From: mccoy@communities.com (Jim McCoy)
Date: Fri, 12 Apr 1996 02:32:04 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: No matter where you go, there they are.
Message-ID: <v02140b02ad91db64cd39@[205.162.51.35]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:53 AM 4/10/96, Hal is rumored to have typed:
> Peter - didn't they say that the checking station is also listening
> to the satellites?  That way they can tell that you are playing back
> signals that you taped earlier because they won't match what the
> satellites are broadcasting right now.

There is going to be processing and network delay involved here (unless
Denning et al have figured out some way to communicate faster than the
speed of light), so drift between the what you report and what the checking
station and repeaters are hearing _at that time_ is inevitable.  This is the
loophole which allows  Peter's attack, a loophole which cannot be closed
(because the spoofer can always claim to be on a slower link than she
really is and there is nothing the verifiyer can do to prove otherwise.)
If I want to pretend to be closer to the receiver than my true location I
simulate a slow link which gives me enough time to record what the signals
would be at the near location and then quickly resend them to give the
appearance of the spoofed location.

In fact, I think that this really all boils down to trying to use GPS
as a non-interactive proof of location, and the information posted about
the system does not address the obvious attacks on such systems which
are known from research into ZNPs.

> If their authenticated repeaters are used then you have to assume the
> checking station has all the satellite signals and again the best you can
> do is pretend to be a Mole Man.

The authenticated repeaters may collect all signals, _but the receiving
station does not get them all at once_ because it will take time for
the signals to propogate from the repeater back to the station attempting
to determine location. Having all of the signals does not help the
checking station other than allowing it to share a set of sats with
the person attempting to authenticate.  It still does not

And perhaps more importantly, do you really want anyone you connect to
on the net to know your location to the nearest 10 meters?  What is
Dennings fascination with building Big Brother?

jim