This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

A quantum leap for security

Share this article:

Big advances mean that quantum encryption may soon be ready to safeguard the most valuable assets of government and industry. John Edwards explains the science.

While classical cryptography relies on maths and technology to protect messages, quantum cryptography (QC) draws on the laws of physics. At its heart, QC takes advantage of the Heisenberg uncertainty principle, which states that the very act of observing a particle disturbs its state; more specifically, under certain conditions, the measurement of one property (such as position) destroys all information about the related property (such as momentum). When applied to data-bearing photons travelling across a network, measuring an aspect such as polarisation destroys the photon itself.

While QC has existed as a concept since at least the mid-1980s, practical applications remain sparse. Yet as researchers work to create the tools necessary to make it a useful business tool, the likelihood increases that QC will become, if not an everyday communications security technology, at least one that is available to those organisations that need it the most, including banks and the military.

Only a few years ago, QC was the domain of basic research labs at universities, but things have changed. It has evolved beyond the fundamental investigation stage and been picked up by research teams with a practical goal: to develop a technology that can be applied to real-world security needs. A fundamental component necessary for QC to become a practical reality is a reliable high-speed switch. At Chicago's Northwestern University, researchers are working on a switching device that aims to take quantum communication – and encryption – to a new level. They claim that their technology can route quantum bits (entangled particles of light) at high speeds along a fibre-optic cable without losing their embedded information. The switch promises to achieve at least two IT security goals: a ‘quantum internet', in which encrypted data would be fully secure; and the seamless networking of super-fast quantum computers.

Into the mainstream
The new switch would allow a data transport platform, such as a fibre-optic infrastructure, to be shared among many users of quantum information. Such a system could route a quantum bit, such as a photon, to its final destination just as an email is routed across the internet.

“The goal is to bring quantum communications into the mainstream,” says Prem Kumar, the Northwestern professor leading the project. “We work in fibre optics so that, as quantum communication matures, it can be easily integrated into the telecommunication infrastructure.”

What makes a quantum bit, or qubit, so attractive is the fact that, as well as being a standard one or zero, it can also be both numbers simultaneously when two or more qubits at different locations are entangled – a mysterious connection that is not possible with ordinary bits. This can only happen, however, with the correct infrastructure in place to transport the qubits – hence the work on that switch.

To demonstrate their switch, researchers first produced pairs of entangled photons using another device developed by Kumar, called an Entangled Photon Source. ‘Entangled' means that some physical characteristic (such as polarisation, as used in 3D TV) of each pair of photons emitted by this device are inextricably linked. If one photon assumes one state, its mate assumes a corresponding state; this remains the case even if the two photons are hundreds of kilometres apart.

The researchers used pairs of polarisation-entangled photons emitted into standard telecom-grade fibre; one photon was transmitted through the all-optical switch. Using single-photon detectors, the researchers found that the quantum state of the pair of photons was not disturbed; the encoded entanglement information was intact.

“Quantum communication can achieve things that are not possible with classical communication,” explains Kumar. “This switch opens new doors for many applications, including distributed quantum processing where nodes of small-scale quantum processors are connected via quantum communication links.”

A necessary part of any long-distance fibre-optic, quantum-encrypted network is a signal amplifying repeater. At the Georgia Institute of Technology in Atlanta, physicists are developing a more secure way to send such information across large distances, using existing cables and the application of quantum mechanics. Alex Kuzmich and colleagues have built a critical component of a quantum repeater. It is similar to a transformer on a traditional power line; instead of converting electricity, however, it regenerates a communication signal to prevent it from degrading over distance. It contains two banks of memory – one to receive an entangled message and another to copy it.

Previously, the longest distance over which an encrypted key could be sent was approximately 100 kilometres. The technology developed by the Georgia team increases by 30-fold the amount of time the memory can hold information, which means that series of these devices – arrayed like Christmas lights on a string – could reach distances of up to 1,000 kilometres, or more.

“This is another significant step toward improving quantum information systems based on neutral atoms. For quantum repeaters, most of the basic steps have now been made, but achieving the final benchmarks required for an operating system will require intensive optical engineering efforts,” Kuzmich says.

Their repeater also converts the photons used in quantum devices to a much greater infrared wavelength. This wavelength is used in traditional telecommunications lines, so the new device could some day plug into existing fibre-optic cables. “In order to preserve the quantum entanglement, we perform conversion at very high efficiency and with low noise,” says Alexander Radnaev, one of the Georgia boffins.

Before QC can become an everyday security tool, however, potential adopters must have confidence that the technology itself is secure and reliable. To this end, researchers at the Norwegian University of Science and Technology, and at Germany's University of Erlangen-Nürnberg and the Max Planck Institute for the Science of Light, have developed a technique of exploiting imperfections in QC systems to implement an attack.

While QC security is based on only the laws of quantum physics, it is also, like any other security technology, dependent on the absence of loopholes in specific implementations. “QC, if it is ever to live up to its potential, must be properly implemented,” states one of the German researchers, Gerd Leuchs. “This fact has been typically overlooked.”

Last August, the Norwegian and German eggheads discovered a technique that could be used to remotely control a key component of most of today's QC systems – the photon detector. “Most importantly, this attack is implementable with current off-the-shelf components,” says Vadim Makarov, one of the Norse wizards. The researchers' eavesdropping method worked both against MagiQ Technology's QPN 5505 and ID Quantique Clavis2, a pair of commercial quantum encryption systems.

The researchers are continuing their investigation by testing security aspects of QC solutions from ID Quantique. The latter's chief executive, Grégoire Ribordy, says: “Testing is a necessary step to validate a new security technology, and the fact that this process is applied to QC is a sign of the technology's maturity.”

In Australia, at the University of New South Wales, telecommunications researcher Robert Malaney has developed a process described as “unconditional location verification”.  This quantum encryption approach aims to ensure that even if a password has fallen into the wrong hands, a secure message can be seen by a recipient only at an agreed geographic point.

Industry applications
Malaney says quantum communications already allow unbreakable encryption, but security can now be further enhanced using unconditional location verification. “This takes communications security to a level that hasn't previously been available,” he says. “With this process you can send data to a person at a particular location. If they are not at that location, the process would detect it and you can stop the communication.”

He adds: “This is a new application that you can deploy on current and emerging quantum networks. It opens up a range of information security applications for both fibre and wireless communication networks. There would be many industries and organisations, banks, for example, that would be interested in delivering information in the sure knowledge that a recipient is at an agreed-upon location.”

The concept also has potential applications in the state intelligence arena, as well as ecommerce and digital content distribution.

The system works by sending paired qubits, which have been manipulated to contain specific quantum information, over a fibre-optic or wireless network to a recipient. The recipient must send a return message, using information from the decoded qubits, to a number of reference points in order to open up a secure channel. Because quantum networks operate at the speed of light and quantum information cannot be copied, the time to return the message can be accurately measured, ensuring that it has come from the agreed place.

Quantum cryptography is developing fast – and although it has a long way to go, it does promise to give network security professionals a powerful new tool to work with.

Share this article:

Sign up to our newsletters

More in Features

ICYMI: Shellshock attacks, cyber Armageddon and unpredictable hackers

ICYMI: Shellshock attacks, cyber Armageddon and unpredictable hackers

This week's In Case You Missed It column looks at the first attacks resulting from the Bash/Shellshock bug, claims of cyber Armageddon and unpredictable hackers.



This week's In Case You Missed It (ICYMI), China's industrial spying; US extra-territorial claims; SANS event; Card hacks increase; Malvertsing growth; staff data-theft criminal; Biometric smartphones up tenfold; Celebgate hits ...

Cloud computing hit by 'Celebgate'

Cloud computing hit by 'Celebgate'

Enterprises are questioning their cloud strategy after Apple's iCloud service was implicated in the leak of nude celebrity photos. But should one bad Apple spoil the bunch?