TransWikia.com

Are the GPS coordinates a good source of entropy?

Cryptography Asked by CipherX on September 9, 2020

Are the GPS coordinates (latitude and longitude) a good source of entropy? If yes, why? If no, why?

The question would investigate on the fact if the GPS location data can be used as source of entropy in the cryptography field, in general. The question could be trivial or not, it depends by several factors (e.g. the scenario, the entity speed and so on).

But what do you think about it?

2 Answers

I think you're running into a conceptual misunderstanding here and looking to extract entropy from values that are better understood as a signal (your GPS's estimate of your position) instead of trying to isolate a noise (e.g., the errors in your GPS's estimate of your position).

For example, one idea that's discussed from time to time is the use of digital cameras—already built into tons of devices—as an entropy source. But the idea, in its more clueful implementations, isn't to use the variability of real-life scenes and try to turn that into random bits, but rather, to isolate the sensor noise from the actual scene and extract entropy from that noise. One simple way of doing this is to actually take two consecutive photos with no light hitting the sensor, so that the differences between the two frames are random noise.

Transporting this idea into the GPS realm, if you want to extract entropy out of GPS you wouldn't want to use the locations per se, which as other folks have pointed out is likely something your adversary can predict. Rather, you'd want to identify some factors that cause random errors in your GPS receiver's estimates of your location, and see if from that you can produce sequences of values that fluctuate randomly.


If we get a bit closer to basics, though, note that:

  1. GPS satellites are orbital atomic clocks;
  2. The GPS position fix is actually a position and time fix;

Which does suggest an approach: instead of GPS position, use GPS time as a reference to successively measure the errors of an independent clock on your device (e.g., the system monotonic clock) and extract your random bits from that.

Answered by Luis Casillas on September 9, 2020

Probiably not. If a hacker where to locate the device physicaly then the search space would be greatly decreased. Even knowing the city (ip can give you that) might be enough. Other similar sources with a higher entropy could be changes in lat and long, but those are most likely small. You would most likely get better entropy using the accelerometer/gyrometer/magnomiter instead (if avaliable, I am assuming this is for a phone). If you wanted lots of entropy, you could ask the user to give their phone a nice toss while poling gyro and acceleration.

Answered by Jesse McDonald on September 9, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP