Optical Lock Foils Thieves 156
opticsorg writes "A UK inventor has come up with a way to make what is thought to be an unpickable lock. The Optilock contains a bundle of up to six input optical fibers on one side of the lock barrel and a corresponding number of fibers on the other side. When a special key is inserted into the lock, it connects the fibers in a unique routing pattern opening the lock in a fraction of a second. Light then flows around the circuit until the key is removed and the circuit is broken."
Unpickable? (Score:5, Insightful)
Re:Unpickable? (Score:3, Funny)
Not unpickable (Score:5, Insightful)
Also, while this will be handy for places with cement walls and thick steel doors, places with windows and weak door frames will still be vulnerable. Plus, of course, the social engineering attacks.
That being said, I'm a big fan of new, shiny locks, so hooray for the people who made it.
=Brian
Re:Not unpickable (Score:5, Funny)
Quoting the article... "At the moment, the lock is a computer model. This money will allow us to see how these ideas will work and what the devices will actually look like."
Maybe it will be one of those situations where the lockpicks are invented before the vulnerability is found and fixed by the Microsoft, I mean, the manufacturer.
Semantic Issues (Score:4, Insightful)
It's all pretty moot anyway. Spies pick locks, but most of us are more concerned about more prosaic intruders. Who don't waste their time with picks -- they smash or jimmy.
What was my other semantic issue? Oh yeah, "failsafe". Come on people. if you mean "foolproof," say that. I'd like to see "failsafe" preserved for its original [electroid.com] meaning [imdb.com], though my hopes are dimming!
Re:Semantic Issues (Score:2)
A lesson in modern media; 90% of the reports on a given topic are copies of each other. What you have found is not a clue to an actual claim, but a reminder that being widely reported no more creates facts than does
Re:Semantic Issues (Score:2)
Re:Not unpickable (Score:4, Interesting)
If the description is correct, and light flows "in a circuit", then picking it is trivial as long as you have a key that can route light in a programmatic way.
See, what you have is the number of possible ways to match N fibers with N fibers. It's easy to see that the total number of locks is N!. However, the requisite that light flow in a circuit makes it so you can follow the loop. Figure out which of your switches on side A is getting light, route it to all fibers on side B until one of them makes a different fiber emit light, rinse, repeat. Having some fibers be decoys or having multiple light sources doesn't make this more complex at all (as long as you have a constant number of light sources.) As you can probably figure out, the worst case number of locks is now N + (N-1) + ... + 1, which is N * (N - 1) / 2. Not a whole lot of locks, and definitely something a machine can brute-force.
Of course, this brute force approach can be denied by locking the door permanently if too many 'wrong keys' are inserted. A better approach would be to ditch the 'circuit' idea altogether and just use N light sources with random matching.
I didn't have time to thoroughly read the original article, so maybe I'm just stating the obvious.
Re:Not unpickable (Score:3, Insightful)
No. You are missing the obvious; This isn't something a machine can force, as the lock is a physical thing located in a definite position. This isn't a DES key that you can let the software run overnight while you play Quake. Your 'machine' would have to be attached to the lock for hours while it tried combination after combination. (Your problems are not much easier if you have the key itself. It's stil
Re:Not unpickable (Score:2)
???
Scanning a key could be done in a single second if you have a scanner pre-built, and could be done by hand in well under a minute. There's nothing to "brute force" about a key. You just map out the location of the fiber end points and shine a laser pointer at them to see how they pair up.
As for picking the lock, I really hope the l
Re:Not unpickable (Score:2)
Ok... A key the size of my car key can have 60 points per side easily. That means a medium sophisticated mechanical assembly to scan them, and over 60! possible combinations to scan. (Matching a photocell and a laser to
Re:Not unpickable (Score:3, Insightful)
A key the size of my car key can have 60 points per side easily.
Scanning a key is generally a constant-factor task, or at worst linear in the number of fibers. More points really only makes the lock (hopefully) secure against brute force attacks.
assembly to scan them
A video camera with two mirrors to catch a 360-degree view of the key. Perhaps use curved mirrors for magnification. The most complicated part is simply swee
Re:Not unpickable (Score:2)
You don't "get" the problem...
If it unlocks based on a set of side-2 elements detecting a signal, you need only flood all of side-2 with the output of the active fiber on side-1. That corresponds to an O(1) operation.
In the worst case, where significantly lossy transmission matters, you still only need to perform (N+(N-1)+(N-2)+...+1) possible checks, which does not equal N!, but rather, N(
Re:Not unpickable (Score:2)
Quite the opposite. I *do* get the problem, because I look beyond the numbers to the actual engineering. (I know, I know. It's heresy on slashdot to use actual facts.)
*If* it behaves that way, which I find highly unlikely given the author describes the key as having a '3-d' structure.
