encryption techniques for protecting GPS communications

encryption techniques for protecting GPS communications

GPS in full stands for Global Positioning System, it is a navigation system based on satellite and comprises of a network of satellites orbiting around the globe that provides location and time information anywhere on or near the earth. Initially, the Global Positioning System was envisioned for military use, but nowadays, it is available everywhere for civilian use. The United States Government maintains the Global Positioning System, and it is accessible to anyone with a GPS receiver for free. GPS receivers include; car navigation systems, hand-held units for hiking, and smart-phones. Among the encryption techniques for protecting GPS communications are discussed below;

Geo-Encryption Algorithm

The geo-encryption algorithm provides an extra layer of security beyond that provided by conventional cryptography. It supports constraints in time as well as space and allows encryption of data for a broad geographical area or precise place. Geo-Encryption Algorithm can be used with mobile applications as well as fixed applications, besides it supports various information sharing and circulation procedures. This technique provides uncompromised protection against efforts to bypass the location feature.

Furthermore, it can provide robust fortification against location spoofing. Through Geo-Encryption Algorithm, one can bind a set of locations and time specifications to a ciphertext file and come up with gadgets that would decrypt the file only when the user is at the specified time constraints and location. This approach provides crucial data to someone who wants to spoof the device; however, it has substantial problems in that it reveals the physical location of the intended recipient. There is a likelihood also one can use the location itself as the cryptographic key to another robust Encryption algorithm such as AES. Through this, the location is not likely going to have adequate entropy to provide strong fortification. The enemy may not get to know the actual location, but enough information may be available to enable a rapid brute-force   attack analogous to a dictionary assault.

This can be solved by applying obfuscation to the location value before it used as a key; it strengthens this approach. However, the function should be kept as a secret once the secret method is exposed; it is useless. The primary purpose of Geo-Encryption is to provide security to the broadcast of information; thus, every connection of the Geo-Encryption chain must be secure. These include the RF signal and the broadcast itself. By providing message verification, the security of the RF signal is assured, the objective to prevent the user from being fooled to believe that the message comes from a specific source when it is not is achieved as well as the users can verify whether the message was modified during the broadcast.

Location Dependent Encryption Algorithm (LDEA)

This technique mainly includes the coordinates of the longitude/latitude in the data encryption to restrict the location of the data decryption. To deal with the imprecision issue of the GPS receiver, a Toleration Distance (TD) is planned. There are two stages; the operation phase and the registration phase. The mobile user requests a random seed and a Media Access Control function C from the information server in the register stage, the issued random seed as well as the function C for every user is recorded. The information is crucial for assuring information security in the operation stage. Thus, they are conveyed under a secure channel, like Virtual Private Network or Intranet.

The arbitrary seed acts as the initial value of the one-way function, and a sequence of session keys are created as per the random seed. In the operation stage, the mobile user sends a target coordinate before the message broadcast. Since the information server and the mobile user own the same set of session keys, a key synchronization is planned for the server to recognize the right one in advance. This is because the session key is altered for every session; the mobile use submits a target coordinate under an insecure channel in the operation stage. Therefore, the server sends the message encrypted using the particular session key and coordinates.

The one-way hash function generates a sequence of session keys on the server-side and the user’s side when a random seed and Media Access Control function is conveyed to a mobile user. Ki, which is one session key input of the hash function, generates the next key Ki+1. This technique prevents the prediction of the output value from the input; thus, the usage pattern is reversed with the creative direction. The user’s keys are changed in a reversed pattern for every session, and the keys are only used for that period of the session. Broadcasting is reliant on the synchronized session key, and the message is encrypted and conveyed to the mobile user safely.

Self-Encryption (SE)

This technique handles data and information set as a binary bitstream; it is also a light-weight approach. Based on the user’s unique PIN and a nonce, the keystream is generated by extracting n bits in a pseudorandom means. The keystream’s length is elastic and depends on security necessities. The remaining bitstream is encrypted using the same keystream and is stowed in the mobile gadgets while the keystream is stowed separately. Recovering the unique data stream from the Ciphertext is difficult even if the enemy knows the algorithm. The variable-length keystream makes brute force attacks infeasible, and the decrypted data stream is unidentifiable, not unless the keystream bits are inserted into the initial position.

In the Self-Encryption technique, sensitive data is divided into fragments using a self-encryption cipher structure. The keystream is stored in a secured server while the Ciphertext in the mobile device. The keystream is used to encrypt the Ciphertext, and when the user wants to access the data, they have to input a PIN for the verification process. The server sends the keystream to decrypt the Ciphertext and merges them to retrieve the initial plaintext. For instance, in case a mobile gadget is lost, the enemy can access the Ciphertext, but it is infeasible for them to obtain meaningful information.

The hash function takes the user’s PIN and nonce to compute the seed of the random number generator, then a series of random numbers is created with length n according to the size of the sensitive document and security echelon. The random number sequence shows the bits in the data file distracted to make the keystream by handling the file as a binary stream. Finally, the Ciphertext is computed normally and stored in the mobile gadget, while the PIN and nonce are kept in a secure server.

Mobile User Location-specific Encryption (MULE)

This technique uses location-specific data from a reliable location to routinely come up with a decryption key giving access to the sensitive files. These files are once again routinely encrypted the moment the user logs off or switches their device off and the key deleted from the device. In any case, where the user needs to access the files from a reliable outside location, thy must enter a tributary password to be allowed to access. Besides, this technique offers a fail-safe method when location-specific data and services are not accessible in reliable locations.

The main objective of this technique is to provide fortification for sensitive files in mobile gadgets, generally with no user effort. The none sensitive files are not encrypted and are made accessible, specifically only the user-defined sensitive files are encrypted.

During the rare occasion, when a user accesses sensitive files outside of a trusted location, Mobile User Location Encryption will lack the correct location-specific information, and key derivation would fail. In that case, the user is asked to enter a password as part of a location-independent key derivation scheme. The password allows the Trusted Platform Module on the laptop to decrypt an independent location key which can decrypt the files. Once a valid key is available, the sensitive files are decrypted. When a user is idle for some set period, logs off, or puts the device to sleep, the device will re-encrypt the files and delete the key.