A Working, Quantum-Encrypted Intranet

192939495969798999 writes "This article points out how BBN, developers of ARPANET, have actually created a quantum-encrypted intranet that serves pages to a small group of research scientists. I firmly believe this is as significant as the very first internet transmission some years back. If the technology is working and 100% secure, how long until it makes its way at least into government websites? This might be the end of the hacked by Chinese index pages!" Reader Kent adds "A New York based company, MagiQ Technologies, has begun selling units for commercial use while a group in Europe recently made the first quantum encrypted bank transaction in Vienna, Austria - April 2004. But the Boston network - though limited to three locations - is believed to be the first Internet-integrated system that runs continuously between multiple distant locations."

common logical fallacy

[by Anonymous Coward]

If the technology is working and 100% secure, how long until it makes its way at least into government websites? This might be the end of the hacked by Chinese index pages!

Just because a computer uses encryption, doesn't mean that it is unhackable.

Re:common logical fallacy

[ThomaMelas (631856)]

Not really. But it will show if it's been viewed or tampered with, so you can declare the transmission null and void.

Re:common logical fallacy

[AndrewHowe (60826)]

That is true, but denial of service is already achievable with a pair of cable cutters. The benefit of quantum encryption is that you can be sure that if a message does arrive, it hasn't been read by anyone else. You still need to protect the physical link. Having said that, if your cable is protected from cutting, it is also protected from installation of eavesdropping devices, so I'm not sure what QE actually achieves in practice. I suppose it's worse to have your messages covertly eavesdropped than to not receive them at all... But you're pretty stuffed either way!

Re:common logical fallacy

[evslin (612024)]

"Make something idiot-proof and they'll build a better idiot."

Re:common logical fallacy

[by Anonymous Coward]

The question isn't if quantam encryption is unhackable. The question is if a computer that uses quantum encryption magically loses all of the flaws in the rest of the software (httpd/kernel/etc) on the machine. The answer to that is no.

Encryption is often sold like this. I remember watching an interview with a salesman for a voting machine company. When asked if the voting machine had security problems, his response was that it used unbreakable encryption. So what does that mean? Nothing at all. Just becaus

Beam me to my computer

[by Anonymous Coward]

BAH! , Until they have me beaming back and forth from my bed to my computer I'm not giving quantum computing a dime.

FP?

[hackronym0 (812439)]

I just wanted to pose the question, how can you prove that it has not been tampered with? You can't measure anything without changing the state, right? So you shouldn't really be able to prove that its secure either. Anyone else think that this is BS?

Re:FP?

[by Anonymous Coward]

I do not think it is BS. I think you need to do some more research on the subject.

Re:FP?

[i_should_be_working (720372)]

it's the key to the encryption that they have to make sure isn't tampered with or eavesdropped on. say the key is 100 bits long. after the transmission of the key, the sender and reciever compare, say, 50 of these bits publicly. if the receiver's bits are different than the sender's they know someone has tampered with it (since any measurement by an outsider will alter the state) and they throw that key away. if they are exactly the same, they know no one listened in and they can use the other 50 bits as the actual key.
they send the encrypted data only after they are sure no one else has the key.

Re:FP?

[mhesseltine (541806)]

it's the key to the encryption that they have to make sure isn't tampered with or eavesdropped on. say the key is 100 bits long. after the transmission of the key, the sender and reciever compare, say, 50 of these bits publicly. if the receiver's bits are different than the sender's they know someone has tampered with it (since any measurement by an outsider will alter the state) and they throw that key away. if they are exactly the same, they know no one listened in and they can use the other 50 bits as the actual key. they send the encrypted data only after they are sure no one else has the key.

This raises a question for me; if I (a theoretical man-in-the-middle bad guy) know of a quantum-encrypted channel that is being used, for example, by banks, what prevents me from tapping the wire, disrupting the quantum state, and forcing another attempt at transmission? Couldn't a man-in-the-middle become a denial-of-service between two parties by never allowing them to secure a line in the first place?

Re:FP?

[BondHeadGuy (529371)]

Well, yes, but it's like exception handling vs. error codes: using exceptions doesn't get rid of the error handling problem, but at least they ensure that things can't fail silently. Presumably the two parties do not want to use the line at all if it has been tapped. Better a DOS than a leak of confidential information.

Re:FP?

[stevelinton (4044)]

Sure. A pair of scissors will do this perfectly. A man-in-the-middle can always deny service.

Re:FP?

