Slashdot Mirror
Geo-Encryption: Global Copyright Defense?
An Anonymous Coward writes: "CIO Insight has a story on the copyright-protection scheme devised by Georgetown professor Dorothy Denning. Geo-encryption uses GPS technology to keep information scrambled until it reaches a precise location anywhere in the world. Denning has started a new company, GeoCodex, to capitalize on the technology." I can't wait for the Crypto-Gram article about this one..
I really think I'm missing something here...I always thought GPS was a signal sent from like 20 satellites to your position on Earth, I had no idea it could receive signals too. Can someone explain how this technology is possible?
oh..wait, I get it..the content has a descrambler that only activates when it gets the right GPS signal...duh. Sorry...oh well, first post.
Think nothing is impossible? Try slamming a revolving door.
Probably make tons of money.. Won't let me in her class because too many people already registered...
*grumble*grumble*
This is a tired old idea. All you need to do to break this scheme is run a dictionary attack using all coordinates. Should take less than an hour on my desktop.
Of course, it has the exact same problem that most copyright protection techniques have. How do you store the location in the media file in such a way that it can't be changed? And how do you prevent players from being manufactured that don't look at the location?
If these questions aren't answered then it won't prevent even casual copying.
:wq
They should use Galileo because it will be a multinational, civilian controlled system and thus not susceptible to military/intelligence community people just walking in and demanding decryption with a government issued, carte blanche, "national security" mandate.
The owls are not what they seem
this will provide a whole new aspect to geocaching! what will they think of next?
Armed with Denning's geo-encryption system, which she co-patented in 1998, only people in specified locations, such as movie theaters, living rooms or corporate conference rooms, would be able to unscramble the data.
This is going to make playing with the hanger-antenna on top of the TV look like nothing. "Honey, I can't watch the movie until you bring it in the living room." What's worse though...
Medical records could be sent from a doctor in Peoria for a second opinion to a doctor in Manhattan--and all without the usual worries over privacy leaks to insurers or investigators along the way.
"But doctor, I thought I *was* a Region 1 patient."
I watched C-beams glitter in the dark near the Tannhauser gate.
From a design point of view, it's simple. You have a gps, and some compuiter that will give you some data (i.e., a decription key) when the gps detects that you're at a specific position in space. The really, really hard part is making the device tamperproof.
It has not only to resist to direct attacks trying to get to the data, it also has to deal with jamming of the gps signals, or more specifically putting the device in a faraday cage and sending it signals imitating the gps satellites in the appropriate position. Too bad the article has zero information on their methods.
Oh well, let's hope a followup article by Schneier (who also considers the tamperproofing critical) will be more detailed on the technical side.
OG.
Great, that means I can't listen to my music, DVDs, use my software when I am on holidays, on a business trip or at my second home?
they can come beat the information out of me?
So the encryption key is some location on Earth (longitude + latitude). Either you go there, or you use hack the device and input the coordinates without moving an inch.
how silly. all you have to do is fool the machine into thinking it's someplace else. Put it in a metal box with your own custom transmitter(s). Or just go the right place, MAKE A COPY, and then spread it around.
I really don't see how this "protectz kopyrightz".. it's just access controls. kinda neat in and of itself though.
Perhaps I'm just really wrong (wouldn't be the first time) but do commercial GPS devices still have a small imperfection built in, along the scale of 10 meters (or was it more like 100)? I remember reading that the government did this to prevent terrorists from using GPS to pinpoint landmarks like the white house. This causes problems for some users though, such as being off by a city block or two, depending on the inaccuracy.
--Please, don't waste your moderation points knocking me down. They can be used so much more effectivly elevating a worthy poster elsewhere...
Come on people, enough is enough. AF was yesterday. Yesterday morning if you really want to stick to tradition. There's only so much you can take of these obviously stupid stories.
This is only how to defeat the system... I don't even mention what consumers will think of it... how would {RI,MP}AA justify licensing the material to a physical coordinates rather than a paying customer? It is not likely to work. GPS does not work inside buildings, BTW, and very few people go in a park to watch DVDs :-)
Last I checked, GPS coordinates were accurate to only tens of meters, though with inertial guidance the accuracy goes to 1 meter. So that is a limited number of possible locations, or keys. Next, as soon as the algorythm is made public knowledge, it would seem to be relatively simple to cycle through all possible GPS coordinates for a given class of potential receivers (geocaching all movie theaters in the US to gain potential keys for StarWars Episode III, for example..)
I mean, isn't one of the hallmarks of a good encryption method the lack of availible clues as to what sorts of keys might have been used? It would seem this method is extremely weak. But hey, it's late, and the article was very thin. Anyone have anything better to add?
"Avast! Prepare for the rodgering!" THWACK! "Arrr.. me nards.."
There are intersting things you can do with spatial location and cryptography, but this isn't it.
So at best you get to ensure the location of the recipient.
And if the recipient records the video on their HDD and e-mails it to a friend?
And their friend bungs it on a file sharing service?
This may be good for preventing casual interception for location-to-location messaging when both parties want to keep things secret, but why is it any good if the recipient couldn't give a damn about secrecy?
How is this going to help stick another finger in the rapidly spongifying dyke of copyright?
Uhh, guys I submitted this story last November and it was rejected. Now I'm not complaining about being rejected, but this story is really OLD, and the concept is a long way from being proven to be practical or even remotely possible.
* 2001-11-22 21:35:54 New encryption technology : Geo-Encryption (articles,encryption) (rejected)
Considering the article was posted on April 1, I'm still more than a little bit sceptic...
