Saturday, April 30, 2016

GPS Evidence: Better Cybersecurity through GeoPrinting*

Digital devices, computers, cell phones, and tablets are more mobile today than ever before. They are also wired for more sensors than ever before. These sensors detect movement, orientation, g-forces and, yes, GPS generated location fixes. Digital devices know where they are, and often know where they have been, and, with appropriate software, are probably are capable of predicting where they will be used in the future, based on historical records.

Both because of their value as strictly as hardware and because of the valuable data they store, digital devices are the targets of thieves. Because they are always with us, digital devices are also susceptible to accidental loss, loss that can leave them in the hands of those who might not return them, or use the data on them for their own purposes.

Digital devices are often portals to the authorized user's entire life “on the cloud.” Because owners often allow nearly automatic logins from portable digital devices in their possession, others can easily “take over” email, banking, and other security sensitive websites or applications. Thus, the loss of a digital device might not just endanger what is on that device, but rather endanger the owner's financial, commercial, social and emotional future: the owner's entire “Cloud Persona.” Furthermore, because portable digital devices often hold business, professional or otherwise confidential data trusted to the authorized user, hacking, theft or loss can effect entire business ventures or threaten government security.

How do we protect ourselves from these threats in a connected digital age? Answer: GeoSecurity: The practice of raising or lowering portable device digital security based on whether the device is within a valid GeoPrint location for the device, and the process of both heightening security to access the device, and digitally informing cloud accessed applications to raise or lower security standards based on the current device location. As explained below, digital devices can become much safer by recording where they are usually used, then requiring less security in those familiar physical locations, and much higher security when used outside the familiar locations.

A “personal” digital device is only used from one physical location at one time, as the authorized user has only . Because most portable digital devices are equipped with GPS chips, those devices know and can record where they are currently being used, and where they have been used before, and the paths between those points (if activated.) For instance, an I-pad owner might use their I-pad at home (Point A), at their office (Point B), at their health club (Point C), and at selected friends houses (Points D, E, and F.) Previously recorded locations are safer, because if someone logs into the digital device, it is likely to be the owner or an authorized user of the portable digital device.

Points A through F are lower risk locations, because these are locations. Software can “learn” device owner locations and keep them in memory after a “training period” of a week, two weeks,etc., or tie them to a locational database such as vehicle tracking databases like those used by some insurers. These recorded points, and travel between them, would be the authorized user's GeoPrint.

Establishing the “GeoPrint” [Digital locational fingerprint]:
We all travel in patterns: to work, to school, to social locations, ect. We carry our portable digital devices with us [Ipads, Iphones, Tablets, Cell Phones, etc.] These devices have sensors that “know where they are,” and can preserve and record locational information in several ways: GPS chips can write track records, Cell phones connect to certain cell towers throughout the course of a day or trip, etc. Software can be written to record those geographic locations and establish a GeoPrint: Digital geographic “fingerprinting” based on a portable digital device's unique GPS track record based on the user's repetitive cyclical travel patterns over the course of time. Like a fingerprint, our travel patterns are unique based on our daily obligations. Some trips will repeat daily, others, several times a week, and some, once a month or so. Rarely, trips will be seasonal, such as seasonal but repetitive trips to cottages in the summer, or ski locations in the winter. Good software will allow for a baseline GeoPrint, and allow for high security authorized additions to the baseline record, which will eliminate the need for repetition in following seasons or years.

Protecting our Devices With GeoSecurity:
The first line of defense is making sure no one unauthorized gets into our portable devices, so GPS related low and high security zones recording (training?) and comparison should be either part of the operating system, or booted before the operating system boots, so access can be controlled before any device information is exposed.

Therefore, if, suddenly, someone logs into the Ipad from a previously unknown location (Point Z), outside the owner's geoprint, even if the login is correct, there is a much greater chance that the person logging in is not the owner, but a thief or unauthorized user. Should, then, the device lock out the potential user based on location?

