This research considers the question of what constitutes identities in cryptography. Typical
examples of identities include a person's name and social-security number, or fingerprint/iris-scan,
or address, or a (non-revoked) Public-Key coming from some trusted public-key infrastructure. In
many situations, however, where the person is located defines his or her identity. For example,
we know the role of a bank-teller behind a bullet-proof bank window not because he shows us his
credentials but by merely knowing his location. One of the questions that this research focuses
on is the following: is it possible to have the ""geographical position"" of a device take part in
defining the set of credentials this device has? What are the new possibilities in terms of what
can be achieved in this setting? First, this research examines the central task in this setting,
i.e., securely verifying the position of a device. Despite much work in this area, our preliminary
findings show that in the ""vanilla"" (i.e., standard) model, the above task of secure positioning is
impossible to achieve.
This research focuses on a different model: to study the proof of position in the bounded storage
model (i.e. where we assume some bound on the total memory of the adversary). In this setting,
this research aims to achieve various tasks including secure positioning, position-based key exchange,
and more general position-based secure functionalities. The broader impact of this project is to first id
entify various flaws in previous attempts; second, to propose a new framework where rigorous proofs
are in fact possible; third, to open this important area of research for further study by putting
it on solid theoretical foundations. The overall aim of this project is to develop a principled
approach to position-based cryptography, to define key problems, and to establish both impossibility
results and new frameworks that are provably secure.
