'Uncrackable' Document and Product Security?

← Back to Stories (view on slashdot.org)

'Uncrackable' Document and Product Security?

Posted by timothy on Monday August 8, 2005 @04:24PM from the lateral-thinking dept.

Curunculus writes "The Engineer reports that a unique 'fingerprint' formed by microscopic surface imperfections on almost all paper documents, plastic cards and product packaging could be used as a cheaper method to combat fraud. One of the developers, Professor Cowburn commented: "The beauty of this system is that there is no need to modify the item being protected in any way with tags, chips or inks; it's as if documents and packaging have their own unique DNA. This makes protection covert, low-cost, simple to integrate into the manufacturing process and immune to attacks against the security feature itself." This system is now being commercialised via Ingenia Technology, a spin off company."

30 comments

Min score:

Reason:

Sort:

But.. by Daxster · 2005-08-08 16:35 · Score: 2, Insightful

Wouldn't this technology still be vulnerable to current problems? Things like where somebody steals your card, or records the data being sent/received whether it's from a computer or some machine somewhere.

--
Death by snoo-snoo!
1. Re:But.. by pizza_milkshake · 2005-08-08 17:00 · Score: 1
  
  they're trying to solve the problem of verifying the legitimacy of a hardcopy document, not verifying that the person holding it is legit or preventing softcopy fraud. those are separate issues.
2. Re:But.. by Anonymous Coward · 2005-08-08 21:51 · Score: 0
  
  Your shift key is broken.
Flatbeds by fmwap · 2005-08-08 16:38 · Score: 1

Looks like flat bed scanners are gonna have a new use! And here I am stuck with my shitty handheld.
1. Re:Flatbeds by walt-sjc · 2005-08-08 23:10 · Score: 2, Informative
  
  Um, no. Different kind of scanner... The type of scanner they are talking about in the article looks for characteristics of the paper / media itself and not what is printed on it. The key phrase in the article is "Using the optical phenomenon of 'laser speckle'"... This implies that they shine a laser on the document. Don't think your standard flat bed scanner is going to be doing that anytime soon...
Surface imperfections? by A+nonymous+Coward · 2005-08-08 16:39 · Score: 1

So ... regular handling changes the surface, eh? Or fold, drop it by mistake, write a note on another piece of paper on top of the document, put it in a file cabinet and press it between other documents or bend the edges cramming it in, pass it around so iother people can read it, mail it and handling mucks with it, it gets crammed into a mailbox with other documents ... heck, you scan it before putting it into an envelope, but you have to fold it to put it in the envelope ...

--
Infuriate left and right
1. Re:Surface imperfections? by Wilson_6500 · 2005-08-08 16:46 · Score: 4, Informative
  
  From what I understand, the imperfections are _everywhere_ over the document. I guess they'd do their little speckle-counting thing over six or ten different square inches (or centimeters, or whatever) of the document, and then folding doesn't matter. Besides, if the surface profile can survive scorching and abrasion, I think folding might not be a huge deal, and pressing certainly not.
  
  I've worked with speckle-based systems, and I'm skeptical about this, since there's a _lot_ of variance when you're dealing with laser speckle. I don't really know how their imaging system could quickly and efficiently discriminate between hundreds of little dots, average their sizes, statistics, etc.
  
  Any OE-s around that specialize in speckle to clear this up?
2. Re:Surface imperfections? by SimilarityEngine · 2005-08-08 20:00 · Score: 1
  
  From here:
  The technique was tried on a variety of materials including matt-finish plastic cards, identity cards and coated paperboard packaging and resulted in clear recognition between the samples. This continued even after they were subjected to rough handling including submersion in water, scorching, scrubbing with an abrasive cleaning pad and being scribbled on with thick black marker.
  
  --
  Those who can make you believe absurdities can make you commit atrocities. - Voltaire
3. Re:Surface imperfections? by SimilarityEngine · 2005-08-08 20:04 · Score: 1
  
  D'oh. Apologies for duplicating the quote used in this post just below.
  
  --
  Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Fraud prevention? by Joe+Random · 2005-08-08 16:45 · Score: 5, Interesting

From the article:
Using the optical phenomenon of 'laser speckle', researchers examined the fine structure of different surfaces using a focused laser, and recorded the intensity of the reflection. The technique was tried on a variety of materials including matt-finish plastic cards, identity cards and coated paperboard packaging and resulted in clear recognition between the samples. This continued even after they were subjected to rough handling including submersion in water, scorching, scrubbing with an abrasive cleaning pad and being scribbled on with thick black marker.
So let me get this straight; I can scrub on one of these "fingerprinted" document until the letters wear off, write whetever I want on it with a black marker, and it will pass the verification check? Doesn't that kind of prevent the entire purpose of fingerprinting documents in the first place?

