Thursday, March 18, 2010

Using Laser To Fingerprint Paper

I like it when old technologies and known scientific facts are used in a new way that makes them pure genius.

A discovery of old, which will change the future.
Ingenia Technology Limited today launches an exciting breakthrough proprietary technology, developed by Imperial College London and Durham University - the Laser Surface Authentication system (LSA). The LSA system recognises the inherent 'fingerprint' within all materials such as paper, plastic, metal and ceramics.

The LSA system is a whole new approach to security and could prove valuable in the war against terrorism through its ability to make secure the authenticity of passports, ID cards and other documents such as birth certificates.

This technological breakthrough has been masterminded by Professor Russell Cowburn, Professor of Nanotechnology in the Department of Physics at Imperial College London.

Every paper, plastic, metal and ceramic surface is microscopically different and has its own 'fingerprint'. Professor Cowburn's LSA system uses a laser to read this naturally occurring 'fingerprint'. The accuracy of measurement is often greater than that of DNA with a reliability of at least one million trillion.

The inherent 'fingerprint' is impossible to replicate and can be easily read using a low-cost portable laser scanner. This applies to almost all paper and plastic documents, including passports, credit cards and product packaging.
More on the science behind this:
"A unique 'fingerprint' is formed by microscopic surface imperfections on almost all paper documents, plastic cards and product packaging. That is what makes it possible to develop a much cheaper system to combat fraud. This inherent identity code is virtually impossible to modify. It can easily be read using a low-cost portable laser scanner.

"Since all non-reflective surfaces have naturally occurring roughness that is a source of physical randomness, our technology can provide in-built security for a range of objects such as passports, ID and credit cards and pharmaceutical packaging. It can be cheaper and more reliable than current methods such as holograms and security ink.

"Our research team used the optical phenomenon of 'laser speckle' to examine the fine structure of different surfaces using a focused laser.

"We tried the technique on a variety of materials including matt-finish plastic cards, identity cards and coated paperboard packaging. The result was a clear recognition between the samples. This continued even after they were subjected to rough handling, including submersion in water, scorching, scrubbing with an abrasive cleaning pad and being scribbled on with thick black marker.

"The beauty of this system is that we do not need to modify the item being protected in any way with tags, chips or ink - it is as if documents and packaging had their own unique DNA. This makes protection secret, simple to integrate into the manufacturing process and immune to attack.

"It can be applied retrospectively and is no threat to personal privacy."
Look for this at the immigration desk verifying your passport, five years from now.

Gadi Evron,
ge@linuxbox.org.

Follow me on twitter! http://twitter.com/gadievron

An interesting day in information security

A Mafia boss was caught because of his using Facebook, while unrelated to that the EFF released the result of their Freedom of Information request for material on how law enforcement uses social networking to investigate suspects. "under cover".

The SEC moved to freeze portfolios and accounts following attacks by a Russian hacker, who manipulated stocks.

InfoSecurity magazine has a story on espionage in sport, mentioning how where there's a motive, cyber-crime follows.

And of course, the leading story (which I discovered thanks to a post on Facebook by Dave Aitel) is how an hacker (if that is a descriptive word in this case) broke into 100 cars to cause inconvenience, such as honking, or immobilizing customer the cars.

He hijacked the remote control system ("web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments") by logging on with an account of an employee. He used to be an employee himself, until fired later on.

Also, check out this extremely interesting paper from Cormac Herley at Microsoft Research on why people reject security advice:
So Long, And No Thanks for the Externalities:
The Rational Rejection of Security Advice by Users

Gadi Evron,
ge@linuxbox.org.

Follow me on twitter! http://twitter.com/gadievron