Optical Lock Foils Thieves 156
opticsorg writes "A UK inventor has come up with a way to make what is thought to be an unpickable lock. The Optilock contains a bundle of up to six input optical fibers on one side of the lock barrel and a corresponding number of fibers on the other side. When a special key is inserted into the lock, it connects the fibers in a unique routing pattern opening the lock in a fraction of a second. Light then flows around the circuit until the key is removed and the circuit is broken."
But it requires a power supply. (Score:4, Interesting)
Many locking mechanisms require power, and if the power fails, there are only two possibilities: either it will be locked shut and unopenable, or it will have a fail-safe mechanism to unlock automatically if the power fails.
Either way, it leaves itself open to anyone who wants to cause trouble.
In any case, any door that people will be behind will necessitate the latter, as otherwise they could get locked in during a fire, which means that anyone wanting to gain access only needs to cut the power and they're in.
Brute Force? (Score:2, Interesting)
Assuming you could build something small enough to enter the slot and dynamically rearrange the light (the article says it's a 3d pattern?), or hell, pipe the light out of the slot and pipe it back in after reconfiguring it, it would be open to a brute force method of attack.
Perhaps they've got some type of check for this built in. Either way, making something as simple as the lock into a 'high-tech network connected paradigm shifter' (no, the article doesn't say that) simply opens it up the network attack, or worse, sharpies.
Re:Unpickable, huh? (Score:4, Interesting)
Obviously not the perfect solution, because it still opens at predictable intervals, but since there is *no* access to the lock itself from outside the vault, it certaintly can't be picked...
=Smidge=
Picking one of these would be easy. (Score:4, Interesting)
Take the example of "6" inputs on the lock and the key:
A B C D E F
In order for it to "complete" a circuit (or circuits), you have to "connect" certain inputs together to sort of "loop" the light back to the lock and complete the circuit.
For instance:
A-B C-D E-F
That's three "loops", lets call them.
There are 30 possible combinations for the first
loop.
There are then 12 combinations for the second loop,
and the third, no combination -- there's only one choice.
A total of 360 combinations, give or take. You could easily make a device to mimic every possible circuit very easily. Breaking the lock would take seconds.
Now let's look at the lock.
Assuming the light source exists in the lock, you would be able to tell immediately which inputs send light *to* the key, and which return light *from* the key. With a simple LED, you could easily "light up" the return paths, to see which loops they connect to. Armed with this information, it's easy to find the remaining possibly valid combinations, and try them.
I'm telling you, this lock could be picked with near lightning speed.
No, you would need to include some sort of electronic timing component -- preferrably in the key -- to initiate *pulses* of light, rather than a steady stream. In which case, the path of the light is basically irrelevany -- it's the timing of the light pulse that would act as the key. More secure (but not pick-proof.) and less complicated.
Or you could do something fancy with prisms or whatnot to split the red-green-blue portion of a white/colored light into different light paths, but, again, it's overkill, and still not very secure.
Re:But it requires a power supply. (Score:5, Interesting)
OT Story (Score:5, Interesting)
Re:Unpickable, huh? (Score:2, Interesting)
It would be difficult to imagine a system that isn't both useful and circumventable.
Not that new of an idea (Score:3, Interesting)
Re:Unpickable, huh? (Score:5, Interesting)
1. We had to physically check and make sure that no-one was in the vault (stray teller, somebody left their kid, etc) before we closed it.
2. There was an O2 tank & mask in the vault in case someone *did* get locked in.
3. Be really, really careful at setting the timers correctly because if it wasn't open in time for the next business day, we were screwed (no, this wasn't a three-day weekend...)
Re:Not unpickable (Score:4, Interesting)
If the description is correct, and light flows "in a circuit", then picking it is trivial as long as you have a key that can route light in a programmatic way.
See, what you have is the number of possible ways to match N fibers with N fibers. It's easy to see that the total number of locks is N!. However, the requisite that light flow in a circuit makes it so you can follow the loop. Figure out which of your switches on side A is getting light, route it to all fibers on side B until one of them makes a different fiber emit light, rinse, repeat. Having some fibers be decoys or having multiple light sources doesn't make this more complex at all (as long as you have a constant number of light sources.) As you can probably figure out, the worst case number of locks is now N + (N-1) + ... + 1, which is N * (N - 1) / 2. Not a whole lot of locks, and definitely something a machine can brute-force.
Of course, this brute force approach can be denied by locking the door permanently if too many 'wrong keys' are inserted. A better approach would be to ditch the 'circuit' idea altogether and just use N light sources with random matching.
I didn't have time to thoroughly read the original article, so maybe I'm just stating the obvious.
Re:Brute Force? (Score:3, Interesting)
He claims, however, that there are billions of combinations. Suppose you could check a hundred combinations a second, it would take you 115 days max to try every combination, 57 days on average to crack. This is probably enough security for most applications, since in most applications the lock only has to taken longer to pick than it would take to saw through it.
What might work, however, is a kind of attack familiar from cryptanalysis: attack the method of key generation. If the keys are programmed in ways that are not random, you might be able to determine that some keys are much more likely to be chosen. If the key generation process is flawed, it may be possible to have a good chance of opening the lock in a few days or hours.
Suppose that while billions of combinations are chosen, 90% of the time the key will come from a pool of 100,000 keys. This would mean I could construct a device that would open the lock in a mere 16 minutes 90% of the time; the median crack time would be well under ten minutes.
If I were designing the thing, I'd make it so it that if it detected a bad key, it would go to sleep for 30 seconds. Then in the bad key generation scenario, I could only check one combination every 30 seconds. That way even if there were only 100,000 likely key, it would still take on average a month to force the lock.
Not novel. (Score:3, Interesting)
There are even commercial devices [canberra.com] based on this today.
Optical locks are already in use. (Score:3, Interesting)
If they're going to make locks this sophisticated. (Score:4, Interesting)
Learn some Optics (Score:2, Interesting)
First, it is very difficult to couple light into a fiber. Any copy would have to be made with each fiber being perfectly aligned in at least five and possibly six axes. This would be virtually impossible.
In addition, the difficulty in coupling into a fiber would make it impossible to simply shine light in and get a response.
Optical systems offer many additional degrees of freedom including wavelegength, phase, polarization, and intensity.
Fibers could split or join inside the key. Light could be color shifted, or have its polarization modified. I can think of over 30 possible actions to take on each fiber that the "picker" could not determine without time, tools, and repeated attemps.
In short, those who understand optics know that if this lock was in a laboratory with the original key, it could take over a week, $200K in specialized equipement and $10K (custom filters are $5000 for 1, $5050 for 100-optics are much cheaper in large qnty) in materials to pick.
Re:But it requires a power supply. (Score:4, Interesting)
No, they're powered by a chemical Nickel Cadmium (NiCad) battery.
Getting a building built is hard enough without making yourself fall under NRC jurisdiction because you installed an RTG.
There are tritium-based emergency exit signs, but they are more expensive than battery-backed signs, and are typically only used in aircraft, or where power is unavailable.
Re: "Unpickable" time-locks (Score:2, Interesting)
All you have to do to "pick" this kind of lock is to pick up the entire vault and rotate/move it back and forth at a particular frequency.
The action will speed up, and the time lock will open early.
Yes, I know that rotating/moving a large built-in vault can present a bit of a problem, but theoretically, it's possible.
Re: "Unpickable" time-locks (Score:3, Interesting)
Just get something hot enough to melt the steel close enough. When the steel gets thin enough, stop melting and cut the rest of the way in so you don't destroy the contents.