"Well Mr. Random, while it is quite unusual to see a tax rebate check of *ahem* eleventy-billion dollars, the article passed all verification checks. We've deposited the amount into your account. Have a nice day."
1. Re:Fraud prevention? by GuitarNeophyte · 2005-08-08 16:59 · Score: 1
  
  But at least we know it was the right piece of paper!
  
  Luke
  ----
  Want to make your life easier? Whenever someone asks you a computer question that you don't want to answer, Send them to ChristianNerds.com
2. Re:Fraud prevention? by booch · 2005-08-09 02:16 · Score: 1
  
  Why do I get the feeling that they measured false positives, but not false negatives?
  
  --
  Software sucks. Open Source sucks less.
3. Re:Fraud prevention? by Alsee · 2005-08-09 11:52 · Score: 1
  
  Step 1) Fingerprint the paper.
  Step 2) Generate a hash for the paper's fingerprint + the text you wish to print.
  Step 3) Cryptographically sign that hash.
  Step 4) Print the text and append the signature at the end.
  
  Any attempt to alter the text invalidates the signature. Any attempt to duplicate the document loses the fingerprint and again invalidates the signature. So yes, it can work.
  
  Of course this is all founded upon the assumption that the paper's fingerprint cannot be replicated. That is a safe assumption against casual duplication, but I don't think I'd trust that assumption against a sufficiently motivated adversary with a six-digit bank account to throw at the task. I'm picturing maybe custom hardware with a higher power laser to eat away at a sheet of paper, making multiple passes adapting a second page's finger print closer and closer to the fingerprint of the original. Scan, note the fingerprint error, burn, and rescan.
  
  -
  
  --
  - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Shhhhhh... by GuitarNeophyte · 2005-08-08 16:55 · Score: 3, Funny

You're not supposed to point out the elephants in the middle of the room. Just play along and be nice. And remember to bring plenty of peanuts.
TFA indicates it is flawed by photon317 · 2005-08-08 16:59 · Score: 3, Informative

Well, actually I didn't read the linked FA yet, but I read about this same thing elsewhere a few days ago. They said the chances of two peices of the same kind of paper have the same signature were 1:1000. Two reams of paper and you're in (or 1,000 peices of passport plastic, or whatever). Hardly an effort considering the documents they're considering using it on. Unless they can bump that number into the billions or more, it's pointless because it's too easy to manufacture a duplicate of any given document that has an identical fingerprint just by brute force.

--
11*43+456^2
1. Re:TFA indicates it is flawed by Raindance · 2005-08-08 17:38 · Score: 2, Interesting
  
  To be fair, it isn't clear whether this is a "the quantity of uniquely identifiable information just isn't there" flaw or an "instrument precision" flaw. Most probably, nobody knows.
  
  So, I wouldn't count it out just yet.
  
  Also, I'm not so sure on your comment,
  "Unless they can bump that number into the billions or more, it's pointless because it's too easy to manufacture a duplicate of any given document that has an identical fingerprint just by brute force."
  
  In some circumstances, yes, you'll be able to see the original document you're trying to forge, and get a "pretty decent fingerprint match". On some documents you don't-- and in that case, this system *will* stop you if implimented correctly.
2. Re:TFA indicates it is flawed by uniqueUser · 2005-08-09 02:07 · Score: 0
  
  I don't see how this will be very efficient for wide spread use. For example, this would not help prevent the counterfeiting of money. Currently here in the US, and I assume other countries as well, paper currency is validated by cretin characteristics. Of course, these characteristics could by copied. But in order to fingerprint each bill it would require massive amounts of data storage and associated cost.
  
  Storeowners will likely not have the means to compare every single bill with the national currency database.
  
  --
  GENERATION 25: The first time you see this, copy it into your sig on any forum and add 1 to the generation. Social exper
3. Re:TFA indicates it is flawed by vettemph · 2005-08-09 05:54 · Score: 1
  
  >Two reams of paper and you're in (or 1,000 peices of passport plastic, or whatever).
  
  So let me know how things work out for you when you hand 1000 passports to customs and wait for one of them to pass the test.
  
