unforgeable optical tokens?

Fri Sep 20 13:01:04 EDT 2002

>An idea from some folks at MIT apparently where a physical token
>consisting of a bunch of spheres embedded in epoxy is used as an
>access device by shining a laser through it.

I have the pleasure of knowing one of the researchers, Ravi Pappu.
He's smart and a real expert on holography and optics.

>On the surface, this seems as silly as biometric authentication -- you
>can simply forge what the sensor is expecting even if you can't forge
>the token. Does anyone know any details about it?

The Nature News piece claims
  attempting to mimic the speckle pattern using some other optical
  system, such as a hologram, is completely impractical.
  http://www.nature.com/nsu/020916/020916-15.html
That's obviously not a complete answer, but it suggests that the
problem has at least been thought about.

More details are here:
  http://web.media.mit.edu/~pappu/htm/res/resPOWF.htm
  http://web.media.mit.edu/~pappu/htm/pubs/PappuPhDThesis01.pdf

Ravi's PhD has a section on replay attacks - section 10.3, page 135.
The claim there is you can't store all possible challenge/response
pairs because the keyspace is too big and that the actual system is
too complex to simulate.

BTW, this work comes out of the MIT Media Lab's Things That Think
research program (aka "The Center for Bits and Atoms"). Despite the
marketing fluff that sometimes surrounds Media Lab projects, there's a
lot of interesting work going on there on the intersection between
software and physical objects. RFID tags, massive embedded networking,
physical interfaces, etc. Lots of fun topics for applied cryptographers.

For a commercial spin, see ThingMagic
  http://www.thingmagic.com/

                                                     nelson at monkey.org
.       .      .     .    .   .  . . http://www.media.mit.edu/~nelson/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com