Slashdot Mirror
Geo-Encryption: Global Copyright Defense?
An Anonymous Coward writes: "CIO Insight has a story on the copyright-protection scheme devised by Georgetown professor Dorothy Denning. Geo-encryption uses GPS technology to keep information scrambled until it reaches a precise location anywhere in the world. Denning has started a new company, GeoCodex, to capitalize on the technology." I can't wait for the Crypto-Gram article about this one..
Armed with Denning's geo-encryption system, which she co-patented in 1998, only people in specified locations, such as movie theaters, living rooms or corporate conference rooms, would be able to unscramble the data.
This is going to make playing with the hanger-antenna on top of the TV look like nothing. "Honey, I can't watch the movie until you bring it in the living room." What's worse though...
Medical records could be sent from a doctor in Peoria for a second opinion to a doctor in Manhattan--and all without the usual worries over privacy leaks to insurers or investigators along the way.
"But doctor, I thought I *was* a Region 1 patient."
I watched C-beams glitter in the dark near the Tannhauser gate.
From a design point of view, it's simple. You have a gps, and some compuiter that will give you some data (i.e., a decription key) when the gps detects that you're at a specific position in space. The really, really hard part is making the device tamperproof.
It has not only to resist to direct attacks trying to get to the data, it also has to deal with jamming of the gps signals, or more specifically putting the device in a faraday cage and sending it signals imitating the gps satellites in the appropriate position. Too bad the article has zero information on their methods.
Oh well, let's hope a followup article by Schneier (who also considers the tamperproofing critical) will be more detailed on the technical side.
OG.
Great, that means I can't listen to my music, DVDs, use my software when I am on holidays, on a business trip or at my second home?
they can come beat the information out of me?
Perhaps I'm just really wrong (wouldn't be the first time) but do commercial GPS devices still have a small imperfection built in, along the scale of 10 meters (or was it more like 100)? I remember reading that the government did this to prevent terrorists from using GPS to pinpoint landmarks like the white house. This causes problems for some users though, such as being off by a city block or two, depending on the inaccuracy.
--Please, don't waste your moderation points knocking me down. They can be used so much more effectivly elevating a worthy poster elsewhere...
This is only how to defeat the system... I don't even mention what consumers will think of it... how would {RI,MP}AA justify licensing the material to a physical coordinates rather than a paying customer? It is not likely to work. GPS does not work inside buildings, BTW, and very few people go in a park to watch DVDs :-)
How do you store the location in the media file in such a way that it can't be changed? And how do you prevent players from being manufactured that don't look at the location?
A better question would be 'how many things can really be encoded to be used in only on location'.
An even better one is 'how obviously on an article should the date 1st April be printed in order to trick the greatest amount of people'?
Umm... the problem with this technology is that devising an interesting key isn't the problem. The problem is that people can crack the encryption scheme itself. Adding the GPS element to it makes it even easier.
I mean seriously, it sounds like all you'd need to do is run a few integers through it and eventually it'd unlock. This would be far easier than trying to decipher a key. I doubt fooling the GPS would prove all that difficult.
Maybe i'm oversimplifying the situation a bit, but it never really seemed to me like the key was the weakest link in modern encryption schemes. By localizing the key to GPS co-ordinates, you're making it far easier for somebody to know where to look.
"Derp de derp."
It was around 100 meters in any direction from your current location. And yes, it was by the U.S. government to prevent people from bombing the White House. As if a bomb big enough, off by 100 meters, would actually miss the white house.
They removed it sometime last year, I believe. With 9-11, there are rumors they may impose the restriction again, but that's assuming any primary threats have missiles capable of using GPS.
This restriction would pose little or no problem to people using it for the purposes this article describes. GPS correction is available through a "post-processing" method. You position a GPS base station at a known location. If you take samples at exactly the same time from different locations, those locations are off by exactly the same error vector. So, you simply compare the base station samples to the base station position to get the error vector, and apply this error vector to the roaming samples to get your almost-exact position.
I say almost exact because signals are disrupted by various things. Light and sound are waves; they move at a constant speed as long as the travel medium doesn't change. As a consequence, like sound, light is affected by the doppler effect. It usually isn't significant, but can throw your results off nonetheless.
