Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crypto with Epoxy Tokens, Glass Balls and Lasers

Posted by michael on from the truth-is-stranger-than-fiction dept.

Anonymous Coward writes "Scientists from MIT and ThingMagic have collaborated and developed an innovative crypto mechanism using epoxy tokens, glass spheres and lasers. They have actually created a physical one-way function that cannot be tampered, copied or faked! The full scoop can be found at MSNBC, and also at Nature, & TOI."

2 of 265 comments (clear)

  1. Durability? by Anonymous Coward · · Score: 5, Insightful

    This seems like a really good system, one that for once is almost impossible to forge. However, it seems to have a major flaw: Durability. The Nature article states that "a token with a hole half a millimetre across drilled through it gives a speckle pattern clearly distinguishable from the original." So what happens when (not if!) the card gets scratched and worn? Will it immediately stop functioning? These secure cards won't be worth much if they have to be replaced every month because of wear and tear... and with the system they are using, error correction isn't an option (defeats the whole purpose of the tokens since tampering with them would then become possible).

  2. Re:Impossible to Compromise? by Dr.+Spork · · Score: 4, Insightful
    You're right that it's secure in cases where you use one of these cards in a retail store--in the sense that no one without your card can pose as you. However, what is to prevent the stores from saving your diffraction pattern (not the speckle pattern on the card but instead the resulting image) and then "using" your card as much as they want?

    Also, if the connection between a store and the pattern validation server is ever intercepted, a hacker could just save your patterns and re-send them whenever they want to purchase pr0n or something. So I think the original poster was right: this is just like stealing credit card numbers. As long as validation is done by passing around a bunch of digital data, that will always be the point of weakness. Even now, the vast majority of credit card fraud happens not because somebody's magnetic strip gets duplicated, but because somebody's credit card numbers get stolen. It seems like making the physical cards harder to duplicate is barking up the wrong tree.

    The only solution I can see is this: There wouldn't be a unique resultant diffraction pattern that gets passed around, but rather a two-way conversation between the validation server and the card reader. The server would ask three random questions of the sort "what pattern is produced when the laser shines from angle 1, what about angle 2, etc. The problem with this is that the validation server would have to know what the right answers are to all of the possible questions, and that creates a problem: either there would be waay too much data stored for each card, or there would only be a limited number of "questions" the server could ask. In the latter case, a thief's computer could just memorize all the answers to the few questions, and produce them without the card whenever the validation server actually asks.