[reflexe]

The article is a bit strange. While GPS can be used to receive accurate timing (phase correction once per second), for gps less navigation, even a picosecond accurate atomic clock wont really give any additional benefit compared to a wirst watch.

Using an accurate clock, you might be able to detect spoofing (by detecting small “jumps in time”). However, the same should be possible even with a non accurate clock (a few ppms) by detecting conflicts between the different satellites timings (since the “fake” transmitter is on earth, it will never be able to accurately simulate the real satellites’ airtime delays from space to your specific reception location).

On the other hand, if you pair a very accurate clock with a very accurate gyroscope, you might be able to replace gps altogether (https://en.m.wikipedia.org/wiki/Inertial_navigation_system) But from my knowledge, these kind of gyros are not really available for sale (but this is already outside of my knowledge, so maybe something changed).

[Aurornis]

> On the other hand, if you pair a very accurate clock with a very accurate gyroscope, you might be able to replace gps altogether (https://en.m.wikipedia.org/wiki/Inertial_navigation_system) But from my knowledge, these kind of gyros are not really available for sale (but this is already outside of my knowledge, so maybe something changed).

Dead reckoning systems are available with varying degrees of accuracy and drift depending on your budget. It's common to use them to guess location during GPS dropouts, such as driving through tunnels.

More accurate systems are available as budget allows and the military has a lot of research on this topic. Error accumulates over time, so the longer you go without a GPS reset, the worse the precision gets.

You can't fully eliminate the error accumulation over time, so they can't completely replace GPS. You still need some way to periodically refresh your ground truth position.

[RockRobotRock]

There is a YC startup doing this right now: https://www.ycombinator.com/companies/theseus

https://youtu.be/i1QRqu3Cocw

[DannyBee]

yeah, i don't get it either.

The clock is not the hard part of this. Oscillators doing 10mhz or 1pps with nanosecond accurate holdover for 24hours are easily available (for like 3k for chip-scale atomic clocks, and less for rubidium or whatever ).

Galileo et al also have publicly available cryptographic signatures so you can't actually spoof them, only jam them.

If you are trying to do navigation while jammed, the reckoning is the hard part of this, not the clock.

We solved the clock enough already.

[Aloisius]

> Galileo et al also have publicly available cryptographic signatures so you can't actually spoof them, only jam them.

Replay attacks still work allowing one to spoof location.

[DannyBee]

The first thing i said makes this sort of irrelevant, but to go down this path:

The replay attacks i'm aware of fall into two categories - cold start and warm start (mostly from https://arxiv.org/html/2501.09246v1, which has been in progress for a while)

The cold start replay attacks are irrelevant here - unless you can force-restart the gps receiver in cold start mode during flight. If you can do that, you probably don't need to spoof the signal. Especially since it requires precise timing to forge the new signal to the receiver at the right time (otherwise it detects it), etc. Seems like there are easier ways.

The warm start replay attack A. Requires you replay valid, but out of date, signals, in real time. This is non-trivial, and also limited in effect as you can only arbitrarily spoof one receiver to a location of your choosing - maybe you can get a few receivers with really good high-signal strength directional beaming of different replays, but it requires real-time tracking and adjustment of the signal of the target anyway to be able to spoof the location accurately.

Spoofing the location inaccurately is sort of pointless in most cases.

B. The attack has to change the time (and thus location) slow enough to not trigger various protections, then keep changing it slowly enough to continue that.

C. The attack requires that your receiver is too stupid to notice that a forced revert to non-authenticated time occurred, doesn't notify you of this, and then doesn't notice that time or location jumped suddenly by more than any reasonable amount. It also has to not notice that the SNR of everything suddenly changed, etc. Oh, also, they have to spoof all other sources of time, including local oscillators, etc, for you to not notice.

Given we just talked about how cheap and easy it is to have a high quality oscillator disciplined to time before takeoff, this kind of replay attack seems "practical" only in the sense that it is possible.

Are you aware of other replay attacks, if so, that'd be cool :)

Otherwise, yes, I agree you can spoof location in theory. I can't imagine a practical application of it in the scenario we are talking about.