Quantum cryptography is an emerging field, but low install base hasn’t kept researchers from exploring attacks against it. It’s an attractive technology because an attacker sniffing the key exchange changes the quantum state of the photons involved. All eavesdroppers can be detected because of this fundamental principal of quantum mechanics.
We’ve seen theoretical side-channel attacks on the hardware being used, but had yet to see an in-band attack until now. [Vadim Makarov] from the University of Science and Technology in Trondheim has done exactly that (Internet Archive). Quantum key distribution systems are designed to cope with noise and [Makarov] has taken advantage of this. The attack works by firing a bright flash of light at all the detectors in the system. This raises the amount of light necessary for a reading to register. The attacker then sends the photon they want detected, which has enough energy to be read by the intended detector, but not enough for the others. Since it doesn’t clear the threshold, the detectors don’t throw any exceptions. The attacker could sniff the entire key and replay it undetected.
This is a very interesting attack since it’s legitimate eavesdropping of the key. It will probably be mitigated using better monitoring of power fluctuations at the detectors.
[via I)ruid]
I lost my photon, I send it and it newer returned back :(
funny thing.. Just the other day I was watching a program on Discovery channel about hackers and they mentioned quantum cryptography. the scientist/techie being interviewed about it made a grand statement about how it could not be hacked, since the by observing the photon, it would be altered.
hehehhe.. soooo funny how many times someone has made such a statement, only to have it proven wrong by the march of progress/hackers.
no one will ever need more than 256k of ram.
Ingenious. I’m very impressed.
I’ll admit that like most people my experience with this tech is non-existent, however I think I see a few other ways to attack along this vector.
The idea of this tech becoming widespread freaks me out and makes me excited all at the same time. Think DRM on your internet connection.
Just a slight correction to the article. It’s called The University of _Trondheim_.
It’s the university in TRONDHEIM, NORWAY. Not trodheim…
Just a typo I guess, but I’m mentioning it so you can fix it…
I remember when the authors of PGP said their encryption couldn’t be hacked but someone found a way to do it. Granted it’s ubber hard, but it could be done.
And I agree, no one needs more than 256k of ram! :-)
Not the technology got hacked (Heisenberg is still ruling) but an obviously weak implementation of it. Cudos to the hacker!
@phil @maneuver fixed. Thank you.
@ragnar
Will it be possible to make an implementation that is uncrackable?
Something tells me that Heisenberg’s law makes it impossible to do…
It would be uncrackable if you could use only one photon at a time. At the moment you have to use a pack of photons, because (useable) detectors aren’t sensitive enough to just recogonise one photon. In addition, they use the quantum encryption just for key exchange, the actual data is encrypted with e.g. AES and the like, for speed reasons. That might be a problem in future, as it adds possible attacks (as does every additional step).