Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Optical Lock Foils Thieves

michael posted more than 10 years ago | from the light-reading dept.

Science 156

opticsorg writes "A UK inventor has come up with a way to make what is thought to be an unpickable lock. The Optilock contains a bundle of up to six input optical fibers on one side of the lock barrel and a corresponding number of fibers on the other side. When a special key is inserted into the lock, it connects the fibers in a unique routing pattern opening the lock in a fraction of a second. Light then flows around the circuit until the key is removed and the circuit is broken."

cancel ×

156 comments

Sorry! There are no comments related to the filter you selected.

Unpickable? (5, Insightful)

climberkid (712298) | more than 10 years ago | (#8411893)

Accually saying that this is an "unpickable" lock is risky. I mean, look at the efforts by the RIAA to prevent P2P, or the anti-burning CD's with the corrupt files that crash computers, someone fixed that with a sharpie. I think that making statements like that is seriously underestimating human potential.

Re:Unpickable? (3, Funny)

rjshields (719665) | more than 10 years ago | (#8412002)

I wonder if I could "pick" it with a 14lb lump hammer ;)

Re:Unpickable? (0)

Anonymous Coward | more than 10 years ago | (#8413001)

I'm wondering how I'm going to get in my car when I lock my keys in it. Now the police will just have to smash my windows. :-/

Not unpickable (4, Insightful)

SandSpider (60727) | more than 10 years ago | (#8411896)

This is obvious, but the lock isn't unpickable, it's just going to take a while before people figure out how to pick it, and it'll raise the bar on tools needed for picking at most.

Also, while this will be handy for places with cement walls and thick steel doors, places with windows and weak door frames will still be vulnerable. Plus, of course, the social engineering attacks.

That being said, I'm a big fan of new, shiny locks, so hooray for the people who made it.

=Brian

Re:Not unpickable (4, Funny)

dman123 (115218) | more than 10 years ago | (#8412038)

Not only will it take a while for people to learn how to pick it, it will take a while for the lock to even exist...

Quoting the article... "At the moment, the lock is a computer model. This money will allow us to see how these ideas will work and what the devices will actually look like."

Maybe it will be one of those situations where the lockpicks are invented before the vulnerability is found and fixed by the Microsoft, I mean, the manufacturer.

Semantic Issues (3, Insightful)

fm6 (162816) | more than 10 years ago | (#8412227)

My first thought was that Jeremy Rice didn't use the U-Word, but that the reporter grabbed it as convenient journalese. (I have other issues with the reporter's use of language -- see below.) But all the news reports [google.com] seem to be saying "Unpickable", which can only mean this is an actual claim. Perhaps "pick" in this context refers to the specific technique for physically probing the tumblers of a lock, not just a synonym for "disable".

It's all pretty moot anyway. Spies pick locks, but most of us are more concerned about more prosaic intruders. Who don't waste their time with picks -- they smash or jimmy.

What was my other semantic issue? Oh yeah, "failsafe". Come on people. if you mean "foolproof," say that. I'd like to see "failsafe" preserved for its original [electroid.com] meaning [imdb.com] , though my hopes are dimming!

Re:Not unpickable (3, Interesting)

ivern76 (665227) | more than 10 years ago | (#8412383)

If the description is correct, and light flows "in a circuit", then picking it is trivial as long as you have a key that can route light in a programmatic way.

See, what you have is the number of possible ways to match N fibers with N fibers. It's easy to see that the total number of locks is N!. However, the requisite that light flow in a circuit makes it so you can follow the loop. Figure out which of your switches on side A is getting light, route it to all fibers on side B until one of them makes a different fiber emit light, rinse, repeat. Having some fibers be decoys or having multiple light sources doesn't make this more complex at all (as long as you have a constant number of light sources.) As you can probably figure out, the worst case number of locks is now N + (N-1) + ... + 1, which is N * (N - 1) / 2. Not a whole lot of locks, and definitely something a machine can brute-force.

Of course, this brute force approach can be denied by locking the door permanently if too many 'wrong keys' are inserted. A better approach would be to ditch the 'circuit' idea altogether and just use N light sources with random matching.

I didn't have time to thoroughly read the original article, so maybe I'm just stating the obvious.

Re:Not unpickable (0)

Anonymous Coward | more than 10 years ago | (#8413777)

you are forgetting the fact that a single light source can be mapped to more than one output.

Re:Not unpickable (1)

gooman (709147) | more than 10 years ago | (#8412881)

Cool Idea. Not unpickable.

Locks exist to keep honest people out.

Unpickable, huh? (2, Insightful)

Saganaga (167162) | more than 10 years ago | (#8411898)

Calling a lock "unpickable" seems presumptuous at best. Doesn't history show that there never has been and never will be a "final solution" to security?

Re:Unpickable, huh? (3, Interesting)

Smidge204 (605297) | more than 10 years ago | (#8412010)

Honest question: Has anyone ever defeated a timelock?

Obviously not the perfect solution, because it still opens at predictable intervals, but since there is *no* access to the lock itself from outside the vault, it certaintly can't be picked...
=Smidge=

Re:Unpickable, huh? (2, Interesting)

spacecowboy420 (450426) | more than 10 years ago | (#8412128)

...Unless you figure out a way to change the time. Which probably isn't trivial, but I would imagine not impossible. I mean there has to be a way to ensure the accuracy of the clock - compromise that system and you're golden. There must also be an override somewhere, or an alternate means of entry aside from the lock - just in case of power failure. Then there is of course the well placed block of C4 - that should do it.

