The loss of sensitive information stored on portable devices such as laptops and USB keys can have costly consequences for businesses, governments and individuals. Businesses can lose the trust of their customers, or even have their confidential plans revealed to competitors. Individuals can have their identities stolen and find their bank accounts emptied.
Passwords, cryptography and biometrics are among some of the ways used to prevent valuable information from falling into the wrong hands. Now, an EU-funded project wants to add satellite navigation technology to the arsenal of data protection weapons.
The TIGER (Trusted Innovative GNSS Receiver) project is creating a security token with an in-built satellite navigation receiver that allows access to information based on location. The trusted receiver and software will authenticate and protect the integrity of the data and signalling type so that an attacker cannot access confidential information.
The system will allow users to bind data to location, allowing only authorised users to access information if they are at a specified place, such as at a particular office or event, whether it is on a device or stored on a server.
In addition to location-based access control, the system will provide such functions as geo-encryption (an additional security layer that adds position, velocity and time to data encryption), a digital signature (with location and trusted time information) and attestation (proof of a person’s position).
Leveraging EGNOS for accuracy and authentication
For the location and authentication function, TIGER will use Europe’s EGNOS – and in the future, Galileo – since these will improve the level of accuracy and authentication on the trusted receiver.
The project began in January this year and will last for 18 months. Project coordinator Alessandro Pozzobon, of Italy-based Qascom, says the proposed secure token includes cutting edge GNSS and tamper-resistant technologies.
“Our research shows that in the current security market there is a need for security tokens with a date and location element,” Pozzobon said. “Banks, the military and governments are among the many user groups that could benefit from the additional location-based security layer.”
The TIGER token will be a USB key that acts as the master device to unlock access to information on a memory stick or laptop computer. The system will allow a company to grant access to information based on where the token is located. Access to specific content would be automatically activated on arrival at the determined location.
“A manager can decide whether information is encrypted and give the token to employees, who will only be able to use it in specific areas,” he says. “It can be used also for monitoring. For example, a manager can use the tokens to know when and where information is accessed or modified.”
If a person is travelling, access to specific content could be automatically activated on arrival at a predetermined meeting location. Even if a thief had the token and the password, he would have to first determine where the predetermined location was and then go there – before being able to access the information.
Work in progress
The TIGER project team is currently analysing all of the requirements needed for the system, followed by a technical feasibility study and further research. The security token will be developed by a consortium of European research institutions and companies, led by Qascom, with the participation of Acorde Technologies, the University of Cambridge Computer Laboratory and Politecnico di Torino (NavSAS group).
The main task will be the development of the secure GNSS token able to provide an acceptable level of protection against known and future GNSS and non-GNSS security attacks.
Other likely applications for the technology include improving security in road tolling applications, pay-as-you-go schemes, border control for sea vessels, and for tracking hazardous materials being transported. Additionally, the trusted receiver technology could be used in security applications such as covert operations, law enforcement and certification.
“The development of such technology not only provides a platform for the target mass-market application, an access control token, but also ensures development of European intellectual property that can be leveraged for a myriad of security applications and future research, presenting significant market opportunities,” says Pozzobon.
Stimulating research
Tiger is one of 23 projects selected for funding in the GSA’s first call for proposals made under the EU’s Seventh Framework Programme (FP7). The GSA is responsible for overseeing most FP7 funding into research related to EGNOS (European Geostationary Navigation Overlay Service) and Galileo, the EU’s global navigation satellite system programme.
In selecting projects for funding, the GSA aims to ensure that EGNOS and Galileo become the premier satellite navigation systems in Europe for civil use, and generate public and social benefits. The projects selected for funding must also stimulate market-oriented applications and services in Europe, or internationally.