Authentication Via Geographical Location?

RudeDude asks: " While reading Cryptonomicon I became a bit paranoid about encryption and digital signatures but it has me thinking a bit as well. I'm trying to visualize a way to prove my physical location in a cryptographically strong way and I can't think of one. My digital signature proves who I am, but wouldn't it be nice if I could also give proof of my physical location at a given time stamp? I've thought of only a few things that would be very hardware dependent, etc. but what I really think would be cool would be something that is as strong as digital signatures. Some sort of GPS/MD5 signature that a third party could confirm so that it would be impossible to spoof my location. " This question has been asked a bit by people looking to restrict services to various countries, but currently one can't be sure if the IP a person is using is really the location from which the connection is being made. Would a system like the one described above be a possible answer?

"This is mostly just a thought experiment, but I am curious to see what other Slashdot readers could maybe dream up. In my opinion (and I'm sure many others as well) my current meatspace coordinates usually mean much less than my network 'location' does, but I can think of many times where proving my meatspace location could be just as important as proof of identity."

GPS becomes mandatory in USA for mobile phones

[by Anonymous Coward]

As I am reading this thread, I just returned from a job interview at a company that manufactures GPS receiver chips and learned that a new FCC regulation will require all new mobile phones released on the market starting in January 2001 to have onboard GPS.

The interviewer would not go into details as to which purpose the FCC hopes to achieve (find wounded hunters lost in the middle of nowhere in an emergency situation, or make localization of mobile-savvy criminals easier) but it sure looks like Big Brother is watching us.

Re:GPS

[Elvii (428)]

Correct me if i'm wrong but current handhelp GPS technology does not allow you to determine your exact position due to military restrictions. This is accomplished by not giving the real algorithm that the GPS satelites run off of but a inexact version thereof.

No problem. It's not a different algorithm, but not giving an exact timing. It was called SA (Selective Availibity) and it basiclly made the time recieved from the sats a bit random. Seeing as the sats/reciever depend on timing to get position, IIRC, you had up to 100m epe (estimated position error) on a civilian gps unit. Two ways to bypass this: Get a differintal GPS, basicly two recievers in one unit, and average your location, so to speak. Or get the encrypted miliary band, via military reciever, which broadcasts the corrections to cancel out SA.

BTW, SA has been off for the better part of this year, so my handheld garmin gets accuracy near that of a military handheld unit. Thou differential units found in aircraft are still more accurate. :)

bash: ispell: command not found

Re:But...

[cduffy (652)]

Such a situation needs to be safe not only against spoofs, but also permit the owner to prove that he didn't do a spoof himself.

Let's say that I'm accused of an armed robbery which occured while I'm on a hunting trip (this really happened to a friend of mine). To have a system intended to prove my location which were usable as a defense, it would have to be proof against my own spoofing.

As a result, it would be more effective to have a system with two-way communication (thus utterly unlike GPS) which permits a user to request that their position and some arbitrary data (eg. biometrics, signed by the user's key, recovered from the user to demonstrate that they're with their equipment) be returned with the digital signature of the verifying service. Such a token would demonstrate the position of my equipment (via the reading) and my presence (via the biometrics... yeah, I know this is shaky... I hate biometrics too). A timestamp should also go inside the service-verified info.

Though I haven't had 'nuff sleep lately to really think something like this through seriously, that should work. Main issues is that it requires two-way communication, and a replacement of the current GPS system (perhaps w/ towers doing triangulation if it only needs to be used inside a fairly small area; otherwise larger/heavier/more expensive equipment is needed).

Misconception

[RudeDude (672)]

I am seeing a lot of misconception here about what my thought experiment implies.

I am most definatley NOT talking about a proof of location that is broadcast without user control. I'm talking about a voluntary "location signature" type technology. (For example I do not have to use digital signatures at all times and I can produce an "anonymous" one as needed to hide my own identity.)

I've also had the suggestion from someone else in the office that a third party signature of time stamps would be handy. For example, instead of having certified postal mail sent back to myself to prove my patent is pre-dated, perhaps there could be a way to get a third party time stamp included in my digital signature.

Just more fun thoughts. :)
---
Don Rude - AKA - RudeDude

I can think of other uses...