It would be difficult to imagine a system that isn't both useful and circumventable.

Re:Unpickable, huh? (5, Interesting)

Anonymous Coward | more than 10 years ago | (#8412328)

It is entirely possible that there *is not* an override. I used to work in a bank, and part of my responsibilities were to lock up the main safe at night. It was time-locked, and once the lock was set there was *no* way to get that safe back open again until they unlocked. The entire mechanism was mechanical - there was no electricity to cut. The internal clocks had to be wound everyday. This was so much of a concern that :

1. We had to physically check and make sure that no-one was in the vault (stray teller, somebody left their kid, etc) before we closed it.

2. There was an O2 tank & mask in the vault in case someone *did* get locked in.

3. Be really, really careful at setting the timers correctly because if it wasn't open in time for the next business day, we were screwed (no, this wasn't a three-day weekend...)

Re:Unpickable, huh? (1)

menscher (597856) | more than 10 years ago | (#8412519)

What happens if you forget to wind your watch^Wtimelock? Does it fail open? I'm sorta seeing it something that unlocks when time runs out, so there's no concern of not having it wound enough to unlock?

Re:Unpickable, huh? (2, Informative)

rusty0101 (565565) | more than 10 years ago | (#8413351)

The stories I have heard are that the lock does not engage until the clock is wound up, and the act of it winding down is what unlocks the clock.

Most time locks can only be set a maximum of three of four days.

However I am no expert on timelocks, and accept that I very well may be wrong.

-Rusty

Re:Unpickable, huh? (2, Funny)

Lars T. (470328) | more than 10 years ago | (#8412904)

...Unless you figure out a way to change the time.

Yeah, MacGyver did that all the time.

Re:Unpickable, huh? (1)

mugnyte (203225) | more than 10 years ago | (#8412155)


Well, there's the old issue of reciprocity: if nobody knows the [jewels] have been taken from the (time-locked) safe, there's a fixed (and known) period of time for thieves to use the cover. this has been built into many a movie plot.

so then the issue isn't the lock itself, it's the people surround it during the open time period. once that is comprimised, the lock serves no purpose.

Electronics (3, Insightful)

aridhol (112307) | more than 10 years ago | (#8411903)

According to the article:
Most locks are picked by [...] bypassing some sort of electronic control system. Rice's idea removes these vulnerable components.
Won't there need to be an electronic control system that determines when you have the correct light pattern? Just bypass (or hack) the light-detection system, and you're in.

Re:Electronics (1)

Rick the Red (307103) | more than 10 years ago | (#8412048)

The assumption is that the electronics are behind the locked door. I suppose if that isn't explicitly stated in the patent then implementers are on their own... But would you buy a vault where the lock was on the outside?

Re:Electronics (1)

aridhol (112307) | more than 10 years ago | (#8412109)

They could be behind the door, or in the door frame, or somewhere else entirely, with the light piped to a central control room. Or possibly reachable through the keyhole.

Re:Electronics (3, Insightful)

alienw (585907) | more than 10 years ago | (#8412154)

In that case, any EE could design an unbreakable lock in about 10 minutes. Put a keypad on the front and the electronics in the back. To avoid getting the electronics hacked, make the keypad physically or electrically isolated from the rest of circuit. Then, the only way to bypass it is if you know the code - which could be very long.

Re:Electronics (1)

Lars T. (470328) | more than 10 years ago | (#8412382)

Unbreakable lock, meet sledghammer.

Re:Electronics (4, Insightful)

ivern76 (665227) | more than 10 years ago | (#8412424)

Remove keypad, insert new keypad that looks just like it and has a keypress logger. K?

Re:Electronics (3, Insightful)

Atrahasis (556602) | more than 10 years ago | (#8412867)

Put a keypad on the other side of the door that will only let you out if you enter a different code to the one you used to get in. That code is then the code you use to get in next time.

Of course, this is weak to people who will just use alternating codes, but security is always inversely proportional to convenience.

Re:Electronics (1)

sporty (27564) | more than 10 years ago | (#8412507)

If you can break into the lock to hack it, you can probably just as well remove said lock and open the door anyway :)

Unpickable? (1)

Knetzar (698216) | more than 10 years ago | (#8411906)

As soon as you you make something
unpickable proof, someone will invent a better pick

Unpickable proof?? (1)

tvh2k (738947) | more than 10 years ago | (#8412623)

Wouldn't "unpickable proof" indicate that it is indeed pickable? Ohh, silly me...English doesn't matter on the Internet.

Re:Unpickable proof?? (2, Funny)

Knetzar (698216) | more than 10 years ago | (#8412864)

"Me fail English, that's unpossible"

Copyright Reference (5, Funny)

4of11 (714557) | more than 10 years ago | (#8411911)

But if they did pick it, at least they wouldn't be circumventing copyright restrictions. Because that would be terrible.
/obligatory slashdot DMCA reference

Gonna need new equipment... (3, Funny)

BigZaphod (12942) | more than 10 years ago | (#8411914)

I guess I'm going to have to find someone selling tiny little prisms now so I can build myself a new lock-pick set...

But it requires a power supply. (3, Interesting)

Spudley (171066) | more than 10 years ago | (#8411923)

It may be unpickable, but using fibre-optics means it requires a power supply, which means it is still vunerable.

