Forgot your password?
typodupeerror
Security

Crypto with Epoxy Tokens, Glass Balls and Lasers 265

Posted by michael
from the truth-is-stranger-than-fiction dept.
Anonymous Coward writes "Scientists from MIT and ThingMagic have collaborated and developed an innovative crypto mechanism using epoxy tokens, glass spheres and lasers. They have actually created a physical one-way function that cannot be tampered, copied or faked! The full scoop can be found at MSNBC, and also at Nature, & TOI."
This discussion has been archived. No new comments can be posted.

Crypto with Epoxy Tokens, Glass Balls and Lasers

Comments Filter:
  • by Anonymous Coward on Friday September 20, 2002 @10:16AM (#4297225)
    for random numbers with

    Lava Lamps? Now there is Lava lamp cryptography.

    Read about it at:

    LavaLamp [lavarnd.org]

    Thanks and have a weekend !
  • by lynx_user_abroad (323975) on Friday September 20, 2002 @10:18AM (#4297239) Homepage Journal
    IIRC, something similar to this (very low tech) was used to create tamper-evident seals on things like the boxes guarding equipment monitoring nuclear sites, etc.

    I think the process involved mixing a bunch of little tinfoil sparkles into a clear epoxy resin, applying the resulting glue as a seal, and photographing it from several angles. Simple to create, yet darn near impossible to duplicate a second time. If the blob is missing or different, something fishy is going on.

    • by still_sick (585332) on Friday September 20, 2002 @10:39AM (#4297371)
      So remember, the next time a nuclear scientist asks to borrow your elbow macaroni and glue-on sparkles, he might not be making a birthday card for his mom - he might be ensuring the security of the world!
    • by Phil Wherry (122138) on Friday September 20, 2002 @10:55AM (#4297493) Homepage
      A very similar technology been used for the identification of gems [gemprint.com] for quite a while. The idea is pretty much the same: shine a laser beam into the gem, then record the pattern generated by internal reflection/refraction. The technique has been around for at least twenty years, I believe. Still, the idea of a physical one-way hash function is interesting and quite likely useful.
    • These devices seem to be deriving all their randomness by the natural (and intentional) "imperfections" of the creation process. This means that they only become secure when the devices are first analyzed -- *after* they are made. There is an inherent benefit and weakness to creating things in this hit-and-miss way.

      Because the manufacturers are not trying to create pseudo-randomness themselves (invariably according to some algorithm, like creditcard numbers), it really is much harder for blackhats to reverse the one-way function. However, because there are no rules governing what a "valid" key looks like (they're just supposed to be unique), someone could very carefully create a number of these token that are, instead of random, very similar. Because practical implementations of this scheme are likely to scan these keys from pre-determines angles, the amount of difference allowed between these similar keys may be large enough to create "duplicates".

      Note that this doesn't mean that blackhats can duplicate your key, but they may be able to create a matching pair and swap yours with theirs in the middle of the night...
      • The disadvantage of this approach is that for these devices to be useful at say a supermarket, the master key still has to be stored on a server somewhere. If someone hacks the server, they can then impersonate you.

        The advantage of this approach over other physical authentication techniques such as biometrics is that you don't have to trust the scanners. With fingerprint readers, once they scan you they can then store your fingerprint and impersonate you. That doesn't seem possible with this new approach.

        Of course for pure theoretical security, it still doesn't match a smartcard with an RSA key encrypted with a strong 128 bit password that the user has to type in every time he wants to use the card. Unless you want to embed the smartcard inside a refractive epoxy for the best of both worlds.

        -a
    • An even older application involved wax seals for letters.

      Candles of different colors were dripped onto the envelope to create a swirl of color that can't be as simply duplicated as a single color wax seal can. The picture of the multi-colored seal was sent ahead to verify the authenticity of the seal.

    • I believe nuclear materials are safeguarded using a similar system. A bundle of fiberoptic cables is used as a "chain", with the ends somehow twisted and locked. The twisting has the effect of breaking some of the cables in a random pattern that can be verified or monitored continuously by shining a light through the bundle. Presumably any attempt to remove the cable (or cut it) would alter the pattern.

      Neat.

      Pat Niemeyer
    • by theCat (36907) on Friday September 20, 2002 @03:54PM (#4299853) Journal
      In the Middle Ages when you made a contract with someone it was written twice on the same parchment, at the top and at the bottom. Then the parchment was torn in half unevenly between the two versions of the contract and each party took one of the halves. In the future should the terms of the contract come into question they could verify that the contract each held was in fact the original by realigning them along the tear; the originals would of course match exactly and the veracity of the copy contained therein could be verified.

      The jagged edge of the contracts looked like teeth, Latin dent IIRC, and whoever held such a contract was said to be indentured

      Didn't require lasers, of course, but did require that the two parts be physically present and visually verified, so it is remarkably similar in principle. The fibers and surface imperfections of the parchment (thin leather) would have taken the place of the glass beads in this case.

