Slashdot Mirror
Authentication Via Geographical Location?
RudeDude asks: "
While reading Cryptonomicon I became a bit paranoid about encryption and digital signatures but it has me thinking a bit as well.
I'm trying to visualize a way to prove my physical location in a cryptographically strong way and I can't think of one. My digital signature proves who I am, but wouldn't it be nice if I could also give proof of my physical location at a given time stamp?
I've thought of only a few things that would be very hardware dependent, etc. but what I really think would be cool would be something that is as strong as digital signatures. Some sort of GPS/MD5 signature that a third party could confirm so that it would be impossible to spoof my location. " This question has been asked a bit by people looking to restrict services to various countries, but currently one can't be sure if the IP a person is using is really the location from which the connection is being made. Would a system like the one described above be a possible answer?
"This is mostly just a thought experiment, but I am curious to see what other Slashdot readers could maybe dream up. In my opinion (and I'm sure many others as well) my current meatspace coordinates usually mean much less than my network 'location' does, but I can think of many times where proving my meatspace location could be just as important as proof of identity."
We currently have certificate authorities that vouch for the person... Acknowledging that he is who he says he is...
Why not location authorities that say "we are reasonably sure this person is who he says he is, and he was at this location at this date/time".
"How does the LA (location authority) know where ou are, pictures would be good. Go to the "Location Authority", stop and get your picture taken.
Then you would have a certificate that said "I was in Paris on Nov 11/2000" You could use that for tourist tax refunds, or whatever.
This could even work for trucks... The location authority has a camera set up at a roadside location. As the truck goes by a picture is taken and datestamped, and now you can prove that that truck was at that location at that time.
The fundamental problem with using IP to establish location is that IP was designed to seperate physical topology from network topology. In other words, you're not supposed to know where hosts are at.
There are three main reasons in my experience why people want to do this:
- Marketing. Companies want to do targetted advertisements and such. Using source IP is a bad way to do this - though there are some companies who use DNS tricks to do this with some success.
- Legal Protection. Because of bogus laws in various locations around the world (Virginia, Afghanistan, wherever), companies want to avoid sending certain data to certain places. However, this almost always is mainly intended as a CYA (or "good faith" in legal circles), rather than to actually solve the problem.
- Curiousity. Networking people do tend to have a certain amount of natural inquisitiveness. That's why they look at HTTP logs, for instance - not just to see where the best pron is.
Any even mildly determined individual can cross national boundaries with ease. Use telnet/ssh into a machine in another location. Also, ISP's transit data between countries (lots of countries in eastern Europe and the middle east use satallite downlinks with bases in North America, for instance).There was a Spatial Relation BOF at the IETF in Australia this spring, but I don't know how that work is progressing. I expect that voluntary location is a solvable problem. You can also pinpoint someone's farthest possible location with simple speed of light calculations. Anything else I expect is either impossible or intractable.
Shane
Ah, at last we're getting it right! Using the notion of spacetime coordinates really nails an event.
Now, whether this is politically good or bad I'll leave to those more savvy in that arena.
Official Pi Ambassador -- inquire for details!
I frequently have to give a landline number rather than a mobile number, if nothing else but to prove I am who I say I am - and I am where I say I am.
Not to mention that the killer app for WAP and bluetooth and the whole "mobile internet" thing will be mobility based.
If you can prove where you are, your provider can use that information to be able to return information based on your locale.
--
"I do not speak for my employers, though they are controlled from my Teddy's huge pulsating brain."
You don't have to have it embedded in your skin - you simply have to provide a piece of information only you would know, such as your PGP/GPG private key
And what if I log in over a secure connection during the bank robery to prove that I was at home then? I could even use the X10 connection to flip the lights on and off so my neighbors could vouch for me.
JET Program: see Japan, meet intere
I just found a flaw in my own plan. The location is based on the difference between the arrival times of the signals, not the contents of the signals per-se. It would still be possible for someone to record the encrypted messages from the satellites and misrepresent when these were received by the GPS, thus misrepresenting their location.
I still like having the encryption in the satellites because it is very hard to tamper with. A scheme where the encryption is done in the receiver seems easier to break. There's a better solution but I can't quite think of it right now.
As for the usefulness of this, I hope this can be a tool for people to prove their whereabouts, but that it never becomes a requirement for anything.
JET Program: see Japan, meet intere
Even assuming the picture can't be modified, all you proved was you were at Paris on or after that day.
-David T. C.
If corporations are people, aren't stockholders guilty of slavery?
We seem to be doing fine with IPv4 combined with NAT. Ugly, but it works. IPv6 seems to be suffering from a combination of second-system effect, and too many cooks.
The geographical features in particular show that the people who built it haven't taken the Internet and what it represents to heart.
Inside IPv6 is a small, easy-to-implement protocol waiting to get out. Hopefully someone will notice.
Need a Python, C++, Unix, Linux develop
Yet another reason not to adopt IPv6.
Need a Python, C++, Unix, Linux develop
It only proves that someone/thing that had access to your secret key has signed it. This is an important distinction that most people fail to make.
Other than implanting a homing beacon in your skull, I can't think of a way to "prove" anything. Anything else is subject to tampering or transmission.
I heard a rumor that satelite phone occationally wake up and broadcast their position the the satellites, even when they are not in use. Any truth to that?
So a GPS reciever can be faked into reporting a specific destination when it has no other data to go on. But that doesn't mean that a GPS reciever sitting next to it and listening to N satellites for real GPS data would believe your GPS' report of its location. And wouldn't millitary-grade GPS systems have a way of figuring out what GPS datastreams are "real" and which are fake?
.com opportunities left..
My understanding of how GPS works (yes, probably another poorly informed slashdot poster) is that the GPS satellites send out clocking information and some other magic that allows recievers to triangulate to determine position. If you're trying to authenticate your location via GPS AND the system you're trying to authenticate to has its own independant system of GPS data verification, wouldn't the authenticatee be able to pass raw GPS data to the authentication system for verification?
I guess what I'm getting at: Is there anything in the GPS datastream that is unique enough over a short timespan that an authenticator with its own GPS information feed could use to at least verify the GPS information it receives? Of course this might mean having compromisable GPS authenticator "field offices" that have access to some high percentage of GPS satellites so you know the information being passed to you is valid, but hey, it could be one of the few
On a similar thread I would like a method of timestamping that couldn't be spoofed. For example I would like to be able to record when I came up with a certain idea or make a prediction like "Linux will have X market share by date Y" and then be able to prove that I did it on a certain date. I can already see one problem with the potential solution. I'm reminded of an episode of the US T.V. show "Cheers!" where the main character Sam finds out he's going to sleep with the main female character, Rebecca I think. He pulls a piece of paper from his pocket and reads it,
"Today, April 23rd 1982, I will sleep with Rebecca"
Someone replies,
"That's amazing! How did you know that?"
He replies,
"Simple, I make a new one every day."
For example you have to make sure that someone can't just sign multiple documents saying that "Nader will win", "Bush will win", "Gore will win" etc..
So, how do you prove that you signed something on a particular date? Does it require a third party? I don't like the idea of a centralized third party. Perhaps some sort of system where the time/date was verified by several timeservers in different countries run by various groups so you could be pretty sure that the system wasn't compromised.
Any thoughts?
Unless you happen to be on AOL?
I would suspect that AOL also suballocates its IP addresses, and probably gets its European IP addresses from the European pool.
I'll buy the hit about connecting long distance to your ISP though!
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
For these records one could then determine the 'average' shopping location (ignoring on-line purchases) and the last shopping location...
Mobile phones could also be used - the phone companies (can) know the current location of the phone and have details of its owner... You just need them to give access to the data...
Back when iCraveTV was litigated, they promised to return with better security, implemented with the help of www.bordercontrol.com. Try it out, it's pretty exact (at least with the country).
However, all this will be useless if you use a bouncer or a web proxy at a different location. Any location information on the Internet can be spoofed with the current technology. I'm not sure if IPv6 will change anything, so far I haven't noticed any location-specific header field in the specs.
I'm waving now.
Do a couple of jumping-jacks.
Yeah, ok, you're there, third window
from the left.
Good. Can you send me the software,
then?
there are still ways of making non-SA-impaired GPS more accurate (beyond design limitations): differential based on the timing of the chips, differential based on the carrier's phase shift, etc. All you need is a fixed station.
