Slashdot Mirror

← Back to Stories (view on slashdot.org)

Geo-Encryption: Global Copyright Defense?

Posted by chrisd on from the stay-right-where-you-are dept.

An Anonymous Coward writes: "CIO Insight has a story on the copyright-protection scheme devised by Georgetown professor Dorothy Denning. Geo-encryption uses GPS technology to keep information scrambled until it reaches a precise location anywhere in the world. Denning has started a new company, GeoCodex, to capitalize on the technology." I can't wait for the Crypto-Gram article about this one..

6 of 198 comments (clear)

  1. Re:It's all in the tamperproofing by tftp · · Score: 4, Insightful
    It has not only to resist to direct attacks trying to get to the data, it also has to deal with jamming of the gps signals, or more specifically putting the device in a faraday cage and sending it signals imitating the gps satellites in the appropriate position. Too bad the article has zero information on their methods.

    Methods are irrelevant. As soon as you put the receiver into a Faraday cage, you are the master of the Universe (inside of the cage). You are free to simulate as many satellites, and in as many positions as you wish, and nothing inside the device can detect your simulations, except if the real signals have a digital signature.

    You don't even need to bother with a Faraday cage. Just use strong enough signals from your simulator, and they will jam the AGC inside the receiver, so that only your signals are received correctly.

  2. Re:How's this any better? by tftp · · Score: 5, Insightful
    Surface of Earth is 148,326,000 sq.km., or 1.48326e+14 sq.meters. If the resolution of the GPS is 10x10 meters (100 sq. meters), the GPS can yield 1.48326e+12 keys, which is equivalent to a 40-bit key (2^40 = 1.1e+12). This is one easily breakable key. But if such a system is really used, the grid must be much rougher because of usability concerns (many households are longer/larger than 10 meters). Then the strength of the key drops significantly.

    Another important defect of this system is that in modern society most people live in cities, and as such the keys are not randomly distributed, but very much clustered. To find a movie key, for example, one just needs to try GPS locations of few big cities (SF, LA, NYC etc.) to hit the paydirt.

    But likely, this key search won't be needed at all, because whoever posts the material on Usenet will put the necessary serialz ^W GPS code into the accompanying note. The only problem is to apply the key to get the raw contents, and that is not too difficult because all the strength of the crypto is in the key, not in the algorithm.

  3. Re:It's all in the tamperproofing by Nightlight3 · · Score: 4, Insightful
    You don't really need a Faraday cage. Namely to Change EM field vector A to a desired EM field vector B you simply add a single EM field vector C=B-A to A. The superposition will produce resulting vector B. A computer driven emitter with GPS sensors could probably do all this by inputing the desired coordinates into it.


    This is similar to computerized noise suppressors which work by continuously measuring the acoustic waves and emitting the waves of exactly the same amplitude and opposite phase. With GPS the situation is much easier since the waves to cancel are not random noise but a perfectly predictable source (after the initial measurement).

  4. Not that different from DVD region encoding by hey! · · Score: 4, Insightful

    The decryption key is in a hardware device (or in this case calculated from coordinates by the hardware device based on some other secret key). Presumably, the GPS receiver is integrated with the device so that positions can't be spoofed directly.

    This leaves two avenues of attack. The first is to recover the encryption key, the second is to spoof the satellite signals. Neither one is beyond someone with adequte resources (an intelligence agency or a serious industrial pirate). But supposing they are clever enough to avoid shipping a software based decoder, it will probably work well enough to discourage casual users.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  5. Re:That's actually a pretty cool idea. by kaiidth · · Score: 5, Insightful

    Do a google search for 'Denning GPS'.

    First hit that comes up is a 1996 paper Location-based Authentication: Grounding cyberspace for better security, by Dorothy E. Denning and Peter F. MacDoran. Reading the paper, the idea looks to be that by knowing the location of a computer user one can define whether they are authorised to perform a particular action.

    This makes marginal sense (if somebody who isn't in a bank office is playing with computer codes then they're probably not really permitted to play with them). However, to me this article reads like, 'Hey, if I mention copyright protection, I'll get funding'. And the whole idea reads like that - after all, for the person in the above example to perform an unauthorised action on bank accounts, they must already have broken through the protection placed around the system. Simply adding another authentication isn't going to magically fix that problem (hey, you want me to tell the system I'm in the White House? OK. It's no different to telling the system that I'm Bob, financial manager).

    As for the use of said technology to control music distribution... what?!. If this woman is 'America's Cyberwarrior' then... be afraid. Very afraid. I'm sorry to say it, but whilst there are some very valid uses for GPS technology (something like HP's Cooltown project, mobile computing in general, augmented reality, etc), I don't think this is it.

    On the one side, it's valid to argue that including un-spoofable - if that's a word - location data in all internet communication would help in some cases (finding malicious hackers, absolving the innocent) but given that it also destroys the whole concept of anonymity, it's plain not worth it. Location information has to be optional. This is just another step in the 'media programs phoning home'/WinXP DRM direction, and it's not a good one.

    If I sound irritated, it's because I am; I have no idea what Denning's politics are or whether the spin on this story is merely unfortunate, but the article linked to in this story (somewhat unlike the paper) sounds like something the EFF will eventually find themselves fighting.

    I particularly like the part of that paper marked 'privacy considerations', where they note "The use of location signatures has the potential of being used to track
    the physical locations of individuals."

    Their solution?

    "Access to [this information] should be strictly limited." And, um, "Privacy can also be protected by using and retaining only that information which is needed for a particular application." Or you can "opt-out" of giving your information, although of course "some actions may be prohibited if location is not supplied".

    You mean the MPAA/RIAA are only going to retain as much information on me as they need for marketing purposes, and I can opt out if I don't mind never listening to another RIAA-produced CD? Thank you, Denning and MacDoran.

  6. Re:They still haven't fixed.... by Technician · · Score: 4, Insightful

    They still haven't fixed the problem of secure GPS to computer connection. Maybe a Cue Cat style serial numbered USB GPS will be required to make it work. Each subscriber would have a GPS with a unique serial number and an encrypted output much like that favorite free barcode wand. Without protecting the GPS/PC connection A pair of old 14.4K stand alone modems (one on a cell) will take a GPS signal from your favorite movie house and send it anywhere in the world in almost real time.

    Just dial it up. I could put a modem on a GPS at a subscribed location and let friends know where to dial in to connect. Internet latency would cover up transmission losses over the modem pair. Less than perfect timing would still work.

    --
    The truth shall set you free!