Researchers of the Quantum Hacking group at the Norwegian University of Science and Technology (NTNU), and the Centre for Quantum Technologies at the National University of Singapore have devised a way to circumvent security key codes which are vital to secure data transmissions.They have created- ‘Eve’ which is code breaking parlance for ‘eavesdropper’.
The researchers have used Eve to crack a type of coded communication thought to have been impossible to break, called quantum key distribution (QKD).
QKD is not an encryption algorithm itself, but a means of securely sharing the cryptographic keys used by sender and recipient to encrypt and decrypt messages.
These pre-agreed ciphers are frequently handed out over fibre optic connections, but being digital files, they could theoretically be intercepted and copied on the way.
QKD exploits a key principle in quantum physics – namely that you can’t measure or examine individual photons of light without altering their state.
When a user wants to exchange a secret key using QKD, they first send a message in specially coded photons to the other user. If an eavesdropper tries to intercept this, they destroy some information – and the communicators know someone is monitoring their communication.
The technique is so effective that it has attracted substantial investment from e-business, banking and defence.
Rather than reinventing science, Eve simply tricks the system by sitting between sender and receiver and intercepts the key, something that would normally be detected.
However, Eve dazzles the receiver’s detector with a laser so it can’t see individual photons. This allows her to send a faked copy of the photon message.
“We just use bright light. And the detectors do the same thing our eyes do – they’re blinded,” said Dr Makarov.
However, the sensors remain responsive to strong light. “If we now send a bright flash at them, they think they’re seeing a single photon,” said Dr Makarov. Eve uses these flashes to duplicate the photon message to the unsuspecting receiver.
Toshiba has since demonstrated how to repel the blinding attack, and QKD manufacturers have incorporated the improved design into their machines.
Yet Dr Makarov thinks that Toshiba’s update ignores wider vulnerabilities. “They made a fix which makes our crack ineffective. But there are other methods that can control detectors, even when patched,” he said.
Despite this, commercial QKD manufacturers – like Swiss firm ID Quantique – claim to ‘redefine security’ with their expensive products.
How do they react when researchers like Dr Makarov tip them off about new problems, and force hasty improvements to their designs?