Many locking mechanisms require power, and if the power fails, there are only two possibilities: either it will be locked shut and unopenable, or it will have a fail-safe mechanism to unlock automatically if the power fails.

Either way, it leaves itself open to anyone who wants to cause trouble.

In any case, any door that people will be behind will necessitate the latter, as otherwise they could get locked in during a fire, which means that anyone wanting to gain access only needs to cut the power and they're in.

Re:But it requires a power supply. (3, Insightful)

aridhol (112307) | more than 10 years ago | (#8411953)

In any case, any door that people will be behind will necessitate the latter, as otherwise they could get locked in during a fire,
Not necessarily. There could be a physical override on the inside that directly manipulates the latch. This allows an exit, even if the door is locked.

so what if you are outside when the power cuts... (0)

Anonymous Coward | more than 10 years ago | (#8412018)

you can't get into your house/car? great...

OT Story (4, Interesting)

Rick the Red (307103) | more than 10 years ago | (#8412082)

Back in the day, Cadillac built a show car with no lock. There was a Cadillac emblem etched into the door glass, and a Cadillac emblem on the key fob. You held the key fob up to the etched emblem and the door unlocked. Pretty cool, except they put the car on the trailer and moved it from show to show, never actually driving it. Yep, the battery ran down, and without any other lock, they couldn't get in. Of course, the hood release was on the inside, so they couldn't jump the battery, either!

Re:OT Story (1)

Johnny Mnemonic (176043) | more than 10 years ago | (#8412965)

The Prius can come with a lock/ignition key that is actually a card that you never need to remove from your wallet: if you come close enough to the car, it will detect that you have said key and unlock the door for you; similarly, it will detect that you have the proper authority to engage the ignition, and you just have to push a button to get it started.

Interesting question about the sensing, though; does the battery run constantly, listening for the key? If so, can it eventually run down? I would guess you would need to have the car not run for a long, long time for this to happen.

Re:OT Story (1)

Rick the Red (307103) | more than 10 years ago | (#8413245)

It's not the sensing that draws power, it's the lock activation.

Re:But it requires a power supply. (1)

sweetooth (21075) | more than 10 years ago | (#8412303)

And does nothing for you if you need to get in.

Re:But it requires a power supply. (1)

Lars T. (470328) | more than 10 years ago | (#8412801)

Well, it adds one more point of attack for those who want to get in. Possible ways to get around this:
  • Use some way to operate this override from outside (eg. minimal invasive handling).
  • Smuggle something or somebody inside to simply open door.
  • Use good old extortion (eg. a hostage) to force somebody from inside to open.

Re:But it requires a power supply. (1)

Rufus88 (748752) | more than 10 years ago | (#8412775)

Yes, like my garage door, for example.

Re:But it requires a power supply. (5, Interesting)

pagercam2 (533686) | more than 10 years ago | (#8412034)

This isn't true the only lock currently approved for DoD Spin locks is self powered it uses a LCD that indicated the current number being pointed to rather than a marked dial. You have to spin the lock a few time to generate enough power for it to work and then you dial in the combination. Batteries are a big no no in any sort of lock. If people are behind the door a mechanical override is given, the deadbolt or other locking mechanism is mechanical and as long as all mechanical items are internal it is allowed. The old drill throigh the locking bars is always a possibility but as with encyption its no really unbreakable just unbreakable in a reasonable period of time.

Re:But it requires a power supply. (1)

LagDemon (521810) | more than 10 years ago | (#8412042)

You could probably get away with a battery and a warning light on the inside, for when the battery gets low. It would be very efficient, since you dont have to turn anything on until a key goes into the lock.

Re:But it requires a power supply. (1)

apirkle (40268) | more than 10 years ago | (#8412289)

> Many locking mechanisms require power, and if the power fails, there are only two possibilities: either it will be locked shut and unopenable, or it will have a fail-safe mechanism to unlock automatically if the power fails.

From the article, "The first Optilocks have been designed for the automotive industry."

There are some automotive locks that already use power from the car's battery, so that's not a huge consideration.

Re:But it requires a power supply. (1)

Sebastopol (189276) | more than 10 years ago | (#8412584)

Exit signs are powered by radioactive Cadmium. They last ~20 years. The level of radiation is low enough that they are safe for preschools!

I think it would be trivial to build a lock mechanism with an embedded radioactive power supply and a lead shield (would need more Amps to flip a solenoid than illuminate a sign, hence more radiation).

Re:But it requires a power supply. (3, Interesting)

Captain Nitpick (16515) | more than 10 years ago | (#8413792)

Exit signs are powered by radioactive Cadmium. They last ~20 years. The level of radiation is low enough that they are safe for preschools!

No, they're powered by a chemical Nickel Cadmium (NiCad) battery.

Getting a building built is hard enough without making yourself fall under NRC jurisdiction because you installed an RTG.

There are tritium-based emergency exit signs, but they are more expensive than battery-backed signs, and are typically only used in aircraft, or where power is unavailable.

Re:But it requires a power supply. (1)

fermion (181285) | more than 10 years ago | (#8412937)

It really seems like this is a the 100 foot pole issue. Is there an application in which the lock is really the weak link? In most bussiness setting, the lock is not the weak link. Even when I have been in somewhat 'secure' environments, the lock was merely a COA thing, in which the users were tracked and if some broke in, it was because they really wanted to, not accidental. Also, i wonder how many power failures would occur before the users would insist on a less-than-secure failure mode.

key of light (2, Funny)

xmple (704367) | more than 10 years ago | (#8411926)

idea to "pick" the lock: use a flashlight, and shine it trough the keyhole...