Umm... the problem with this technology is that devising an interesting key isn't the problem. The problem is that people can crack the encryption scheme itself. Adding the GPS element to it makes it even easier.
I mean seriously, it sounds like all you'd need to do is run a few integers through it and eventually it'd unlock. This would be far easier than trying to decipher a key. I doubt fooling the GPS would prove all that difficult.
Maybe i'm oversimplifying the situation a bit, but it never really seemed to me like the key was the weakest link in modern encryption schemes. By localizing the key to GPS co-ordinates, you're making it far easier for somebody to know where to look.
"Derp de derp."
Just hook the tester to the decryption unit, and voila, you can make the decryption unit think it's anywhere in the world.
Is enough of the GPS protocol published to make it feasible to create GPS simulator equipment from scratch or is the signal encrypted in such a way to make it too difficult (i.e. if some foreign government can't legally buy a GPS simulator, how hard is it to make one?). Is it even possible for the commercial simulators to really emumlate the satellites, or can the GPS unit tell the difference between a test signal and a real satellite?
GPS Civilian Signal Degradation Turned Off May 1st 2000.
Did anybody else think that the use of the word 'copyright' in this article felt like it didn't belong? Either the author was running with an idea in his/her head that he didn't quite get to elaborating on, or he/she was hoping to ride the wave of publicity generated by SSSCA.
"I got a scoop!"
"Derp de derp."
It was around 100 meters in any direction from your current location. And yes, it was by the U.S. government to prevent people from bombing the White House. As if a bomb big enough, off by 100 meters, would actually miss the white house.
They removed it sometime last year, I believe. With 9-11, there are rumors they may impose the restriction again, but that's assuming any primary threats have missiles capable of using GPS.
This restriction would pose little or no problem to people using it for the purposes this article describes. GPS correction is available through a "post-processing" method. You position a GPS base station at a known location. If you take samples at exactly the same time from different locations, those locations are off by exactly the same error vector. So, you simply compare the base station samples to the base station position to get the error vector, and apply this error vector to the roaming samples to get your almost-exact position.
I say almost exact because signals are disrupted by various things. Light and sound are waves; they move at a constant speed as long as the travel medium doesn't change. As a consequence, like sound, light is affected by the doppler effect. It usually isn't significant, but can throw your results off nonetheless.
Clouds, rain, snow, buildings, etc. can also affect the results, as well as the SNR (signal to noise ratio -- measures the amount of readable data to background noise). If the SNR is high, it's unlikely the results will be thrown off significantly. All these problems are virtually unavoidable unless the weather is clear, you have a high channel capacity on your GPS device (8 is usually good, I think available satellites above the horizon range from about 8-11, high on elevated terrain), and there are few if any buildings around.
You need at least n+1 satellites in reach to get nth-dimensional results. So, for planar (2d) positions (latitude/longitude, or azimuth or whatever) you need 3 satellites, and 4 for spatial (3d, 2d + a z-position, your elevation).
The more satellites, the more precise your results are. If the base station is within 500 metres away, and you have real-time correction (which would still help with climate problems), you can get sub-centimetre accuracy.
This seems very Bond-ish. Less practical for protecting copyrights and more like it could be used to protect sensitive government data or something.
;)
"Remember 007, the document will be unreadable until you reach Paris..."
There are two points here:
- [If] it's keyed to GPS location,
then you have a defined search space. This search space is the set of all practically resolvable locations on earth. Worse, this is (a bit) like a "non-flat" keyspace, since you can rule out *lots* of locations, and start with some obvious ones (think how John the Ripper and L0phtcrack work).
- It requries a tamperproof unit.
Go and look up all the usual issues with "tamperproof" units.
Neither of these things make it useless. They just bound the situations (and probably the length of time) for which it may potentially be of use.
Dorothy E. Denning and Peter F. MacDoran wrote a article on the subject which was published in Computer Fraud & Security in February of 1996.
To read the article click here.
In addition, her home page is at http://www.cs.georgetown.edu/~denning/.
This is probably to try and prevent intercepting a movie on its way to the theatres. As to whether it is possible to do this effectively is another question altogether...
SSL Certificate
Great, that means I can't listen to my music, DVDs, use my software when I am on holidays, on a business trip or at my second home?
Do you really think consumers are going to buy into some re-hashed Circuit Shitty DIVX with GPS protection?
Will I retire or break 10K?
Geez.
There is is, all the info you need.
Now mod the bitch up.
Ok, I know nothing about how GPS works, but presumably somewhere along the line you get some kind of set of integers that you can interpret into your global position. So if you knew the intended destination for the message, how hard would it be to write an algorithm that would take those coordinates and give you the key to decode the message?
Hmm, now I actually write this out loud, it's starting to read a lot like "April Fool!"
Cruise missiles guide[d] themselves not with GPS, but just using a machine vision systems. They compare actual land beneath them to a map stored in the missile, and generate corrections this way. Does not work well at night, but totally self-contained and jam-proof.
Besides, there are many other solutions to the "last 100 meters" problem. An infrared laser, for example, can highlight the target, and the missile locks onto the bright spot. This one is used for many years (so-called "laser-guided bombs").
Think about it.
So it's impossible to fake the GPS signals eh? They're not anything like a regular structured and well-understood format or anything....
I suppose faraday cage technology will be outlawed (only terrorists would want to use a faraday cage surely...)
Faking up the signals and the timing is a matter of some electronics. There is no strength here.
Snake oil. Move on people, nothing to see here....
