Breakthrough: UCLA engineering devises new location-based cryptography method
Location-based security is ensured by using quantum mechanics; this type of cryptography could be useful in several settings — for example, one could communicate with a military base with a guarantee that only someone physically present at the base will have access to the information; furthermore, the location-based method eliminates the need for distributing and storing keys, one of the most difficult tasks in cryptography
A research group led by computer scientists at the UCLA Henry Samueli School of Engineering and Applied Science has proved that cryptography — the practice and study of hiding information — that is based solely on physical location is possible by using quantum mechanics.
Such a method, the researchers say, allows one to encrypt and decrypt data at a secure location without pre-sharing any cryptographic keys that can be used to lock or unlock sensitive information.
The idea behind location-based cryptography is that only a recipient at a precise geographic location can receive an encrypted message — the location itself acts as the credential required for generating an encryption key.
This type of cryptography could be useful in several settings. For example, one could communicate with a military base with a guarantee that only someone physically present at the base will have access to the information. Furthermore, the location-based method eliminates the need for distributing and storing keys, one of the most difficult tasks in cryptography.
A central tool in location-based cryptography is secure location verification, which is a method for verifying the geographical position of a device in a secure manner, according to Rafail Ostrovsky, a UCLA professor of computer science and mathematics.
“Securely proving a location where such a proof cannot be spoofed, and securely communicating only to a device in a particular location and nowhere else is extremely important,” Ostrovsky said. “Often, the location of a device determines its credentials. Our recent paper shows how our method allows one to securely communicate to a device only in a particular location and without any other assumptions regarding prior interaction with the device at this location.”
The strategy, outlined in a new research paper currently available at arXiv — Quantum Physics, was recently accepted to the highest-rated theoretical computer science peer-review conference, the 2010 IEEE Symposium on Foundations of Computer Science.
According to Ostrovsky, the problem of secure positioning has been widely studied by the wireless security community. It was assumed that the classical approach, based on triangulation, offered a secure solution. Last year, however, a research group led by Ostrovsky proved that this approach cannot offer security against a coalition of dishonest persons that actively try to break the scheme, thereby breaking all known classical location verification systems.
Surprisingly, with the help of quantum mechanics, the task of location verification can be done in a secure way, even in the presence of colluding adversaries, the researchers say.
The core idea behind the protocol is the “no-cloning” principle of quantum mechanics. By making a device give the responses of random challenges to several verifiers, the protocol ensures that multiple colluding devices cannot falsely prove any location. This is because an adversarial device can either store the quantum state of the challenge or send it to a colluding adversary, but not both.
The proposed method does not require any involved quantum computation other than creating and measuring quantum bits, which could be implemented with existing technology.
The research group includes Ostrovsky; UCLA computer science Ph.D. students Nishanth Chandran, and Ran Gelles; scientific staff member Serge Fehr, of Centrum Wiskunde & Informatica (CWI) in the Netherlands; and Vipul Goyal of Microsoft Research, India.