This an FCC regualation for Cell phone companies - to be able to locate 911 callers within 10-20 Meters. The mandatory system has nothing to do with placing GPS systems in phone because ALL phones - old AND new - must be trackable. They are doing this using sycronized receivers on the Cellular stations and using time differentials to pinpoint the position of the cell phone.
This is a good example of a "Trusted" 3rd party system. And I mean trusted in teh sense "I trust the information" and not in the sense "I trust the phone company"
Also TDMA / GSM systems use "advance timing" signaling to tell the cell phone broadcasts a packet a little ahead of its time slot so that when the signal reaches the antena from a far off distance, the packet will arrive within its window - thus on digital systems the switch knows how far you are based on timing errors!!
Maybe I should clear up what I mean by "advance timing" !!!
... should have called it "timing advance inforamtion" or something !!
... they make money on phone calls. As long as they make more money on phone calls than on collecting and selling this information (Point to point phone calls makes more money than advertising by a long shot - and collecting that info on millions of calls a day would cost a shitload) they will not concentrate on it - they are tracking you because they must - not because they can or want (well they may want to but for cheaper, much cheaper)
The current digital Cellular standards - in the US this is VoiceStream, AT&T - including GSM and D-AMPS (Not Sure about CDMA) use some thing called Time Division Multiplexed Access (TDMA). For North America every cellular "channel" ( channel is 30 Mhz of bandwidth) is split into 3 time slots (This is why all cellular companies are moving to digital 3 times as many phone calls in one older analogue - AMPS - channel )
Now if I am 20 km from a cell site it will take 60 micro seconds for my signal to arrive at the antenae. The switch will detect this. If my signal arrives to much out of sync I will squash the signal arriving from someone else using the next time slot. So the switch - through signaling embeded in the downstream link (phone is full-duplex) - will tell my phone to send the digitized voice packet 60 micro seconds ahead of time so that the time to travel to the antanea is taken into account and my packet hits its time slot to perfection. A time slot is in the order of 10's of milliseconds wide - I don't remember.
From this - the switch can know roughly how far you are from the antenae. This info is currently not collected unless you are debugging the air interface - and collecting this information IS CPU intensive on a switch degrading its performance. That is "advanced timming"
Currently what they are doing for phone tracking is placing a second receiver on the base station antenae. The switch also know what other antanae are in the vicity of the cell phone (for handoff purposes). On a 911 call the switch will signal these additional receivers on the surrounding base stations to listen and time stamp your voice packet. This information is passed back to a computer that can calculate your location.
In Any given cellular switch ( handles about 60000 simultaneous phone calls !!! ) there is only a handfull of 911 calls - a switch could not track EVERY phone call in a system, it would make the network cost too much!!! And remember AT&T makes no money tracking you
One could use a device reading fingerprints connected to your computer/cellphone/... This would prove that it is you.
Mark
It would be possible to set something up with the collusion of your ISP, if you have CLID anyway. Short of getting a certified tamper proof networkable GPS chip surgically implanted into your body, well you can't. Which is a good thing indeed. It's very hard to set up a system that you couldn't relay round somehow. Oh, actually... if you want to prove your physical location to someone, have them come and meet you.
~ppppppppö
So what you really want is the GPS receiver to internally sign the data coming out with a private key that the receiver manufacturer holds?
This would prove that the GPS data was provided by the card and was not tampered with after it came out. From there, it's up to the person to sign the GPS data to verify that he/she believes the GPS data represents their position.
It would be quite simple for a GPS receiver to have a built in manufacturer key and sign data it produces.
Heh. That just gives proof that your eye or finger is with the GPS wherever it is located. A crafty kidnapper could cut off a finger and take it somewhere else with a GPS.
or something like that.
blog
Oh, and the alternative is?
--------
Life is a race condition: your success or failure depends on whether you get the work done on time.
Nope, EEPROM isn't secure enough. You need DRAM, and you need to shuffle the key around to avoid electron migration.
Then just have it so if it's tampered with, the power is cut.
--------
Life is a race condition: your success or failure depends on whether you get the work done on time.
IPv4 addresses can also be traced to you, albeit with *slightly* more difficulty.
NAT and dynamic IP addresses are the two most troublesome systems on the internet. They're the reason we have all these klugy client-server protocols (instant messengers and the DynDNS come to mind) that would be better replaced by true peer-to-peer protocols (like SMTP, DNS, internet phone, etc).
If you're worried about anonymity, have a look at the Freenet project, rather than hindering the much-needed adoption of IPv6.
Some benefits of IPv6 off the top of my head:
--------
Life is a race condition: your success or failure depends on whether you get the work done on time.
There's nothing really different about the military-grade signal, except the sequence is significantly longer (repeats every 3 days, IIRC), and there are 2 frequencies (for compensation of atmospheric interference).
AFAIK, it's not signed or anything.
--------
Life is a race condition: your success or failure depends on whether you get the work done on time.
A combo GPS/cell-phone device. The device is manufactured in such a way that attempting to
hack it physically will destroy the device. Then you call a phone number, or some agency calls your cell phone, and you give a voiceprint and some PIN-like key to prove that it is, in fact, you on the other end.
This should be sufficient if you want to prevent others from impersonating you. For situations where one might *want* their buddy to impersonate them (e.g. provide an alibi), the agency that is relying on this device as proof of position, could equip the device with a fingerprint scan or a retina scan. That way, *you* are confident that nobody will impersonate you against your will, and *they* are confident that nobody is impersonating you against *their* will.
- smart cards,
- Unique person IP's
- geographically asigned IP's,
- or eyeball / fingerprint / DNA recognition,
is that someone, on the other end knows who you areAny company that we depend upon to design or implement this technique, will become (at least to some perspectives) a big-brother entity.
Who can be trusted to take on such a role? If it is an open - source solution, how would we keep the code from forking like the Windows Manager(s) of an OS that we all know and love? What happens when a company is trusted to implement this system by 51% of the "known good and decent computers of the world" and then mandates the use of an obscure field (MS-Kerberos)?
And why can we expect that this would be accepted by the computing public, given our reaction to cookies, the PIII Proc. ID, and any number of other percieved infringements on our privacy? I know Slashdot is not representative of the Computing Public as a Whole, but our sample reactions may not be too far off-base.
Where does the right to privacy give way to the right to be properly identified and trusted? and Vice Versa?
It could be something like a tightbeam transmission to the asserted location (which must then be encoded and sent back to us), but what you've actually done there is verify that the person making the assertion has a receiver at the tested location.
An Orwellian "1984"-esque surveillance system would allow for visual verification of asserted location (and depending on the available data, verification that you aren't anywhere else either (you don't have a doppel at the claimed location)), but would come at a serious cost of privacy, hopefully made obvious by my choice of a definition.
In short, I'm not interested in paying for the installation of an infrastructure that allows you or anyone else to verify my current location...
Regards, Ross
All this proves is that Bob's internet uplink is in France.
Trees can't go dancing
So do them a big favor
Pretend dancing stinks!
A Private h2g2-like database could do this.
For instance, (after establishing identity conventionally) I claim that I am at my college's computer lab, at XX terminal. It tells me to read the serial number from under the keyboard. if I get it right, I'm in.
Of course you would need a large number of facts for any verifiable location, and they'd have to be things you wouldn't think to memorize beforehand, and preferably things that won't change too often, unless you can keep the DB up to date with the changes, in which case fast changes are good.
lsmvcprm.com, Tools for geek power
As far as I can see, this discussion is trying to figure out how to prove where a user is. This could be done via GPS or some other position specification technology. On a different tack, one could use source defined routes if they were available. That way, when a user is first logged into a system, the server can figure out how to get to their subnet. Once this has been found once, all subsequent transmissions could be sent to the same location. This way, someone connecting from the wrong network will not be able to use the server. I'm guessing that internet backbone routers don't like being told what to do, so this is wouldn't be a viable option.
And even worse, Amazon could now target prices based on the economy of your neighborhood.
They already have your ZIP. Wouldn't that work just as well?
--
One more drink, and I'll move on. --Dave Matthews Band
As strong as digital signatures?
Art thou on crack? If so what brand crack of art on thou?
A fax counts as digitally secure and binding. Yuck. A 5 year old could forge one easy. Clicks count as a binding agreement.
Digital signatures may be strong "legally" in that you can get sued even if you don't even own a computer, but that only makes me more worried.
The other thing was:
Someone earlier mention an interesting chain of authentication to prove that they were who they said they were.
