top | item 39436753

(no title)

tsergiu | 2 years ago

What prevents somebody from scanning it and reconstructing the position of the metal pieces?

Perhaps a better solution is to create a small chip powered by electric induction. The chip would have an embedded private key and solve challenge-response queries issued by the scanning device.

I'm not sure how that compares in cost though.

Edit: it looks like these already exist and cost less than 10 cents a piece. They are called NFC tags.

discuss

landr0id|2 years ago

It says in the article that the idea behind this implementation is that if the tag is swapped it breaks the authentication since the glue is involved in authenticating. NFC/RFID chips can just be swapped from a real product to a fake one as-is.

>What prevents somebody from scanning it and reconstructing the position of the metal pieces?

You're talking about very, very small pieces of metal whose position/orientation is not deterministic when laying the glue and that information is combined with the tag itself to present some kind of challenge response.

tonyarkles|2 years ago

Yeah if I’m understanding the article correctly it’s not that the glue is pre-printed with a specific code but rather the glue has a bunch of particles suspended in it and take on an arbitrary pattern when used. Conceptually similar to https://trmm.net/Glitter/ but at a much smaller scale.

tsergiu|2 years ago

Why is it not possible to embed the NFC tag in a destructible medium? Like those annoying stickers that you cannot peel without ripping?

If you use that, then the only way to move the NFC tag to another item would be to cut it out of the original item (including the original adhesive). But this attack also works against the technique in the article.

Regarding the orientation, I understand that it is nondeterministic in the original, but what prevents an attacker from copying it deterministically? Is it just that technology is not good enough to manipulate such small pieces of metal? How long will this limitation persist?

kaimalcolm|2 years ago

Though the re-construction of the pattern is effectively impossible, I think you raise a good point regarding the use of NFC. The article mentioning a cloud database was a red flag for me as it introduces another attack vector. Sure, it's not as simple as replacing the tag as you can with RFID, but we know the counterfeiters will go to impressive lengths to replicate the real deal. If verification can be all-local that's ideal, imo. The issue there, though, is that you then need to trust either the scanned or scanning device with a private key. A private key that, if obtained, could be used to create infinite counterfeits. Either way, I think this glue-based method is a great solution, even if it does rely on a cloud service which is dependent on the company that maintains it.

wenyuanyu|2 years ago

I don't know if I understood correctly. But it might be that the metal pieces in glues are pure random process, and there are no way to reproduce or re-print it again. The metal pieces are then recorded as a key in central database or some sort of AI, just like human fingerprint or retina how are collected and used for authentication???

eemil|2 years ago

What prevents you from scanning & reconstructing a bucket of rice? :)