Feeds

Quantum crypto experts dispute potency of 'blinding' hack

Boffin DEATHMATCH

The Essential Guide to IT Transformation

A dispute has emerged between experts in quantum cryptography over the effectiveness of a recently discovered attack that takes advantage of implementation flaws in high-security key exchange systems.

A paper published in September's Nature Photonics explained how the avalanche photo-detectors used in some commercial quantum cryptography rigs might be blinded, essentially causing equipment to go wrong without generating an error indicating that a key exchange might have been compromised. The ruse – akin in very simplistic terms to bright light in a guard's face so he doesn't see someone sneaking past him – might allow an eavesdropper to gain at least snippets of a secret encryption key being exchanged over a supposedly super-secure link.

Commercial systems from MagiQ Technology and ID Quantique were demonstrated as potentially vulnerable by a team from the Norwegian University of Science and Technology (NTNU), the University of Erlangen-Nürnberg and the Max Planck Institute for the Science of Light in Erlangen. The attack relied on the use of off-the-shelf commercial, albeit expensive ($50K), kit. The German and Norwegian computer scientists worked with manufacturers to address and develop countermeasures against the attack, which involved subverting the link error compensation features necessary to getting practical systems to work.

A follow-up paper in December's Nature Photonicsby scientists at Toshiba’s Cambridge Research Laboratory concluded the attack would fail to work against properly operated single photon detectors. Straightforward adaptations on potentially vulnerable avalanche photo-detector systems would also blunt the attack.

That, or so we thought, was that.

However, since publishing a story about Toshiba's follow-up research, a member of the original team of quantum-crypto boffins has been in touch to dispute Toshiba's conclusions.

Vadim Makarov, a researcher in the Quantum Hacking group at NTNU, said the Norwegian / German team have published three variations of their original attack (including an after-gate attack, a thermal binding attack and a sinkhole attack), which might work against Toshiba's kit.

However Andrew Shields, assistant managing director at Toshiba Research Europe, has turned down requests from the Norwegian / German team to test the revised attack on their kit, according to Makarov.

"These three attacks are variations of the attack we published in Nature Photonics," Makarov told El Reg. "Two of these three will probably work perfectly on Shield's 'hack-proofed' detector (I wanted to come to his lab with our equipment and test this but was not given a chance). Shields is aware of these attacks yet he carefully avoids to mention them when he brags about his 'easy fix' to the detector."

The German / Norwegian team have published a detailed response to Toshiba's paper here, discussing the possible remaining vulnerabilities in Toshiba's "hack-proofed" detector.

We asked Toshiba for a response to Makarov's contention that a variant of the original attack might be successful. In a statement, Shields said the after-gate attack and sinkhole discussed by the Norwegian / German team would also be ineffective against a properly operated system.

We always welcome feedback in this area, as it helps to uncover any security loopholes and to devise appropriate countermeasures. However, when we repeated the Trondheim group’s tests, exactly as they described, their results could only recreated if the detector was set up incorrectly. In particular, we could only get the attack to work if there was a large resistor in series with the avalanche photodiode and if the discriminator level was set to a very high (and inappropriate) level.

Another known attack on QKD systems is called the ‘after-gate attack’. This involves Eve blocking the signals from Alice and then sending bright pulses after the avalanche photodiode (APD) gate when the APD is in linear mode. This attack is not a detector blinding attack, but seeks to exploit a potential deficiency in the QKD system, rather than the detector. However this attack does not work on our QKD system, because Bob only accepts detection events that occur during the detector gate and rejects all those after the detector gate.  Furthermore, Bob only modulates the arriving photon during the duration of the detector gate which also renders the attack ineffective. The attack also does not work because the bright pulses create afterpulse noise resulting in a very high error rate, altering Alice and Bob to the attack.

Only if the detector can be ‘blinded’ (and we have proven that it cannot be blinded, provided it is operated correctly) is it possible to avoid this telltale noise. Thus the after-gate attack does not work. The thermal blinding and sinkhole attacks are also ineffective on our system.  We are happy to test any other attack that is proposed, as testing and improvement is a crucial element to the continued development of QKD systems. Indeed it is a central element to the work we are doing with European Telecommunications Standards Institute (ETSI) on the standardisation of QKD.

We sense this may not be the final word on the difference of opinion and that Makarov will only be satisfied if he is allowed to test the effectiveness of the revised attack himself. Failing that, perhaps a light-sabre battle might provide satisfaction. The dispute does involve extremely clever people expert with the intricacies of lasers and quantum physics, after all.

Leaving aside questions about their potency, the detector blinding attack or its variants are not the first implementation weakness to be discovered in quantum cryptography systems, which find a place in high value banking and government communications. All parties agree that the theoretical basis of these systems is rock solid - it's just real life and engineering difficulties getting in the way of absolute security. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.