[Silverlancer (786390)]

Its because of how quantum encryption works. Basically, I'll make an explanation here for everyone. We'll have two computers, Alice and Bob. Alice sends a bunch of *RANDOMLY* polarized photons, each polarized RANDOMLY with one of two polarizers--up-down, or diagonal. So you could have one of the following four photons: / \ | --

Bob at the other end RANDOMLY switches between filters, and thus gets only about 3/4 of the photons right (this is a little long and thus I won't do the math here). So he reads off, over an insecure line, which filters he used when. Alice tells him when he was right and when he was wrong. The series of bits that he got right will be used for a one time pad cipher. However, Eve, the evesdropper, can't get the one-time pad! Why? Because she and Bob will have used a different sequence of polarizers, and thus she would have gotten some of the one-time pad wrong. Plus, when Eve measured any photon along the line, it would change its polarization, so therefore before doing the encrypted transmission, Alice could send a portion of the one-time pad to Bob. If any of it changed, then obviously Eve was on the line.

Re:FP?

[eegad (588763)]

Bob was sent to the store by Alice for polarized one-time pads but as usual he came back with the wrong filter. She should have just sent Eve to begin with.

Re:FP?

[NoData (9132)]

I have a question regarding this. It sounds like quantum encryption requires a direct optical connection between the sender and receiver. Is it theoretically possible make it "routable?" That is to say, would it be usable in the post office type model the internet uses, where packets have to be inspected (and, thus presumably destroying the message in a quantum transmission) to determine where they're going, or would a completely new model need to be developed?

Re:FP?

[radamson (801339)]

You can measure _some_ in quantum mechanics things without changing them, and that's the way these systems work. If I send you a horizontally polarized photon then if you measure it along the horizontal direction you won't change its state, but if you measure along any other direction you will. These systems work by the receiver measuring in one of two possible directions selected at random. The receiver and the sender then tell each other what direction the measurements were done so that they can decide what information is valid and what isn't.

An eavesdropper will inevitably destroy some of the valid information which will introduce noise into the sent signal. The sender and receiver can detect this noise and deduce that they are being eavesdropped on.

Incidentally, the security of the most common scheme has been proven mathematically by Shor and Preskill.

Encryption != Security

[leerpm (570963)]

If the technology is working and 100% secure, how long until it makes its way at least into government websites? This might be the end of the hacked by Chinese index pages!"

Just because the network and all of the transmissions are encrypted, doesn't mean the server is secure. Having IIS running HTTPS exclusively doesn't mean you don't have to patch it.

What?!

[Manip (656104)]

How will this stop worms or web-sites getting 'hacked'? It isn't even designed to! It is designed to stop sniffing or the modification of data while it is on the pipe. I think the poster needs get a clue.

Re:What?!

[xyzzy (10685)]

That would require the slashdot editorial staff to actually a) read the article they're posting about, and b) understand said article.

Makes quantum networking look easy, no?

Excellent ..

[ReidMaynard (161608)]

Tonight I'm adding "Quantum Network Engineer" to my resume...

Re:Excellent ..

[by Anonymous Coward]

"fluent in Hindi and willing to relocate" would impress far more employers.

Re:Excellent ..

[nkh (750837)]

I prefer: Engineer with 20 years of experience in quantum encryption (I'm sorry if you don't get this rather cryptic joke...)

The EU too!

[tcd004 (134130)]

Don't miss this bit [foreignpolicy.com] on how the EU is planning to use Quantum Crypto to subert and avoid the U.S.'s rampant digital espionage.

tcd004

100% secure?

[jstave (734089)]

The article didn't say "100% secure", and with good reason (IMO). Historically, that "100% secure" claim hasn't panned out. Sooner or later, some obnoxious killjoy always seems to come along and break the encryption.

Re:100% secure?

[Jerf (17166)]

Breaking quantum encryption would most likely net you a Nobel Prize in Physics, since it implies breaking QM.

This is indeed a truly new level of encryption. We probably can't say 100%, but breaking quantum encryption is definately a different order of difficulty than breaking conventional encryption.

what does this have to do with hacking websites.

[by Anonymous Coward]

Just becuase the transmisions are quantum encrypted doesn't meen the sites won't be hacked. Websites are hacked becuase their admins don't applly patches and use crappy passwords, not becuase their ssl encryption isn't strong enough.

Does this mean Google will need to switch...

[scotay (195240)]

...from pigeon-based indexing to using cats?

Depends on implementation?

[evslin (612024)]

We all read the the story [slashdot.org] about the Lexar Jump drive and how 256-bit AES encryption doesn't match up to the fact that the passwords weren't being encoded in a very secure manner.

