I was chatting with a fellow locksport enthusiast over the weekend (and over a few beers) and we got to the topic of how one would configure the ultimate locking mechanism for a door, safe, etc. This was meant to be a pure thought experiment rather than being for one specific application.
I got to thinking that (IMHO), an ideal setup needs 3 things in order to gain access:
1) Information, such as a combination for a dial lock or the code number for an electronic lock. 2) A difficult-to-duplicate physical object, most commonly a key. 3) One or more secrets and/or misdirection
The 3rd one is really what I wanted to chat about. One thing that always struck me as a weakness to the majority of locking devices is that by simply walking up and looking at a door (or safe, or whatever) a potential crook can easily see what he is up against. If you see a keyhole that invites picking. If you see a knob then that tells you there's a combination lock that needs to be defeated. And so on. But suppose there is some hidden security feature that isn't obvious from looking at the door. A hidden feature, even a relatively simple one, could easily act to prevent unauthorized access. For example, suppose a safe was equipped with a standard combination lock yet there was ALSO a key-operated lock whose keyhole was hidden among the decoration on the safe's door. A crook might defeat the combination lock and could waste an awful long time trying to get the safe open without ever realizing the existence of the hidden key lock. A 2nd (or 3rd...) lock of any type could be hidden in a nonstandard location on the door. A mechanism requiring a magnetic key could be placed literally anywhere and no matter how carefully someone examined the door or container they would never know that a magnet had to be placed at a particular location before the mechanism will open. An electronic lock could be disabled by installing a hidden switch somewhere, the same way that many car owners protect their cars by installing a switch on the ignition circuit hidden somewhere up under the dash.
As far as misdirection goes it could be possible to disguise one security feature as another. The idea being to trick any would-be crook into thinking they can tell what they are up against but in reality the mechanism is very different. Suppose someone walks up to a safe and sees two combination locks. The likely assumption would be that both must be manipulated in the standard manner. However, in reality one of those locks is a normal combination lock, while the other is a different mechanism entirely which is simply meant to look like a standard dial. Instead of dialing a 3-number combination the 2nd "lock" is operated by turning the dial to a specific number and then pulling the knob straight back towards the operator instead--or in some other obscure manner which has nothing to do with the normal function of a combination dial. Or the dial could be held on by magnets revealing a hidden keyhole underneath, etc. A door equipped with an electronic keypad could have a hidden key lock installed behind it, accessed through the same hole the lock's cable goes through.
I'm curious what my fellow pickers think about this beer-fueled brainstorming session!
1 and 2 together are known as multifactor authentication, and it's pretty common in higher security computing environments. The factors are usually some combination of something you know (information, such as a code or password), something you have (key, token, etc) and/or something you are (biometrics).
3 is an interesting thought exercise, but doesn't scale well. In computing circles it's known as security through obscurity. The problem is that as soon as the obscure thing becomes well known, pretty much all of its security benefit is lost. Something truly secure will retain its benefit even if an attacker is able to fully study and understand its workings. E.g. the security should come from the inputs to the system (codes, keys, etc), not the workings of the system.
On a small scale though, something like that would certainly make an interesting/hard challenge lock. The problem is as soon as you start trying to use it at scale, you either have to start reusing the same secret (which means there are more people that know it and it's less secret) or thinking of different secrets for each lock (and at some point you run out).
demux wrote:3 is an interesting thought exercise, but doesn't scale well. In computing circles it's known as security through obscurity. The problem is that as soon as the obscure thing becomes well known, pretty much all of its security benefit is lost.
Yes, you're exactly right in that regard. This was a thought experiment for a single specific situation. Obviously it wouldn't work for mass implementation because then you wouldn't have much of a secret anymore. But it could be wonderfully effective for one-offs or personal security needs.
I love the term "Security through Obscurity". I can think of a wonderful example as well. An acquaintance of mine owns a very rare Porsche that's worth over a million dollars. It is parked on a dirt floor under a rickety 3-walled structure that I can't even call a "barn". No locks or anything like that protecting access. The thing is that you'd never know where to look for it; it's in the middle of nowhere. But the idea is as old as history itself. You hear stories all the time regarding people finding hidden caches of valuables, especially over in Europe...some of which date back to Roman times if not before.
Possibly have a simple combination lock as the tailpiece of the key plug. With gates at approximately 1/8 turn spacing with the gate width wide enough to allow a bit of leeway in 'dialing' the combination.
Then the correct key must be turned four times left to 5/8, three times right to 1/8, two times left to 3/8, then right to open.
Someone not familiar with the lock would think the lock was broken when the key keeps turning without opening the lock. You would have the mechanical of the key (however complex a key you want), then the knowledge of the combination when there are no indexes on the lock face.
Gordon
Just when you finally think you have learned it all, that is when you learn that you don't know anything yet.