      So, does the MIT patent fail due to prior art? ;-)
  • Great. They use a laser to convert the 3D arrangement of glass spheres in an epoxy matrix to a 2D 'light/dark' pattern.

    A crummy piece of film exposed at the sensor plane, then developed, could be used to get around this. Lay the film on the 2D sensor, and voila - the 2D pattern is duplicated!
    • Simple man-in-the-middle attack, so to speak. Capture your 2D token, relay it on on your behalf......
    • by Remus Shepherd (32833) <remus@panix.com> on Friday September 20, 2002 @10:21AM (#4297270) Homepage
      I thought of that also. But I read the article more closely, and they mention that different view angles would be used to generate different speckle patterns.

      A one-angle view of this token would not be secure, but a security mechanism that scanned the token through multiple angles would be very difficult to recreate. I don't know if they should be throwing around the word 'impossible', however.
      • It is impossible to re-create the crystal that generates the data, not the data itself. You are looking at this object which is used for physical security from a purely software standpoint. The data istelf (the pattern resulting from the laser through the crystal) is useless if you cant create the crystal which generated the data in the first place, because then you can't duplicate the card.

        • It's not impossible. Anything that can be created can be recreated. We just don't _currently_ have the engeneering skills needed to recreate it. Give it time... this kind of scheme will be broken too.
          • While they do say it isn't currently possible to generate the crystal fobs using available techniques, they also say that reversing the pattern of dots to create a fob *is* prohibitively hard - this is the key. What they're going for here is something that is as easy to manufacture as credit cards, but a few orders of magnitude more difficult to forge/copy/etc. Anyone who's been paying attention over the past few years realizes that magnetic stripe cards are pathetically easy to forge and magnetic stripes are easily read using devices that can be had on the grey market. Once you've read a magnetic stripe, you can recreate the credit card that originated it with ease.

            This is what this technology is meant to prevent. First, you'd need the laser equipment to read the fob to get the dot pattern. Then, to be sure, you'd need to make sure that you illuminate the fob from all sides, since the dot pattern is different depending on where the laser is shown from. Next, you need a fabrication facility to create these crystal fobs (currently not available, I imagine that'll change, too) and finally, you need a boatload of math to figure out what set of microscopic bubbles works together to form the set of dot patterns you scanned previously.

            This last bit, the forcing function, if you will, is the clincher. I imagine that the reversal of the dot patterns to a layout of microscopic bubbles in the fob is an f(x) that's particularly difficult to reverse, at least on the order of factoring the product of large primes (if not more difficult).

            Possible? Maybe - eventually, certainly. More secure than credit cards? You betcha. Especially since credit card fraud/theft is amazingly low-tech these days ... this type of technology would greatly raise the bar.

            Cheers.
            • This is a new scheme that relies on two problems that need to be solved: 1) determining the bubble pattern of an arbitrary fob, and 2) manuafactuaring a fob with an arbitrary bubble pattern.

              1) How do we know that determining the bubble pattern of the fob is difficult enough to determine? This seems to me to boil down a simple, but large, ray tracing problem. Comodity graphics cards today can do fantastic things with lighting that were dreamed by many as not even possible only 15 years ago. Perhaps it can be exploited to solve this problem in the near future. I'm not convinced that this is truely a one-way hash; the idea is too new to confidently rule out the possibility of a solution.

              2) Duplication is perhaps beyond current technology, but maybe not far away. It isn't difficult to imagine a matarial that can have it's light refraction properties modified at an arbitrary point that is located at the intersection of two or more lasers. Holographic research has been focused on solving this problem for some time and may have already come up with a (albeit expensive) solution.

      • This falls into the catagory of "the analog would is hard to simulate" area of cryptography. These range from the wildly useful (e.g. radioactive decay sensors) to the "whoops, I though it was secure" (e.g. the example in Cryptonomicon of the woman who peeks at the bingo balls and "makes it more random").

        Mostly it's a great way to come up with one time pads and otherwise feed random number needs in various crypto applications. Not terribly useful as a means of crypto per se.
        • "whoops, I though it was secure" (e.g. the example in Cryptonomicon of the woman who peeks at the bingo balls and "makes it more random").

          Except, if she had had her eyes shut like she was supposed to, it would have worked. Thats not a failing of the 'physical world' crypto, but rather the human brain's randomness generator.
      • If you know the motion pattern of the scanner, and can reproduce the same motion in a scanner of your own, scanning the victim's card, you can "easily" create a copy of the card. All of the supporting technology exists today.

        Scan your victim's card, and record the pattern you see.

        Place the recording on a similarly-sized device with any type of display. (LCD, LED, anything that can be powered by a small solar panel) "Cheap" copies targeted against "cheap" scanners won't need backlighting for the display.

        Make sure the card-sized device has a solar panel on it that will be able to power the display and the supporting IC that controls the display.

        When the illuminator turns on, the card has power. The card then immediately starts playing back the stored video, mimicking what the scanner would see had it been the real thing.