I would seriously hope that if this new encryption scheme goes anywhere the people that implement it have the common sense to lock it down tight. Otherwise those HACKED BY CHINESE pages aren't going anywhere anytime soon.

QC is not an encryption tech

[po8 (187055)]

This might be the end of the hacked by Chinese index pages!

Uh, no. Quantum communication is not magic. (OK, maybe, but not that kind of magic.) What it is, is perfectly secure against physical eavesdropping. An attacker can't "tap the wire", as it were. The name "quantum encryption" is something of a misnomer, though: this technology is just a communication channel, albeit an uber-cool one.

Re:QC is not an encryption tech

[geomon (78680)]

"What it is, is perfectly secure against physical eavesdropping."

Don't you mean "theoretically perfect"?

Observe! Invocation of the Patriot Act!

All transport layers are now visible.

Re:QC is not an encryption tech

[po8 (187055)]

No, I actually did mean "perfectly secure" against physical eavesdropping. The laws of quantum physics are odd; they guarantee (with probability arbitrarily close to 1) that if you try to listen to the message in transit, you'll wreck it. The Patriot Act may let the eavesdropper mess with the endpoints of the channel, but the channel itself is secure against everything but attacks on the fundamental laws of nature :-).

100% secure - but the transport medium only

[by Anonymous Coward]

this doestn mean that a buggy iis connected to the quantum network will be any more secure if it would be connected by rj45 or fibre ethernet.

this means only, that man-in-the-middle attack cant be done, or data during the flow cant be altered without recognization.

this is just a new transport media but not making the services and clients at both ends any more secure.

think of this as an ssl/ssh/vpn replacement.

if you have bugs in the rest of your software/hardware ssl/ssh/vpn/quantum cant help either.

nuff said

It's gotta be said:

[El_Smack (267329)]

So that's what Al Gore has been up to!

quantum: viewing changes Data..

[rockclimber (660746)]

Now I understand! when word was randomly messing up my settings and files, it was because I was viewing them.

so it WAS a feature, not a bug.

who d'have thunk that MS had such advanced SECURITY tech... :-)

A Good Thread About Quantum Crypto

[bahamutirc (648840)]

There was a good discussion [virus.org] about quantum crypto on The Cryptography Mailing List last month.

Perhaps a more accurate characterization...

[rpdillon (715137)]

While quantum cryptography is, depending on implementation, not hackable, that doesn't account for all the other parts of the system. Bascially, quantum cryptography protects the data in transit, but does nothing to protect the machines its being sent to/from, and certainly doesn't address issues like storage of the data.

Further, what it secure? Not being altered by unauthorized parties (webpages need this), or not being read by unauthorzied parties (goverments need this) or somewhere in between (can't be read without the sender/receiver being notified)?

Security may well be one of the most misunderstood topics, with quantum physics just above it... =)

How will MS use this technology?

[Trolling4Dollars (627073)]

Considering that a secure OS is the purported "holy grail" for MS, how do you suppose they will utilize this technology? Let's think about how they integrated the TCP/IP and the Internet. Initially, they "had a better idea" in the forms of NetBEUI and the MSN service (pre-Internet proprietary service). Eventually they "got religion" and started using TCP/IP (albeit a little funky) and real Internet service instead of prepackaged proprietary content. So... with that history, can we expect MS to say, "pah! Quantum Encryption? We have something better". They roll out their "anti-matter encryption with 1 gigqbit strength" and then they start having problems with crackers starting DoE (denial of existence) attacks on remote computers by causing anti-matter overloads. Several hundred thousand deaths later, they "innovate" their own approach to quantum encryption and "save the day". Of course after that all of reality melts away in a wash of windows logos when a quantum worm gets released and all those entangled quanta fizzle apart the space time continuum. So... did MS create the big bang meta-retroactively? ;P

uhh, silly /.!

[Lord Graga (696091)]

Those /. admins are getting lazy. They didn't even bother to decrypt the name of the person who added the article (192939495969798999) :P

Infrastructure for this?

[gravityZ (210748)]

Does anyone know what changes are needed to the current fibre infrastructure to support quantum encryption? can you hook two boxes up at either end of a random cable? what about repeaters, etc, interfering with the signal?

Illegal in US?

[raisedbyrobots (808710)]

Would the US government really allow a technology that it couldn't eavesdrop?

not a big deal

[eddeye (85134)]

Quantum "encryption" is for the most part useless. It's just another way to exchange symmetric keys. The advantages are purely information-theoretic; in the real world, classical methods are just as good and a whole lot cheaper.