Quite honestly that thing looks like a joke. It only covers the front of the safe and I can't imagine it actually fooling someone. After all, it's flat so if someone is walking around they will not see the sides of the handles, etc, printed on it. Also, the front of most safes has a lock and the handle sticking out, surely that would make this cover bulge out or otherwise look odd rather than the flat surface one expects from a wooden cabinet.
But yeah, hiding or obscuring the safe would be a great idea. You can't open it if you don't know where it is or have no idea it exists in the first place. I also think that if you're buying/installing a safe that one should do so as discreetly as possible. Imagine what sort of signal gets sent to curious neighbors if you have a giant truck with "Big Al's Safe's" on the side of it pull up in your driveway? Or if you get some buddies to help you and one of them blabs about how "last week he nearly threw out his back helping John Doe move a new safe into his bedroom for his wife's jewelry". (or gun collection, or rare coins, artwork, whatever....)
If people know you have a safe they might start to wonder what it is that you own that's valuable enough to warrant one. The last time I helped a buddy move a gunsafe we first went to the local home-improvement store and got a cardboard box from a refrigerator. We stuck that over the safe while it was on the trailer, and it remained in place until the safe was out of public view. Anyone looking would simply have seen a few guys move in a new fridge.
GWiens2001 wrote:Possibly have a simple combination lock as the tailpiece of the key plug. With gates at approximately 1/8 turn spacing with the gate width wide enough to allow a bit of leeway in 'dialing' the combination.
Then the correct key must be turned four times left to 5/8, three times right to 1/8, two times left to 3/8, then right to open.
Someone not familiar with the lock would think the lock was broken when the key keeps turning without opening the lock. You would have the mechanical of the key (however complex a key you want), then the knowledge of the combination when there are no indexes on the lock face.
Gordon
I don't know how I managed to miss your post Gordon, but that is a great idea. That's the exact sort of thing I was thinking about. And what makes your idea especially good is that in addition to the "misdirection" provided by the keyhole and the knowledge of the hidden combination lock, it also makes that setup very difficult to pick. Even if someone knew the combination in advance they would have to pick the lock many times just to enter the combination. Any mistake would require a repeat of all that picking.
Quite honestly that thing looks like a joke. It only covers the front of the safe and I can't imagine it actually fooling someone. After all, it's flat so if someone is walking around they will not see the sides of the handles, etc, printed on it. Also, the front of most safes has a lock and the handle sticking out, surely that would make this cover bulge out or otherwise look odd rather than the flat surface one expects from a wooden cabinet.
But yeah, hiding or obscuring the safe would be a great idea. You can't open it if you don't know where it is or have no idea it exists in the first place. I also think that if you're buying/installing a safe that one should do so as discreetly as possible. Imagine what sort of signal gets sent to curious neighbors if you have a giant truck with "Big Al's Safe's" on the side of it pull up in your driveway? Or if you get some buddies to help you and one of them blabs about how "last week he nearly threw out his back helping John Doe move a new safe into his bedroom for his wife's jewelry". (or gun collection, or rare coins, artwork, whatever....)
If people know you have a safe they might start to wonder what it is that you own that's valuable enough to warrant one. The last time I helped a buddy move a gunsafe we first went to the local home-improvement store and got a cardboard box from a refrigerator. We stuck that over the safe while it was on the trailer, and it remained in place until the safe was out of public view. Anyone looking would simply have seen a few guys move in a new fridge.
In reality however, out of all the robbery's I have seen very few safes were ever broken into. Rarely some idiot of a criminal will try bashing the bolt handle or even the combo dial off, but for the most part the only safes taken were under 300 pounds and were just carried off--Heavier stuff was usually not disturbed. More likely the TV, computer & stereo equipment is taken, sometimes just so two weeks later the same thief can come back & steal all your brand new stuff
Moses057 wrote:Speaking about the first post. If you have some sort of secret security feature, it's no longer a secret, once the device is mass produced.
Clearly. That's what I meant by it being a though experiment only. Obviously any "secret" features would be far less beneficial in a case of mass production.
gumptrick wrote: A hidden feature, even a relatively simple one, could easily act to prevent unauthorized access.
My memories are a bit vague so I can't quite pinpoint the time and location of this, but I remember watching a documentary a few years ago where something like this was mentioned. In the documentary there was one particular (government?) building where reporters were constantly trying to sneak in. For some reason or another it was not convenient to install locks to certain doors, so instead the doorknobs were made with a (literal) twist: to open a door you had to turn the door knob one way, while at the same time use your thumb to turn a rotating rim on the backside of the knob the other way. With a little practice this could be done with the outside appearance seeming like a normal twist of the knob, but anyone not knowing the trick would just think that the door had been locked.
But as demux pointed out, this really works only because the usage was contained in one building with relatively few people in the know and for a limited duration.
I think this was happening around the seventies in the states, but I can't be sure.
"Information theory 101," the boy said in a lecturing tone. "Observing variable X conveys information about variable Y, if and only if the possible values of X have different probabilities given different states of Y." - HPMOR.com