[Paul Crowley (837)]

...for Jon Katz's ICBM coordinates.
--

Re:Mobile computing?

[Jon Peterson (1443)]

I know of a bank that once looked at a GPS based security system. The problem was that different countries have different laws on data protection, so it was important that the laptops of it's employees couldn't do certain things (or release certain informatiom) in countries with restrictive (or 'good' as I think of it) data protection laws. Such as the UK.

So, the laptops were fitted with PCMCIA GPS cards, and these were integrated with some of the apps on the laptops. The employee couldn't access some things if they were in the wrong country.

I'm not sure if the project was ever widely released or seen as practical. Obviously it relies on not being able to hack the GPS card, and not getting administrator/root access to the machine.

GPS, fun as it is, is limited. The GPS system is passive and cannot determine the location of GPS devices - unlike, say, the mobile GSM system that CAN determine where mobile phone devices are. Rather, the GPS receiver devices can determine the location of the GPS satellites, and then compute their own location from that data. That makes it rather less useful for proving the location of a GPS receiver.

Also, in my experience of GPS, which is quite good, it is utterly useless at determining altitude. But maybe I've been unlucky with handsets :-)

an idea

[Tumbleweed (3706)]

Okay, each location that has to be able to authenticate you can combine a GPS with biometric security & an atomic-clock-syncronized timestamp. You put whatever bodypart needs to be authenticated (or multiple ones), the thing recognizes you. Then it checks the GPS location & combines that with the verified time. Voila. The information can then be transmitted security to wherever it needs to be via encrypted means.

Re:But...

[ocie (6659)]

A simple solution might be the following. The GPS satellites each send out their own version of the time, and the GPS receiver compares this to its time to determine its position relative to the satellites. What you could do is have each satellite periodically (once a minute?) send their time with a digital signature. You can then use the GPS company's public key to demonstrate that you have data from a GPS unit that was at a given location at a given time. Of course as the previous poster pointed out, you still have to prove that you were also at the same location as the GPS unit.

Re:Fringe benefits for various internet sites

[Jose (15075)]

Currently they can't do it for fear of being sued in areas where gambling is illegal.

why should they be afraid? There has been numerous cases where people in countries that don't have any anti-cracking laws couldn't be touched by US laws for crimes they committed in the US...why should it be different the other way around?

Gambling is legal in North America..the only catch I can see is making sure that the gambler is 18 (or 21 or what ever).

IPs allocated on regional basis...

[maroberts (15852)]

..I believe IP allocation is to a certain extent on a regional basis, so it shoulkd be possible to prove that at least you are on the right continent.

Similarly ISPs are allocated a pool of IP addresses, so when you connect it is highly probable you can be located down to country or even local level, unless you indulge in a little spoofing.

Hell, we can't even get reliable timestamps...

[DiningPhilosopher (17036)]

The author mentioned timestamps, but timestamps have all of the same problems GPS data have.

When you create a signature with a timestamp, where does the time come from? If you're using only software, the timestamp is probably coming from the operating system, which thinks the time is whatever you tell it it is. It's not especially hard to generate an incorrect timestamp.

So in both cases we have to rely on trusted hardware, which is always a tricky thing. Even if I have a hardware device which includes a clock as well as the ability to store keys and generate timestamps, I still have to trust that all of the code involved is bug-free and the clock is correct. And it's easy to make sure the clock is correct only if you assume a few different parties can be trusted.

So sure, you can make a GPS receiver that signs and timestamps its data. But you have to trust everything inside the box, you have to trust the people who created the firmware, and you have to trust that the box can't be modified. Even the most secure hardware devices are subject to attacks. And this doesn't even address the question of where the GPS signal itself might bve coming from...

I think this is doable

[Mr T (21709)]

GPS won't cut it though, there is no trust, you could pick a location at random, encrypt it and say you were there.. Now I can think of two ways to do this.

• You could start building trusted GPS recievers than authenticate their results. When you read a location you are also given a signature from the machine.