No, absolutely not! But, the device can shift to a higher security mode based on the new location, perhaps requiring a second, unrelated password, answer to a security question, or secondary requirement to trace a security drawing in a predetermined manner.

Furthermore, if the higher security feature is attempted and the unauthorized user fails it, the device can be programed to generate predetermined email messages indicating 1) the current GPS location 2) Identities and strengths of nearby network signals (together with whatever ID signals can be gleaned from the networks) and 3) a picture of the party attempting to log in.

Finally, if the higher security mode login passes, the system can query if the user wants to designate the previously unknown area as a new lower security area, and put that GPS information into memory. If so, Point Z would now be designated lower security.

Protecting our Cloud Personas With GeoSecurity:
The second line of defense would be software added or activated from cloud based providers. To prevent these providers from “tracking” the device owner, apps on the device can handle the training, and make a determination whether the device is in a low or high security location (where low is where the owner usually logs in, and high is “everywhere else.”) Then the local app would simply flag the cloud application to use low or high security for the current transaction – for high security, it would require additional password(s), security questions, or logging. Cloud applications would be more secure simply by “listening” to the high or low security recommendations from the app.

Of course, the owner might try to log in from a device that does not generate a GPS fix – which, in itself, would probably require higher security, because it might not be the owner. In such situations, sensitive cloud apps might use other determinations, like networks logged in from, locations of network nodes, and the like, to determine that lower security should be used, or let the owner make a decision AFTER passing a high security login requirement a single time. Better practice would be using Desktop GeoChronoSecurity, described below, after authorizing the desktop for certain times of use.

Using GPS device location as a factor in determining what security measures should be used would make mobile devices less subject to theft, online account more secure from hacking, while allowing device owners to access their accounts with reasonably lowered risks. Device owners can dial in a margin of locational error they are comfortable with, from a few hundred feet to a few miles, and still enjoy better security.

Temporary Geographic Changes
While we travel to usual places regularly, there will be times when our geographic “fingerprint” is just not valid – vacations, extended hospital stays, etc. Good security software will allow a valid user (determined by passing the high security test) to temporarily reduce security – but for a specific preprogrammed time period, so at the return from vacation, the former GeoSecurity scheme automatically resumes. This removes the possibility the user will forget to resume the program.
Such changes can be chronologically AND physically based to reduce risks, such as restrictions to the city the user is visiting for a period of three days, changing to the next city for two days. While less secure than continuous high security, such a plan reduces risk of data loss and limits risk in a high risk situation.

Permanently Changing the Digital Fingerprint:
While we all engage in repetitive movement, viewed over the course of weeks, there are “sea change” times in our lives where everything in our “movement lives” changes – job change moving to a new city, graduating high school and going to college. GeoPrints could be changed by high security login and authorizing the software to "relearn" our travel pattern-which might either replace our previous patterns; or be amended to those travel pattern.  This would allow the college student to return home for the weekend without facing high security software challenges.  

Enhancements - GeoChronoprint:
Those who desire both the best in security and the best ease of access might want to use not only a GeoPrint but a GeoChronoprint: A combination of location AND TIME at that location. A GeoChronoprint would record not only past locations, but time frames at that location, or times in transit. These could be used to develop location and time based rules for lower security access, with other other times and places requiring higher security access. For example, your device “learns” that your are at your location “workplace” from 9 am to 5 pm. Therefore, it won't allow low security access at 7 pm even if the device is still at your workplace- which is good, because you forgot your phone there and someone is trying to hack it! Of course, there will be some built in “fudge factors” in time frames, as you might get to work late some days, travel at different times, etc. but “windows” of access could easily be built to allow minutes or hours of additional low security access and still improve overall security. Likewise, larger geographic security could allow additional freedom without too much reduction in security. So, a typical test might be “If within 500 feet of Lat. X Long. Y from 7 am to 6 pm, then use low security, otherwise, high security” (if 8 am to 5 pm are usual hours.)

