Skip to content

Instantly share code, notes, and snippets.

@marty1885

marty1885/Etherium\IOTA Phone Recovery.md

Last active May 31, 2018 05:11
Show Gist options
  • Save marty1885/eedbfb6f8a3bf2453175bda6ed4f892b to your computer and use it in GitHub Desktop.
Save marty1885/eedbfb6f8a3bf2453175bda6ed4f892b to your computer and use it in GitHub Desktop.
Download ZIP
Etherium/IOTA Phone Recovery
Raw
Etherium\IOTA Phone Recovery.md

Etherium/IOTA Phone Recovery

So, this is a stupid project I came up with that might work. It attempts to solve the problem that phone manuf actors can abuse there phone recovery service to track you by offloading the task of activating the tracking daemon on the phone from the service provider to the user and the Etherium network.

This should also work on IOTA. But I'll focus on Etherium for now. (I started designing it for Etherium, but IOTA seems to be a better way to go. Really, just replace Etheriun to IOTA int the later sessions)

How it works

This secession describes the basic principle how how it workds. This is only a draft and things are subject to change.

Let's assume an app called EPR (Etherium Phone Recovery) is installed on someones phone. And there exists two PGP keys. Key A and B (Ka and Kb for short). And two Ethetium address. Ea and Eb. Where Ea is the user's Etherium address, Ka is the PGP key that the user used to retrieve data. While Eb is the app's Etherium address, Kb is the PGP key the app used to retrieve message.

  1. EPR searches trough the ETherium Blockchain every (let's say) 30 minutes. Trying to find a transaction to Eb with input data field filled with encrypted message (with Kb's public key, And thus can be decrypted by Kb's private key) containing a enable phrase.

  2. If the enable phrase is found, send GPS coordinates every once in a while to Ea; encrypted with Ka's public key.

  3. The user can retrive the phone's location by decrypting messages sent to Ea by Eb with Ka's private key.

Potential Problems

  1. The use of such app can lead to adversary finding out who owns Ea and that Eb belongs to a phone.

  2. No way to be a free service (Maybe possible with IOTA?)

  3. The PGP keys leaking will result with total information leak. (Not a problem particular for this project...

  • Kb's public key leaking will enable adversary to activate the phone's tracker (if enable phrase is also known).
  • Ka'y public key leaking will enable adversary to read the user's past record.
  • Since data can't be delete/modify from a blockchain. The keys has to stay safe forever.
@marty1885
Copy link
Author

marty1885 commented May 31, 2018
edited
Loading

@cryptowizard88 Yeah, IOTA has its fair share of problems. But I don't think it is a problem in this case. Since I'm not doing payments but using IOTA as a message board.
The raw data EPR sends/received will be visible for everyone on both Eth and IOTA anyway. The thing that matters is that they are encrypted. Unless the adversary can break PGP, no harm can be done.

Maybe I overlooked something, any possible attacks you can think of?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment