Slashdot Mirror
Optical Lock Foils Thieves
opticsorg writes "A UK inventor has come up with a way to make what is thought to be an unpickable lock. The Optilock contains a bundle of up to six input optical fibers on one side of the lock barrel and a corresponding number of fibers on the other side. When a special key is inserted into the lock, it connects the fibers in a unique routing pattern opening the lock in a fraction of a second. Light then flows around the circuit until the key is removed and the circuit is broken."
Accually saying that this is an "unpickable" lock is risky. I mean, look at the efforts by the RIAA to prevent P2P, or the anti-burning CD's with the corrupt files that crash computers, someone fixed that with a sharpie. I think that making statements like that is seriously underestimating human potential.
This is obvious, but the lock isn't unpickable, it's just going to take a while before people figure out how to pick it, and it'll raise the bar on tools needed for picking at most.
Also, while this will be handy for places with cement walls and thick steel doors, places with windows and weak door frames will still be vulnerable. Plus, of course, the social engineering attacks.
That being said, I'm a big fan of new, shiny locks, so hooray for the people who made it.
=Brian
There is nothing so good that someone, somewhere, will not hate it.
Calling a lock "unpickable" seems presumptuous at best. Doesn't history show that there never has been and never will be a "final solution" to security?
I can't say that I don't give a fuck. I've just run out of fuck to give.
As soon as you you make something
unpickable proof, someone will invent a better pick
But if they did pick it, at least they wouldn't be circumventing copyright restrictions. Because that would be terrible.
/obligatory slashdot DMCA reference
I guess I'm going to have to find someone selling tiny little prisms now so I can build myself a new lock-pick set...
Hexy - a strategy game for iPhone/iPod Touch
It may be unpickable, but using fibre-optics means it requires a power supply, which means it is still vunerable.
Many locking mechanisms require power, and if the power fails, there are only two possibilities: either it will be locked shut and unopenable, or it will have a fail-safe mechanism to unlock automatically if the power fails.
Either way, it leaves itself open to anyone who wants to cause trouble.
In any case, any door that people will be behind will necessitate the latter, as otherwise they could get locked in during a fire, which means that anyone wanting to gain access only needs to cut the power and they're in.
(Spudley Strikes Again!)
idea to "pick" the lock: use a flashlight, and shine it trough the keyhole...
Time is the only precious thing I've got left; Don't waste it
Certainly if you have a key you can replicate that key, for one. Secondly, can a master key be made that just shines takes light from one side and shines it down all the other holes ? What about one that is configurable, and can try different mappings quickly ?
Basically, this is no more unpickable than a card-swipe.
Finally, electric locks have a limited market, which is well saturated with card-swipe and PIN punch products.
picking a lock is just one part of a problem : the other is securing the key. in a bar, one could theoretically press a key into a mold for later duplication (old trick and not very efficient).
however, with an optical key, one merely has to carry around a recepticle that, in turn, flashes a beam through the key's inputs, and record the appropriate output. nothing physical needs to be made. in today's terms, i call in the sequence to a buddy who then lays fiber into a template and uses it. meanwhile, i engage conversation on target, reporting when she's left.
cars? are you kidding? these are even easier, merely get a job as a valet and start your database. since it's all just digital information, you have access to VIN and lock solution, license plate number and home town/state (if not entire address, since most people's cars have it somewhere - like the insurance docs). these databases could be traded online just like anything else.
while i think this is very interesting, it still is no substitute for bio-based locks. however, they have their own problems (seem like every part of the body can be captured/duplicated).
Disregarding the obvious flaws such as hinges, weak door frames, and a power source, wouldn't this just open the thing up to being brute forced?
Assuming you could build something small enough to enter the slot and dynamically rearrange the light (the article says it's a 3d pattern?), or hell, pipe the light out of the slot and pipe it back in after reconfiguring it, it would be open to a brute force method of attack.
Perhaps they've got some type of check for this built in. Either way, making something as simple as the lock into a 'high-tech network connected paradigm shifter' (no, the article doesn't say that) simply opens it up the network attack, or worse, sharpies.
I remember reading about a do-it-yourself electronic lock that worked pretty much exactly the same way in popular electronics at least 30 years ago. It's actually kind of an obvious method.. the only new wrinkle is using light instead of current. What's the advantage to THAT?
To ensure perfect aim, shoot first and call whatever you hit the target
This lock requires electricity and an electrical control. If you're going to require electricity, why not use a smart-card-esque key? You get all the benefits of this - plus a whole bunch more control/flexibility and likely less overall cost.
