Crypto with Epoxy Tokens, Glass Balls and Lasers

Anonymous Coward writes "Scientists from MIT and ThingMagic have collaborated and developed an innovative crypto mechanism using epoxy tokens, glass spheres and lasers. They have actually created a physical one-way function that cannot be tampered, copied or faked! The full scoop can be found at MSNBC, and also at Nature, & TOI."

Obvious circumvention scheme

[Mysterious]

Great. They use a laser to convert the 3D arrangement of glass spheres in an epoxy matrix to a 2D 'light/dark' pattern.

A crummy piece of film exposed at the sensor plane, then developed, could be used to get around this. Lay the film on the 2D sensor, and voila - the 2D pattern is duplicated!

Re:Obvious circumvention scheme

[forsetti]

Simple man-in-the-middle attack, so to speak. Capture your 2D token, relay it on on your behalf......

Impossible to Compromise?

[Corporate Drone]

Great... just one question, though...

how is stealing speckle patterns gonna be any different from stealing credit card numbers from "secure" servers?

Durability?

[Anonymous Coward]

This seems like a really good system, one that for once is almost impossible to forge. However, it seems to have a major flaw: Durability. The Nature article states that "a token with a hole half a millimetre across drilled through it gives a speckle pattern clearly distinguishable from the original." So what happens when (not if!) the card gets scratched and worn? Will it immediately stop functioning? These secure cards won't be worth much if they have to be replaced every month because of wear and tear... and with the system they are using, error correction isn't an option (defeats the whole purpose of the tokens since tampering with them would then become possible).

How Big a Problem Is This with Credit Cards?

[VirtualDestructor]

The concpet is pretty damn cool, and simple to boot. Elegant solutions always seem so obvious once someone smart come up with them first.

How big of a problem is this with Credit cards though? Don't the problems normally arise when a card is stolen, or accuired under false pretenses? Not that there aren't other applications for it, just the one they gave seems a little weak.

Function that cannot be tampered, copied or faked

[jea6]

...until it is tampered, copied, and faked. Never say never, especially with regards to crypto.

Not too useful..

[Anonymous Coward]

This doesn't sound like it will be too useful to normal people. It doesn't even sound like it will necessarily be all that secure. In the end the object becomes a key and if the algorithm is known the key can be brute forced. They say that a terrabyte of information can be in such a small object, and I have no doubt of that. What I do doubt is that they use a terrabyte of information. If they go down to a small level they must be able to reproduce the exact same data each time. Because of this I'd guess they don't use anything quite near a terrabyte or even a megabyte. As computers get faster the keys will be brute forced faster. Ten years from now this style of encryption may be just as rediculous as current methods.

So what exactly is new here?

[skaffen42]

So we have a one way function that happens to be based on a physical object rather than being calculated by a CPU. I don't see how this makes it more secure.

I also don't see why this is any different than any other hardware based authentication (RSA tokens, smart cards, etc.) The tokens might be cheaper, but I bet the scanner is not going to be cheap.

And as with most authentication systems the big problem is going to be protocol attacks, not attacks on the cryptography itself. I don't see little glass balls changing this fact.

Yes I'm cynical. But probably with good reason.

Re:Impossible to Compromise?

[Salamander]

Because stealing the speckle pattern does you no good. You need to create a device that makes that pattern, when light is shone through it and an inaccessible air gap onto a sensor. You can't just lay something on top of the sensor itself because, in any even half-way sensible design, you couldn't get to the sensor itself without disabling the entire reader.

I actually think this idea is extremely clever, but I don't know if I'd consider it a method of encryption. Even if you had an LED grid representing cleartext on one side, so you could read the "ciphertext" speckle pattern on the other side, how do you decrypt that? What kind of resolution, frequency and loss ratio are we talking about? This seems like it might be a really good authentication mechanism, where a known input will only be converted to a known output in the presence of a unforgeable secret, but I don't see how it can work for encryption where the input varies.

Re:Durability?

[photonic]

There are probably some tricks to prevent this. You could embed the active part (the epoxy with the tiny spheres) within a layer of homogeneous material (e.g. epoxy without the spheres) and use a lens to access the inner part.

This is similar to the trick they use in CD's. At the metal layer containing the information the light is focused to a few micron. This layer is burried almost a millimeter deep inside the plastic. At the surface the beam has a much larger diameter and tiny scratches are no problem.

Easily Damaged?

[miket01]

From Nature:

Tampering with a token also quickly destroys its validity: a token with a hole half a millimetre across drilled through it gives a speckle pattern clearly distinguishable from the original.

I'd imagine it'll take a little work to keep these things from getting scuffed or otherwise damaged beyond recognition through regular handling, especially if they end up on your key chain.

Of course, a really sophisitcated system might take that into account, and update the key profile to recognize each key's unique wear and tear.

