GeoGuard：基于UWB时间编码密钥重建的位置相关地理边界解密 (GeoGuard: UWB Timing-Encoded Key Reconstruction for Location-Dependent, Geographically Bounded Decryption)

Digital content distribution and propitiatory research driven industries face persistent risks from intellectual property theft and unauthorized redistribution. Conventional encryption schemes such as AES, TDES, ECC, and ElGamal provide strong cryptographic guarantees, but they remain fundamentally agnostic to where decryption takes place. In practice, this means that once a decryption key is leaked or intercepted, any adversary can misuse the key to decrypt the protected content from any location. This paper presents, GeoGuard, a location-dependent cryptosystem in which the decryption key is not transmitted as data but is implicitly encoded in the precise time-of-flight differences of ultra-wideband (UWB) data transmission packets. The system leverages precise timing hardware and a custom Timing-encoded Cryptographic Keying (TiCK) protocol to map a 32-byte SHA-256 AES key onto scheduled transmission timestamps. Only user located within an approved spatial location can observe the correct packet timing that aligns with the intended packet-reception timing pattern, enabling them to reconstruct the key. Eavesdroppers outside the authorized region observe an incorrect timing pattern, which yields incorrect keys. GeoGuard is designed to encrypt and transmit data, but decryption is only possible when the user is within the authorized area. Our evaluation demonstrates that the system (i) removes the need to share decryption passwords electronically or physically, (ii) ensures the decryption key cannot be recovered by the eavesdropper, and (iii) provides a non-trivial spatial tolerance for legitimate users

翻译：数字内容分发和专有研究驱动型行业持续面临知识产权盗窃和未经授权再分发的风险。传统的加密方案（如AES、TDES、ECC和ElGamal）提供了强大的密码学保证，但其本质上与解密发生的位置无关。在实践中，这意味着一旦解密密钥泄露或被截获，任何攻击者都可在任意位置滥用该密钥解密受保护内容。本文提出GeoGuard——一种位置相关的密码系统，其解密密钥并非以数据形式传输，而是隐式编码在超宽带（UWB）数据传输数据包的精确飞行时间差中。该系统利用精密定时硬件和定制的时间编码密码密钥（TiCK）协议，将32字节的SHA-256 AES密钥映射到预定的传输时间戳上。只有位于授权空间位置内的用户才能观测到与预期数据包接收时序模式相符的正确数据包时序，从而重建密钥。授权区域外的窃听者观测到的将是错误的时序模式，进而生成错误密钥。GeoGuard设计用于加密和传输数据，但仅当用户处于授权区域内时才可能实现解密。我们的评估表明，该系统（i）消除了以电子或物理方式共享解密密码的需求，（ii）确保窃听者无法恢复解密密钥，且（iii）为合法用户提供了显著的空间容差度。