Geo-Encryption: Global Copyright Defense? 199
An Anonymous Coward writes: "CIO Insight has a story on the copyright-protection scheme devised by Georgetown professor Dorothy Denning. Geo-encryption uses GPS technology to keep information scrambled until it reaches a precise location anywhere in the world. Denning has started a new company, GeoCodex, to capitalize on the technology." I can't wait for the Crypto-Gram article about this one..
Dictionary attacks (Score:1, Insightful)
Re:Dictionary attacks (Score:1)
Re:Dictionary attacks (Score:3, Interesting)
That's actually a pretty cool idea. (Score:1)
If these questions aren't answered then it won't prevent even casual copying.
Re:That's actually a pretty cool idea. (Score:3, Funny)
A better question would be 'how many things can really be encoded to be used in only on location'.
An even better one is 'how obviously on an article should the date 1st April be printed in order to trick the greatest amount of people'?
Re:That's actually a pretty cool idea. (Score:2)
Regardless of AFD, most replies so far talk about technical merits of the proposed scheme, and indeed there are some. For example, there are *very many* unique coordinates on Earth, this makes the key quite long. On the other hand, the key is not very random (because most people live on land, and majority of those live in cities). So this makes for an interesting theoretical discussion, even if it is not for real.
Re:That's actually a pretty cool idea. (Score:5, Insightful)
First hit that comes up is a 1996 paper Location-based Authentication: Grounding cyberspace for better security [georgetown.edu], by Dorothy E. Denning and Peter F. MacDoran. Reading the paper, the idea looks to be that by knowing the location of a computer user one can define whether they are authorised to perform a particular action.
This makes marginal sense (if somebody who isn't in a bank office is playing with computer codes then they're probably not really permitted to play with them). However, to me this article reads like, 'Hey, if I mention copyright protection, I'll get funding'. And the whole idea reads like that - after all, for the person in the above example to perform an unauthorised action on bank accounts, they must already have broken through the protection placed around the system. Simply adding another authentication isn't going to magically fix that problem (hey, you want me to tell the system I'm in the White House? OK. It's no different to telling the system that I'm Bob, financial manager).
As for the use of said technology to control music distribution... what?!. If this woman is 'America's Cyberwarrior' then... be afraid. Very afraid. I'm sorry to say it, but whilst there are some very valid uses for GPS technology (something like HP's Cooltown [hp.com] project, mobile computing in general, augmented reality, etc), I don't think this is it.
On the one side, it's valid to argue that including un-spoofable - if that's a word - location data in all internet communication would help in some cases (finding malicious hackers, absolving the innocent) but given that it also destroys the whole concept of anonymity, it's plain not worth it. Location information has to be optional. This is just another step in the 'media programs phoning home'/WinXP DRM direction, and it's not a good one.
If I sound irritated, it's because I am; I have no idea what Denning's politics are or whether the spin on this story is merely unfortunate, but the article linked to in this story (somewhat unlike the paper) sounds like something the EFF will eventually find themselves fighting.
I particularly like the part of that paper marked 'privacy considerations', where they note "The use of location signatures has the potential of being used to track
the physical locations of individuals."
Their solution?
"Access to [this information] should be strictly limited." And, um, "Privacy can also be protected by using and retaining only that information which is needed for a particular application." Or you can "opt-out" of giving your information, although of course "some actions may be prohibited if location is not supplied".
You mean the MPAA/RIAA are only going to retain as much information on me as they need for marketing purposes, and I can opt out if I don't mind never listening to another RIAA-produced CD? Thank you, Denning and MacDoran.
Does it still work? (Score:2)
The location signature is virtually impossible to forge at the required accuracy. This is because the GPS observations at any given time are essentially unpredictable to high precision due to subtle satellite orbit perturbations, which are unknowable in real-time, and intentional signal instabilities (dithering) imposed by the U.S.
First off, the SA dithering has been turned off. Presumably that makes GPS signals much more predictable, and could easily trash this whole scheme. I also find it hard to believe that the orbital perturbations of satellites is especially random on the scale which would be measurable. Now that SA has been turned off, most of the remaining error in GPS is due to variations in the temperature and density of the atmosphere between the satellites and the receiver. Since these would often vary between the 'host' and the 'authentication server' that would create wiggle room for a malicious host to guess the right signal. I don't know if it would be possible for them to use the encrypted military signal to correct that error without having the ability to decrypt the military signal. That's an interesting problem.
