Plastic tag makes foolproof ID

By Eric Smalley, Technology Research News

Shine a flashlight through a shattered window and you'll project a unique pattern onto any surface beyond the window. Move the flashlight to a new angle and you'll get another unique pattern, but one that looks more like the first than one produced by shining the light through a different shattered window.

A scheme that leverages this principle could make counterfeiting and forgery much harder to pull off.

Researchers at the Massachusetts Institute of Technology have made inexpensive identification tags, or tokens, that cannot be copied or altered by any known means. The tokens are small pieces of plastic containing tiny glass spheres that produce unique patterns of light when lasers shine through the tokens.

The tokens are "low-cost... unique, tamper-resistant and unforgeable identifiers," said Ravikanth Pappu, one of the MIT researchers who is now a founding partner at ThingMagic. "Everyday objects -- envelopes, bank notes, passports, credit cards, et cetera -- could have... tokens attached to them and thereby obtain a unique identity," he said.

At 10 by 10 by 2.5 millimeters, the tokens are about the size of an extra-thick thumb tack. They contain several hundred glass spheres that are less than a millimeter in diameter and spaced a tenth of a millimeter apart. The cost of the materials for the token is about one cent, according to Pappu.

The spheres scatter laser light, yielding speckle patterns that can be captured with a digital camera and mathematically converted into binary numbers. Each pattern is intricate enough to yield a 2,400-digit binary number.

The researchers' light-scattering scheme is a physical version of the one-way mathematics functions used to encrypt sensitive information like passwords and credit card numbers. One-way functions are easy to calculate in one direction, but extremely difficult to reverse.

The multiplying two numbers, for instance, is easy. Reversing the process to find the original two numbers from the answer, however, is much harder. The larger the answer, the more two-number combinations there are that could have been the originals.

The token presents a similar barrier. It is impossible to determine the exact arrangement of the spheres in the token by looking at the speckle patterns, but without knowing the exact structure of the token it is impossible to come up with the right patterns.

The token is not simply a bar code containing a single 2,400-digit binary number, however. Each time a laser beam passes through the plastic it produces a different number, even when it passes through at nearly the same angle. What makes each token unique is that the numbers produced by shining laser beams at very nearly the same angle are more similar to each other than to numbers produced by shining laser beams at the same angle through different tokens. Two numbers generated by different tokens differ by 50 percent, but two numbers generated by the same token differ by only 25 percent, said Pappu.

This means that comparing two numbers will show whether they were produced by the same token. A number from a token can be stored in a database that registers the identity of a token attached to an object. Verifying the identity of the object would entail shining a laser through the token at the same angle as the laser used to derive the number in the database in order to get another number, and comparing that number to the number in the database. Using two or more laser angles provides additional points of comparison.

Once a token has been verified, the number it supplied and the comparison number from the database are thrown out. Each token is capable of generating 1011, or 100 billion, different 2,400-digit binary numbers, enough to provide 1,000 numbers a day for 280,000 years, said Pappu.

The theoretical limit to the number of numbers a single token can generate is 1070, which is a much larger number, but increasing the number of possible numbers would also increase the cost of the system, said Pappu. 1070 can also be written as a 1 followed by 70 zeros. That number is 50 orders of magnitude larger than the estimated 1020 stars in the universe.

The linchpin of the scheme is the security of the token. Copying a token would be extremely difficult because matching the exact positions of the spheres in the token is far beyond the capabilities of today's technology, said Pappu. Getting the spacing of the particles wrong by less than a thousandth of a millimeter would change the entire speckle pattern, he said.

Even reproducing the patterns using other lighting techniques is impractical, and simulating them on a computer is currently impossible, said Pappu. Simulating light scattering off of even a single particle would require a supercomputer.

In addition, tampering with a token renders it unusable, according to Pappu. The researchers drilled a half-millimeter diameter hole one millimeter into a token, and found that the numbers produced afterward differed by 46 percent from the numbers produced before.

The researchers' proposal is a clever idea ideally suited for specific uses like arming nuclear weapons or storing code keys in home satellite receivers, said Eugene Spafford, a professor of computer sciences at Purdue University. "It won't supplant [software] methods, but it is a useful addition to the security tool box," he said.

There are several drawbacks to using a physical token, including the possibility that it will be lost or stolen and used by others, said Spafford. Shock, vibration, heat, cold and radiation could also the degrade the physical key to the point where it no longer works, he said. "The material chosen is important, as is the packaging," he said.

The physical one-way token is a promising idea, but it is probably only useful for authenticating physical items and transactions carried out in person, not for electronic transactions, said David Wagner, an assistant professor of computer science at the University of California at Berkeley. "It's not good for authenticating the identity of someone across a network, but it could be a valuable defense against counterfeiting," he said.

It will take time to validate how secure the researchers' proposal is, said Wagner. "Security is a conservative discipline. It takes years of analysis to build confidence in a defensive measure," he said.

The researchers are working on making the system practical and applying it to authentication problems, and are working out the theoretical connections between physical one-way functions and mathematical one-way functions, Pappu said.

The tokens could be used in practical applications within 12 to 18 months, said Pappu. "The system is quite simple," he said. "Most of the technical challenges are centered around packaging the token in the context of the application, and building readers to read those tokens," he said.

Pappu's research colleagues were Ben Recht, Jason Taylor and Neil Gershenfeld. They published the research in the September 20, 2002 issue of the journal Science. The research was funded by the MIT Media Lab Things That Think Consortium, the National Science Foundation (NSF), the MIT Media Lab, and IBM.

See related TRN Letters page commentary by Ross Anderson of Cambridge University.

Timeline:   1-1 1/2 years
Funding:   Corporate, Government, University
TRN Categories:   Cryptography and Security; Optical Computing, Optoelectronics and Photonics
Story Type:   News
Related Elements:  Technical paper, "Physical One-Way Functions," Science, September 20, 2002; TRN Letters page commentary by Ross Anderson of Cambridge University


October 2/9, 2002

Page One

Integrated biochips debut

Metal mix boosts batteries

Plastic tag makes foolproof ID

Scheme hides Web access

Small jolts move artificial muscle


Research News Roundup
Research Watch blog

View from the High Ground Q&A
How It Works

RSS Feeds:
News  | Blog  | Books 

Ad links:
Buy an ad link


Ad links: Clear History

Buy an ad link

Home     Archive     Resources    Feeds     Offline Publications     Glossary
TRN Finder     Research Dir.    Events Dir.      Researchers     Bookshelf
   Contribute      Under Development     T-shirts etc.     Classifieds
Forum    Comments    Feedback     About TRN

© Copyright Technology Research News, LLC 2000-2006. All rights reserved.