Most locks are picked by tweaking a series of levers in the lock or bypassing some sort of electronic control system.
There will be an electronic control system here, just like any other electronic system. The actual physical lock is still going to be actuated by electricity.
I suppose the system may be less prone to vandalism than an electrical system - but either is vulnerable to the old "fill lock with cement" trick, which is really pretty easy.
Perhaps there's something here I'm missing - but the article doesn't hint at what that might be.
Let's not stir that bag of worms...
Of course the other issue is that it uses light... Light implies electric. Electric locks may not be a "Good Thing" (TM) when your power goes out, or the batteries run down. What if water gets inside? If it's unpickable, then how do you open it in emergency situations when the power goes out?
Perhaps it should read: "Interesting Nift-value Lock" and come with a stick of dynamite in case of emergency.
you can't get into your house/car? great...
Let's look at the key.
Take the example of "6" inputs on the lock and the key:
A B C D E F
In order for it to "complete" a circuit (or circuits), you have to "connect" certain inputs together to sort of "loop" the light back to the lock and complete the circuit.
For instance:
A-B C-D E-F
That's three "loops", lets call them.
There are 30 possible combinations for the first
loop.
There are then 12 combinations for the second loop,
and the third, no combination -- there's only one choice.
A total of 360 combinations, give or take. You could easily make a device to mimic every possible circuit very easily. Breaking the lock would take seconds.
Now let's look at the lock.
Assuming the light source exists in the lock, you would be able to tell immediately which inputs send light *to* the key, and which return light *from* the key. With a simple LED, you could easily "light up" the return paths, to see which loops they connect to. Armed with this information, it's easy to find the remaining possibly valid combinations, and try them.
I'm telling you, this lock could be picked with near lightning speed.
No, you would need to include some sort of electronic timing component -- preferrably in the key -- to initiate *pulses* of light, rather than a steady stream. In which case, the path of the light is basically irrelevany -- it's the timing of the light pulse that would act as the key. More secure (but not pick-proof.) and less complicated.
Or you could do something fancy with prisms or whatnot to split the red-green-blue portion of a white/colored light into different light paths, but, again, it's overkill, and still not very secure.
Ed R.Zahurak
You know, oblivion keeps looking better every day.
Of course the other issue is that it uses light... Light implies electric.
Actually, no, light does not imply electric. Typically, wherever a lock is employed, ambient light is available. It's quite conceivable that this amount of light (through efficient fiber) would be sufficient, as it sounds like each fibre is either "on" or "off" at any given time.
What may (or may not) require electricity is the opening mechanism.
"Eve of Destruction", it's not just for old hippies anymore...
Shine a mag light in there and see!!!!!
Back in the day, Cadillac built a show car with no lock. There was a Cadillac emblem etched into the door glass, and a Cadillac emblem on the key fob. You held the key fob up to the etched emblem and the door unlocked. Pretty cool, except they put the car on the trailer and moved it from show to show, never actually driving it. Yep, the battery ran down, and without any other lock, they couldn't get in. Of course, the hood release was on the inside, so they couldn't jump the battery, either!
If all this should have a reason, we would be the last to know.
With 6 optical fibers, aren't there only 6! or 720 possible different "routing patterns"? How hard would it be to construct an electro-optical devices that would simply run through all 720 patterns until one worked? And no, you can't disable the device for a fixed time when it gets a misroute, because it is obviously going to misroute while someone is inserting the key... and someone like me who has two almost identical keys on their keychain is going to get really pissed off when they insert the wrong one. Finally... haven't we learned by now that replacing a simple mechanical device with an electro-optical-mechanical device greatly increases your failure modes?
"Freedom means freedom for everybody" -- Dick Cheney
I have seen locks based on this routing idea before, although using electrical connections rather than optical ones. The one saw had 16 paths, which is much more secure, as the number of unique keys is the number of paths factorial. 6! is only 720 keys, which you could imagine having a sack of and trying each one in a matter of minutes. 16 paths gives you 20 Trillion unique keys, which is going to be one freaking heavy sack. Also, optical fibers are very fragile in real world environments, where as electrical connections can jingle jangle in your pocket all day long and still be functional. I'd give this high marks for "cool" but not for "useful."
It's all pretty moot anyway. Spies pick locks, but most of us are more concerned about more prosaic intruders. Who don't waste their time with picks -- they smash or jimmy.
What was my other semantic issue? Oh yeah, "failsafe". Come on people. if you mean "foolproof," say that. I'd like to see "failsafe" preserved for its original meaning, though my hopes are dimming!
