unforgeable optical tokens?
Ben Laurie
ben at algroup.co.uk
Mon Sep 23 12:54:01 EDT 2002
Nelson Minar wrote:
>>An idea from some folks at MIT apparently where a physical token
>>consisting of a bunch of spheres embedded in epoxy is used as an
>>access device by shining a laser through it.
>
>
> I have the pleasure of knowing one of the researchers, Ravi Pappu.
> He's smart and a real expert on holography and optics.
>
>
>>On the surface, this seems as silly as biometric authentication -- you
>>can simply forge what the sensor is expecting even if you can't forge
>>the token. Does anyone know any details about it?
>
>
> The Nature News piece claims
> attempting to mimic the speckle pattern using some other optical
> system, such as a hologram, is completely impractical.
> http://www.nature.com/nsu/020916/020916-15.html
> That's obviously not a complete answer, but it suggests that the
> problem has at least been thought about.
>
> More details are here:
> http://web.media.mit.edu/~pappu/htm/res/resPOWF.htm
> http://web.media.mit.edu/~pappu/htm/pubs/PappuPhDThesis01.pdf
>
> Ravi's PhD has a section on replay attacks - section 10.3, page 135.
> The claim there is you can't store all possible challenge/response
> pairs because the keyspace is too big and that the actual system is
> too complex to simulate.
Sounds to me like you have to store a double spend database to avoid a
replay attack (surely it isn't feasible for the verifier to choose the
orientation with sufficient accuracy to elicit a particular response,
therefore it will have accept valid responses from the vicinity, which
will allow replays). And a double spend DB for this kind of thing sounds
big and expensive. And slow to search.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list