Crypto with Epoxy Tokens, Glass Balls and Lasers 265
Anonymous Coward writes "Scientists from MIT and ThingMagic have collaborated and developed an innovative crypto mechanism using epoxy tokens, glass spheres and lasers. They have actually created a physical one-way function that cannot be tampered, copied or faked! The full scoop can be found at MSNBC, and also at Nature, & TOI."
Remember the SGI Patent? #@ +1; Informative @# (Score:3, Interesting)
Lava Lamps? Now there is Lava lamp cryptography.
Read about it at:
LavaLamp [lavarnd.org]
Thanks and have a weekend !
Old Technology, new twist (Score:5, Interesting)
I think the process involved mixing a bunch of little tinfoil sparkles into a clear epoxy resin, applying the resulting glue as a seal, and photographing it from several angles. Simple to create, yet darn near impossible to duplicate a second time. If the blob is missing or different, something fishy is going on.
So what, that's only half the picture. (Score:3, Interesting)
Getting the 2D pattern is easy (anyone with access to a reader could simply get this pattern through software). You then have to manufacture a crystal which produces this pattern, so that you can use your new counterfit card at the Sony store, etc. This is the part that is currently impossible.
Re:Remember the SGI Patent? #@ +1; Informative @# (Score:2, Interesting)
There was talk of pointing a web cam out a window onto a busy street or point it at a lava lamp in order to generate a constant stream of seed data for encryption.
Why are holographs prohibitive? (Score:3, Interesting)
You could almost certainly make one if you had the original card to duplicate.
If you had the verification information for the card - the list of patterns the scanner looks for - you could probably make a holographic reproduction with a bit of fiddling (the same multi-exposure technique is used for making aminated holographs that move as you change viewing angle).
You'd have a hard time duplicating the card just from observing one transaction, but the same holds true for electronic media (one challenge/response pair does not give you a smart card's key).
Does anyone have further details on why the researchers say this would be difficult to forge?
Defeats one of the purposes of smart cards (Score:3, Interesting)
Re:Old Technology, new twist (Score:4, Interesting)
Re:Old Technology, new twist (Score:3, Interesting)
Candles of different colors were dripped onto the envelope to create a swirl of color that can't be as simply duplicated as a single color wax seal can. The picture of the multi-colored seal was sent ahead to verify the authenticity of the seal.
Something similar speculated on in 1920's sci-fi (Score:2, Interesting)
Very old news (Score:3, Interesting)
The idea was that the hull of each spacecraft was coated in embedded diamonds (cheap in the future because DeBeers' monopoly is gone). The police can then read your hull with a laser from 1 million miles away and you can't forge the "number plate".
TWW
Re:Obvious circumvention scheme (Score:1, Interesting)
It's a neat idea, but so are fingerprint / iris readers. Unfortunately, because businesses want cheap devices, you can fool them with household equipment.
Re:Obvious circumvention scheme (Score:3, Interesting)
Re:Old Technology, new twist (Score:2, Interesting)
I believe nuclear materials are safeguarded using a similar system. A bundle of fiberoptic cables is used as a "chain", with the ends somehow twisted and locked. The twisting has the effect of breaking some of the cables in a random pattern that can be verified or monitored continuously by shining a light through the bundle. Presumably any attempt to remove the cable (or cut it) would alter the pattern.
Neat.
Pat Niemeyer
one way functions (Score:2, Interesting)
An easy application is for keys. If the lock has N input/output pairs recorded, getting in with a fixed example output would be hard.
A more advanced use of these things would be to have some way standard way of encoding a bill of sale including a datestamp into bits that could drive the laser inputs. Then save the resulting pattern(s) as proof that the vob was there at the time of the transaction.
However, that leaves a major hole. If the user destroys the vob, the store can no longer check if the signature was valid. To combat this, the user needs to be identified at the time of the transaction. As long as the vobs are registered in a central identity server so that the store can make sure the person is who they claim to be at that point. Additionally users have to record lost or destroyed vobs. The central identity server could use the N known input/output pairs to authenticate the user.
Re:Old Technology, new twist (Score:5, Interesting)
The jagged edge of the contracts looked like teeth, Latin dent IIRC, and whoever held such a contract was said to be indentured
Didn't require lasers, of course, but did require that the two parts be physically present and visually verified, so it is remarkably similar in principle. The fibers and surface imperfections of the parchment (thin leather) would have taken the place of the glass beads in this case.
So, does the MIT patent fail due to prior art?
Re:Old Technology, new twist (Score:3, Interesting)
The advantage of this approach over other physical authentication techniques such as biometrics is that you don't have to trust the scanners. With fingerprint readers, once they scan you they can then store your fingerprint and impersonate you. That doesn't seem possible with this new approach.
Of course for pure theoretical security, it still doesn't match a smartcard with an RSA key encrypted with a strong 128 bit password that the user has to type in every time he wants to use the card. Unless you want to embed the smartcard inside a refractive epoxy for the best of both worlds.
-a
Re:So what, that's only half the picture. (Score:3, Interesting)
No one would accept this emulator card you speak of, even if you could make one, which I doubt. And such emulator card would probably not fit in any ATM either.
Re:Impossible to Compromise? (Score:2, Interesting)