Schneier on Security
A blog covering security and security technology.
« Hiding Behind Terrorism Law |
| Blowfish on 24, Again »
March 19, 2009
Fingerprinting Blank Paper Using Commodity Scanners
Will Clarkson, Tim Weyrich, Adam Finkelstein, Nadia Heninger, Alex Halderman, and Edward W. Felten
Abstract: This paper presents a novel technique for authenticating physical documents based on random, naturally occurring imperfections in paper texture. We introduce a new method for measuring the three-dimensional surface of a page using only a commodity scanner and without modifying the document in any way. From this physical feature, we generate a concise fingerprint that uniquely identifies the document. Our technique is secure against counterfeiting and robust to harsh handling; it can be used even before any content is printed on a page. It has a wide range of applications, including detecting forged currency and tickets, authenticating passports, and halting counterfeit goods. Document identification could also be applied maliciously to de-anonymize printed surveys and to compromise the secrecy of paper ballots.
Posted on March 19, 2009 at 6:07 AM
• 17 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Seems like it might be also be an interesting side-channel to use for sending obscured key information. Still would require the physical transfer of a object between the two people.
An interesting offshoot might be an algorithm which derives a robust fingerprint from a digital image which is independent of the exact viewpoint of the camera --- then two people could "agree" on a shared secret key by merely agreeing on a specific time and scene. Of course, this would be easily detectable if both photographers can be observed and their actions correlated in time. In fact, it starts to sound more like a movie plot than something really useful.... oh, well.
It's a cool idea, technologically, but it really doesn't get us any further in fixing the real problem with most security systems: the people who design them often don't know what they are doing and produce terrible solutions.
It hardly matters if the validity of a document can be computed if the paper is being stored in a drawer with a typical desk lock (it seems they're almost universally easy-to-pick wafer locks) or in a supply closet with no lock on it at all.
"...random, naturally occurring imperfections in paper texture."
What about induced imperfections in paper texture? For example, passing paper through a sheet feed runs it over rollers, bends the paper, and for double sided output, performs a gyration to reverse the paper in the paper stream. Further, paper texture is often changed by how long it sits exposed to air before insertion in the printer storage tray, how long it sits in the storage tray, and further by handling after printing and removal from the output tray.
Further, who is going to store the 3 dimensional surface scan of every blank page that is sold, just so it can be used later to determine the origin, authenticity, or relevance to whatever?
Presumably, the main use of this would be in verification of contracts or legal statements. In that situation, at least one of the parties involved has incentive to protect their piece of paper so that it matches the fingerprint in the event of a dispute.
If they can compute the unique fingerprint of the document then the same fingerprint can be reused to create a duplicate document if they can access the document, which they'll have especially in the case of currency.
'...random, naturally occurring imperfections' - really random or just seems that way for a sufficiently small sample?
It might be a dubious solution to a problem I don't have; but I like that kind of thinking.
"... including detecting forged currency ..."
How does knowing that dollar bill #B84487435G matches its own fingerprint help determine whether other dollar bills are counterfeit?
o.s.: The paper discusses that, and say that their preferred version of the technique is secure against it. They go into some detail about the robustness/spoofability tradeoff actually.
Although this isn't really the same thing, Anoto has an interesting technology for identifying not only documents but coordinates on every page:
One small problem...
There is a way of removing photocopy / laserprinter (plastic) ink from the paper...
So the piece of paper might be the genuine sheet of paper but is the document genuine?
I guess you need an ink that actualy sinks into the fibers of the paper and cannot be removed.
There are a couple of other issues that I can think of but you will find them where I comented on the original post.
By the way this idea is not new. Back when there where the stratigic arms limitations talks for conventional weapons (tanks etc) a system was proposed that was a random layer of choped glass fiber cloth clear gel coated on the weapon. This was so that random arms inspectors could check the ID of the weapon quickly and easily.
As an unforgable ID tag it apeared to have great merit, unfortunatly it was found on in depth investigation that the overal system had a number of potential flaws (like finding a place on the weapon that could not be transfered to another weapon etc).
I don't buy using this to authenticate currency, unless it's for something like $10,000 bills.
First, who would have access to a scanner, computer, and the necessary database? Believe me, it isn't going to be showing up at POS terminals or cash registers.
Second, a trusted authority (e.g. US Treasury) would have to create the database in the first place.
Third, a trusted authority will have to provide trustworthy access to the database to all the remote stations that intend to use the authentication data.
Fourth, the data channel will need strong authentication.
So maybe someday they can fit all the client-side stuff into a device the size and cost of an iPhone, but that still doesn't make the enormous trusted database of master scans come into existence any sooner or easier.
This seems like a solution in search of a problem to me.
It simple: The paper fingerprint can be seen as the hash of the paper. Similiar to the hash of a text document and can be used the same way to build a digital certificate with a public/private key pair.
If you want to use it on paper money, just meassure/calculate the fingerprint, append the bills serial number, encrypt it with the central banks private key and print the result as a 2D matrix code on the bill. To check the bill you simply meassure the fingerprint of the bill and append the serial number and check your result with the decrypted result printed on the bill.
I could also imagine a maschine similiar to a modern copy machine. It has a two slots where the two signing parties insert their siging gadgeds. The machine scans the document, calculates the finger print ask both parties to insert theirs unloked gadgeds. Both gadgeds calculate one digital signature, and the machine prints the result as a 2D matrix code on the paper.
Actually that could be even done without the papers fingerprint and just text and the signatures on the paper.
Think about paper ballots in voting systems.
Although it's better to have a database, but you don't need to connect to the database if you just want to authenticate. For example, you can print the "hash" on the currency with a digital signature. This way, you only need to use the scanner to verify the hash, then check for the digital signature with the known public key from the treasury.
If the scanner is cheap enough, then every store can have them, and it can greatly increase the difficulty of counterfeiting a banknote.
A rather subtle bug: the final dot after html makes the link fail!
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.