How about having the user enter the key into the system to decrypt that days instructions on how to finish authenticating.
The message on the other side of this sig is false.
I think Casio makes a watch.
Hehehe. Pr0n sites wouldn't be dumb enough to restrict lots of potential income, just because the bible belt might not like pr0n as a category...
-----
How about Digitally signing your SecureGPS encoded urine sample, before it is teleported to the local Fuzz.
The current Slashdot moderation system is made by gay communists!
You don't have to have it embedded in your skin - you simply have to provide a piece of information only you would know, such as your PGP/GPG private key...
This is a tad offtopic, but there's some interesting encryption functionality built into MacOS 9 that achieves this functionality on a file-by-file basis...
yeah then you take the picture home and put whatever date you want on it after you scan it onto photoshop. Pictures haven't been accepted as proof for anything in a while.
A blog about stuff.
There is no way to do it. The general theory of relativity will prevent any attempted proof of location.
I am not a lawyer.
--Fesh
"Citizens have rights. Consumers only have wallets." - gilroy
--Fesh
Kill -9 'em all, let root@localhost sort 'em out.
--Fesh
"Citizens have rights. Consumers only have wallets." - gilroy
--Fesh
Kill -9 'em all, let root@localhost sort 'em out.
On the other hand, this article is asking, "well, what if I want to be able to voluntarily confirm my location for the purpose of authenticating my identity? What technology would I need?" These are very different problems, and it's not an inconsistency to complain about both at the same time.
--Fesh
"Citizens have rights. Consumers only have wallets." - gilroy
--Fesh
Kill -9 'em all, let root@localhost sort 'em out.
why not brute-force it? a independent database could be maintained of IP addresses, each of which has a geographic location associated. People who *want* to be found geographically would enter all teh IP's they want to allow others to track in the database themselves. anyone who doesnt want to be tracked geographically simply wouldn't bother entering their IP.
also many domain lookups correspond to actual companies - there shoudl be an easy way to parse WHOIS lookups and assign geography to those.
I don't think its feasible or even a good idea to get truly accurate automatic universal geographic lookups. The best compromise between privacy and the need for that info would be to associate a "home" address with a given IP. That way you know that Microsoft.com is in Redmond but you don't know for sure if billg@microsoft.com is sitting in Redmond or across the street.
Don't blame me - I voted for Howard Dean. http://dean2004.blogspot.com
While the PKI functions are not present, well SMOP. The existing system has optional tracking; you can turn off sharing your location with the server.
Current services are things like "where's an ATM", "Get me a cab to where I am", etc.
BEGIN OPINIONS
When talking about reliability of this information, there are two big chunks:
I think a cooperative, security aware user could make a case for using this technology to prove their location to a civil court standard; getting a criminal court standard beyond a reasonable doubt requires the second.
And that's hard! You can't trust devices in the hands of deceptive users; any private/public key in the device can be cloned.
Possibly you could build protocols that relied on continuous availablity - but then how do you deal with, say, airplane travel? I'm thinking of things like negotiation every time you cross a cell boundary to establish that the unit with identity A exiting cell site Q is the same one that entered. It'd probably have heaps of false negatives - wireless just isn't that reliable.
Henry Troup Nortel Networks eXtremeVoice
My personal position or opinion should not be confused with the position or opinion of Nortel Networks.
I think you mean a GPS receiver is bigger than a grain of rice, but smaller than a book.
We've got some GPS that clip onto a Palm* VII and exchange data with it. Smallest GPS I've seen is pager-sized, and the GPS add-ons to cell phones will necessarily be very small additional volumes - but then the big RF stuff is already there.
Henry Troup
My personal position or opinion is not that of Nortel Networks.
Well there's SkyGuard 200, a GPS-based solution from BI. Maybe Mitnick could have a new career if he can find a way to apply that sort of technology to this problem.
Its a good idea, and it would be neat to see it implimented, but i dont like it when i think of the privacy violations
Anyway, it sounds like some other people have thought about this stuff, too, and have thought it worthwhile enough to form a company based on the technology. Give it a look.
-----------------
A way to prove your location online may be 'cool', but I don't want it: I think it's a feature of the internet that physical location doesn't matter any more.
or dial long distance?
Maybe Quova
Icebox
Amusingly enough, some college kids figured out how to, via supersampling [taking lots of readings instead of only onw], average out the imposed errors and get extremely accurate results.
[They published an article about it, too]... thus, enemy states could easily make accurate GPS recievers to, say, guide cruise missles. [As if 30 yards isn't accurate enough, anyway!]
Likely because of this, the governemnt turned of the induced error in the civilian signal last Feburary.
---
man sig
---
the pen is mightier then the sword. the sword is mightier then the court. the court is mightier then the pen.
Unless you get all three it's possible to forge a claimed location.
Paul Robinson
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
Spoofing isn't even necessary. I could easily hide behind a proxy. I could request a web page through anonymizer.com or from some proxy a friend sets up for me in a different country. You'd have no idea where I really am.
perhaps there could be some way of reading a fingerprint, or other physical unique print (DNA, iris,..), and then sign it with the GPS signal and some other nice cryptographic signature.
But, ofcourse, how can one be sure that the physical print signal really comes from the same location?
Maybe if we had a way to measure the round-trip time between the reader and the GPS - sorta like a ping. hmm.. I think it could be done without (easy) spoofability. what do you think?
Companies and governments are often trying to think of ways to profit or reduce losses, by treating people differently based on location. The sooner we take a more global, even national, approach the better.
Bugs: How fast radio signal actually travels? How long delay is allowed?
ObPatent: Method of indentifing machines location using multicasting datastreams...
--
I figure that you could use NMEA streams, qualified system time (sufficiently accurate xntp supported clock)and time to & at destination. to work a 4 way "locatication".
The nmea protocol spits out all sorts of satellite specific data which will only be valid under the correct location, this could be refered to a clearing house to get a validation for a given location & its satelites (rather than have the astrometric database in the open).
This would of course link to the authenticating system's time, and the network lag involved in the transaction. (ie is the data being spoofed)
Here is an article that mentions both the rice-grain animal implants and the Digital Angel ( but you may want to visit the main site so they get their hit count up.)
Enjoy the paranoia!
To email, do the obvious.
I do believe that IPV6 is going to provide the exact functionality you are describing. Although IPV6 has been around about as long as IPV4 in my memory, IPV6 will solve alot of these problems. Check out http://www.ipv6.org/.
Method and apparatus using geographical position and universal time determination means to provide authenticated, secure, on-line communication between remote gaming locations
Authentication of a message source
Frylock: That's not a toy!
Master Shake: You say that about everything you own. You should own toys. They're fun.
Actually, near the beginning of the year, the US Govt disabled the part of the GPS system that did not allow for pinpoint accruacy. They had originally placed into all GPS systems (non-military, anyways) a system that threw off the reading by X number of yards/meters.
As I was reading this, a truely scary and erotic spy movie started forming....
there are no stupid questions, but there are a lot of inquisitive idiots
You'd have to do something like sign your GPS signal, but at the end of the day, it's only a text stream which could easily be faked. You'd have to somehow prove that that stream came from a GPS that you're holding. I can't see how it could easily be done, without building authentication into the GPS system. Actually, you can have GPS phones, so GPS's could be bidirectional, maybe you could somehow authenticate their position by getting the GPS to transmit the identity of the person back to the system. Again - I'm not sure how you could secure this - it could easily be spoofed. You'd also have no idea if the person was actually there, unless they'd signed the transmission every few minutes - someone could mug you for the GPS and make off with it :)
Clearly the only solution is to take a digital camera, and photograph yourself at your location, and upload it to the person concerned using wireless networking :)
Nick...
There is such a thing. The Digital Angel is made by some company here and is emplanted under the skin. It can sense GPS, etc. Just check it out. It's a tiny rice grain sized tracking device for implant into humans. big brother (big business?) is watching!
Cool! Amazing Toys.
Check out this site. They make an implant with GPS and Electronic Tag--to be implanted in humans. BBIW
Cool! Amazing Toys.
Ok, IMHO, you'd need 1)location-specific verifiable GPS coordinates and authentication at the continental level that the GPS co-ords weren't being intercepted, like in Tomorrow Never Dies (bullshit premise, but technically possible) 2)biometric verification through three verifiable vectors (voice, galvanic skin potential and retina)of the meat puppet accessing the tek. Of course, this also means that no two people could use the same terminal unless profles were created and stored, and that the black helicopter guys (or Bill Gates) could instantly find you once jacked in.
cocaine encrypt president nuclear Saudi Echelon must die.
