[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GPS-based authentication



At 11:33 AM 4/11/96 -6, Peter Trei wrote:
>Ms Denning, Mr. MacDoran
>
>I've read with interest your proposed GPS-based authentication 
>mechanism (it was posted to the cypherpunks mailing list). Can you
>confirm that you wrote this? Some people on the list think it may be
>a forgery.
>
>The participants of the list have noted some apparent vulnerabilities
>in the system, and I am curious as to how you address them. If you
>respond to me and give permission, I'll forward your response to the
>list.
>
>The problems are two-fold:
>
>1. The system is easily spoofed.
>2. It leaks sensitive location data.

It should occur to all of us that what you (and we) call "problems" are, to 
government sympathizers, actually FEATURES.  Identifying people's locations 
is probably going to be considered enormously important to the government 
(if it lasts that long).  And since the government runs all the GPS 
transmitters, and can presumably modulate the S/A function any way it 
wishes, it has a leg up on all of us who have to depend on the integrity of 
the system.  There is also the possibility of them jamming the system 
locally to either deny the user the ability to make the identification 
system work and thus deny access, or detect the location of the user by 
subtly modulating the local signal in such a way as to leak through the 
otherwise-secure system.  (If we trust it that far, which I don't.)