Anonymous wrote:
Location-based System Delivers User Authentication Breakthrough
By Dorothy E. Denning and Peter F. MacDoran Copyright(c), 1996 - Computer Security Institute - All Rights Reserved Top - Help
Existing user authentication mechanisms are based on information the user knows (e.g., password or PIN), possession of a device (e.g, access token or crypto- card), or information derived from a personal characteristic (biometrics). None of these methods are foolproof. Passwords and PINs are often vulnerable to guessing, interception or brute force search. Devices can be stolen. Biometrics can be vulnerable to interception and replay.
A new approach to authentication utilizes space geodetic methods to form a time- dependent location signature that is virtually impossible to forge. The signature is used to determine the location (latitude, longitude and height) of a user attempting to access a system, and to reject access if the site is not approved for that user. With location-based controls, a hacker in Russia would be unableto log into a funds transfer system in the United States while pretending to come from a bank in Argentina.
Location-based authentication can be used to control access to sensitive systems, transactions or information. It would be a strong deterrent to many potential intruders, who now hide behind the anonymity afforded by their remote locations and fraudulent use of conventional authentication methods. If the fraudulent actors were required to reveal their location in order to gain access, their anonymity would be significantly eroded and their chances of getting caught would increase.
[SNIP]
How it works
International Series Research (Boulder, CO) has developed a technology for achieving location-based authentication. Called CyberLocator, the technology makes use of the microwave signals transmitted by the twenty-four satellite constellation of the Global Positioning System (GPS). Because the signals are everywhere unique and constantly changing with the orbital motion of the satellites, they can be used to create a location signature that is unique to a particular place and time. The signature, which is computed by a special GPS sensor connected to a small antenna, is formed from bandwidth compressed raw observations of all the GPS satellites in view. As currently implemented, the location signature changes every five milliseconds. However, there are options to create a new signature every few microseconds.
[SNIP] So what if WORST case: So, everyone starts using this system. Especially the banks and exchanges. And nothing goes wrong for a long time and we really start to rely on it. What happens when one of the satellite gets hit by a meteor? Telephone systems can be re-routed. Does the authentication system break down? What if more than one gets hit? The earth passes close to the asteroid belt every so often. Thats why you can see shooting stars more often at certain times of the year. What if some country wanted to test out their new missile that knocks out satellites and takes a shot at some of the GPS. Obviously an act of war but could they shutdown the world bank? So far we use satellites to route information originating on terra ferma. This would mean relying on data originating from the satellite net to do business. And more so relying on data from more than one to come up with a computed value. Have we never lost a satellite to a rock? It doesn't even have to be a big rock. Just one moving at 100,000 mph. What happens during solar flare storms. Does the signal still make it through? Would the world buy into relying on a satellite system controlled by the USA? The possibilities for new 007 episodes just multiplied. RJ