The other major weakness I see is the whole idea that the signals are unknowable in real-time. Um, no. A malicious host can use a receiver to measure all the random variations exactly as the authentication server must. I just find it remarkable that anyone who appears to be as smart as Denning could expect this to work. The simple fact is that a malicious attacker will have access to all the same information that the authentication server will use to make it's decision. A hacker can measure the "error" factor in the GPS signal in the exact same manner as the authentication server. They know the equations which the authentication server will use to validate a signal. The transformations you might have to do to the received signal to change the location it represents are going to be simple linear transformations. The math behind GPS is pretty simple really.
Not to mention this little tidbit: Further, because a signature is invalid after five milliseconds, the attacker cannot spoof the location by replaying an intercepted signature. Well, that will work great for verifying people in the same building. But you're not going to verify telecommuting users who are dialing in, or using DSL, or travelling across the country. Hopefully someday we'll have a network which let's us do things reliably in less than 5ms, but don't hold your breath. Especially since you can only expect light to go about 1000km in fiber during that 5ms.
Re:That's actually a pretty cool idea. (Score:2)
So, what's to stop me from using a device driver for GPS that lies? (I'm in, umm, Hong Kong, yeah, that's that ticket!) Unless GPS has some sort of digital signature, I can't see it.
Re:That's actually a pretty cool idea. (Score:2)
What got my attention was the idea that they could tap my computer [slashdot.org] to steal my encryption key [slashdot.org], but still couldn't read my plans to take over the world [uni-duesseldorf.de] at their office. They can only be read at my office [duryea.org].
Re:That's actually a pretty cool idea. (Score:5, Interesting)
Because it's encrypted, with the GPS location being the key, or at least part of it. So it's not like you can just ignore a location header and get at the text file: you need to pass your GPS location into a decryption algorithm that will decrypt the scrambled data into a readable file.
Of course, this can be an additional layer added onto existing methods of asymmetric encryption. As GPS units become more precise, we might even begin to have a "decryption tile" or square in bedrooms so that each resident has their own decryption key accurate to that specific square foot of space.
Someone stole your laptop? They're going to have to break into your house, steal a key to your room, and stand on your decryption square just to decrypt any of your files. Sounds like an interesting acrobatic scene for Mission Impossible 3.
Re:That's actually a pretty cool idea. (Score:2, Funny)
Not to pick holes in this theory, but this will also mean
'on the move with your laptop? You're going to have to go home and stand on a postage stamp to decrypt that file you've just been sent'
I can't think of anything stupider than an 'encryption square' in your room. But I'm not trying very hard.
yeh, or (Score:2)
Re:yeh, or (Score:2)
Re:That's actually a pretty cool idea. (Score:2)
And don't go and propose something like the Digital Millenium Positioning Act, which prohibits anyone from making a GPSR without paying $X to the RIAA/MPAA.
Re:That's actually a pretty cool idea. (Score:3, Funny)
"While holding the holy laptop, standing on the sacred square, on third full moon of the year, make three clockwise circles with the mouse, then the sygil of Baalshamabeebop."
ABORT, RESUMMON, INFERNAL DAMNATION?
geocaching! (Score:1)
Good Lord (Score:4, Funny)
This is going to make playing with the hanger-antenna on top of the TV look like nothing. "Honey, I can't watch the movie until you bring it in the living room." What's worse though...
Medical records could be sent from a doctor in Peoria for a second opinion to a doctor in Manhattan--and all without the usual worries over privacy leaks to insurers or investigators along the way.
"But doctor, I thought I *was* a Region 1 patient."
Re:They still haven't fixed.... (Score:4, Insightful)
Just dial it up. I could put a modem on a GPS at a subscribed location and let friends know where to dial in to connect. Internet latency would cover up transmission losses over the modem pair. Less than perfect timing would still work.
Re:They still haven't fixed.... (Score:2)
Re:They still haven't fixed.... (Score:2)
There is one exception to open standard NMEA output GPS receivers I know about. The Delorme unit. (the cheap one without a display) It is propritory. Avoid it unless you only plan on using it with maps from Delorme. Their map software will accept NMEA, but their reciever will not output it. It's like a MS trick. You can use our hardware, but it works only with our software. Our software will work with your hardware. Sound familiar? That kept me from buying their hardware. I use my (NMEA standard) GPS with Wildflower (now National Geographic) maps and Chicago Maps software as well as a map selection from Delorme. I would have hated a single source closed propritory solution here. It simply would not have met my needs.
