Invention of forge-proof ID to revolutionise security

November 10, 2015
Electronically stimulating an atomically random system, represented above by a key, produces a unique pattern that can be used for authentication or identification purposes whilst being fundamentally unclonable.

Scientists have discovered a way to authenticate or identify any object by generating an unbreakable ID based on atoms.

The technology, which is being patented at Lancaster University and commercialised through the spin-out company Quantum Base, uses next-generation to enable the unique identification of any product with guaranteed security.

The research published today in Nature's Scientific Reports uses atomic-scale imperfections that are impossible to clone as they comprise the unmanipulable building blocks of matter.

First author Jonathan Roberts, a Lancaster University Physics PhD student of the EPSRC NOWNANO Doctoral Training Centre, said: "The invention involves the creation of devices with unique identities on a nano-scale employing state-of-art quantum technology. Each device we've made is unique, 100% secure and impossible to copy or clone."

Current solutions such as anti-counterfeit tags or password-protection base their security on replication difficulty, or on secrecy, and are renowned for being insecure and relatively easy to forge. For example, current anti-counterfeiting technology such as holograms can be imitated, and passwords can be stolen, hacked and intercepted.

The ground-breaking atomic-scale devices do not require passwords, and are impervious to cloning, making them the most secure system ever made. Coupled with the fact that they can be incorporated into any material makes them an ideal candidate to replace existing authentication technologies.

Writing in Nature's Scientific Reports, the researchers said: "Simulating these structures requires vast computing power and is not achievable in a reasonable timescale, even with a quantum computer. When coupled with the fact that the underlying structure is unknown, unless dismantled atom-by-atom, this makes simulation extremely difficult.

"While inhomogeneity in the fabrication of nanostructures often leads to unpredictable behaviour of the final device, which is normally undesirable, we have proposed and demonstrated a potential use for the quantum behaviour of atomically irreproducible systems."

The reported Q-ID device, which uses an electronic measurement with CMOS compatible technology, can easily be integrated into existing chip manufacturing processes, enabling cost effective mass-production. The new devices also have many additional features such as the ability to track-and-trace a product throughout the supply chain, and individual addressability, allowing for marketing and quality control at the point of consumption.

Dr Robert Young, the research leader at Lancaster University and co-founder of Quantum Base said: "One could imagine our devices being used to identify a broad range of products, whether it is authentication of branded goods, SIM cards, important manufacturing components, the possibilities are endless."

The use of inexpensive nanomaterials and their ability to be produced in large quantities has resulted in smaller, more power efficient devices that are future-proof to cloning.

Phil Speed co-founder of Quantum Base said "Q-IDs markedly increase the security gap between the good guys and the bad guys; this is truly a step change in authentication and authorisation. Lancaster and Quantum base have created devices that are the smallest, the most secure and the cheapest possible today and we are looking forward to talking to prospective markets and customers alike to bring this new, cutting edge, great British technology into mass market adoption."

Explore further: Quantum communications go thin and light

More information: J. Roberts et al. Using Quantum Confinement to Uniquely Identify Devices, Scientific Reports (2015). DOI: 10.1038/srep16456

Related Stories

Fraud-proof credit cards possible with quantum physics

December 15, 2014

Credit card fraud and identify theft are serious problems for consumers and industries. Though corporations and individuals work to improve safeguards, it has become increasingly difficult to protect financial data and personal ...

Scientists produce status check on quantum teleportation

September 30, 2015

Mention the word 'teleportation' and for many people it conjures up "Beam me up, Scottie" images of Captain James T Kirk. But in the last two decades quantum teleportation – transferring the quantum structure of an object ...

Recommended for you

Novel light sources made of 2-D materials

October 28, 2016

Physicists from the University of Würzburg have designed a light source that emits photon pairs, which are particularly well suited for tap-proof data encryption. The experiment's key ingredients: a semiconductor crystal ...

Changing semiconductor properties at room temperature

October 28, 2016

It's a small change that makes a big difference. Researchers have developed a method that uses a one-degree change in temperature to alter the color of light that a semiconductor emits. The method, which uses a thin-film ...