If you know the region which the data is intended for (eg, by looking at the region code on a DVD), voila, you just feed the data into whatever algorithm transforms GPS coordinates into the decryption key.
Since GPS location is not random and is known, you can spoof the data, and not even have to do a brute force search over a random keyspace as you would with a normal cryptoscheme...
There's 10 types of people in this world, those who understand binary and those who don't.
Some juicy bites from her publications:
..My conclusion is that modern encryption is predominately a privacy
Is Encryption Speech? A Cryptographer's Perspective
enhancing technology rather than speech. Although encryption might be
regarded as a manner of speech, it is unlike other methods in that it
contributes nothing to communication.
One implication of this interpretation is that regulation of encryption
would not violate the First Amendment. Another is that restrictions on
the use of encryption could not be used as a basis for prohibiting the
use of an obscure foreign language or any other ordinary language.
Testimony Before U.S. House of Representatives, May 3, 1994.
"..The Clipper Chip and associated key escrow system is a technically
sound approach for ensuring the security and privacy of electronic
communications. Clipper's SKIPJACK encryption algorithm provides
strong cryptographic security, and the key escrow system includes
extensive safeguards to protect against unauthorized use of keys. The
more advanced chip, Capstone, further provides all the cryptographic
functionality needed for information security on the National
Information Infrastructure."
And there's even more, go and see by yourself. I'm really waiting for the comments from the cryptograhical community on this systems..
V.
I'll get to re-live my childhood wherein I had to stand off to the left of the TV and lean away while holding the antenna during Monday Night Football so my Dad could cheer the Cowboys. Uh...no thanks...
-- @rjamestaylor on Ello
I mean if you tap the incoming line to your reciever, what's the difference?
Please, before I get flambe'd, I know the obstacles, but suppose a janitor is your buddy, lets you do some work "after work", so you can take it home with you. One p2p later, at least one day later, 100s of copies are floating.
I think any system is only as good as weakest link, and any system that cannot be taken advantage of is virtually useless!
This mind intentionally left blank.
The KKK a bunch of sheetheads? You decide!
Another excuse for the US Government to try and stop the Euro-GPS going ahead on the grounds that it violates the DMCA/SSSCA/'Cable Bullshit Act'. Or, maybe it just wont work with the new system which would mean everyone would still be forced to use the American system for decrypting DVDs (The only thing this technology will be used for).
This comment does not represent the views or opinions of the user.
Obviously she hasn't been keeping tabs on how long it takes new standards (read: IPv6) to be implemented on the Internet.
This restriction would pose little or no problem to people using it for the purposes this article describes. GPS correction is available through a "post-processing" method. You position a GPS base station at a known location. If you take samples at exactly the same time from different locations, those locations are off by exactly the same error vector. So, you simply compare the base station samples to the base station position to get the error vector, and apply this error vector to the roaming samples to get your almost-exact position.
You cold have done this, if the error vector hadn't been random (between 0 and the limit).
Low expectation -> something good happens -> renewed hope -> excitement about the future -> disappointment when nothing happens -> despair -> low expectation -> something good happens -> renewed hope -> excitement about the future -> disappointment when nothing happens -> despair -> low expectation -> something good happens -> renewed hope -> excitement about the future -> disappointment when nothing happens -> despair -> low expectation -> something good happens -> renewed hope -> excitement about the future -> disappointment when nothing happens -> despair -> low expectation -> something good happens -> renewed hope -> excitement about the future -> disappointment when nothing happens -> despair -> low expectation -> something good happens -> renewed hope -> excitement about the future -> disappointment when nothing happens -> despair -> low expectation -> something good happens -> renewed hope -> excitement about the future -> disappointment when nothing happens -> despair -> low expectation -> something good happens -> renewed hope -> excitement about the future -> disappointment when nothing happens -> despair -> low expectation -> something good happens -> renewed hope -> excitement about the future -> disappointment when nothing happens -> despair -> low expectation -> something good happens -> renewed hope -> excitement about the future -> disappointment when nothing happens -> despair
The owls are not what they seem
I presume this is nothing more than standard key-escrow encryption method such as PGP but using the GPS location as a private(?) key.
I can't believe the copyright office would let someone copyright (and therefore prevent others from) using any encryption keys that can be construed to be a GPS location.
The madness continues...
they could just supply fake values to the GPS curcit, as could anyone for any purpose. This isn't encryption, its a farce. (and suppose this could be made to work... what would happen if the GPS system whent out of commission for some reason?)
autopr0n is like, down and stuff.
What happens if you live in a highrise building I personally live on the 20th floor, withing 10 (horizontally there are 3 apartments, Does that mean all 60 apartments can use it.
IIRC GPS is crap for height,
anon
NSA-Skipjack != Clipper.
Skipjack been broken yet to my knowledge and the breakable encryption system (clipper) you're talking about had session key recovery built in on purpose.
Ha... if a terrorist wanted to bomb the White House then he could use Glonass, the Russian "GPS" which I believe is much better!!!
Fabio - Sumare/Sao Paulo/Brazil/South America/Earth/Solar System/Milky Way/Universe
http://www.morroida.com.br
It just means you have to buy a black-market fake-GPS signal generator
autopr0n is like, down and stuff.
"came up with a way to make routers themselves "locationally intelligent"?in other words, the GPS-based encryption itself would change dynamically as it moved through the path from owner to user."
Knowing how hard its been to get the router manufacturers to adopt IPv6, I think she's smoking "Happy Pixy Dust."
