Crypto with Epoxy Tokens, Glass Balls and Lasers 265
Anonymous Coward writes "Scientists from MIT and ThingMagic have collaborated and developed an innovative crypto mechanism using epoxy tokens, glass spheres and lasers. They have actually created a physical one-way function that cannot be tampered, copied or faked! The full scoop can be found at MSNBC, and also at Nature, & TOI."
To clarify the story submission (Score:5, Informative)
One thing know once you read the article(s), that really should have been included in the story submisstion, is this technology is more geared toward replacing things such as magnetic stripes on credit cards, and em cards, and whatnot. The tiny crystals that will replace these stripes produce a one-way function that is currently impossible to duplicate, so if widely adopted this would (at least temporailiy) make card couterfitting impossible. It is not describing a new encryption mechanism for your PC, or any software for that matter.
Re:Obvious circumvention scheme (Score:5, Informative)
A one-angle view of this token would not be secure, but a security mechanism that scanned the token through multiple angles would be very difficult to recreate. I don't know if they should be throwing around the word 'impossible', however.
Neil Gershenfeld (Score:2, Informative)
Re:Well holy shit. (Score:3, Informative)
They've discovered the one-time pad!
No, they have not. That would mean that whoever receives a message sent with this data had the same pad, and that isn't the case.If it were, a 12-terabit stamp-size one-time pad would still be rather good.
I'm a bit unclear how this works in practice though. They say they can check the patterns the thing makes against a "secure" database. They can't store all the 12 terabits there.
So, I assume, they pick some number (say, 100) of ways to shine a laser at it at random, and store those in the server. When it's time for identification, the server tells the token reading gadget which position(s) the laser should be in, it sends the pattern back, and it can be checked.
One possible attack is obvious, it may be possible to find out which random spots for the laser have been stored for this token by asking for a verification enough times. However, that gives you the task of making an object that fits into a reader, that gives the right patterns for all the 100 ways... And that's Hard. So it may not even be necessary to randomize the laser positions, just check some number of standard patterns, and it will be too hard to make an item that can fake them all.
Thanks for listening to my train of thought. I think I get it now :)
Re:Remember the SGI Patent? #@ +1; Informative @# (Score:2, Informative)
from the site:
AAlib is an portable ascii art GFX library. If you wish to see some examples of AAlib technology, please browse AA-project homepage.
and here are some *pics [sourceforge.net]* generated from the library.
i think it was intended to play doom over a network on a console, but what lukegalea1234 sad, is equally valid.
ICBMs :) (Score:5, Informative)
So it's become cheaper, cheap enough even for everyday use. However, the possible uses I can see are rather limited: local authentication, and pretty much nothing else.
It's good for credit cards, but only if the card is physically read by the entity requestion authentication, and only if that entity is online (or has a local database of the speckle pattern of all cards worldwide, plus a magically updated revocation list).
For any non-local authentication it doesn't seem much good
So
But it definitely has nothing to do with crypto (i.e. encryption)
Stereolithography (Score:2, Informative)
I did a lesson at college on Stereolithography [howstuffworks.com] about 10 years ago. The process of curing two-part epoxy resin with the heat generated with laser lights. It was very accurate back then; more than adequate for producing A1 models and patterns.
I'm wondering how accurate it is now or how accurate it could become.
What's really going on here (Score:5, Informative)
This is an improvement on an idea from the 1980s called "quantum subway tokens". There have also been a few schemes involving 2D speckle patterns as unique, hard to forge data items. But they're not challenge/response, like this. Challenge/response devices exist (Sun's Java-powered jewelry, the Dallas Semiconductor button) but they're more complex. On the other hand, their readers are simpler than this optical system will require.
The useful advancement in this thesis is in section 5.3.4, where the authors demonstrate that the registration of the scanning beam doesn't have to be extremely tight. You'd think this scheme would involve optical-bench precision, but it doesn't. (Well, actually it does, but not wavelength-precise optical bench precision. Still, it involves micrometers driven by computer-controlled stepping motors and a very rigid fixture. It's not a "just swipe the card" system.)
The trouble with this system is that there's no public key associated with the object - only a huge number of possible challenge/response pairs. Validation at an untrusted reader is done by probing the object using challenges previously performed at a trusted reader. Those challenges are "used up" as the object is validated, because otherwise, they could be replayed. This is much less convenient than a public/private key system. It's more like one of those systems where you have a wallet card with a long list of challenge/response pairs for logging in. The only advantage here is that the object isn't copyable. It's still stealable, of course.
It's kind of neat, but probably not commercially useful.