Desktop GeoChronosecurity: Desktops don't move, so why do we need GeoSecurity for desktops? Digtal Personnas can be accessed by both portable and nonportable computers, so if I've locked up my digital access from portable devices with GeoChronosecurity, my nonportable computers either will have high security access at all times (because they don't “know” and can't “tell” where they are) or I will be stuck with low security at all times from my desktop, which means any other desktop from anywhere could act like my desktop to get to my apps with lower security, even when I'm not at my desktop keyboard. The better answer: Authorize specific desktops by using portable devices:
  1. Travel to your desktop with your portable device. Go to “Authorize Desktops” on the GeoSecurity app.
  2. Enable “GeoChronosecurity” by downloading the correct application, or enabling it on the application.
  3. The portable device app will give you both the Long. Lat. GPS location of your desktop AND
  4. A security code you input to the application, different for each desktop. To be authorized the desktop would HAVE to be within your GeoChronoprint (correct time and location) because that is what makes sure you are you!
  5. The desktop will import your GeoChronoprint and only give you desktop low security access at times when your are expected to be at that location (home, for instance) and all other times, high security access would be required.
  6. When you reboot, your desktop should give its location and the current time.
While desktops suffer less thefts, they are just as susceptible as portable devices to hacking. So you may wish to use the principle of exclusion to keep others off your Desktop. Authorizing a desktop gives it a permanent stored GeoPrint that never changes; unauthorized users will attempt to login either with a different locational information or no locational information-and will face high security when trying to log into cloud applications or websites.

GeoExclusion Security: Because there is only one you, you may want to turn on GeoExclusion – that is, the highest security that will exclude the most people (three passwords, security questions, etc.) When you are expected to be in a certain location, your digital devices in that location will return to low security. When you are expected to leave, your devices return to high security. GeoExclusion could also lock out others from your applications when you are both detected on a portable digital device elsewhere, because there is only one of you. Desktops would also benefit from GeoExclusion – If you incorporate your GeoChronoprint in the desktop computer, your software and Cloud apps will know when you are expected to be on the desktop computer, and move to lower security for the duration of your expected stay, then shift back to high security once you leave the premises.

Would GeoSecurity threaten digital privacy?
In a word, no! The entire process could encrypt GPS coordinates, locations, and times. The GeoPrint, or GeoChronoprint, is needed for comparison purposes, and the software could be written in such a way that hides the actual information both from the authorized user and from any network or Cloud Applications. The only question GeoSecurity software needs to answer is “Do I need to lower security here? And now?” by checking if the current location is historically safe, that is, visited before. This simple “Yes or No” answer can be handed off to local software, applications, and Cloud Based software. Therefore, adding GeoSecurity to current web applications would be as simple as adding the extra security features, adding some “hooks” to detect the local software's responses, and adding configuration options to turn on GeoSecurity.  Encrypted GeoChronoprints can be shared with the authorized users other devices by secure means (USB transfer) together with whatever algorithm and keys are needed to sync the GeoSecurity system.

This blog post describes an outline of a digital security system based on past geographic travel that will enhance current security systems by introduction of a unique computer recognized element - gps location - that, while in control of the authorized user, will provide an element of identification that is both nearly impossible to replicate and is created without any additional effort by the authorized user.  Based both on current technological sensors and current software capabilities, it just needs dedicated, and hopefully open sourced coders (under a GNU license) to write the code to link the pieces of the puzzle.  

Thursday, February 25, 2016

GPS Evidence: GPS location data as an element of predictive technologies.