  I believe this is the proper way to do it in a military setting where you can serialize each device, hand create and install encrpytion and authentication keys. It's not entirely useful in the general sense because after you sell a million trusted GPS devices people could start doing fraudulent things like buying two, leaving one in a particular place, having their friend read the numbers off of it to you over the phone and then let you report that you're in a place where you're not. Plus you still have to hand create each GPS reciever to keep it trusted..

• The other idea I can think of that might be possible without making too many serious changes to the system would be to send encrypted and timestamped streams of GPS data from the satellites with random tokens added. Then when a person wants to claim that are at a given location they could sign/authenticate the data given by the GPS to show that they are who they say and that data could include the raw transmition from the satellite which was used to triangulate their location. Then if you know the what stream were transmitted or have access to a trusted third party who does (the DoD?) then you can verify that they are where they say and that the tokens they used to claim that location match the ones you broadcasted. Of course this only works if GPS is a closed system because I could still intercept the same satellite transmition streams from some other location and if I knew how to massage the data correctly I could string the streams together to make it look like I was in a different place. It may be mathematically possible to come up with a scheme this way that works.

  I'm thinking that it would be partially realtime though. Like this. Billy claims he is at 40NX105W and send you a stream of bits sent to him by a set of satellites. Susie examines his signature and believes that he is Billy then she examines the data and it looks like he really is where he says. To be positive Susie talks to the set of satellites Billy is in contact with and causes them to send random tokens in a random order and since she knows the order and his location she can tell what order he should recieve them in. Then Billy has some small number of milliseconds to report the series of bits he sees in the correct order to verify his location, if he has too much time he could be in a different location, recieve all the streams, reassemble them as they should be and then transmit them back so we're talking about very very small timing tolerences. Maybe you need anonymous satellites to do this.. Right now GPS knows which satellites it is talking to and can tell the difference between them.

Re:cryptographically secure witnesses?

[Robert S Gormley (24559)]

How are you to know in advance that you're going to be framed for a crime, in order to use the services? Or are you gonna dole out $32 a day (say every 15 mins, 8 hours a day) on the chance that someone might in the future?

GPS + Crypto Sig

[The Iconoclast (24795)]

So if you sent the actual data you recieve from the satillites to you whoever you want to prove to, then all that is required is that the stream from the sattilite is signed and you know the public key of the GPS satillite.

However, this does not prevent some one who is at one location sending the stream he recieves to an intermediary at a different location who will then authenticate with the first (fake) location.

There could also be a sort of small scale distributed location finding algorithim. If you have a large group of people with transmitter/receiver pairs within some distance (dependant on transmit/recieve power), you could have everyone triangulate on each other. The more people you have in your system, the more compromised units you'd have to have before you'd get spoofed results. Of course you could never be sure that the location data hasn't been spoofed, but given enough people, you could have some high confidence probability in the result. If you have a high enough density of people, you could spred the network of transmitter/recivers across the entire planet.

Now what do you folks think, should I get a patent on this? :-P

Re:Uhmmm.... Pictures ??

[SEWilco (27983)]

Here I am, in front of the Eiffel tower, holding a newspaper that says "Bush Wins!"...

Re:data driven

[SEWilco (27983)]

I invite you to the Geographical Anonymizer Project, where people are streaming their timestamped NMEA data. Pick and choose from data over the past four weeks...and if you want to participate, note that you can delay the delivery of your data by up to two hours, so others know where you were two hours ago but not now; the software in your unit will only report data from areas you designate, so you can have it turn off before you get near home.

Re:A solution of sorts

[SEWilco (27983)]

Of course, this is almost what Stoll did in "The Cuckoo's Egg". He measured network delays of the intruder and found the distance to the intruder. Unfortunately, he decided it was impossibly far and something was wrong with his measurement. It turned out that the actual location, Germany, was that distance away.

Re:digital angel

[SEWilco (27983)]

Uh... no. You're confusing two technologies. The "rice grain sized" device is a transponder which is often used on pets and racing animals. The reader is a book-sized device which can detect the device's serial number from a few inches away.

A GPS antenna is significantly larger.

Re:But...

[titus-g (38578)]

Singapore has had this for a while. very tech stuff. UK govt is sponsoring research into a GPS type system that would allow them to monitors cars positions and speeds.

