Decades of data security research have brought us highly reliable, standardized tools for common tasks such as digital signatures and encryption. But hackers are constantly working to crack data security innovations. Current credit/debit card technologies put personal money at risk because they’re vulnerable to fraud.
Physical security – which deals with anti-counterfeiting and the authentication of actual objects – is part of the problem too. The good guys and bad guys are locked in a never-ending arms race: one side develops objects and structures that are difficult to copy; the other side tries to copy them, and often succeeds.
But we think our new invention has the potential to leave the hackers behind. This innovative security measure uses the quantum properties of light to achieve fraud-proof authentication of objects.
The arms race is fought in secret; revealing your technology helps the enemy. Consequently, nobody knows how secure a technology really is. Remarkably, a recent development called Physical Unclonable Functions (PUFs) has made it possible to be completely open. A PUF is a piece of material that can be probed in many ways and that produces a complex response that depends very precisely on the challenge and the PUF’s internal structure.
The best known examples are Optical PUFs. The PUF is a piece of material – such as white paint with millions of nanoparticles – that will strongly scatter any light beamed at it. The light bounces around inside the paint, creating a unique pattern that can be used for authentication. Optical PUFs could be used on any object, but would be especially useful on credit/debit cards.
In 2012, researchers at Twente University realized they discovered something very important. The magic ingredient is a Spatial Light Modulator (SLM), a programmable device that re-shapes the speckle pattern. In their experiments, they programmed an SLM such that the correct response from an Optical PUF gets concentrated and passes through a pinhole, where a photon detector notices the presence of the photon. An incorrect response, however, is transformed to a random speckle pattern that does not pass through the pinhole. The method was dubbed Quantum-Secure Authentication (QSA).
QSA does not require any secrets, so no money has to be spent on protecting them. QSA can be implemented with relatively simple technology that is already available. The PUF can be as simple as a layer of paint. It turns out that the challenge does not have to be a single photon; a weak laser pulse suffices, as long as the number of photons in the pulse is small enough. Laser diodes, as found in CD players, are widely available and cheap. SLMs are already present in modern projectors. A sensitive photodiode or image sensor can serve as the photon detector. With all these advantages, QSA has the potential to massively improve the security of cards and other physical credentials.
Via Dr. Stefan Gruenwald