      This blog has examined and discussed GPS tracking evidence in both legal and practical settings. In recent years, GPS evidence creation has become omnipresent in technological devices. These same devices include information about individuals and their surroundings. That information is stored both for the convenience of the individual and for the profit of others who want to market both goods and services to the owners and users of the technology. At this writing, most of the applications don't intelligently use all the information either available to them or data available to actually predict user actions in ways that will assist the users. This blog is about how GPS evidence help can establish what I would call geocontexts, that is, contexts derived from both current geolocation, past geolocational history, and supporting data.
       Take, for instance, the activity of cell phone predictive texting or voice recognition. Current programs are blind, deaf and dumb to their surroundings. They focus on either a few keystrokes, within the message. Newer programs try to predict what the next word will be based on who the message is addressed to. But all ignore the basic context clues that humans rely on every day to attempt to decipher person-to-person face-to-face communication. Geolocation is one of the major communication clues.
        A face to face conversation in a specific geological location (together with its identifying functional context) give humans a great advantage in predicting how a conversation will proceed. Often, people will complete each others sentences because the overall circumstances make the content of the conversation so clear.
         If two strangers dressed in white jumpsuits were ushered into a stark white windowless room, seated across from each other, then asked to predict what the other might talk about, the answer would probably be “could be anything.” A cell phone app or voice recognition software faces the same issue. However, two people talking at a supermarket probably are talking about food, work or family. Two people talking at a car dealer are probably talking about cars. People at a sporting event are probably talking about sports. These people are aware of what is going on around them, the likely subjects to come up in that environment, and even probably have an idea about how the conversation will go. Certain conversations take place at certain times of day, different at 8 a.m. at the front door of a school than at 1:30 a.m. at a bar.
          In the same light, voice recognition and text predictive software could, if taking advantage of all the contextual sensor information available, more reliably predict possible inputs and give much more accurate choices by narrowing down the likely word choices to ones that make sense in the context. For instance, a program could build lists of possible word choices or phrases usually texted or from car repair shops - “e” choices would include “estimate” “exhaust” etc., These targeted libraries would be much more accurate than choices picked from the entire universe of the English language. Voice recognition could be weighted towards an auto repair specific vocabulary, rather than choosing possible words from an entire universe of vocal sounds.
          Since we are all creatures of habit, our devices could learn that, based on our GPS tracking history, we work out at the gym on Tuesdays at 7 am, so texts or voice recognitions that occur either just before or while we are traveling (hopefully, as a passenger) would skew towards exercise talk. If our devices are aware of our schedule and our location, they might actually be able to suggest messages, or send them for us-if I'm late to the dentist, but on my way (as detected by my device) it sends a message telling them when to expect me.
          Trips at certain times to certain places on a regular basis also suggest context, context that can be used by devices (and created by learning) that can serve to limit vocabulary to your choice of destination. Weekly trips to certain restaurants will probably have talk of menu choices, seating choices, reservation times and possible companions. Specific areas can be gleaned from past voice or text driven conversations.
           Devices some day may actually share where both the sender and the desired recipient are, and use that data to make intelligent decisions about both message context (for accurate text/ voice prediction) and intelligent message handling. For instance, messages about what to get at the grocery store can wait to be delivered until the driver going to the grocery store has stopped; whereas messages about a scheduled sporting event that was canceled due to bad weather should be passed immediately to those on the way of the event, but passengers should be notified prior to attempting to notify the driver. The device would know of the scheduled event; know the direction of travel toward the event. While sensors to determine which phone (I.d.ed by phone number) is in which car seating area (thus designating the driver) have yet to be invented, GPS technology might tell who is driving based on a historical driving pattern.
           Where two distantly located people are talking will likely suggest a conversation-two business contacts, one a supplier and one a customer, are likely to limit the conversation to the overlap of the two businesses. A restaurant owner talking to a paper supplier will likely be talking about toilet paper and paper towels. More advanced systems might even identify locations of whole families, relate their schedules based on GPS history, and suggest conversation topics based on all those locations. A text from a minor child at school mid-day, with subsequent exchanges between working parents at their workplaces suggests illness related discussions, and who will pick up the child from school.

         The entire point of this post is that predictive text, voice, and someday autonomous systems have much to gain from GPS generated context evidence. While the universe of human activity is highly varied and complex, the specific activity of specific human beings is much more narrow, more constrained and more predictable than the species as a whole. When tracked and recorded by GPS evidence, autonomous predictive systems can accurately predict the context and content of text and voice behavior, and therefore offer a more accurate, quicker, and less frustrating user experience.