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Prof. Denning used to be one of the chief supporters of the government's Clipper key escrow system:
Click here to read a letter she wrote at the time.
Actually most cruise missiles use an inertial navigation system with terrain contour-matching updates and others use an inertial navigation system integrated with a multi-channel onboard GPS (AGM86B and AGM86C respectively). Furthermore, some guided bombs make use of an inertial/GPS system as well (GBU 31/32). So, while it certainly wouldn't cripple the military, a disruption of GPS would hamper them ever so slightly.
Pax Digitalia
>copyright-protection
What part of "Everything is breakable" is unclear to her? Geez what a brainfart!
It doesn't matter whether or not it's random (it actually repeats the randomization algorithm every 12 hours, so to get an accurate response for your position you would have to wait 12 hours, after which you would get a totally different error pattern). As long as you take two samples at the same time - one at the base station and the other at the roaming device. They're both off by the same amount; it has nothing to do with randomness.
...this data's been encoded with GPS encryption for security and can only be read in a few select locations...
There must be something they are not telling about, as this sounds really dumb to me.
GPS is really simple in principle. There are 24 satellites in 12 hour orbits, with orbital planes arranged so that at least 4 are up for anyone on the planet at any time. Each satellite sends its own encrypted signal (actually, 2 such) to everyone who can receive it.
The reciever decodes the signal, and checks the time lag between when each satellite's signal was received. That's it. All of the geolocation is deduced from the relative lags of the signals broadcast for all to receive.
Four satellites are needed as the receiver's clock is probably off; two signals are sent as the easily decoded civilian one has errors put in to reduce accuracy (SA - Selective Availability), while the other signal has a military grade encryption.
That's it. My signals differ from yours only based on the relative time delay between them.
So, this is subject to a replay attack - simply record the signal at the desired location and replay it to a receiver at your actual location. This would work even for the military grade encryption, but would require a sensor at the actual target location of the geo-encryption.
To do this near to (within 4000 km or so, so that the same satellites are up) of the target location, record the signal. Figure out the relative time delay's. Playback the signal multiple times with the appropriate lags for the other location. As the receiver uses a convolutional decoder and an omnidirectional antenna, if you do this right, the receiver will lock onto the time shifted satellite, and will come up with the wrong position.
The above replay attack would require a wide bandwidth (few 100 mbps) record capability and (for the time shifted version) a good ephemeris - both easily available. AND, it would work even for encryptions using the military signal.
But, you don't have to go to the trouble, as there is test equipment easily available that will do this for you (it's how you test receivers). This would not work for the encrypted military signal though.
Since these people are not stupid, my guess is they will sell a decrypt chip with with a receiver on it, and maybe use tight time delay's windows to hinder replay attacks. Give me $ 30,000 for test / record equipment, and I will break it even so. Since this level is not out of bounds for industrial movie pirates, "This sounds dumb to me."
* 1977-02-29 21:35:54 New encryption technology : Geo-Encryption (articles,encryption) (rejected)
This is 100% pure FUD. The "secret" used to encrypt / decrypt data in this model does not seem very secret.
The idea itself sounds Hollywoodic and nice: "Your mission, should you choose to accept it, is to find the Ladies room, sit on the correct seat and decrypt this piece of FUD." ( hoping the ladies room has no roof, so that the signal goes through)
In obfuscation we trust!
This has the same chance of success as using a NIC's MAC address for encryption.
The idea of making the software and your NIC tamper proof, so that it always gets the "real" MAC address from the physical card is bypassed quite simply by writting new software that lets you plug in whatever MAC/GPS address you would care to pretend to have as a decryption input.
Its a crack once, decode freely foreever problem, and its one of negligeable difficulty.
In order for this scheme to even work it requires.
1. An encryption method that is secret
2. A tamper proof implementation of same
3. A method of detecting if the GPS signals are being spoofed
Reasoning.
1. If the method isn't secret, then someone can simply say screw the hardware, and build a decryptor that can generate the key for any location of earth to pass to the encryption algorythm.
2. If the implementation isn't tamperproof, it can be spoofed into acting as if it's anywhere I want. Also the algorythm can be compromised (see #1 above).
3. If it can't detect a spoofed GPS signal, then once again, I can have it act as if it's anywhere I want it to be.
As regards performing an exhaustive key search to decrypt the data (using whatever method you desire), the following tidbits are available for your consideration.
1. There is about 2^61 10 meter square places on the surface of the earth. 2^61 is a fairly large number, but not out of the realm of an exhaustive search.
2. But, in most cases, you don't need to perform an exhaustive search. The location is already specified for the "protected" data. All you really need is an "unapproved" implementation of the algorythm and you simply dial in the approved location and decode to your hearts' desire.
Overall, this is one of the sillier ideas that I've seen.
Why not just encrypt per social security number? Or to make it hacker proof, we could also use your mother's father's daughter's kid's name as seed.
In a Faraday, or just indoors, it would seem trivial to spoof a $50 piece of electronics. It is like using GPS to 'insure' a new release of a hit to be won't be played until its time. Trivial crack and it was.
Its 2 april here, but perhaps this was posted 1 april somewhere? Am i a sucker for responding? Guess the crackpot DCMA would make it 'secure' in the USA?
The decryption key is in a hardware device (or in this case calculated from coordinates by the hardware device based on some other secret key). Presumably, the GPS receiver is integrated with the device so that positions can't be spoofed directly.
