Scientists uncover quantum encryption system weakness
By Stewart Mitchell
Posted on 31 Aug 2010 at 16:11
Quantum cryptography might provide everlasting security – but only if it is well implemented, according to researchers.
Quantum cryptography is supposed to be practically bomb proof. Based on the Heisenberg uncertainty principle in which observation causes perturbation, anyone trying to eavesdrop on a Quantum Key Distribution system should quickly be discovered.
However, experts have developed and demonstrated a technique exploiting imperfections in quantum cryptography systems to implement an attack.
Such commercial systems usually use photons to carry the quantum states and, according the scientists, overwhelming the photon light signals within network equipment can leave them open to an attack.
“We found that bright illumination of the detectors changed their behaviour,” said Christoffer Wittmann, a researcher at the Max Planck Institute, which developed the technique alongside experts at the Norwegian University of Science and Technology and the University of Erlangen-Nuremberg.
By flooding the detectors with bright light, we were able to send in faked light states that are classical rather than quantum
“Usually detectors are sensitive to a single photon and that is what should emerge at the other end and which shows the connection is secure. By flooding the detectors with bright light, we were able to send in faked light states that are classical rather than quantum.”
More concerning still, the hack was demonstrated using off the shelf components. However, the researchers noted the vulnerability lay with the way both the tested quantum systems - the MagiQ Technology's QPN 5505 and the ID Quantique Clavis2 - had been implemented, rather than quantum cryptography as a concept.
“It is an imperfection in the device that allows a man-in-the-middle attack, which should not normally be possible,” said Wittmann. “This is not an inherent weakness in Quantum Key Distribution, but of this implementation. By our work, we would like to strengthen the practical security of quantum cryptography systems.”
ID Quantique, a network security provider that has been collaborating with the researchers, said it was already working on counter measures to fix the problem.
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
- Can you send a truly anonymous email?
- Is it safe to send bank details over email?
- Sainsbury's Bank bans password storage
- MobileMe triggers credit card blocks
- How to stay safe against session hijacking
advertisement
Printed from www.pcpro.co.uk