        This assumes, however, that the scanner has only one "eyepiece." Camoflaging (sp) the card so it looks real to the human observer would probably be difficult.
    • Getting the 2D pattern is easy (anyone with access to a reader could simply get this pattern through software). You then have to manufacture a crystal which produces this pattern, so that you can use your new counterfit card at the Sony store, etc. This is the part that is currently impossible.

      • No, you just have to create a card that absorbs the input laser and outputs the "correct" 2D pattern (and maybe looks good enough to get past the genius working the register).

        Oops.

        -Peter
        • No. The card doesn't output anything, it has no electronis, only this crystal. Both the laser and the device that picks up the patten ar eon the reader. So you'd have to duplicate the crystal.

          • Your ability to miss the point is astounding.

            To illustrate: You have one of these cards. It doesn't output anything, i.e. it is a passive device. I "borrow" your card, put it through a reader and learn what the "correct" output of your card is. I then construct a card that looks more-or-less like a legitimate card, but it is actually an active device that emits YOUR 2D pattern whenever it is scanned.

            In other words, I can't fake the 3D structure of the card, but I am not at all convinced that I'd have to in order to make charges on your account.

            Is that spelled out clearly enough for you?

            -Peter
            • OK, so in theory you make your whiz-bang holo-emitter card (try to explain you you plan to emulate diffraction patterns generated by a laser through a crystal). Let's say you do this and it works. Now you go give your whiz-bang card to joe schmoe at the local best buy to get a tv. Woah there cowboy, whats this big black thing where the crystal is supposed to be?

              No one would accept this emulator card you speak of, even if you could make one, which I doubt. And such emulator card would probably not fit in any ATM either.

    • if the pattern output is much larger than the diameter of the laser beam at the POS system.. and it looks like that is the point, and you put your film in lieu of the token, all you'd get would be a dark or light spot at the sensor.. because the laser wouldn't spread properly - it would just go right thru the film at some dimished value.

      if you were to build a practical (read: a forged credit guitar pick to by a hard drive at Fry's) forgery, you'd have to come up with a way to force the ultra-thin laser beam to spread into that pattern...

      what would you do? Bring a lens with you to spread the laser evenly over the film?

      i can't think of an obvious way to make a practical forgery - but i'm not saying it can't be done. But your notion of using film is bogus.
      • by autopr0n (534291)
        Actualy, there's an easy way to get around what you're saying. Use phosphors or an LED or something so that your film is 'always' glowing.

        Of course, none of this matters, since the above poster basicaly didn't understand what the whole thing does anyway.
    • Well aren't you smart, coming up with an "obvious circumvention scheme" that the original expert researchers never thought of. Brilliant.

      Oh wait, what's this? Oh, there's an ARTICLE to read? One which discussed exactly that, and how the laser can be shone through the fob at multiple angles, requiring the correct 3D structure? Hmm.

    • Stereolithography (Score:2, Informative)

      by Inda (580031)

      I did a lesson at college on Stereolithography [howstuffworks.com] about 10 years ago. The process of curing two-part epoxy resin with the heat generated with laser lights. It was very accurate back then; more than adequate for producing A1 models and patterns.

      I'm wondering how accurate it is now or how accurate it could become.

    • Great. They use a laser to convert the 3D arrangement of glass spheres in an epoxy matrix to a 2D 'light/dark' pattern. A crummy piece of film exposed at the sensor plane, then developed, could be used to get around this. Lay the film on the 2D sensor, and voila - the 2D pattern is duplicated!

      The MSNBC article seemed to have the most details. They said that the outputs did not have to be reused. It sounds like a challenge-response system, where the server sends input patterns, and the reader sends back the output patterns. If they really don't have to be reused, then the above criticism is not valid.

      Presumably, the server stores some finite number of input-output patterns, and then can send some subset of input patterns to be checked. By using different combinations of input patterns, even if some output patterns were intercepted, it would not be enough information to compromise this.

      For example, if the server stored 100 different input-output patterns, and sent 5 input patterns to be verified for a transaction, then the total number of unique checks would be 100!/(95! * 5!), or about 75 million.

      Of course, if different crooked merchants stole output patterns and pooled their knowledge, or if a customer made repeated purchases from the same crooked merchant, then it could possibly be broken. More information is needed about the system to understand its vulnerability to this type of threat.

    • No, the actual token will produce infinite variations. When you authenticate, you check a random source.

      Your spoofing technique would only work if the angle you chose and the angle randomly selected were the same, so the chances of it working would depend on how many angles for which the results are stored.

      Also, you could 'challenge' by requesting two different angles to be checked, in which case you're system wouldn't work at all.

      (I can't believe this got a four, Mysterious obviously either didn't read the artical, or didn't understand it)
      • No, the actual token will produce infinite variations. When you authenticate, you check a random source.
        No you don't. How would that even work? What would you authenticate against? (Did you read the "artical"?)