It's all in the tamperproofing (Score:5, Interesting)
It has not only to resist to direct attacks trying to get to the data, it also has to deal with jamming of the gps signals, or more specifically putting the device in a faraday cage and sending it signals imitating the gps satellites in the appropriate position. Too bad the article has zero information on their methods.
Oh well, let's hope a followup article by Schneier (who also considers the tamperproofing critical) will be more detailed on the technical side.
OG.
Re:It's all in the tamperproofing (Score:4, Insightful)
Methods are irrelevant. As soon as you put the receiver into a Faraday cage, you are the master of the Universe (inside of the cage). You are free to simulate as many satellites, and in as many positions as you wish, and nothing inside the device can detect your simulations, except if the real signals have a digital signature.
You don't even need to bother with a Faraday cage. Just use strong enough signals from your simulator, and they will jam the AGC inside the receiver, so that only your signals are received correctly.
Re:It's all in the tamperproofing (Score:2)
DMCA violation? (Score:2)
Maybe we should add a new moderation:
(+1, Illegal).
;)
Re:DMCA violation? (Score:2)
Just imagine, a crowd of university graduates in EE cheerfully leaves the ceremony of graduation, and ... everyone gets arrested right there, on the spot, for posession of information that might be used for copyright infringement!
Or another one, even better. A professor gets arrested in the middle of the class for teaching "too well". But I am afraid, that would not be new. A tyrant always kills educated people, lest they interfere with his plans.
Re:It's all in the tamperproofing (Score:4, Insightful)
This is similar to computerized noise suppressors which work by continuously measuring the acoustic waves and emitting the waves of exactly the same amplitude and opposite phase. With GPS the situation is much easier since the waves to cancel are not random noise but a perfectly predictable source (after the initial measurement).
Re:It's all in the tamperproofing (Score:2)
Why diddle with all that when you can have the device driver report whatever position you want?
Holidays? (Score:4, Funny)
no (Score:2)
Re:Holidays? (Score:2)
Re:Holidays? (Score:2)
And don't even think of copying to a less restrictive technology: Under the CBDTPA, use of such circumvention measures will mean that you spend ten years with your address as "federal penitentiary."
So when they know where I am... (Score:3, Funny)
Re:So when they know where I am... (Score:1)
No they will probally kick in your door while your watching pr0n, take photographs, take you to room 101 and then beat confessions out of you!
No brainer (Score:1, Insightful)
Slightly offtopic: Accuracy (Score:4, Interesting)
--Please, don't waste your moderation points knocking me down. They can be used so much more effectivly elevating a worthy poster elsewhere...
Re:Slightly offtopic: Accuracy (Score:2)
Also, no matter the innacuracy, you can always get more accurate by sitting there for a bit longer.
When i was cavortling around with one, you could get accuracies better than a metre.
Not anymore. Please catch up with the news. (Score:1, Informative)
Re:Accuracy (Score:5, Informative)
They removed it sometime last year, I believe. With 9-11, there are rumors they may impose the restriction again, but that's assuming any primary threats have missiles capable of using GPS.
This restriction would pose little or no problem to people using it for the purposes this article describes. GPS correction is available through a "post-processing" method. You position a GPS base station at a known location. If you take samples at exactly the same time from different locations, those locations are off by exactly the same error vector. So, you simply compare the base station samples to the base station position to get the error vector, and apply this error vector to the roaming samples to get your almost-exact position.
I say almost exact because signals are disrupted by various things. Light and sound are waves; they move at a constant speed as long as the travel medium doesn't change. As a consequence, like sound, light is affected by the doppler effect. It usually isn't significant, but can throw your results off nonetheless.
Clouds, rain, snow, buildings, etc. can also affect the results, as well as the SNR (signal to noise ratio -- measures the amount of readable data to background noise). If the SNR is high, it's unlikely the results will be thrown off significantly. All these problems are virtually unavoidable unless the weather is clear, you have a high channel capacity on your GPS device (8 is usually good, I think available satellites above the horizon range from about 8-11, high on elevated terrain), and there are few if any buildings around.