Bank Shot

[BrK (39585)]

As Fiber To The Curb becomes more readily available, and our bandwidth is a "given" just like the phone and electrical lines, we'll be able to roughly pinpoint locations easier.
The edge device you connect to to access the 'Net will be registered with the Feds (this is only a matter of time). Knowing how long it takes light to travel to the closest fiber-to-copper demarc point by your house, it will be easy for the edge device and/or your PC to spit out some numbers showing what will essentially be a ping time delay. Knowing that Registered Router X serves the geographic area of Y, and you are 2.003ms away from Router X, then you must be 1.22 miles from the router. The fiber run you are on goes down Big Brother Ave, so you're 1.22 miles from the end of Big Brother Ave.
It's not a pin-pointer, but it proves that you're not on the other side of the world impersonating yourself...

Re:GPS

[BrK (39585)]

Correct me if i'm wrong but current handhelp GPS technology does not allow you to determine your exact position due to military restrictions.

You're wrong :) The inaccuracy factor in the GPS system was recently disables. ALL GPS units (within their own design limitations) are now equally accurate.

An impractical Holy Grail.

[rjh (40933)]

First, your digital signature doesn't prove anything about who you are. Rather, the people you communicate with trust that it identifies you, and trust is antithetical to proof.

As a for-instance, I've been doing a lot of transatlantic communications lately with a fellow named Roger [last name deleted]. At least, he says his name is Roger... but since I've never met him, I haven't been able to verify his identity by examining his passport, his driver's license, etc. So I just have a voice to identify, and that voice is self-identified as Roger, which is no identification at all.

Roger and I exchanged OpenPGP keys. His OpenPGP key identifies him as "Roger John Laurence [last name deleted]". But I still didn't know if this was really him or not, so we talked voice. After verifying that it was the same voice I'd talked to earlier, and he doing the same (a process no more complex than "Hey, Roger?" "Yeah, mate?"), we exchanged SHA-1 hashes of our OpenPGP keys and verified we'd received each other's keys successfully.

We still haven't verified anything.

For all I know, Roger has given a copy of his OpenPGP key and passphrase to another person, and all of my email is coming from this third person who's not Roger. And for all Roger knows, I've done the exact same thing.

Signatures can only verify identity in the case of two parties who trust each other. Trust is antithetical to proof; therefore, it's hard to say "digital signatures prove identities". They don't. They make it easier to trust, but that's not the same as proof.

Insofar as this GPS verification scheme--good luck. The likelihood of a system being subverted increases with the square of the number of people involved. How does the trusted third party ensure that both parties are reporting their location honestly? If I'm really in Cedar Rapids, Iowa (42N 42W--Cedar Rapids is the closest city I could find to the Magical Location of Life, the Universe and Everything), I can have a conspirator in Quito, Ecuador (0N, approx 55W). When the third party tells me, "Okay, verify your location according to this protocol," I can have my conspirator in Quito perform the protocol and send the result back to me; then I send the result on to Trent, the trusted arbitrator.

How is Trent to know that I've done a man-in-the-middle attack against his system? Well, it's possible that this system can be patched up to solve the man-in-the-middle problem. But those patches will themselves have attacks against them, and the entire situation quickly devolves from there.

Crypto works well with communicants who (a) want to talk to each other and (b) trust each other to apply a protocol properly. Once you take away either assumption, most crypto falls flat on its face.

Re:But...

[IggyBung (45107)]

Further, even if you could somehow tie your position and identity together, a GPS Constellation simulator [jcair.com] only costs about $250,000 USD. If it was really important to generate a fake, that's really not too high a price.

I work in the GPS business and would be interested in pursuing this a little further. If anyone has any bright ideas, let's throw a prototype together.

Re:A solution of sorts

[Peter Eckersley (66542)]

All this proves is that Bob's internet uplink is in France.

Nope. The satellite can be sure of Bob's location if he signs a reply to its message and sends it "instantly". Then only somebody with his key could be in France.

