Slashdot Mirror
EU To Counter Echelon With Quantum Cryptography?
jfruhlinger writes "An article on Security.ITWorld.com seems to outline a coming information arms race. The European Union has decided to respond to the Echelon project by funding research into supposedly unbreakable quantum cryptography that will keep EU data out of Echelon's maw. Leaving aside the question of whether such a thing is possible, the political implications are troubling, indicating a widening rift within the Western world. Interestingly, the UK is part of the EU, but its intelligence services are among Echelon's sponsors."
One has to wonder why we call it Quantum Encryption when it really has nothing to do with Encryption. From the article:
The aim is to produce a communication system that cannot be intercepted by anyone
If I understand their intent, they plan to use concepts like Quantum Entanglement to ensure that communication is shared only between the entangled particles. This is a very different concept from using the properties of Quantum Mechanics to scramble information in a reversible manner or creating computers capable of super-fast calculations.
Javascript + Nintendo DSi = DSiCade
Sigh.. OK, it's a troll, but someone has to bite.
a. Quantum crypto is invulnerable to a monkey-in-the-middle attack. Poorly implemented SSL is vulnerable to MITM during key exchange.
2. It is widely accepted lore on the Internet, and strongly suspected by respectable people, that there exist quantum computing devices capable of factoring extremely large numbers. If this is true, any form of public-key crypto goes to shit.
iii. Part of the problem with cryptography is that it does nothing to hide the source and destination of the data exchange. In theory, a secure quantum crypto system can't be tapped in the first place, so in theory, sender and reciever are anyonymous.
IV. H.323 is for godless commies.
You're thinking of Navajo code. Should be enough to keep you busy reading for a while. :)
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Australia admitted the existence of Echelon, and it's part in the global surveilance network some years ago. The reason? The US demanded access to all data from Australia, whereas Australia wanted to remove the names of Australian citizens and businesses not under investigation. They would provide the details when asked, just not up front, to protect against the US using the info for corporate espionage. The Australians refused, the US said "Oh yeah, what are you gonna do?" and the Aussies responded, "Tell the world."
Here's a link, but you can google 'echelon australia' for more info
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Look, the fact is that even in the EU countries whose governments support the US, the majority of the electorate are against the US's mis-adventures in the middle east. Even in America the people are turning against the Iraqi war. No-one is lying - some governments in Europe are openly against the war, while others have obviously supported it.
The interesting thing is that the majority of people in all of these countries are against the Iraqi war.
Wikipedia has some interesting information on ECHELON .
Earlier, in World War I, the US Army utilized members of the Choctaw tribe as operators near the end of the war. This, however, was due to a decision in the field (a captain noted that he had several members of the tribe in his battalion), rather than a formal program.
It is an unequal relationship. Here in New Zealand, the supposed New Zealand intelligence agency which handles the local brance of the system, actually has a US flag in its building's entrance. It's actually part of the CIA.
It is also does not serve the interests of New Zealand, because they have intentionally failed to warn the NZ government of an impending terrorist strike because they supported the motivations of the terrorists.
I think they chose that particular language because it had unique properties that made de-cyphering the language almost impossible. I'm not sure if they applied any additional encryption
The Navajo Code Talkers. They didn't apply additional encryption per say but they had an interesting encoding scheme:
You can also assume that they encoded the messages using standard military/common-sense methods -- i.e: referring to waypoints on a map that your enemy doesn't have access to. If he knows that you are going to attack at "Point Echo" but he doesn't know where that is the information is of limited use to him -- by the time he figures out where Point Echo is the information is out of date and it doesn't matter that he knows it.
In any case the code talkers are an interesting (often ignored) fact of WW2, the recent movie notwithstanding. An interesting subject to read up on sometime.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
The weakness in current encryption/communications systems isn't in the encrypting algorithms, which have withstood the serious efforts of some top-flight mathematicians to bust them. Nor is it necessarily in traffic analysis; keep a line open and transmitting bits 24/7. Isn't hard to design the system so the intended recipient can tell when the "random" bits start a message. Nor is the weakness in key transmission, at least for governments: lots and lots of really long keys can be transported on CDs well in advance of need. The weakness remains where it has been in recent years, with the people using the system, and with keeping their computers out of unauthorized hands. Going to quantum methods doesn't change get around this weakness. From what I see, the benefit of quantum crypto is the ability to make message tampering evident.
