Hackers Eavesdrop On Quantum Crypto With Lasers 161
Martin Hellman writes "According to an article in Nature magazine, quantum hackers have performed the first 'invisible' attack on two commercial quantum cryptographic systems. By using lasers on the systems — which use quantum states of light to encrypt information for transmission —' they have fully cracked their encryption keys, yet left no trace of the hack.'"
Re:pwned (Score:2, Interesting)
So, I guess the encryption system used here isn't really "quantum", since above doesn't apply, is it?
It seems that you could detect this (Score:3, Interesting)
Eve gets round this constraint by 'blinding' Bob's detector — shining a continuous, 1-milliwatt laser at it.
So Bob could just detect the blinding signal and stop transmitting.
Commercial Systems (Score:3, Interesting)
I was surprised to discover that there were commercial systems of quantum cryptography. Quantum cryptography is academic at this point. It is not as strong as old fashioned cryptography (like AES) and is much more expensive. Then I realized that there is no reason that someone can't use both. It would be pretty ridiculous if someone were using quantum cryptography as their only security, and not encrypting the data first with old fashioned cryptography.
Re:Commercial Systems (Score:4, Interesting)
Quantum cryptography is academic at this point. It is not as strong as old fashioned cryptography (like AES) and is much more expensive. Then I realized that there is no reason that someone can't use both.
Quantum crypto (at this point) is a key exchange mechanism. Thus, it doesn't compare to AES at all. You HAVE to use quantum crypto together with a classical exncryption algorithm. However, if you use quantom crypto you care about 100% theoretical security. Else you would simply use DH or any other well-known classical key exchange. And if you care about 100% theoretical security, there is no alternative to OTP.
Re:Commercial Systems (Score:4, Interesting)
Except that to be able to use quantum crypto at all, you need to provide a physical way to pass the quantum state. And with that requirement, why won't you just pass the key the good old fashioned way? Strictly more secure, and much cheaper.
More secure? Hardly. All you have to do is eavesdrop on the key exchange and you have the key. In a real world scenario, typically this means bribing a few security guards, breaking into one of the communicators' homes or offices and retrieving the key from their computer, or intercepting a message sent over a physical line, probably encrypted via a non-100%-reliable cryptographic system, with the (at least) theoretical possibility that the encryption on the key exchange can be broken.
In a properly implemented quantum crypto system, this is theoretically impossible: the key passes directly from one endpoint to the other, and any interference between the two is easily detectable. It isn't stored for longer than the message takes to be sent, so breaking in to retrieve it is impractical. Done properly, the quantum crypto system is as secure as it is possible to be. As it happens, the system here was not done properly; it failed to detect interference on the line (and as ability to detect interference is, essentially, the point of quantum crypto, this is bad news).
Re:pwned (Score:5, Interesting)
Well, there are several points here:
Re:Commercial Systems (Score:2, Interesting)
In a real world scenario, typically this means bribing a few security guards, breaking into one of the communicators' homes or offices and retrieving the key from their computer, or intercepting a message sent over a physical line
Using the old fashioned way, you divide the key into 5 or 6 pieces before it leaves the cryptosystem, you distribute responsibility of the pieces. The pieces are stored on devices, and given to guards.
The guards have physical possession of the devices, but not the PIN number for that piece.
None of the pieces assist in reassembling the key without all other pieces present.
Key pieces are not brought back together until brought to the destination system's crypto module.
Nothing other than dedicated crypto modules ever have access to the key for securing your initial key exchange, and these get kept locked up.
Security guards protect physical access to the communication endpoints, but do not possess the credentials to activate them; plus multiple combinations and keys are required to even open the safe with any hardware required for securing further key exchanges.
You can perform key rollovers whether you use quantum or traditional crypto. You transmit the new public key digitally signed with the old private key, over a message encrypted with the current session key.
Then you transmit the new symmetric key, encrypted with the peer's new public key, in a message encrypted with the current symmetric key.
If your adversary can compromise crypto equipment under high security, quantum crypto won't protect you.
The benefits of quantum crypto are mostly theoretical.
However, obviously someone believes the technology is more proven than it is, as they're trying to base commercial systems on the promise.
If they are relying on quantum key exchange as their only security of the key exchange, at this point, they are foolish.
Article Makes No Sense (Score:5, Interesting)
I've tried reading the actual journal paper, but unfortunately they just seem to handwave this problem away. Maybe there's a reason they can, but its sure as hell not explained as far as I can see unless they're assuming Eve has also compromised the classical channel as well as the quantum channel.
Re:pwned (Score:5, Interesting)
Re:Why 'hackers' and not 'researchers'? (Score:5, Interesting)
I'm not sure the manufacturers would approve the existence of our lab [iet.ntnu.no] if they could dictate it. Thankfully we are independent and need not seek their approval. The manufacturers did appreciate responsible disclosure, though. I don't know how this hacking affects their business in the short term (may as well be detrimental to sales), even though it is surely good for business in the long term as it leads to more secure systems.
Re:pwned (Score:3, Interesting)
This wouldn't even work if this quantum link weren't so simple. This system is at least as simple as a serial link, and what they've done is like unplugging that link from the intended recipient computer and plugging it into their own.
It looks like the only real security in the system 100% depended on MITMs being impossible - which is still true (from what I understand) - they've just diverted the traffic altogether rather than doing a MITM.
If there were any authentication involved or the data being sent was actually encrypted this would be a non-issue.