Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Working, Quantum-Encrypted Intranet

Posted by timothy on from the it's-the-new-tin-can-and-string dept.

192939495969798999 writes "This article points out how BBN, developers of ARPANET, have actually created a quantum-encrypted intranet that serves pages to a small group of research scientists. I firmly believe this is as significant as the very first internet transmission some years back. If the technology is working and 100% secure, how long until it makes its way at least into government websites? This might be the end of the hacked by Chinese index pages!" Reader Kent adds "A New York based company, MagiQ Technologies, has begun selling units for commercial use while a group in Europe recently made the first quantum encrypted bank transaction in Vienna, Austria - April 2004. But the Boston network - though limited to three locations - is believed to be the first Internet-integrated system that runs continuously between multiple distant locations."

33 of 305 comments (clear)

  1. common logical fallacy by Anonymous Coward · · Score: 5, Insightful
    If the technology is working and 100% secure, how long until it makes its way at least into government websites? This might be the end of the hacked by Chinese index pages!

    Just because a computer uses encryption, doesn't mean that it is unhackable.

    1. Re:common logical fallacy by Anonymous Coward · · Score: 3, Insightful
      The question isn't if quantam encryption is unhackable. The question is if a computer that uses quantum encryption magically loses all of the flaws in the rest of the software (httpd/kernel/etc) on the machine. The answer to that is no.

      Encryption is often sold like this. I remember watching an interview with a salesman for a voting machine company. When asked if the voting machine had security problems, his response was that it used unbreakable encryption. So what does that mean? Nothing at all. Just because it uses unbreakable encryption (for what I can't even guess) doesn't mean that a single person can't vote twice, just for example.

    2. Re:common logical fallacy by ssewell · · Score: 3, Insightful

      Either way, this is referring to encrypted *transport*, which in no way prevents a machine from being compromised.

      Although, validating the authenticity of the source of data using these means could potential reduce script kiddies (think non-reputability)

    3. Re:common logical fallacy by Haertchen · · Score: 3, Insightful

      The encryption technology is based on science that was developed very early in quantum theory, namely the uncertainty principle. Basically this says that there are some features of a system you cannot simultaneously know-if you measure one, the other is uncertain, and if you then measure the other, the original quantity has been scrambled. The fact that this is true can and has been measured experimentally. Repeated measurements have been made on a simple, uncoupled system, and the results of traditional quantum mechanics have been verified in great detail. More complicated theories have been based off of these assumptions, which predict such things as the behavior of electrons in computer chips, and most of these theories match reality better than anything anyone has come up with.

      One could possibly argue that quantum mechanics always gives the correct answer, but there must be more information hidden away somewhere that we just can't get at. Unfortunately, it is not difficult to prove that any hidden values will produce some experimental results different from quantem theories, and all the experiments have indicated that quantum theory is the correct one. (This results from Bell's inequality, an idea which has spawned more philosophy about physics than any other idea I've seen.) So modern scientists have good reason to think quantum theory, at least the part used for encryption, is excellent for these uses.

      Before you start bashing quantum theory, remember that physicists, especially experimental physicists, don't really want to make the world more complicated than they have to. They've accepted quantum theory because it's better than anything anyone has has come up with.

    4. Re:common logical fallacy by Thomas+Shaddack · · Score: 2, Insightful
      Even if the computer is unhackable - the operators probably aren't.

      The biggest vulnerabilities are usually located between the chairs and the keyboards.

  2. 100% secure? by Anonymous Coward · · Score: 2, Insightful
    If the technology is working and 100% secure, how long until it makes its way at least into government websites?
    nothing is 100% secure.
  3. Encryption != Security by leerpm · · Score: 4, Insightful

    If the technology is working and 100% secure, how long until it makes its way at least into government websites? This might be the end of the hacked by Chinese index pages!"

    Just because the network and all of the transmissions are encrypted, doesn't mean the server is secure. Having IIS running HTTPS exclusively doesn't mean you don't have to patch it.

  4. What?! by Manip · · Score: 5, Insightful

    How will this stop worms or web-sites getting 'hacked'? It isn't even designed to! It is designed to stop sniffing or the modification of data while it is on the pipe. I think the poster needs get a clue.

  5. Re:Impressive... by watanabe · · Score: 5, Insightful
    hopefully the 'human' factor is addressed. You know, passwords like 'password' or the person's initials. The weakest link in the chain has always been the humans...well, save for that time in the 2001 movie, but I digress.


    Actually, you have literally no idea of how a quantum encrypted network works. What's interesting about the quantum encrypted network is not whether it keeps password cracking from L33T hackers, but how it makes sniffing along the connection either impossible, or impossible without being noticeable, depending on the implementation.

  6. 100% secure? by jstave · · Score: 3, Insightful

    The article didn't say "100% secure", and with good reason (IMO). Historically, that "100% secure" claim hasn't panned out. Sooner or later, some obnoxious killjoy always seems to come along and break the encryption.

