[FoRK] moar change we can believe in!
Stephen D. Williams
sdw at lig.net
Wed Sep 16 18:06:45 PDT 2009
Lucas Gonze wrote:
> On Mon, Sep 14, 2009 at 4:58 PM, Koen Holtman <k.holtman at chello.nl> wrote:
>> The actually existing scary pervasive network-connected sensor device is
>> otherwise known as the internet enabled mobile phone.
> Any thoughts on verifying somebody's location?
> Let's say that there is access control tied to physical location. How
> could that be verified?
> One possibility is that the verifier and the person signing in both
> need to have sensors at the location. Authentication uses sensor
> readings like temperature, barometer, wind, chemicals in the air, and
> light intensity as shared secrets. If the sensor readings being
> compared were a rich enough dataset, it would be impossible to predict
> them with any reliability.
> Except that an attacker can control the environment at the location,
> for example by enclosing it in a box, sucking the air out, setting the
> temperature, setting the light intensity. The attacker might also
> find a way to observe the verifier's sensor readings.
> A defense against these is for the verifier to emit a random signal
> within a limited distance. The authenticating party would have to
> detect and acknowledge that signal. If the allowable time for the
> response was short enough, a remote attacker would have to exceed the
> speed of light.
Exactly the solution that I thought of when reading the first part of
your message. A trusted verifier can verify those in close enough
proximity. It should also be the case that this could be done at a
distance, given direct communication and precise measurements: If a
subject had to instantly respond with a signal based on communication
from 3 distant, circularly diverse transmitters (i.e. spaced roughly 120
degrees around a circle from the subject), those transmitters together,
or other listeners in strategic locations, could verify that the subject
had to be at that physical location. This requires that transmission
and processing delays be less than the speed of light of the location
resolution required. And that listeners cannot have the reference
transmissions spoofed. The processing requirements could be met by
something like xor and the transmission speed could involve a small
number bits with precise delay.
> So, thinking out loud in a clumsy way about an idea which is new to me
> if not to other people... I realize it must have been studied for
> real for many years!
> FoRK mailing list
More information about the FoRK