It's like replacing a steel deadbolt with titanium, meanwhile the door is still wooden, the hinges are brass, and there's a large window right next to it.

The only uses are extremely high-value applications like banking and the military. Even then I'd spend my money elsewhere.

An impossible claim!

[GMFTatsujin (239569)]

I'd say "I'll believe it when I see it," but by seeing the quantum crytography in action, I'd be observing it, and, well...

Re:Impressive...

[watanabe (27967)]

hopefully the 'human' factor is addressed. You know, passwords like 'password' or the person's initials. The weakest link in the chain has always been the humans...well, save for that time in the 2001 movie, but I digress.

Actually, you have literally no idea of how a quantum encrypted network works. What's interesting about the quantum encrypted network is not whether it keeps password cracking from L33T hackers, but how it makes sniffing along the connection either impossible, or impossible without being noticeable, depending on the implementation.

You're both right

[Chagatai (524580)]

Actually, both you and the parent are correct. If someone was "eavesdropping" on the quantum network, yes, it would be impossible for them to do it or to do it without being noticed. But the parent is correct in that if the data being accessed on the remote network only requires a simple password, there would be a substantial weak point. Think of it this way: if someone were running a brute force attack on a password, it wouldn't matter if there was integrity on the network being used. The trick is to come up with a quantum "key" on each system that can do the purpose of authentication such that if someone tried looking at the key the other party would be alerted.

Re:100% secure?

[maxwell demon (590494)]

nothing is 100% secure.

Where do I get this nothing stuff?

Re:Yess!

[idontgno (624372)]

Quantum Encrypted Pr0n Surfing!

Hmm...Beyond the index page, Natalie Portman exists in a superposition of having and not having hot grits in her pants...until you click "ENTER"...

Re:No such thing...

[lukewarmfusion (726141)]

They know that. Of course, you're going to have to explain it to a client one day and realize that when the client hears "it's not 100% secure," they will start looking for something that is. When some PR guy comes along and claims it's 100% secure, we snicker and the PR guy wins the project and gets a Porsche.

I've spent a lot of time educating clients regarding the "nature of things" as you described. However, when the client isn't at that level of interest/ability to understand/etc., I simply say "SSL is the same level of encryption that banks and credit card companies rely on . Your data will be safe." Sometimes I also use the "it would take sixty million years or so to brute force the encryption. I doubt you'll be worried about your 2004 data in sixty million years."

Re:Live/Dead Cat Powered Router...

[maxwell demon (590494)]

Recall: The routers of type l/d cat XY have a defect which causes an uncertainty relation between destination IP and destination port. That is, if you know exactly to which IP the packet should be routed, the port is completely unknown and vice versa.

Re:What Every Teenager Wants

[crimethinker (721591)]

"What teenager is worried his parents are using a packet sniffer to monitor their his/her instant messaging? "

Mine.

Actually, my oldest is 9, so no teenagers yet. The kids' computer is connected to the home network, but blocked COLD at the router from ever touching the internet. No, they can't use mine because they don't know the 18-character password and I can type it in 1-2 seconds, so they won't be shoulder-surfing it either.

Some time in the future, when I allow internet access from that machine, there will be a sniffing process on a separate machine that has tamper indications. The sniffed data will be grepped for our street name, phone number, name of their school, words indicative of pr0n being sent/received, etc. and any match will trigger human review.

Don't flame me and say I'm invading their privacy. This is a duty that I owe to my daughters. Furthermore, I can decide that as their parent and until they are 18, their privacy goes out the window when safety is in question. If you heard a window break in your kid's room, a scream, and an unfamiliar voice, would you knock on the door first and say, "are you dressed? Can I come in?" or would you grab the shotgun and kick the door open immediately?

-paul

Re:What Every Teenager Wants

[HawkingMattress (588824)]

If you heard a window break in your kid's room, a scream, and an unfamiliar voice, would you knock on the door first and say, "are you dressed? Can I come in?" or would you grab the shotgun and kick the door open immediately?

I'd kick the door opened immediatly if i heard that. But i would not put a cam and mic in their room and monitor all their personnal activities just in case it can happen, which is exactly what you plan to do with your sniffer...

I think grepping for the house adress and phone, things like that is a good idea. Monitoring for porn or their personnal conversations is not. Did your mother search your whole room in every freaking corners every day to see if you hadn't hidden a porn book somewhere ? Would you have liked it ? If you had hidden one, and she had found and confiscated it, would that have helped you in any way in your life ?