In this proposal we consider the question of what constitutes identities in cryptography. Typical examples of identities include your name and your social-security number, or your fingerprint/iris-scan, or your address, or your (non-revoked) Public-Key coming from some trusted public-key infrastructure. In many situations, however, where you are defines your identity. For example, we know the role of a bank-teller behind a bullet-proof bank window not because he or she shows us her credentials but by merely knowing her location. In this proposal, we ask the following question: is it possible to have the ""geographical position"" of a party take part in defining the set of credentials she has? What are the new possibilities in terms of what we can achieve in this setting?
First, we propose to consider the central task in this setting, i.e., securely verifying the position of a device. Despite much work in this area, we have preliminary results that show that in the ""vanilla"" (i.e., standard) model, the above task (i.e., of secure positioning) is impossible to achieve.
We propose to study the proof of position in the bounded storage model (i.e. where we assume some bound on the total memory of the adversary). In this setting, we wish to achieve two tasks: secure positioning, and position-based key exchange. While the question of secure positioning has been asked in the past, no satisfactory answers exist.
The second question (of position-based key exchange) has not been asked in the past. We also ask a broader question: whether position-based Secure Multi-Party Computation can be achieved in this setting.