While I'm sure it sounds well and good to a legislator in the EU when they hear about supposedly "unbreakable" quantum cryptography, this sounds like another case of someone mistaking it for some kind of panacea for eavesdropping.
Well, this is just wrong. QKD(Quantum Key Ditribution) isn't 'supposedly' unbreakable, it is unconditionally secure and as been proved so many times. I hate to use this argument, but it is true to some extend: you'd have to break the rules of nature to break it.
However to say that, you have ignore the fact that science changes and evolves(and the laws of nature to some extend), quantum mechanics is a recent science and changed the playing field a lot, so we could discover something new like that, but then you cannot hold that against QKD, as it affects everything.
The real truth of the matter is that, of course, quantum crypto is only effective at the line level, i.e. as soon as it leaves the medium it was transmitted on, the cryptographic effect is lost. So it's entirely impractical for anything but a point to point connection.
So are EVERY other encryption methods. As soon as you decrypt the message, it's in the clear. What's the big deal?
BTW, you DO NOT send the messages over a 'quantum line', like you seem to hint at. You send all communications over classical channels and use a classical algorithm: one-time pad. The quantum channel is only used to exchanged a randomly generated key that is as long as the message. This is why it's uncoditionally secure: the mix of the strengths of both classical and quantum mechanics in one solution.
Also, I don't think people realize how strong cryptography is today. There are cryptographic methods available to the public at large (such as RC5 and PGP) that are proven to require more computing power than is theoretically possible in the universe. Not just more computing power than is possible with current hardware, but the theoretical limits of computation given the entire resources of the universe. So really, it seems that a lot of ignorance is at play here, and I would hope someone clueful in the EU informs their EU government before they go off and waste a whole lot of taxpayer money on such a foolish project.
But then again, they ARE breakable, where QKD isn't. A quantum computer could decrypt those messages in a fraction of time that a classical computer takes. There are many great and much faster algorithms used for primality testing in quantum computing.
I do not believe increasing the size of the encryption key is the way to go in the long run. Doing this means you know there is a problem, but just try to patch it and patch it again.
Oh dear, fallen into own trap have you. PGP and the public key crypto it's based on is in no way proven to be hard or unbreakable. It is conjectured that factoring the private key (hence breaking the code) of RSA is NP hard, and hence would require more computing power than we can conceive to brute force a properly encrypted message. But no encryption method, other than one time pads has been proven to be secure.
Given superior mathematical theory and/or blind luck, someone such as Ms A Genius, aliens, the NSA or l33td00d386 may have already broken RSA, DSA, Elgamel and disporven General Relativity. They are all only theorems that have withstood public scrutiny and attack thus far, they've in no sense been proven, other than in practise, they're the best we (you and me) have so far.
When you're adversery is someone with the resources to run Echelon, a point to point, line level only, but intrinsically untappable, line from the embassy back to HQ might be a the only trustworthy option.
I agree. It ought to be called Quantum Intrusion Detection, because that's what it is. It doesn't encrypt, nor does it protect anybody from intercepting the message.
All it can do is tell you if your message is being intercepted. Now, this is useful information, since you might decide to quickly stop transmitting, and if you're fast enough on the draw and using conventional encryption on top of your Quantum Intrusion Detection, then you'll probably not give enough data to the intruder for them to feasibly decrypt anything.
But note that if you want the protection of encryption so the intruder doesn't get plaintext, you still need to use conventional encryption.
Also note that some wild-eyed Slashdot types who's understanding of technology is buzzword-deep sometimes make the claim that Quantum Computing might crack Quantum Encryption. Nope, because "Encryption" isn't. And the very nature of the Intrusion Detection is that you can't get around it, no matter how clever you are.
The worst part of this stupid naming is that some day we probably really will have some sort of encryption that uses QM, and then what we will call that?
Anyways, it is apparently far too late to do anything about this misnomer, but it's one of the most pernicious misnomers I've seen in modern times. Whoever named this technology should have their relevant degrees stripped.
Quantum intrusion detection ("cryptography" is a misnomer) doesn't have a key.
It's not the encryption per se that use quantum mechanics.
:
But the un-interceptable channel produced by quantum mechanics is used to exchange the encryption keys used in the encryption itself.
So, YES, the quantum mechanics are used in encryption.
Research is currently done on this subject here in switzerland
Principle
- according to quantum mechanics, you cannot split light in smaller element than photons.
- Quantum encryption transmits information (keys) using one single photon at a time (per bit of information).
