Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Quantum key 'blinding' hack deeply flawed, say researchers

Cambridge team unpicks Norwegian attack

Article comments

The ‘blinding’ hack of quantum key distribution (QKD) systems publicised by Norwegian researchers earlier this year was based on a seriously flawed setup of the equipment being eavesdropped upon, scientists at Toshiba’s Cambridge Research Labs have said.

In a paper published in Nature Photonics, the Toshiba team, led by prominent quantum cryptography physicist Dr Andrew Shields, demolish the basis of an attack that caused awkward headlines for a technology designed to secure military and government communications backed with the absolute certainty of quantum physics.

According to the paper, the QKD test system used by the Norwegian University of Science and Technology to demonstrate the avalanche photo diode (APD) ‘blinding’ attack scenario turns out to have included an unnecessary biasing resistor that would not normally be used.

Without this component, the attack fails. Although the test QKD system was a commercial system, in the view of Shields’ team, the majority of commercial QKD systems using ‘gated Geiger mode’ APD designs would not include this element.

The team further notes that the ‘discrimination levels’ – the sensitivity of the APD to the photons being sent to it – was set to an unusually high level of senstivity which runs counter to a standard setup.

Even if either or both of these elements were accepted, the attack could anyway be detected by simply monitoring the photocurrent levels emerging from the SPD.

“We found the detector blinding attack to be completely ineffective,” said Shields, who oversaw lab testing of the Norwegian attack scenario. “QKD is secure but you have to operate the equipment in the right way.”

In his view, the Norwegian system was most likely a “toy” research setup that did not parallel how QKD technology would be used in real installations, describing it as a “soft target” that allowed for hacking by making engineering assumptions.

Shields agreed that attacks, however theoretical, were important for stress-testing the engineering assumptions that underlie QKD, but remained confident that current designs were up to the security uses to which they were being put.

Earlier in 2010, a separate QKD if hard-to-quantify hack was demonstrated by a team at the University of Toronto.

A more lateral challenge might in fact turn out to be the possibility of tampering with equipment rather than direct eavesdropping. This is the vulnerability of all systems that use highly secure transmission technology must face up to, namely the possibility that they might be misconfigured or interfered with by trusted staff.

As this week’s Wikileaks cable leak shows, the ‘hacker within’ remains an issue that no organisation can easily dismiss as fanciful.

A separate challenge for QKD remains that of bitrates and distance, which remains in the region of 1Mbit/s at best over fibre distances of 50km. The Toshiba Cambridge Research Labs has previously set world records in this type of QKD advance.




Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *