Slashdot Mirror

← Back to Stories (view on slashdot.org)

Authentication Via Geographical Location?

Posted by Cliff on from the where-am-I-now? dept.

RudeDude asks: " While reading Cryptonomicon I became a bit paranoid about encryption and digital signatures but it has me thinking a bit as well. I'm trying to visualize a way to prove my physical location in a cryptographically strong way and I can't think of one. My digital signature proves who I am, but wouldn't it be nice if I could also give proof of my physical location at a given time stamp? I've thought of only a few things that would be very hardware dependent, etc. but what I really think would be cool would be something that is as strong as digital signatures. Some sort of GPS/MD5 signature that a third party could confirm so that it would be impossible to spoof my location. " This question has been asked a bit by people looking to restrict services to various countries, but currently one can't be sure if the IP a person is using is really the location from which the connection is being made. Would a system like the one described above be a possible answer?

"This is mostly just a thought experiment, but I am curious to see what other Slashdot readers could maybe dream up. In my opinion (and I'm sure many others as well) my current meatspace coordinates usually mean much less than my network 'location' does, but I can think of many times where proving my meatspace location could be just as important as proof of identity."

7 of 159 comments (clear)

  1. Re:But... by henley · · Score: 4

    Errmm.... surely if his GPS data is encrypted with his private key then isn't that enough to "prove" that at least he believes that his GPS is with him?

    The chain of trust is therefore:

    • Exchange public keys
    • Validate trust in public keys (as per normal)
    • Owner validates trust in GPS location
    • Owner encrypts / signs position information packet from GPS with private key
    • Receiver party validates postion against public key

    At the end of this exchange, the receiver trusts that the owner believes s/he's in the position exchanged between them.

    This doesn't cover the case that the authentic Owner is trying to spoof his location, but I don't believe that was the question - which I read as "How can I prevent someone masquarading as me from a remote location at a given time?"

    --

    --
    I'd rather have a bottle in front of me than a frontal lobotomy
  2. But... by komet · · Score: 4

    even if you could prove that your GPS receiver was at position X at time T, how would you prove that YOU were also there? Unless it's implanted under your skin...

    Of course, it really depends what you want to do. In Switzerland, devices are being installed into trucks which register position and time in order to collect road taxes. The device is attached to the vehicle and tampering with the fixing will probably get you a heavy fine.

    --
    Any technology which is distinguishable from magic is not sufficiently advanced.
  3. Re:Pseudo-random data stream? by HuskyDog · · Score: 4
    Some of my colleagues here at the British MOD have a GPS simulator which they use for various navigation research tasks. Basically you connect your GPS receiver antenna input to this box of tricks, then type a lat/lon, date and time into the simulator and voila!

    So, the bottom line is that anything that relies on GPS data can be faked. Obviously these simulators are expensive, but I presume that the GPS receiver manufacturers all have them, so there most be quite a few in the world.

  4. Mobile computing? by Engmir · · Score: 4

    Come on, this cant' be a serious idea. With the increase in mobile computing, you can't expect anyone to have his/her computer in a fixed place... Besides you can use a proxy that's not in the same location as you are, so that won't prove your identity either...

  5. Fringe benefits for various internet sites by Brento · · Score: 5

    The internet gambling industry has been looking for something like this for quite a while. If people can prove they're inside physical areas that are allowed to gamble, suddenly internet gambling is wide open for companies like Harrah's and Caesar's to take on. Currently they can't do it for fear of being sued in areas where gambling is illegal.

    The drawback: pr0n users in the bible belt would be suddenly unable to hit their favorite sites. Site operators would restrict content to areas where they could be certain of legalities.

    And even worse, Amazon could now target prices based on the economy of your neighborhood.

    --
    What's your damage, Heather?
  6. A solution of sorts by Peter+Eckersley · · Score: 5
    GPS isn't really enough. You need to have something which you couldn't have had if you were anywhere else. Satellites could give you this, but only if they beamed different, cryptographically secure, messages in different directions.

    The simplest example would be an "authentication satellite", where Jane asks the satellite,

    "is Bob really in France?"

    ...Satellite sends encrypted message for Bob in the direction of France...

    If Bob knows the contents of the message, he's in France.

    Of course, Bob could just have a tranceiver in France.... so.... quantum encrypt it in a single photon :). Single photon quantum encyption is nearly good enough for Earth-satellite links, IIRC.

    None of this fixes the "problem" (is it really a bad thing?) mentioned elsewhere in this discussion, that physical devices and people are separable...

    --
    Fixing copyright
  7. only on slashdot by nomadic · · Score: 5

    So we go from people complaining that new technology can be used to track them to complaining that new technology can't be used to track them.
    --