Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security Science

'Uncrackable' Document and Product Security? 30

Posted by timothy from the lateral-thinking dept.
Curunculus writes "The Engineer reports that a unique 'fingerprint' formed by microscopic surface imperfections on almost all paper documents, plastic cards and product packaging could be used as a cheaper method to combat fraud. One of the developers, Professor Cowburn commented: "The beauty of this system is that there is no need to modify the item being protected in any way with tags, chips or inks; it's as if documents and packaging have their own unique DNA. This makes protection covert, low-cost, simple to integrate into the manufacturing process and immune to attacks against the security feature itself." This system is now being commercialised via Ingenia Technology, a spin off company."
This discussion has been archived. No new comments can be posted.

'Uncrackable' Document and Product Security? More

'Uncrackable' Document and Product Security?

Comments Filter:

  • But.. (Score:2, Insightful)

    by Daxster ( 854610 )
    Wouldn't this technology still be vulnerable to current problems? Things like where somebody steals your card, or records the data being sent/received whether it's from a computer or some machine somewhere.
  • Looks like flat bed scanners are gonna have a new use! And here I am stuck with my shitty handheld.

    • Re:Flatbeds (Score:3, Informative)

      by walt-sjc ( 145127 )
      Um, no. Different kind of scanner... The type of scanner they are talking about in the article looks for characteristics of the paper / media itself and not what is printed on it. The key phrase in the article is "Using the optical phenomenon of 'laser speckle'"... This implies that they shine a laser on the document. Don't think your standard flat bed scanner is going to be doing that anytime soon...
  • So ... regular handling changes the surface, eh? Or fold, drop it by mistake, write a note on another piece of paper on top of the document, put it in a file cabinet and press it between other documents or bend the edges cramming it in, pass it around so iother people can read it, mail it and handling mucks with it, it gets crammed into a mailbox with other documents ... heck, you scan it before putting it into an envelope, but you have to fold it to put it in the envelope ...

    • Re:Surface imperfections? (Score:4, Informative)

      by Wilson_6500 ( 896824 ) on Monday August 08, 2005 @11:46PM (#13276149)
      From what I understand, the imperfections are _everywhere_ over the document. I guess they'd do their little speckle-counting thing over six or ten different square inches (or centimeters, or whatever) of the document, and then folding doesn't matter. Besides, if the surface profile can survive scorching and abrasion, I think folding might not be a huge deal, and pressing certainly not.

      I've worked with speckle-based systems, and I'm skeptical about this, since there's a _lot_ of variance when you're dealing with laser speckle. I don't really know how their imaging system could quickly and efficiently discriminate between hundreds of little dots, average their sizes, statistics, etc.

      Any OE-s around that specialize in speckle to clear this up?

    • From here [sciencedaily.com]:

      The technique was tried on a variety of materials including matt-finish plastic cards, identity cards and coated paperboard packaging and resulted in clear recognition between the samples. This continued even after they were subjected to rough handling including submersion in water, scorching, scrubbing with an abrasive cleaning pad and being scribbled on with thick black marker.

  • Fraud prevention? (Score:5, Interesting)

    by Joe Random ( 777564 ) on Monday August 08, 2005 @11:45PM (#13276147)
    From the article:
    Using the optical phenomenon of 'laser speckle', researchers examined the fine structure of different surfaces using a focused laser, and recorded the intensity of the reflection. The technique was tried on a variety of materials including matt-finish plastic cards, identity cards and coated paperboard packaging and resulted in clear recognition between the samples. This continued even after they were subjected to rough handling including submersion in water, scorching,
    scrubbing with an abrasive cleaning pad and being scribbled on with thick black marker.
    So let me get this straight; I can scrub on one of these "fingerprinted" document until the letters wear off, write whetever I want on it with a black marker, and it will pass the verification check? Doesn't that kind of prevent the entire purpose of fingerprinting documents in the first place?

    "Well Mr. Random, while it is quite unusual to see a tax rebate check of *ahem* eleventy-billion dollars, the article passed all verification checks. We've deposited the amount into your account. Have a nice day."
    • But at least we know it was the right piece of paper!

      Luke
      ----
      Want to make your life easier? Whenever someone asks you a computer question that you don't want to answer, Send them to ChristianNerds.com [christiannerds.com]
    • Why do I get the feeling that they measured false positives, but not false negatives?
    • Step 1) Fingerprint the paper.
      Step 2) Generate a hash for the paper's fingerprint + the text you wish to print.
      Step 3) Cryptographically sign that hash.
      Step 4) Print the text and append the signature at the end.

      Any attempt to alter the text invalidates the signature. Any attempt to duplicate the document loses the fingerprint and again invalidates the signature. So yes, it can work.

      Of course this is all founded upon the assumption that the paper's fingerprint cannot be replicated. That is a safe assumption

  • TFA indicates it is flawed (Score:4, Informative)

    by photon317 ( 208409 ) on Monday August 08, 2005 @11:59PM (#13276195)

    Well, actually I didn't read the linked FA yet, but I read about this same thing elsewhere a few days ago. They said the chances of two peices of the same kind of paper have the same signature were 1:1000. Two reams of paper and you're in (or 1,000 peices of passport plastic, or whatever). Hardly an effort considering the documents they're considering using it on. Unless they can bump that number into the billions or more, it's pointless because it's too easy to manufacture a duplicate of any given document that has an identical fingerprint just by brute force.
    • To be fair, it isn't clear whether this is a "the quantity of uniquely identifiable information just isn't there" flaw or an "instrument precision" flaw. Most probably, nobody knows.

      So, I wouldn't count it out just yet.

      Also, I'm not so sure on your comment,
      "Unless they can bump that number into the billions or more, it's pointless because it's too easy to manufacture a duplicate of any given document that has an identical fingerprint just by brute force."

      In some circumstances, yes, you'll be able to see the
    • >Two reams of paper and you're in (or 1,000 peices of passport plastic, or whatever).

        So let me know how things work out for you when you hand 1000 passports to customs and wait for one of them to pass the test.
  • is it to have a name like "Cowburn" AND be a professor? I wonder if he likes hamburgers?

    Professor Cowburn. Say it. It just rooollls off your tongue!
  • ... scratch the surface? The card or document's unique surface changes right? Doesn't plastic bend, and get smoother the more you use it? Paper can get worn, torn, or crumpled. Interesting notion, but I think practicalities are going to cause problems for this technology. They will need to ensure this technology is people-proof, and that it is durable.
    • People proof? Why not idiot proof? How about those people who will just set out to find a way to screw it up? Don't think they exist? read the page...
      Also, what do you do when you scan a page and it's not a match?
  • Didn't I see this on CSI already?
  • There was a similar article [slashdot.org] in June about uniquely identifying Torah scrolls to discourage theft. This relied on inter-character gaps, paper tears, etc. to generate a unique document signature.

  • How much data again? (Score:3, Interesting)

    by ka9dgx ( 72702 ) on Tuesday August 09, 2005 @10:57AM (#13279260) Homepage Journal
    <ASSUME>So, let start with some assumptions:
    • 1 sample for every cm^2 of document
    • A4 [cam.ac.uk] sized documents.
    • Capability to register up to 1 trillion documents
    </ASSUME>

    Now, on with the math. First, we figure out how many samples we're going to possibly accomodate, as an address space:
    Total surface area (21.0 cm * 29.7 cm * 10 E^12) * 1 Sample / cm^2 --> 623,700,000,000,000 Samples

    This results in a 50 bit address space, if we were able to just sequentially number the samples. Since we have to work with what we're given, lets just assume we can get by with 256 bits/sample.

    This results in the need to store (256 bits sample) * (1 byte / 8 bits) * (21 cm * 29.7 cm / document) * (1 sample / cm^2) --> 19958.4 bytes/ document.

    So, in order for this to work we need to store about 20k/page. In order to authenticate documents, your stored database would be approximately 20 Gigabytes/ million documents, and indexing isn't going to help much.

    That's a lot of work, and it seems to me it would be quicker, easier, and far more efficient in general to store duplicates of the originals in a secure location.

    --Mike--

  • Recreating a tracked surface wouldn't be anywhere near as difficult as, say, cracking a huge RSA thumbprint, so this isn't good enough for authentication. Destroying the surface would be as easy as a microwave or bleach, so it's no good for permanent identification.

    Remind me what this is good for again?

Slashdot Top Deals

"Hello again, Peabody here..." -- Mister Peabody

Close