You need at least n+1 satellites in reach to get nth-dimensional results. So, for planar (2d) positions (latitude/longitude, or azimuth or whatever) you need 3 satellites, and 4 for spatial (3d, 2d + a z-position, your elevation).
The more satellites, the more precise your results are. If the base station is within 500 metres away, and you have real-time correction (which would still help with climate problems), you can get sub-centimetre accuracy.
Re:Accuracy (Score:3, Interesting)
Cruise missiles guide[d] themselves not with GPS, but just using a machine vision systems. They compare actual land beneath them to a map stored in the missile, and generate corrections this way. Does not work well at night, but totally self-contained and jam-proof.
Besides, there are many other solutions to the "last 100 meters" problem. An infrared laser, for example, can highlight the target, and the missile locks onto the bright spot. This one is used for many years (so-called "laser-guided bombs").
Re:Accuracy (Score:2)
Re:Accuracy (Score:2)
I though they used radar rather than optical systems. The only missiles I recall using optical sensors are SLBMs.Anyway they also have an inertial navigation navigation system.
Besides, there are many other solutions to the "last 100 meters" problem.
Control by kamikazie being the most low tech option.
Re:Accuracy (Score:2)
Also based on the asumption that whoever is doing the bombing cannot see the target.
They removed it sometime last year, I believe. With 9-11, there are rumors they may impose the restriction again, but that's assuming any primary threats have missiles capable of using GPS.
Ignoring the fact that the terrorists that morning probably worked by eye.
Re:Slightly offtopic: Accuracy (Score:2, Interesting)
An interesting page on accuracy and, specifically, the impact of the removal of Selective Availability, the scrambling algorithm for the old "Civilian" accuracy level, is available here [erols.com], information on the SA shutdown's impact worldwide is here [noaa.gov], and, finally, the IGEB, in charge of all this, is here [igeb.gov].
Jouster
Re:Slightly offtopic: Accuracy (Score:2)
Isn't the whole point of a landmark that it doesn't move? I'm sure at some point SOMEONE was able to figure out a Good Enough targeting location for various key targets? What good would Selective Availability do against an inertial system fed these co-ords?
GTRacer
- IANAPG (precision gunner)
Seriously, April Fools is over (Score:1)
What a weird idea! (Score:5, Interesting)
This is only how to defeat the system... I don't even mention what consumers will think of it... how would {RI,MP}AA justify licensing the material to a physical coordinates rather than a paying customer? It is not likely to work. GPS does not work inside buildings, BTW, and very few people go in a park to watch DVDs :-)
Re:What a weird idea! (Score:2)
;)
well, it makes about as much sense as the DMCA and the SSSCA/CBDTPA...
This technology will have no effect. (Score:1)
Last I checked, GPS coordinates were accurate to only tens of meters, though with inertial guidance the accuracy goes to 1 meter. So that is a limited number of possible locations, or keys. Next, as soon as the algorythm is made public knowledge, it would seem to be relatively simple to cycle through all possible GPS coordinates for a given class of potential receivers (geocaching all movie theaters in the US to gain potential keys for StarWars Episode III, for example..)
I mean, isn't one of the hallmarks of a good encryption method the lack of availible clues as to what sorts of keys might have been used? It would seem this method is extremely weak. But hey, it's late, and the article was very thin. Anyone have anything better to add?
doesn't sound particularly interesting (Score:2)
There are intersting things you can do with spatial location and cryptography, but this isn't it.
What if the recipient doesn't care for secrecy? (Score:1)
And if the recipient records the video on their HDD and e-mails it to a friend?
And their friend bungs it on a file sharing service?
This may be good for preventing casual interception for location-to-location messaging when both parties want to keep things secret, but why is it any good if the recipient couldn't give a damn about secrecy?
How is this going to help stick another finger in the rapidly spongifying dyke of copyright?
Old (Score:1, Troll)
* 2001-11-22 21:35:54 New encryption technology : Geo-Encryption (articles,encryption) (rejected)
Re:YOU FIRST! (Score:2)
How's this any better? (Score:3, Interesting)
I mean seriously, it sounds like all you'd need to do is run a few integers through it and eventually it'd unlock. This would be far easier than trying to decipher a key. I doubt fooling the GPS would prove all that difficult.
Maybe i'm oversimplifying the situation a bit, but it never really seemed to me like the key was the weakest link in modern encryption schemes. By localizing the key to GPS co-ordinates, you're making it far easier for somebody to know where to look.
