A position authentication system utilizing the white noise like GPS spreading codes as tamper proof watermarks is developed. Position authentication as used here means the process of checking whether position reports made by a remote user are truthful and accurate. In the method proposed, a segment of the GPS signal collected by a trusted user (called the authenticator) is used as a template. Another user's (called the supplicant) GPS signal is compared with the template to judge if the user's position and time report is authentic. A pseudorandom noise sequence in the GPS signal (the P(Y) code) is used as a watermark in this process. An analysis to explain how noise affects the watermark signal detection is presented. This is done by casting the problem into a standard estimation and detection framework. A cross-correlator based watermark signal detector-estimator is constructed. This is different from the traditional match filter because the noisy template of the authenticator is used in this detector-estimator. The effect of the noisy template on the performance of the estimator is analyzed. An important practical implementation issue, namely, multiple false peaks caused by C/A power leakage which mask the detection of the watermark is analyzed. A method for suppressing these false peaks is developed. A pair of prototype receivers to validate this concept are constructed. Experimental results using these receivers show that the authentication method proposed can detect deceptive position report and the resolution of the position authentication is at or better than 15 meters. This method may also be used in other GNSS system, for example Galileo, by utilizing the encrypted Public Regulated Service signal as the watermark signal.