BUT... he could leave a copy of his key in France. And at this point you're right, and that is the killer for my original suggestion. Protocols which relly on secret information are broken if one of the parties doesn't want to keep it secret! We can't trust Bob not to duplicate his identity, unless his "location key" is embedded in a closed box, which is designed to self destruct if anyone breaks the seal :)

Now of course, the perfect self destructing locked box is non-existent. However, you can do pretty well with pre-written EEPROMs inside a microcontroller. Beaking one of those open and reading it would be a pain and a half; add a few anti-tamper measures, and it gets really evil. If you were completely paranoid, you could add an "expiry date" so that you needed a new chip each month.

Maybe I shouldn't be saying any of this, because I can think of many more evil applications of this technology than good ones.

Re:An impractical Holy Grail.

[lizrd (69275)]

If I'm really in Cedar Rapids, Iowa (42N 42W--Cedar Rapids is the closest city I could find to the Magical Location of Life, the Universe and Everything)Sorry buddy, Cedar Rapids, IA is not at 42N 42W. That location [mapquest.com] is in the middle of the North Atlantic. I will however verify my location (Cedar Rapids, IA) from the output of my Magellan 310 Handheld GPS receiver:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 41 58 34N 91 57 12W -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBOgxdnbfXGCgiKZQGEQL5PgCg3hQJ0M6tred1KlkV86 IJqcQzXLIAoKhy 2PP5lm6s9Mm/iBeqv07cEYYv =LCrB -----END PGP SIGNATURE-----

If you'd like to verify that signature, my public key is posted on my user page here on /. and also on the common key servers. I can't however provide any was for you to actually verify that I correctly keyed in the location displayed on my GPS receiver, nor do you have any way of verifying that the position it reported was accurate.
_____________

Re:An impractical Holy Grail.

[lizrd (69275)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

41 58 34N 91 57 12W

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOgxeoLfXGCgiKZQGEQKVHwCeKFq+fp9CmTNOQp0o UGwrjQ21x6gAmwUB
lw5HmpKwc2AJDqzDxJtacLji
=q06U
-----END PGP SIGNATURE-----
Trying that again. Gotta remember, Preview is the one on the right.

_____________

Scary

[jonnythan (79727)]

I don't like the idea of this. Just think about it...as an earlier poster commented, it becomes possible for say France to block certain Englishmen, or Afghanistan to block Russians. The wonderful thing about the net is anonymity, and once we decide to give our exact location every time we get on a web site, that is totally lost.

I'd rather keep it so that no one really knows where I'm from online, unless I tell them (and don't lie).

Re:A solution of sorts

[JDisk (82627)]

GPS isn't really enough. You need to have something which you couldn't have had if you were anywhere else. Satellites could give you this, but only if they beamed different, cryptographically secure,messages in different directions. [...]Of course, Bob could just have a tranceiver in France

That problem can be (theoretically) solved with a very exact clock and an (almost) direct link. The satellite sends an encrypted signal containing the exact time. Bob then immediately forwards the signal. If the time difference equals (distance(Satellite,France) + distance(France,Alice))/C, (with C the speed of light), Bob cannot be using a transceiver.

Of course, in real life, switching speed and other inevitable technical delays will forbid pinpoint accuracy, but it might be good enough for guaranteeing location within a couple of miles.

Re:IPs allocated on regional basis...

[shabble (90296)]

Similarly ISPs are allocated a pool of IP addresses, so when you connect it is highly probable you can be located down to country or even local level

Unless you happen to be on AOL?

Re:Doesn't this exist already?

[Lish (95509)]

I think you misunderstood the technology used in the article you reference here. The technological problem posed by this question is completely different.

First of all, to clarify: no, Quova can NOT _pinpoint_ users in real time. They have catalogued IP addresses and correlated them with locations. If your IP is not static, or has changed since their cataloguing (sp?), their data is meaningless. Same for dial-up users, who will all appear to be in the same place (wherever the server is) even though they may be spread far and wide. Think AOL. A simple example: say I have an account with my ISP. I could be dialing in to the same number from home; or from a friend's house; or from across town; or from another state, for that matter, if I'm willing to pay long-distance charges; all of these would give an IP address that appears to be in the same location.

The main thrust of this problem is not just knowing where someone is generally, but using exact location for authentication/identification. You would need a way of verifying that the person/device is precisely where they claim to be. Knowing that a particular IP implies that they are in a certain city or even on a certain street means little in this context. Authentication requires much more precise, verifiable information than could be provided by Quova.