Re:How's this any better? (Score:5, Insightful)
Another important defect of this system is that in modern society most people live in cities, and as such the keys are not randomly distributed, but very much clustered. To find a movie key, for example, one just needs to try GPS locations of few big cities (SF, LA, NYC etc.) to hit the paydirt.
But likely, this key search won't be needed at all, because whoever posts the material on Usenet will put the necessary serialz ^W GPS code into the accompanying note. The only problem is to apply the key to get the raw contents, and that is not too difficult because all the strength of the crypto is in the key, not in the algorithm.
GPS test equipment (Score:2, Insightful)
Just hook the tester to the decryption unit, and voila, you can make the decryption unit think it's anywhere in the world.
Is enough of the GPS protocol published to make it feasible to create GPS simulator equipment from scratch or is the signal encrypted in such a way to make it too difficult (i.e. if some foreign government can't legally buy a GPS simulator, how hard is it to make one?). Is it even possible for the commercial simulators to really emumlate the satellites, or can the GPS unit tell the difference between a test signal and a real satellite?
Copyright enforcement? (Score:2)
"I got a scoop!"
Maybe not for copyrights... (Score:1)
"Remember 007, the document will be unreadable until you reach Paris..."
What's new? (Score:2)
- [If] it's keyed to GPS location,
then you have a defined search space. This search space is the set of all practically resolvable locations on earth. Worse, this is (a bit) like a "non-flat" keyspace, since you can rule out *lots* of locations, and start with some obvious ones (think how John the Ripper and L0phtcrack work).
- It requries a tamperproof unit.
Go and look up all the usual issues with "tamperproof" units.
Neither of these things make it useless. They just bound the situations (and probably the length of time) for which it may potentially be of use.
For more technical info, read her 1996 article (Score:2, Informative)
To read the article click here [georgetown.edu].
In addition, her home page is at http://www.cs.georgetown.edu/~denning/ [georgetown.edu].
Re:For more technical info, read her 1996 article (Score:2)
not for consumer use (Score:3, Insightful)
GPS signals impossible to fake (Score:4, Interesting)
I suppose faraday cage technology will be outlawed (only terrorists would want to use a faraday cage surely...)
Faking up the signals and the timing is a matter of some electronics. There is no strength here.
Snake oil. Move on people, nothing to see here....
GPS location == known data (Score:3, Interesting)
Since GPS location is not random and is known, you can spoof the data, and not even have to do a brute force search over a random keyspace as you would with a normal cryptoscheme...
Dennigs has had stupid ideas / opinions before: (Score:5, Informative)
Is Encryption Speech? A Cryptographer's Perspective [georgetown.edu]
enhancing technology rather than speech. Although encryption might be
regarded as a manner of speech, it is unlike other methods in that it
contributes nothing to communication.
One implication of this interpretation is that regulation of encryption
would not violate the First Amendment. Another is that restrictions on
the use of encryption could not be used as a basis for prohibiting the
use of an obscure foreign language or any other ordinary language.
Testimony Before U.S. House of Representatives, May 3, 1994. [georgetown.edu]
"..The Clipper Chip and associated key escrow system is a technically
sound approach for ensuring the security and privacy of electronic
communications. Clipper's SKIPJACK encryption algorithm provides
strong cryptographic security, and the key escrow system includes
extensive safeguards to protect against unauthorized use of keys. The
more advanced chip, Capstone, further provides all the cryptographic
functionality needed for information security on the National
Information Infrastructure."
And there's even more, go and see by yourself. I'm really waiting for the comments from the cryptograhical community on this systems..
V.
Re:Dennigs has had stupid ideas / opinions before: (Score:3, Insightful)
Re:Dennigs has had stupid ideas / opinions before: (Score:3, Insightful)
Thinking that we'll trust the government not to misuse crypto keys is very, very stupid.
Re:Dennigs has had stupid ideas / opinions before: (Score:2, Insightful)
The point is that the FBI lobbied Clipper in the same way. I'm sure they knew she would say this kind of stuff before they even approached her with any of the actual details.
Also, for what it is worth, Clipper was completely bunk. Key escrow is a bogus concept anyway, but that aside, Clipper wasn't even a technically sound implementation of key escrow. They used a hash function so weak that you could erase your chips serial number, rewrite it as something random, and then collide their crappy hash to make it impossible to tell that you had tampered with the serial number. Voila, a Clipper for which they wouldn't know the key.
