Scientists uncover quantum encryption system weakness
By Stewart Mitchell
Posted on 31 Aug 2010 at 16:11
Quantum cryptography might provide everlasting security – but only if it is well implemented, according to researchers.
Quantum cryptography is supposed to be practically bomb proof. Based on the Heisenberg uncertainty principle in which observation causes perturbation, anyone trying to eavesdrop on a Quantum Key Distribution system should quickly be discovered.
However, experts have developed and demonstrated a technique exploiting imperfections in quantum cryptography systems to implement an attack.
Such commercial systems usually use photons to carry the quantum states and, according the scientists, overwhelming the photon light signals within network equipment can leave them open to an attack.
“We found that bright illumination of the detectors changed their behaviour,” said Christoffer Wittmann, a researcher at the Max Planck Institute, which developed the technique alongside experts at the Norwegian University of Science and Technology and the University of Erlangen-Nuremberg.
By flooding the detectors with bright light, we were able to send in faked light states that are classical rather than quantum
“Usually detectors are sensitive to a single photon and that is what should emerge at the other end and which shows the connection is secure. By flooding the detectors with bright light, we were able to send in faked light states that are classical rather than quantum.”
More concerning still, the hack was demonstrated using off the shelf components. However, the researchers noted the vulnerability lay with the way both the tested quantum systems - the MagiQ Technology's QPN 5505 and the ID Quantique Clavis2 - had been implemented, rather than quantum cryptography as a concept.
“It is an imperfection in the device that allows a man-in-the-middle attack, which should not normally be possible,” said Wittmann. “This is not an inherent weakness in Quantum Key Distribution, but of this implementation. By our work, we would like to strengthen the practical security of quantum cryptography systems.”
ID Quantique, a network security provider that has been collaborating with the researchers, said it was already working on counter measures to fix the problem.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