As people have said, you need: - some hardware giving a location you can't tamper with. Even a phone number can be enough to identifty a location (beware of forwarding, though). - something that is attached to the person and that can't be used remotely (eg: you can't use voice-recognition because it's easy to transport sound). Fingerprints/retina scan comes to mind. - make them interract somehow to prove they are together.
____________________
Ni!
Starting to sound a bit like the mark of the beast eh? I have this bad feeling some Linux user is the AntiChrist...and I always thought it was Bill Gates..
Well, I think the question was about being able to prove your physical location, not to have automatic tracking of physical location. (Compare: sites can verify your e-mail address by sending you a message and having you acknowledge its receipt, but they don't know your e-mail address unless you tell them.)
BTW, I have an easy way to accomplish this. You know how the Pentium III had a built-in ID number that it could give out? (Fortunately, this never took off in popularity.) I'm not sure if the P4 dropped this or not. But maybe they can make a P5 with a built-in GPS, and it can send that out everywhere! ;-)
SUWAIN: Slashdot User Without An Interesting Name
SUWAIN: Slashdot User Without An Interesting Name
how about publicly available booths, like phone booths, where you can plug in a floppy (or whatever), get your GPS location with a timestamp. A lot of thought would have to go into a way of ensuring, to a satisfiable degree, that it was actually you, that retrieved the GeoKey from the GeoKey Booth (tm) ;-)
It seems a clumsy way, but geographical authentication is hard. It's a weird concept, which I'm not sure that I like at all...
Any technology distinguishable from magic, is insufficiently advanced.
Of course, if you created a global database of DNA you could eventually find the other 1 in 100,000 (or whatever) that share your DNA, but that's still quite good authentication.
It would also solve the flat battery problem: eat a banana.
Powered by onion juice.
I believe sometime early this year, or last year the US government turned off the clock variation in the satilites that makes it impossible to pinpoint your location without advance knowledge of which satilites clock was off and by how much
Ahh here is the link to the /. story
As x approaches total apathy I couldn't care less.
And, more importantly, China could block packets from the United States. France could block packets from England. Iran could . . . hell, you get the idea.
But even without GPS, the geographic features designed into the addressing scheme of IPv6 will already make this sort of thing inevitable. While anything can be spoofed, for the most part, the days of no "border control" on the Internet are pretty near over. And it saddens me.
CEE5210S The signal SIGHUP was received.
911 Calls. Makes it much easier for the dispatcher to route an ambulance/cruiser/firetruck to where the old lady is having a cardiac/being mugged/burning to a crisp.
Thing is... you can usually track down a cellphone to within 3km Diameter anyway... I cant imagine the price overhead...
--- LOTR!!!
Even mobile communication is based on physical devices in known physical locations. If you connect through a cellular or PCS or similar system then the system in the tower knows to with in a few hundred meters exactly where you are. If you connect through a phone line then the phone company database can locate you to within a few dozen meters. This is how 911 systems work in the US. People seem to forget that at some point your Internet traffic leaves the backbone and gets routed to a single logical circuit with a known physical source and destination. The location finding ability of these systems is based on a trusted third party, the last mile transport provider, and can't be easily spoofed by any end user. Sure, you could tap into your neighbors phone lines or use a stolen PCS connection. But, you would still be locatable within a few meters of your actual physical location. Which is good enough to control access to services.
stonewolf
I'll admit right off the bat that "where" could be indicative of "who". If you saw something coming from California or Newfoundland you could bet it was not me. But it doesn't say anything about wether or not it really is you. Those most likely to steal an identity, are not the random person in San Diego or St. John's but someone who knows you well. It's your coworker in the next office, it's your brother who you live with. About all you can do with GPS technology is to tell me which keyboard in question things came from, but that says nothing about what's between the keyboard and the chair. The first rule of computer security applys with authentication, "The Biggest Security Risk is the user". Until you can phsyically implant the authentication device inside the user AND make it unhackable (an impossibility), there's no guarentees. Because I can just coach someone elese to provide the responses. I remember one quip I heard once while having some stuff tested at Fort Hauchuca in Arizona... "Colonel, that machine is secure" "Son, that machine is only secure if you remove all cables from the CPU, encase it in cement and sit a man with a gun on top of it, and even then I'd worry." same applys with authentication.
Even if this were possible, think of all the potential privacy and legal implications.
If such a system were in existance, the government would be able to monitor the location of anyone they desired at any time. Granted, the government would likely have to go through the normal legal procedures such as getting a warrant for such a "search," but this would be an extremely powerful new tool.
Also, while "proving" your location by such a system could be helpful in a circumstance where you are accused of being somewhere that you were not (your location is critical component of whether you are guilty of a crime, etc.), what happens if your location is faked and you want to challange the "proof" of your location? Where is the presumption of truth in the offer of proof?
Is there a presumption of truth when you assert the "proof" of your location, but when the "proof" is used against you, it is presumed untrue?
Instead of creating a means by which you can "prove" your location at a particular time, such a system as you propose would force the resolution of new legal issues of both a technical and procedural nature by a judge and/or jury that is likely not technically savy. And as I previously mentioned, do we really want to give the government yet another method by which to monitor our every move?
a) I (using my computer) place a telephone call to a local trusted third-party service
b) the third-pary service sends me a timestamp encrypted with their private key
c) my computer encrypts their timestamp with my own private key and sends it back
d) the third party service returns a token containing the twice-encrypted timestamp and my phone number (obtained from caller ID), encrypted using their private key; refuses to handle calls from non-local or mobile phones (based on knowing local telephone exchanges)
e) I send this token in a message to Big Brother; he decrypts the token using the third-party's public key and my public key. Voila! proof that I (or at least my private key) was at a specific phone (and so, presumably, at a particular address) at a specific time.
Drawbacks:
a) spoofing caller-ID; I have no idea what's possible here.
b) you know where my computer was, but not necessarily where I was. I can't see any way of linking my physical presence to the computer's location that doesn't involve trusting me. But you know at least that it's not someone pretending to be me.
It's supposed to be completely automatic, but actually you have to press this button.
I can dial into Mindspring from anywhere there is a Sprint PCS presence from my pDQ Smartphone. The POP that I dial into is located in Atlanta, but I could be just about anywhere in the US, or anywhere else in the world that might support my phone. For all anyone could tell, however, I would be in Atlanta.
If you can't beat them, embrace and extend them.
Nope.
What Heisenberg siad was that you could not simultaneously determine the position and momentum of a object, which also translates to the energy and time.
xp = xmv = x^2mt^-1
Et = mv^2t = mx^2t^-1
Besides which, given that this is related to h-bar, the uncertainty that you are talking about in regards to something as massive as a person is miniscule. Unless your vision is really bad, do you really see people as a blurry as they walk across the room?
If you can't beat them, embrace and extend them.
Unfortunately, this is susceptible to fake GPS info from simulators. The only real way is to walk into a notary with a passport. The current electronic ways can be faked.
An alternative would be to use the mobile telephone system, where you can be tracked by basestation. We can never be sure that it is really you on the end of the line but again I could have a fingerprint sensor built into the phone (also solves the problems with PINs). If we use existing GSM etchnology with better encryption, we could have the SIM card release the IMSI (serial no) on fingerprint recodinition and send it using public-key encryption to the net (currently GSM uses secret-key stuff), the net provider would then parcel the thing up with a lat and long of the base station together with the time, cryptographically sign the whole thing so I end up with a signed identity with a location and a date and time.
It could work, but it needs some major changes of the mobile net specifications.
See my journal, I write things there
Unfortunately, this is susceptible to fake GPS info from simulators. The only real way is to walk into a notary with a passport. The current electronic ways can be faked.
An alternative would be to use the mobile telephone system, where you can be tracked by basestation. We can never be sure that it is really you on the end of the line but again I could have a fingerprint sensor built into the phone (also solves the problems with PINs). If we use existing GSM etchnology with better encryption, we could have the SIM card release the IMSI (serial no) on fingerprint recodinition and send it using public-key encryption to the net (currently GSM uses secret-key stuff), the net provider would then parcel the thing up with a lat and long of the base station together with the time, cryptographically sign the whole thing so I end up with a signed identity with a location and a date and time.
