In The May 2005 Issue of CSO

Quantum Physics to the Rescue

Cryptographic systems can be cracked. And people make mistakes. Take those two factors out of the equation, and you have quantum cryptography and a new way to protect your data.

By Simson Garfinkel

Most modern crypto-graphic techniques ultimately stand on some pretty weak assumptions. The popular RSA public-key encryption algorithm gets its strength from the difficulty of factoring large numbers. But if a government or criminal organization has a mathematician who figures out how to factor large numbers quickly and efficiently, then much of the information that's encrypted on today's Internet—and almost everywhere else—will suddenly become vulnerable to eavesdropping and wiretapping. CSOs need to understand that today's cryptographic systems, which protect information moving over networks, are vulnerable to human error and attack. But there's something you can do about it. A new kind of cryptography based on quantum physics is now ready for serious consideration.

The problem with RSA is that these systems typically need some kind of public-key infrastructure for key management. And doing key management securely is really difficult.

It turns out that there are only two encryption techniques that are provably unbreakable. The first technique, called a one-time pad, uses an encryption key that is as long as the message you are trying to encrypt. Such systems don't work well in practice: It's just too easy to make a mistake and reuse a part of the encryption key. The key also has to be completely random and you need to distribute the key, which you can do only with a physical courier. Make sure he has a gun.

The second kind of secure encryption is based on quantum physics. Called quantum cryptography, such systems have been the gist of academic conferences and physics journals since the basic scheme was invented by IBM in 1984. Quantum cryptography has also been a running joke among some security pundits, who say the system is so secure nobody needs it—conventional cryptography is strong enough because cryptography is never the weakest link in the chain.

But wait! Now there's a real-live quantum cryptography system that you can purchase for about $70,000. It provides absolutely unbreakable security for any fiber link you want—provided that the link you need to secure is no more than 120 kilometers long—and the system is astoundingly easy to set up and administer. That's because unlike virtual private networks, or VPNs, which are based on conventional cryptography, quantum cryptography doesn't require you to create keys and keep them secret, and there's no need to distribute certificates. The system makes its own keys automatically. They're absolutely random, and they change a dozen times every second.

I recently had a chance to visit the labs of MagiQ Technologies, the company that's commercializing this technology. MagiQ's system uses quantum cryptography to transfer encryption keys from a sender, which the company affectionately calls "Alice," to a receiver, which the company calls "Bob." Once Alice and Bob have used quantum cryptography to get that secret encryption key across the link, those keys are used to encrypt standard TCP/IP or UDP/IP packets sent across a single-mode optical fiber. MagiQ calls this approach quantum key distribution (QKD), and they call the resulting VPN a quantum private network, or QPN.

It's important to realize that the MagiQ system is not a pure solution: The keys generated using the quantum physics are used, in turn, to drive a conventional encryption system based on the advanced encryption standard (AES). But many mathematicians feel more comfortable with the security that's provided by AES, which is a symmetric cipher, than by the security that's offered by public-key algorithms like RSA. Besides, conventional VPN systems use AES as well. The real beauty of the MagiQ system is that you don't need RSA.

The problem with RSA is that these systems typically need some kind of public-key infrastructure (PKI) for key management, and doing key management in a secure manner is really difficult. In order to be secure, the private keys in a PKI must be kept secret. But that's tricky, because keys also need to be used frequently. For example, Web servers typically keep their private keys in a file; if somebody breaks into the Web server and steals that file, then all of the encrypted information that the Web server sent over the Internet can now be decrypted. If an attacker manages to steal the key from your organization's certificate server, he can now impersonate anyone within your entire organization.