        You authenticate against a database that has several readings from several known angles:

        In practice, the combination of laser light inputs and resulting speckle pattern outputs for each token could be stored on a secure database. The token could then be read at a terminal that queries the database and authenticates the token's identity.
  • by Anonymous Coward
    Sounds like a kinky high-tech peep show.
  • hmm... (Score:4, Funny)

    by Quasar1999 (520073) on Friday September 20, 2002 @10:19AM (#4297249) Journal
    Can't be tampered with? Give me a hammer, I'll tamper with it... If I can't have the data, no one can!!!
  • by brunes69 (86786) <slashdot@@@keirstead...org> on Friday September 20, 2002 @10:20AM (#4297264) Homepage

    One thing know once you read the article(s), that really should have been included in the story submisstion, is this technology is more geared toward replacing things such as magnetic stripes on credit cards, and em cards, and whatnot. The tiny crystals that will replace these stripes produce a one-way function that is currently impossible to duplicate, so if widely adopted this would (at least temporailiy) make card couterfitting impossible. It is not describing a new encryption mechanism for your PC, or any software for that matter.

    • You just use the 'fob' as we're calling it here as any other one way function. Take say, 8 bits of data, and point the lazer at the fob at -128 to 127 degrees. Then take an 8 bit md5 hashcode of the result. Repeat as needed.

      It would actualy be a pretty cool encryption system, basicaly data would be locked forever unless you had the card. You'd never have to worry about anyone getting access to your data, since they would need the card to read it. And, if for example the FBI was on your ass, just throw the card in the microwave :)
  • Great... just one question, though...

    how is stealing speckle patterns gonna be any different from stealing credit card numbers from "secure" servers?

    • It could also be used on bank cards, thus preventing people from counterfitting them. I once read about a ring which was using an aptly mounted hidden camera to monitor people's PIN numbers. They then grabbed some ATM slips the person threw away (most people rarely keep/destory them) and manufactured a fake card using their PIN and their account information.

    • With credit cards, the credit card number is the secret, the whole secret, and nothing but the secret.

      With the new gizmo, the speckle pattern is not the secret. The secret is the arrangement of crystals, which isn't shared with anyone. Steal a copy of the speckle pattern and you have nothing.

      • by autopr0n (534291)
        The secret isn't the speckle pattern, but rather the output of the speckle pattern when tested from an arbitrary angle. even if you know the speckle patern, you can't computational figure out what the output would be with todays computers (or tommorow's, or the next years, etc.)
    • Because stealing the speckle pattern does you no good. You need to create a device that makes that pattern, when light is shone through it and an inaccessible air gap onto a sensor. You can't just lay something on top of the sensor itself because, in any even half-way sensible design, you couldn't get to the sensor itself without disabling the entire reader.

      I actually think this idea is extremely clever, but I don't know if I'd consider it a method of encryption. Even if you had an LED grid representing cleartext on one side, so you could read the "ciphertext" speckle pattern on the other side, how do you decrypt that? What kind of resolution, frequency and loss ratio are we talking about? This seems like it might be a really good authentication mechanism, where a known input will only be converted to a known output in the presence of a unforgeable secret, but I don't see how it can work for encryption where the input varies.

      • by Dr. Spork (142693) on Friday September 20, 2002 @11:52AM (#4297911)
        You're right that it's secure in cases where you use one of these cards in a retail store--in the sense that no one without your card can pose as you. However, what is to prevent the stores from saving your diffraction pattern (not the speckle pattern on the card but instead the resulting image) and then "using" your card as much as they want?

        Also, if the connection between a store and the pattern validation server is ever intercepted, a hacker could just save your patterns and re-send them whenever they want to purchase pr0n or something. So I think the original poster was right: this is just like stealing credit card numbers. As long as validation is done by passing around a bunch of digital data, that will always be the point of weakness. Even now, the vast majority of credit card fraud happens not because somebody's magnetic strip gets duplicated, but because somebody's credit card numbers get stolen. It seems like making the physical cards harder to duplicate is barking up the wrong tree.

        The only solution I can see is this: There wouldn't be a unique resultant diffraction pattern that gets passed around, but rather a two-way conversation between the validation server and the card reader. The server would ask three random questions of the sort "what pattern is produced when the laser shines from angle 1, what about angle 2, etc. The problem with this is that the validation server would have to know what the right answers are to all of the possible questions, and that creates a problem: either there would be waay too much data stored for each card, or there would only be a limited number of "questions" the server could ask. In the latter case, a thief's computer could just memorize all the answers to the few questions, and produce them without the card whenever the validation server actually asks.

        • Your analysis seems right on target to me. Any system that's not challenge/response is vulnerable to replay by anyone who can intercept the messages involved, and this system only allows for a limited number of challenge/response exchanges.

          I think the "validation server" approach might be problematic, though, since it allows new avenues for compromise. It might actually be better to store challenge/response pairs on the card itself, such that each use of a pair also erases that pair. Each card would then be good for a finite number of non-repeatable transactions, with server communication only necessary to "recharge" the card with new pairs. If the storage on the card and the challenge space are quite large, this is something the consumer would only have to do every N months or years, so it might actually be a decent convenience/security tradeoff even if recharging requires going to a service center or something.

