I consider myself a fairly sharp guy. I’ve made a living off of being a scientist for over 20 years now, and I have at least a passing knowledge of most scientific fields outside my area. But I feel like I should be able to do something other than babble incoherently when asked about magnets. They baffle me – there, I said it. So what do I do about it? Write a Hackaday post, naturally – chances are I’m not the only one with cryptomagnetonescience, even if I just made that term up. Maybe if we walk through the basics together, it’ll do us both some good understanding this fundamental and mysterious force of nature.
Quantum cryptography is an emerging field, but low install base hasn’t kept researchers from exploring attacks against it. It’s an attractive technology because an attacker sniffing the key exchange changes the quantum state of the photons involved. All eavesdroppers can be detected because of this fundamental principal of quantum mechanics.
We’ve seen theoretical side-channel attacks on the hardware being used, but had yet to see an in-band attack until now. [Vadim Makarov] from the University of Science and Technology in Trondheim has done exactly that. Quantum key distribution systems are designed to cope with noise and [Makarov] has taken advantage of this. The attack works by firing a bright flash of light at all the detectors in the system. This raises the amount of light necessary for a reading to register. The attacker then sends the photon they want detected, which has enough energy to be read by the intended detector, but not enough for the others. Since it doesn’t clear the threshold, the detectors don’t throw any exceptions. The attacker could sniff the entire key and replay it undetected.
This is a very interesting attack since it’s legitimate eavesdropping of the key. It will probably be mitigated using better monitoring of power fluctuations at the detectors.
Defcon keeps announcing more and more interesting events for next week’s conference. A free workshop is planned for the soon to be released DAVIX live CD. DAVIX is a collection of tools for data analysis and visualization. They’ll be running through a few example packet dumps to demonstrate how the tools can help you make sense of it all. [Thomas Wilhelm] will be driving out from Colorado Springs in his Mobile Hacker Space. He’s giving a talk Sunday, but will be giving presentations a few hours every day at the van. Some researchers from NIST will be setting up a four node quantum network and demonstrating some of the possible vulnerabilities in the system. Finally, as part of an EFF fundraiser, Defcon will feature a Firearms Training Simulator. Conference attendees will participate in drills designed to improve their speed, accuracy, and decision making skills.