It could work, but it needs some major changes of the mobile net specifications.
See my journal, I write things there
How about a system that doesn't continuously track my location, but will securely identify me at a time and place.
If all I want is an alibi, then what I need is a trusted device that can accept my digital signature and generate an ID and timestamp unique to the location.
Suppose I was at Sharkies bar. I could go to the "Location Verification Kiosk"(which might also serve as a public telephone) and for a $1.00 fee it will accept my digital signature (from my PDA) and generate a digital time/location stamp placed in my PDA. For an additional $1.00 it will print a paper receipt with bar code so I can show my wife (or parole officer.)
Of course you'd need to be moderately paranoid of being framed of a crime, or under suspicion to need such a service.
=Shreak
People have no sight... Spoofing isn't the only problem to worry about.. You also will have proxies no matter what method of tracking you use. Besides that, wether hardware of software, it can and will be hacked! Just Ask the DVD-CCA.
"There's a party," she said,
"We'll sing and we'll dance,
It's come as you are."
People have a tendency to jump to nice hi-tech solutions immediately without building them up from root cause. In this case we have Object A requiring information from object B through channel c. Object A requires 2 things 1) object B's location 2) object B's identity. We shall assume that channel c is insecure ... that is A does not have complete control over it. This is way before we even think of encryption as a means to solve this problem. So how would we do this IR? Assuming A and B are people, A could visually (means) verify both B's location and identity. Is this an instance of secure information transfer through an insecure channel (or can this be spoofed)? No, as David Copperfield has shown on numerous occasions. So what should we do to tie down the elusive Mr. Copperfield? We could take blood from him and DNA test it against a sample we "know" to be his. Now take for granted we really do have a known sample of his blood (equivalent to "knowing" you have securely exchanged keys) is this secure? Again no, Gattica people! But it is pretty good (we would have to say good enough ... remember no verification is really un-spoofable). Ok so keeping in mind that no verification of B can actually take place at B's location or under B's control (automatically invalidates a secure transfer) what can B actually give A as verification. The best I can come up with for identity is an encrypted retinal and finger print scan through standard encryption methods. This could be enhanced by also requiring a topological print of the eye (pressure with-in the eye varies such that the likely hood of two topological maps being identical is nearly impossible) so that each verification requires a unique map. Physical location is much harder (actually impossible) since there really is NOTHING about it that is unique. Your X,Y,Z,t co-ordinates in the universe mean nothing without an arbitrary reference point which means that there is no real (as opposed to pseudo or relational) information that exists about it. The best I can offer is an encrypted GPS signal from your retinal scanner ... of course this invalidates the rule that verification cannot occur at your location (you control the box and A cannot independently verify what it receives from B)
NB I realised i jumped to a tech solution at the end without really running the logic but the first bit is really just something to think about
Why wouldn't you combine the GPS and digital Signature ideas. You would only want to send your geographical location as proof of you requesting to do something so why can't you when you request this, also put in a little password. If the password is right you can assume you and your computer at the same physical location which is whatever the GPS system says. Alternatively I am sure you could find yourself a small enough GPS you could have surgical implanted somewhere and if you are a little lacking in one particular area.. well......
Yes, SA was turned off toward the beginning of the year. No, not all GPS devices have the same accuracy.
The accuracy of the GPS system itself, based on a few samples of a stationary receiver, puts you within about a meter of your "actual" location (lat+lon; altitude is much less accurate).
The error in such a measurement can be further reduced by taking multiple measurements over time. The more readings and the longer the time, the more accurate the measurement.
To put it more "relevantly," stationary objects are much easier to locate than mobile ones, and the faster you move, the less accurate the measurement of your location. Unfortunately for most handheld receivers it's not very reasonable to expect them to be stationary. From a handheld, you can reasonably expect to get 1-5m of accuracy, which is more than enough for most people. Strap the same receiver to a cruise missile, and you'll be lucky to detonate it in the same desert as the deep underground, must-be-within-a-meter-to-destroy enemy bunker you're trying to blow up.
Consequently, GPS is really only used as a starting position for most high-accuracy systems. High-velocity mobile systems (including in-car navigation) use GPS to determine position when vehicle is stationary, and a combination of GPS, instrumentation and intertial nav to keep track of the position of the vehicle. Stationary measurements and networked slowly-moving mobile devices (handhelds, ships, etc.) use differential GPS (DGPS) whereby a trusted, known point receiver tracks the same satellite information as the mobile unit. The stationary unit can then determine the error in the satellite signals and use this data to correct the error seen by the mobile units.
PLUS, you can track many more than 4 satellites, and reduce your error more, but that's a whole different post....
This can be accomplished via digital signatures, timestamps, and biometrics.
1) The GPS data coming off the satelites must be digitally signed by a certificate from a publicly verifiable CA. This allows our GPS reciever to know that it's not being spoofed.
2) Next we need a way to bind the user to the GPS reciever, this can be accomplished by your favorite biometric (thumbprint, retinal scan, etc ).
3) We also need to verify "when" so we need a timestamp from a trusted Timestamp service.
Finally we need a way to tie all of these inputs together. We can use a "black box" that takes each of these three pieces as inputs ( in hardware, the destructively tamperproof box would contain the gps reciever, biometric input, and its own cert. ) and digitally signs them using it's (the blackbox's) certificate. This certificate would be verifiable up to a public CA aswell. You then package all of this data up and send it to whomever cares to parse/verify it.
The verifing party checks the digital signature from the blackbox, checks the timestamp & its associated digital signature, checks the gps vectors, and their signatures, and finally verifys your biometric identification agianst, a trusted database of bioIDs. ( or for those paranoid people out there, you could also obtain a copy of the biometric data yourself during a face to face meeting for future verifications.
I just came accross this site (www.quova.com) that works on the concept of locating users by IP addresses. They have also gone ahead for patents. What's your comment on their business mode? How accurate their business model is? Will they succeed that is will their info be accurate since u said it is not possible to make accurate prediction. But this method does solve the privacy issue.
As I am reading this thread, I just returned from a job interview at a company that manufactures GPS receiver chips and learned that a new FCC regulation will require all new mobile phones released on the market starting in January 2001 to have onboard GPS.
The interviewer would not go into details as to which purpose the FCC hopes to achieve (find wounded hunters lost in the middle of nowhere in an emergency situation, or make localization of mobile-savvy criminals easier) but it sure looks like Big Brother is watching us.
Correct me if i'm wrong but current handhelp GPS technology does not allow you to determine your exact position due to military restrictions. This is accomplished by not giving the real algorithm that the GPS satelites run off of but a inexact version thereof.
:)
No problem. It's not a different algorithm, but not giving an exact timing. It was called SA (Selective Availibity) and it basiclly made the time recieved from the sats a bit random. Seeing as the sats/reciever depend on timing to get position, IIRC, you had up to 100m epe (estimated position error) on a civilian gps unit. Two ways to bypass this: Get a differintal GPS, basicly two recievers in one unit, and average your location, so to speak. Or get the encrypted miliary band, via military reciever, which broadcasts the corrections to cancel out SA.
BTW, SA has been off for the better part of this year, so my handheld garmin gets accuracy near that of a military handheld unit. Thou differential units found in aircraft are still more accurate.
bash: ispell: command not found
This sig left intentionally blank.
Such a situation needs to be safe not only against spoofs, but also permit the owner to prove that he didn't do a spoof himself.
Let's say that I'm accused of an armed robbery which occured while I'm on a hunting trip (this really happened to a friend of mine). To have a system intended to prove my location which were usable as a defense, it would have to be proof against my own spoofing.
As a result, it would be more effective to have a system with two-way communication (thus utterly unlike GPS) which permits a user to request that their position and some arbitrary data (eg. biometrics, signed by the user's key, recovered from the user to demonstrate that they're with their equipment) be returned with the digital signature of the verifying service. Such a token would demonstrate the position of my equipment (via the reading) and my presence (via the biometrics... yeah, I know this is shaky... I hate biometrics too). A timestamp should also go inside the service-verified info.
Though I haven't had 'nuff sleep lately to really think something like this through seriously, that should work. Main issues is that it requires two-way communication, and a replacement of the current GPS system (perhaps w/ towers doing triangulation if it only needs to be used inside a fairly small area; otherwise larger/heavier/more expensive equipment is needed).
