Quantum key security hacked for first time

Researchers show weakess in commercial system

An important weakness has been discovered in the technology of quantum key distribution (QKD), which is increasingly being used by military and government to secure sensitive communications.

Researchers at the University of Toronto have successfully attacked a QKD system from Swiss company, id Quantique, the first time an attack on a commercial system using the technology has been demonstrated.

The highly-theoretical attack was based on disproving assumptions about the levels of errors which can be taken by either the sender (Alice) or receiver (Bob) to be indicative that the key data has been compromised by a third party (Eve).

The security principle of QKD is the impossibility of a simple intercept-and-resend attack being hidden from sender or receiving parties, normally taken to a quantum bit error rate (QBER) of 20 percent or greater becoming apparent in the signal, a figure that takes account of a degree of 'noise'.

However, the Toronto team were able to manipulate the amount of noise created by the sender (Alice) by shifting the time delay between the reference and signal pulses, simulating an apparent error rate of only 19.7 percent. This would strike the QKD system as within normal thresholds, allowing the attacker (Eve) to hide the interception of keys.

Dr Andrew Shields of Toshiba's Cambridge Research Labs, a prominent developer of QKD technology, described the research paper by the Toronto team as "ingenious" but was confident that modifications could take account of its method.

"Properly implemented quantum cryptography is still unconditionally secure," said Shields. "It does show, however, that we have to construct quantum cryptography systems in a way that it is not possible for Eve to exploit the differences between theory and reality."

He suggested that a redesigned QKD system should monitor the time delay between photonic pulses to detect such an attack.

Earlier this month, Dr Shields' team announed that it had distributed QKD keys at a bitrate of 1Mbit/s over 50Km distance for a period of 24 hours without the need for intervention, a breakthrough in making the technology usable by non-experts.

Despite the appearance of first-generation commercial systems, the technology is still seen as in its early stages and as being lab-bound.

The full paper by researchers Hoi-Kwong Lo, Feihu Xu, and Bing Qi can be downloaded from the website of the Deptartment of Physics and Deptartment of Electrical and Computer Engineering at the University of Toronto.

This story, "Quantum key security hacked for first time" was originally published by Techworld.com.

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies