Qkd

Several fields of quantum research have made their transition from research labs into commercial products, accompanied by grandiose claims. Are they as good as they say? We need people like Dr. Sarah Kaiser to independently test those claims, looking for flaws in implementation. At the 2019 Hackaday Superconference she shared her research on attacking commercially available quantum key distribution (QKD) hardware.

Don’t be scared away when you see the term “quantum” in the title. Her talk is very easy to follow along, requiring almost no prior knowledge of quantum research terminology. In fact, that’s the point. Dr. Kaiser’s personal ambition is to make quantum computing an inviting and accessible topic for everyone, not just elite cliques of researchers in ivory towers. You should hear her out in the video below, and by following along with the presentation slide deck (.PPTX).

Quantum Key Distribution

So why is QKD is so enticing? Unlike existing methods, the theoretical foundation is secure against any attacker constrained by the speed of light and the laws of physics.

Generally speaking, if your attacker is not bound by those things, we have a much bigger problem.

But as we know well, there’s always a difference between the theoretical foundation and the actual implementation of cryptography. That difference is where exploits like side-channel attacks thrive, so she started investigating components of a laser QKD system.

As a self-professed “Crazy Laser Lady”, part of this investigation examined how components held up to big lasers delivering power far outside normal operating range. This turned up exciting effects like a fiber fuse (~17:30 in the video) which is actually a plasma fire propagating through the fiber optic. It looks cool, but it’s destructive and useless for covert attacks. More productive results came when lasers were used to carefully degrade select components to make the system vulnerable.

If you want to learn more from Dr. Kaiser about quantum key distribution, she has a book chapter on the topic. (Free online access available, but with limitations.) This is not the first attempt to hack quantum key distribution, and we doubt it would be the last. Every generation of products will improve tolerance to attacks, and we’ll need researchers like our Crazy Laser Lady to find the reality behind advertised claims.

Continue reading “Burning Things With Big Lasers In The Name Of Security” →

Quantum cryptography is an emerging field, but low install base hasn’t kept researchers from exploring attacks against it. It’s an attractive technology because an attacker sniffing the key exchange changes the quantum state of the photons involved. All eavesdroppers can be detected because of this fundamental principal of quantum mechanics.

We’ve seen theoretical side-channel attacks on the hardware being used, but had yet to see an in-band attack until now. [Vadim Makarov] from the University of Science and Technology in Trondheim has done exactly that (Internet Archive). Quantum key distribution systems are designed to cope with noise and [Makarov] has taken advantage of this. The attack works by firing a bright flash of light at all the detectors in the system. This raises the amount of light necessary for a reading to register. The attacker then sends the photon they want detected, which has enough energy to be read by the intended detector, but not enough for the others. Since it doesn’t clear the threshold, the detectors don’t throw any exceptions. The attacker could sniff the entire key and replay it undetected.

This is a very interesting attack since it’s legitimate eavesdropping of the key. It will probably be mitigated using better monitoring of power fluctuations at the detectors.

[via I)ruid]