Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Supposedly ultra-secure quantum cryptography systems aren't so secure

Add to del.icio.us     Digg this story Digg this

September 1, 2010

Click here to order the best dedicated server and at a great price.

Security researchers using various hardware hacking techniques have discovered new generic flaws in supposedly ultra-secure quantum cryptography systems that were said to be 'hacker-proof' and now have the IT and Internet security community up in arms.

At the very heart of the problem, the basic security of quantum cryptography relies on using the fundamental properties of quantum physics for quantum key exchange. Any attempts to monitor this exchange would inevitably be detected as increased noise on the line and an abandoned data exchange.

That principle still remains solid and the attack, like others before it, relies on exploiting implementation flaws that may or may not work, depending in the particular way they are initiated by the potential attacker.

However, this particular crypto-busting technique, which uses off-the-shelf but expensive hardware, relies on remotely manipulating a photon detector at the receiver's end of a supposedly secure link.

Complex and commercial systems from MagiQ Technology's QPN 5505 and ID Quantique Clavis 2 systems were demonstrated yesterday as potentially vulnerable by a team of Internet security professionals and various computer scientists from Norway and Germany.

Researchers from Norwegian University of Science and Technology (NTNU), the University of Erlangen-Nürnberg and the Max Planck Institute for the Science of Light in Erlangen are working with manufacturers to develop countermeasures.

The critical security flaw - which relies on especially tailored bright illumination - is likely to be common in most QKD systems using avalanche photodiodes to detect single photons, the researchers warn.

Dr Vadim Makarov, a researcher in the Quantum Hacking group at NTNU says “Unlike previously published attempts, this particular attack is implementable with current off-the-shelf hardware components. Our eavesdropping method worked both against MagiQ Technology's QPN 5505 and ID Quantique Clavis2 systems, which is particularly disturbing to us in terms of security.”

The successful hacking attempt pulled off by the team is complex and might involve an initial outlay of about $50,000 or more, potentially within the reach of industrial spies and certainly in the scope of government intelligence agencies like the CIA and the KGB, however.

Quantum key distribution systems became commercially available in 2004 and 2005 and are used for the secure exchange of highly sensitive material by banks and governments, so a major up-front investment in equipment, hardware, software and overall expertise is certainly the case here if someone is serious about this.

The security researchers have published their preliminary findings in a letter to the August 29 edition of academic journal Nature Photonics.

Add to del.icio.us     Digg this story Digg this

Source: The Norwegian University of Science and Technology.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.


You can link to the Internet Security web site as much as you like.


| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer






Get your Linux or Windows dedicated server today.