I'm intrigued how many solutions exist to all these counter examples. Why not have the ability to supply power from a external source to the locking system in event of power failure. The input path can be via optical or electric with the usual array of filtering mechanisms and barriers so that the lock circuitry can't be fried by malicious intent. Another thing is that it could have a lock system that is in fact powered like a radiometer by light to enable the throw of the mechanical bolt to be released. Also I have devised a system where you have little arrays of rare earth magnets that form a field and you insert a card to interrupt that field which disengages a mechanism allowing for a door to be opened with mechanical backup in event of electronic failure. Seems that many good solutions exist out there, also to the person who posed that finding the Key based on the VIN as plausible would only be so if you could not reprogram the codes for the lock. Sufficient systems that are for all tense and purposes not able to be combinatorially attacked can be engineered. Though the old axiom still exists: The more modern a system is the more susceptible it is to primitive attack, such as putting a liquid explosive around the door seams and blowing the door open, or blasting cord, etc.
Physical removal and offsite cracking will become all the rage.
Do any of you remember the old (and surprisingly realistic compared to newer crap) hacker movie "Sneakers"? When they are trying to break into the office to steal the chip, Redford comes to a door with an electronic lock. After getting an earful of explanation (which we don't hear) from his partner back in the van about how the military deals with that kind of lock, he agrees to try a new lockpicking method. He kicks the door, and the bolt pops out of the doorjam...
"Optical sledgehammer opens optical lock."
Cloud City Digital: DVD Production at its cheapest/finest
There have been much higher security versions of these things. Sandia Labs developed a seal technology around fiber bundles and routing.
There are even commercial devices based on this today.
Wouldn't "unpickable proof" indicate that it is indeed pickable? Ohh, silly me...English doesn't matter on the Internet.
Sometimes the point is not to gain entry but rather to prevent the legitimate owner from gaining entry. E.g. disabling the lock to the gun safe before breaking into a house. Denying access to key sensitive legal documents before a filing deadline. Delaying access to important medical supplies such as heart attack medicine, inhalers, and insulin.
And of course, situations where applying brute force to break the lock would be counterproductive (i.e. destroy the materials you're attempting to retrieve).
But then nowadays, all you have to do is make the lock electronic and cryptographic. Even if all the electronics only control a shackle made of wax, you've got the power of the DMCA already.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Otherwise you might stumble across this information:
Rice says that the only way someone could pick the lock is to duplicate the key. "You could potentially have as many different points as you want on the lock barrel as inputs and outputs," he explained. "Because it is a 3D pathway you are dealing with, you have potentially billions or trillions of combinations depending on how the lock is made. The probability of duplicating the path is very small."
That said, a lot of these fancy locks seem like overkill, especially since in very high security systems, you'd tend to want some kind of human oversight in the loop.
What were you expecting?
I've seen a card with holes punched in it used at motor carrier fleet refueling stations. The reader is optical and these heavy plastic credit-card sized cards bear a suspicious resemblence to these cards right down to the square holes.
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
I had considered that for encryption, the same type of idea could be done to "encrypt" paper content, by taking a particular "pixel" and placing it in a different position on the page, apparently at random. Using the same "key", everything can be put back into place. Fairly simple concept.
In a different way to look at the lock, isn't this just detecting how the key routes the light, and as long as it matches the known "good" pattern, it unlocks the door? The same technique could be used in exactly the same way by shining the light through in a pattern and detecting the code, with no special light routing at all. Any key could be a legitimate key for any given lock, it just gets reprogramed.
Why not use the public/private key model. Have the lock generate a message encrypted with the physical key's private crypt key, then have they physical key decode it and retransmit to the lock...
Liberty.
you mean that i can't get a blank without applying a little social engineering?
[Fuck Beta]
o0t!
You folks are thinking too hard. You need a low tech solution, that a burglar with a third grade education would use. :-)
Just put a little graphite-oil (used in regular locks) in the optical lock. Then, when the owner tears it out because it doesn't work (optical paths obscured by the graphite), the burglars can go back to business as usual.
Can You Say Linux? I Knew That You Could.
You must understand optics to grasp the beauty of this lock.
First, it is very difficult to couple light into a fiber. Any copy would have to be made with each fiber being perfectly aligned in at least five and possibly six axes. This would be virtually impossible.
In addition, the difficulty in coupling into a fiber would make it impossible to simply shine light in and get a response.
