[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: No matter where you go, there they are.



In a message dated 96-04-10 10:33:19 EDT, D. Denning allegedly writes:

>For two-way authentication, the reverse process would be performed. In the
>current implementation, location signatures are 20,000 bytes. For
>continuous authentication, an additional 20 bytes per second are
>transferred. Re- authorization can be performed every few seconds or
>longer. The location signature is virtually impossible to forge at the
>required accuracy. This is because the GPS observations at any given time
>are essentially unpredictable to high precision due to subtle satellite
>orbit perturbations, which are unknowable in real-time, and intentional
>signal instabilities  (dithering) imposed by the U.S. Department of Defense
>selective availability (SA) security policy. Further, because a signature
>is invalid after five milliseconds, the attacker cannot spoof the location

Umm, excuse me, but doesn't it take longer than 5 ms for a data packet to
transit from point A to point B?  We ARE talking about transmitting via the
Net here, aren't we?

>by replaying an intercepted signature, particularly when it is bound to the

Replaying an intercepted signature would completely unnecessary.  GPS
positions are calculated by comparing the phase differential between several
different satellite signals.  It would be trivial for anyone who understands
the inner workings of reprogram their GPS receiver (or build a hacked one) to
give a false location.  Simply calculate the distances to the satellites
relative to your position, (GPS already does this to determine your position)
and then calculate them in reference to another location. (This other
location would have to be close enough to receive signals from four of the
same satellites that you are receiving, if I remember GPS specs correctly.)
 Phase-shifting the signals according to the distance differences between
your true location and the other location yields a signal set that can be fed
into any GPS receiver to yield the other location, in real time.

>message (e.g., through a checksum or digital signature). Continuous
>authentication provides further protection against such attacks.

See above.  Is this a troll?

Jonathan Wienke