Optical Lock Foils Thieves

opticsorg writes "A UK inventor has come up with a way to make what is thought to be an unpickable lock. The Optilock contains a bundle of up to six input optical fibers on one side of the lock barrel and a corresponding number of fibers on the other side. When a special key is inserted into the lock, it connects the fibers in a unique routing pattern opening the lock in a fraction of a second. Light then flows around the circuit until the key is removed and the circuit is broken."

Unpickable?

[climberkid]

Accually saying that this is an "unpickable" lock is risky. I mean, look at the efforts by the RIAA to prevent P2P, or the anti-burning CD's with the corrupt files that crash computers, someone fixed that with a sharpie. I think that making statements like that is seriously underestimating human potential.

Not unpickable

[SandSpider]

This is obvious, but the lock isn't unpickable, it's just going to take a while before people figure out how to pick it, and it'll raise the bar on tools needed for picking at most.

Also, while this will be handy for places with cement walls and thick steel doors, places with windows and weak door frames will still be vulnerable. Plus, of course, the social engineering attacks.

That being said, I'm a big fan of new, shiny locks, so hooray for the people who made it.

=Brian

Unpickable, huh?

[Saganaga]

Calling a lock "unpickable" seems presumptuous at best. Doesn't history show that there never has been and never will be a "final solution" to security?

Electronics

[aridhol]

According to the article:

Most locks are picked by [...] bypassing some sort of electronic control system. Rice's idea removes these vulnerable components.

Won't there need to be an electronic control system that determines when you have the correct light pattern? Just bypass (or hack) the light-detection system, and you're in.

Probably not unpickable

[Anonymous Coward]

Certainly if you have a key you can replicate that key, for one. Secondly, can a master key be made that just shines takes light from one side and shines it down all the other holes ? What about one that is configurable, and can try different mappings quickly ?

Basically, this is no more unpickable than a card-swipe.

Finally, electric locks have a limited market, which is well saturated with card-swipe and PIN punch products.

Re:But it requires a power supply.

[aridhol]

In any case, any door that people will be behind will necessitate the latter, as otherwise they could get locked in during a fire,

Not necessarily. There could be a physical override on the inside that directly manipulates the latch. This allows an exit, even if the door is locked.

same problem as existing locks

[mugnyte]

picking a lock is just one part of a problem : the other is securing the key. in a bar, one could theoretically press a key into a mold for later duplication (old trick and not very efficient).

however, with an optical key, one merely has to carry around a recepticle that, in turn, flashes a beam through the key's inputs, and record the appropriate output. nothing physical needs to be made. in today's terms, i call in the sequence to a buddy who then lays fiber into a template and uses it. meanwhile, i engage conversation on target, reporting when she's left.

cars? are you kidding? these are even easier, merely get a job as a valet and start your database. since it's all just digital information, you have access to VIN and lock solution, license plate number and home town/state (if not entire address, since most people's cars have it somewhere - like the insurance docs). these databases could be traded online just like anything else.

while i think this is very interesting, it still is no substitute for bio-based locks. however, they have their own problems (seem like every part of the body can be captured/duplicated).

Re:Probably not unpickable

[PhuCknuT]

can a master key be made that just shines takes light from one side and shines it down all the other holes ?

Easily avoided by putting a signal out each pin and checking for the same signal on the receiving side.

What about one that is configurable, and can try different mappings quickly ?

Easy to defend against, since it's an electronic lock it can detect brute force attacks easily and shutdown the system. If there are 1000000 possible combinations, all you need to do is have it shutdown for 1 minute after say, 10 failed attempts, and suddenly it takes 100000 minutes to brute force.

Basically, this is no more unpickable than a card-swipe.

This part is probably true, but the keys are harder to duplicate at least (for now).

Re:Probably not unpickable

[Anonymous Coward]

This assumes that the light is only transfered unaltered - the Key could just as easily filter, phase shift, combine or otherwise alter the light so that it is not an easy process to replicate.

Re:Picking one of these would be easy.

[Jerf]

Factorials grow fast. Your supposed 6 input key may not have many combinations, but what of a 20 input key, which should be very feasible? 2,432,902,008,176,640,000 combinations is much more difficult to crack.

