h a l f b a k e r yFlaky rehab
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
My idea for a encrypted drive the relies on two factors of
authentication, one, is a password, the other, is that the
drive can only be accessed from specific gps cordinates.
There are two immediately useful applications to this:
First, the encrypted drive could only be accessible at
coordinate
pre-established by the administrator. Meaning,
even if a employee stole a drive, they have access to at
work, they would not be able to access the materials
offsite because they would be at a new set of GPS
coordinates.
Second, this would be very useful for securing data in
transport, For example, "safe zones" could be plotted into
the encryption software so that a person could transport a
laptop between two safe points e.g. a foreign embassy,
and 1600 Pennsylvania Ave. Without being worried about
it being intercepted in between.
There are many
areas of the world authorities, have the right to demand
access to
computers at airports or other security checkpoints simply
because you are passing though, and in the the UK The
RIPA
act allows for people to be imprisoned,
for up to 5 years for refusing to divulge your password to
an authority and
I imagine there are other countries that are far more
harsh.
If ones global position became a key factor in unlocking an
encrypted drive, it would mean no amount of pressure by
authorities, could be used to coerce the handler into
decrypting the drive. And as a consequence, there would
be no value in detaining or threatening the handler.
I was reluctant to post this because it is one of my
less useless ideas. If someone bakes this, please give me
some stocks and/or an entry level job.
This idea reminded me of this.
http://arduiniana.o...e-geo-cache-puzzle/ [scad mientist, Apr 27 2012]
GPS spoofing
http://www.wired.co...-02/22/gps-spoofing [bob, Apr 27 2012]
Geographic_20Location_20Verification
[spidermother, Apr 27 2012]
The military were looking onto it.
http://www.schneier...location-based.html for drone control and streaming data. [4whom, Apr 30 2012]
M.U.L.E
http://www.google.c...2TBiEWR6V6cw4si7P7A Mobile User Location-specific Encryption [4whom, Apr 30 2012]
How computer security really works
http://xkcd.com/538/ [hippo, Apr 30 2012]
(?) robbed by apple
http://appft.uspto....10+AND+PD/20140703) see comment [bob, Jul 06 2014]
[link]
|
|
[+] a good one for normal people too (eg: can only access banking from a pre-arranged IP address) |
|
|
//safe zones// sortof messes up the idea, since then the enemy need only figure that out to unencrypt everything. |
|
|
Something like this could provide protection from your average data thief, but when you start talking abassadors, if you have the resources of even a small country, spoofing a GPS signal can't be htat hard. If you're worried about RIPA, wouldn't they just demand that you tell them the GPS coordinates? THey could then use spoofing if actually traveling to that location was not convenient? |
|
|
Spoofing GPS is possible with a $40 device
purchasable online, but i don't know if anyone has
made a device that run though and spoof every
possible coordinate. And the person doing the
courier work could always plausibly deny they knew
the final destination. |
|
|
Wether my idea is foolproof or not, I think it
introduces an additional layer of complexity to an
already complex task. As well, many experts argue
that the human
element is the weakest link in computer security.
and may be unique in that it is the only computer
security i know of that is even slightly resistant to a
rubber hose attack. |
|
|
How does this prevent the person being tortured with a rubber hose from divulging the location? |
|
|
This certainly does add complexity for the hacker to overcome, but it seems like there would be cheaper and more convenient methods to add the same amount of security. |
|
|
This is an interesting idea [+] and it seems like it ought to be useful, but I can't seem to think of a situation where it is worth the effort as a serious data security tool: just right for the Halfbakery! It could be useful for entertainment purposes like the reverse geo-chache puzzle I linked to. |
|
|
Maybe it would be useful in a situation where the data was only valueable for a short time, so if the location was far enough away, if intercepted, the hacker would probably not have time to figure out the location AND travel there in time (unless they already had a GPS spoofing set up ready to use.) Hmm... |
|
|
It would work if permitted location was a secure area in its own right. Examples might be within the confines of a bank or military base or even corporate offices only accessible via swipe card and which are monitored by CCTV. I think it is worth a bun. |
|
|
Mobile computing is on the rise. More than half of all
computing devices are now mobile. It's the same
lesson Nokia is learning, just on a different day. |
|
|
//Wether my idea is foolproof or not, I think it introduces an additional layer of complexity to an already complex task.// Cypher monkeys, or cryptanalysists (as they insist on being called), don't mind added layers of complexity. Chains are only as strong as the weakest link. The weakest link here is not a $40 gps spoofer, and about seven lines of code. Sure build in a "x" attempts from "location" lock. Doesn't change the fact that the data resides on the disk, in whatever format. The weakest link is the crappy encryption you are forced to encrypt with, if indeed you did use it to encrypt, instead of just lock. You can use a good encryption mechanism but then you are running into other problems like "that shit is illegal" or "it actually doesn't work as advertised". That's a long way from encryption. My favourite story recently was the <insert government agency> that was stumped by the android swipe pattern lock. My ass. It makes a good story (you can find it on Schneier) but it only serves to lull some disparate and desperate members of the pubic into believing they can continue their illicit dealings. |
|
|
Now, if you had a horribly inaccurate GPS device that you could read to n decimal places, where n is the length of your plaintext....and use this as a key... |
|
|
Don't be reluctant to post this. It IS one of your least useless ideas, but you are coming from a low base. |
|
|
Oh, I forgot to say it is baked. |
|
|
Can you give me evidence of its bakedness 4whom? |
|
|
If your hard drive actually embeds the GPS functionality, then maybe. If it's getting data from a separate GPS, then it's a non-starter - even for the legit owner of the device, it would often be easier to spoof the location than to physically pick up and go there. |
|
|
And there was me thinking this might be a pirate treasure mappy-thingy. If you decipher the map, it'd take you to where the decrypt key is. |
|
|
Kind of Pirates of the Cryptogram, or something like that.. |
|
|
Could there be some kind of large-scale infrastructure hardware authentication? e.g. the drive will only physically work if it is hung on the railings outside St Pauls Cathedral (perhaps by sensing the capacitance or radio reflectivity of the railings?) |
|
|
I think that it should work out your location and then
ask you to describe what you can see out of the
window. If you don't get it right then it won't unlock. |
|
|
Just wanted to point out that this is the second of my
ideas that APPLE has robbed from me. the other is
IPOD cheqe mode) yet I can't even get an interview
at an apple store. what the hell guys? send me some
apple stocks or something? |
|
|
//How does this prevent the person being tortured with a rubber hose from divulging the location? |
|
| |