          • I really like this idea of storing challenge/response pairs on the card and deleting them after the transaction. This is basically a one-time pad idea, and it is truly secure, as long as the "recharging" of the card is never compromised, and as long as there is no way to steal question/response pairs from the card itself and then "fake it," posing as the card.

            Unfortunately, I think the system proposed will not be compatible with this, because I don't think it's overwritable/erasable in the way it would need to be for this sort of validation. The traditional "smart cards" would make more sense for this purpose. However, their problem is different: their chips can be read and duplicated, something that appears much harder to do in this system.

            Here is my understanding of how credit card transactions work today. After your card is scanned, your account number gets encrypted and sent to the MasterCard servers, where they look in a database to check whether it's a valid account and whether your balance is high enough to make the purchase. If it is, they send back an OK.

            If the card sent a query-response pair to the bank, how would the bank be sure that the pair is coming from the card? How would it know that it's not coming from some data server that previously read your card and saved all the card's query-response data in memory? It seems that if we want to avoid this, the query must come from the bank itself, a sort of check like: "are you the real card?" What question would be asked would not be known to the card; only the answer would.

            One way to get it to work, I suppose: first make the card, then read it at the bank to see how it responds to 1000 different queries. Save that at the bank. Then, send out the card to the customer. When the customer makes the first purchase, send out the first query during card validation. If it's the right card, it will answer in the same way it did at the bank when it was initially scanned. So on for the next 999 queries. Once you get to transaction 900 or so, the bank might just send you a new card. I guess it does require a lot of data archiving, but the system really does very safe.

            • You're right that storing both values on the card forces you to assume that the sensor is not compromised and is reporting actual observed (rather than recorded) speckle patterns, and that's a bad thing. On the other hand, I don't think your suggestion really protects the vendor either, because the bank is still not authenticated to the vendor. Maybe we both need to go think about this some more.

          • You put your little fob in the reader. The store reads your id, sends a challenge to the server. The server responds with a pair(or more) of angles to shoot from. The store does so and sends the resulting key pattern. Anyone saving and storing patterns will have to get ALL the ones stored on the server, which can be an arbitrary amount, and could be changed and/or added to at any time by the keyholder from certain trusted offices (maybe your bank).
  • Durability? (Score:5, Insightful)

    by Anonymous Coward on Friday September 20, 2002 @10:22AM (#4297283)
    This seems like a really good system, one that for once is almost impossible to forge. However, it seems to have a major flaw: Durability. The Nature article states that "a token with a hole half a millimetre across drilled through it gives a speckle pattern clearly distinguishable from the original." So what happens when (not if!) the card gets scratched and worn? Will it immediately stop functioning? These secure cards won't be worth much if they have to be replaced every month because of wear and tear... and with the system they are using, error correction isn't an option (defeats the whole purpose of the tokens since tampering with them would then become possible).
    • Re:Durability? (Score:3, Insightful)

      by photonic (584757)
      There are probably some tricks to prevent this. You could embed the active part (the epoxy with the tiny spheres) within a layer of homogeneous material (e.g. epoxy without the spheres) and use a lens to access the inner part.


      This is similar to the trick they use in CD's. At the metal layer containing the information the light is focused to a few micron. This layer is burried almost a millimeter deep inside the plastic. At the surface the beam has a much larger diameter and tiny scratches are no problem.

      • Re:Durability? (Score:4, Informative)

        by p3d0 (42270) on Friday September 20, 2002 @12:08PM (#4298094)
        Too bad you didn't read the very next sentence. Here it is for you:
        Yet the process that transforms the speckle pattern into a string of digits can be modified to ignore accidental surface scratches.
        Even if this were not the case, why not just encase it in clear epoxy? Then when it gets scratched, you can polish it smooth.

        (Careful---you are in danger of becomming a Slashdot naysayer [slashdot.org].)

    • Too bad you didn't read the very next sentence:
      Yet the process that transforms the speckle pattern into a string of digits can be modified to ignore accidental surface scratches.
      Even if this were not the case, why not encase the thing in clear epoxy? Then when you scratch it, you can just polish it smooth again.

      (You are in serious danger of becomming a Slashdot Maysayer [slashdot.org].)

    • Drilling a small hole in the tokens changes their internal structure enough to unleash the avalanche effect, so that the outputs from the same token before and after drilling differ by roughly half of their bits. Yet the process that transforms the speckle pattern into a string of digits can be modified to ignore accidental surface scratches.

      I would imagine that since it's the internal structure of the token which determines the output, surface scratches don't have as dramatic an effect.
  • by Tha_Big_Guy23 (603419) on Friday September 20, 2002 @10:22AM (#4297284)
    McGuyver has made plans to begin work at MIT in their research department to create supercomputers from old ballpoint pens, and outdated telephone mechanisms.
    • In the first week, his research team added garage door openers and discarded pie tin plates to the mix.

      When MIT announced that they would dedicate several old Apple IIs to the project, MacGyver was quoted as saying, "I'm excited, but it's still overkill for the project."