Re:Dennigs has had stupid ideas / opinions before: (Score:2)
(( THX-Clipper ))
The Government is listening...
Bring "bad reception" to your eBook (Score:2)
I'll get to re-live my childhood wherein I had to stand off to the left of the TV and lean away while holding the antenna during Monday Night Football so my Dad could cheer the Cowboys. Uh...no thanks...
Something about this phrase bothers me (Score:2)
Knowing how hard its been to get the router manufacturers to adopt IPv6, I think she's smoking "Happy Pixy Dust."
Denning famous for supporting Clipper (Score:3, Informative)
Click here [lycos.com] to read a letter she wrote at the time.
Re:Denning famous for supporting Clipper (Score:2, Insightful)
When she received evidence (not hearsay) that wiretap authority is being abused, she changed her mind quire publicly about Clipper and key escrow.
Anyone staying true to the scientific method deserves a fair critique.
This sounds dumb to me (Score:2, Informative)
GPS is really simple in principle. There are 24 satellites in 12 hour orbits, with orbital planes arranged so that at least 4 are up for anyone on the planet at any time. Each satellite sends its own encrypted signal (actually, 2 such) to everyone who can receive it.
The reciever decodes the signal, and checks the time lag between when each satellite's signal was received. That's it. All of the geolocation is deduced from the relative lags of the signals broadcast for all to receive.
Four satellites are needed as the receiver's clock is probably off; two signals are sent as the easily decoded civilian one has errors put in to reduce accuracy (SA - Selective Availability), while the other signal has a military grade encryption.
That's it. My signals differ from yours only based on the relative time delay between them.
So, this is subject to a replay attack - simply record the signal at the desired location and replay it to a receiver at your actual location. This would work even for the military grade encryption, but would require a sensor at the actual target location of the geo-encryption.
To do this near to (within 4000 km or so, so that the same satellites are up) of the target location, record the signal. Figure out the relative time delay's. Playback the signal multiple times with the appropriate lags for the other location. As the receiver uses a convolutional decoder and an omnidirectional antenna, if you do this right, the receiver will lock onto the time shifted satellite, and will come up with the wrong position.
The above replay attack would require a wide bandwidth (few 100 mbps) record capability and (for the time shifted version) a good ephemeris - both easily available. AND, it would work even for encryptions using the military signal.
But, you don't have to go to the trouble, as there is test equipment easily available that will do this for you (it's how you test receivers). This would not work for the encrypted military signal though.
Since these people are not stupid, my guess is they will sell a decrypt chip with with a receiver on it, and maybe use tight time delay's windows to hinder replay attacks. Give me $ 30,000 for test / record equipment, and I will break it even so. Since this level is not out of bounds for industrial movie pirates, "This sounds dumb to me."
Re:This sounds dumb to me (Score:2)
SA is turned off nowadays, differental GPS made it silly. The civilian signal is now identical in accuracy to the military signal.
For the number of satellites, there are also 2 WAAS satellites. These are in geosync orbit above the pacific and atlantic coasts of North Americia, these receive corrections from 25 ground stations, and rebroadcast the corrections. Europe and Japan are also developing equvilant correction networks for their areas, so eventually there will be at least 29 satellites.
MAC or IP address encryption (Score:2)
The idea of making the software and your NIC tamper proof, so that it always gets the "real" MAC address from the physical card is bypassed quite simply by writting new software that lets you plug in whatever MAC/GPS address you would care to pretend to have as a decryption input.
Its a crack once, decode freely foreever problem, and its one of negligeable difficulty.
Not that different from DVD region encoding (Score:4, Insightful)
This leaves two avenues of attack. The first is to recover the encryption key, the second is to spoof the satellite signals. Neither one is beyond someone with adequte resources (an intelligence agency or a serious industrial pirate). But supposing they are clever enough to avoid shipping a software based decoder, it will probably work well enough to discourage casual users.
Ridiculuous (Score:2)
1 - As stated in the linked article, if the device isn't tamper-proof, it doesn't work.
But also...
2 - There's no reason you can't just convince the device it's at a different location by shielding out the real GPS signals and transmitting your own fake ones from nearby. I'm sure a good RF/GPS hacker could build a box to contain your geo-encryption device that allows you to select a fake longitude and latitude.
