- Commercial quantum crypto thoroughly hacked with lasers, Slashdot
- Microsoft fix for DLL vulnerability, Krebs on Security
- Microsoft tool for DLL vulnerability interferes with some applications, The H
- QuickTime flaw allows remote execution attack, The Register
- Twitter moves completely to OAuth for 3rd party apps, Web Monkey
- Fake Tweetdeck update prompts Twitter to reset passwords of compromised accounts, The Register
- Critical vulnerabilities in RealPlayer, Zero Day
- Google’s project hosting service used to host malware, Zero Day
- Questions about the security of Twitter’s OAuth implementation, Ars Technica
- Security patches for Chrome on its 2nd birthday, Zero Day
- Apple patches iTunes security flaws, Zero Day
- New malware imitates browser warning pages, Slashdot
- Data stealing bug in MSIE 8, Slashdot
io9 continues a surprising streak of nifty, hard science posts on topics quantum. This time, a description of some research out of UCLA solving a problem I didn’t know existed, the need to cryptography tied to a specific location. Unlike classical approaches, the unique realm of quantum mechanics enables this via the no-cloning theorem which observes that quantum states cannot be duplicated. In this instance that means an eavesdropper cannot reproduce key properties needed to fool the system into thinking some communication is secure and intact.
This is an interesting developming when you consider a story I discussed back in March. Existing quantum crypto rigs suffer a certain inflexibility when the end points are in motion. The two notions aren’t quite opposite of each other but considering them both does reflect how processing information with quantum systems leads to some very strange properties and applications indeed.
- Time to retire “info wants to be free”
Cory’s latest Guardian column makes a thoughtful suggestion with regards to putting to rest Stewart Brand’s famous aphorism from the advent of the information age. He unpacks the much more nuanced interests of those big content wants to make out as info-anarchists. He suggests focusing more on the freedom of the net or more simply people.
- Another attack on quantum cryptography
As the post at Slashdot explains, this one relies on the normal error rate with which quantum crypto systems have to deal. The researchers have shown they can recover some information without raising the error rate above the previously acceptable level. I wrote about an earlier attack on quantum key distribution towards the end of last year.
- More on those responsible for malware
Earlier Brian Krebs had an article exploring the shallow end of the pool of online crime, an individual phisher responsible for an alarming number of attack sites. Today he discusses a Russian businessman whose reputation he has looked into before. Now, a Russian politico has spurred a government inquiry into the allegedly nefarious online criminal organizing and activity of “Redeye”, Pavel Vrublevsky.
This application of quantum mechanics, to produce harder to counterfeit cash, never occurred to me. I guess it should have as digital cash based on classical computers has been bounded up in the same areas of interest as classical cryptography. Cryptography and cryptanalysis have been advanced as likely areas where quantum computers will exceed classical ones. While still unproven, researchers have a strong suspicion in particular that the hard to reverse classical operations of public key cryptography will be feasible, maybe even trivial, for quantum computers to undo.
As the MIT Technology Review article explains, a team at MIT has been building and breaking quantum cash systems for at least a little while now. The latest development is that they think they have a class of asymmetric calculations that might prove resistant to cracking by quantum computers. Roughly, the computation involves what reads like trying to determine if there is a continuous topological transform between two knots.
Their quantum cash is based on a new kind of asymmetry: that two identical knots can look entirely different. So while it may be easy to make either knot, it is hard to find a way to transform one into the other.
The article goes on to pinpoint the problem with devising such systems. It is easy to build a cipher or calculation that the creator cannot easily reverse but that doesn’t guarantee someone else won’t find a trivial way of doing so. What has helped that more than anything in classical crypto is the availability of cheap and powerful computing, something that is still quite a ways off for quantum computers.
Slashdot links to a Wired UK article describing some new research out of the Cambridge Lab of Toshiba Research Europe. One of the many hurdles to wider adoption of this form of encryption that relies on quantum properties of particles, like photons, is low transmission speeds to date.
Sadly, that is about all of the content in the article. There is no link to the research or any attempt to explain how the acceleration was achieved. The researcher who directed the effort, Dr. Shields, did add the adviso that the higher transmission speeds were sustained only for brief periods and required manual adjustments. Even though the article mentions some more real world testing as a next step, it sounds to me like that may be premature.
Being able to encrypt and decrypt fast enough to secure live video would indeed be impressive but not if it won’t run the full duration of a video call. For streaming applications, I suppose it could be hidden behind the frequent buffering pauses. I am also curious about how, if at all, this affects some of the other issues with quantum crypto like the inability to route it or some of the merging side channel attacks.
I’ve spoken and written repeatedly about random number generation. In computing, it underlies several critical fields, including cryptography and simulation. Given the considerable limits of generating random numbers on a deterministic, classical computer, we take for granted that physical sources of randomness must be truly random.
Not so, according to a paper discussed at the Scientific American web site. The author of the paper, Antonio Acín, a physicist at the Institute of Photonic Sciences in Spain, clarifies that many physical systems could be predicted with sufficient information and compute time. He details what I prefer to think of as a quantum random number generator where that is not the case. The description of the experimental rig sounds very similar to the components used in quantum computers.
It makes sense that a probabilistic system, like one made of vacuum tubes and ion traps all geared towards preserving the quantum characteristics of particles, would much better defy attempts to predict the series of numbers generated. This prediction is the primary means of foiling security systems based on classical random number generators.
The efforts of Acín and his colleagues builds on an existing field, one of which I was unaware, bringing similar observations about degrees of randomness to quantum systems. Many already existing for producing random numbers but of varying quality. The new rig operates with provable randomness, acting as a black box that does require the same sort of tear down other devices might to be sure of the quality of its output. The biggest hurdle for using the technique in commercial applications is its efficiency. Since it uses similar apparatus to quantum computers, maybe recent improvements in that field may prove helpful here.
This is news cast 209, an episode of The Command Line Podcast.
This week’s security alerts are researchers build an 8K smart phone botnet and share their motivations for doing so and some findings and a serious Apache exploit is discovered.
In this week’s news theoretical breakthrough for quantum crypto, Apple iPhone developer agreement comes to light leading to my own moment of principle where I’ve decided once my iPod Touch is worn out I will be buying an Android based PMP, the value of BASIC as a first language, and improving the bandwidth of quantum memory.
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
Bruce Schneier links to this research just presented at 26C3. While quantum key distribution systems rely on unique, quantum mechanical properties of particles, the attack takes advantage of flaws at the same level. Some of the photo receptors used apparently are vulnerable in such a way as to allow an eavesdropper to completely sniff out a secret key distributed through a quantum channel.
It isn’t clear from the abstract whether this technique would be effective against the improvements on quantum key distribution that I talked about recently on the podcast. What is clear, a contention with which Schneier would seem to agree, is that if anything valuable is exchanged or stored under any type of encryption, then some attacker somewhere will be motivated enough to find a way to get at it. Sprinkling on quantum pixie dust doesn’t change that analysis.