This leaves two avenues of attack. The first is to recover the encryption key, the second is to spoof the satellite signals. Neither one is beyond someone with adequte resources (an intelligence agency or a serious industrial pirate). But supposing they are clever enough to avoid shipping a software based decoder, it will probably work well enough to discourage casual users.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Wasn't this used in the Neal Stephenson book, Zodiac?
Illegitimi non carborundum
It was around 100 meters in any direction from your current location. And yes, it was by the U.S. government to prevent people from bombing the White House. As if a bomb big enough, off by 100 meters, would actually miss the white house
Also based on the asumption that whoever is doing the bombing cannot see the target.
They removed it sometime last year, I believe. With 9-11, there are rumors they may impose the restriction again, but that's assuming any primary threats have missiles capable of using GPS.
Ignoring the fact that the terrorists that morning probably worked by eye.
Cruise missiles guide[d] themselves not with GPS, but just using a machine vision systems. They compare actual land beneath them to a map stored in the missile, and generate corrections this way. Does not work well at night, but totally self-contained and jam-proof.
I though they used radar rather than optical systems. The only missiles I recall using optical sensors are SLBMs.Anyway they also have an inertial navigation navigation system.
Besides, there are many other solutions to the "last 100 meters" problem.
Control by kamikazie being the most low tech option.
it hit politech a while ago
http://www.politechbot.com/p-02843.html
where you can read, among others, Peter Trei's response. there are more cryptographers in the world than schneier, after all...
The way this would work is simple. You would have a PGP key You would have a GPS component. You can send it the world over. Everybody get's the message. The only person that can decript it is he/she who: 1. Has PGP decription key and 2. Is at the right place to read it. So now, even if they steal your key, they need to know were you read your e-mail. But then again, all they need to do is scan a few million GPS positions and they have decripted you. So it is no more secure than going from 128bit + GPS to 133bit encription or thereabouts. In reality it only makes it harder for the reader so I can't see the practicality other than if the author of the message demands that you read it at a particular place.
Yes, I have read a big part of the discussion. And I must notice the following that nobody IMHO has mentioned:
All the GPS receivers use the well-documented format for data exchange. If somebody produces a program that uses the GPS receiver as a key device, it's elementary to make the receiver simulator. You don't need any Faraday's cages or GPS signal generator - you only feed data via RS-232 channel.
Of course, somebody can require that the special receiver with the builtin digital certificate is needed. But this receiver, being special, will be prohibitively expensive.
I wonder if she has ever tried to get a GPS position inside a building?.
It just don't work
They still haven't fixed the problem of secure GPS to computer connection. Maybe a Cue Cat style serial numbered USB GPS will be required to make it work. Each subscriber would have a GPS with a unique serial number and an encrypted output much like that favorite free barcode wand. Without protecting the GPS/PC connection A pair of old 14.4K stand alone modems (one on a cell) will take a GPS signal from your favorite movie house and send it anywhere in the world in almost real time.
Just dial it up. I could put a modem on a GPS at a subscribed location and let friends know where to dial in to connect. Internet latency would cover up transmission losses over the modem pair. Less than perfect timing would still work.
The truth shall set you free!
What _is_ important is that someone needs to write this idea into a movie script. How fun would a movie be about someone who has to rush around to different places to find a bomb or rescue their family or [insert goal here] (the GPS/decoder device is booby trapped so it can't be hacked easily).
-- Bird in the Bush: The Renewable Energy Blog http://www.birdinthebush.org
encryption does NOT prevent copying.
A GPS encryption scheme just means you have to be in a particular area before you can pirate a copy.
Hasn't anyone learnt anything from the DeCSS farce?
Overcoat Man: Excuse me, I'm terribly sorry but could I bother you to move over. I really must sit there.
Old Woman: Oh... ok.
Man sits down, opens up briefcase, activates laptop and proceeeds to download wireless secret transmission.
1 - As stated in the linked article, if the device isn't tamper-proof, it doesn't work.
But also...
2 - There's no reason you can't just convince the device it's at a different location by shielding out the real GPS signals and transmitting your own fake ones from nearby. I'm sure a good RF/GPS hacker could build a box to contain your geo-encryption device that allows you to select a fake longitude and latitude.
The whole idea is just silly. There's no mathematical or scientific principle behind this geo-encryption that makes it work, just a supposedly tamper-proof box that relies on GPS airwaves to determine when it shoudl say "Yes, allow this data to be seen".
11*43+456^2
Are GPS signals cryptographically signed? If they are, then perhaps the system could be made tamperproof against spoofed signals in a Faraday cage.
If not, then capturing the device would pretty much mean you could get at the data.
As for the idea of using these for military commanders & such -- wouldn't the places they're going to need to receive communications have some sort of TEMPEST protection to begin with? GPS is sketchy enough if you're inside a building period -- if you're in an electrically shielded building to boot, there doesn't seem to be much hope that this will work.
Actually I believe the NEMA 1.2 or whatever (the standard GPS data stream) is plain jane serial, so this would be fairly trivial.
funny munging
I havent had a chance to read it, but the patent for the method is 5,757,916
(http://patft.uspto.gov/netahtml/srchnum.htm and enter the number)
From the abstract: "A method and apparatus for authenticating the identity of a remote user entity where the identity of such user entity is authenticated by use of information specific to geodetic location of the user entity but that changes constantly, making "spoofing" the host device extremely difficult. The invention is preferably implemented utilizing satellite positioning technology to produce the identifying information."
Yes, this may be great for those people who demand data to be "just that more secure", but this would never be popular on the consumer side. For one, their location changes constantly. And the number of changes would be prohibitive for the company to keep on verifying and changing and all that nonsense.