- If any one attemps to steal the information, they'll "eat" the photon (no way to split photo. Either they go to receiver, or they go to the spy, they cannot go to both place at the same time), and the photon will be lost, just like it happens with other transmission errors.
- Using some error correction-like method both receiver and sender agrees which bits aren't lost and will be used.
- It doesn't matter whether the lost bit where lost due to poor quality of transmission or because of a spy listening : they won't be used any way.
- The "error correction-like" (= agreeing which photon they'll use) can be done on a basic non encrypted channel. Even if the spy get this information, it doesn't help him : because they'll agree on photon that arrived correctly, i.e.: photons the spy hasn't captured. All other photon he did manage to capture will be discarded.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Mrs Thatcher was distinctly anti-Euro, apart from free trade and good relations which follows the last referendum the UK had. It was the Major years (Maastricht treaty and in then out of the ERM) followed by Blair who pursued the closer ties.
Despite being promised a referendum on the EU constitution (which is a woeful hack of previous revisions), the British public hasn't been given a date on it... and the trust (read as 'lack of') I have in Blair is as such that he would do the referendum after the point of no return (sorry people if you voted 'no', it's too late now!).
I for one would like the closer ties with Europe (i.e. what we have now), but what is proposed I think is too much too soon... and there are too many problems which really need sorting first (red tape, beaurocracy, politicians voting in new laws when they have no clue as to what they are, etc etc). Added to that the majority of the British public need to know exactly what is going on, and what will happen before we're even semi happy with it.
I've always been of liberal views and what you would call a floating voter, but I wouldn't trust the Lib Dems (almost wanting to powershare with Labour, no real manifesto), I definately don't trust Blair.... but despite his previous convictions I think the Conservatives are in a much stronger position with Howard (especially regarding party unity).
Maybe the biggest problem that'll hit us in a couple of years is the national debt (where the conservatives saved a crap load of money by taxing the country half to death - mind Labour were happy to add to that) and the housing prices/issues, add to that the amount of money being literally thrown at the NHS is a nice little ticking time bomb that I'm not looking forward to going off.
Anyway, most opinion/info in this post is AFAIK and is open to correction/counter viewpoints... as they say (damn this zippy led US keyboard), just my 0.02 UK Sterling (yes I do know about character map, I just can't be arsed!).T-Kir
Are you local? There's nothing for you here!
Well, I won't say you're a troll, but probably missinformed.
Quantum cryptography has a cool name, but in practice, it sucks, at least its current implementations.
Ok, that's right. But it sucks not because it's flawed, but because it's too slow to communicate with yet(well, to create the key actually).
It's not end-to-end by design (you can't have a direct fiber to everyone you want to communicate with these days, after all), and so it's easily regulated.
More current implementations use 'wireless' quantum channels in open air, so it isn't restricted to fiber only. I agree that you won't have consumer implementation before at least 8-10 years, but if a big corporation or government wants to use it, they will be able to in the near future.
It's expensive.
Sure. Is there a new technology that isn't expensive? Is that incentive enough to stop developing new ideas and such? No.
It doesn't solve key management problems, and the installations that have been publicly described so far are extremely vulnerable to man-in-the-middle attacks.
WOAH! Until then it was ok, just some argumentation problems, but this is pure outright missinformation. I don't know where you read that, I'd like to know.
First, Quantum Key Distribution is there to SOLVE key management problems related to one-time pad methods. The first and foremost goal of quantum encryption is to remove the logistic problems of one-time pad. So, you are wayyy off on this one.
Second, QKD is unconditionally secure, and that includes man-in-the-middle. I doubt current implementation are "extremely vulnerable" against that attack, unless you have some proof to show, I'd be interested to know.
If I believed in conspiracy theories, I'd say that the NSA is luring the EU towards unavailable and untested quantum cryptography, and away from commercially available, tested, reliable and rather secure conventional crypto products. Actually, the quantum crypto recommendation (whether it's contained in some EU documents or not) is the result of a pretty slick PR (and lobbying) campaign.
Well, I can't argue about tin-foiled hat arguments, hehe. The problem with conventional crypto methods is that they are breakable in the absolute, and the Echelon program is certainly the one who is able to achieve this feat. QKD isn't. This is the main point in favor of QKD, especially when you want to protect yourself against Echelon.