(And that's assuming one input can't go to multiple outputs; some degree of fan-out is probably possible, which can make it grow even faster.)

Still, I'd lean more towards saying that a dynamic key system, like many car remote locks use, is more intrinsically secure.

Unpickable?

[El]

With 6 optical fibers, aren't there only 6! or 720 possible different "routing patterns"? How hard would it be to construct an electro-optical devices that would simply run through all 720 patterns until one worked? And no, you can't disable the device for a fixed time when it gets a misroute, because it is obviously going to misroute while someone is inserting the key... and someone like me who has two almost identical keys on their keychain is going to get really pissed off when they insert the wrong one. Finally... haven't we learned by now that replacing a simple mechanical device with an electro-optical-mechanical device greatly increases your failure modes?

Re:key of light

[El]

Well, no. They obviously send a unique pulse pattern down each fiber, otherwise they could not determine which was routed where. So while you could proably disable the photocells by flooding them with light, you couldn't get them to register the correct pattern.

Re:Electronics

[alienw]

In that case, any EE could design an unbreakable lock in about 10 minutes. Put a keypad on the front and the electronics in the back. To avoid getting the electronics hacked, make the keypad physically or electrically isolated from the rest of circuit. Then, the only way to bypass it is if you know the code - which could be very long.

Semantic Issues

[fm6]

My first thought was that Jeremy Rice didn't use the U-Word, but that the reporter grabbed it as convenient journalese. (I have other issues with the reporter's use of language -- see below.) But all the news reports [google.com] seem to be saying "Unpickable", which can only mean this is an actual claim. Perhaps "pick" in this context refers to the specific technique for physically probing the tumblers of a lock, not just a synonym for "disable".

It's all pretty moot anyway. Spies pick locks, but most of us are more concerned about more prosaic intruders. Who don't waste their time with picks -- they smash or jimmy.

What was my other semantic issue? Oh yeah, "failsafe". Come on people. if you mean "foolproof," say that. I'd like to see "failsafe" preserved for its original [electroid.com] meaning [imdb.com], though my hopes are dimming!

Re:Picking one of these would be easy.

[PhuCknuT]

Yes, and there are other factors that multiply the number of possible combinations. For example, having the key modify the light in some way, having the fiber positions be variable, having the length of the light path within the key measurable (a coil of fiber to create propogation delay of the right amount). A good key, even with only 6 inputs, can have billions and billions of combinations just by adding in other factors besides on and off.

Re:Picking one of these would be easy.

[Nutcase]

Make it a 30 fiber system. Make it so 6 of those fibers must remain dark. Make 3 of them issue light, but one of those 3 issues a wavelength that tells the lock NOT to open, but you don't know which one. Add a light signal issuing from the key itself. Make the chain length vary between any combination 3,4,5, and 6 fibers chains. Now distribute the fibers around the barrel in a non-uniform, non-standard distribution.

These are not very hard to add to such a lock, but they make the math even harder. And they make it VERY difficult to develop a universal lockpick, because you would have a hard time making every fiber line up on the pick.

To pick it you would have to somehow make a key that matches the external hookups of the original key, but feeds the fibers out the back into a computer which could then begin decoding the math. Just getting the initial key to line up with the inner barrel of the lock would be quite the feat... doing the math in any reasonable time period would also be pretty damn impressive.

If I was going to approach it, I would try like hell to get a copy of the key (press in clay or something) and reproduce it.. then, with that knowledge, i would run the math externally generating signals. once i had a signal list, i would put the key into the lcok, and run the list rapidly.

To counteract that, you could simply have a length of time required for the light to trigger the open mechanism (i.e. for 3-5 ms, no more, no less) - and have a maximum attempts as well. Try more than twice, and the thing stops accepting input for 24 hours.

This thing is about as close to unpickable as it gets.

External Power?