The whole idea is just silly. There's no mathematical or scientific principle behind this geo-encryption that makes it work, just a supposedly tamper-proof box that relies on GPS airwaves to determine when it shoudl say "Yes, allow this data to be seen".
Patent (Score:2, Informative)
(http://patft.uspto.gov/netahtml/srchnum.htm [uspto.gov] and enter the number)
From the abstract: "A method and apparatus for authenticating the identity of a remote user entity where the identity of such user entity is authenticated by use of information specific to geodetic location of the user entity but that changes constantly, making "spoofing" the host device extremely difficult. The invention is preferably implemented utilizing satellite positioning technology to produce the identifying information."
Secure? (Score:2, Insightful)
"Spoofing" the signal is much more difficult and is damn near impossible..(at least we think...) for a GPS that is getting signals from the satellite constellation. The only true way to spoof a GPS reciever would be to bring it into a closed room and set up a simulated constellation for the reciever to lock on to. Some universities have done this type of research in an effort to provide robots with a sense of location.
The GPS string that is sent out by the reciever is defined by standards and is in plain text. The RMC, GGA, VTG sentences that are output are enough to give location, altitude, ground speed, etc. To simulate actual reception, all you have to do is playback a recorded text file of a previous reception. Heck, you wouldn't even need to use a recorded file - just make a script/program to spit the data out over the com/usb port. Hence, for this to be secure... The link from the GPS to the crypto black box had better be encrypted... But then how secure is that encryption? If this was a military only device where encryption is relied upon using their crypto devices and keytapes...then this thing could be robust. Once out into the civilian sector, they won't have the same level of encryption.
What happens if I've got two conference rooms in the same building, both needing access, but both belonging to a different company? Will both companies look the same w/regards to GPS crypto?
What's the "threshold" that the GPS system will accept as being "close enough"? Here's something to try...this assumes a GPS without the secret crypto keys loaded to get the "best" position. Start up a gps and keep logging the position that it thinks its at. This position will change ever so slightly over time. Reboot the GPS, compare the position on reboot...it will be a little bit different...(depending on how precise you want those co-ordinates)
My point is that there will have to be some "slop" allowed...some noise level that will need to be allowed into the system.
These are the things that could be used to exploit it.
-jim
Re:Is phase an issue with GPS reception? (Score:2)
This also raises the question of whether a GPS receiver has multiple antennas that are out of phase with each other. This is the only way I can see the receiver being dependent on and knowing satellite positions(angles mainly) relative it itself, independant of the data stream. I suppose accurate distance could be figured by timing differences between the signals.
If this is the case, I could see the unit cancelling input at the antennas receiving the strongest signals from the flawed source, as you said a receiver is capable of.
I had always figured each satellite identifies itself somewhere in the stream and that the receiver knows where satellite X is relative to Y, because they are in a regular orbit. That was a pretty uneducated guess. I still don't understand how GPS can pinpoint someone on land unless it is known exactly where at least one satellite is relative to the ground. Is that in the signal? Where can I do more reading?
This is so dumb. (Score:2, Informative)
My Copyright Protection Scheme (Score:2)
DNA-based decryption. This outdoes the GPS protection by leagues: you'll actually be able to use your copyright licensed material whereever you are in person, rather than being restricted to one location.
Hah! I'm gonna be sooooo g.d. rich!
Piggybacking crypto (Score:2)
The location signature is virtually impossible to forge at the required
accuracy. This is because the GPS observations at any given time are
essentially unpredictable to high precision due to subtle satellite
orbit perturbations, which are unknowable in real-time, and intentional
signal instabilities (dithering) imposed by the U.S. Department of
Defense selective availability (SA) security policy. Further, because a
signature is invalid after five milliseconds, the attacker cannot spoof
the location by replaying an intercepted signature, particularly when it
is bound to the message (e.g., through a checksum or digital signature).
Continuous authentication provides further protection against such
attacks.
In other words, they're using differential GPS to suck out the government-applied random numbers in the civilian signal and using that as the basis for crypto.
In other other words, they're just piggybacking on whatever cryptosystem the government used for obfuscating GPS signals. One which applied when the article was written but no longer holds. So it's geographically limited, and has geolocation as a side effect, but it's not the core of the cryptosystem.
God the power... (Score:3, Informative)
Sound unlikely? It's interesting that the US is pressuring Europe to shelve its own GPS system [wired.com].
