From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 13 Apr 1996 08:22:35 +0800
To: cypherpunks@toad.com
Subject: Re: No matter where you go, there they are.
Message-ID: <199604121849.LAA12509@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


[ Dorothy - there's been substantial discussion on cypherpunks
about your position escrow proposal; the paper that's on your web page
was posted here.]

At 03:01 PM 4/11/96 -0400, perry@piermont.com wrote:
>Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com writes:
>> Suppose I want to pretend that I am 1000 feet closer to satellite 4 than 
>> I really am.  Simple, I take the signals from all the other satellites
>> and delay them by 1 microsecond.  That looks like a 1 microsecond
>> local timebase error together with a 1 microsecond delay reduction
>> to satellite 4.
>Aren't things even worse? Since the satelite signals are not
>authenticated with anything like public key methods, couldn't I just
>synthesize a signal appropriate to any spot on the planet, knowing the
>positions of the satelites relative to that spot?

No, you can't.  One problem is that the Selective Availability coding
isn't predictable, since it uses some kind of secret military code -
so you don't know what its values are until you hear them.
So as long as you share any satellites with the recipient, you need
to be sure to output the correct codes for that satellite,
which means you need to either be in range or have access to some
internet "position remailer" site that's making them available.

As far as predicting relative timing between satellites to fake your
position, if that's sufficiently unpredictable that you can't fake it,
as Denning and MacDoran say, then it should also be equally unpredictable
to the verifier who wants to know if you're telling the truth or faking it.
And if you require systems to respond to requests for "Where are you now?"
or especially "Where were you on the night of April 13th at 8:37pm?",
the spoofer can request that information just as easily as the verifier.

One method that could be used to prevent faking is GPS receivers with
"tamperproof" digital signature capability, which would not only receive
the location information but sign it; that's not much more secure
than just having a "tamperproof" token in the first place.

As far as the multipath issues that some people have brought up,
I searched for "MacDoran" on altavista, and found several papers
on GPS multipath, so they're aware of the issue, though I don't
know how they're planning to address it.
#					Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215