Re:Not unpickable (Score:2)
instead of having to make complicated mechanical devices, you could make a led based device. like they say, it can open in a fraction of a second...meaning much less time needed between changing the key configuration.
although, they could create some smart system that would "lock you out" after so many invalid attempts.
I do see what they mean unpickable...it is. You can't pick it a mechanical way (assuming they build it riht). But, it is st
Unpickable, huh? (Score:2, Insightful)
Re:Unpickable, huh? (Score:4, Interesting)
Obviously not the perfect solution, because it still opens at predictable intervals, but since there is *no* access to the lock itself from outside the vault, it certaintly can't be picked...
=Smidge=
Re:Unpickable, huh? (Score:2, Interesting)
It would be difficult to imagine a system that isn't both useful and circumventable.
Re:Unpickable, huh? (Score:5, Interesting)
1. We had to physically check and make sure that no-one was in the vault (stray teller, somebody left their kid, etc) before we closed it.
2. There was an O2 tank & mask in the vault in case someone *did* get locked in.
3. Be really, really careful at setting the timers correctly because if it wasn't open in time for the next business day, we were screwed (no, this wasn't a three-day weekend...)
Re:Unpickable, huh? (Score:2)
Re:Unpickable, huh? (Score:3, Informative)
Most time locks can only be set a maximum of three of four days.
However I am no expert on timelocks, and accept that I very well may be wrong.
-Rusty
Re: "Unpickable" time-locks (Score:2, Interesting)
All you have to do to "pick" this kind of lock is to pick up the entire vault and rotate/move it back and forth at a particular frequency.
The action will speed up, and the time lock will open early.
Yes, I know that rotating/moving a large built-in vault can present a bit of a problem, but theoretically, it's possible.
Re: "Unpickable" time-locks (Score:2)
Re: "Unpickable" time-locks (Score:3, Interesting)
Just get something hot enough to melt the steel close enough. When the steel gets thin enough, stop melting and cut the rest of the way in so you don't destroy the contents.
Re:Unpickable, huh? (Score:3, Funny)
Yeah, MacGyver did that all the time.
Re:Unpickable, huh? (Score:2)
Well, there's the old issue of reciprocity: if nobody knows the [jewels] have been taken from the (time-locked) safe, there's a fixed (and known) period of time for thieves to use the cover. this has been built into many a movie plot.
so then the issue isn't the lock itself, it's the people surround it during the open time period. once that is comprimised, the lock serves no purpose.
Electronics (Score:4, Insightful)
Re:Electronics (Score:2)
Re:Electronics (Score:2)
Re:Electronics (Score:4, Insightful)
Re:Electronics (Score:2)
Re:Electronics (Score:3)
Re:Electronics (Score:5, Insightful)
Re:Electronics (Score:4, Insightful)
Of course, this is weak to people who will just use alternating codes, but security is always inversely proportional to convenience.
Re:Electronics (Score:2)
And for swipe-cards, install a 'skimmer'
Re:Electronics (Score:2)
Re:Electronics (Score:3, Informative)
Copyright Reference (Score:5, Funny)
Gonna need new equipment... (Score:4, Funny)
But it requires a power supply. (Score:4, Interesting)
Many locking mechanisms require power, and if the power fails, there are only two possibilities: either it will be locked shut and unopenable, or it will have a fail-safe mechanism to unlock automatically if the power fails.
Either way, it leaves itself open to anyone who wants to cause trouble.
In any case, any door that people will be behind will necessitate the latter, as otherwise they could get locked in during a fire, which means that anyone wanting to gain access only needs to cut the power and they're in.
Re:But it requires a power supply. (Score:4, Insightful)
Re:But it requires a power supply. (Score:2)
Re:But it requires a power supply. (Score:2)
OT Story (Score:5, Interesting)
Re:OT Story (Score:2)
Interesting question about the sensing, though; does the battery run constantly, listening for the key? If so, can it eventually run down? I would g
Re:OT Story (Score:2)
Re:OT Story (Score:2)
Re:But it requires a power supply. (Score:5, Interesting)
Re:But it requires a power supply. (Score:2)
From the article, "The first Optilocks have been designed for the automotive industry."
There are some automotive locks that already use power from the car's battery, so that's not a huge consideration.
Re:But it requires a power supply. (Score:2)
I think it would be trivial to build a lock mechanism with an embedded radioactive power supply and a lead shield (would need more Amps to flip a solenoid than illuminate a sign, hence more radiation).
Re:But it requires a power supply. (Score:4, Interesting)
No, they're powered by a chemical Nickel Cadmium (NiCad) battery.
Getting a building built is hard enough without making yourself fall under NRC jurisdiction because you installed an RTG.