Re:key of light (1)

orkysoft (93727) | more than 10 years ago | (#8411964)

(also in reply to the AC post here [slashdot.org] )

But what if some of the fibers need to be dark for the lock to open?

Re:key of light (1)

PhuCknuT (1703) | more than 10 years ago | (#8412016)

Yup, and I also doubt it's just a simple light sensor on the receiving side. Most likely there's a signal being output from each fiber and it needs to receive the correct signal on each pin of the receiving side.

Re:key of light (2, Insightful)

El (94934) | more than 10 years ago | (#8412147)

Well, no. They obviously send a unique pulse pattern down each fiber, otherwise they could not determine which was routed where. So while you could proably disable the photocells by flooding them with light, you couldn't get them to register the correct pattern.

Probably not unpickable (3, Insightful)

Anonymous Coward | more than 10 years ago | (#8411928)

Certainly if you have a key you can replicate that key, for one. Secondly, can a master key be made that just shines takes light from one side and shines it down all the other holes ? What about one that is configurable, and can try different mappings quickly ?

Basically, this is no more unpickable than a card-swipe.

Finally, electric locks have a limited market, which is well saturated with card-swipe and PIN punch products.

Re:Probably not unpickable (2, Insightful)

PhuCknuT (1703) | more than 10 years ago | (#8412051)

can a master key be made that just shines takes light from one side and shines it down all the other holes ?

Easily avoided by putting a signal out each pin and checking for the same signal on the receiving side.

What about one that is configurable, and can try different mappings quickly ?

Easy to defend against, since it's an electronic lock it can detect brute force attacks easily and shutdown the system. If there are 1000000 possible combinations, all you need to do is have it shutdown for 1 minute after say, 10 failed attempts, and suddenly it takes 100000 minutes to brute force.

Basically, this is no more unpickable than a card-swipe.

This part is probably true, but the keys are harder to duplicate at least (for now).

Re:Probably not unpickable (3, Insightful)

Anonymous Coward | more than 10 years ago | (#8412057)

This assumes that the light is only transfered unaltered - the Key could just as easily filter, phase shift, combine or otherwise alter the light so that it is not an easy process to replicate.

Unpickable? (-1)

mkavanagh (641055) | more than 10 years ago | (#8411947)

Just ram a fucking glowstick in.

same problem as existing locks (4, Insightful)

mugnyte (203225) | more than 10 years ago | (#8411968)

picking a lock is just one part of a problem : the other is securing the key. in a bar, one could theoretically press a key into a mold for later duplication (old trick and not very efficient).

however, with an optical key, one merely has to carry around a recepticle that, in turn, flashes a beam through the key's inputs, and record the appropriate output. nothing physical needs to be made. in today's terms, i call in the sequence to a buddy who then lays fiber into a template and uses it. meanwhile, i engage conversation on target, reporting when she's left.

cars? are you kidding? these are even easier, merely get a job as a valet and start your database. since it's all just digital information, you have access to VIN and lock solution, license plate number and home town/state (if not entire address, since most people's cars have it somewhere - like the insurance docs). these databases could be traded online just like anything else.

while i think this is very interesting, it still is no substitute for bio-based locks. however, they have their own problems (seem like every part of the body can be captured/duplicated).

Learn some Optics (2, Interesting)

hd883r (757253) | more than 10 years ago | (#8413151)

You must understand optics to grasp the beauty of this lock.

First, it is very difficult to couple light into a fiber. Any copy would have to be made with each fiber being perfectly aligned in at least five and possibly six axes. This would be virtually impossible.

In addition, the difficulty in coupling into a fiber would make it impossible to simply shine light in and get a response.

Optical systems offer many additional degrees of freedom including wavelegength, phase, polarization, and intensity.

Fibers could split or join inside the key. Light could be color shifted, or have its polarization modified. I can think of over 30 possible actions to take on each fiber that the "picker" could not determine without time, tools, and repeated attemps.

In short, those who understand optics know that if this lock was in a laboratory with the original key, it could take over a week, $200K in specialized equipement and $10K (custom filters are $5000 for 1, $5050 for 100-optics are much cheaper in large qnty) in materials to pick.

Brute Force? (2, Interesting)

gphat (5647) | more than 10 years ago | (#8411970)

Disregarding the obvious flaws such as hinges, weak door frames, and a power source, wouldn't this just open the thing up to being brute forced?

Assuming you could build something small enough to enter the slot and dynamically rearrange the light (the article says it's a 3d pattern?), or hell, pipe the light out of the slot and pipe it back in after reconfiguring it, it would be open to a brute force method of attack.

Perhaps they've got some type of check for this built in. Either way, making something as simple as the lock into a 'high-tech network connected paradigm shifter' (no, the article doesn't say that) simply opens it up the network attack, or worse, sharpies.

Re:Brute Force? (2, Interesting)

hey! (33014) | more than 10 years ago | (#8412432)

Not sure on the exact method this guy is using, but it's not a simple binary pattern; otherwise the six sensor lock would only have 64 combinations, all of which could be tried in a few seconds.

He claims, however, that there are billions of combinations. Suppose you could check a hundred combinations a second, it would take you 115 days max to try every combination, 57 days on average to crack. This is probably enough security for most applications, since in most applications the lock only has to taken longer to pick than it would take to saw through it.

What might work, however, is a kind of attack familiar from cryptanalysis: attack the method of key generation. If the keys are programmed in ways that are not random, you might be able to determine that some keys are much more likely to be chosen. If the key generation process is flawed, it may be possible to have a good chance of opening the lock in a few days or hours.

Suppose that while billions of combinations are chosen, 90% of the time the key will come from a pool of 100,000 keys. This would mean I could construct a device that would open the lock in a mere 16 minutes 90% of the time; the median crack time would be well under ten minutes.

If I were designing the thing, I'd make it so it that if it detected a bad key, it would go to sleep for 30 seconds. Then in the bad key generation scenario, I could only check one combination every 30 seconds. That way even if there were only 100,000 likely key, it would still take on average a month to force the lock.

Re:Brute Force? (1)

n1ywb (555767) | more than 10 years ago | (#8413305)

Thats exactly what I was thinking. It unlocks in a fraction of a second so you could try codes very quickly. If it inserted an artificial 1 second delay, it would make brute forceing it much more difficult. Fools could take a cue from login.

Old idea (1)

rot26 (240034) | more than 10 years ago | (#8411984)

I remember reading about a do-it-yourself electronic lock that worked pretty much exactly the same way in popular electronics at least 30 years ago. It's actually kind of an obvious method.. the only new wrinkle is using light instead of current. What's the advantage to THAT?

Re:Old idea (1)

El (94934) | more than 10 years ago | (#8412202)

Fiber optics don't wear out in the same way as electrical contacts. Furthermore, locks tend to be on the outside of doors, making them susceptible to moisture. Moisture is usually considered a very bad thing around electric circuits. However, couldn't you do the same thing by sending different pneumatic air pulse patterns down 6 different pipes?

Bah (1)

JMZero (449047) | more than 10 years ago | (#8411986)

This lock requires electricity and an electrical control. If you're going to require electricity, why not use a smart-card-esque key? You get all the benefits of this - plus a whole bunch more control/flexibility and likely less overall cost.

Most locks are picked by tweaking a series of levers in the lock or bypassing some sort of electronic control system.

There will be an electronic control system here, just like any other electronic system. The actual physical lock is still going to be actuated by electricity.

I suppose the system may be less prone to vandalism than an electrical system - but either is vulnerable to the old "fill lock with cement" trick, which is really pretty easy.

Perhaps there's something here I'm missing - but the article doesn't hint at what that might be.

Define Unpickable (2, Informative)

no longer myself (741142) | more than 10 years ago | (#8411997)

The act of picking a lock is to obtain access in an unorthodox way. I suppose one could pick a lock with a stick of dynamite.

Of course the other issue is that it uses light... Light implies electric. Electric locks may not be a "Good Thing" (TM) when your power goes out, or the batteries run down. What if water gets inside? If it's unpickable, then how do you open it in emergency situations when the power goes out?

Perhaps it should read: "Interesting Nift-value Lock" and come with a stick of dynamite in case of emergency.

Fiber does not require power (0)

Anonymous Coward | more than 10 years ago | (#8412032)

Of course the other issue is that it uses light... Light implies electric.

Actually, no, light does not imply electric. Typically, wherever a lock is employed, ambient light is available. It's quite conceivable that this amount of light (through efficient fiber) would be sufficient, as it sounds like each fibre is either "on" or "off" at any given time.

What may (or may not) require electricity is the opening mechanism.

Re:Define Unpickable (1)

gerardrj (207690) | more than 10 years ago | (#8412824)

No, the act of picking a log is to open the lock without the key/combination/code/whatever normally opens the lock and without damaging the lock.
If you blow the door off a safe you haven't picked the lock, you've bypassed it.

Picking one of these would be easy. (3, Interesting)

TrebleJunkie (208060) | more than 10 years ago | (#8412025)

Let's look at the key.

Take the example of "6" inputs on the lock and the key:

A B C D E F

In order for it to "complete" a circuit (or circuits), you have to "connect" certain inputs together to sort of "loop" the light back to the lock and complete the circuit.

For instance:

A-B C-D E-F

That's three "loops", lets call them.

There are 30 possible combinations for the first
loop.

There are then 12 combinations for the second loop,

and the third, no combination -- there's only one choice.

A total of 360 combinations, give or take. You could easily make a device to mimic every possible circuit very easily. Breaking the lock would take seconds.

Now let's look at the lock.

Assuming the light source exists in the lock, you would be able to tell immediately which inputs send light *to* the key, and which return light *from* the key. With a simple LED, you could easily "light up" the return paths, to see which loops they connect to. Armed with this information, it's easy to find the remaining possibly valid combinations, and try them.

I'm telling you, this lock could be picked with near lightning speed.

No, you would need to include some sort of electronic timing component -- preferrably in the key -- to initiate *pulses* of light, rather than a steady stream. In which case, the path of the light is basically irrelevany -- it's the timing of the light pulse that would act as the key. More secure (but not pick-proof.) and less complicated.

Or you could do something fancy with prisms or whatnot to split the red-green-blue portion of a white/colored light into different light paths, but, again, it's overkill, and still not very secure.