Still a major flaw in this for 'Smart Cards'

[Christianfreak]

The MSNBC article goes on and on about how this is great for 'Smart Cards' but in reality it doesn't make them that much more secure that credit cards because most of the theft that happens with credit cards is not breaking into computers, rather it's physical theft of the cards themselves.

A 'smart card' isn't going to stop a pick pocket from theiving your wallet so we're back to square one.

And not to be troll but has this been on /. before? It seems vaguely familiar.

Re:Old Technology, new twist

[LordMcD]

These devices seem to be deriving all their randomness by the natural (and intentional) "imperfections" of the creation process. This means that they only become secure when the devices are first analyzed -- *after* they are made. There is an inherent benefit and weakness to creating things in this hit-and-miss way.

Because the manufacturers are not trying to create pseudo-randomness themselves (invariably according to some algorithm, like creditcard numbers), it really is much harder for blackhats to reverse the one-way function. However, because there are no rules governing what a "valid" key looks like (they're just supposed to be unique), someone could very carefully create a number of these token that are, instead of random, very similar. Because practical implementations of this scheme are likely to scan these keys from pre-determines angles, the amount of difference allowed between these similar keys may be large enough to create "duplicates".

Note that this doesn't mean that blackhats can duplicate your key, but they may be able to create a matching pair and swap yours with theirs in the middle of the night...

Re:Obvious circumvention scheme

[Jobe_br]

While they do say it isn't currently possible to generate the crystal fobs using available techniques, they also say that reversing the pattern of dots to create a fob *is* prohibitively hard - this is the key. What they're going for here is something that is as easy to manufacture as credit cards, but a few orders of magnitude more difficult to forge/copy/etc. Anyone who's been paying attention over the past few years realizes that magnetic stripe cards are pathetically easy to forge and magnetic stripes are easily read using devices that can be had on the grey market. Once you've read a magnetic stripe, you can recreate the credit card that originated it with ease.

This is what this technology is meant to prevent. First, you'd need the laser equipment to read the fob to get the dot pattern. Then, to be sure, you'd need to make sure that you illuminate the fob from all sides, since the dot pattern is different depending on where the laser is shown from. Next, you need a fabrication facility to create these crystal fobs (currently not available, I imagine that'll change, too) and finally, you need a boatload of math to figure out what set of microscopic bubbles works together to form the set of dot patterns you scanned previously.

This last bit, the forcing function, if you will, is the clincher. I imagine that the reversal of the dot patterns to a layout of microscopic bubbles in the fob is an f(x) that's particularly difficult to reverse, at least on the order of factoring the product of large primes (if not more difficult).

Possible? Maybe - eventually, certainly. More secure than credit cards? You betcha. Especially since credit card fraud/theft is amazingly low-tech these days ... this type of technology would greatly raise the bar.

Cheers.

Re:Obvious circumvention scheme

[micromoog]

Well aren't you smart, coming up with an "obvious circumvention scheme" that the original expert researchers never thought of. Brilliant.

Oh wait, what's this? Oh, there's an ARTICLE to read? One which discussed exactly that, and how the laser can be shone through the fob at multiple angles, requiring the correct 3D structure? Hmm.

Re:How Big a Problem Is This with Credit Cards?

[Angry White Guy]

Although it is a very simple concept, the complexity of creating a transportable medium was the limiting factor. This could not have been done 20 years ago, as the lasers then looked like flashlight beams compared to today. Computer processing power was also a limiting factor.
Intelligence is only a small part of the equation. It is difficult to come up with a very simple solution to a problem that uses technology and manufacturing processes that are years away.
20 years ago, this thing would have had to be about the size of a brick, as beam density, laser accuracy, and manufacturing processes were not advanced enough to create something portable.
For other applications, the dream can drive technology. Weapons systems, space travel, and a utopian society are but a few things that can drive technology to create. A credit card that can't be copied is not a big enough dream to create technology, but it is big enough to take existing technology and innovate.

As for your second point, here's a thought.

The card currently would be useless to stop physical theft, right now. The scheme just relies on the frefraction of light to create patterns. Once you have the card, then Bam, you have the money.
But what if you could arrange these flakes into such a pattern that when light is passed through at a predetermined angle, it provides a composite of the card holder, which will appear on the POS terminal screen. Match the picture with the cardholder, then go ahead. The weakest link falls to the clerk.

-This idea has been released under the GPL. It may be freely distributed or modified under said terms.

Re:Impossible to Compromise?

[Dr. Spork]

You're right that it's secure in cases where you use one of these cards in a retail store--in the sense that no one without your card can pose as you. However, what is to prevent the stores from saving your diffraction pattern (not the speckle pattern on the card but instead the resulting image) and then "using" your card as much as they want?

Also, if the connection between a store and the pattern validation server is ever intercepted, a hacker could just save your patterns and re-send them whenever they want to purchase pr0n or something. So I think the original poster was right: this is just like stealing credit card numbers. As long as validation is done by passing around a bunch of digital data, that will always be the point of weakness. Even now, the vast majority of credit card fraud happens not because somebody's magnetic strip gets duplicated, but because somebody's credit card numbers get stolen. It seems like making the physical cards harder to duplicate is barking up the wrong tree.

