Here’s a fine example of the tensions between an irresistible force v.s. an immovable object.
At some point in my childhood my father, presumably in an attempt to keep me from wasting a summer in idle pleasures, got me an unpaid job working with a locksmith. I really enjoyed it, though I never did get the hang of picking locks. One thing I loved about the job was all the paraphernalia. One of the principle artifacts in every lock smiths tool kit is a box of pins. These pins are tiny bits of brass all of various lengths. They were color coded so you could put them back in the case.
These pins are packed into the lock so that when the right key is slide in they align just right and the lock will turn. Sweet little springs push the pins back into place when the key is removed. Each spring sits in a hole and the hole has two pins whose length sum up to fill its column just right. A lock with a master key will have three pins in one or more of the columns.
Locks of varing sophistication modify this design by having the columns oriented in various patterns. The typical lock just has the pin-columns in a straight line. If you look at your key ring you’ll probably find at least one key who’s bumpy bits are set up in some tricky way. Complex topology makes it harder to pick the lock; or at least that was the idea.
The design patterns for key-and-pin locks form a the plaform for a huge installed base of locks and keys. So it’s a great standards story and like all standards used for security things get messy when a security flaw is revealed. The usual exemplar of that is Microsoft Windows, which was never really designed to be secure and now sustains the vast cyber-crime industry (said to be larger than the drug trade).
You can’t ‘just fix’ a system like this because the installed base is very slow to move. As Bill Gates is rumored to have said back in the 1990s, “My biggest competitors is old versions of Windows operating system.” Users don’t upgrade quickly.
Over the last year or two knowledge of a huge security flaw in the key-and-pin lock design pattern has been revealed. There is a fun video (with subtitles) from a Dutch TV show you can watch (WMV) and a paper about it (pdf).
It’s easy to understand though. The common name for the technique is bump key. You make a key that bumps the pins. Well, actually, it taps the pins sharply. The sharp tap is then transmitted thru the stack of pins until it reaches the top most pin. That pin then floats up and way from the rest of the stack. At the moment the gap appears you turn the lock. All you need is a good bump key, a sharp tap, and to time the turn to the right moment.
You have seen this dynamics in one of those executive desk top toys (these are known as Newton’s cradle) where a group of balls hang in a line and you drop one ball one end and ball on the other end floats up.
Designing around this problem is, I presume not too hard. For example, since only the top most pin will float up when tapped you need to assure it’s movement won’t open the lock. That’s not too hard since you can arrange to have the top pin above point where the lock turns. In some cases you might even be able to repin an existing lock to prevent the problem. In other cases you probably have to redesign the locks.
There are techniques for moving a large installed base. Firms, like Microsoft, that depend on upgrade revenue are very practiced at these. Moving an installed base can be very profitable. Rekeying the entire planet, changing every lock in every door, replacing the keys on everybody’s key ring – wow! The lock industry ought to be very excited about this. I bet there is quite a backlog of key-and-pin patents piling up at the patent office right now.
Of course, the profits to be made from migrating the installed base are not the first thing most people think of when they hear this story. But then, most people don’t tend to think of Microsoft’s security problems as an upgrade driver either.