Please log in.
Before you can vote, you need to register. Please log in or create an account.
Computer: Security: Authentication
Location as a factor in authentication   (+8, -1)  [vote for, against]

My idea for a encrypted drive the relies on two factors of authentication, one, is a password, the other, is that the drive can only be accessed from specific gps cordinates.

There are two immediately useful applications to this:

First, the encrypted drive could only be accessible at coordinate pre-established by the administrator. Meaning, even if a employee stole a drive, they have access to at work, they would not be able to access the materials offsite because they would be at a new set of GPS coordinates.

Second, this would be very useful for securing data in transport, For example, "safe zones" could be plotted into the encryption software so that a person could transport a laptop between two safe points e.g. a foreign embassy, and 1600 Pennsylvania Ave. Without being worried about it being intercepted in between.

There are many areas of the world authorities, have the right to demand access to computers at airports or other security checkpoints simply because you are passing though, and in the the UK The RIPA act allows for people to be imprisoned, for up to 5 years for refusing to divulge your password to an authority and I imagine there are other countries that are far more harsh.

If ones global position became a key factor in unlocking an encrypted drive, it would mean no amount of pressure by authorities, could be used to coerce the handler into decrypting the drive. And as a consequence, there would be no value in detaining or threatening the handler.

I was reluctant to post this because it is one of my less useless ideas. If someone bakes this, please give me some stocks and/or an entry level job.
-- bob, Apr 27 2012

This idea reminded me of this. http://arduiniana.o...e-geo-cache-puzzle/
[scad mientist, Apr 27 2012]

GPS spoofing http://www.wired.co...-02/22/gps-spoofing
[bob, Apr 27 2012]

Geographic_20Location_20Verification [spidermother, Apr 27 2012]

The military were looking onto it. http://www.schneier...location-based.html
for drone control and streaming data. [4whom, Apr 30 2012]

M.U.L.E http://www.google.c...2TBiEWR6V6cw4si7P7A
Mobile User Location-specific Encryption [4whom, Apr 30 2012]

How computer security really works http://xkcd.com/538/
[hippo, Apr 30 2012]

(?) robbed by apple http://appft.uspto....10+AND+PD/20140703)
see comment [bob, Jul 06 2014]

[+] a good one for normal people too (eg: can only access banking from a pre-arranged IP address)

//safe zones// sortof messes up the idea, since then the enemy need only figure that out to unencrypt everything.
-- FlyingToaster, Apr 27 2012


Something like this could provide protection from your average data thief, but when you start talking abassadors, if you have the resources of even a small country, spoofing a GPS signal can't be htat hard. If you're worried about RIPA, wouldn't they just demand that you tell them the GPS coordinates? THey could then use spoofing if actually traveling to that location was not convenient?
-- scad mientist, Apr 27 2012


Spoofing GPS is possible with a $40 device purchasable online, but i don't know if anyone has made a device that run though and spoof every possible coordinate. And the person doing the courier work could always plausibly deny they knew the final destination.

Wether my idea is foolproof or not, I think it introduces an additional layer of complexity to an already complex task. As well, many experts argue that the human element is the weakest link in computer security. and may be unique in that it is the only computer security i know of that is even slightly resistant to a rubber hose attack.
-- bob, Apr 27 2012


How does this prevent the person being tortured with a rubber hose from divulging the location?

This certainly does add complexity for the hacker to overcome, but it seems like there would be cheaper and more convenient methods to add the same amount of security.

This is an interesting idea [+] and it seems like it ought to be useful, but I can't seem to think of a situation where it is worth the effort as a serious data security tool: just right for the Halfbakery! It could be useful for entertainment purposes like the reverse geo-chache puzzle I linked to.

Maybe it would be useful in a situation where the data was only valueable for a short time, so if the location was far enough away, if intercepted, the hacker would probably not have time to figure out the location AND travel there in time (unless they already had a GPS spoofing set up ready to use.) Hmm...
-- scad mientist, Apr 27 2012


It would work if permitted location was a secure area in its own right. Examples might be within the confines of a bank or military base or even corporate offices only accessible via swipe card and which are monitored by CCTV. I think it is worth a bun.
-- AusCan531, Apr 27 2012


Mobile computing is on the rise. More than half of all computing devices are now mobile. It's the same lesson Nokia is learning, just on a different day.
-- UnaBubba, Apr 27 2012


//Wether my idea is foolproof or not, I think it introduces an additional layer of complexity to an already complex task.// Cypher monkeys, or cryptanalysists (as they insist on being called), don't mind added layers of complexity. Chains are only as strong as the weakest link. The weakest link here is not a $40 gps spoofer, and about seven lines of code. Sure build in a "x" attempts from "location" lock. Doesn't change the fact that the data resides on the disk, in whatever format. The weakest link is the crappy encryption you are forced to encrypt with, if indeed you did use it to encrypt, instead of just lock. You can use a good encryption mechanism but then you are running into other problems like "that shit is illegal" or "it actually doesn't work as advertised". That's a long way from encryption. My favourite story recently was the <insert government agency> that was stumped by the android swipe pattern lock. My ass. It makes a good story (you can find it on Schneier) but it only serves to lull some disparate and desperate members of the pubic into believing they can continue their illicit dealings.

Now, if you had a horribly inaccurate GPS device that you could read to n decimal places, where n is the length of your plaintext....and use this as a key...

Don't be reluctant to post this. It IS one of your least useless ideas, but you are coming from a low base.
-- 4whom, Apr 28 2012


Oh, I forgot to say it is baked.
-- 4whom, Apr 28 2012


Can you give me evidence of its bakedness 4whom?
-- bob, Apr 29 2012


If your hard drive actually embeds the GPS functionality, then maybe. If it's getting data from a separate GPS, then it's a non-starter - even for the legit owner of the device, it would often be easier to spoof the location than to physically pick up and go there.
-- lurch, Apr 29 2012


And there was me thinking this might be a pirate treasure mappy-thingy. If you decipher the map, it'd take you to where the decrypt key is.

Kind of Pirates of the Cryptogram, or something like that..
-- not_morrison_rm, Apr 29 2012


Could there be some kind of large-scale infrastructure hardware authentication? e.g. the drive will only physically work if it is hung on the railings outside St Pauls Cathedral (perhaps by sensing the capacitance or radio reflectivity of the railings?)
-- pocmloc, Apr 29 2012


I think that it should work out your location and then ask you to describe what you can see out of the window. If you don't get it right then it won't unlock.
-- kaz, Apr 30 2012


Just wanted to point out that this is the second of my ideas that APPLE has robbed from me. the other is IPOD cheqe mode) yet I can't even get an interview at an apple store. what the hell guys? send me some apple stocks or something?
-- bob, Jul 06 2014


//How does this prevent the person being tortured with a rubber hose from divulging the location?

Sp. "bagpipes"
-- not_morrison_rm, Jul 06 2014



random, halfbakery