Domination through media denial: "You want your mTV? Meet our demands."
prior art? (Score:2, Informative)
'Distress', published in June 1997.
Yes, she was the Clipper Pusher, and more (Score:2)
Blocked signals (Score:2)
1) That locations like this are permanently locked out? There are going to be some extremely unhappy customers...
2) That if the GPS can't get a lock, it goes ahead and works anyhow? Aluminum foil will become a circumvention device...
Oh Great! (Score:2)
Authentication only, and not "normal" GPS (Score:2, Informative)
This system as described in her paper uses two non-standard GPS receivers, one in the server and one in the client. These GPS receivers are used for client authentication by challenging the client to produce a signature that correctly locates the client to an authorized location and local time within a specified time frame.
The signature is only valid for a 5ms period and corresponds to actual locations of GPS satellites as currently measured by the server.
1) Server asks: at this GPS time marker, two seconds from now, tell me where you are.
2) Client and server wait for the GPS clocks to get to the specified point.
3) Client measures GPS satellite delays, calculates it's position at that moment, builds signature packet (think something like MD-5 digest for this step).
4) Server measures GPS satellite delays at that same moment and waits for the Client response.
5) Client transmits signature.
6) Server receives signature, reads out the location as calculated by the client as well as the digest, applies it's own measurements to the calculated location and verifies the digest was based on actual GPS satellite locations.
7) Server begins transmission of requested stream.
This defeats the faraday cage model unless your system is monitoring the GPS constellation and precise enough to replicate their actual locations within the time frame required for signature production and transmission. This is possible, but the parameters are intentionally chosen to defeat this attack and it's likely they can be improved as the tech gets better. All that's needed is that the valid stays ahead of the hackers.
There's simply no way to plug your GPS receiver simulator into the client and spoof it that way because the inputs needed by the client to produce its signature are the calculated GPS satellite delays, not the actual location provided by "normal" GPS with a NEMA serial interface. You're back to the faraday cage hack, which is probably very expensive.
Since the goal of security is to make it more expensive to acquire the information than it is worth, the approach here seems sound.
The encryption used to conceal the stream payload is the same highly effective encryption that everyone else is using and is vulnerable to the same attacks. Assume it's 4096-bit RSA covering 128-bit IDEA or better. The stream is "secure".
IANASE (security expert), but I do develop network security products for a living...
Regards, Ross
You make it..... we crack it. (Score:2, Informative)
serious flaws (Score:3, Informative)
If an attacker has some idea of where the location is the GPS data will unlock, he can test the data agaist a range around that location. Given a GPS resolution of about 10 meters, there are 10,000 possible values per square kilometer. Testing a block of data against an area 10 kilometers on a side gives only a million possible permutations; child's play for modern computers. 100 kilometers on a side is 100 million permutations.
Argh, Mate! (Score:2)
Re:Argh, Mate! (Score:2)
Re:Argh, Mate! (Score:2)
Re:Argh, Mate! (Score:2)
Cities using GPS DRM to ban "obscene" content (Score:2)
And then one day we'll read a newspaper article about some poor bastard getting arrested for transporting a DVD across state lines for purposes of indencency with himself.
Straight From Dorothy! (Score:2, Interesting)
"Thanks for the link. Just to clarify a few points:
The general concept was developed by Mark Seiler, Barry Glick, and Ron Karpf
before I got involved. My role has been to devise ways of making it more
secure. The methods are not derived from or related to the location-based
authentication technology of CyberLocator, which was patented in 1998 (I am a
co-inventor).
GPS location is not used as the encryption key. Obviously this would not be
secure. The techniques build on established methods of encryption and key
exchange (symmetric or asymmetric) in a way that uses GPS to enhance security
rather than diminish it.
Devices do need to be tamperproof, and that is always an issue.
I'm not sure where the stuff in the article about Internet routers came from.
Geo-encryption can be done so that material must be delivered through particular
distributors.
The technology is not designed for protecting content intended to be used on
mobile devices such as portable DVD players. One application for the technology
is digital cinema delivered to movie theaters.
I hope this clarifies some of the issues. I realize I have said little about
how GPS is used, but we have not yet made that public.
Dorothy Denning"
Re:GPS Technology (Score:1, Insightful)
Re:Skipjack !- Clipper (Score:2, Insightful)