Maybe we could make a database offline available but store the hashes
online.
This would prevent us from bloating out the database to make the rule
"at least 2 correct".
The device would send it's last scan and if it is valid (2 correct) and
part of the existing database then the user would get the hash(es) for
let's say 1x1km square/radius around his location.
1. Square if we part the database into 1x1km squares where each entry in
such a square is encrypted with the same hash.
2. Radius if the server sends you a lot of hashes for all entries at
your location.
the second variant is harder to brute-force then the first (each
location has a different hash) but needs more data (network connection).
Still the attacker would need to drive around to get the neccessary data.
Maybe the device could be more specific and order the hashes for a
certain route, for that we would need to implement navigation functions
into Ichnaea-> plan out a route based on MLS instead of GPS, or at least
partially (->switch to GPS for positioning data if there is none, and
maybe record the data at the same time (as long as GPS is on) to
contribute further to the project)
A third variant would be: the server guesses the users carrier and
predicts which cell the device connects to at each point. The server
would calculate a certain number that would be entwined with the cell id
at that point to get the hash that the wifis are encrypted with.
Problem: you need a procedure that ends up with the same key.
You have the hash, the server knows that and encrypts it with the cell
id so that the device can decrypt it and gets the hash so that it can
decrypt the wifi data.
Regards,
Felix
_______________________________________________
dev-geolocation mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-geolocation