There are tritium-based emergency exit signs, but they are more expensive than battery-backed signs, and are typically only used in aircraft, or where power is unavailable.
key of light (Score:2, Funny)
Re:key of light (Score:3, Insightful)
Probably not unpickable (Score:3, Insightful)
Basically, this is no more unpickable than a card-swipe.
Finally, electric locks have a limited market, which is well saturated with card-swipe and PIN punch products.
Re:Probably not unpickable (Score:2, Insightful)
Easily avoided by putting a signal out each pin and checking for the same signal on the receiving side.
What about one that is configurable, and can try different mappings quickly ?
Easy to defend against, since it's an electronic lock it can detect brute force attacks easily and shutdown the system. If there are 1000000 possible combinations, all you need to do is have it shutdown for 1 minute a
Re:Probably not unpickable (Score:3, Insightful)
same problem as existing locks (Score:5, Insightful)
however, with an optical key, one merely has to carry around a recepticle that, in turn, flashes a beam through the key's inputs, and record the appropriate output. nothing physical needs to be made. in today's terms, i call in the sequence to a buddy who then lays fiber into a template and uses it. meanwhile, i engage conversation on target, reporting when she's left.
cars? are you kidding? these are even easier, merely get a job as a valet and start your database. since it's all just digital information, you have access to VIN and lock solution, license plate number and home town/state (if not entire address, since most people's cars have it somewhere - like the insurance docs). these databases could be traded online just like anything else.
while i think this is very interesting, it still is no substitute for bio-based locks. however, they have their own problems (seem like every part of the body can be captured/duplicated).
Learn some Optics (Score:2, Interesting)
First, it is very difficult to couple light into a fiber. Any copy would have to be made with each fiber being perfectly aligned in at least five and possibly six axes. This would be virtually impossible.
In addition, the difficulty in coupling into a fiber would make it impossible to simply shine light in and get a response.
Optical systems offer many additional degrees of freedom including wavelegength, phase, polarization, and intensity.
Fibe
Re:Learn some Optics (Score:2)
Sounds like we're not going to have these locks around anyway, at those prices!
Re:same problem as existing locks (Score:2)
-
Brute Force? (Score:2, Interesting)
Assuming you could build something small enough to enter the slot and dynamically rearrange the light (the article says it's a 3d pattern?), or hell, pipe the light out of the slot and pipe it back in after reconfiguring it, it would be open to a brute force method of attack.
Perhaps they've got some type of check for this built in. Either way, making something as
Re:Brute Force? (Score:3, Interesting)
He claims, however, that there are billions of combinations. Suppose you could check a hundred combinations a second, it would take you 115 days max to try every combination, 57 days on average to crack. This is probably enough security for most applications, since in most applications the lock only has to taken lo
Re:Brute Force? (Score:2)
Bah (Score:2)
Most locks are picked by tweaking a series of levers in the lock or bypassing some sort of electronic control system.
There will be an electronic control system here, just like any other electronic system. The actual physical lock is still going to be actuated by
Define Unpickable (Score:2, Informative)
Of course the other issue is that it uses light... Light implies electric. Electric locks may not be a "Good Thing" (TM) when your power goes out, or the batteries run down. What if water gets inside? If it's unpickable, then how do you open it in emergency situations when the power goes out?
Perhaps it should read: "Interesting Nift-value Lock" and come with a stick of dynamite in
Re:Define Unpickable (Score:2)
If you blow the door off a safe you haven't picked the lock, you've bypassed it.
Picking one of these would be easy. (Score:4, Interesting)
Take the example of "6" inputs on the lock and the key:
A B C D E F
In order for it to "complete" a circuit (or circuits), you have to "connect" certain inputs together to sort of "loop" the light back to the lock and complete the circuit.
For instance:
A-B C-D E-F
That's three "loops", lets call them.
There are 30 possible combinations for the first
loop.
There are then 12 combinations for the second loop,
and the third, no combination -- there's only one choice.
A total of 360 combinations, give or take. You could easily make a device to mimic every possible circuit very easily. Breaking the lock would take seconds.
Now let's look at the lock.
Assuming the light source exists in the lock, you would be able to tell immediately which inputs send light *to* the key, and which return light *from* the key. With a simple LED, you could easily "light up" the return paths, to see which loops they connect to. Armed with this information, it's easy to find the remaining possibly valid combinations, and try them.
I'm telling you, this lock could be picked with near lightning speed.
No, you would need to include some sort of electronic timing component -- preferrably in the key -- to initiate *pulses* of light, rather than a steady stream. In which case, the path of the light is basically irrelevany -- it's the timing of the light pulse that would act as the key. More secure (but not pick-proof.) and less complicated.
Or you could do something fancy with prisms or whatnot to split the red-green-blue portion of a white/colored light into different light paths, but, again, it's overkill, and still not very secure.