  7. what does this have to do with hacking websites. by Anonymous Coward · · Score: 3, Insightful

    Just becuase the transmisions are quantum encrypted doesn't meen the sites won't be hacked. Websites are hacked becuase their admins don't applly patches and use crappy passwords, not becuase their ssl encryption isn't strong enough.

  8. Depends on implementation? by evslin · · Score: 3, Insightful

    We all read the the story about the Lexar Jump drive and how 256-bit AES encryption doesn't match up to the fact that the passwords weren't being encoded in a very secure manner.

    I would seriously hope that if this new encryption scheme goes anywhere the people that implement it have the common sense to lock it down tight. Otherwise those HACKED BY CHINESE pages aren't going anywhere anytime soon.

  9. QC is not an encryption tech by po8 · · Score: 4, Insightful

    This might be the end of the hacked by Chinese index pages!

    Uh, no. Quantum communication is not magic. (OK, maybe, but not that kind of magic.) What it is, is perfectly secure against physical eavesdropping. An attacker can't "tap the wire", as it were. The name "quantum encryption" is something of a misnomer, though: this technology is just a communication channel, albeit an uber-cool one.

    1. Re:QC is not an encryption tech by geomon · · Score: 2, Insightful

      "What it is, is perfectly secure against physical eavesdropping."

      Don't you mean "theoretically perfect"?

      Observe! Invocation of the Patriot Act!

      All transport layers are now visible.

      --
      "Rocky Rococo, at your cervix!"
    2. Re:QC is not an encryption tech by Florian+Weimer · · Score: 2, Insightful

      It's only safe against some physical attacks. Man-in-the-middle attacks are still possible because the quantum key distribution protocols offer only very weak authentication of the communication partners. When telling secrets, you want to ensure that there are no eavesdroppers AND that you are talking to the right person.

      The trouble with quantum crypto networks right now is that you either need a fully meshed network (unrealistic for most applications), or the encryption can't be end-to-end (and your favorite three letter agency can eavesdrop at the relay stations). Quantum cryptography is a poor choice compared to proven cryptosystems if you are after actual security (and not some PR or research funding).

    3. Re:QC is not an encryption tech by po8 · · Score: 2, Insightful

      AFAIK (I am not a quantum cryptographer by trade, but I have degrees in physics and computer science), a quantum channel is secure against MIM attacks. You can make the probability that you are talking to an endpoint with the shared secret arbitrarily close to 1 by exchanging a series of authentication bits. (Or are you referring to the fact that you may leak a few bits before the MIM is caught? I think conventional crypto and unicity distance makes this not an effective attack in practice.)

      This is why you need a full mesh to provide a secure network. This is indeed unrealistic for applications with very many nodes involved, limiting the use of quantum channels.

      They're still really cool, though.

  10. Re:FP? by Anonymous Coward · · Score: 3, Insightful

    I do not think it is BS. I think you need to do some more research on the subject.

  11. Re:Excellent .. by Anonymous Coward · · Score: 3, Insightful

    "fluent in Hindi and willing to relocate" would impress far more employers.

  12. Re:No such thing... by lukewarmfusion · · Score: 4, Insightful

    They know that. Of course, you're going to have to explain it to a client one day and realize that when the client hears "it's not 100% secure," they will start looking for something that is. When some PR guy comes along and claims it's 100% secure, we snicker and the PR guy wins the project and gets a Porsche.

    I've spent a lot of time educating clients regarding the "nature of things" as you described. However, when the client isn't at that level of interest/ability to understand/etc., I simply say "SSL is the same level of encryption that banks and credit card companies rely on . Your data will be safe." Sometimes I also use the "it would take sixty million years or so to brute force the encryption. I doubt you'll be worried about your 2004 data in sixty million years."

  13. Infrastructure for this? by gravityZ · · Score: 5, Insightful

    Does anyone know what changes are needed to the current fibre infrastructure to support quantum encryption? can you hook two boxes up at either end of a random cable? what about repeaters, etc, interfering with the signal?

  14. And you are? by Erwos · · Score: 2, Insightful

    "I firmly believe this is as significant as the very first internet transmission some years back."

    I love it when /. submitters include their "expert opinion" on such matters. Who the hell are you? Maybe if Bruce was giving out such praise, it'd be worth mentioning.

    Sorry, personal gripe.

    -Erwos

    --
    Plausible conjecture should not be misrepresented as proof positive.
  15. Re:FP? by mhesseltine · · Score: 3, Insightful
    it's the key to the encryption that they have to make sure isn't tampered with or eavesdropped on. say the key is 100 bits long. after the transmission of the key, the sender and reciever compare, say, 50 of these bits publicly. if the receiver's bits are different than the sender's they know someone has tampered with it (since any measurement by an outsider will alter the state) and they throw that key away. if they are exactly the same, they know no one listened in and they can use the other 50 bits as the actual key. they send the encrypted data only after they are sure no one else has the key.