Clouds, rain, snow, buildings, etc. can also affect the results, as well as the SNR (signal to noise ratio -- measures the amount of readable data to background noise). If the SNR is high, it's unlikely the results will be thrown off significantly. All these problems are virtually unavoidable unless the weather is clear, you have a high channel capacity on your GPS device (8 is usually good, I think available satellites above the horizon range from about 8-11, high on elevated terrain), and there are few if any buildings around.
You need at least n+1 satellites in reach to get nth-dimensional results. So, for planar (2d) positions (latitude/longitude, or azimuth or whatever) you need 3 satellites, and 4 for spatial (3d, 2d + a z-position, your elevation).
The more satellites, the more precise your results are. If the base station is within 500 metres away, and you have real-time correction (which would still help with climate problems), you can get sub-centimetre accuracy.
> How do you store the location in the media file in such a way that it can't be changed? How do you prevent players from being manufactured that don't look at the location.
Because it's encrypted, with the GPS location being the key, or at least part of it. So it's not like you can just ignore a location header and get at the text file: you need to pass your GPS location into a decryption algorithm that will decrypt the scrambled data into a readable file.
Of course, this can be an additional layer added onto existing methods of asymmetric encryption. As GPS units become more precise, we might even begin to have a "decryption tile" or square in bedrooms so that each resident has their own decryption key accurate to that specific square foot of space.
Someone stole your laptop? They're going to have to break into your house, steal a key to your room, and stand on your decryption square just to decrypt any of your files. Sounds like an interesting acrobatic scene for Mission Impossible 3.
"A good conspiracy is an unprovable one." -Conspiracy Theory
This is probably to try and prevent intercepting a movie on its way to the theatres. As to whether it is possible to do this effectively is another question altogether...
SSL Certificate
The Earth's surface is something like 4*pi*6378000^2 = 5e14 m^2. Assuming that the device doesn't mind a 5m error (15") and assuming that you know the elevation everywhere on Earth (or that the device doesn't care about elevation), that makes 5e12 patches of size 10mx10m to try. And if you start with the most likely country and the most populated area first, then you're likely to find the spot in the first 1/1000 of the patches you try, so that gives a few billion coordinates to try. Breakable indeed.
Cruise missiles guide[d] themselves not with GPS, but just using a machine vision systems. They compare actual land beneath them to a map stored in the missile, and generate corrections this way. Does not work well at night, but totally self-contained and jam-proof.
Besides, there are many other solutions to the "last 100 meters" problem. An infrared laser, for example, can highlight the target, and the missile locks onto the bright spot. This one is used for many years (so-called "laser-guided bombs").
So it's impossible to fake the GPS signals eh? They're not anything like a regular structured and well-understood format or anything....
I suppose faraday cage technology will be outlawed (only terrorists would want to use a faraday cage surely...)
Faking up the signals and the timing is a matter of some electronics. There is no strength here.
Snake oil. Move on people, nothing to see here....
If you know the region which the data is intended for (eg, by looking at the region code on a DVD), voila, you just feed the data into whatever algorithm transforms GPS coordinates into the decryption key.
Since GPS location is not random and is known, you can spoof the data, and not even have to do a brute force search over a random keyspace as you would with a normal cryptoscheme...
There's 10 types of people in this world, those who understand binary and those who don't.
Some juicy bites from her publications:
..My conclusion is that modern encryption is predominately a privacy
Is Encryption Speech? A Cryptographer's Perspective
enhancing technology rather than speech. Although encryption might be
regarded as a manner of speech, it is unlike other methods in that it
contributes nothing to communication.
One implication of this interpretation is that regulation of encryption
would not violate the First Amendment. Another is that restrictions on
the use of encryption could not be used as a basis for prohibiting the
use of an obscure foreign language or any other ordinary language.
Testimony Before U.S. House of Representatives, May 3, 1994.
"..The Clipper Chip and associated key escrow system is a technically
sound approach for ensuring the security and privacy of electronic
communications. Clipper's SKIPJACK encryption algorithm provides
strong cryptographic security, and the key escrow system includes
extensive safeguards to protect against unauthorized use of keys. The
more advanced chip, Capstone, further provides all the cryptographic
functionality needed for information security on the National
Information Infrastructure."
And there's even more, go and see by yourself. I'm really waiting for the comments from the cryptograhical community on this systems..
V.
Prof. Denning used to be one of the chief supporters of the government's Clipper key escrow system:
Click here to read a letter she wrote at the time.