Re:Durability? (Score:4, Informative)
(Careful---you are in danger of becomming a Slashdot naysayer [slashdot.org].)
Several solutions to this "problem" (Score:3, Informative)
Also this stops mafia-types from mass producing fake cards. At CTST this year an IBM team presented a paper in which they read the keys off several cards through RF leakage, making it easy to make fake cards. This would prevent such fake cards, at least until a way of faking these patterns comes about.
Re:Remember the SGI Patent? #@ +1; Informative @# (Score:1, Informative)
since there is a lot of previous art that exists
in the forensic labs to identify lost jewelry,
where the glittering jewelry(containing diamond,
other precious stones/metals) being photographed
with a polarized light such as ultraviolet light
to produce a pattern that resembled a unique
signature for the jewelry. I do not think that
it is much different from the crytal ball approach.
Re:Why are holographs prohibitive? (Score:3, Informative)
The original Science article [sciencemag.org] cites an Applied Optics article from 1984, which I'm would guess basically says what I've said in the previous paragraph.
Re:Why are holographs prohibitive? (Score:2, Informative)
Beyond the obvious constraint of having to record 10^11 or more distinct interference patterns in order to produce the hologram, the incoherent superposition of these N patterns decreases the overall diffraction efficiency of the hologram by 1/N, making them all effectively unobservable.
not crypto (Score:2, Informative)
There's no encryption/decryption going on here, just hashing, but that is an important concept in the field of cryptography.
The main application of this is to replace magnetic stripes on credit cards. Currently, the machine-readable part of a credit card produces a small amount of static output (16 or so decimal digits) and is easy to copy with readily available equipment. By switching to these new chips, the number and complexity of possible outputs that the card can produce would be increased and the output-producing device would be more difficult to duplicate.
For example, right now your electronics-geek waiter could slip your credit card through her palm pilot with home-made magnetic reader attachment on her way back to the register. Later, she could take a used or invalid credit card, and write your magnetic pattern onto the bar. Credit card machines wouldn't be able to tell the difference between the original and the duplicate, so she effectively stole your credit card and you wouldn't know until the bill came.
If you were using a glass and epoxy chip, there would be several problems with duplicating this kind of attack.
1. The waiter would have to read 125 gigabytes (1Tb=1TB/8=~125GB) of data into her intermediate storage device in a few seconds. That's a lot of fast memory to pack into a small space. Copying only a few possible outputs wouldn't work, as only the credit card company would know exactly which (laser position, card output) data pairs it had on file for use in a challenge-response protocol.
2. Assuming the waiter could read out the entire card before handing it back to you, she would have a hard time duplicating it later. She would have to construct a physical object taking laser position as input and producing specific light patterns as output. While hooking up a credit card shaped I/O device to a laptop with the 125GB database would be possible, chances are somebody would notice a suspicious person plugging their laptop into an ATM. Also, considering that the laptop would have to sift through 125GB of data before it could tell the I/O device to output a certain light pattern, whereas the true card would produce the "right answer" at the speed of light, a timeout function on the card reader would be effective in preventing this kind of attack.
Um... not so fast? (Score:2, Informative)
Re:Obvious circumvention scheme (Score:2, Informative)
The downside of course is that since you can only create one copy of each fob, you have to first record a number of input/output pairs in a database somewhere before you send it to the user. This is the real killer I believe, because for this to be useful you would need a very large large number of possible inputs, and each one would take up storage space at the database. But, storage is cheap, especially as time advances. Security of this database, however, would be an issue.
This also explains why "reversing" the device would be hard. Sure, it might be mathematically possible to take an output speckle pattern and come up with an arrangement of spheres to produce that pattern. Suppose you could even manufacture that resultant device (which they say is currently impossible.) This doesn't help you, though, since it would have to respond with the correct pattern not only to the one input agle you designed it for, but any arbitraty input angle (to the limit of however much data is recorded in the database.) So the problem is not finding a configuration that successfully maps A to B, it's finding one that maps A1 to B1, A2 to B2, A3 to B3, etc, which is much harder -- especially since it seems that changing the sphere coordinates even the slightest would alter the output significantly. Think about it, the amount of information in a speckle pattern is a lot less than the amount of information stored in the precise number and locations of the spheres. In other words, a given speckle pattern maps to a very large number of possible sphere configurations. The great challenge of breaking this would be finding a single configuration common to a number of speckle patterns, to the limit of the amount of data stored in the database. Their paper probably demonstrates that this is theoretically equivalent to brute-forcing hard crypto.
If only a single input laser angle were used, I don't see the point of this.