[RogueScientist]

I'm intrigued how many solutions exist to all these counter examples. Why not have the ability to supply power from a external source to the locking system in event of power failure. The input path can be via optical or electric with the usual array of filtering mechanisms and barriers so that the lock circuitry can't be fried by malicious intent. Another thing is that it could have a lock system that is in fact powered like a radiometer by light to enable the throw of the mechanical bolt to be released. Also I have devised a system where you have little arrays of rare earth magnets that form a field and you insert a card to interrupt that field which disengages a mechanism allowing for a door to be opened with mechanical backup in event of electronic failure. Seems that many good solutions exist out there, also to the person who posed that finding the Key based on the VIN as plausible would only be so if you could not reprogram the codes for the lock. Sufficient systems that are for all tense and purposes not able to be combinatorially attacked can be engineered. Though the old axiom still exists: The more modern a system is the more susceptible it is to primitive attack, such as putting a liquid explosive around the door seams and blowing the door open, or blasting cord, etc.

Re:Electronics

[ivern76]

Remove keypad, insert new keypad that looks just like it and has a keypress logger. K?

What about the reverse?

[HTH NE1]

Sometimes the point is not to gain entry but rather to prevent the legitimate owner from gaining entry. E.g. disabling the lock to the gun safe before breaking into a house. Denying access to key sensitive legal documents before a filing deadline. Delaying access to important medical supplies such as heart attack medicine, inhalers, and insulin.

And of course, situations where applying brute force to break the lock would be counterproductive (i.e. destroy the materials you're attempting to retrieve).

But then nowadays, all you have to do is make the lock electronic and cryptographic. Even if all the electronics only control a shackle made of wax, you've got the power of the DMCA already.

Re:Electronics

[Atrahasis]

Put a keypad on the other side of the door that will only let you out if you enter a different code to the one you used to get in. That code is then the code you use to get in next time.

Of course, this is weak to people who will just use alternating codes, but security is always inversely proportional to convenience.

I already know how it could be picked

[itwerx]

Not that the pick exists yet of course, but the simple fact that it uses light routes makes it pickable.
Since the light needs transceivers on either end and a physical interface in between for the key all you need to do is make a key with its own transceivers instead of simple light pipes (you'd probably have light-pipes out to an external device which would house a computer "brain" and the transceivers).
So you simply put the key in (or connect it or whatever the physical interface is) and let the computer start routing the inputs to different combinations of outputs.
It would be like the brute-force picker that Medeco has for their locks only maybe a lot faster!
However, having designed a pick, I can also think of half a dozen ways to slow it down enough to make it unuseable. :)
(If they're smart enough to figure out how to email me maybe I'll even tell them. :)

Re:Not unpickable

[DerekLyons]

I didn't have time to thoroughly read the original article, so maybe I'm just stating the obvious.

No. You are missing the obvious; This isn't something a machine can force, as the lock is a physical thing located in a definite position. This isn't a DES key that you can let the software run overnight while you play Quake. Your 'machine' would have to be attached to the lock for hours while it tried combination after combination. (Your problems are not much easier if you have the key itself. It's still a physical object that only one machine at a time can work on, and during the hours it will take, you have to hope the owner does not notice it missing.)

Re:Not unpickable

[Alsee]

Unfortunately the article gave very little detail. We're stumbling around blind.

A key the size of my car key can have 60 points per side easily.

Scanning a key is generally a constant-factor task, or at worst linear in the number of fibers. More points really only makes the lock (hopefully) secure against brute force attacks.

assembly to scan them

A video camera with two mirrors to catch a 360-degree view of the key. Perhaps use curved mirrors for magnification. The most complicated part is simply sweeping the key with a laser. Then you review the tape at leisure to make a copy. Allowing a whopping 10 seconds to scan makes for a very reasonable "home-brew" scanner. A "professional" scanner tool could definitely be created to do it in a split second - an optical key means a light-speed optical scanner.

have to be well aligned with the input port, else the fiber won't transmit cleanly

Who needs a clean scan? It merely needs to be detectable. A 1% transmission would be plenty visible in a darkened scanning chamber.

These keys aren't much harder to copy then ordinary keys. Not that that's a major failing - we already hand ordinary keys to valets anyway. Keys generally aren't expected to be secure against someone who gets their hands on them.

The main issue is that the locks better have some more sophisticated key-reading method than the article mentions or you won't need the key at all.

-