The decryption key is in a hardware device (or in this case calculated from coordinates by the hardware device based on some other secret key). Presumably, the GPS receiver is integrated with the device so that positions can't be spoofed directly.
This leaves two avenues of attack. The first is to recover the encryption key, the second is to spoof the satellite signals. Neither one is beyond someone with adequte resources (an intelligence agency or a serious industrial pirate). But supposing they are clever enough to avoid shipping a software based decoder, it will probably work well enough to discourage casual users.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Do a google search for 'Denning GPS'.
First hit that comes up is a 1996 paper Location-based Authentication: Grounding cyberspace for better security, by Dorothy E. Denning and Peter F. MacDoran. Reading the paper, the idea looks to be that by knowing the location of a computer user one can define whether they are authorised to perform a particular action.
This makes marginal sense (if somebody who isn't in a bank office is playing with computer codes then they're probably not really permitted to play with them). However, to me this article reads like, 'Hey, if I mention copyright protection, I'll get funding'. And the whole idea reads like that - after all, for the person in the above example to perform an unauthorised action on bank accounts, they must already have broken through the protection placed around the system. Simply adding another authentication isn't going to magically fix that problem (hey, you want me to tell the system I'm in the White House? OK. It's no different to telling the system that I'm Bob, financial manager).
As for the use of said technology to control music distribution... what?!. If this woman is 'America's Cyberwarrior' then... be afraid. Very afraid. I'm sorry to say it, but whilst there are some very valid uses for GPS technology (something like HP's Cooltown project, mobile computing in general, augmented reality, etc), I don't think this is it.
On the one side, it's valid to argue that including un-spoofable - if that's a word - location data in all internet communication would help in some cases (finding malicious hackers, absolving the innocent) but given that it also destroys the whole concept of anonymity, it's plain not worth it. Location information has to be optional. This is just another step in the 'media programs phoning home'/WinXP DRM direction, and it's not a good one.
If I sound irritated, it's because I am; I have no idea what Denning's politics are or whether the spin on this story is merely unfortunate, but the article linked to in this story (somewhat unlike the paper) sounds like something the EFF will eventually find themselves fighting.
I particularly like the part of that paper marked 'privacy considerations', where they note "The use of location signatures has the potential of being used to track
the physical locations of individuals."
Their solution?
"Access to [this information] should be strictly limited." And, um, "Privacy can also be protected by using and retaining only that information which is needed for a particular application." Or you can "opt-out" of giving your information, although of course "some actions may be prohibited if location is not supplied".
You mean the MPAA/RIAA are only going to retain as much information on me as they need for marketing purposes, and I can opt out if I don't mind never listening to another RIAA-produced CD? Thank you, Denning and MacDoran.
They still haven't fixed the problem of secure GPS to computer connection. Maybe a Cue Cat style serial numbered USB GPS will be required to make it work. Each subscriber would have a GPS with a unique serial number and an encrypted output much like that favorite free barcode wand. Without protecting the GPS/PC connection A pair of old 14.4K stand alone modems (one on a cell) will take a GPS signal from your favorite movie house and send it anywhere in the world in almost real time.
Just dial it up. I could put a modem on a GPS at a subscribed location and let friends know where to dial in to connect. Internet latency would cover up transmission losses over the modem pair. Less than perfect timing would still work.
The truth shall set you free!
So once all media is constrained by GPS coordinates, the US gov't could selectively deny unfavored nations access to GPS data, rendering all their DVDs, CDs and eBooks useless?
Sound unlikely? It's interesting that the US is pressuring Europe to shelve its own GPS system.
Domination through media denial: "You want your mTV? Meet our demands."
Kevin Fox
This idea has serious flaws which may undermine the security of the encryption.
If an attacker has some idea of where the location is the GPS data will unlock, he can test the data agaist a range around that location. Given a GPS resolution of about 10 meters, there are 10,000 possible values per square kilometer. Testing a block of data against an area 10 kilometers on a side gives only a million possible permutations; child's play for modern computers. 100 kilometers on a side is 100 million permutations.
"While holding the holy laptop, standing on the sacred square, on third full moon of the year, make three clockwise circles with the mouse, then the sygil of Baalshamabeebop."
ABORT, RESUMMON, INFERNAL DAMNATION?
One line blog. I hear that they're called Twitters now.