Re:Picking one of these would be easy. (2, Insightful)

Jerf (17166) | more than 10 years ago | (#8412068)

Factorials grow fast. Your supposed 6 input key may not have many combinations, but what of a 20 input key, which should be very feasible? 2,432,902,008,176,640,000 combinations is much more difficult to crack.

(And that's assuming one input can't go to multiple outputs; some degree of fan-out is probably possible, which can make it grow even faster.)

Still, I'd lean more towards saying that a dynamic key system, like many car remote locks use, is more intrinsically secure.

Re:Picking one of these would be easy. (2, Insightful)

PhuCknuT (1703) | more than 10 years ago | (#8412228)

Yes, and there are other factors that multiply the number of possible combinations. For example, having the key modify the light in some way, having the fiber positions be variable, having the length of the light path within the key measurable (a coil of fiber to create propogation delay of the right amount). A good key, even with only 6 inputs, can have billions and billions of combinations just by adding in other factors besides on and off.

Re:Picking one of these would be easy. (2, Insightful)

Nutcase (86887) | more than 10 years ago | (#8412236)

Make it a 30 fiber system. Make it so 6 of those fibers must remain dark. Make 3 of them issue light, but one of those 3 issues a wavelength that tells the lock NOT to open, but you don't know which one. Add a light signal issuing from the key itself. Make the chain length vary between any combination 3,4,5, and 6 fibers chains. Now distribute the fibers around the barrel in a non-uniform, non-standard distribution.

These are not very hard to add to such a lock, but they make the math even harder. And they make it VERY difficult to develop a universal lockpick, because you would have a hard time making every fiber line up on the pick.

To pick it you would have to somehow make a key that matches the external hookups of the original key, but feeds the fibers out the back into a computer which could then begin decoding the math. Just getting the initial key to line up with the inner barrel of the lock would be quite the feat... doing the math in any reasonable time period would also be pretty damn impressive.

If I was going to approach it, I would try like hell to get a copy of the key (press in clay or something) and reproduce it.. then, with that knowledge, i would run the math externally generating signals. once i had a signal list, i would put the key into the lcok, and run the list rapidly.

To counteract that, you could simply have a length of time required for the light to trigger the open mechanism (i.e. for 3-5 ms, no more, no less) - and have a maximum attempts as well. Try more than twice, and the thing stops accepting input for 24 hours.

This thing is about as close to unpickable as it gets.

Re:Picking one of these would be easy. (1)

BillyBlaze (746775) | more than 10 years ago | (#8412306)

The 24-hour lockdown makes it easy to DoS the lock. The timeout should be short, say 5 seconds.

Re:Picking one of these would be easy. (1)

geggibus (316979) | more than 10 years ago | (#8412527)

Why not just use a smartcard?

-K

Re:Picking one of these would be easy. (1)

pontifier (601767) | more than 10 years ago | (#8412609)

They mention a 3D light path

This seems to indicate that the 6 fibers on each side would not be connecting paths, but would be illuminating a clear key with some kind of internal structure and reading intensity values to find a match.

I seem to remember reading something similar using small patches of clear plastic with tiny bubbles or fractures or something for use in credit cards. they were able to create an un-copyable identity because of the difficulty in replicating the random process that creates the internal structure.

I'm sure i read that here maybe 6 months ago.

Re:Picking one of these would be easy. (1)

windex82 (696915) | more than 10 years ago | (#8412999)

Going even one step further, why couldnt the key emmit light itself? Then "cracking" the lock would be pointless, if light came from the entire key it would always be able to complete the loop instantly.

I havnt read the article yet, but they would have to be activated in some kind of order, and verified to not be on all the time and on only when the signalling light is activated, to prevent the above, but would also add many many more combinations.

Re:Picking one of these would be easy. (1)

MBCook (132727) | more than 10 years ago | (#8413061)

Well, it can be simple to fix those flaws. First of all it could randomly turn the lights on and off (or always turn light 1 on and check, then 2, etc.) so that EVERY light would come on at some point during EVERY check of a key. This way you couldn't tell which ones were input or output based on your idea.

Second, since each of the six spots would require a photo emitter and a photo reciever, you could make it so each element has it's own fiberoptic cable. This would let 1 connect to 2, two connect to 3, etc. But when your turn 3 on, it would only show up at four, not four and two because of the cable.

Third, you could use bicolor LEDs and have different fiberoptic cables in they key have filter for different colors of light so that when the green lights were on it would be a totally different pattern from when the red lights were on. By knowing the key, you know all possible combinations. Then you could randomly use combinations of red and green lights to check the key. This way it would take a few cycles to figure out the key.

Fourth, you could just put filters in each cable so that the cable that goes from 1 to 2 blocks 50% of the light, the one from 3 to 4 blocks 75%, but the one from 5 to 6 block no light. That would add many many more permutations to the lock's key.

And of course, if you could stuff 7 receptors in, things get MUCH harder. 8 would make it much MUCH harder, etc.

Basically, I think this lock could be very secure. And of course if they guy trying to pick the lock doesn't KNOW that it's an optical lock and is just trying to push the little tumbers (which should still be there, both as an added layer and to trick people) he'll never break it. If an idiot with a lock pick just comes up to your store, he'll never pick the lock because he's expecting it to be mechanical. Untill the locks become common, that would be a HUGE chunk of the security of the lock right there.

