Our company is developing and producing some GPS based hardware (GPS GNSS OBUs). Even so I'm working in a different group, not involved in design/support of these, back in 2007 we had internal courses for R&D employes that was presented by a professor who is considered to be one of the leading authorities in design of GPS (unfortunately I don't remember his name right now). One of the thing that was said on these courses was that GPS spoofing is a problem that isn't possible to prevent by means of cryptography. Here is explanation why:
Let say you have two directional antennas:
- the first antenna receives GPS satellite signal
- and second is retransmitting the same signal with higher effect in the direction of GPS receiver you want to spoof.
The only thing is required to spoof positioning of GPS receiver is to put a few microseconds delay in retransmitted signal. Having higher output effect from spoofing antenna can make original satellite signal to be completely invisible for spoofed GPS receiver (satellite signal is rather weak, so it would not be any problem in achieving this). The position is calculated by time difference between timestamped signals received from different satellites visible to GPS receiver. So, the satellite and receiver can encrypt and sign the signal whatever they want. But for as long as adversary is able to receive satellite signal and retransmit exact same signal with few microseconds delay, with higher effect - spoofing of GPS receiver is a done deal.