There are two fantastic well-researched books that anyone who wishes to truely understand Echelon needs to read:
Body of Secrets: Anatomy of the Ultra-Secret National Security Agency" by James Bamford is a fantastic history of the NSA from the end of WWII to the present. If you read this book you will see that the idea that the NSA is spying on UN delegations is really a given...in fact one of the primary reasons the US wanted the UN to locate in NYC is to allow easy interception of diplomatic communications. This author uncovered many amazing Cold War programs and anticdotes and presents them in fascinating form.
The second book is "Blind Mans Bluff: The Untold Story of American Submarine Espionage"
by Sherry Sontag, another fantastic book of solid research and good story telling, a large amount of it revolving around underwater communication wiretap activities. The special mission nuclear submarine SSN-21 USS Jimmy Carter is out there specially equipped for undersea cable tapping operations and receiving commendations in the tradition of the Cold War era USS Halibut.
Whatever you think of the ethics of these issues, the technology and history is amazing, and the capabilities do exist and are fairly well documented. If you read these two books, and have the technological understanding to extrapolate a bit, you can get a pretty good picture of current capabilities and the culture of how these collection assets are being used. One thing you will find that they are not being used without limits and elements of responsibility, although there are cases (like the Boeing/Airbus bidding incident) where they have been abused.
-braddock gaskill
If I remember the story correctly, Navajo demands very precise pronunciation and accents. getting the nuances just right is supposed to be next to impossible right for a non-native speaker.
So, even if a few Japanese operators did learn Navajo, they wouldn't be able to spoof their way onto the network. Kinda like trying to read the state of a photon without blowing the secret, maybe.
Throw in the fact that the Japanese probably didn't care at all about the various tribes, even if they did know what a Navajo was, and you have a tough nut to crack. The war didn't last long enough for them to adapt.
I remember watching some TV special about the code talkers, and one of the old guys was practically laughing when he was telling his story. Good stuff.
Why do I have this? I don't smoke.
Apples and oranges, unless I missed the part where half the UK was recently repatriated after decades of Communist rule and mismanagement. On second thought....
Remember, there are two major systems for doing public key crypto. The idea is to take a problem that is incredibly easy to do one way (make the public key from the private), but very difficult to do the reverse of. Factoring large numbers is a great example (and is what RSA uses). It's easy to multiply two large primes, but much more difficult to factor the product back into the original two primes. If there were a computer which could do this quickly, RSA would be effectively useless.
There is also the discrete log problem, which is what DSA uses. I don't pretend to be a cryptographer, or even know really what the discrete log problem involves (no google links please, I have all the info I need on it if I were really interested), but I do know that it is very easy to do one way, but very hard to do the other! Exactly what you need for public key crypto. Now, if we have a theoretical computer which can break this in reasonable time, DSA becomes worthless. However, there are definately other ways of doing public key crypto than the factoring problem.
Also, another interesting things about quantum crypto (of course, quantum crypto is largely theoretical at this point, so this is not guaranteed in real world implementations) is that both ends KNOW if the datastream has been intercepted. Not just if it's been modified (we can be reasonably sure of that right now using good hashing algorithms for signatures), but if it has mearly been intercepted. This is quite handy because now you know immediately if you need to somehow change things since your data is even POSSIBLY compromised. Really cool stuff.
I must reiterate, IANAC (cryptographer).
A couple of other points:
WWI: the US army joined battle in full force only in July 1918. That's right, in a four year war they fought for *FOUR MONTHS*!!! No wonder the other allies wanted to tell Wilson to get stuffed.
WWII: after the fall of France, the US ambassador to Britain, Joseph Kennedy (JFK's dad) was telling all and sundry that Britain didn't have a chance of hanging on. Meanwhile US arms manufacturers were making a fortune as the British Empire went massively into debt (this was before Lend-Lease).
Me? I'm an Australian. We were in both wars from the word go...
History has long shown that any 'unbreakable' system other than a one time pad eventually succumbs to cryptanalysis. Vignere ciphers, considered unbreakable when they were devised back in I think around the 17th century offer almost no protection these days to a trained cryptanalyst with nothing more than a pad of paper and some pencils, computers need not be involved.
The reason is because any system eventually shows inherent weaknesses. Just because the weaknesses of RC5 or RSA (a critical part of PGP) have not been exposed there is no reason to assume they do not exist. The idea that it will require more computing power than the 'theoretical limits of computation given the entire resources of the universe' only assumes a brute force attack on the ciphertext, however practically nothing has ever been deciphered through brute force methods.
