A group led by University of California, Los Angeles computer scientists say they have proved that cryptography based solely on physical location is now possible, thanks to quantum mechanics.

The team, which includes computer scientists from UCLA, Centrum Wiskunde & Informatica in Amsterdam, and Microsoft Research, will present its findings at the 2010 IEEE Symposium on Foundations of Computer Science in Las Vegas in October.

According to Rafail Ostrovsky, the UCLA professor of computer science and mathematics who headed the team, "securely proving a location where such a proof cannot be spoofed, and securely communicating only to a device in a particular location and nowhere else is extremely important" because it effectively allows two parties to communicate securely, using only geographical positions as their credentials.

One potential wireless security application, for example, would be to allow two military bases to communicate with each other over insecure channels, without sharing a key in advance or requiring a secure infrastructure.

Last year, Ostrovsky proved that using triangulation to provide secure positioning was vulnerable to attackers, who could collectively spoof the location.

Enter quantum mechanics. The researchers have advanced a quantum-bit-based strategy for providing positioning, authentication, and key exchange, all of which are essential features for location-based cryptography. In addition, they say that their location-based cryptographic strategies can be proven to be "unconditionally secure." In other words, they allow for secure communications, "without assuming any restriction on the adversaries -- beyond the laws of quantum mechanics."

Their approach works by sending quantum bits -- rather than regular bits -- to establish a secure communications protocol, and subjecting the bits to multiple, random challenges to prove their authenticity. According to the researchers, "this is because an adversarial device can either store the quantum state of the challenge or send it to a colluding adversary, but not both."

The researchers say that their proposed methods can be implemented using existing technology.

Can't make it to the Black Hat USA security conference this July? With Black Hat Uplink, you can experience the presentations online. Events will be streamed live on July 28-29, but you will be able to view Uplink presentations for 90 days after that. Click here to find out more.