Geo-Encryption: Global Copyright Defense?

An Anonymous Coward writes: "CIO Insight has a story on the copyright-protection scheme devised by Georgetown professor Dorothy Denning. Geo-encryption uses GPS technology to keep information scrambled until it reaches a precise location anywhere in the world. Denning has started a new company, GeoCodex, to capitalize on the technology." I can't wait for the Crypto-Gram article about this one..

Don't bother with GPS

[October_30th]

They should use Galileo because it will be a multinational, civilian controlled system and thus not susceptible to military/intelligence community people just walking in and demanding decryption with a government issued, carte blanche, "national security" mandate.

It's all in the tamperproofing

[Olivier+Galibert]

From a design point of view, it's simple. You have a gps, and some compuiter that will give you some data (i.e., a decription key) when the gps detects that you're at a specific position in space. The really, really hard part is making the device tamperproof.

It has not only to resist to direct attacks trying to get to the data, it also has to deal with jamming of the gps signals, or more specifically putting the device in a faraday cage and sending it signals imitating the gps satellites in the appropriate position. Too bad the article has zero information on their methods.

Oh well, let's hope a followup article by Schneier (who also considers the tamperproofing critical) will be more detailed on the technical side.

OG.

Slightly offtopic: Accuracy

[FredBaxter]

Perhaps I'm just really wrong (wouldn't be the first time) but do commercial GPS devices still have a small imperfection built in, along the scale of 10 meters (or was it more like 100)? I remember reading that the government did this to prevent terrorists from using GPS to pinpoint landmarks like the white house. This causes problems for some users though, such as being off by a city block or two, depending on the inaccuracy.

--Please, don't waste your moderation points knocking me down. They can be used so much more effectivly elevating a worthy poster elsewhere...

Re:Slightly offtopic: Accuracy

[Jouster]

Yes, there are three grades of accuracy.

1. Civilian: this is what anyone can access. This was discontinued because companies were about to come out with units that compensated for the programmatic imperfections the satellites were feeding the receivers. It was accurate to within one hundred meters, and is still applied on a regional basis (for instance, Iraq still has Civilian-level GPS accuracy).
2. Military: this is now what both civilians and the general military share. It is accurate to within approximately twenty meters.
3. SpecOps: this is what the SEALs, DEVGRU and all their friends use. It is accurate to within approximately one meter.

An interesting page on accuracy and, specifically, the impact of the removal of Selective Availability, the scrambling algorithm for the old "Civilian" accuracy level, is available here, information on the SA shutdown's impact worldwide is here, and, finally, the IGEB, in charge of all this, is here.

Jouster

What a weird idea!

[tftp]

So this "cryptosystem" uses the GPS location as a key. Big deal. It's just Yet Another Key Generator. All it takes to defeat this scheme is a hack in the player, which asks "Enter GPS coordinates which came in this movie's NFO file", like serialz work. Alternatively, the unmodified player can be used, serially connected to another application that simulates the GPS receiver, asking the same question. Only if the decoder hardware is tamper-proof, then the known attacks against the key may be necessary.

This is only how to defeat the system... I don't even mention what consumers will think of it... how would {RI,MP}AA justify licensing the material to a physical coordinates rather than a paying customer? It is not likely to work. GPS does not work inside buildings, BTW, and very few people go in a park to watch DVDs :-)

How's this any better?

[NanoGator]

Umm... the problem with this technology is that devising an interesting key isn't the problem. The problem is that people can crack the encryption scheme itself. Adding the GPS element to it makes it even easier.

I mean seriously, it sounds like all you'd need to do is run a few integers through it and eventually it'd unlock. This would be far easier than trying to decipher a key. I doubt fooling the GPS would prove all that difficult.

Maybe i'm oversimplifying the situation a bit, but it never really seemed to me like the key was the weakest link in modern encryption schemes. By localizing the key to GPS co-ordinates, you're making it far easier for somebody to know where to look.

Re:That's actually a pretty cool idea.

[Anarchos]

> How do you store the location in the media file in such a way that it can't be changed? How do you prevent players from being manufactured that don't look at the location.

Because it's encrypted, with the GPS location being the key, or at least part of it. So it's not like you can just ignore a location header and get at the text file: you need to pass your GPS location into a decryption algorithm that will decrypt the scrambled data into a readable file.

Of course, this can be an additional layer added onto existing methods of asymmetric encryption. As GPS units become more precise, we might even begin to have a "decryption tile" or square in bedrooms so that each resident has their own decryption key accurate to that specific square foot of space.

Someone stole your laptop? They're going to have to break into your house, steal a key to your room, and stand on your decryption square just to decrypt any of your files. Sounds like an interesting acrobatic scene for Mission Impossible 3.

Re:Dictionary attacks

The Earth's surface is something like 4*pi*6378000^2 = 5e14 m^2. Assuming that the device doesn't mind a 5m error (15") and assuming that you know the elevation everywhere on Earth (or that the device doesn't care about elevation), that makes 5e12 patches of size 10mx10m to try. And if you start with the most likely country and the most populated area first, then you're likely to find the spot in the first 1/1000 of the patches you try, so that gives a few billion coordinates to try. Breakable indeed.

Re:Accuracy

[tftp]

With 9-11, there are rumors they may impose the restriction again, but that's assuming any primary threats have missiles capable of using GPS.

Cruise missiles guide[d] themselves not with GPS, but just using a machine vision systems. They compare actual land beneath them to a map stored in the missile, and generate corrections this way. Does not work well at night, but totally self-contained and jam-proof.

Besides, there are many other solutions to the "last 100 meters" problem. An infrared laser, for example, can highlight the target, and the missile locks onto the bright spot. This one is used for many years (so-called "laser-guided bombs").

GPS signals impossible to fake

[Llanfairpwllgwyngyll]

So it's impossible to fake the GPS signals eh? They're not anything like a regular structured and well-understood format or anything....

I suppose faraday cage technology will be outlawed (only terrorists would want to use a faraday cage surely...)

Faking up the signals and the timing is a matter of some electronics. There is no strength here.

Snake oil. Move on people, nothing to see here....

GPS location == known data

[Ryu2]

If you know the region which the data is intended for (eg, by looking at the region code on a DVD), voila, you just feed the data into whatever algorithm transforms GPS coordinates into the decryption key.

Since GPS location is not random and is known, you can spoof the data, and not even have to do a brute force search over a random keyspace as you would with a normal cryptoscheme...