Why quantum cryptography is gaining interest


from The Age:

Christine Evans-Pughe
October 27, 2008
Icon

Quantum physics may come to the rescue of consumers - by using photons as a security key to beat bank card fraud. Christine Evans-Pughe reports.

If fraudsters copy the numbers from your bank debit or credit cards, there's little to stop them going on a shopping spree online. This kind of fraud - known as card-not-present - is a growing problem.

It could also be one of the first consumer applications to use quantum key distribution.

Quantum key distribution - or QKD - exploits the quantum mechanical properties of light particles (photons) to generate secret keys (strings of random numbers) that can be shared between two parties (for example, you and your bank) and used to encrypt data to safeguard it from snoopers.

Typically, QKD systems transmit a stream of differently oriented photons to represent 1s and 0s through an optical fibre or a free-space link. The snooper-proofing is intrinsic due to the fragility of quantum states: if you try to measure them they collapse, which is a marker for tampering, alerting the legitimate users to the presence of an eavesdropper.

Using quantum keys to encrypt data is, for now, of interest only to banks, governments and defence organisations, which might need to move lots of confidential information securely between sites.

But a recent demonstration in Vienna took the technology to a different level by integrating QKD into a standard communications network.

The event displayed VoIP, videoconferencing and web services that have been encrypted with constantly refreshed quantum keys.

It also included a prototype solution to card-not-present fraud, developed by Professor John Rarity from the University of Bristol and Hewlett-Packard Research Labs. The idea is that we would fill up our mobile phones or similar handheld devices with secrets (random strings of digits) at a quantum ATM. During online transactions, we would gradually consume this personal stash of secrets to encrypt information, such as our PIN, or to authenticate ourselves.

Hewlett-Packard's Tim Spiller says: "The quantum part gives you the promise that when you've topped up your secrets, only you and your service provider own this particular random digit string.

"If you're doing an internet transaction, you send the merchant however many secret bits [are] deemed to be secure. The merchant sends them on to Visa, say, who checks they're OK and if so, authenticates the transaction."

The Vienna event was the culmination of a four-year EU project called SECOQC (Secure Communication based on Quantum Cryptography) to bring QKD technology to the mainstream. The project partners - who are now defining a European technical standard - include Siemens, Toshiba, Hewlett-Packard, iD Quantique, the Thales Group and QinetiQ, as well as leading quantum scientists.

For the demo, Siemens installed seven quantum key links into a standard metropolitan fibre-optic communications network that runs around Vienna and connects several of its sites. The network had run successfully in test mode for several weeks now, according to Wolfgang Richter of Siemens.

Quantum keys won't be able to encrypt data traffic in real-world networks until standards have been finalised.

However, project leader Christian Monyk is optimistic, saying it could be produced in six months.

When, or if, consumers enter the picture is difficult to predict. Rarity and HP's technology is "on the banks' radars", according to Spiller. But the attraction of their system is that it's potentially very cheap.

HP's vision is that mobile phones could easily include half a short-range QKD system (which it says could be built from some standard LEDs and a low-cost integrated optical circuit).

"Getting that into the market would depend on demand but five years is reasonable," Spiller says.

Meanwhile, quantum cryptography is gaining interest. Last year, iD Quantique's simple point-to-point quantum key distribution technology was used to guarantee the security of votes cast in Geneva during the Swiss general election.

The defence and security company QinetiQ has been doing trials in London with network operator AboveNet, which provides fibre-optic connections for businesses. "We've done some experiments sending polarised photons through part of their network," says Dr Brian Lowans of QinetiQ. "We didn't have any hiccups."

The Guardian

No comments:

Post a Comment