Locks are like programming languages.... (4, Informative)

HotNeedleOfInquiry (598897) | more than 10 years ago | (#8412059)

There's hundreds of them out there, but only a few practical ones in widespread use. I predict that this one is too expensive for general use. There are already several locks that are exceedingly difficult to pick or create an unauthorized copy. Medico for example. Very difficult to pick and very tight control over blanks.

and by tightly controlled... (1)

TubeSteak (669689) | more than 10 years ago | (#8412891)

you mean that i can't get a blank without applying a little social engineering?

unpickable!! (0)

Anonymous Coward | more than 10 years ago | (#8412070)

Shine a mag light in there and see!!!!!

Unpickable? (3, Insightful)

El (94934) | more than 10 years ago | (#8412083)

With 6 optical fibers, aren't there only 6! or 720 possible different "routing patterns"? How hard would it be to construct an electro-optical devices that would simply run through all 720 patterns until one worked? And no, you can't disable the device for a fixed time when it gets a misroute, because it is obviously going to misroute while someone is inserting the key... and someone like me who has two almost identical keys on their keychain is going to get really pissed off when they insert the wrong one. Finally... haven't we learned by now that replacing a simple mechanical device with an electro-optical-mechanical device greatly increases your failure modes?

What ever you do, don't read the artical! (4, Informative)

NickFusion (456530) | more than 10 years ago | (#8412696)

Otherwise you might stumble across this information:

Rice says that the only way someone could pick the lock is to duplicate the key. "You could potentially have as many different points as you want on the lock barrel as inputs and outputs," he explained. "Because it is a 3D pathway you are dealing with, you have potentially billions or trillions of combinations depending on how the lock is made. The probability of duplicating the path is very small."

That said, a lot of these fancy locks seem like overkill, especially since in very high security systems, you'd tend to want some kind of human oversight in the loop.

Re:What ever you do, don't read the artical! (1)

El (94934) | more than 10 years ago | (#8413277)

you have potentially billions or trillions of combinations depending on how the lock is made not with only 6 inputs. My point was that the number of combinations is equal to the factorial of the number of inputs. So with 16 inputs, yes you would have 20,922,789,888,000 different combinations. But 6 inputs only gives you 720 different combinations, which is not enough IMHO.

I didn't RTFA, but I have an answer anyway! (4, Informative)

Baron_Yam (643147) | more than 10 years ago | (#8413671)

Without RTFA, I think I can explain why 6 inputs can create more than 720 combinations...

You're counting the possible pathways. You've forgotten to count the positionings! Two keys with the same routing pattern with only one input off by a fraction of a millimeter would not open the same lock.

Re:Unpickable? (0)

Anonymous Coward | more than 10 years ago | (#8413367)

It could be set up to require 30 sec. time after a bad key, so that it would take much longer to use brute force.

Not that new of an idea (2, Interesting)

sig (9968) | more than 10 years ago | (#8412186)

I have seen locks based on this routing idea before, although using electrical connections rather than optical ones. The one saw had 16 paths, which is much more secure, as the number of unique keys is the number of paths factorial. 6! is only 720 keys, which you could imagine having a sack of and trying each one in a matter of minutes. 16 paths gives you 20 Trillion unique keys, which is going to be one freaking heavy sack. Also, optical fibers are very fragile in real world environments, where as electrical connections can jingle jangle in your pocket all day long and still be functional. I'd give this high marks for "cool" but not for "useful."

Re:Not that new of an idea (1)

El (94934) | more than 10 years ago | (#8412238)

electrical connections can jingle jangle in your pocket all day long and still be functional.

Until they corrode. You've obviously never lived near the ocean.

Re:Not that new of an idea (1)

Carnildo (712617) | more than 10 years ago | (#8413373)

Until they corrode. You've obviously never lived near the ocean.

Gold doesn't corrode.

Re:Not that new of an idea (1)

El (94934) | more than 10 years ago | (#8413430)

Gold doesn't corrode. Yes, but imagine how pissed off you'll be when you lose one of you $300 keys!

Actually, optical fibers wouldn't work very well either (the ends are subject to getting scratched and becoming non-transmissive.) Perhaps one would be better off with tunnels and mirrors... those would only be subject to filling up with pocket lint.

Re:Not that new of an idea (1)

mhoward736 (193180) | more than 10 years ago | (#8412475)

I have a question.

All the posts here saying 6 is not enough seem to assume that the light being used is all one color.

What happens if other colors are introduced as part of the key. Doesn't the number of combinations rise astronomically or can fibre only handle one color?

External Power? (2, Insightful)

RogueScientist (575110) | more than 10 years ago | (#8412343)

I'm intrigued how many solutions exist to all these counter examples. Why not have the ability to supply power from a external source to the locking system in event of power failure. The input path can be via optical or electric with the usual array of filtering mechanisms and barriers so that the lock circuitry can't be fried by malicious intent. Another thing is that it could have a lock system that is in fact powered like a radiometer by light to enable the throw of the mechanical bolt to be released. Also I have devised a system where you have little arrays of rare earth magnets that form a field and you insert a card to interrupt that field which disengages a mechanism allowing for a door to be opened with mechanical backup in event of electronic failure. Seems that many good solutions exist out there, also to the person who posed that finding the Key based on the VIN as plausible would only be so if you could not reprogram the codes for the lock. Sufficient systems that are for all tense and purposes not able to be combinatorially attacked can be engineered. Though the old axiom still exists: The more modern a system is the more susceptible it is to primitive attack, such as putting a liquid explosive around the door seams and blowing the door open, or blasting cord, etc.

