Feeds

Quantum crypto boffins in successful backdoor sniff

Erroneous error-handling undermines bulletproofness

The essential guide to IT transformation

Computer scientists have pulled off what is claimed to be the first successful attack against a commercial system based on theoretically uncrackable quantum cryptography.

Quantum key exchange, which forms the basis of quantum cryptography, relies on a principle of quantum physics that means it is not possible to eavesdrop on single quanta - generally photons in an optical fibre - without changing their state. Alterations would be detected as errors, immediately alerting the intended recipient of a key that there's a problem. When properly implemented, quantum key distribution/exchange offers bullet-proof security.

In practice, however, it is not possible to completely eliminate errors in electronic communications because of factors such as noise and signal degradation. So practical systems accept key exchanges where the error rate is less than 20 per cent.

Feihu Xu, Bing Qi and Hoi-Kwong Lo at the University of Toronto in Canada have developed a subtle "intercept and resend attack" where they eavesdrop on some of the quantum bits sent during a quantum key exchange but not so many as push the error rate over the 20 per sent threshold. The boffins demonstrated such a "phase remapping" attack against commercial quantum cryptography systems from ID Quantique.

As the boffins explain, their attack takes advantage of the mistaken assumption that the sender can prepare the required quantum states without errors.

The ID Quantique system is not broken, they say, but requires tweaking to get over the unsafe assumption that error rates of less than 20 per cent must be due to noise and can be safely disregarded. The attack, as is so often the case in the history of the battle between code makers and code breakers, is an implementation weakness rather than a systemic one.

The work of the Canadian team follows lab-based attacks on quantum crypto set-ups that relied on exploiting internal reflections in kit that generates quantum bits, or the interception of stray photons between detectors and lasers to eavesdrop on supposedly secure communications channels. The Canadian team's paper, Experimental demonstration of phase-remapping attack in a practical quantum key distribution system, can be found here.

A summary of their work can be found in a story by Technology Review here. ®

5 things you didn’t know about cloud backup

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.