Research on quantum networking is well under way.In April 2012, Gerhard Rempe and other researchers at the Max Planck Institute of Quantum Optics in Germany announced their first working quantum network to the world.Then, just this year, Wolfgang Tittel and his researchers at the University of Calgary transported a light particle’s properties through six kilometres of cable.Scientists know how to transmit quantum data through fibre optics or similar free space physical transmission. In a quantum transmission, photons alter across a long link of highly sensitive atoms. In a fibre optic cable, that transmission is sent through tiny glass fibres via light emissions. Free space connections also carry a quantum signal via light emissions, but without glass fibre. Therefore, a clear line of sight must exist between the starting point and destination of the signal. That means we can transmit data even quicker than through fibre optics, but it’s trickier to control.Of course, there is already lots of fibre optic cable in developed parts of the world, but the usual usage, as of 2016, is for the binary digital signals that we all know and love.Quantum data is kind of intriguing and mind-blowing because, while binary bits can only contain a 1 or a 0, quantum bits (qubits) can be both or neither. They’re elusive, and their physical properties add a bizarre new dimension to computer science.Binary data has been around since before ENIAC was introduced in 1946. And look where we’ve taken it in over seventy years! We used to require a roomful of machinery for simple arithmetic. Now we can transfer minutes of audio and 1080p video from one end of the world within seconds from our 100 gram pocket sized devices. That’s all binary data, and we still haven’t completely explored its potential!As of now, we can only transmit a very simple piece of data, such as a light particles information, in the quantum way. Broadcast transmission, which a lot of the internet must do, is impossible for us to do with quantum signals so far. There must be a single point A and point B unless we find some way around that.Just looking at a qubit changes its data. A mere look is a photonic alteration in and of itself! Imagine designing firewalls and network monitoring tools for that… And the existing block and stream ciphers we use for the encryption of binary data absolutely won’t work with qubits either.So, you’d think that the eventual implementation of quantum networks will pose challenges to information security like we’ve never seen before. It will, indeed. But because merely looking at a photon or changing its direction in any way will change its data, man-in-the-middle (MITM) attacks will be yesterday’s news. Well, at least as we know them. (Never say never!)Here’s how MITM attacks usually work:A client machine initiates a transmission to a server on the internet. The attacker gets between the legitimate client-to-server transmission. A cryptographic key request is made from the client machine with the server as its intended recipient. The man-in-the-middle attacker just sends that through and over to the server. The server sends a key to the client, but unbeknownst to the client and the server, the attacker makes a copy of that key before the key reaches the client. Because a cryptographic key has been received by the client, the client and the server think they have a secure, encrypted connection such as over HTTPS while the person using the client machine is doing their online banking.Because the attacker can now decrypt with that key, they have access to all of that supposedly secure and highly sensitive financial data that’s being transmitted in that session.Those usual sorts of MITM attacks won’t work with quantum networks and qubits, for merely looking at the photon alters it. And the client, server, or both will be aware of that alteration. It’s the photon itself that contains the qubit.Large swaths of Canada and the United States could be covered in fibre optic cable already if it weren’t for the avarice and corporate collusion of certain tier one ISPs. Much of the developed world, including parts of Canada and the US do have fibre optic networks already, but we’d have so much more if it weren’t for corporate greed. Even binary data sent over fibre optics is more secure and much faster than binary data sent over coaxial.I can only imagine the corporate resistance to free space cable later on! It’s these sorts of factors that will impede the implementation of quantum networking technology for the service of ordinary people.Quantum cryptography offers tremendous potential to information security, as well. Artur Ekert of the National University of Singapore demonstrated some of this potential at the American Association for the Advancement of Science back in 2012. Just as MITM attacks seem impossible in the transmission of qubits, so does attempting to interfere with the transmission of a quantum cryptographic key. Just looking at the photon changes it, so the targeted parties will become aware of the attack.This is the curious world of the transmission of information through the tiniest possible things; quantum things, photons. Securing that information, quantum information security, is a whole new world of advantages, complexity, and challenges.
About the Author: Kim Crawley spent years working in general tier two consumer tech support, most of which as a representative of Windstream, a secondary American ISP. Malware related tickets intrigued her, and her knowledge grew from fixing malware problems on thousands of client PCs. Her curiosity led her to research malware as a hobby, which grew into an interest in all things information security related.By 2011, she was already ghostwriting study material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. Ever since, she’s contributed articles on a variety of information security topics to CIO, CSO, Computerworld, SC Magazine, and 2600 Magazine.Her first solo developed PC game, Hackers Versus Banksters, had a successful Kickstarter and was featured at the Toronto Comic Arts Festival in May 2016. This October, she gave her first talk at an infosec convention, a penetration testing presentation at BSides Toronto.She considers her sociological and psychological perspective on infosec to be her trademark. Given the rapid growth of social engineering vulnerabilities, always considering the human element is vital.Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.