      In the first week, he developed a quantum computer that can crack RSA 128 bit encryption in 0.034 seconds, predicts the weather with 97.5% accuracy up to 10 days in advance, located Jimmy Hoffa and solved the mystery of crop circles.

      And then he built a beowolf cluster of them.
  • by jea6 (117959) on Friday September 20, 2002 @10:24AM (#4297294)
    ...until it is tampered, copied, and faked. Never say never, especially with regards to crypto.
  • by gsfprez (27403) on Friday September 20, 2002 @10:26AM (#4297305)
    actually, i have 3.

    there are 50 or so of em lying around at home, making my wife mad.

    so explain again why guitar picks [westsky.com] are news?
    (my apologies to westsky in advance)
  • So we have a one way function that happens to be based on a physical object rather than being calculated by a CPU. I don't see how this makes it more secure.

    I also don't see why this is any different than any other hardware based authentication (RSA tokens, smart cards, etc.) The tokens might be cheaper, but I bet the scanner is not going to be cheap.

    And as with most authentication systems the big problem is going to be protocol attacks, not attacks on the cryptography itself. I don't see little glass balls changing this fact.

    Yes I'm cynical. But probably with good reason.
  • by dr_dank (472072) on Friday September 20, 2002 @10:31AM (#4297333) Homepage Journal
    Cheap trick secures secrets

    Finally! Something to go hand-in-hand with my REO Speedwagon encryption algorithm.
  • Shit (Score:4, Funny)

    by papasui (567265) on Friday September 20, 2002 @10:33AM (#4297344) Homepage
    And all these years my family has been persecuted in Salem, MA and it turns out all they wanted was our crystal balls!
    • Re:Shit (Score:2, Funny)

      by papasui (567265)
      The most clever thing I've said in the last month and I get modded troll. I wish there was a Not Funny. :(
  • Neil Gershenfeld (Score:2, Informative)

    by AlphaHelix (117420)
    Notice that one of the authors on this paper is Neil Gershenfeld, author of The Physics of Information Technology [slashdot.org], reviewed here exactly a year ago yesterday (at least I think it was a year. The searched Slashdot postings have no year indication on them. Is this a Y0K bug?) I liked that book, actually. It had a very readable section on the fluctuation dissipation-theorem, though I think it gave short shrift to research on the underlying causes of the FDT.
  • If the laser is shined through at a different angle, however slight, how can you get an accurate reading?
    Would wear and tear change the shape of the token, rendering it useless?
    If this stores a terrabit of info, how can we get it to store the info we want?
    How will the government be able to demand a backdoor to this tech?
    Will I ask any more questions?
  • by Christopher Thomas (11717) on Friday September 20, 2002 @10:38AM (#4297369)
    The article claims that making a holographic forgery would be prohibitively difficult, but doesn't explain why.

    You could almost certainly make one if you had the original card to duplicate.

    If you had the verification information for the card - the list of patterns the scanner looks for - you could probably make a holographic reproduction with a bit of fiddling (the same multi-exposure technique is used for making aminated holographs that move as you change viewing angle).

    You'd have a hard time duplicating the card just from observing one transaction, but the same holds true for electronic media (one challenge/response pair does not give you a smart card's key).

    Does anyone have further details on why the researchers say this would be difficult to forge?
    • Holography requires sufficient film resolution to record the information content of the object modulated on a high spatial frequency carrier. In simplistic terms, lots of images of the object from different perspectives are recorded on film as a hologram, which means the film resolution requirement for making a hologram of the object is much higher than for taking a photograph of the object. The problem here is that the object is so detailed that you could not find film with sufficient resolution to record the hologram.

      The original Science article [sciencemag.org] cites an Applied Optics article from 1984, which I'm would guess basically says what I've said in the previous paragraph.
    • The explanation in the actual paper [sciencemag.org] is this:

      Beyond the obvious constraint of having to record 10^11 or more distinct interference patterns in order to produce the hologram, the incoherent superposition of these N patterns decreases the overall diffraction efficiency of the hologram by 1/N, making them all effectively unobservable.

  • So, the next step is to manufacture CDs with copy prevent^H^H^H^H^H^H^Hprotection using these tokens. (Sigh.)
  • by dasboy (598256) on Friday September 20, 2002 @10:48AM (#4297433)
    will bill this as "Cryptography with balls."
  • Easily Damaged? (Score:3, Insightful)

    by miket01 (50902) on Friday September 20, 2002 @10:48AM (#4297434) Homepage
    From Nature:
    Tampering with a token also quickly destroys its validity: a token with a hole half a millimetre across drilled through it gives a speckle pattern clearly distinguishable from the original.

    I'd imagine it'll take a little work to keep these things from getting scuffed or otherwise damaged beyond recognition through regular handling, especially if they end up on your key chain.

    Of course, a really sophisitcated system might take that into account, and update the key profile to recognize each key's unique wear and tear.
  • One of the nice things about a smart card system is that it doesn't have to go onlne for each transaction. From the descriptions it seems that this system does have to check with a database at the time of purchase. So the speedup from a smartcard is lost.
  • by Christianfreak (100697) on Friday September 20, 2002 @10:55AM (#4297488) Homepage Journal
    The MSNBC article goes on and on about how this is great for 'Smart Cards' but in reality it doesn't make them that much more secure that credit cards because most of the theft that happens with credit cards is not breaking into computers, rather it's physical theft of the cards themselves.

