Slashdot Mirror
Authentication Via Geographical Location?
RudeDude asks: "
While reading Cryptonomicon I became a bit paranoid about encryption and digital signatures but it has me thinking a bit as well.
I'm trying to visualize a way to prove my physical location in a cryptographically strong way and I can't think of one. My digital signature proves who I am, but wouldn't it be nice if I could also give proof of my physical location at a given time stamp?
I've thought of only a few things that would be very hardware dependent, etc. but what I really think would be cool would be something that is as strong as digital signatures. Some sort of GPS/MD5 signature that a third party could confirm so that it would be impossible to spoof my location. " This question has been asked a bit by people looking to restrict services to various countries, but currently one can't be sure if the IP a person is using is really the location from which the connection is being made. Would a system like the one described above be a possible answer?
"This is mostly just a thought experiment, but I am curious to see what other Slashdot readers could maybe dream up. In my opinion (and I'm sure many others as well) my current meatspace coordinates usually mean much less than my network 'location' does, but I can think of many times where proving my meatspace location could be just as important as proof of identity."
As I am reading this thread, I just returned from a job interview at a company that manufactures GPS receiver chips and learned that a new FCC regulation will require all new mobile phones released on the market starting in January 2001 to have onboard GPS.
The interviewer would not go into details as to which purpose the FCC hopes to achieve (find wounded hunters lost in the middle of nowhere in an emergency situation, or make localization of mobile-savvy criminals easier) but it sure looks like Big Brother is watching us.
Correct me if i'm wrong but current handhelp GPS technology does not allow you to determine your exact position due to military restrictions. This is accomplished by not giving the real algorithm that the GPS satelites run off of but a inexact version thereof.
:)
No problem. It's not a different algorithm, but not giving an exact timing. It was called SA (Selective Availibity) and it basiclly made the time recieved from the sats a bit random. Seeing as the sats/reciever depend on timing to get position, IIRC, you had up to 100m epe (estimated position error) on a civilian gps unit. Two ways to bypass this: Get a differintal GPS, basicly two recievers in one unit, and average your location, so to speak. Or get the encrypted miliary band, via military reciever, which broadcasts the corrections to cancel out SA.
BTW, SA has been off for the better part of this year, so my handheld garmin gets accuracy near that of a military handheld unit. Thou differential units found in aircraft are still more accurate.
bash: ispell: command not found
This sig left intentionally blank.
Such a situation needs to be safe not only against spoofs, but also permit the owner to prove that he didn't do a spoof himself.
Let's say that I'm accused of an armed robbery which occured while I'm on a hunting trip (this really happened to a friend of mine). To have a system intended to prove my location which were usable as a defense, it would have to be proof against my own spoofing.
As a result, it would be more effective to have a system with two-way communication (thus utterly unlike GPS) which permits a user to request that their position and some arbitrary data (eg. biometrics, signed by the user's key, recovered from the user to demonstrate that they're with their equipment) be returned with the digital signature of the verifying service. Such a token would demonstrate the position of my equipment (via the reading) and my presence (via the biometrics... yeah, I know this is shaky... I hate biometrics too). A timestamp should also go inside the service-verified info.
Though I haven't had 'nuff sleep lately to really think something like this through seriously, that should work. Main issues is that it requires two-way communication, and a replacement of the current GPS system (perhaps w/ towers doing triangulation if it only needs to be used inside a fairly small area; otherwise larger/heavier/more expensive equipment is needed).
I am most definatley NOT talking about a proof of location that is broadcast without user control. I'm talking about a voluntary "location signature" type technology. (For example I do not have to use digital signatures at all times and I can produce an "anonymous" one as needed to hide my own identity.)
I've also had the suggestion from someone else in the office that a third party signature of time stamps would be handy. For example, instead of having certified postal mail sent back to myself to prove my patent is pre-dated, perhaps there could be a way to get a third party time stamp included in my digital signature.
Just more fun thoughts. :)
---
Don Rude - AKA - RudeDude
RudeDude
Perl/Linux/PHP hacker
...for Jon Katz's ICBM coordinates.
--
Xenu loves you!
I know of a bank that once looked at a GPS based security system. The problem was that different countries have different laws on data protection, so it was important that the laptops of it's employees couldn't do certain things (or release certain informatiom) in countries with restrictive (or 'good' as I think of it) data protection laws. Such as the UK.
:-)
So, the laptops were fitted with PCMCIA GPS cards, and these were integrated with some of the apps on the laptops. The employee couldn't access some things if they were in the wrong country.
I'm not sure if the project was ever widely released or seen as practical. Obviously it relies on not being able to hack the GPS card, and not getting administrator/root access to the machine.
GPS, fun as it is, is limited. The GPS system is passive and cannot determine the location of GPS devices - unlike, say, the mobile GSM system that CAN determine where mobile phone devices are. Rather, the GPS receiver devices can determine the location of the GPS satellites, and then compute their own location from that data. That makes it rather less useful for proving the location of a GPS receiver.
Also, in my experience of GPS, which is quite good, it is utterly useless at determining altitude. But maybe I've been unlucky with handsets
-----
Okay, each location that has to be able to authenticate you can combine a GPS with biometric security & an atomic-clock-syncronized timestamp. You put whatever bodypart needs to be authenticated (or multiple ones), the thing recognizes you. Then it checks the GPS location & combines that with the verified time. Voila. The information can then be transmitted security to wherever it needs to be via encrypted means.
A simple solution might be the following. The GPS satellites each send out their own version of the time, and the GPS receiver compares this to its time to determine its position relative to the satellites. What you could do is have each satellite periodically (once a minute?) send their time with a digital signature. You can then use the GPS company's public key to demonstrate that you have data from a GPS unit that was at a given location at a given time. Of course as the previous poster pointed out, you still have to prove that you were also at the same location as the GPS unit.
JET Program: see Japan, meet intere
Currently they can't do it for fear of being sued in areas where gambling is illegal.
why should they be afraid? There has been numerous cases where people in countries that don't have any anti-cracking laws couldn't be touched by US laws for crimes they committed in the US...why should it be different the other way around?
Gambling is legal in North America..the only catch I can see is making sure that the gambler is 18 (or 21 or what ever).
The basic sleazeware produced in a drunken fury by a bunch of UCBerkeley grad students was still the core of BIND. --PV
..I believe IP allocation is to a certain extent on a regional basis, so it shoulkd be possible to prove that at least you are on the right continent.
Similarly ISPs are allocated a pool of IP addresses, so when you connect it is highly probable you can be located down to country or even local level, unless you indulge in a little spoofing.
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
The author mentioned timestamps, but timestamps have all of the same problems GPS data have.
When you create a signature with a timestamp, where does the time come from? If you're using only software, the timestamp is probably coming from the operating system, which thinks the time is whatever you tell it it is. It's not especially hard to generate an incorrect timestamp.
So in both cases we have to rely on trusted hardware, which is always a tricky thing. Even if I have a hardware device which includes a clock as well as the ability to store keys and generate timestamps, I still have to trust that all of the code involved is bug-free and the clock is correct. And it's easy to make sure the clock is correct only if you assume a few different parties can be trusted.
So sure, you can make a GPS receiver that signs and timestamps its data. But you have to trust everything inside the box, you have to trust the people who created the firmware, and you have to trust that the box can't be modified. Even the most secure hardware devices are subject to attacks. And this doesn't even address the question of where the GPS signal itself might bve coming from...
/* The beatings will continue until morale improves. */
I believe this is the proper way to do it in a military setting where you can serialize each device, hand create and install encrpytion and authentication keys. It's not entirely useful in the general sense because after you sell a million trusted GPS devices people could start doing fraudulent things like buying two, leaving one in a particular place, having their friend read the numbers off of it to you over the phone and then let you report that you're in a place where you're not. Plus you still have to hand create each GPS reciever to keep it trusted..
I'm thinking that it would be partially realtime though. Like this. Billy claims he is at 40NX105W and send you a stream of bits sent to him by a set of satellites. Susie examines his signature and believes that he is Billy then she examines the data and it looks like he really is where he says. To be positive Susie talks to the set of satellites Billy is in contact with and causes them to send random tokens in a random order and since she knows the order and his location she can tell what order he should recieve them in. Then Billy has some small number of milliseconds to report the series of bits he sees in the correct order to verify his location, if he has too much time he could be in a different location, recieve all the streams, reassemble them as they should be and then transmit them back so we're talking about very very small timing tolerences. Maybe you need anonymous satellites to do this.. Right now GPS knows which satellites it is talking to and can tell the difference between them.
This is my signature. There are many signatures like it but this one is mine..
How are you to know in advance that you're going to be framed for a crime, in order to use the services? Or are you gonna dole out $32 a day (say every 15 mins, 8 hours a day) on the chance that someone might in the future?
Open Source. Closed Minds. We are Slashdot.
So if you sent the actual data you recieve from the satillites to you whoever you want to prove to, then all that is required is that the stream from the sattilite is signed and you know the public key of the GPS satillite.
:-P
However, this does not prevent some one who is at one location sending the stream he recieves to an intermediary at a different location who will then authenticate with the first (fake) location.
There could also be a sort of small scale distributed location finding algorithim. If you have a large group of people with transmitter/receiver pairs within some distance (dependant on transmit/recieve power), you could have everyone triangulate on each other. The more people you have in your system, the more compromised units you'd have to have before you'd get spoofed results. Of course you could never be sure that the location data hasn't been spoofed, but given enough people, you could have some high confidence probability in the result. If you have a high enough density of people, you could spred the network of transmitter/recivers across the entire planet.
Now what do you folks think, should I get a patent on this?
Quando Omni Flunkus Moritati
Here I am, in front of the Eiffel tower, holding a newspaper that says "Bush Wins!"...
I invite you to the Geographical Anonymizer Project, where people are streaming their timestamped NMEA data. Pick and choose from data over the past four weeks...and if you want to participate, note that you can delay the delivery of your data by up to two hours, so others know where you were two hours ago but not now; the software in your unit will only report data from areas you designate, so you can have it turn off before you get near home.
Of course, this is almost what Stoll did in "The Cuckoo's Egg". He measured network delays of the intruder and found the distance to the intruder. Unfortunately, he decided it was impossibly far and something was wrong with his measurement. It turned out that the actual location, Germany, was that distance away.
A GPS antenna is significantly larger.
Singapore has had this for a while. very tech stuff. UK govt is sponsoring research into a GPS type system that would allow them to monitors cars positions and speeds.
~ppppppppö
As Fiber To The Curb becomes more readily available, and our bandwidth is a "given" just like the phone and electrical lines, we'll be able to roughly pinpoint locations easier.
The edge device you connect to to access the 'Net will be registered with the Feds (this is only a matter of time). Knowing how long it takes light to travel to the closest fiber-to-copper demarc point by your house, it will be easy for the edge device and/or your PC to spit out some numbers showing what will essentially be a ping time delay. Knowing that Registered Router X serves the geographic area of Y, and you are 2.003ms away from Router X, then you must be 1.22 miles from the router. The fiber run you are on goes down Big Brother Ave, so you're 1.22 miles from the end of Big Brother Ave.
It's not a pin-pointer, but it proves that you're not on the other side of the world impersonating yourself...
-This sig intentionally left blank
Correct me if i'm wrong but current handhelp GPS technology does not allow you to determine your exact position due to military restrictions.
:) The inaccuracy factor in the GPS system was recently disables. ALL GPS units (within their own design limitations) are now equally accurate.
You're wrong
-This sig intentionally left blank
First, your digital signature doesn't prove anything about who you are. Rather, the people you communicate with trust that it identifies you, and trust is antithetical to proof.
As a for-instance, I've been doing a lot of transatlantic communications lately with a fellow named Roger [last name deleted]. At least, he says his name is Roger... but since I've never met him, I haven't been able to verify his identity by examining his passport, his driver's license, etc. So I just have a voice to identify, and that voice is self-identified as Roger, which is no identification at all.
Roger and I exchanged OpenPGP keys. His OpenPGP key identifies him as "Roger John Laurence [last name deleted]". But I still didn't know if this was really him or not, so we talked voice. After verifying that it was the same voice I'd talked to earlier, and he doing the same (a process no more complex than "Hey, Roger?" "Yeah, mate?"), we exchanged SHA-1 hashes of our OpenPGP keys and verified we'd received each other's keys successfully.
We still haven't verified anything.
For all I know, Roger has given a copy of his OpenPGP key and passphrase to another person, and all of my email is coming from this third person who's not Roger. And for all Roger knows, I've done the exact same thing.
Signatures can only verify identity in the case of two parties who trust each other. Trust is antithetical to proof; therefore, it's hard to say "digital signatures prove identities". They don't. They make it easier to trust, but that's not the same as proof.
Insofar as this GPS verification scheme--good luck. The likelihood of a system being subverted increases with the square of the number of people involved. How does the trusted third party ensure that both parties are reporting their location honestly? If I'm really in Cedar Rapids, Iowa (42N 42W--Cedar Rapids is the closest city I could find to the Magical Location of Life, the Universe and Everything), I can have a conspirator in Quito, Ecuador (0N, approx 55W). When the third party tells me, "Okay, verify your location according to this protocol," I can have my conspirator in Quito perform the protocol and send the result back to me; then I send the result on to Trent, the trusted arbitrator.
How is Trent to know that I've done a man-in-the-middle attack against his system? Well, it's possible that this system can be patched up to solve the man-in-the-middle problem. But those patches will themselves have attacks against them, and the entire situation quickly devolves from there.
Crypto works well with communicants who (a) want to talk to each other and (b) trust each other to apply a protocol properly. Once you take away either assumption, most crypto falls flat on its face.
Further, even if you could somehow tie your position and identity together, a GPS Constellation simulator only costs about $250,000 USD. If it was really important to generate a fake, that's really not too high a price.
I work in the GPS business and would be interested in pursuing this a little further. If anyone has any bright ideas, let's throw a prototype together.
Nope. The satellite can be sure of Bob's location if he signs a reply to its message and sends it "instantly". Then only somebody with his key could be in France.
BUT... he could leave a copy of his key in France. And at this point you're right, and that is the killer for my original suggestion. Protocols which relly on secret information are broken if one of the parties doesn't want to keep it secret! We can't trust Bob not to duplicate his identity, unless his "location key" is embedded in a closed box, which is designed to self destruct if anyone breaks the seal :)
Now of course, the perfect self destructing locked box is non-existent. However, you can do pretty well with pre-written EEPROMs inside a microcontroller. Beaking one of those open and reading it would be a pain and a half; add a few anti-tamper measures, and it gets really evil. If you were completely paranoid, you could add an "expiry date" so that you needed a new chip each month.
Maybe I shouldn't be saying any of this, because I can think of many more evil applications of this technology than good ones.
Fixing copyright
I don't like the idea of this. Just think about it...as an earlier poster commented, it becomes possible for say France to block certain Englishmen, or Afghanistan to block Russians. The wonderful thing about the net is anonymity, and once we decide to give our exact location every time we get on a web site, that is totally lost.
I'd rather keep it so that no one really knows where I'm from online, unless I tell them (and don't lie).
First of all, to clarify: no, Quova can NOT _pinpoint_ users in real time. They have catalogued IP addresses and correlated them with locations. If your IP is not static, or has changed since their cataloguing (sp?), their data is meaningless. Same for dial-up users, who will all appear to be in the same place (wherever the server is) even though they may be spread far and wide. Think AOL. A simple example: say I have an account with my ISP. I could be dialing in to the same number from home; or from a friend's house; or from across town; or from another state, for that matter, if I'm willing to pay long-distance charges; all of these would give an IP address that appears to be in the same location.
The main thrust of this problem is not just knowing where someone is generally, but using exact location for authentication/identification. You would need a way of verifying that the person/device is precisely where they claim to be. Knowing that a particular IP implies that they are in a certain city or even on a certain street means little in this context. Authentication requires much more precise, verifiable information than could be provided by Quova.
"This message is composed of 100% recycled electrons."
Imagine a system that can accept appointment requests for you and based on rules you specify, either accept, reject, or notify you of this appointment request. This sounds great, right: agent based appointment scheduling. Might save everyone a lot of time, etc.
Okay, pretend you want to build this system. If your agent wants to schedule you (or you do it yourself) for an appointment at 2:30 and you are currently engaged until about 2:15 it may only be a good idea to schedule this if the travel time is less than 15 minutes.
Now you could specify a "map" of your normal stomping grounds and the distances between some of them, and let the computer do the math, but this is limiting and requires "thought". If all the little networked devices involved in all this scheduling know thier co-ords (either stored, accessed from a database, or by GPS) the whole problem becomes easier. You enter some upper/lower bounds for travel times (over some set ranges) and the whole system becomes more more general.
Finally, one of the best reasons to have security and encryption is so people can prove they are who they say they are... If you build geographics into the authentication this may be useful but wouldn't it be easy to spoof the location? The input has to come from somewhere...
--8<--
--8<--
Correct me if i'm wrong but current handhelp GPS technology does not allow you to determine your exact position due to military restrictions. This is accomplished by not giving the real algorithm that the GPS satelites run off of but a inexact version thereof. If this is true then whoever controls the GPS sattelites(US govt. i think) could alter the signals to allow a direct data stream from a GPS unit to be identified as either a true or false stream using the real algorithm through some sort of authentication server. of course it would be really scary if any govt had control of this, but hey it might work
A blog about stuff.
I am no GPS guru, but I think I know enough to do some handwaving -
My understanding is that the GPS satellites transmit timing information, and the receivers use this information (from multiple satellites) to perform a triangulation computation, and to determine a location.
What you could do is have the satellites transmit a signature along with the timing information, and this could prove that the timing information could only have come from a GPS satellite.
This means that your receiver knows that it is receiving real GPS information - however, everyone else in your immediate vicinity also receives the same information. The receiver actually carries out the computation to determine a location, so therefore, you would need to have the receiver sign the computation - this proves that the output was computed by a legitimate process.
Then, you could sign the result with your private key - this would prove that you signed some location information.
To verify all of this, the client (who you are proving to) would verify that you signed the location information - then it could verify that the location was created by a trusted process, but verifying the signature. It could also verify the timing signals from the satellite, to verify that they were legitmate, and that your signed location information was generated within a recent period of time (to prevent a replay of older information).
How does that sound ? Other technologies - differential GPS may blur this, and perhaps a GPS guru could comment on the above.
-- Matthew - matthew.gream@pobox.com, http://matthewgream.net
Your detail is fine, but to protect against malicious users, the GPS data needs to be signed by the "GPS server" [1] to prevent the user from simply changing the GPS location data to another value. In this instance and MD5 isn't sufficient: the user could simply substitute the MD5 for another known value.
Oh, the GPS data will also need to be timestamped - this prevents replay attacks.
[1]Either the data from the satelite could be signed in some way I guess, or the GPS decoder could be a "trusted host".
"Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."
Here's the idea. I believe it's provable given a few assumptions; like Einstein was right, f'rinstance.
A network of satellites constantly transmit time-coded challenges.
The land based receiver grabs at least three of these challenges at the same time, combines them, signs them with the user's private key and sends them back up to the sky. By using the time difference and the speed of light, the receiving satellite can verify that the private key is within a certain distance from the receiving satellite. Verifying that the private key is the same place as the user is a bit more difficult, but we have to start somewhere.
The actual precision with which this method could pinpoint the user would depend upon the speed of computation.
If specialized hardware could perform the capture, signing and transmission in 10 microseconds, then the position of the signer could be pinpointed to within 3e8 * 1e-5 / 2 = 1.5 kilometers. (Speed of light in m/s times the number of seconds equals the time it would take to transmit the signal to somewere else and back)
Assumptions:
* User alone maintains control of their private key. (This is a biggie. A user could give the signing device to an accomplice and send them off somewhere. )
* Tamper proof, time-synchronized satellites (this is fairly safe now, but for how long?).
* No information travels faster than the speed of light in a vacuum. (I believe work has been done with connected quantum spins that already threatens this assumption.)
You can never equivocate too much.
The only way I can think of doing this is in undefeatably secure way would be to put up another GPS satellite system [or perhaps merely reprogram the current ones, if they can handle sensitive reception as well], in which the protocal would be:
A: Your device sends a authentication session request to the satellite network.
B: Several satellites in range [after coordinating with each other to ensure precise timing] send out a "packet" addressed specifically to your device.
C: Your device, upon recieving each packet, immediately sends out a response.
D: The satellites compare the time they recieved the response, and know where you are.
Basically, it's like being pinged from several locations at once. It's a reversal of the semantics of GPS itself. Current GPS works because each satellite is sending out time stamps continously, and your reciever compares the difference in local arrival time from the stamps sent at the same time. [This is because the speed of light is finite, and the satellites are at different distances from you].
You just need to reverse the process, sending back a ping, and have the satellites coordinate the difference in arrival time of the signal.
Come to think of it, a special device wouldn't really be necessary. Any transmission that can be intercepted by the sattelites could be sampled, and arrival time differences used to locate the source precisely. Hmmm.
I'd be willing to bet good money the government already has just such a capability.
---
man sig
---
the pen is mightier then the sword. the sword is mightier then the court. the court is mightier then the pen.
So there I was. Naked. In a refrigerator. With a potroast on my knees. Smokin a cigar. That's when it got REALLY weird.
...because the rest of us might finally understand where he's coming from :)
I'm not sure how read the question, but I started to think about the question "how can I prove after the event that I wasn't at the scene of a crime?"
Now at very first thinking various issues come up:
Data must be controlled by me - I don't want my location tracked by any third parties; I just want to be able to reveal/prove where I was at a certain time, at my instigation.
Maybe some kind of trusted third party injecting random but recorded bitstreams into the ether as radio waves at every gridpoint, and changing every minute or so.
There would need to be process and crytographic controls on this infrastructure.. might not be possible.
You would record the bitstreams on a pocket recorder or mobile phone device, and then you can say "look, the random code at this time and place was xxx".
Then there is the question of cheating... I just ask my friend who was there what the number was. So I guess I have to record the numbers on a "tamper proof" (see Secrets& Lies for why I put quotes around that) device like a Smart card, that only the "authorities" (whoever they are) can extract the information from.
There would need be a password protected scheme so I have to give my authorisation for a date-range of location data to be extracted as well. So I would have to trust this device, a lot more than I trust say Canivore.
Then what if know I'm going somewhere bad and I just give my card to a friend for a day or so. Not sure here.. maybe the device has to randomly demand some biometric data from me at random times.
Pretty interesting stuff.. gonna have to re-read Schneier's books (again). I recommend the section in Applied Cryptography that deals with protocols, for stuff along these lines.
I might put this up and work on it some more at my web site. Or I might not.
Well, quite - I'm sure you could use GPS and signatures to prove that a machine was in a location at the same time, but I could be using any form of remote access tools to talk to that machine.
The idea of using a trusted third party to validate people's locations, already mentioned here, would need an international standard to be agreed and would probably need to rely on fingerprints / retina scans et cetera to work, so probably not any time soon...
I'm a bit worried that people who don't want to prove that they are in a particular region (don't want their fingerprints on file, for example) will be denied various services, such as the latest encryption software.
"There's a party," she said,
"We'll sing and we'll dance,
It's come as you are."
Title of the paper is Location-Based Authentication: Grounding Cyberspace for Better Security
This idea is also explained in her book Information Warfare. The idea is using GPS signatures which are not forward-predictable. As other posters pointed out, that only proves the existence/access to GPS receiver located at some point and time not necessarily the presence of the *individual* there.
WakeTurbulence
Let's see.. the induction charger in my bed was working, so my battery is charged. When I step by the window, my phone chirped in my ear to tell me the GPS unit and the phone are working. I just need to polish the webcam lens in my forehead, and I'll be ready to step out in Public where I have nothing to hide. I sure am not going to be like that sap last week that couldn't prove that he wasn't at the bar robbery...
A simple hardware solution is not enough - the hardware needs to be permanently fixed to the same location as the person (i.e. physically embedded and all that that implies) and needs to be non-spoofable. Embedded solutions present the rather daunting prospect of spoofers removing the apparatus.... (Think Leila in Futurama and her job chip)
The only other way to achieve position guarantees would involve trusted 3rd parties (postion escrow anyone?) and we all know how much we trust those kinds of solutions! (Unless we are talking about people who are detained at the government's pleasure)
Of course then you'd have to deal with spoofing...
Errmm.... surely if his GPS data is encrypted with his private key then isn't that enough to "prove" that at least he believes that his GPS is with him?