I am most definatley NOT talking about a proof of location that is broadcast without user control. I'm talking about a voluntary "location signature" type technology. (For example I do not have to use digital signatures at all times and I can produce an "anonymous" one as needed to hide my own identity.)
I've also had the suggestion from someone else in the office that a third party signature of time stamps would be handy. For example, instead of having certified postal mail sent back to myself to prove my patent is pre-dated, perhaps there could be a way to get a third party time stamp included in my digital signature.
Just more fun thoughts. :)
---
Don Rude - AKA - RudeDude
RudeDude
Perl/Linux/PHP hacker
...for Jon Katz's ICBM coordinates.
--
Xenu loves you!
I know of a bank that once looked at a GPS based security system. The problem was that different countries have different laws on data protection, so it was important that the laptops of it's employees couldn't do certain things (or release certain informatiom) in countries with restrictive (or 'good' as I think of it) data protection laws. Such as the UK.
:-)
So, the laptops were fitted with PCMCIA GPS cards, and these were integrated with some of the apps on the laptops. The employee couldn't access some things if they were in the wrong country.
I'm not sure if the project was ever widely released or seen as practical. Obviously it relies on not being able to hack the GPS card, and not getting administrator/root access to the machine.
GPS, fun as it is, is limited. The GPS system is passive and cannot determine the location of GPS devices - unlike, say, the mobile GSM system that CAN determine where mobile phone devices are. Rather, the GPS receiver devices can determine the location of the GPS satellites, and then compute their own location from that data. That makes it rather less useful for proving the location of a GPS receiver.
Also, in my experience of GPS, which is quite good, it is utterly useless at determining altitude. But maybe I've been unlucky with handsets
-----
Okay, each location that has to be able to authenticate you can combine a GPS with biometric security & an atomic-clock-syncronized timestamp. You put whatever bodypart needs to be authenticated (or multiple ones), the thing recognizes you. Then it checks the GPS location & combines that with the verified time. Voila. The information can then be transmitted security to wherever it needs to be via encrypted means.
A simple solution might be the following. The GPS satellites each send out their own version of the time, and the GPS receiver compares this to its time to determine its position relative to the satellites. What you could do is have each satellite periodically (once a minute?) send their time with a digital signature. You can then use the GPS company's public key to demonstrate that you have data from a GPS unit that was at a given location at a given time. Of course as the previous poster pointed out, you still have to prove that you were also at the same location as the GPS unit.
JET Program: see Japan, meet intere
Currently they can't do it for fear of being sued in areas where gambling is illegal.
why should they be afraid? There has been numerous cases where people in countries that don't have any anti-cracking laws couldn't be touched by US laws for crimes they committed in the US...why should it be different the other way around?
Gambling is legal in North America..the only catch I can see is making sure that the gambler is 18 (or 21 or what ever).
The basic sleazeware produced in a drunken fury by a bunch of UCBerkeley grad students was still the core of BIND. --PV
..I believe IP allocation is to a certain extent on a regional basis, so it shoulkd be possible to prove that at least you are on the right continent.
Similarly ISPs are allocated a pool of IP addresses, so when you connect it is highly probable you can be located down to country or even local level, unless you indulge in a little spoofing.
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
The author mentioned timestamps, but timestamps have all of the same problems GPS data have.
When you create a signature with a timestamp, where does the time come from? If you're using only software, the timestamp is probably coming from the operating system, which thinks the time is whatever you tell it it is. It's not especially hard to generate an incorrect timestamp.
So in both cases we have to rely on trusted hardware, which is always a tricky thing. Even if I have a hardware device which includes a clock as well as the ability to store keys and generate timestamps, I still have to trust that all of the code involved is bug-free and the clock is correct. And it's easy to make sure the clock is correct only if you assume a few different parties can be trusted.
So sure, you can make a GPS receiver that signs and timestamps its data. But you have to trust everything inside the box, you have to trust the people who created the firmware, and you have to trust that the box can't be modified. Even the most secure hardware devices are subject to attacks. And this doesn't even address the question of where the GPS signal itself might bve coming from...
/* The beatings will continue until morale improves. */
I believe this is the proper way to do it in a military setting where you can serialize each device, hand create and install encrpytion and authentication keys. It's not entirely useful in the general sense because after you sell a million trusted GPS devices people could start doing fraudulent things like buying two, leaving one in a particular place, having their friend read the numbers off of it to you over the phone and then let you report that you're in a place where you're not. Plus you still have to hand create each GPS reciever to keep it trusted..
I'm thinking that it would be partially realtime though. Like this. Billy claims he is at 40NX105W and send you a stream of bits sent to him by a set of satellites. Susie examines his signature and believes that he is Billy then she examines the data and it looks like he really is where he says. To be positive Susie talks to the set of satellites Billy is in contact with and causes them to send random tokens in a random order and since she knows the order and his location she can tell what order he should recieve them in. Then Billy has some small number of milliseconds to report the series of bits he sees in the correct order to verify his location, if he has too much time he could be in a different location, recieve all the streams, reassemble them as they should be and then transmit them back so we're talking about very very small timing tolerences. Maybe you need anonymous satellites to do this.. Right now GPS knows which satellites it is talking to and can tell the difference between them.
This is my signature. There are many signatures like it but this one is mine..
So if you sent the actual data you recieve from the satillites to you whoever you want to prove to, then all that is required is that the stream from the sattilite is signed and you know the public key of the GPS satillite.
:-P
However, this does not prevent some one who is at one location sending the stream he recieves to an intermediary at a different location who will then authenticate with the first (fake) location.
There could also be a sort of small scale distributed location finding algorithim. If you have a large group of people with transmitter/receiver pairs within some distance (dependant on transmit/recieve power), you could have everyone triangulate on each other. The more people you have in your system, the more compromised units you'd have to have before you'd get spoofed results. Of course you could never be sure that the location data hasn't been spoofed, but given enough people, you could have some high confidence probability in the result. If you have a high enough density of people, you could spred the network of transmitter/recivers across the entire planet.
Now what do you folks think, should I get a patent on this?
Quando Omni Flunkus Moritati
Here I am, in front of the Eiffel tower, holding a newspaper that says "Bush Wins!"...
Of course, this is almost what Stoll did in "The Cuckoo's Egg". He measured network delays of the intruder and found the distance to the intruder. Unfortunately, he decided it was impossibly far and something was wrong with his measurement. It turned out that the actual location, Germany, was that distance away.
Singapore has had this for a while. very tech stuff. UK govt is sponsoring research into a GPS type system that would allow them to monitors cars positions and speeds.
~ppppppppö
As Fiber To The Curb becomes more readily available, and our bandwidth is a "given" just like the phone and electrical lines, we'll be able to roughly pinpoint locations easier.
The edge device you connect to to access the 'Net will be registered with the Feds (this is only a matter of time). Knowing how long it takes light to travel to the closest fiber-to-copper demarc point by your house, it will be easy for the edge device and/or your PC to spit out some numbers showing what will essentially be a ping time delay. Knowing that Registered Router X serves the geographic area of Y, and you are 2.003ms away from Router X, then you must be 1.22 miles from the router. The fiber run you are on goes down Big Brother Ave, so you're 1.22 miles from the end of Big Brother Ave.
It's not a pin-pointer, but it proves that you're not on the other side of the world impersonating yourself...
-This sig intentionally left blank
Correct me if i'm wrong but current handhelp GPS technology does not allow you to determine your exact position due to military restrictions.
:) The inaccuracy factor in the GPS system was recently disables. ALL GPS units (within their own design limitations) are now equally accurate.
You're wrong
-This sig intentionally left blank
First, your digital signature doesn't prove anything about who you are. Rather, the people you communicate with trust that it identifies you, and trust is antithetical to proof.
As a for-instance, I've been doing a lot of transatlantic communications lately with a fellow named Roger [last name deleted]. At least, he says his name is Roger... but since I've never met him, I haven't been able to verify his identity by examining his passport, his driver's license, etc. So I just have a voice to identify, and that voice is self-identified as Roger, which is no identification at all.
Roger and I exchanged OpenPGP keys. His OpenPGP key identifies him as "Roger John Laurence [last name deleted]". But I still didn't know if this was really him or not, so we talked voice. After verifying that it was the same voice I'd talked to earlier, and he doing the same (a process no more complex than "Hey, Roger?" "Yeah, mate?"), we exchanged SHA-1 hashes of our OpenPGP keys and verified we'd received each other's keys successfully.
We still haven't verified anything.