    A 'smart card' isn't going to stop a pick pocket from theiving your wallet so we're back to square one.

    And not to be troll but has this been on /. before? It seems vaguely familiar.
    • The smart card could simply ask for a PIN or a fingerprint. It could even validate a signature, or show the clerk a photo of you. And it could use velocity checking to determine the interval for these sorts of checks so that it doesn't make every transaction an extra hassle.

      Also this stops mafia-types from mass producing fake cards. At CTST this year an IBM team presented a paper in which they read the keys off several cards through RF leakage, making it easy to make fake cards. This would prevent such fake cards, at least until a way of faking these patterns comes about.

    • ...because most of the theft that happens with credit cards is not breaking into computers, rather it's physical theft of the cards themselves.

      Stealing the physical card happens, but it is small potatoes. Fake cards (usually copies of legitimate cards) are a really, really big problem. Credit card companies loose billons of dollars a year due to fake cards.

      The biggest issue I had from reading the article, was figuring out how the one-way-function was going to be verified. It's nice that there are a terabit of combinations that could be used, does this mean the issuer is going to have to store a terabit of data for each user?

      If they only use a subset, than we no longer have the security range of a terabit of information do we? All an attacker has to do is figure out what the subset that will be used is. Since it is "copy proof", it is not like the host can perform a duplicate one-way-function. I don't think this will become practical unless they can clearly resolve this issue.

  • ICBMs :) (Score:5, Informative)

    by the bluebrain (443451) on Friday September 20, 2002 @11:03AM (#4297540)
    I recall reading something very similar in I believe Scientific American (which is not searchable, unfortunately), oh, ages ago. Used to identify ICBMs / warheads / other missiles during arms reduction discussions between the US & Russia (might even have been so far back as to make that USSR). Basically a splash of epoxy with sparkles mixed in on some disasterously-expensive-to-replace part of the device, snap a photograph and/or hologram, and the device is reliably tagged.

    So it's become cheaper, cheap enough even for everyday use. However, the possible uses I can see are rather limited: local authentication, and pretty much nothing else.
    It's good for credit cards, but only if the card is physically read by the entity requestion authentication, and only if that entity is online (or has a local database of the speckle pattern of all cards worldwide, plus a magically updated revocation list).
    For any non-local authentication it doesn't seem much good ... unless of course Fritz [Hollings] gets his palladium-plated way and we at some point do get tamperproof, "trusted" hardware (... to play around with - I'm looking forward to that).

    So ... it raises the price of duplicating a unique physical dongle.

    But it definitely has nothing to do with crypto (i.e. encryption) ... what was the author of this /. article taking? I want some.
  • by Anonymous Coward
    series called the grey lensman by E.E. "doc" Smith IIRC. Law enforcement was struggling to find a non-forgable form of ID, and one of their failed attempts was a 3D crystal. Interesting that this idea has been around that long.
  • by Animats (122034) on Friday September 20, 2002 @11:26AM (#4297721) Homepage
    First, here's the thesis. [mit.edu] The Nature article is lousy. (Nature used to be a prestigious journal in the life sciences, but when it gets into computing, the articles read like something from Popular Mechanix. But then, Popular Mechanix was a serious scientific journal a century ago.)

    This is an improvement on an idea from the 1980s called "quantum subway tokens". There have also been a few schemes involving 2D speckle patterns as unique, hard to forge data items. But they're not challenge/response, like this. Challenge/response devices exist (Sun's Java-powered jewelry, the Dallas Semiconductor button) but they're more complex. On the other hand, their readers are simpler than this optical system will require.

    The useful advancement in this thesis is in section 5.3.4, where the authors demonstrate that the registration of the scanning beam doesn't have to be extremely tight. You'd think this scheme would involve optical-bench precision, but it doesn't. (Well, actually it does, but not wavelength-precise optical bench precision. Still, it involves micrometers driven by computer-controlled stepping motors and a very rigid fixture. It's not a "just swipe the card" system.)

    The trouble with this system is that there's no public key associated with the object - only a huge number of possible challenge/response pairs. Validation at an untrusted reader is done by probing the object using challenges previously performed at a trusted reader. Those challenges are "used up" as the object is validated, because otherwise, they could be replayed. This is much less convenient than a public/private key system. It's more like one of those systems where you have a wallet card with a long list of challenge/response pairs for logging in. The only advantage here is that the object isn't copyable. It's still stealable, of course.

    It's kind of neat, but probably not commercially useful.

  • Very old news (Score:3, Interesting)

    by nagora (177841) on Friday September 20, 2002 @11:33AM (#4297772)
    This was suggested in an issue of Scientific American sometime back in the mid or early 80's. I remember it because I stole the idea to apply to my Traveller campaign to reduce the number of stolen space ships.

