STE WILLIAMS

News sites love a tech story mentioning that spooky word “quantum”, and if you can add a bit of space travel then you’ve probably hit a sweet spot.

It was no surprise, then, that the June announcement by a Chinese team that it had generated “entangled” photon pairs on board the Micius satellite which were separated and sent to cities 1,200km apart on the ground, got attention.

The team followed up this week with a practical demonstration in which entanglement was harnessed to send encryption keys from the same satellite to the ground using a security technology called Quantum Key Distribution (QKD).

QKD, really a complex set of protocols based on quantum physics, has been a thriving field for years, so what is new here?

Headline writers got carried away with the idea that what the Chinese have built is some kind of “unhackable” communications system which, of course, is utter nonsense – though actually, it’s far more interesting than that.

QKD is about entangling photons or electrons, which are then used to secure a channel distributing encryption keys. Any attempt to interfere with or “measure” one of these particles alters the state of the other, which is revealed by a statistically high “error” rate.

Notice that QKD doesn’t stop the channel being from being hackable, it’s simply that this can’t be hidden from the parties using it. You’re probably wondering, then, why QKD isn’t everywhere. The answer is a mixture of tricky physics and engineering limitations.

Once you’ve entangled electrons or photons it isn’t easy to keep them in that state. Even when you do, pairs can be rare enough that data rates end up being very low and distances short.

Despite attempts to make QKD simpler to implement, it remains a lab-bound technology needing trained physicists to get it working. This raises costs, as does the need to send photons through fibre cables in a point-to-point fashion.

You can read a summary of QKD’s larger engineering limitations in a short paper published by Britain’s NCSC last year but suffice to say that any weakness in the equipment used to set up and verify the sending and receiving of keys can create theoretical security vulnerabilities.

One achievement of the Chinese experiment was to dodge the need for fibre cables by transmitting photons using lasers on Micius through the perfect medium of the atmosphere.

But even if it could be made to work perfectly, new problems arise. Imagine a scenario in a future world where QKD is widely used. In the event that surveillance of a channel is detected, how do the two communicating partners react?

Logically, they stop using the channel and move to another, but what if the same thing happens again? If they can keep this up, the attacker has pulled off a simple denial-of-service attack.

A way of countering that would be to build QKD networks large and distributed enough to resist the DoS scenario. The Chinese experiment, based on fleets of satellites, shows this might be feasible.

There is now talk of a large-scale global QKD system. This remains far-fetched, as does the idea of a “quantum internet”. As far as we know, QKD has not even been used to confirm a real-world hack, although it’s not impossible as militaries have been testing the technology for a while.

QKD, and China’s satellite experiments, will doubtless prove their worth one day, in some form. Until that day, expect more silly headlines that present well-established quantum principles as if they were the opening to Alice’s rabbit hole.

Follow @NakedSecurity
Follow @JohnEDunn

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/hBqPS0bUHe4/