At Thu, 31 Jul 2008 09:02:30 -0500,
Thomson, Martin wrote:
> For the purposes of outright lying, some elements of information can
> be directly verified by the LIS. For these pieces of information,
> the device provides value only by reducing the overall effort
> expended by the LIS in generating location information. The LIS is
> able to authenticate this information by acquiring the information
> using its own means. In many cases checking that the information is
> correct is far less costly than generating it in the first place.
> This is certainly true for the scenarios my company has been looking
> at in the past 18 months. Even if this is not the case, the LIS can
> check on random requests and the check can be made parallel to the
> continuing processing of the request.
Hmm... So, say the check comes up mismatched. What then? Random
checks only works well if it's coupled with some sort of punishment...
> The other case is obviously far more interesting. There are parts
> of the measurement information that cannot be validated by the LIS
> are quite clearly open to lying. However, you need to look at the
> goals of this draft. The point is to make available, to the LIS,
> information that can be used to improve the accuracy of the
> information that it provides. We have to assume that the LIS is
> able to determine the location of the device using some means,
> however coarse that is. The impact of a lie on the final result
> that is produced can be constrained. If for instance a device lies
> about its RTT measurements for WiMAX in such a way that the LIS is
> still able to use them, the result that is produced can be no
> further from the real location of the device than the uncertainty on
> the location information that the LIS is able to determine on its
> own.
>
> With this view in mind, it's easier to understand the impact of the
> lie. The LIS is able to take the spoofed measurement information
> and either check it entirely, or it is able to constrain the impact
> of the lie.
>
> We have product that implements these mechanisms already in the
> cellular wireless space. Our SMLC, SAS and SUPL servers do this for
> A-GPS. We use the cell-based location to check the A-GPS location
> information. If the A-GPS position differs excessively from the
> cell-based one we are able to reject (or just log) the result.
Well, I see your point here, but if the relying party cares
about positions within the margin of error, then lying becomes
serious.
And of course, this doesn't address the privacy issues...
-Ekr
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
Received on Thu, 31 Jul 2008 20:00:17 -0700
This archive was generated by hypermail 2.1.8 : Thu Jul 31 2008 - 23:01:12 EDT