>An idea from some folks at MIT apparently where a physical token >consisting of a bunch of spheres embedded in epoxy is used as an >access device by shining a laser through it.
I have the pleasure of knowing one of the researchers, Ravi Pappu. He's smart and a real expert on holography and optics. >On the surface, this seems as silly as biometric authentication -- you >can simply forge what the sensor is expecting even if you can't forge >the token. Does anyone know any details about it? The Nature News piece claims attempting to mimic the speckle pattern using some other optical system, such as a hologram, is completely impractical. http://www.nature.com/nsu/020916/020916-15.html That's obviously not a complete answer, but it suggests that the problem has at least been thought about. More details are here: http://web.media.mit.edu/~pappu/htm/res/resPOWF.htm http://web.media.mit.edu/~pappu/htm/pubs/PappuPhDThesis01.pdf Ravi's PhD has a section on replay attacks - section 10.3, page 135. The claim there is you can't store all possible challenge/response pairs because the keyspace is too big and that the actual system is too complex to simulate. BTW, this work comes out of the MIT Media Lab's Things That Think research program (aka "The Center for Bits and Atoms"). Despite the marketing fluff that sometimes surrounds Media Lab projects, there's a lot of interesting work going on there on the intersection between software and physical objects. RFID tags, massive embedded networking, physical interfaces, etc. Lots of fun topics for applied cryptographers. For a commercial spin, see ThingMagic http://www.thingmagic.com/ [EMAIL PROTECTED] . . . . . . . . http://www.media.mit.edu/~nelson/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