Optical systems offer many additional degrees of freedom including wavelegength, phase, polarization, and intensity.
Fibers could split or join inside the key. Light could be color shifted, or have its polarization modified. I can think of over 30 possible actions to take on each fiber that the "picker" could not determine without time, tools, and repeated attemps.
In short, those who understand optics know that if this lock was in a laboratory with the original key, it could take over a week, $200K in specialized equipement and $10K (custom filters are $5000 for 1, $5050 for 100-optics are much cheaper in large qnty) in materials to pick.
Not that the pick exists yet of course, but the simple fact that it uses light routes makes it pickable. :) :)
Since the light needs transceivers on either end and a physical interface in between for the key all you need to do is make a key with its own transceivers instead of simple light pipes (you'd probably have light-pipes out to an external device which would house a computer "brain" and the transceivers).
So you simply put the key in (or connect it or whatever the physical interface is) and let the computer start routing the inputs to different combinations of outputs.
It would be like the brute-force picker that Medeco has for their locks only maybe a lot faster!
However, having designed a pick, I can also think of half a dozen ways to slow it down enough to make it unuseable.
(If they're smart enough to figure out how to email me maybe I'll even tell them.
Without RTFA, I think I can explain why 6 inputs can create more than 720 combinations...
You're counting the possible pathways. You've forgotten to count the positionings! Two keys with the same routing pattern with only one input off by a fraction of a millimeter would not open the same lock.
ok, not having got much info from the article, there seems to be a probelm with this design. i'm making one possibly false assumtion, that there is a standard design for teh key and it is the light routing that changes. if so, it seems that it would be possible to make a device that is shaped like a key, but with a small computer attached that changes the routes, and that could try millions of combinations a second. i guess you could foil this attack by requiring the light to flow through for a predetermined amount of time, like even a second. still, with enough time you could pick it.
There are no trolls. There are no trees out here.
All you have to do to "pick" this kind of lock is to pick up the entire vault and rotate/move it back and forth at a particular frequency.
The action will speed up, and the time lock will open early.
Yes, I know that rotating/moving a large built-in vault can present a bit of a problem, but theoretically, it's possible.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
I guess with this new lock you'll just need to use opaque glue.
Sorry if this is redundant, but finding prior art took 5 minutes and looking for redundant findings of prior art posted in /. posts would take at least 5.1 minutes:
United States Patent 4,449,126;
Pekker; May 15, 1984; Electronic lock device and optical key therefor
Hmm. Prior art and, given its age, public domain.
My .45 ACP jammed into the nostrils of the keyholder will work every time.
Boycott everything - they're all trying to fuck you one way or another
Unless the clock uses two counter-rotating torsional pendulums. Shaking or twisting that mechanism doesn't but you much...
To overcome optical-flooding hacks, modulate the source at some unique frequency so that any other light is ignored. Use IR for better signal-to-noise.
The holographic key would be manufactured the same way credit card holograms are made. This is currently done with a mechanical stamping system. The stamping dies can be designed to accomodate a means to rapidly and uniquely program each holographic key.
Building the key right into the credit card itself would provide an extra security function into the same already-ubiquitous form factor. A low-cost, small (>2cm^3) monolithic module containing a source LED, phototransistor(s), and any optics(molded/embossed plastic) can be engineered for inclusion in card-readers and security devices. Much more complex keys can be implemented using a simple CMOS or CCD linear or 2D array.Anyway . . . holographic methods should be cheaper and more informationally robust than hard-wired routing methods. And the manufacturing infrastructure is essentially in place already.
Read the link. It has nothing to do with routing- only the telltale marks left on the fiber ends when it is cut.
One could do exactly the same thing with a steel cable; the "technology" is simply a microscope that captures what the cut looks like. Furthermore, there's no independent way for the seal to verify itself- you have to have the image of the seal's original condition stored in the camera or printed out, and obviously those could be switched/tampered with.
It seems incredibly useless.
Please help metamoderate.
someone just stuck a flashlight in?
You're still doing it the hard way.
Just get something hot enough to melt the steel close enough. When the steel gets thin enough, stop melting and cut the rest of the way in so you don't destroy the contents.
That's simply going through the wall.
Ok maybe NOW its unpickable but technology advances did you forget? Anyway i mean the copy-protected cds were foiled by a sharpie...... *shakes head sadly* you have to come up with something better than that
Yeah, or if there was a ferrous pendulum, use an electromagnet to wave it back and forth. If it is a springwheel, then temperature might have an effect (freezing/heating)
Eat at Joe's.