And two, people don't want to be limited to whatever platform the media companies want for them. The fact that car phones failed, or that people made tapes from vinyl all the time attests to that.
The only possibility I can think of would be the need for secure live feeds. But then wouldn't the receiving end have to pay a large fee for the equipment to process the data?
I'm wondering if this idea is even still valid. Assuming it ever was. From the article you linked up:
The location signature is virtually impossible to forge at the required accuracy. This is because the GPS observations at any given time are essentially unpredictable to high precision due to subtle satellite orbit perturbations, which are unknowable in real-time, and intentional signal instabilities (dithering) imposed by the U.S.
First off, the SA dithering has been turned off. Presumably that makes GPS signals much more predictable, and could easily trash this whole scheme. I also find it hard to believe that the orbital perturbations of satellites is especially random on the scale which would be measurable. Now that SA has been turned off, most of the remaining error in GPS is due to variations in the temperature and density of the atmosphere between the satellites and the receiver. Since these would often vary between the 'host' and the 'authentication server' that would create wiggle room for a malicious host to guess the right signal. I don't know if it would be possible for them to use the encrypted military signal to correct that error without having the ability to decrypt the military signal. That's an interesting problem.
The other major weakness I see is the whole idea that the signals are unknowable in real-time. Um, no. A malicious host can use a receiver to measure all the random variations exactly as the authentication server must. I just find it remarkable that anyone who appears to be as smart as Denning could expect this to work. The simple fact is that a malicious attacker will have access to all the same information that the authentication server will use to make it's decision. A hacker can measure the "error" factor in the GPS signal in the exact same manner as the authentication server. They know the equations which the authentication server will use to validate a signal. The transformations you might have to do to the received signal to change the location it represents are going to be simple linear transformations. The math behind GPS is pretty simple really.
Not to mention this little tidbit: Further, because a signature is invalid after five milliseconds, the attacker cannot spoof the location by replaying an intercepted signature. Well, that will work great for verifying people in the same building. But you're not going to verify telecommuting users who are dialing in, or using DSL, or travelling across the country. Hopefully someday we'll have a network which let's us do things reliably in less than 5ms, but don't hold your breath. Especially since you can only expect light to go about 1000km in fiber during that 5ms.
the article first says
earning her the moniker of "America's cyberwarrior"
and then says
Richard Clarke, are looking into its potential uses against cyberwarriors.
so great deal for her. she spends all this time developing this technology just to have it used against her.
either that, or they just like the word 'cyberwarrior'
Jamming a GPS signal is not that hard - the amount of energy received by the antenna is minimal and can easily be jammed by a source on the ground. Anti-jamming GPS antennas detect jamming and "null" out the signal for that quadrant - just think of an antenna as a pie, all sliced up - if one segment is jammed, that slice of pie's information is discarded until the jamming goes away. The amount of satellites you recieve on your omni-directional GPS antenna will probably be lowered, but at least your signal won't disappear completely. (I don't have the links handy that explain this better)
"Spoofing" the signal is much more difficult and is damn near impossible..(at least we think...) for a GPS that is getting signals from the satellite constellation. The only true way to spoof a GPS reciever would be to bring it into a closed room and set up a simulated constellation for the reciever to lock on to. Some universities have done this type of research in an effort to provide robots with a sense of location.
The GPS string that is sent out by the reciever is defined by standards and is in plain text. The RMC, GGA, VTG sentences that are output are enough to give location, altitude, ground speed, etc. To simulate actual reception, all you have to do is playback a recorded text file of a previous reception. Heck, you wouldn't even need to use a recorded file - just make a script/program to spit the data out over the com/usb port. Hence, for this to be secure... The link from the GPS to the crypto black box had better be encrypted... But then how secure is that encryption? If this was a military only device where encryption is relied upon using their crypto devices and keytapes...then this thing could be robust. Once out into the civilian sector, they won't have the same level of encryption.
What happens if I've got two conference rooms in the same building, both needing access, but both belonging to a different company? Will both companies look the same w/regards to GPS crypto?
What's the "threshold" that the GPS system will accept as being "close enough"? Here's something to try...this assumes a GPS without the secret crypto keys loaded to get the "best" position. Start up a gps and keep logging the position that it thinks its at. This position will change ever so slightly over time. Reboot the GPS, compare the position on reboot...it will be a little bit different...(depending on how precise you want those co-ordinates)
My point is that there will have to be some "slop" allowed...some noise level that will need to be allowed into the system.
These are the things that could be used to exploit it.
-jim
Rig a signal that LOOKS like the coordinates of the correct location and you'll fool the thing into thinking it's in the correct room. Really this is like having 3D cartesian coordinates as the decryption password. Big yawn.
Eat at Joe's.
It was around 100 meters in any direction from your current location. And yes, it was by the U.S. government to prevent people from bombing the White House.
Why not just jam the GPS signal in the no-fly zone surrounding the white house?
I have just developed the best copyright protection scheme, and I hereby lay exclusive claim to it. My patent application is hitting the office today, so that no one can steal it.
DNA-based decryption. This outdoes the GPS protection by leagues: you'll actually be able to use your copyright licensed material whereever you are in person, rather than being restricted to one location.
Hah! I'm gonna be sooooo g.d. rich!
--
Don't like it? Respond with words, not karma.
