All global financial exchanges, including the New York Stock Exchange (NYSE) and the Nasdaq, have gone digital. Large data centers hold the exchanges’ matching engines—the modern-day equivalent of the historic trading floor—in racks of interconnected servers. The Department of Homeland Security considers these data centers critical national infrastructure. Private security personnel, tall fences, and the best network security money can buy protect the integrity of the thousands of high-stakes trades executed every second within these data centers. But there is one input port that the network firewalls leave entirely unprotected. An unassuming set of antennas on the data center’s roof carry unsecured civil GPS signals directly into the core of the matching engine network. Slaved to a once-per-second synchronization pulse from a GPS-locked timing card, the individual servers in the network apply time stamps to the trades they execute. A decade ago, a tenth of a second was an acceptable time stamp resolution. High frequency traders now demand nanoseconds. What would happen if someone spoofed the civil GPS signals entering these data centers and manipulated the transaction time stamps? Three example scenarios are considered.

Cite and Download the paper:
Humphreys, T.E.,"GPS Spoofing and the Financial Sector," The University of Texas at Austin Radionavigation Laboratory White Paper, June 2011; available at