the satellites, delayed as
needed.  It sends those after processing, just as X would have done
(except that X doesn't insert the processing delay).  The elapsed time
seen by the checker differs from the case of X by the sum of the
processing delay and the incremental transmission latency (since Y
is at a different place than X, so its connection to the checker may have
either less or more latency).

This fools the checker if the incremental latency is within its tolerance.
Suppose that I'm using a LAN -- in that case a transmit delay on the
order of 1 ms is plausible.  X and Y would be about the same (of course
it has hard for Y to get on the LAN unobserved...).  If X is less than
20 miles away, the processing delay is under 100 microseconds, which
is "in the noise".

If I'm in a WAN, then the latency is likely to be greater, but even if is is
1 ms, I can be many miles away before it becomes obvious.

The above of course assumes that the signal processing is done in
hardware (or fast DSP) so it can indeed be done in well under 1 ms.
Not a big deal...  That seems to be one Denning mistake, the thinking
only of replay in the sense of long delayed spoofing messages.

2. Attacker Y synchronizes to the satellites but constructs a signal
locally that effectively "anticipates" what the satellite is about to send.
This allows it to get the effect of a negative delay (thus avoiding
the "node in the ground" problem).  Since the signal is entirely
predictable at the few-ms level, this is not difficult, though it requires
a bit more effort than the simple delay approach.  This way Y can
construct a signal acceptable to the checker, even if its transmit latency
to the checker is greater than it is for X.  It simply anticipates by
the difference plus whatever it needs to fake the position.

Finally...

As Hal also pointed out, if the system allows users to have partial
sky view, then the attacker can avoid the need for negative delays
entirely by selecting satellites closer to him than to the legitimate
user.

For anyone interested in an intro to GPS, Trimble (one of the leading
companies in the industry) puts out some skinny paperbacks
with nice clear explanations.  They sometimes are a bit at
the "see Spot run" level, but they do have the correct story.

 paul

!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: paul_koning at isd.3com.com  or  paul_koning at 3mail.3com.com
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "Be wary of strong drink.  It can make you shoot at tax collectors
!  -- and miss!"
!                -- Robert A. Heinlein, "The Notebooks of Lazarus Long"
!                   in "Time Enough for Love"


  






More information about the cypherpunks-legacy mailing list