Slashdot Mirror
Geo-Encryption: Global Copyright Defense?
An Anonymous Coward writes: "CIO Insight has a story on the copyright-protection scheme devised by Georgetown professor Dorothy Denning. Geo-encryption uses GPS technology to keep information scrambled until it reaches a precise location anywhere in the world. Denning has started a new company, GeoCodex, to capitalize on the technology." I can't wait for the Crypto-Gram article about this one..
This is a tired old idea. All you need to do to break this scheme is run a dictionary attack using all coordinates. Should take less than an hour on my desktop.
So the encryption key is some location on Earth (longitude + latitude). Either you go there, or you use hack the device and input the coordinates without moving an inch.
Well, now that's one way of not getting modded down for saying first post.
||| I still can't believe Parkay's not butter.
Methods are irrelevant. As soon as you put the receiver into a Faraday cage, you are the master of the Universe (inside of the cage). You are free to simulate as many satellites, and in as many positions as you wish, and nothing inside the device can detect your simulations, except if the real signals have a digital signature.
You don't even need to bother with a Faraday cage. Just use strong enough signals from your simulator, and they will jam the AGC inside the receiver, so that only your signals are received correctly.
Just hook the tester to the decryption unit, and voila, you can make the decryption unit think it's anywhere in the world.
Is enough of the GPS protocol published to make it feasible to create GPS simulator equipment from scratch or is the signal encrypted in such a way to make it too difficult (i.e. if some foreign government can't legally buy a GPS simulator, how hard is it to make one?). Is it even possible for the commercial simulators to really emumlate the satellites, or can the GPS unit tell the difference between a test signal and a real satellite?
This is probably to try and prevent intercepting a movie on its way to the theatres. As to whether it is possible to do this effectively is another question altogether...
SSL Certificate
Another important defect of this system is that in modern society most people live in cities, and as such the keys are not randomly distributed, but very much clustered. To find a movie key, for example, one just needs to try GPS locations of few big cities (SF, LA, NYC etc.) to hit the paydirt.
But likely, this key search won't be needed at all, because whoever posts the material on Usenet will put the necessary serialz ^W GPS code into the accompanying note. The only problem is to apply the key to get the raw contents, and that is not too difficult because all the strength of the crypto is in the key, not in the algorithm.
Obviously she hasn't been keeping tabs on how long it takes new standards (read: IPv6) to be implemented on the Internet.
True, but Denning wanted key escrow. That's enough in my opinion for her and her minions to be taken to the Hague and tried for crimes against humanity.
This is similar to computerized noise suppressors which work by continuously measuring the acoustic waves and emitting the waves of exactly the same amplitude and opposite phase. With GPS the situation is much easier since the waves to cancel are not random noise but a perfectly predictable source (after the initial measurement).
The decryption key is in a hardware device (or in this case calculated from coordinates by the hardware device based on some other secret key). Presumably, the GPS receiver is integrated with the device so that positions can't be spoofed directly.
This leaves two avenues of attack. The first is to recover the encryption key, the second is to spoof the satellite signals. Neither one is beyond someone with adequte resources (an intelligence agency or a serious industrial pirate). But supposing they are clever enough to avoid shipping a software based decoder, it will probably work well enough to discourage casual users.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Do a google search for 'Denning GPS'.
First hit that comes up is a 1996 paper Location-based Authentication: Grounding cyberspace for better security, by Dorothy E. Denning and Peter F. MacDoran. Reading the paper, the idea looks to be that by knowing the location of a computer user one can define whether they are authorised to perform a particular action.
This makes marginal sense (if somebody who isn't in a bank office is playing with computer codes then they're probably not really permitted to play with them). However, to me this article reads like, 'Hey, if I mention copyright protection, I'll get funding'. And the whole idea reads like that - after all, for the person in the above example to perform an unauthorised action on bank accounts, they must already have broken through the protection placed around the system. Simply adding another authentication isn't going to magically fix that problem (hey, you want me to tell the system I'm in the White House? OK. It's no different to telling the system that I'm Bob, financial manager).
As for the use of said technology to control music distribution... what?!. If this woman is 'America's Cyberwarrior' then... be afraid. Very afraid. I'm sorry to say it, but whilst there are some very valid uses for GPS technology (something like HP's Cooltown project, mobile computing in general, augmented reality, etc), I don't think this is it.
On the one side, it's valid to argue that including un-spoofable - if that's a word - location data in all internet communication would help in some cases (finding malicious hackers, absolving the innocent) but given that it also destroys the whole concept of anonymity, it's plain not worth it. Location information has to be optional. This is just another step in the 'media programs phoning home'/WinXP DRM direction, and it's not a good one.
If I sound irritated, it's because I am; I have no idea what Denning's politics are or whether the spin on this story is merely unfortunate, but the article linked to in this story (somewhat unlike the paper) sounds like something the EFF will eventually find themselves fighting.
I particularly like the part of that paper marked 'privacy considerations', where they note "The use of location signatures has the potential of being used to track
the physical locations of individuals."
Their solution?
"Access to [this information] should be strictly limited." And, um, "Privacy can also be protected by using and retaining only that information which is needed for a particular application." Or you can "opt-out" of giving your information, although of course "some actions may be prohibited if location is not supplied".
You mean the MPAA/RIAA are only going to retain as much information on me as they need for marketing purposes, and I can opt out if I don't mind never listening to another RIAA-produced CD? Thank you, Denning and MacDoran.
When she received evidence (not hearsay) that wiretap authority is being abused, she changed her mind quire publicly about Clipper and key escrow.
Anyone staying true to the scientific method deserves a fair critique.
Since she had access to the details of Clipper and you didn't, and she knows way more about cryptography than you do...on what basis do you claim that her conclusions about Clipper are "stupid"?
They still haven't fixed the problem of secure GPS to computer connection. Maybe a Cue Cat style serial numbered USB GPS will be required to make it work. Each subscriber would have a GPS with a unique serial number and an encrypted output much like that favorite free barcode wand. Without protecting the GPS/PC connection A pair of old 14.4K stand alone modems (one on a cell) will take a GPS signal from your favorite movie house and send it anywhere in the world in almost real time.
Just dial it up. I could put a modem on a GPS at a subscribed location and let friends know where to dial in to connect. Internet latency would cover up transmission losses over the modem pair. Less than perfect timing would still work.
The truth shall set you free!
Jamming a GPS signal is not that hard - the amount of energy received by the antenna is minimal and can easily be jammed by a source on the ground. Anti-jamming GPS antennas detect jamming and "null" out the signal for that quadrant - just think of an antenna as a pie, all sliced up - if one segment is jammed, that slice of pie's information is discarded until the jamming goes away. The amount of satellites you recieve on your omni-directional GPS antenna will probably be lowered, but at least your signal won't disappear completely. (I don't have the links handy that explain this better)
"Spoofing" the signal is much more difficult and is damn near impossible..(at least we think...) for a GPS that is getting signals from the satellite constellation. The only true way to spoof a GPS reciever would be to bring it into a closed room and set up a simulated constellation for the reciever to lock on to. Some universities have done this type of research in an effort to provide robots with a sense of location.
The GPS string that is sent out by the reciever is defined by standards and is in plain text. The RMC, GGA, VTG sentences that are output are enough to give location, altitude, ground speed, etc. To simulate actual reception, all you have to do is playback a recorded text file of a previous reception. Heck, you wouldn't even need to use a recorded file - just make a script/program to spit the data out over the com/usb port. Hence, for this to be secure... The link from the GPS to the crypto black box had better be encrypted... But then how secure is that encryption? If this was a military only device where encryption is relied upon using their crypto devices and keytapes...then this thing could be robust. Once out into the civilian sector, they won't have the same level of encryption.
What happens if I've got two conference rooms in the same building, both needing access, but both belonging to a different company? Will both companies look the same w/regards to GPS crypto?
What's the "threshold" that the GPS system will accept as being "close enough"? Here's something to try...this assumes a GPS without the secret crypto keys loaded to get the "best" position. Start up a gps and keep logging the position that it thinks its at. This position will change ever so slightly over time. Reboot the GPS, compare the position on reboot...it will be a little bit different...(depending on how precise you want those co-ordinates)
My point is that there will have to be some "slop" allowed...some noise level that will need to be allowed into the system.
These are the things that could be used to exploit it.
-jim
on what basis do you claim that her conclusions about Clipper are "stupid"?
Thinking that we'll trust the government not to misuse crypto keys is very, very stupid.
The point is that the FBI lobbied Clipper in the same way. I'm sure they knew she would say this kind of stuff before they even approached her with any of the actual details.
Also, for what it is worth, Clipper was completely bunk. Key escrow is a bogus concept anyway, but that aside, Clipper wasn't even a technically sound implementation of key escrow. They used a hash function so weak that you could erase your chips serial number, rewrite it as something random, and then collide their crappy hash to make it impossible to tell that you had tampered with the serial number. Voila, a Clipper for which they wouldn't know the key.