MIT researchers have developed a new physical approach to protecting information such as credit card numbers sent over the Internet or electronic cash stored in smart cards.
These types of data are currently protected by cryptographic techniques, but the mathematical algorithms that underlie these techniques are threatened by the development of quantum computers. In addition, skilled engineers could tamper with the chips used to store cryptographic secrets.
The researchers from the MIT Center for Bits and Atoms published their report in the Sept. 20 issue of Science.
Alumnus Ravikanth Pappu, now with Cambridge-based embedded intelligence design and development firm ThingMagic - working with Neil Gershenfeld, associate professor and director of the Center for Bits and Atoms, and Media Lab graduate students Benjamin Recht and Jason Taylor - introduced the concept of physical rather than mathematical one-way functions. (A one-way function is easy to evaluate but hard to unravel, such as multiplying large prime numbers vs. finding the factors of their product.)
The researchers believe this new approach will improve information security on the Internet and elsewhere.
"This research illustrates the fact that there is a lot to be gained by treating information and its physical embodiment as a coherent whole," Pappu said. "Remembering that information is physical often allows us to do things in surprising ways that could not be done using digital systems alone."
The MIT researchers create a physical one-way function by connecting cryptography with mesoscopics, the study of how waves travel in disordered materials. In the Science paper, they showed that a simple token made of tiny glass spheres in a clear epoxy contains around 1 trillion bits of data in the locations of the spheres.
Laser light shined on the token produces a speckle pattern, which is then recorded and used to generate a cryptographic key. Terminals (smart card readers, for example) can send this key over a conventional communications channel to identify and authenticate a token.
The epoxy token costs just pennies to make but is technologically unfeasible to duplicate. And it contains so much information that it can produce an enormous number of different keys as a function of how the laser reads it, allowing it to be used with readers that are not trusted.
Because the data are stored in a material rather than in a circuit, the technology also can be used as part of a device that needs authentication, such as a security sensor. In applications that involve authentication of everyday low-cost objects such as envelopes, packaging and bank notes, using silicon-based methods is not economically or practically feasible.
"These capabilities are all of great interest to the cryptographic community," Gershenfeld said. "The introduction of physical one-way functions provides a new tool for them that promises to help make information security more accessible and more reliable."
The Center for Bits and Atoms is a new research center exploring how the content of information relates to its physical representation from atomic to global scales. It grew out of the MIT Media Lab, where it is housed, and is part of the broader Media Laboratories, which also include Media Lab Europe in Ireland and Media Lab Asia in India.
This research was supported by the National Science Foundation, corporate partners in the MIT Media Lab and an IBM research fellowship.
A version of this article appeared in MIT Tech Talk on September 25, 2002.