2. What constitutes an identity in cryptography?
3. Trust Physical Security…�and the right circumstances
4. How about geographical position as an identity?�[C–Goyal–Moriarty–Ostrovsky (CRYPTO’09)]
5. Geographical Position as an Identity
6. Other Position Based Cryptographic Tasks
7. Other Position Based Cryptographic Tasks Position based access control: allow access to resource only if user is at particular geographical position
Many more….
8. The Setting A set of verifiers V1,….,Vk present at various geographical positions in space
A prover present at some geographical position
The prover claims to be at P
…… but may be lying!
9. Previous Technique for Secure Positioning [SSW03, B04, SP05, CH05, CCS06]
10. Triangulation [CH05]
12. Can we protect against multiple colluding provers?
(if none of them are
at the claimed position)
13. Talk Outline Plain Model for Position based tasks
Secure Positioning - I’ll show:
- Impossible in plain model ?
- Positive results in the “Bounded Retrieval Model” (BRM) ?
14. Plain Model
15. Impossibility Result
16. Impossibility: Proof strategy
17. Impossibility: Proof sketch
18. Impossibility: Proof sketch
19. Implications of our �impossibility result Secure positioning and hence position-based cryptography is impossible in the plain model
20. A First Natural Question… Do computational hardness assumptions help?
For example, hardness of factoring?
21. Any other way to meaningfully restrict adversary?
22. Any other way to meaningfully restrict adversary? How about bounding space of parties?
23. Constructions & Proofs�in BRM
24. Reminder: Bounded Retrieval Model (BRM) [M’92, D’06, CLW’06]
25. BRM in the context of Position-based Cryptography
26. An assumption for this talk Computation is instantaneous – modern GPS perform computation while using speed of light assumption
(relaxation ? error in position)
27. SO FAR:
Introduced Bounded Retrieval Model
for position based crypto tasks
COMING UP NEXT:
Actual Protocol for Secure Positioning
28. Warm up: 1-Dim. Secure positioning
29. A starting point: [Vadhan04] Locally computable Pseudorandom Generator (PRG)
30. 1-Dim. Space: Protocol
31. 1-Dim. Space: Correctness
32. 1-Dim. Space: Security
33. SO FAR:
1-Dim. Secure Positioning
Protocol & Proof
COMING UP NEXT:
3-Dim. Secure Positioning
Protocol & Proof idea
34. For this talk, I’ll present only a flavor of the protocol & proof:
CHEAT FOR THE TALK: Verifiers alone have large storage
(can store X in its entirety!)
Can completely remove cheat with certain secret sharing technique as additional step
Complicates both proof and constructions;
will not cover in this talk 3-Dim. Secure Positioning
35. 3-Dim. Space: Protocol
36. 3-Dim. Space: Correctness & � Security
37. Proof Ideas
38. Subtleties in proof
39. The bottom line Bad News: secure positioning is impossible without assumptions
Good news: Can do secure positioning in 3D in the bounded retrieval model
More good news: Can extend the protocol even if there is a small variance in delivery time when small positioning error is allowed
40. Position based Key Exchange Can we obtain key exchange (KE)?
41. 1-Dim. Space: Position-based KE
42. 1-Dim. Space KE: Protocol & Security
43. 3-Dim. Space KE: Protocol
44. Take away Position based cryptography is impossible in the plain model
Secure Positioning and Position-based key exchange possible in the BRM
Leads to
Position-based encryption
Position-based authentication
Secure position-based services
...
45. Other Directions
46. Questions?