For all I know, Roger has given a copy of his OpenPGP key and passphrase to another person, and all of my email is coming from this third person who's not Roger. And for all Roger knows, I've done the exact same thing.
Signatures can only verify identity in the case of two parties who trust each other. Trust is antithetical to proof; therefore, it's hard to say "digital signatures prove identities". They don't. They make it easier to trust, but that's not the same as proof.
Insofar as this GPS verification scheme--good luck. The likelihood of a system being subverted increases with the square of the number of people involved. How does the trusted third party ensure that both parties are reporting their location honestly? If I'm really in Cedar Rapids, Iowa (42N 42W--Cedar Rapids is the closest city I could find to the Magical Location of Life, the Universe and Everything), I can have a conspirator in Quito, Ecuador (0N, approx 55W). When the third party tells me, "Okay, verify your location according to this protocol," I can have my conspirator in Quito perform the protocol and send the result back to me; then I send the result on to Trent, the trusted arbitrator.
How is Trent to know that I've done a man-in-the-middle attack against his system? Well, it's possible that this system can be patched up to solve the man-in-the-middle problem. But those patches will themselves have attacks against them, and the entire situation quickly devolves from there.
Crypto works well with communicants who (a) want to talk to each other and (b) trust each other to apply a protocol properly. Once you take away either assumption, most crypto falls flat on its face.
Further, even if you could somehow tie your position and identity together, a GPS Constellation simulator only costs about $250,000 USD. If it was really important to generate a fake, that's really not too high a price.
I work in the GPS business and would be interested in pursuing this a little further. If anyone has any bright ideas, let's throw a prototype together.
Nope. The satellite can be sure of Bob's location if he signs a reply to its message and sends it "instantly". Then only somebody with his key could be in France.
BUT... he could leave a copy of his key in France. And at this point you're right, and that is the killer for my original suggestion. Protocols which relly on secret information are broken if one of the parties doesn't want to keep it secret! We can't trust Bob not to duplicate his identity, unless his "location key" is embedded in a closed box, which is designed to self destruct if anyone breaks the seal :)
Now of course, the perfect self destructing locked box is non-existent. However, you can do pretty well with pre-written EEPROMs inside a microcontroller. Beaking one of those open and reading it would be a pain and a half; add a few anti-tamper measures, and it gets really evil. If you were completely paranoid, you could add an "expiry date" so that you needed a new chip each month.
Maybe I shouldn't be saying any of this, because I can think of many more evil applications of this technology than good ones.
Fixing copyright
I don't like the idea of this. Just think about it...as an earlier poster commented, it becomes possible for say France to block certain Englishmen, or Afghanistan to block Russians. The wonderful thing about the net is anonymity, and once we decide to give our exact location every time we get on a web site, that is totally lost.
I'd rather keep it so that no one really knows where I'm from online, unless I tell them (and don't lie).
First of all, to clarify: no, Quova can NOT _pinpoint_ users in real time. They have catalogued IP addresses and correlated them with locations. If your IP is not static, or has changed since their cataloguing (sp?), their data is meaningless. Same for dial-up users, who will all appear to be in the same place (wherever the server is) even though they may be spread far and wide. Think AOL. A simple example: say I have an account with my ISP. I could be dialing in to the same number from home; or from a friend's house; or from across town; or from another state, for that matter, if I'm willing to pay long-distance charges; all of these would give an IP address that appears to be in the same location.
The main thrust of this problem is not just knowing where someone is generally, but using exact location for authentication/identification. You would need a way of verifying that the person/device is precisely where they claim to be. Knowing that a particular IP implies that they are in a certain city or even on a certain street means little in this context. Authentication requires much more precise, verifiable information than could be provided by Quova.
"This message is composed of 100% recycled electrons."
Imagine a system that can accept appointment requests for you and based on rules you specify, either accept, reject, or notify you of this appointment request. This sounds great, right: agent based appointment scheduling. Might save everyone a lot of time, etc.
Okay, pretend you want to build this system. If your agent wants to schedule you (or you do it yourself) for an appointment at 2:30 and you are currently engaged until about 2:15 it may only be a good idea to schedule this if the travel time is less than 15 minutes.
Now you could specify a "map" of your normal stomping grounds and the distances between some of them, and let the computer do the math, but this is limiting and requires "thought". If all the little networked devices involved in all this scheduling know thier co-ords (either stored, accessed from a database, or by GPS) the whole problem becomes easier. You enter some upper/lower bounds for travel times (over some set ranges) and the whole system becomes more more general.
Finally, one of the best reasons to have security and encryption is so people can prove they are who they say they are... If you build geographics into the authentication this may be useful but wouldn't it be easy to spoof the location? The input has to come from somewhere...
--8<--
--8<--
Correct me if i'm wrong but current handhelp GPS technology does not allow you to determine your exact position due to military restrictions. This is accomplished by not giving the real algorithm that the GPS satelites run off of but a inexact version thereof. If this is true then whoever controls the GPS sattelites(US govt. i think) could alter the signals to allow a direct data stream from a GPS unit to be identified as either a true or false stream using the real algorithm through some sort of authentication server. of course it would be really scary if any govt had control of this, but hey it might work
A blog about stuff.
I am no GPS guru, but I think I know enough to do some handwaving -
My understanding is that the GPS satellites transmit timing information, and the receivers use this information (from multiple satellites) to perform a triangulation computation, and to determine a location.
What you could do is have the satellites transmit a signature along with the timing information, and this could prove that the timing information could only have come from a GPS satellite.
This means that your receiver knows that it is receiving real GPS information - however, everyone else in your immediate vicinity also receives the same information. The receiver actually carries out the computation to determine a location, so therefore, you would need to have the receiver sign the computation - this proves that the output was computed by a legitimate process.
Then, you could sign the result with your private key - this would prove that you signed some location information.
To verify all of this, the client (who you are proving to) would verify that you signed the location information - then it could verify that the location was created by a trusted process, but verifying the signature. It could also verify the timing signals from the satellite, to verify that they were legitmate, and that your signed location information was generated within a recent period of time (to prevent a replay of older information).
How does that sound ? Other technologies - differential GPS may blur this, and perhaps a GPS guru could comment on the above.
-- Matthew - matthew.gream@pobox.com, http://matthewgream.net
Your detail is fine, but to protect against malicious users, the GPS data needs to be signed by the "GPS server" [1] to prevent the user from simply changing the GPS location data to another value. In this instance and MD5 isn't sufficient: the user could simply substitute the MD5 for another known value.
Oh, the GPS data will also need to be timestamped - this prevents replay attacks.
[1]Either the data from the satelite could be signed in some way I guess, or the GPS decoder could be a "trusted host".
"Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."
Here's the idea. I believe it's provable given a few assumptions; like Einstein was right, f'rinstance.
A network of satellites constantly transmit time-coded challenges.
The land based receiver grabs at least three of these challenges at the same time, combines them, signs them with the user's private key and sends them back up to the sky. By using the time difference and the speed of light, the receiving satellite can verify that the private key is within a certain distance from the receiving satellite. Verifying that the private key is the same place as the user is a bit more difficult, but we have to start somewhere.
The actual precision with which this method could pinpoint the user would depend upon the speed of computation.
If specialized hardware could perform the capture, signing and transmission in 10 microseconds, then the position of the signer could be pinpointed to within 3e8 * 1e-5 / 2 = 1.5 kilometers. (Speed of light in m/s times the number of seconds equals the time it would take to transmit the signal to somewere else and back)
Assumptions:
* User alone maintains control of their private key. (This is a biggie. A user could give the signing device to an accomplice and send them off somewhere. )
* Tamper proof, time-synchronized satellites (this is fairly safe now, but for how long?).
* No information travels faster than the speed of light in a vacuum. (I believe work has been done with connected quantum spins that already threatens this assumption.)
You can never equivocate too much.
The only way I can think of doing this is in undefeatably secure way would be to put up another GPS satellite system [or perhaps merely reprogram the current ones, if they can handle sensitive reception as well], in which the protocal would be:
A: Your device sends a authentication session request to the satellite network.
B: Several satellites in range [after coordinating with each other to ensure precise timing] send out a "packet" addressed specifically to your device.
C: Your device, upon recieving each packet, immediately sends out a response.
D: The satellites compare the time they recieved the response, and know where you are.