QKD eliminates these vulnerabilities by eliminating the long-lived private keys. Here's how it works. In the MagiQ system, Alice and Bob are actually a pair of 40-pound "4u" boxes that fit in standard 19-inch racks connected by a strand of single-mode "dark fiber." Alice encodes each photon with a 1 or a 0 and sends them, one at a time, over the fiber to Bob. At the other end of the fiber, Bob is waiting with a special optical package that can detect a single photon and read back the bit. Most of the time, Bob is unable to make out the message that Alice has sent, but on perhaps one out of every 1,000 photons, Bob figures it out. Over another wavelength, Bob tells Alice which photons he got, and then the two systems use the 1s and 0s that were encoded on those photons as their cryptographic key.

The security of this system comes from the Heisenberg Uncertainty Principle, which says it is impossible to measure fundamental properties of single particles without affecting those particles at the same time. Because each bit is sent on a single photon, if someone is sniffing the network to intercept those photons, the photons will be changed in the process—and Bob won't get the message that Alice was trying to send.

The reason that Heisenberg doesn't protect today's wireless networks is that they send each bit of information on trillions upon trillions of photons. Some of those photons go from the access point to your laptop's wireless card, some of them get absorbed in your eyeballs and some of them go to the attacker's sniffer across the street. Heisenberg affects each one of those photons, of course, but because there are so many to go around, everybody gets their crack at your data.

So who needs quantum cryptography? One obvious customer is all of the financial institutions crowded into Lower Manhattan, says Mike LaGasse, MagiQ's vice president of engineering. These companies typically have offices in New York City, data centers across the river in New Jersey, and rented dark fiber connecting the two. The problem with this dark fiber is that it typically runs through junction boxes that are located in the basements of the buildings—sometimes in a location that's controlled by a direct competitor. Companies rely on strong encryption to protect the information that's moving over these fibers. The problem, of course, is that there is no way for the companies to know if their keys have been compromised. It's the sort of thing that should keep a CSO up late at night.

MagiQ's boxes are ideal for organizations that have a large campus and a lot of sensitive information—for example, a military base, an airport or a large commercial campus. These organizations typically have lots of fiber, lots of random people walking around, and lots of insiders who could be blackmailed into revealing secret keys, given the right incentives. With QPN there's nothing to reveal.

Of course, QKD can't really provide unbreakable security because the MagiQ boxes are not the only component on your network. A well-funded and sufficiently motivated attacker could try to intercept your data before it goes into the QPN or when it comes out on the other end. There's also a chance that MagiQ has some sort of flaw in its encryption devices—probably not in the quantum or the optical system but perhaps in the design of the packet encryptor that runs the QPN. And there's a chance that the box might have some kind of radio emanations that reveal the raw, unencrypted data to an attacker who has a good radio and directional antenna.

To address these kinds of concerns, MagiQ is in the process of applying for federal certification of its project. Once the certification has been awarded, MagiQ will submit its device for evaluation. And the next generation of the company's devices will use standard IPsec protocols. Steps like these go a long way toward addressing concerns that security experts might have with the part of the system that doesn't rely on physics for its security.

If the MagiQ boxes are reliable, if they integrate well into existing networks, if they really are easy to manage, and if the company gets its certifications in place, then there is no reason why a CSO wouldn't want to consider this approach to secure high-speed corporate links—especially those that go over the public fiber infrastructure. QKD could be just the thing for encrypting transmissions between a bank's headquarters and its data center—or for encrypting that link between the data center and a backup location. On the other hand, I don't think that we'll ever see quantum cryptography going to the desktop. But, who knows? "Ever" is a long time.

Simson Garfinkel, CISSP, is a technology writer based in the Boston area. He can be reached via e-mail at machineshop@cxo.com.

ILLUSTRATION OF SUNFLOWER BY JOHN WEBER

The amount of resources that would be required to decipher this would be so large that John Q. Criminal would not find the investment worthwhile.

Government funds (taxpayers funds) would be required to finance the capability, if I have understood this theory correctly.

And at a cost of $70,000 currently, this technology will be safe for some time to come (no guess on my part as to how long due to the vast changes in tech during the last five years alone).

Bernard Haas
Print