If you read her (not particularly technical) 1996 article, it seems that the real core of the security is precisely in the imprecision generated by the satellites:
The location signature is virtually impossible to forge at the required
accuracy. This is because the GPS observations at any given time are
essentially unpredictable to high precision due to subtle satellite
orbit perturbations, which are unknowable in real-time, and intentional
signal instabilities (dithering) imposed by the U.S. Department of
Defense selective availability (SA) security policy. Further, because a
signature is invalid after five milliseconds, the attacker cannot spoof
the location by replaying an intercepted signature, particularly when it
is bound to the message (e.g., through a checksum or digital signature).
Continuous authentication provides further protection against such
attacks.
In other words, they're using differential GPS to suck out the government-applied random numbers in the civilian signal and using that as the basis for crypto.
In other other words, they're just piggybacking on whatever cryptosystem the government used for obfuscating GPS signals. One which applied when the article was written but no longer holds. So it's geographically limited, and has geolocation as a side effect, but it's not the core of the cryptosystem.
So once all media is constrained by GPS coordinates, the US gov't could selectively deny unfavored nations access to GPS data, rendering all their DVDs, CDs and eBooks useless?
Sound unlikely? It's interesting that the US is pressuring Europe to shelve its own GPS system.
Domination through media denial: "You want your mTV? Meet our demands."
Kevin Fox
there are no long-range missiles that make use of radar. However, many of the short-range missiles make use of doppler.
They only removed the restriction when the U.S. military proved that it could completely jam GPS in a geographical area. That's one of the reasons that the EU is looking into their own system.
This same idea is used in Greg Egan's SF novel
'Distress', published in June 1997.
Yes, it's the same Dorothy Denning. She was the person who did the initial "Trial Balloon" push for key escrow, and when the NSA's Clipper Chip came out, she led the whitewash study team that published the initial "Yes, Skipjack appears strong" preliminary study and never did publish the "Is The Whole Clipper System Strong, Secure, Easy/Hard to Abuse" study that they were ostensibly tasked to do. It was an intellectually dishonest charade designed to provide PR for the FBI's system by saying "See, the Front Door is made of Very Strong Material, Pay No Attention To The Back Door Flapping Open In The Breeze with the big 'Cops Only' Neon Sign Or the Lack Of Hinge Pins on the Front Door."
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
What happens when the GPS unit doesn't get a lock on? Cell phones usually do not get a signal inside the big metal building where I work. I think it extremely unlikely that a GPS unit would be able to receive the five (?) different satellites needed for a lock. So does this scheme mean:
;-)
1) That locations like this are permanently locked out? There are going to be some extremely unhappy customers...
2) That if the GPS can't get a lock, it goes ahead and works anyhow? Aluminum foil will become a circumvention device...
Oh great! Now I can purchase software that only works in my mailbox. If I take it five hundred feet away to my residence it won't work because it's too far away.
A Government Is a Body of People, Usually Notably Ungoverned
The output from a standard GPS'es is plain ASCII. This is to be compatible with published NMEA standards. I copied the GPS output to disk once using a terminal program to fight a speeding ticket. I took records of several runs pacing traffic to court. I showed the runs on a map and marked the top bottom and average speed along several places including the ticket location. I took printouts of the raw data so if argued, it could be checked in court. That couldn't have been done with a propritory interface. The officers agreed with my results with no argurment. The did not dispute my findings. The judge was impressed with my work. I had traveled and was ticketed at slower than the average speed 4 weeks after the speed trap (photo radar) that slowed everyone down. I was able to prove the average speed of the slowest traffic after the slowdown (I passed nobody on these runs therby catching and pacing the slowest person) was more than my ticketed speed. In 4 runs I found someone under 55 in the 45 once 4 weeks after the speed trap. I let the Judge know ECM (radar detector) will be added to fight the highway robery, not to get away with speeding. The ticket was not for driving erraticaly or passing anyone. (Think slow driver in right lane getting the ticket for speeding. Photo radar does that. 56 in a 45 zone 500ft past the change from 55.) I got a ticket because my photo came out un-obscured. (thank God for open GPS interface standards!)
There is one exception to open standard NMEA output GPS receivers I know about. The Delorme unit. (the cheap one without a display) It is propritory. Avoid it unless you only plan on using it with maps from Delorme. Their map software will accept NMEA, but their reciever will not output it. It's like a MS trick. You can use our hardware, but it works only with our software. Our software will work with your hardware. Sound familiar? That kept me from buying their hardware. I use my (NMEA standard) GPS with Wildflower (now National Geographic) maps and Chicago Maps software as well as a map selection from Delorme. I would have hated a single source closed propritory solution here. It simply would not have met my needs.
The truth shall set you free!
This system as described in her paper uses two non-standard GPS receivers, one in the server and one in the client. These GPS receivers are used for client authentication by challenging the client to produce a signature that correctly locates the client to an authorized location and local time within a specified time frame.
The signature is only valid for a 5ms period and corresponds to actual locations of GPS satellites as currently measured by the server.
1) Server asks: at this GPS time marker, two seconds from now, tell me where you are.
2) Client and server wait for the GPS clocks to get to the specified point.
3) Client measures GPS satellite delays, calculates it's position at that moment, builds signature packet (think something like MD-5 digest for this step).
4) Server measures GPS satellite delays at that same moment and waits for the Client response.
5) Client transmits signature.
6) Server receives signature, reads out the location as calculated by the client as well as the digest, applies it's own measurements to the calculated location and verifies the digest was based on actual GPS satellite locations.
7) Server begins transmission of requested stream.
This defeats the faraday cage model unless your system is monitoring the GPS constellation and precise enough to replicate their actual locations within the time frame required for signature production and transmission. This is possible, but the parameters are intentionally chosen to defeat this attack and it's likely they can be improved as the tech gets better. All that's needed is that the valid stays ahead of the hackers.
