Optical Lock Foils Thieves

opticsorg writes "A UK inventor has come up with a way to make what is thought to be an unpickable lock. The Optilock contains a bundle of up to six input optical fibers on one side of the lock barrel and a corresponding number of fibers on the other side. When a special key is inserted into the lock, it connects the fibers in a unique routing pattern opening the lock in a fraction of a second. Light then flows around the circuit until the key is removed and the circuit is broken."

But it requires a power supply.

[Spudley]

It may be unpickable, but using fibre-optics means it requires a power supply, which means it is still vunerable.

Many locking mechanisms require power, and if the power fails, there are only two possibilities: either it will be locked shut and unopenable, or it will have a fail-safe mechanism to unlock automatically if the power fails.

Either way, it leaves itself open to anyone who wants to cause trouble.

In any case, any door that people will be behind will necessitate the latter, as otherwise they could get locked in during a fire, which means that anyone wanting to gain access only needs to cut the power and they're in.

Brute Force?

[gphat]

Disregarding the obvious flaws such as hinges, weak door frames, and a power source, wouldn't this just open the thing up to being brute forced?

Assuming you could build something small enough to enter the slot and dynamically rearrange the light (the article says it's a 3d pattern?), or hell, pipe the light out of the slot and pipe it back in after reconfiguring it, it would be open to a brute force method of attack.

Perhaps they've got some type of check for this built in. Either way, making something as simple as the lock into a 'high-tech network connected paradigm shifter' (no, the article doesn't say that) simply opens it up the network attack, or worse, sharpies.

Re:Unpickable, huh?

[Smidge204]

Honest question: Has anyone ever defeated a timelock?

Obviously not the perfect solution, because it still opens at predictable intervals, but since there is *no* access to the lock itself from outside the vault, it certaintly can't be picked...
=Smidge=

Picking one of these would be easy.

[TrebleJunkie]

Let's look at the key.

Take the example of "6" inputs on the lock and the key:

A B C D E F

In order for it to "complete" a circuit (or circuits), you have to "connect" certain inputs together to sort of "loop" the light back to the lock and complete the circuit.

For instance:

A-B C-D E-F

That's three "loops", lets call them.

There are 30 possible combinations for the first
loop.

There are then 12 combinations for the second loop,

and the third, no combination -- there's only one choice.

A total of 360 combinations, give or take. You could easily make a device to mimic every possible circuit very easily. Breaking the lock would take seconds.

Now let's look at the lock.

Assuming the light source exists in the lock, you would be able to tell immediately which inputs send light *to* the key, and which return light *from* the key. With a simple LED, you could easily "light up" the return paths, to see which loops they connect to. Armed with this information, it's easy to find the remaining possibly valid combinations, and try them.

I'm telling you, this lock could be picked with near lightning speed.

No, you would need to include some sort of electronic timing component -- preferrably in the key -- to initiate *pulses* of light, rather than a steady stream. In which case, the path of the light is basically irrelevany -- it's the timing of the light pulse that would act as the key. More secure (but not pick-proof.) and less complicated.

Or you could do something fancy with prisms or whatnot to split the red-green-blue portion of a white/colored light into different light paths, but, again, it's overkill, and still not very secure.

Re:But it requires a power supply.

[pagercam2]

This isn't true the only lock currently approved for DoD Spin locks is self powered it uses a LCD that indicated the current number being pointed to rather than a marked dial. You have to spin the lock a few time to generate enough power for it to work and then you dial in the combination. Batteries are a big no no in any sort of lock. If people are behind the door a mechanical override is given, the deadbolt or other locking mechanism is mechanical and as long as all mechanical items are internal it is allowed. The old drill throigh the locking bars is always a possibility but as with encyption its no really unbreakable just unbreakable in a reasonable period of time.

OT Story

[Rick the Red]

Back in the day, Cadillac built a show car with no lock. There was a Cadillac emblem etched into the door glass, and a Cadillac emblem on the key fob. You held the key fob up to the etched emblem and the door unlocked. Pretty cool, except they put the car on the trailer and moved it from show to show, never actually driving it. Yep, the battery ran down, and without any other lock, they couldn't get in. Of course, the hood release was on the inside, so they couldn't jump the battery, either!

Re:Unpickable, huh?

[spacecowboy420]

...Unless you figure out a way to change the time. Which probably isn't trivial, but I would imagine not impossible. I mean there has to be a way to ensure the accuracy of the clock - compromise that system and you're golden. There must also be an override somewhere, or an alternate means of entry aside from the lock - just in case of power failure. Then there is of course the well placed block of C4 - that should do it.

It would be difficult to imagine a system that isn't both useful and circumventable.

Not that new of an idea

[sig]

I have seen locks based on this routing idea before, although using electrical connections rather than optical ones. The one saw had 16 paths, which is much more secure, as the number of unique keys is the number of paths factorial. 6! is only 720 keys, which you could imagine having a sack of and trying each one in a matter of minutes. 16 paths gives you 20 Trillion unique keys, which is going to be one freaking heavy sack. Also, optical fibers are very fragile in real world environments, where as electrical connections can jingle jangle in your pocket all day long and still be functional. I'd give this high marks for "cool" but not for "useful."

Re:Unpickable, huh?