Re:Picking one of these would be easy. (Score:3, Insightful)
(And that's assuming one input can't go to multiple outputs; some degree of fan-out is probably possible, which can make it grow even faster.)
Still, I'd lean more towards saying that a dynamic key system, like many car remote locks use, is more intrinsically secure.
Re:Picking one of these would be easy. (Score:2, Insightful)
Re:Picking one of these would be easy. (Score:3, Insightful)
These are not very hard to add to such a lock, but they make the math even harder. And they
Re:Picking one of these would be easy. (Score:2)
Re:Picking one of these would be easy. (Score:2)
Re:Picking one of these would be easy. (Score:2)
Second, since each of the six spots would require a photo emitter and a photo reciever, you could make it so each element has it's own fiberoptic cable. This would let 1 connect to 2, two connect to 3, e
Locks are like programming languages.... (Score:5, Informative)
and by tightly controlled... (Score:2)
Unpickable? (Score:4, Insightful)
What ever you do, don't read the artical! (Score:5, Informative)
Rice says that the only way someone could pick the lock is to duplicate the key. "You could potentially have as many different points as you want on the lock barrel as inputs and outputs," he explained. "Because it is a 3D pathway you are dealing with, you have potentially billions or trillions of combinations depending on how the lock is made. The probability of duplicating the path is very small."
That said, a lot of these fancy locks seem like overkill, especially since in very high security systems, you'd tend to want some kind of human oversight in the loop.
Re:What ever you do, don't read the artical! (Score:2)
I didn't RTFA, but I have an answer anyway! (Score:5, Informative)
You're counting the possible pathways. You've forgotten to count the positionings! Two keys with the same routing pattern with only one input off by a fraction of a millimeter would not open the same lock.
Re:What ever you do, don't read the artical! (Score:2)
This is only true if you have 6 fixed-position outputs as well.
The number of outputs is likely to be the same as the number of inputs, but nothing says their position has to be the same from one key/lock to the next.
Re:What ever you do, don't read the artical! (Score:2)
Re:What ever you do, don't read the artical! (Score:2)
Not that new of an idea (Score:3, Interesting)
Re:Not that new of an idea (Score:2)
Until they corrode. You've obviously never lived near the ocean.
Re:Not that new of an idea (Score:2)
Gold doesn't corrode.
Re:Not that new of an idea (Score:2)
Actually, optical fibers wouldn't work very well either (the ends are subject to getting scratched and becoming non-transmissive.) Perhaps one would be better off with tunnels and mirrors... those would only be subject to filling up with pocket lint.
External Power? (Score:2, Insightful)
Re:External Power? (Score:2)
Y'know, after the examples I read earlier about car batteries dying because of this technology, the need to have it hooked up to a power source and what happens in the event of an emergency (I think this is something i'd have on a UPS, at least.) one person's tumbler lock idea intrigued me. They stated that it was a digital tumbler lock which powered itself up by spinning the tumbler, why not d
Sneakers (Score:5, Funny)
Onion headline (Score:5, Funny)
Not novel. (Score:3, Interesting)
There are even commercial devices [canberra.com] based on this today.
What about the reverse? (Score:3, Insightful)
And of course, situations where applying brute force to break the lock would be counterproductive (i.e. destroy the materials you're attempting to retrieve).
But then nowadays, all you have to do is make the lock electronic and cryptographic. Even if all the electronics only control a shackle made of wax, you've got the power of the DMCA already.
Optical locks are already in use. (Score:3, Interesting)
If they're going to make locks this sophisticated. (Score:4, Interesting)
Thinking too hard (Score:4, Funny)
Just put a little graphite-oil (used in regular locks) in the optical lock. Then, when the owner tears it out because it doesn't work (optical paths obscured by the graphite), the burglars can go back to business as usual.
I already know how it could be picked (Score:5, Insightful)
Since the light needs transceivers on either end and a physical interface in between for the key all you need to do is make a key with its own transceivers instead of simple light pipes (you'd probably have light-pipes out to an external device which would house a computer "brain" and the transceivers).
So you simply put the key in (or connect it or whatever the physical interface is) and let the computer start routing the inputs to different combinations of outputs.
It would be like the brute-force picker that Medeco has for their locks only maybe a lot faster!
However, having designed a pick, I can also think of half a dozen ways to slow it down enough to make it unuseable.
(If they're smart enough to figure out how to email me maybe I'll even tell them.
possible attack (Score:2)
Sorry if this is redundant (Score:2)
United States Patent 4,449,126; [uspto.gov]
Pekker; May 15, 1984; Electronic lock device and optical key therefor
Hmm. Prior art and, given its age, public domain.
Re:Old idea (Score:2)
Re:Unpickable proof?? (Score:2, Funny)