Finally, given that it is theoretically possible for any encipherment system to be broken when they are broken many, many times those who have broken the system do not publish it. After all, if it is made apparent that a system has been broken then people will stop using that system and you will be back to having to break their encipherment all over again. Assuming that the NSA has not successfully found weaknesses in PGP and other big encipherment systems just because they have not published this is not neccessary a safe assumption. However, it is unlikely that they will reveal that they have cracked these 'secure' systems just to tell the world the contents of your email to your girlfriend.
This is not to say that the NSA -has- successfully cracked these methods. Simply that people who feel they are completely secure and that their messages will stay safe forever may find themselves in for a rude shock one morning.
"The Sword and the Shield: The Mitrokhin Archive and the Secret History of the KGB" is an excellent book detailing the KGB side of espionage. The co-author was a KGB agent for 40 years in charge of archiving the documents of the Foreign Intelligence Directorate. He defected in 1992 bringings 10,000+ pages of documents with him. The book details Soviet intelligence operations from the revolution through the Gorbechev era and it quite stunning in the depth and expertise of the Soviet intelligence system. And some humor too. For example, they were estimating 2 billion rubles a year were being pumped into their economy through industrial espionage but had to tiptoe around when asked to explain to their superiors why the "superior" Soviet economic system couldn't keep up with the West.
"Trying is only the first step towards failure." - Homer
You are entirely correct in the purpose of QKD. However,
is quite incorrect.
First off, nothing is unconditionally secure. If you believe something to be unconditionally secure, you should put your wallet back right now and cool off. And furthermore, without additional protocols in the classical channel, QKD is vulnerable to man-in-the-middle attacks. The attacker must first snag both classical and quantum channels, but then [s]he can pretend to Bob to Alice and Alice to Bob. Nothing prevents this within a straight QKD system. Now, it's fairly obvious, and therefore has likely already been taken care of using classical crypto, but it's a problem of striaght QKD. Additionally, if there is ever more than one photon generated, then that bit can be undetectably eavesdropped.
Again incorrect. The one-time pad has, iirc, been proven unbreakable; you just have a key management issue to be settled. That and many classical crypto systems aren't "breakable in the absolute," merely theoretically breakable if certain problems become Easy.
--
Given enough personal experience, all stereotypes are shallow.
This site purports to give an overview. I don't know much of anything about quantum physics, so I can't really summarize it. I didn't really even read it, though it looks okay. ;-)
> employment rates within the UK and the rest of Europe (3% vs 12% approx)
Those numbers are - frankly - nonsense. The real rate is 8.8% in the Euro zone vs. 4.7% in the UK (as of Jan 2004 - http://www.oecd.org/dataoecd/41/13/18595359.pdf).
That's still a very large difference - and kudos to the UK for being on the good side of it - but you've inflated the unemployment difference between Britain and the rest of Europe by a factor of two, making it a pretty poor approximation.
"And yet you look at the employment rates within the UK and the rest of Europe (3% vs 12% approx)"
Where did you get those numbers? According to this week's Economist, the rate is 4.7% in Britain and 8.8% in the Euro area. The UK rate is still extremely low, but not as exaggerated as you stated.
I realize this was a joke, etc. but if realistically, it would be your friends in China who would be in trouble in this scenario.
Encryption is illegal in China, and its use is guaranteed to at least provoke interest by authorities. This is why stegonagraphy has proved to be popular among human rights and anti-Chinese government groups.
$45 per U Colocation Special
Leaving aside the question of whether such a thing is possible
Possible? It has been done.
I think the poster is confusing using quantum codes (first demostrated in 1991, currently commercially available) with breaking codes with quantum computers (still hugely theoretical).
This side up.
It's a complicated matter. The EU parliament is a directly elected body where the number of representatives for every country is according to the size of that country. The council is a group of ministers where each country has a pre-defined voting weight, also roughly based on size.
The council also appoints the commission, which tends to make the executive decisions, rather than the legislative, but doesn't seem to have a clearly defined job, and so gets its hands into a lot of stuff.
Only parliament is directly elected. The council represents the national voting results in each country, but few people take EU policy into account when they cast a vote, so I have my doubts on how democratic the council is. The commission, being appointed by the council for 5 years, could hardly be called anything close to democratic. Anyway, it's apparent the EU has a long slog towards real democratic representation ahead.
And no, the system never was and never will be that every country has one vote.
Funny, but sadly not true ;>m
http://www.snopes.com/humor/jokes/moonshot.ht