Re: IP address <--> Global Positioning System (GPS)

From: Iwo Mergler (Iwo.mergler@soton.sc.philips.com)
Date: 05/30/02 

Date: Thu, 30 May 2002 19:07:44 +0100
From: Iwo Mergler <Iwo.mergler@soton.sc.philips.com>

Lassi Hippeläinen wrote:
>
> Iwo Mergler wrote:
> <...>
> > After finally reading that paper, it is *not* position information
> > which gets transmitted.
>
> You've done more than me, I admit, but I'll provide my two cents
> anyway...
>
> > The authentication data is a short sample
> > of the GPS IF signal, which has a bandwidth of about 1MHz. This
> > sample contains all satellite signals simultaneously.
> >
> > According to the authors, the idea works only when the samples
> > taken at host and client (at the same time) contain a few
> > identical satellites. This restricts the scheme to about 2000Km
> > range, most likely less. For more than that, they suggest trusted
> > 'relays'.
>
> So the pretender has to install an antenna close to the host antenna?
> Not necessarily in the same floor of the building. The antenna relays
> the received signal to another, more convenient place...

If you can place your own antenna close to the location of the
client (i assume that's what you meant) you want to impersonate,
you don't have to simulate the signal.

You need some kind of GPS-bug - a GPS receiver, some
sampling hardware and a way to get the information to
the attacker's computer. The extra transmission delay
can't be distinguished from a slow internet connection.

>
> <...>
> > With this in mind, I believe that it is only necessary to generate
> > a valid GPS signal for a arbitrary location to break the system.
> > This can be done in software, offline and in advance. It is possible
> > to compute the GPS signal for a given location in advance - for
> > the whole day if needed (it's < 2GBytes/hour). A modern PC
> > may even be capable to do it in real time, but I'm not completely
> > convinced about that.
>
> Seems like an easy task for a signal processor.

The biggest part of the task is to generate the GPS Gold Codes,
which needs shift registers with loopback. Most generic processors
are better at this than a typical DSP.

If you implement the generators in a $10 FPGA, you could probably
do the simulation in realtime with a 20MHz/32Bit microcontroller.

Kind regards,

Iwo

Relevant Pages

  • Re: GPS underwater
    ... >> over a GPS antenna completely stops it from receiving anything. ... My GPS receivers also have no problem getting signals inside my house ...
    (sci.geo.satellite-nav)
  • Re: Angle of antenna? Make any difference?
    ... >Only one antenna is used to transmit. ... that may not be the best antenna for the next transmission. ... received signal is from Client North and the next transmission ... horizontal and vertically polarized signals by the time they get ...
    (alt.internet.wireless)
  • Re: IP address <--> Global Positioning System (GPS)
    ... >> of the GPS IF signal, which has a bandwidth of about 1MHz. ... >> sample contains all satellite signals simultaneously. ... > So the pretender has to install an antenna close to the host antenna? ... The extra transmission delay ...
    (comp.security.misc)
  • Re: IP address <--> Global Positioning System (GPS)
    ... >> of the GPS IF signal, which has a bandwidth of about 1MHz. ... >> sample contains all satellite signals simultaneously. ... > So the pretender has to install an antenna close to the host antenna? ... The extra transmission delay ...
    (comp.os.linux.security)
  • Re: IP address <--> Global Positioning System (GPS)
    ... >> of the GPS IF signal, which has a bandwidth of about 1MHz. ... >> sample contains all satellite signals simultaneously. ... > So the pretender has to install an antenna close to the host antenna? ... The extra transmission delay ...
    (comp.security.unix)
Quantcast