Re: IP address <--> Global Positioning System (GPS)

From: Iwo Mergler (Iwo.mergler@soton.sc.philips.com)
Date: 05/29/02


Date: Wed, 29 May 2002 20:15:53 +0100
From: Iwo Mergler <Iwo.mergler@soton.sc.philips.com>

Walter Dnes wrote:
>
> On Mon, 27 May 2002 19:11:54 -0400, Will Packard, <will@nortelnetworks.com> wrote:
>
> > Satellite orbital drift is somewhat random. OTOH, the resulting
> > changes in delay and doppler shift are *very* predictable when
> > the latest positioning information is determined, and can be
> > modeled with very modest hardware.
> >
> > I don't know if ionospheric effects come into play or not,
> > but they may be much more difficult to model. I wouldn't bet my
> > reputation on it, though.
>
> OK, so the remote system on the other side of town can be pinpointed
> via GPS to a few cm. So how do you protect against somebody forging
> this info ? And don't expect to use timing of received packets. Real
> life example I ran into several months ago, before my employer switched
> providers. I ran traceroutes trying to figure out why I was having
> problems logging into work from home. The traceroutes were hilarious.
>
> - half a dozen steps from my former ADSL provider in Toronto to UUNET
> in Chicago
> - half a dozen steps from Chicago to my employer's firewall in
> Toronto, approximately 4 miles from my condo
> - 200+ millisecond trip times; ouch
>

After finally reading that paper, it is *not* position information
which gets transmitted. The authentication data is a short sample
of the GPS IF signal, which has a bandwidth of about 1MHz. This
sample contains all satellite signals simultaneously.

According to the authors, the idea works only when the samples
taken at host and client (at the same time) contain a few
identical satellites. This restricts the scheme to about 2000Km
range, most likely less. For more than that, they suggest trusted
'relays'.

The server decodes the position from the sample and checks the
timing of the common satellites.

The authors argument that small orbital errors can be used to make
forging the signal impossible is not valid, IMHO.

If SA was still active *and* the server had access to the
*classified* SA encoding, yes, it might be possible. Otherwise,
the server would not stand a chance if the client was any further
away than a few miles.

If the distance is any larger, atmospheric errors get bigger than
the unknown (not in ephemeris data) orbital errors. These errors
can't be compensated by anyone who is not close to the receiver.

Also, the effect of orbital errors on the satellite range depends
on your position in regard to the satellite. If the two receivers
are far enough apart, the effects will be completely independent
of each other.

With this in mind, I believe that it is only necessary to generate
a valid GPS signal for a arbitrary location to break the system.
This can be done in software, offline and in advance. It is possible
to compute the GPS signal for a given location in advance - for
the whole day if needed (it's < 2GBytes/hour). A modern PC
may even be capable to do it in real time, but I'm not completely
convinced about that.

Kind regards,

Iwo



Relevant Pages

  • Re: IP address <--> Global Positioning System (GPS)
    ... >> the latest positioning information is determined, ... sample contains all satellite signals simultaneously. ... The authors argument that small orbital errors can be used to make ...
    (comp.security.misc)
  • Re: IP address <--> Global Positioning System (GPS)
    ... >> the latest positioning information is determined, ... sample contains all satellite signals simultaneously. ... The authors argument that small orbital errors can be used to make ...
    (comp.os.linux.security)
  • Re: IP address <--> Global Positioning System (GPS)
    ... >> the latest positioning information is determined, ... sample contains all satellite signals simultaneously. ... The authors argument that small orbital errors can be used to make ...
    (comp.security.unix)
  • Re: IP address <--> Global Positioning System (GPS)
    ... >> the latest positioning information is determined, ... sample contains all satellite signals simultaneously. ... The authors argument that small orbital errors can be used to make ...
    (comp.security.unix)
  • Re: IP address <--> Global Positioning System (GPS)
    ... >> the latest positioning information is determined, ... sample contains all satellite signals simultaneously. ... The authors argument that small orbital errors can be used to make ...
    (comp.security.misc)