There's simply no way to plug your GPS receiver simulator into the client and spoof it that way because the inputs needed by the client to produce its signature are the calculated GPS satellite delays, not the actual location provided by "normal" GPS with a NEMA serial interface. You're back to the faraday cage hack, which is probably very expensive.
Since the goal of security is to make it more expensive to acquire the information than it is worth, the approach here seems sound.
The encryption used to conceal the stream payload is the same highly effective encryption that everyone else is using and is vulnerable to the same attacks. Assume it's 4096-bit RSA covering 128-bit IDEA or better. The stream is "secure".
IANASE (security expert), but I do develop network security products for a living...
Regards, Ross
This one is going to be fun to crack! I love it when the ENTIRE WORLD can join together to solve a technical puzzle like this. Her scheme assumes that I am willing to buy this hardware and use the formats that she recommends. Well fuck her! I'm going to use different formats and different hardware. There has never yet been an "uncrackable" encryption scheme. At some point along the way -- it breaks down and fails. And as soon as we find that point you can kiss this mechanism goodbye! They make the shit... we crack it.
Oh yes they do use GPS. They (Tomahawk) also use what is known as a DSMAC ( Digital Scene Matching Area Corellator), but definitely GPS is in use.
Note however, that the update rate of GPS is low, so that as speed increases, you need something else -- missiles have inertial guidance packages that use the GPS data to periodically "sync" their estimated location (from the speed/altitude/acceleration data of the inertial guidance unit) with the GPS data.
As you've noted, if accuracy is key (and most of the time it is -- but not for Tomahawk, which is subsonic (read: easier to guide with GPS) and carries a *big* warhead)), then you need something for terminal guidance: lasers, IR, millimeter wave, ladar, whatever.
This idea has serious flaws which may undermine the security of the encryption.
If an attacker has some idea of where the location is the GPS data will unlock, he can test the data agaist a range around that location. Given a GPS resolution of about 10 meters, there are 10,000 possible values per square kilometer. Testing a block of data against an area 10 kilometers on a side gives only a million possible permutations; child's play for modern computers. 100 kilometers on a side is 100 million permutations.
I've thought of similar ideas but isn't it a little bit frivilous to reprogam 1000 routers to deposit my favorite *sections* of 'Debbie Duz Dallas?'
10 paces toward the old oak tree, 40 paces due north.... and thar treasure be!
The biggest trick the devil pulled was letting lawyers become politicians so they can write the laws.
Interesting article, when it doesn't mention a couple other patents that are specific about using GPS for decrypting data, with satellite TV mentioned specifically!
Look at these patents
5,640,452 ( July 1997 ) Location-sensitive decryption of an encrypted message
6,317,500 ( November 2001 ) Method and apparatus for location-sensitive decryption of an encrypted signal.
These look more on the mark for protecting movies, video, whatever...
decode the red & yellow warning from the F B I
& decode it. Generate growth sequences for
your keying variables.
Sounds like the variables don't
actually serve any purpose in the coding only authenicating the
use of those codes.Why not just bypas the
authenticator straight to the decoder.
You mention a single source of jamming could be blocked out quite easily and that an isolated environment plus simulated constellation must be set up to trick a receiver. How does GPS test equipment work then? Are antennae set up around the receiver?
This also raises the question of whether a GPS receiver has multiple antennas that are out of phase with each other. This is the only way I can see the receiver being dependent on and knowing satellite positions(angles mainly) relative it itself, independant of the data stream. I suppose accurate distance could be figured by timing differences between the signals.
If this is the case, I could see the unit cancelling input at the antennas receiving the strongest signals from the flawed source, as you said a receiver is capable of.
I had always figured each satellite identifies itself somewhere in the stream and that the receiver knows where satellite X is relative to Y, because they are in a regular orbit. That was a pretty uneducated guess. I still don't understand how GPS can pinpoint someone on land unless it is known exactly where at least one satellite is relative to the ground. Is that in the signal? Where can I do more reading?
provided someone managed to break the tamperproofing (which Bruce Schneier has pointed out is really a matter of money and time), decrypting the message would implicitly give the MitM the location of the intended recipient. Provided the message could be cracked fairly quickly, this could seriously compromise the safety of the recipients, were the device to be used in a combat situation.
Here are some links to help out with gps:
(nothing to cosmic, I just did a google search)
Nulling Antennas:
Navy
Mayflower
Owego
How GPS Works
Info about L1, L2, p-code, etc
Some info on GPS NMEA sentences
-jim
GPS signals simply do not work indoors, how do they expect to get around that? Even outdoors in some locations witout a good view of the sky, and with large reflecting surfaces, ie. downtown, ther can be huge errors.
If this technology is successful, towns, counties, and other such municipalities could block playback of naughty material they deem "obscene".
And then one day we'll read a newspaper article about some poor bastard getting arrested for transporting a DVD across state lines for purposes of indencency with himself.
Ergonomica Auctorita Illico!
There was an article some while back along similar lines, and I posted a comment about how you could use the LAT/Long as a key and then give someone a clue like "read this where I cut my foot when I was 7" ...
Knew I should have applied for patent!
meh
http://slashdot.org/comments.pl?sid=26576&cid=2874 468
meh
You realize you could be violating the DMCA by saying that?
Maybe we should add a new moderation:
(+1, Illegal).
;)
Just because it CAN be done, doesn't mean it should!