One case where physical loc is important...

[rongen (103161)]

Imagine a system that can accept appointment requests for you and based on rules you specify, either accept, reject, or notify you of this appointment request. This sounds great, right: agent based appointment scheduling. Might save everyone a lot of time, etc.

Okay, pretend you want to build this system. If your agent wants to schedule you (or you do it yourself) for an appointment at 2:30 and you are currently engaged until about 2:15 it may only be a good idea to schedule this if the travel time is less than 15 minutes.

Now you could specify a "map" of your normal stomping grounds and the distances between some of them, and let the computer do the math, but this is limiting and requires "thought". If all the little networked devices involved in all this scheduling know thier co-ords (either stored, accessed from a database, or by GPS) the whole problem becomes easier. You enter some upper/lower bounds for travel times (over some set ranges) and the whole system becomes more more general.

Finally, one of the best reasons to have security and encryption is so people can prove they are who they say they are... If you build geographics into the authentication this may be useful but wouldn't it be easy to spoof the location? The input has to come from somewhere...

--8<--

GPS

[AoT (107216)]

Correct me if i'm wrong but current handhelp GPS technology does not allow you to determine your exact position due to military restrictions. This is accomplished by not giving the real algorithm that the GPS satelites run off of but a inexact version thereof. If this is true then whoever controls the GPS sattelites(US govt. i think) could alter the signals to allow a direct data stream from a GPS unit to be identified as either a true or false stream using the real algorithm through some sort of authentication server. of course it would be really scary if any govt had control of this, but hey it might work

the GPS information needs to be signed

[matthew_gream (113862)]

I am no GPS guru, but I think I know enough to do some handwaving -

My understanding is that the GPS satellites transmit timing information, and the receivers use this information (from multiple satellites) to perform a triangulation computation, and to determine a location.

What you could do is have the satellites transmit a signature along with the timing information, and this could prove that the timing information could only have come from a GPS satellite.

This means that your receiver knows that it is receiving real GPS information - however, everyone else in your immediate vicinity also receives the same information. The receiver actually carries out the computation to determine a location, so therefore, you would need to have the receiver sign the computation - this proves that the output was computed by a legitimate process.

Then, you could sign the result with your private key - this would prove that you signed some location information.

To verify all of this, the client (who you are proving to) would verify that you signed the location information - then it could verify that the location was created by a trusted process, but verifying the signature. It could also verify the timing signals from the satellite, to verify that they were legitmate, and that your signed location information was generated within a recent period of time (to prevent a replay of older information).

How does that sound ? Other technologies - differential GPS may blur this, and perhaps a GPS guru could comment on the above.

Re:But...

[ssimpson (133662)]

Your detail is fine, but to protect against malicious users, the GPS data needs to be signed by the "GPS server" [1] to prevent the user from simply changing the GPS location data to another value. In this instance and MD5 isn't sufficient: the user could simply substitute the MD5 for another known value.

Oh, the GPS data will also need to be timestamped - this prevents replay attacks.

[1]Either the data from the satelite could be signed in some way I guess, or the GPS decoder could be a "trusted host".

Time coded satellite based challenge-reply

[gregor_b_dramkin (137110)]

Here's the idea. I believe it's provable given a few assumptions; like Einstein was right, f'rinstance.

A network of satellites constantly transmit time-coded challenges.

The land based receiver grabs at least three of these challenges at the same time, combines them, signs them with the user's private key and sends them back up to the sky. By using the time difference and the speed of light, the receiving satellite can verify that the private key is within a certain distance from the receiving satellite. Verifying that the private key is the same place as the user is a bit more difficult, but we have to start somewhere.

The actual precision with which this method could pinpoint the user would depend upon the speed of computation.

If specialized hardware could perform the capture, signing and transmission in 10 microseconds, then the position of the signer could be pinpointed to within 3e8 * 1e-5 / 2 = 1.5 kilometers. (Speed of light in m/s times the number of seconds equals the time it would take to transmit the signal to somewere else and back)

Assumptions:
* User alone maintains control of their private key. (This is a biggie. A user could give the signing device to an accomplice and send them off somewhere. )
* Tamper proof, time-synchronized satellites (this is fairly safe now, but for how long?).
* No information travels faster than the speed of light in a vacuum. (I believe work has been done with connected quantum spins that already threatens this assumption.)