Basically, it's like being pinged from several locations at once. It's a reversal of the semantics of GPS itself. Current GPS works because each satellite is sending out time stamps continously, and your reciever compares the difference in local arrival time from the stamps sent at the same time. [This is because the speed of light is finite, and the satellites are at different distances from you].
You just need to reverse the process, sending back a ping, and have the satellites coordinate the difference in arrival time of the signal.
Come to think of it, a special device wouldn't really be necessary. Any transmission that can be intercepted by the sattelites could be sampled, and arrival time differences used to locate the source precisely. Hmmm.
I'd be willing to bet good money the government already has just such a capability.
---
man sig
---
the pen is mightier then the sword. the sword is mightier then the court. the court is mightier then the pen.
So there I was. Naked. In a refrigerator. With a potroast on my knees. Smokin a cigar. That's when it got REALLY weird.
...because the rest of us might finally understand where he's coming from :)
I'm not sure how read the question, but I started to think about the question "how can I prove after the event that I wasn't at the scene of a crime?"
Now at very first thinking various issues come up:
Data must be controlled by me - I don't want my location tracked by any third parties; I just want to be able to reveal/prove where I was at a certain time, at my instigation.
Maybe some kind of trusted third party injecting random but recorded bitstreams into the ether as radio waves at every gridpoint, and changing every minute or so.
There would need to be process and crytographic controls on this infrastructure.. might not be possible.
You would record the bitstreams on a pocket recorder or mobile phone device, and then you can say "look, the random code at this time and place was xxx".
Then there is the question of cheating... I just ask my friend who was there what the number was. So I guess I have to record the numbers on a "tamper proof" (see Secrets& Lies for why I put quotes around that) device like a Smart card, that only the "authorities" (whoever they are) can extract the information from.
There would need be a password protected scheme so I have to give my authorisation for a date-range of location data to be extracted as well. So I would have to trust this device, a lot more than I trust say Canivore.
Then what if know I'm going somewhere bad and I just give my card to a friend for a day or so. Not sure here.. maybe the device has to randomly demand some biometric data from me at random times.
Pretty interesting stuff.. gonna have to re-read Schneier's books (again). I recommend the section in Applied Cryptography that deals with protocols, for stuff along these lines.
I might put this up and work on it some more at my web site. Or I might not.
Well, quite - I'm sure you could use GPS and signatures to prove that a machine was in a location at the same time, but I could be using any form of remote access tools to talk to that machine.
The idea of using a trusted third party to validate people's locations, already mentioned here, would need an international standard to be agreed and would probably need to rely on fingerprints / retina scans et cetera to work, so probably not any time soon...
I'm a bit worried that people who don't want to prove that they are in a particular region (don't want their fingerprints on file, for example) will be denied various services, such as the latest encryption software.
"There's a party," she said,
"We'll sing and we'll dance,
It's come as you are."
Title of the paper is Location-Based Authentication: Grounding Cyberspace for Better Security
This idea is also explained in her book Information Warfare. The idea is using GPS signatures which are not forward-predictable. As other posters pointed out, that only proves the existence/access to GPS receiver located at some point and time not necessarily the presence of the *individual* there.
WakeTurbulence
Let's see.. the induction charger in my bed was working, so my battery is charged. When I step by the window, my phone chirped in my ear to tell me the GPS unit and the phone are working. I just need to polish the webcam lens in my forehead, and I'll be ready to step out in Public where I have nothing to hide. I sure am not going to be like that sap last week that couldn't prove that he wasn't at the bar robbery...
A simple hardware solution is not enough - the hardware needs to be permanently fixed to the same location as the person (i.e. physically embedded and all that that implies) and needs to be non-spoofable. Embedded solutions present the rather daunting prospect of spoofers removing the apparatus.... (Think Leila in Futurama and her job chip)
The only other way to achieve position guarantees would involve trusted 3rd parties (postion escrow anyone?) and we all know how much we trust those kinds of solutions! (Unless we are talking about people who are detained at the government's pleasure)
Of course then you'd have to deal with spoofing...
Errmm.... surely if his GPS data is encrypted with his private key then isn't that enough to "prove" that at least he believes that his GPS is with him?
The problem here is dealing with the GPS data. You basically have to prove that the data has come a GPS receiver that has been unmodified. There is nothing stopping me fixing the stream of GPS data to the application signing it, to make it look as though I was anywhere in the world. Therefore there are several areas you have to lock down to make sure that this data is authenticable:
1. The position determined by the GPS receiver is accurate, and can not be manipulated by somebody with a small transceiver nearby convincing the GPS receiver that you are located somewhere else. On a 3 or 4 satellite track, you may not be able to move youself very far, but in the US you could probably "cross" a state boundary, and in Europe you could probably mangle things around to move across country borders.
2. Once you can be sure that the data being received by the GPS receiver is genuine, you have to get it into the PC untampered. What's more, it has to make it all the way to being signed without being vulnerable to tampering at any point. If the longitude and latitude is stored somewhere in memory location 'X' just before being signed, I could conceivably tamper with it.
3. You then of course have to sign it, and then ensure that this mechanism is strong and that it can't be manipulated either at this stage or further along the transmission.
The problem really is that signing the location is the wrong approach - you have both your private and public key, and you can sign *ANYTHING* you want to authenticate it as belonging to you, but in actual fact, you need the GPS receiver to store the private/public pair and not divulge it to anybody else. How then, do you stop people tampering with the receiver?
Thinking about it, I think that may be the best approach - the GPS does the crypto internally, and you build measures to ensure that it can't be tampered with. Even then, you still have to make sure you're talking to a real GPS receiver etc. so challenge/response stuff may have to be added in. Nasty.
The SIM is your encrypted device. To activate it you need a PIN, which could be considered your digital signature and presto:
The location of Your SIM is trackable within a couple 100 yards or so.
The problem of course is, that the location is attached to the device. Nobody prevents you from sticking it under a car and pretend that you went all the way from Malmoe to Lissabon.
That's probably also the most tricky issue with your question:
How can you make a position dependant signature device independant, or at least (if you use a device) make it non-functional if you're not physically there.
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
Since GPS uses pseudo-random data streams, couldn't you prove your position at a particular time by somehow inserting the timestamp data from the four satellites you're talking to into the digital signature?
Or would that be easily faked?
I'm not a GPS expert, so I don't really know for certain.
-C
--
All opinions presented here aren't mine.
Errmm.... surely if his GPS data is encrypted with his private key then isn't that enough to "prove" that at least he believes that his GPS is with him?
The chain of trust is therefore:
At the end of this exchange, the receiver trusts that the owner believes s/he's in the position exchanged between them.
This doesn't cover the case that the authentic Owner is trying to spoof his location, but I don't believe that was the question - which I read as "How can I prevent someone masquarading as me from a remote location at a given time?"
--
I'd rather have a bottle in front of me than a frontal lobotomy
even if you could prove that your GPS receiver was at position X at time T, how would you prove that YOU were also there? Unless it's implanted under your skin...
Of course, it really depends what you want to do. In Switzerland, devices are being installed into trucks which register position and time in order to collect road taxes. The device is attached to the vehicle and tampering with the fixing will probably get you a heavy fine.
Any technology which is distinguishable from magic is not sufficiently advanced.
Come on, this cant' be a serious idea. With the increase in mobile computing, you can't expect anyone to have his/her computer in a fixed place... Besides you can use a proxy that's not in the same location as you are, so that won't prove your identity either...
The internet gambling industry has been looking for something like this for quite a while. If people can prove they're inside physical areas that are allowed to gamble, suddenly internet gambling is wide open for companies like Harrah's and Caesar's to take on. Currently they can't do it for fear of being sued in areas where gambling is illegal.
The drawback: pr0n users in the bible belt would be suddenly unable to hit their favorite sites. Site operators would restrict content to areas where they could be certain of legalities.
And even worse, Amazon could now target prices based on the economy of your neighborhood.
What's your damage, Heather?
The simplest example would be an "authentication satellite", where Jane asks the satellite,
"is Bob really in France?"
If Bob knows the contents of the message, he's in France.
Of course, Bob could just have a tranceiver in France.... so.... quantum encrypt it in a single photon :). Single photon quantum encyption is nearly good enough for Earth-satellite links, IIRC.
None of this fixes the "problem" (is it really a bad thing?) mentioned elsewhere in this discussion, that physical devices and people are separable...
Fixing copyright
So we go from people complaining that new technology can be used to track them to complaining that new technology can't be used to track them.
--