1996-04-11 - Re: No matter where you go, there they are.

Header Data

From: JonWienke@aol.com
To: cypherpunks@toad.com
Message Hash: 1b21a105cec961972c50853bb216efc3a887909e14e2fd3e4e4f4394869c4af9
Message ID: <960410155213466752269@emout07.mail.aol.com>
Reply To: _N/A

UTC Datetime: 1996-04-11 02:38:46 UTC
Raw Date: Thu, 11 Apr 1996 10:38:46 +0800

Raw message

From: JonWienke@aol.com
Date: Thu, 11 Apr 1996 10:38:46 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <960410155213_466752269@emout07.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-04-10 10:33:19 EDT, D. Denning allegedly writes:

>For two-way authentication, the reverse process would be performed. In the
>current implementation, location signatures are 20,000 bytes. For
>continuous authentication, an additional 20 bytes per second are
>transferred. Re- authorization can be performed every few seconds or
>longer. The location signature is virtually impossible to forge at the
>required accuracy. This is because the GPS observations at any given time
>are essentially unpredictable to high precision due to subtle satellite
>orbit perturbations, which are unknowable in real-time, and intentional
>signal instabilities  (dithering) imposed by the U.S. Department of Defense
>selective availability (SA) security policy. Further, because a signature
>is invalid after five milliseconds, the attacker cannot spoof the location

Umm, excuse me, but doesn't it take longer than 5 ms for a data packet to
transit from point A to point B?  We ARE talking about transmitting via the
Net here, aren't we?

>by replaying an intercepted signature, particularly when it is bound to the

Replaying an intercepted signature would completely unnecessary.  GPS
positions are calculated by comparing the phase differential between several
different satellite signals.  It would be trivial for anyone who understands
the inner workings of reprogram their GPS receiver (or build a hacked one) to
give a false location.  Simply calculate the distances to the satellites
relative to your position, (GPS already does this to determine your position)
and then calculate them in reference to another location. (This other
location would have to be close enough to receive signals from four of the
same satellites that you are receiving, if I remember GPS specs correctly.)
 Phase-shifting the signals according to the distance differences between
your true location and the other location yields a signal set that can be fed
into any GPS receiver to yield the other location, in real time.

>message (e.g., through a checksum or digital signature). Continuous
>authentication provides further protection against such attacks.

See above.  Is this a troll?

Jonathan Wienke





Thread