From: Jones <joneswr@fsg.prusec.com>
To: cypherpunks@toad.com
Message Hash: 7174a9a4154065e6dd59bb969d8bfc921b076df2ccf9e164c2acdd050895d832
Message ID: <96Apr10.102406edt.35724@prufire1.prusec.com>
Reply To: <199604091750.TAA13469@utopia.hacktic.nl>
UTC Datetime: 1996-04-10 22:36:08 UTC
Raw Date: Thu, 11 Apr 1996 06:36:08 +0800
From: Jones <joneswr@fsg.prusec.com>
Date: Thu, 11 Apr 1996 06:36:08 +0800
To: cypherpunks@toad.com
Subject: Re: BoS: No matter where you go, there they are.
In-Reply-To: <199604091750.TAA13469@utopia.hacktic.nl>
Message-ID: <96Apr10.102406edt.35724@prufire1.prusec.com>
MIME-Version: 1.0
Content-Type: text/plain
Anonymous wrote:
>
> Location-based System Delivers User
> Authentication Breakthrough
>
> By Dorothy E. Denning and Peter F. MacDoran
> Copyright(c), 1996 - Computer Security Institute - All Rights Reserved
> Top - Help
>
> Existing user authentication mechanisms are based on information the user
> knows (e.g., password or PIN), possession of a device (e.g, access token or
> crypto- card), or information derived from a personal characteristic
> (biometrics). None of these methods are foolproof. Passwords and PINs are
> often vulnerable to guessing, interception or brute force search. Devices
> can be stolen. Biometrics
> can be vulnerable to interception and replay.
>
> A new approach to authentication utilizes space geodetic methods to form a
> time- dependent location signature that is virtually impossible to forge.
> The signature is used to determine the location (latitude, longitude and
> height) of a user attempting to access a system, and to reject access if
> the site is not approved for that user. With location-based controls, a
> hacker in Russia would be unableto log into a funds transfer system in the
> United States while pretending to come from a bank in Argentina.
>
> Location-based authentication can be used to control access to sensitive
> systems, transactions or information. It would be a strong deterrent to
> many potential intruders, who now hide behind the anonymity afforded by
> their remote locations and fraudulent use of conventional authentication
> methods. If the fraudulent actors were required to reveal their location in
> order to gain access, their anonymity would be significantly eroded and
> their chances of getting caught would increase.
>
[SNIP]
>
> How it works
>
> International Series Research (Boulder, CO) has developed a technology for
> achieving location-based authentication. Called CyberLocator, the
> technology makes use of the microwave signals transmitted by the
> twenty-four satellite constellation of the Global Positioning System (GPS).
> Because the signals are everywhere unique and constantly changing with the
> orbital motion of the satellites, they can be used to create a location
> signature that is unique to a particular place and time. The signature,
> which is computed by a special GPS sensor connected to a small antenna, is
> formed from bandwidth compressed raw observations of all the GPS satellites
> in view. As currently implemented, the location signature changes every
> five milliseconds. However, there are options to
> create a new signature every few microseconds.
>
[SNIP]
So what if WORST case:
So, everyone starts using this system. Especially the banks and exchanges.
And nothing goes wrong for a long time and we really start to rely on it.
What happens when one of the satellite gets hit by a meteor? Telephone systems
can be re-routed. Does the authentication system break down? What if more
than one gets hit? The earth passes close to the asteroid belt every so
often. Thats why you can see shooting stars more often at certain times of
the year.
What if some country wanted to test out their new missile that knocks out
satellites and takes a shot at some of the GPS. Obviously an act of war but
could they shutdown the world bank? So far we use satellites to route
information originating on terra ferma. This would mean relying on data
originating from the satellite net to do business. And more so relying on
data from more than one to come up with a computed value.
Have we never lost a satellite to a rock? It doesn't even have to be a big
rock. Just one moving at 100,000 mph.
What happens during solar flare storms. Does the signal still make it
through?
Would the world buy into relying on a satellite system controlled by the USA?
The possibilities for new 007 episodes just multiplied.
RJ
Return to April 1996
Return to ““Perry E. Metzger” <perry@piermont.com>”