The problem here is dealing with the GPS data. You basically have to prove that the data has come a GPS receiver that has been unmodified. There is nothing stopping me fixing the stream of GPS data to the application signing it, to make it look as though I was anywhere in the world. Therefore there are several areas you have to lock down to make sure that this data is authenticable:
1. The position determined by the GPS receiver is accurate, and can not be manipulated by somebody with a small transceiver nearby convincing the GPS receiver that you are located somewhere else. On a 3 or 4 satellite track, you may not be able to move youself very far, but in the US you could probably "cross" a state boundary, and in Europe you could probably mangle things around to move across country borders.
2. Once you can be sure that the data being received by the GPS receiver is genuine, you have to get it into the PC untampered. What's more, it has to make it all the way to being signed without being vulnerable to tampering at any point. If the longitude and latitude is stored somewhere in memory location 'X' just before being signed, I could conceivably tamper with it.
3. You then of course have to sign it, and then ensure that this mechanism is strong and that it can't be manipulated either at this stage or further along the transmission.
The problem really is that signing the location is the wrong approach - you have both your private and public key, and you can sign *ANYTHING* you want to authenticate it as belonging to you, but in actual fact, you need the GPS receiver to store the private/public pair and not divulge it to anybody else. How then, do you stop people tampering with the receiver?
Thinking about it, I think that may be the best approach - the GPS does the crypto internally, and you build measures to ensure that it can't be tampered with. Even then, you still have to make sure you're talking to a real GPS receiver etc. so challenge/response stuff may have to be added in. Nasty.
The SIM is your encrypted device. To activate it you need a PIN, which could be considered your digital signature and presto:
The location of Your SIM is trackable within a couple 100 yards or so.
The problem of course is, that the location is attached to the device. Nobody prevents you from sticking it under a car and pretend that you went all the way from Malmoe to Lissabon.
That's probably also the most tricky issue with your question:
How can you make a position dependant signature device independant, or at least (if you use a device) make it non-functional if you're not physically there.
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
Since GPS uses pseudo-random data streams, couldn't you prove your position at a particular time by somehow inserting the timestamp data from the four satellites you're talking to into the digital signature?
Or would that be easily faked?
I'm not a GPS expert, so I don't really know for certain.
-C
--
All opinions presented here aren't mine.
Extremely easy when surfing pr0n.
Errmm.... surely if his GPS data is encrypted with his private key then isn't that enough to "prove" that at least he believes that his GPS is with him?
The chain of trust is therefore:
At the end of this exchange, the receiver trusts that the owner believes s/he's in the position exchanged between them.
This doesn't cover the case that the authentic Owner is trying to spoof his location, but I don't believe that was the question - which I read as "How can I prevent someone masquarading as me from a remote location at a given time?"
--
I'd rather have a bottle in front of me than a frontal lobotomy
even if you could prove that your GPS receiver was at position X at time T, how would you prove that YOU were also there? Unless it's implanted under your skin...
Of course, it really depends what you want to do. In Switzerland, devices are being installed into trucks which register position and time in order to collect road taxes. The device is attached to the vehicle and tampering with the fixing will probably get you a heavy fine.
Any technology which is distinguishable from magic is not sufficiently advanced.
Come on, this cant' be a serious idea. With the increase in mobile computing, you can't expect anyone to have his/her computer in a fixed place... Besides you can use a proxy that's not in the same location as you are, so that won't prove your identity either...
The internet gambling industry has been looking for something like this for quite a while. If people can prove they're inside physical areas that are allowed to gamble, suddenly internet gambling is wide open for companies like Harrah's and Caesar's to take on. Currently they can't do it for fear of being sued in areas where gambling is illegal.
The drawback: pr0n users in the bible belt would be suddenly unable to hit their favorite sites. Site operators would restrict content to areas where they could be certain of legalities.
And even worse, Amazon could now target prices based on the economy of your neighborhood.
What's your damage, Heather?
The simplest example would be an "authentication satellite", where Jane asks the satellite,
"is Bob really in France?"
If Bob knows the contents of the message, he's in France.
Of course, Bob could just have a tranceiver in France.... so.... quantum encrypt it in a single photon :). Single photon quantum encyption is nearly good enough for Earth-satellite links, IIRC.
None of this fixes the "problem" (is it really a bad thing?) mentioned elsewhere in this discussion, that physical devices and people are separable...
Fixing copyright
So we go from people complaining that new technology can be used to track them to complaining that new technology can't be used to track them.
--