From: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Date: Fri, 12 Apr 1996 11:36:17 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <9604112026.AA8065@>
MIME-Version: 1.0
Content-Type: text/plain


>From: hfinney @ shell.portal.com (Hal) @ UGATE    
>Peter - didn't they say that the checking station is also listening
>to the satellites?  That way they can tell that you are playing back
>signals that you taped earlier because they won't match what the
>satellites are broadcasting right now.
>
>I think your idea would work if you wanted to pretend to be at a point
>which was _farther_ from each of the satellites than where you actually
>are.  Then you could delay all of the signals.  But the only way to
>be farther would be to be deep underground.  You might be able to pretend
>to be at the center of the earth, but that is not very useful.

No, the situation is better than that.

Here's how GPS works (loosely): you have four unknowns (not three):
x, y, z, and the current time.  You have signals from four satellites
reporting their x, y, z, t.  Using suitable math you construct four equations
in four unknowns, and presto, you get your four answers.

Why is time one of the unknowns?  Because your receiver only has
a rough idea of what time it is.  Remember that a microsecond offset
amounts to a 300 meter (1000 foot) displacement.  So a side effect of
GPS position measurement is accurate time measurement.  (Some
GPS receivers turn this around, and make delivering accurate time
their primary task.  They get accurate position as a side effect.)

Suppose I want to pretend that I am 1000 feet closer to satellite 4 than 
I really am.  Simple, I take the signals from all the other satellites
and delay them by 1 microsecond.  That looks like a 1 microsecond
local timebase error together with a 1 microsecond delay reduction
to satellite 4.

Yes, the checking station in this purported scheme would also listen
to the satellites.  That doesn't help at all.  It could detect that I replayed
a signal from a minute ago (unless I substitute the correct time codes,
which wouldn't be hard since they are predictable).  But there is no
need to do that and indeed it's probably easier not to.    In the description
of the article, the "signature" [sic] is sent to the checker over some
sort of comm link, which has a latency likely to be several milliseconds
or more, plus jitter of many microseconds.  If I'm a healthy distance
away from the target (say, 20 miles) that means I have to introduce an
offset of at most 100 microseconds.  If I do that in real time -- which is
no big deal -- then the checker basically has to be capable of
detecting 100 microsecond delays in the authentication data it is
getting.  And if I'm willing to be closer to the lion's den -- say, a block
or two away -- then I only need at most a one microsecond delay.

Incidentally, differential GPS is not an issue (re Peter's question).
GPS relies on knowing accurately the position and time at each 
satellite and the speed of light in between.  DGPS lets you correct
for errors in these.  The idea is simple: if you're close to a "reference
station", then the errors are essentially the same for both.  The
reference station is at a precisely known place, so it can look at where
the satellites claim it is, and deduce from that how much error there is
on the signal from each satellite.  It tells you, and you subtract out those
errors.  So while DGPS lets you get better accuracy, it doesn't
interfere with your ability to fool the CyberLocator scheme.

 paul

!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: paul_koning@isd.3com.com  or  paul_koning@3mail.3com.com
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "Be wary of strong drink.  It can make you shoot at tax collectors
!  -- and miss!"
!                -- Robert A. Heinlein, "The Notebooks of Lazarus Long"
!                   in "Time Enough for Love"