February 11, 2014

Perfectly securing critical infrastructure: the dream will soon come true?

BY :     February 11, 2014

1983_ipliThe current cryptographic protocols like RSA which are used in multiple use cases are highly secured, but not perfectly secured. The security level of such a system relies on one key remaining secret, and its secrecy depends on the length of the key itself, in order to be quite impossible to discover by today’s computing systems. But it is a question of time: as the power of the computer increases, the length of cryptographic keys will increase.

So, one of the dreams for security experts is the creation of a quantum internet that allows perfectly secure communication based on the powerful laws of quantum mechanics. The basic idea here is that the act of measuring a quantum object, such as a photon, always changes it. So any attempt to hack, a quantum message can be detected by the receiver. That allows anybody to send a “one-time pad” over a quantum network which can then be used for secure communication using conventional communication.

This technique already exists: quantum cryptographic is actually a fairly straightforward technique for any decent quantum optics lab. Indeed, a US company called ID Quantique  already sells an off-the-shelf system that has begun to attract banks and other organisations interested in perfect security.

These systems have an important limitation, however. The current generation of quantum cryptography systems are point-to-point connections over a single length of optic fibre; they can send secure messages from A to B but cannot route this information onwards to C, D, E or F without changing it. Not really a great fun in the internet age!

Various research teams are racing to develop quantum routers that will fix this problem by managing quantum messages without destroying them, implementing true perfect security, but these solutions are far away from commercial reality.

Los Alamos National Labs in New Mexico took a different way to (nearly) solve the problem. Their approach is to create a quantum network based around a hub and spoke-type network. All messages get routed from any point in the network to another via this central hub. The idea is that messages to the hub rely on the usual level of quantum security. Once at the hub, they are converted to conventional classical bits and then reconverted into quantum bits to be sent on the second leg of their journey.

So as long as the hub is secure, then the network should also be secure. It is not yet the security “paradise”, but we are close to it.

The big advantage of this system is that it makes the technology required at each node extremely simple and inexpensive–essentially little more than a laser. Los Alamos has already designed and built plug-and-play modules that are about the size of a box of matches. Next generation including the software part will run to a field programmable gate array, which provides further miniaturization for use cases like securing handheld devices.

This solution can be used to secure critical infrastructure like electric smart grid network, for which RSA signature is too slow. A test of the Los Alamos solution over 25km of fiber channel of such smart grid network demonstrated latency less than 125µs, exceeding requirements by almost two orders of magnitude.

With this next generation, we could secure handheld devices (smart phone, tablets and other sensors), enterprise networks, and cloud computing infrastructure.

The drawback of the Los Alamos approach (which has been up and running for 2.5 years now) is that it will become obsolete as soon as quantum routers become commercially viable. So, the question for any investors is whether they can get their money back in the time before then.

The odds are that they won’t have to wait long to find out.

References:

[1] Network- centric Quantum communications with application to critical infrastructure protection, Los Alamos National laboratory, Richard J Hughes, Jane E Nordholt, Kevin P McCabe, Raymond T Newell, Charles G Peterson and Rolando D Somma – LA-UR-13-22718 (version 2), 2013

[2] Refining quantum cryptographic, R J Hughes and J E Nordholt, science 333, 1584, 2011

[3] R. J. Hughes et al., “Secure multi-party communication with quantum key distribution managed by trusted authority”, World Intellectual Property Organization (PCT) application, WO 2012/044855, published April 5, 2012

Philippe André

About

Philippe André is an expert within Business and IS architecture, Service Architecture, System modelling and Soil science. Philippe is a Certified Enterprise Architect (L4) and TOGAF9 certified. Philippe's mission is to help clients to make the best decision as far as business and IT alignment is concerned. More on Philippe.

More on Philippe André.

Related Posts

Your email address will not be published. Required fields are marked *

9 + 3 =


    *Opinions expressed on this blog reflect the writer’s views and not the position of the Sogeti Group