Base it on a SecurID-type model?

[The Dodger (10689)]

Hmmmmmmmmm... How about a gadget that combines a GPS receiver with a SecurID-style method of embedding your physical location, along with your digital signature, into a string of numbers.

The idea is, you're doing whatever you're doing, wherever in the world, on whatever computer. Let's say you're logging into something - you just use the Gadget the same way as we use SecurID cards/fobs today - tap in the string of digits that appears on the screen. Actually, it would have to be longer than six digits. Perhaps using Hexadecimal would be better, although that would mean that the Gadget would need a better display... Well, most GPS receivers I've seen are capable of displaying text anyway.

Anyway, if you do that, the equivalent of the ACE Server (the server that authenticates SecurID users) at the other end can authenticate you and determine where you are.

Only problem is I can't figure out how to make this an open system, without opening it to abuse, in the same way that if we all knew what algorithm RSA use for SecurID, we'd be able to come up with the 6-digit code, simply by knowing a fob's serial number.

Also, how to use it to digitally sign emails...

Hmmmmm... Further thought required.

D.

Re:But...

[SEWilco (27983)]

Let's see.. the induction charger in my bed was working, so my battery is charged. When I step by the window, my phone chirped in my ear to tell me the GPS unit and the phone are working. I just need to polish the webcam lens in my forehead, and I'll be ready to step out in Public where I have nothing to hide. I sure am not going to be like that sap last week that couldn't prove that he wasn't at the bar robbery...

Impossible in the general case

[DrZircon (28779)]

A simple hardware solution is not enough - the hardware needs to be permanently fixed to the same location as the person (i.e. physically embedded and all that that implies) and needs to be non-spoofable. Embedded solutions present the rather daunting prospect of spoofers removing the apparatus.... (Think Leila in Futurama and her job chip)

The only other way to achieve position guarantees would involve trusted 3rd parties (postion escrow anyone?) and we all know how much we trust those kinds of solutions! (Unless we are talking about people who are detained at the government's pleasure)

Doesn't this exist already?

[edibleplastic (98111)]

At least in theory? Unless I misread/misunderstood this article/question, Quova can pinpoint the geographic location of Internet users [slashdot.org] in real time. Would this be what is needed?

Of course then you'd have to deal with spoofing...

Re:But...

[DrWiggy (143807)]

Errmm.... surely if his GPS data is encrypted with his private key then isn't that enough to "prove" that at least he believes that his GPS is with him?

The problem here is dealing with the GPS data. You basically have to prove that the data has come a GPS receiver that has been unmodified. There is nothing stopping me fixing the stream of GPS data to the application signing it, to make it look as though I was anywhere in the world. Therefore there are several areas you have to lock down to make sure that this data is authenticable:

1. The position determined by the GPS receiver is accurate, and can not be manipulated by somebody with a small transceiver nearby convincing the GPS receiver that you are located somewhere else. On a 3 or 4 satellite track, you may not be able to move youself very far, but in the US you could probably "cross" a state boundary, and in Europe you could probably mangle things around to move across country borders.

2. Once you can be sure that the data being received by the GPS receiver is genuine, you have to get it into the PC untampered. What's more, it has to make it all the way to being signed without being vulnerable to tampering at any point. If the longitude and latitude is stored somewhere in memory location 'X' just before being signed, I could conceivably tamper with it.

3. You then of course have to sign it, and then ensure that this mechanism is strong and that it can't be manipulated either at this stage or further along the transmission.

The problem really is that signing the location is the wrong approach - you have both your private and public key, and you can sign *ANYTHING* you want to authenticate it as belonging to you, but in actual fact, you need the GPS receiver to store the private/public pair and not divulge it to anybody else. How then, do you stop people tampering with the receiver?

Thinking about it, I think that may be the best approach - the GPS does the crypto internally, and you build measures to ensure that it can't be tampered with. Even then, you still have to make sure you're talking to a real GPS receiver etc. so challenge/response stuff may have to be added in. Nasty.

