On Thu, 22 Jun 2000, Technical Incursion Countermeasures wrote:
> Get yourself a GPS reference - that way the chances of incorrect time data
> is very minimal (sure you could try and spoof the data - but hey its not
> easy and DGPS will solve it pretty much)
I'm not clear on how DGPS would solve an active spoofing attacker - if
you've got the gear DGPS is probably easier to spoof than the original
signal since it's not (always- there are systems that do) comming off a
bird and the defender can't rely on look angle, no? 170-300W for a legit
station doesn't make it that difficult to send a new DGPS signal with a
directional antenna from a mobile power source. Current studies seem to
indicate that interferrence is a problem between stations. It's not clear
to me (and I don't have my GPS rerference materials handy - is the time
stuff even a part of the DGPS "correction" and is it mandated to be
generated externally, or will a DGPS base in the same area lock to the
same spoofed source?
(It's unclear to me how the USCG 'Integrity Monitor' stations monitor
integrity unless they're only worried about position not time - time synch
doesn't seem to be part of the spec for an IM outside of accounting for
its own clock drift unless it's burried way down in the specifications?)
> A Magellan GPS is pretty darn cheap nowdays and they happily interface to
> unix box running xntpd..
It's worth playing with how often you synch to the higher stratum
source such as GPS and deciding what to do if it's not available (storms,
jamming (intentional and unintentional), equipment failure or bugs...) as
well as notifying on significant drift (it might be an interesting
vector of attack on some institutions to continue to set the time back -
esp. trading organizaitons.)
Don't get me wrong- I've been pushing GPS as a time source for years (and
getting strange looks from facilities folks when I've been up on rooftops
checking look angles), but like all technologies it's important to think
about natural and man-made failure modes. In almost all cases, an
internal synchronization with failover sources is safer though not as
accurrate.
Before dismissing man-made failures as "like anyone would do that to us",
it's crucial to think about the neighbors. I'm in the Metro DC area, and
who knows what great targets are in the immediate vicinity where a GPS
attack could prove "interesting" to an attacker at some point in the
future.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