    This raises a question for me; if I (a theoretical man-in-the-middle bad guy) know of a quantum-encrypted channel that is being used, for example, by banks, what prevents me from tapping the wire, disrupting the quantum state, and forcing another attempt at transmission? Couldn't a man-in-the-middle become a denial-of-service between two parties by never allowing them to secure a line in the first place?

    --
    Overrated / Underrated : Moderation :: Anonymous Coward : Posting
  16. Re:No such thing... by J+Mack+Daddy · · Score: 2, Insightful

    Depends on your definition of 'usable' and your definition of 'secure'. For example, a message that is encrypted with a one-time pad is absolutely 100% safe from an attacker in the information-theoretical sense. And given enough care it is possible to do this in the real world. So in this sense, this is both 100% secure AND usable.

    --

    Jiggity

  17. You're both right by Chagatai · · Score: 3, Insightful
    Actually, both you and the parent are correct. If someone was "eavesdropping" on the quantum network, yes, it would be impossible for them to do it or to do it without being noticed. But the parent is correct in that if the data being accessed on the remote network only requires a simple password, there would be a substantial weak point. Think of it this way: if someone were running a brute force attack on a password, it wouldn't matter if there was integrity on the network being used. The trick is to come up with a quantum "key" on each system that can do the purpose of authentication such that if someone tried looking at the key the other party would be alerted.

    --
    --Chag
  18. Re:FP? by BondHeadGuy · · Score: 4, Insightful

    Well, yes, but it's like exception handling vs. error codes: using exceptions doesn't get rid of the error handling problem, but at least they ensure that things can't fail silently. Presumably the two parties do not want to use the line at all if it has been tapped. Better a DOS than a leak of confidential information.

  19. Re:FP? by Retric · · Score: 2, Insightful

    Sorry but that's wrong.
    I can still use a man in the middle attack I just need to intercept both transmistions.

    AKA you send 100 bits I tell you the 50 bit's I saw mean while I send you 100 bits and you tell me the 50 bits you saw. Then I send data back and forth while keeping a copy of everything or even changing the data sent to each person. You say move 100,000$ from act 100 to 123 and I tell them move 100,000$ from act 100 to 437. And then send you the ack signal on the transfer while spoofing it so you think everything is OK.

    But thanks for playing.

  20. Re:FP? by Retric · · Score: 1, Insightful

    Sorry that's the idea but I can still use a man in the middle attack I just need to intercept both transmistions. AKA you send me 100 bits I tell you the 50 bit's I saw mean while I send sam 100 bits and sam tells me the 50 bits sam saw. Then I send data from you to sam and back while keeping a copy of everything or even changing the data sent to each person. Sam says move 100,000$ from act 100 to 123 and I tell you move 100,000$ from act 100 to 437. And then send sam the ack signal on the transfer while spoofing it so sam thinks everything is OK.

  21. Overkill? by nurb432 · · Score: 2, Insightful

    Isnt this a bit overkill? We dont need *everythig* encrypted..

    Besides, if its decryptable, its breakable. May not be worth the time/cost to read the average Joe's email, but if you belive you are 100% safe, you are a fool..

    --
    ---- Booth was a patriot ----
  22. Re:FP? by NoData · · Score: 4, Insightful

    I have a question regarding this. It sounds like quantum encryption requires a direct optical connection between the sender and receiver. Is it theoretically possible make it "routable?" That is to say, would it be usable in the post office type model the internet uses, where packets have to be inspected (and, thus presumably destroying the message in a quantum transmission) to determine where they're going, or would a completely new model need to be developed?

  23. let me help you understand by 192939495969798999 · · Score: 2, Insightful

    If tampering can be detected, then the HTML page mangling can be prevented by ensuring that only trusted parties can change the site, right?

    You SECURE the server using the new encryption, and then it's much harder to hack. Encryption definitely doesn't EQUAL security, but great encryption can lead to great security if you implement it correctly.

    --
    stuff |
  24. Re:FP? by stevelinton · · Score: 3, Insightful

    Sure. A pair of scissors will do this perfectly. A man-in-the-middle can always deny service.

  25. Re:Illegal in US? by sexylicious · · Score: 2, Insightful

    Yes. But it would put a lot of resources into ways of breaking it.

  26. Re:What Every Teenager Wants by HawkingMattress · · Score: 3, Insightful

    If you heard a window break in your kid's room, a scream, and an unfamiliar voice, would you knock on the door first and say, "are you dressed? Can I come in?" or would you grab the shotgun and kick the door open immediately?

    I'd kick the door opened immediatly if i heard that. But i would not put a cam and mic in their room and monitor all their personnal activities just in case it can happen, which is exactly what you plan to do with your sniffer...

    I think grepping for the house adress and phone, things like that is a good idea. Monitoring for porn or their personnal conversations is not. Did your mother search your whole room in every freaking corners every day to see if you hadn't hidden a porn book somewhere ? Would you have liked it ? If you had hidden one, and she had found and confiscated it, would that have helped you in any way in your life ?