The only solution I can see is this: There wouldn't be a unique resultant diffraction pattern that gets passed around, but rather a two-way conversation between the validation server and the card reader. The server would ask three random questions of the sort "what pattern is produced when the laser shines from angle 1, what about angle 2, etc. The problem with this is that the validation server would have to know what the right answers are to all of the possible questions, and that creates a problem: either there would be waay too much data stored for each card, or there would only be a limited number of "questions" the server could ask. In the latter case, a thief's computer could just memorize all the answers to the few questions, and produce them without the card whenever the validation server actually asks.

It's in the article

[sweatyboatman]

Drilling a small hole in the tokens changes their internal structure enough to unleash the avalanche effect, so that the outputs from the same token before and after drilling differ by roughly half of their bits. Yet the process that transforms the speckle pattern into a string of digits can be modified to ignore accidental surface scratches.

I would imagine that since it's the internal structure of the token which determines the output, surface scratches don't have as dramatic an effect.

Re:Old Technology, new twist

[David Roundy]

How are credit cards even pseudo-random?

I think the correct term would be quasirandom. A quasirandom sequence is one that fills a space in a sort of random manner while observing some constraints. For example, when performing a monte carlo integration, you would rather avoid sampling data points that are very close, so a quasirandom sequence can give better convergence. On the other hand (in the case of the integration) you sacrifice the rigorous error estimation that is possible using true pseudorandom numbers.

can we all say:....

[GePS]

all of these "darn near impossible to reproduce" crypto systems are just variations on a one time pad [cypherspace.org].

couple problems

[slew]

1. sub-space projection
2. uniqueness

Think of it as the bubble patterns is one member of a very-very large set (the "bubble" set) and the laser is a projection or mapping function of this member of the bubble set on to a much smaller "diffraction pattern" set. Since the different laser angles can be used, that's like using different mapping functions.

A verification agency isn't gonna store which member of the bubble set each token is and do a diffraction simulaton with computers everytime the token is scanned, but more likely they will store the one or two projections on to the diffraction pattern set which are created by the one or two reader devices that are marketed. Also the whole diffraction pattern isn't gonna be stored, but just the part of the pattern sampled by the device.

This seems like a much easier problem to solve for the token forgers. All they have to do is make a token that when projected to the one or two sampled diffraction sets stored by the verification agency instead the the infinite possible diffraction patterns of arbitrary precision.

Then you have the uniqueness problem. Since the verification agencies are likely only storing sub-space projections which are finitely sampled, there's the possibility of collisions between two cards. At least with a non-one-way function, you can detect collisions beforehand, now you have to make the card with bubbles and project them to you subspaces and only then discover there's a collision and you have to throw the token away. This also defeats the feature alluded to that you can always use another projection. If you don't check for collisions ahead of time, they will inevitably occur (think of the birthday paradox).

There are fundamental mathematics working against any scheme that depends on low probability of collision. You don't have to duplicate a specific thing, but you hope for a collision (which is duplicating any one of a large set). This of course is much easier to do and is the known as the birthday paradox in probability theory. This has been used as theoretical fodder to break many encryption systems (meets in the middle attacks).

Here's another way to think of it. You have a zillion digit credit card number (token) and you apply a few different hash functions (laser angles) to the number to get a "signature" (diffraction pattern). The only advantage of this technology is that it's hard to duplicate this zillion digit number where most things electronic are easily duplicated. But some of the other "features" don't seem easy to take advantage of.

It's like the phreakers of yesteryear where they just guessed long-distance calling card codes if the set is large enough, collisions are inevitable. That's when companies invented PIN numbers. What it probably means that these tokens will probably end up being only as secure as your 4 digit ATM PIN... Something to think about...

Sometimes when you think outside the box, you realize that the box was green and the grass is really dead out there too...

Missing the point?

[sdeath]

I think most people here are missing the point of this.

I am not an optical engineer, but the important part of this is not "you cannot duplicate this token", since that didn't appear to be in anything I read; it's "you cannot duplicate this token _by reading the interference pattern or disassembling/probing inside_", which is a different problem entirely.

I suspect that with sufficiently high-quality materials and production controls, it _is_ possible to duplicate these in the production phase, which then makes it a useful toy; make two of them that have the same interference pattern, and given identical readers, you have a one-time pad that you can use for quite a while. I don't know how they're embedding the glass spheres in the epoxy, but with a finite number of positions for each glass ball in the epoxy (small enough to be useful, large enough to be secure), you might be able to have either coded duplicates (like keys; "2488210366" == "glass balls in pattern X") or a "mold" system where you position the balls identically for a pair of tokens and then destroy the mold, making it impossible to recreate the tokens. Either way has its useful features.

--
SD