[Anonymous Coward]

It is entirely possible that there *is not* an override. I used to work in a bank, and part of my responsibilities were to lock up the main safe at night. It was time-locked, and once the lock was set there was *no* way to get that safe back open again until they unlocked. The entire mechanism was mechanical - there was no electricity to cut. The internal clocks had to be wound everyday. This was so much of a concern that :

1. We had to physically check and make sure that no-one was in the vault (stray teller, somebody left their kid, etc) before we closed it.

2. There was an O2 tank & mask in the vault in case someone *did* get locked in.

3. Be really, really careful at setting the timers correctly because if it wasn't open in time for the next business day, we were screwed (no, this wasn't a three-day weekend...)

Re:Not unpickable

[ivern76]

If the description is correct, and light flows "in a circuit", then picking it is trivial as long as you have a key that can route light in a programmatic way.

See, what you have is the number of possible ways to match N fibers with N fibers. It's easy to see that the total number of locks is N!. However, the requisite that light flow in a circuit makes it so you can follow the loop. Figure out which of your switches on side A is getting light, route it to all fibers on side B until one of them makes a different fiber emit light, rinse, repeat. Having some fibers be decoys or having multiple light sources doesn't make this more complex at all (as long as you have a constant number of light sources.) As you can probably figure out, the worst case number of locks is now N + (N-1) + ... + 1, which is N * (N - 1) / 2. Not a whole lot of locks, and definitely something a machine can brute-force.

Of course, this brute force approach can be denied by locking the door permanently if too many 'wrong keys' are inserted. A better approach would be to ditch the 'circuit' idea altogether and just use N light sources with random matching.

I didn't have time to thoroughly read the original article, so maybe I'm just stating the obvious.

Re:Brute Force?

[hey!]

Not sure on the exact method this guy is using, but it's not a simple binary pattern; otherwise the six sensor lock would only have 64 combinations, all of which could be tried in a few seconds.

He claims, however, that there are billions of combinations. Suppose you could check a hundred combinations a second, it would take you 115 days max to try every combination, 57 days on average to crack. This is probably enough security for most applications, since in most applications the lock only has to taken longer to pick than it would take to saw through it.

What might work, however, is a kind of attack familiar from cryptanalysis: attack the method of key generation. If the keys are programmed in ways that are not random, you might be able to determine that some keys are much more likely to be chosen. If the key generation process is flawed, it may be possible to have a good chance of opening the lock in a few days or hours.

Suppose that while billions of combinations are chosen, 90% of the time the key will come from a pool of 100,000 keys. This would mean I could construct a device that would open the lock in a mere 16 minutes 90% of the time; the median crack time would be well under ten minutes.

If I were designing the thing, I'd make it so it that if it detected a bad key, it would go to sleep for 30 seconds. Then in the bad key generation scenario, I could only check one combination every 30 seconds. That way even if there were only 100,000 likely key, it would still take on average a month to force the lock.

Not novel.

[muonzoo]

There have been much higher security versions of these things. Sandia Labs developed a seal technology around fiber bundles and routing.
There are even commercial devices [canberra.com] based on this today.

Optical locks are already in use.

[mrmeval]

I've seen a card [findarticles.com] with holes punched in it used at motor carrier fleet refueling stations. The reader is optical and these heavy plastic credit-card sized cards bear a suspicious resemblence to these cards [fourmilab.ch] right down to the square holes.

If they're going to make locks this sophisticated.

[7-Vodka]

Why not use the public/private key model. Have the lock generate a message encrypted with the physical key's private crypt key, then have they physical key decode it and retransmit to the lock...

Learn some Optics

[hd883r]

You must understand optics to grasp the beauty of this lock.

First, it is very difficult to couple light into a fiber. Any copy would have to be made with each fiber being perfectly aligned in at least five and possibly six axes. This would be virtually impossible.

In addition, the difficulty in coupling into a fiber would make it impossible to simply shine light in and get a response.

Optical systems offer many additional degrees of freedom including wavelegength, phase, polarization, and intensity.

Fibers could split or join inside the key. Light could be color shifted, or have its polarization modified. I can think of over 30 possible actions to take on each fiber that the "picker" could not determine without time, tools, and repeated attemps.

In short, those who understand optics know that if this lock was in a laboratory with the original key, it could take over a week, $200K in specialized equipement and $10K (custom filters are $5000 for 1, $5050 for 100-optics are much cheaper in large qnty) in materials to pick.

Re:But it requires a power supply.

[Captain Nitpick]

Exit signs are powered by radioactive Cadmium. They last ~20 years. The level of radiation is low enough that they are safe for preschools!

No, they're powered by a chemical Nickel Cadmium (NiCad) battery.

Getting a building built is hard enough without making yourself fall under NRC jurisdiction because you installed an RTG.

There are tritium-based emergency exit signs, but they are more expensive than battery-backed signs, and are typically only used in aircraft, or where power is unavailable.

Re: "Unpickable" time-locks

[some guy I know]

The entire mechanism was mechanical

This means that there was a springwheel or pendulum keeping time.
All you have to do to "pick" this kind of lock is to pick up the entire vault and rotate/move it back and forth at a particular frequency.
The action will speed up, and the time lock will open early.
Yes, I know that rotating/moving a large built-in vault can present a bit of a problem, but theoretically, it's possible.

Re: "Unpickable" time-locks

[asdfghjklqwertyuiop]

You're still doing it the hard way.

Just get something hot enough to melt the steel close enough. When the steel gets thin enough, stop melting and cut the rest of the way in so you don't destroy the contents.