Shocks in the early universe could be detectable today

October 27, 2016

(—Physicists have discovered a surprising consequence of a widely supported model of the early universe: according to the model, tiny cosmological perturbations produced shocks in the radiation fluid just a fraction ...

Bubble nucleus discovered

October 27, 2016

Research conducted at the National Superconducting Cyclotron Laboratory at Michigan State University has shed new light on the structure of the nucleus, that tiny congregation of protons and neutrons found at the core of ...


Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (6) Nov 10, 2015
Watch for hackers getting in between the device and the reader (much like they employ fake keypads overlayed on ATMs)

In the end hacking is not about getting the key. It is about opening the lock*. And at some point there's always that final bit that says "access granted" or "access denied". If you can manipulate that bit all the previous security measures are moot.

(* or not even that: it is ultimately about getting the thing behind the lock).
4 / 5 (4) Nov 10, 2015
It has the problem of repeatability: can you measure it accurately every time, can the "code" get damaged by chemical, mechanical wear... what if you bend the object - does the signature change?

These considerations require that the object has to be measured as a close match instead of an exact match to an earlier record. You have to allow error.

Now this is a huge problem, because secure password systems use what's called a hash function. The original password isn't saved anywhere - the password goes through a one-way math function that turns "password" into "d123jjw3oe3kjlsd" style gibberish. If the hash code matches with what was stored then the password is correct. That means you can't steal the password from a server because the server doesn't have it.

With a "close match" comparison, this is not possible because a close match generates a completely different hash. It means you can steal the signature, and generate not an exact clone but a "close enough" clone.

5 / 5 (2) Nov 10, 2015
Watch for hackers getting in between the device and the reader (much like they employ fake keypads overlayed on ATMs)

Exactly, and since the signature is stored on some computer system for comparison purposes, where it can be stolen from, a hacker can simply bypass the scanner and send the stolen signature pretending to be the scanner. They don't necessarily need the actual object at hand.

not rated yet Nov 10, 2015
There are two parts to any lock. The key and the keyhole. They both have to match. Having one side that is unique has never been the problem.
5 / 5 (1) Nov 11, 2015
This only sounds usable in the physical world or maybe in some very special situation where "infinite" attacks are allowed.

In most of the world (not TV) other than for an extremely stupid password/person it doesn't matter. Lets imagine that someone has a computer that can try a trillion passwords a seconds. And you have a bank account password of 20 digits, how long does it take for the computer to break in? Forever. The reason is the bank is going to lock the account after about 3 password ties. It is pointless to worry about other trillion - 3 tries, in that second.
But what about a machine they have psychical access to?
First of the machine has to be capable to accept a trillion tries a second, and few devices can, but on top of that programmers aren't stupid even a millisecond delay that the user would never notice defeats this.

So how do real hack happen?
They look for weaknesses in the system as the other people have pointed out.
You hack the websites, networks...
5 / 5 (1) Nov 11, 2015
But what about a machine they have psychical access to?

They read and dump the contents of the memory of the machine onto a different machine with faster access and then try to crack it at a trillion tries per second.

They aren't going to try playing by your rules. If you have physical access to hardware, all encryptions are eventually broken. That's why there shouldn't be anything worth stealing in the machine's memory in the first place - only hash codes, never the actual passwords or ID signatures, because otherwise all the data is protected by just a single master key.

But since you can't turn a signature, like a crystal lattice, or a fingerprint, or an image of your retina, or indeed a handwritten signature into a reliably repeatable code that you'd get exactly every time, you can't hash it, so you have to store the actual signature on the machine that does the comparison.

That means the signature can be stolen and simply replayed.

5 / 5 (3) Nov 11, 2015
not enough information given here to understand how this would be used, or to answer/debunk the questions that have been asked.
not rated yet Nov 11, 2015
@Eikka, I agree they are not going to play by your rules, and that is really the cornerstone to what I was trying to say. Once they have physical access they are most likely going to use other hacking techniques, they are not going to try an exhaust search. You attack a systems weakest point, not its strongest.

BTW not including a quantum computer (which doesn't exist yet) if they can do 100 trillion guesses per second. It would take 11.52 thousand trillion centuries to do the search for a 20 character password.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.