The future is here

[CaptainZapp (182233)]

Actually that works pretty well with GSM phones (and probably other standards too).

The SIM is your encrypted device. To activate it you need a PIN, which could be considered your digital signature and presto:

The location of Your SIM is trackable within a couple 100 yards or so.

The problem of course is, that the location is attached to the device. Nobody prevents you from sticking it under a car and pretend that you went all the way from Malmoe to Lissabon.

That's probably also the most tricky issue with your question:

How can you make a position dependant signature device independant, or at least (if you use a device) make it non-functional if you're not physically there.

Pseudo-random data stream?

[AlphaOne (209575)]

Since GPS uses pseudo-random data streams, couldn't you prove your position at a particular time by somehow inserting the timestamp data from the four satellites you're talking to into the digital signature?

Or would that be easily faked?

I'm not a GPS expert, so I don't really know for certain.

-C
--

Re:Location Authenticator?

[billybob2001 (234675)]

How about having to provide a DNA sample?

Extremely easy when surfing pr0n.

Re:But...

[henley (29988)]

Errmm.... surely if his GPS data is encrypted with his private key then isn't that enough to "prove" that at least he believes that his GPS is with him?

The chain of trust is therefore:

• Exchange public keys
• Validate trust in public keys (as per normal)
• Owner validates trust in GPS location
• Owner encrypts / signs position information packet from GPS with private key
• Receiver party validates postion against public key

At the end of this exchange, the receiver trusts that the owner believes s/he's in the position exchanged between them.

This doesn't cover the case that the authentic Owner is trying to spoof his location, but I don't believe that was the question - which I read as "How can I prevent someone masquarading as me from a remote location at a given time?"

But...

[komet (36303)]

even if you could prove that your GPS receiver was at position X at time T, how would you prove that YOU were also there? Unless it's implanted under your skin...

Of course, it really depends what you want to do. In Switzerland, devices are being installed into trucks which register position and time in order to collect road taxes. The device is attached to the vehicle and tampering with the fixing will probably get you a heavy fine.

Re:Pseudo-random data stream?

[HuskyDog (143220)]

Some of my colleagues here at the British MOD have a GPS simulator which they use for various navigation research tasks. Basically you connect your GPS receiver antenna input to this box of tricks, then type a lat/lon, date and time into the simulator and voila!

So, the bottom line is that anything that relies on GPS data can be faked. Obviously these simulators are expensive, but I presume that the GPS receiver manufacturers all have them, so there most be quite a few in the world.

Mobile computing?

[Engmir (152832)]

Come on, this cant' be a serious idea. With the increase in mobile computing, you can't expect anyone to have his/her computer in a fixed place... Besides you can use a proxy that's not in the same location as you are, so that won't prove your identity either...

Fringe benefits for various internet sites

[Brento (26177)]

The internet gambling industry has been looking for something like this for quite a while. If people can prove they're inside physical areas that are allowed to gamble, suddenly internet gambling is wide open for companies like Harrah's and Caesar's to take on. Currently they can't do it for fear of being sued in areas where gambling is illegal.

The drawback: pr0n users in the bible belt would be suddenly unable to hit their favorite sites. Site operators would restrict content to areas where they could be certain of legalities.

And even worse, Amazon could now target prices based on the economy of your neighborhood.

A solution of sorts

[Peter Eckersley (66542)]

GPS isn't really enough. You need to have something which you couldn't have had if you were anywhere else. Satellites could give you this, but only if they beamed different, cryptographically secure, messages in different directions.

The simplest example would be an "authentication satellite", where Jane asks the satellite,

"is Bob really in France?"

...Satellite sends encrypted message for Bob in the direction of France...

If Bob knows the contents of the message, he's in France.

Of course, Bob could just have a tranceiver in France.... so.... quantum encrypt it in a single photon :). Single photon quantum encyption is nearly good enough for Earth-satellite links, IIRC.

None of this fixes the "problem" (is it really a bad thing?) mentioned elsewhere in this discussion, that physical devices and people are separable...

only on slashdot

[nomadic (141991)]

So we go from people complaining that new technology can be used to track them to complaining that new technology can't be used to track them.
--