Okay, so this isn’t new, but I’ve been wanting to point out what I feel is an obvious security failure. Essentially, these “DataDots” are laser-etched dots, granular in size, much like sand. They’re prepared in a UV-based adhesive for application. The dots contain a unique identifier code, that upon application, will allow your property to be identified as belonging to you. This is beneficial, for stolen items that are recovered – at least, that’s what they’re aiming for. Here’s their home page, and here’s a video that introduces the concept.
My questions are: “What happens if I put my DataDots on someone else’s property, and report it stolen?” “What happens when property is sold that contains DataDots?” “What happens if there are multiple DataDots, with different identification numbers, on the same item?” There are various ways to look at this problem, but these are the first few questions that pop into mind. This reminds me of a cryptographic problem involving MACs. (Y’all know how much I love MACs.)
The problem I’m referring to is as follows. A MAC, or Message Authentication Code, is a keyed function that serves the purpose of preserving the integrity of a message. Let’s say Alice and Bob are communicating, and want to ensure that an adversary doesn’t tamper with the message. Alice and Bob share an authentication key. Alice computes a MAC on the message, using this shared key. When Bob receives the message, he authenticates it using the same key. If the MAC he computes matches the MAC sent along with the message, then the message hasn’t been tampered with.
This is, roughly, the concept. However, it doesn’t identify the MAC with Alice; it only shows that someone who knew the authentication key computed the code. You see something similar with DataDots. The presence of DataDots doesn’t identify property with its rightful owner; it only shows that someone with DataDots had access to that property. In other words, nothing correlates the property ownership with the DataDots. Deterrence of theft is a good thing, but this doesn’t ensure it, and has the added side effect of promoting theft, if folks believe that DataDots inherently imply that the rightful owner of a given item is the person who applied the DataDots.
The little “Might Dot” mascot seems confident, despite the severe limitations, stating, “Hi, I’m Mighty Dot, Protecting your vehcile[sic] from theft” – I’m not quite sure what a vehcile is (okay, so this is a cheap stab), but I hope any of you potential consumers will weigh the obvious cons. Make no mistake though – I am not discounting the possibility of useful applications of this concept, but I think the potential misuse makes for a sloppy situation.