  --
  The government which is strong enough to protect you from everything is strong enough to take everything from you.
4. Re:TFA indicates it is flawed by Anonymous Coward · 2005-08-09 11:57 · Score: 0
  
  Why would you do that?
  
  You buy a scanner and scan the pages yourself. Then you only print on the particular page with the right signature.
adittional security by Anonymous Coward · 2005-08-08 17:56 · Score: 0

i think that our optical resoulution has come far enough to make this technology viable. think about it, if you can analyse the document on a suitably small scale, i'm sure there aren't two pieces of anything (be it plastic paper, whatever!) that are exacltly alike!

the benefits of something like this could be amazing applied to passports or even checks. analysing the materials themselves could counter fraud on almost any kind of document.

of course there is still one problem. the database that contains the document makeup information could ultimately be broken into and the data changed.

but in comparison to our current techniques for fraud prevention, i think this is a big leap.

don't know who said it but "there is no lock that can't be broken" still holds true. locks are a setback, an inconvenience to those wanting to get in.
And just how cool... by sl8r · 2005-08-08 18:46 · Score: 1

is it to have a name like "Cowburn" AND be a professor? I wonder if he likes hamburgers?

Professor Cowburn. Say it. It just rooollls off your tongue!
What happens when I... by CokoBWare · 2005-08-09 00:59 · Score: 1

... scratch the surface? The card or document's unique surface changes right? Doesn't plastic bend, and get smoother the more you use it? Paper can get worn, torn, or crumpled. Interesting notion, but I think practicalities are going to cause problems for this technology. They will need to ensure this technology is people-proof, and that it is durable.
1. Re:What happens when I... by MINEMINE04 · 2005-08-09 16:15 · Score: 1
  
  People proof? Why not idiot proof? How about those people who will just set out to find a way to screw it up? Don't think they exist? read the page...
  Also, what do you do when you scan a page and it's not a match?
Thank you! by Safety+Cap · 2005-08-09 01:27 · Score: 1

New tag!

--
Yeah, right.
Hmm... by Lord+Pillage · 2005-08-09 01:39 · Score: 1

Didn't I see this on CSI already?

--
try { Signature mysig = new CleverAttempt(); } catch(NonCleverSignatureException e) { postanyway(); }
Something similar used to protect Torah scrolls by StrongAxe · 2005-08-09 02:57 · Score: 1

There was a similar article in June about uniquely identifying Torah scrolls to discourage theft. This relied on inter-character gaps, paper tears, etc. to generate a unique document signature.
denial of service attack = crumple the paper by ricky_charlet · 2005-08-09 03:10 · Score: 1

enough said.
How much data again? by ka9dgx · 2005-08-09 03:57 · Score: 2, Interesting
<ASSUME>So, let start with some assumptions:
- 1 sample for every cm^2 of document
- A4 sized documents.
- Capability to register up to 1 trillion documents
</ASSUME>
Now, on with the math. First, we figure out how many samples we're going to possibly accomodate, as an address space:
Total surface area (21.0 cm * 29.7 cm * 10 E^12) * 1 Sample / cm^2 --> 623,700,000,000,000 Samples
This results in a 50 bit address space, if we were able to just sequentially number the samples. Since we have to work with what we're given, lets just assume we can get by with 256 bits/sample.
This results in the need to store (256 bits sample) * (1 byte / 8 bits) * (21 cm * 29.7 cm / document) * (1 sample / cm^2) --> 19958.4 bytes/ document.
So, in order for this to work we need to store about 20k/page. In order to authenticate documents, your stored database would be approximately 20 Gigabytes/ million documents, and indexing isn't going to help much.
That's a lot of work, and it seems to me it would be quicker, easier, and far more efficient in general to store duplicates of the originals in a secure location.
--Mike--
1. Re:How much data again? by Anonymous Coward · 2005-08-12 07:24 · Score: 0
  
  slashdot is fascist with caps
  
  your left out the [UNNECESSARY_MATH][/UNNECESSARY_MATH] tags
Oy. by stonecypher · 2005-08-10 05:09 · Score: 1

Recreating a tracked surface wouldn't be anywhere near as difficult as, say, cracking a huge RSA thumbprint, so this isn't good enough for authentication. Destroying the surface would be as easy as a microwave or bleach, so it's no good for permanent identification.

Remind me what this is good for again?

--
StoneCypher is Full of BS