Re:External Power? (1)

milkman_matt (593465) | more than 10 years ago | (#8412957)

Why not have the ability to supply power from a external source to the locking system in event of power failure.

Y'know, after the examples I read earlier about car batteries dying because of this technology, the need to have it hooked up to a power source and what happens in the event of an emergency (I think this is something i'd have on a UPS, at least.) one person's tumbler lock idea intrigued me. They stated that it was a digital tumbler lock which powered itself up by spinning the tumbler, why not do that? It'd add yet another layer of security too. You have the light combo info on some sort of flash memory or something, then when you want to unlock your door you insert your key, spin the tumbler and maybe even set it on a particular # to activate the beams, you've now effectively eliminated any issues dealing with loss of power, wrong combonations while inserting the key (the key is already in when the beams turn on), and you've added yet 1 more variable to the mix, if you've got 1-99 on that tumbler, you've just increased the hell out of your possible combinations.

-matt

Thieves will simply take safes to a rave (0)

Anonymous Coward | more than 10 years ago | (#8412367)

Physical removal and offsite cracking will become all the rage.

Sneakers (5, Funny)

CyberVenom (697959) | more than 10 years ago | (#8412405)

Do any of you remember the old (and surprisingly realistic compared to newer crap) hacker movie "Sneakers"? When they are trying to break into the office to steal the chip, Redford comes to a door with an electronic lock. After getting an earful of explanation (which we don't hear) from his partner back in the van about how the military deals with that kind of lock, he agrees to try a new lockpicking method. He kicks the door, and the bolt pops out of the doorjam...

Onion headline (4, Funny)

heldlikesound (132717) | more than 10 years ago | (#8412427)

"Optical sledgehammer opens optical lock."

Not novel. (2, Interesting)

muonzoo (106581) | more than 10 years ago | (#8412498)

There have been much higher security versions of these things. Sandia Labs developed a seal technology around fiber bundles and routing.
There are even commercial devices [canberra.com] based on this today.

What about the reverse? (2, Insightful)

HTH NE1 (675604) | more than 10 years ago | (#8412625)

Sometimes the point is not to gain entry but rather to prevent the legitimate owner from gaining entry. E.g. disabling the lock to the gun safe before breaking into a house. Denying access to key sensitive legal documents before a filing deadline. Delaying access to important medical supplies such as heart attack medicine, inhalers, and insulin.

And of course, situations where applying brute force to break the lock would be counterproductive (i.e. destroy the materials you're attempting to retrieve).

But then nowadays, all you have to do is make the lock electronic and cryptographic. Even if all the electronics only control a shackle made of wax, you've got the power of the DMCA already.

Optical locks are already in use. (2, Interesting)

mrmeval (662166) | more than 10 years ago | (#8412755)

I've seen a card [findarticles.com] with holes punched in it used at motor carrier fleet refueling stations. The reader is optical and these heavy plastic credit-card sized cards bear a suspicious resemblence to these cards [fourmilab.ch] right down to the square holes.

On the same thought (1)

ebrandsberg (75344) | more than 10 years ago | (#8412780)

I had considered that for encryption, the same type of idea could be done to "encrypt" paper content, by taking a particular "pixel" and placing it in a different position on the page, apparently at random. Using the same "key", everything can be put back into place. Fairly simple concept.

In a different way to look at the lock, isn't this just detecting how the key routes the light, and as long as it matches the known "good" pattern, it unlocks the door? The same technique could be used in exactly the same way by shining the light through in a pattern and detecting the code, with no special light routing at all. Any key could be a legitimate key for any given lock, it just gets reprogramed.

If they're going to make locks this sophisticated. (3, Interesting)

7-Vodka (195504) | more than 10 years ago | (#8412785)

Why not use the public/private key model. Have the lock generate a message encrypted with the physical key's private crypt key, then have they physical key decode it and retransmit to the lock...

When I push this special key... (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8412843)

...it plays a little melody!

Thinking too hard (3, Funny)

macemoneta (154740) | more than 10 years ago | (#8412892)

You folks are thinking too hard. You need a low tech solution, that a burglar with a third grade education would use. :-)

Just put a little graphite-oil (used in regular locks) in the optical lock. Then, when the owner tears it out because it doesn't work (optical paths obscured by the graphite), the burglars can go back to business as usual.

I already know how it could be picked (4, Insightful)

itwerx (165526) | more than 10 years ago | (#8413233)

Not that the pick exists yet of course, but the simple fact that it uses light routes makes it pickable.
Since the light needs transceivers on either end and a physical interface in between for the key all you need to do is make a key with its own transceivers instead of simple light pipes (you'd probably have light-pipes out to an external device which would house a computer "brain" and the transceivers).
So you simply put the key in (or connect it or whatever the physical interface is) and let the computer start routing the inputs to different combinations of outputs.
It would be like the brute-force picker that Medeco has for their locks only maybe a lot faster!
However, having designed a pick, I can also think of half a dozen ways to slow it down enough to make it unuseable. :)
(If they're smart enough to figure out how to email me maybe I'll even tell them. :)

Re:I already know how it could be picked (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8413603)

yea, you're so fucking smart that you're the only one who can figure out to make it "slower".

Right. You're a dork.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?