    The idea was that the hull of each spacecraft was coated in embedded diamonds (cheap in the future because DeBeers' monopoly is gone). The police can then read your hull with a laser from 1 million miles away and you can't forge the "number plate".

    TWW

  • I read two of the articles, and they don't answer my question of how is this useful?

    The construction of the tokens is fairly random, so its not know what the results of X angle on Y token will result...

    Another comment mentioned that they may do prescans with a trusted scanner, but then every scan by an untrusted scanner must be discarded... so each token is only valid for some limited number of untrusted scans.

  • They have actually created a physical one-way function that cannot be tampered, copied or faked!

    should read cannot be tempered, copied or faked yet.
  • couple problems (Score:3, Insightful)

    by slew (2918) on Friday September 20, 2002 @01:58PM (#4299071)
    1. sub-space projection
    2. uniqueness

    Think of it as the bubble patterns is one member of a very-very large set (the "bubble" set) and the laser is a projection or mapping function of this member of the bubble set on to a much smaller "diffraction pattern" set. Since the different laser angles can be used, that's like using different mapping functions.

    A verification agency isn't gonna store which member of the bubble set each token is and do a diffraction simulaton with computers everytime the token is scanned, but more likely they will store the one or two projections on to the diffraction pattern set which are created by the one or two reader devices that are marketed. Also the whole diffraction pattern isn't gonna be stored, but just the part of the pattern sampled by the device.

    This seems like a much easier problem to solve for the token forgers. All they have to do is make a token that when projected to the one or two sampled diffraction sets stored by the verification agency instead the the infinite possible diffraction patterns of arbitrary precision.

    Then you have the uniqueness problem. Since the verification agencies are likely only storing sub-space projections which are finitely sampled, there's the possibility of collisions between two cards. At least with a non-one-way function, you can detect collisions beforehand, now you have to make the card with bubbles and project them to you subspaces and only then discover there's a collision and you have to throw the token away. This also defeats the feature alluded to that you can always use another projection. If you don't check for collisions ahead of time, they will inevitably occur (think of the birthday paradox).

    There are fundamental mathematics working against any scheme that depends on low probability of collision. You don't have to duplicate a specific thing, but you hope for a collision (which is duplicating any one of a large set). This of course is much easier to do and is the known as the birthday paradox in probability theory. This has been used as theoretical fodder to break many encryption systems (meets in the middle attacks).

    Here's another way to think of it. You have a zillion digit credit card number (token) and you apply a few different hash functions (laser angles) to the number to get a "signature" (diffraction pattern). The only advantage of this technology is that it's hard to duplicate this zillion digit number where most things electronic are easily duplicated. But some of the other "features" don't seem easy to take advantage of.

    It's like the phreakers of yesteryear where they just guessed long-distance calling card codes if the set is large enough, collisions are inevitable. That's when companies invented PIN numbers. What it probably means that these tokens will probably end up being only as secure as your 4 digit ATM PIN... Something to think about...

    Sometimes when you think outside the box, you realize that the box was green and the grass is really dead out there too...
  • one way functions (Score:2, Interesting)

    by owenomalley (103963)
    The article seems to be missing the point of one way functions. If you don't change the inputs to a one-way function, it is exactly the same as constant (ie. no good for verification of anything).

    An easy application is for keys. If the lock has N input/output pairs recorded, getting in with a fixed example output would be hard.

    A more advanced use of these things would be to have some way standard way of encoding a bill of sale including a datestamp into bits that could drive the laser inputs. Then save the resulting pattern(s) as proof that the vob was there at the time of the transaction.

    However, that leaves a major hole. If the user destroys the vob, the store can no longer check if the signature was valid. To combat this, the user needs to be identified at the time of the transaction. As long as the vobs are registered in a central identity server so that the store can make sure the person is who they claim to be at that point. Additionally users have to record lost or destroyed vobs. The central identity server could use the N known input/output pairs to authenticate the user.

  • Missing the point? (Score:3, Insightful)

    by sdeath (199845) on Friday September 20, 2002 @04:50PM (#4300175)
    I think most people here are missing the point of this.

    I am not an optical engineer, but the important part of this is not "you cannot duplicate this token", since that didn't appear to be in anything I read; it's "you cannot duplicate this token _by reading the interference pattern or disassembling/probing inside_", which is a different problem entirely.

    I suspect that with sufficiently high-quality materials and production controls, it _is_ possible to duplicate these in the production phase, which then makes it a useful toy; make two of them that have the same interference pattern, and given identical readers, you have a one-time pad that you can use for quite a while. I don't know how they're embedding the glass spheres in the epoxy, but with a finite number of positions for each glass ball in the epoxy (small enough to be useful, large enough to be secure), you might be able to have either coded duplicates (like keys; "2488210366" == "glass balls in pattern X") or a "mold" system where you position the balls identically for a pair of tokens and then destroy the mold, making it impossible to recreate the tokens. Either way has its useful features.

    --
    SD

You don't have to know how the computer works, just how to work the computer.

Working...