Completely secure networks?

[fyrewall]

http://www.techworld.com/networking/...ge=1&pagePos=5

A joint research project between Fujitsu and the University of Tokyo may have discovered a way to provide complete data security between two networks.


The two have been working on a viable quantum cryptography system that would allow two parties to share encryption keys via telecommunication networks with full confidence that they have not been compromised en route

its an interesting article ..... as always tho .. is total security possible?

[TSeNg]

Nothing will ever be secure because there is a high chance of human error.


-Chris

[Tim_axe]

I Hate "Quantum Cryptography"!!!
It Should Be "Quantum Key Distribution" or something along those lines!!! The encryption algorithm itself is just a run of the mill algorithm or two.


Infact, I just had a thought after reading that article. Suppose that the only way to know if you got the right key is to recieve the entire thing and then try to decrypt it. If you can decrypt it correctly, then it means that nobody intercepted it -- good. BUT, if you can't decrypt it correctly, it means that somebody intercepted it...WAIT A SECOND! THEY HAVE THE CORRECT KEY AND YOU ARE F**KED! (of course, the person who intercepted it would need to have the encrypted data to, and if they do, reissuing a different key & encrypted data set does nothing to their copy.)

And if the algorithm allows you to somehow use a partial key to decrypt and verify, that is a piss poor algorithm (SnakeOil) and would make brute forcing so easy a "cracker" would do that instead of even bothering to intercept it -- making you think that nobody has the key and you are safe.

Of course intercepting it changes the state of the photon or something. But suppose they just so happen to make a random order of photons to you and to the intended reciever it *looks* like they are getting the key. But with only one copy of the key being sent, there is nothing to compare it to and verify against. If they fall back to traditional networks to verify data, why doesn't the eavesdropper listen to that too and maybe skip the photons and go to the traditional fall back methods of regular Internet?



Anyways, that sums up my stand on quantum key distribution after reading that article. Total security is not possible. There are these theories that would seem perfect -- a photon can't be "read" without changing its state (and thus "leaving something different" -- but there is no second copy to compare this against so you wouldn't know it was "different") -- but they can't be implemented as they are imagined. Lets just stick to Public Key encryption please

[cyclops07]

no such thing as completely secured.. if they say completely secure networks for now, i' might agree..

general ppls like us still haven't get hands on the quantum machine, when ppls does, surely something will come out to exploit the quantum tech..

but still, a superb research.

[SDK]

Quantum cryptography is not 100% secure but it's 1000% more secure that today network for sure. Hacking a photon would need a equipement that cost millions probably so bybye basement hacker!

[LeeBkr311]

The only kind of network that is totally secure is an air gap network! And, you know you're not gonna get much done there. (I don't mean wireless I mean not connected =D) But, even then you have to take into account human error and physical security!

[Tim_axe]

Let me pull the discussion into this direction on quantum key distribution. We are assuming that this is a well funded hacker who somehow already has the encrypted transmission since it was transmitted over fast regular mediums...

Originally posted here by Tim_axe
Suppose that the only way to know if you got the right key is to recieve the entire thing and then try to decrypt it. If you can decrypt it correctly, then it means that nobody intercepted it -- good. BUT, if you can't decrypt it correctly, it means that somebody intercepted it...WAIT A SECOND! THEY HAVE THE CORRECT KEY AND YOU ARE F**KED! (of course, the person who intercepted it would need to have the encrypted data to, and if they do, reissuing a different key & encrypted data set does nothing to their copy.)

If that is the case, definately not secure. And could potentially undermine quantum key distribution... Thoughts? Or can anyone point me to some material that discusses this?

[foxyloxley]

To intercept the data in the first place, will compromise one of the basic laws of the quantum world: that to observe, is to change.

example: a photon travelling is an unknown factor, its position is a guess, until you fire another photon at it.

As the new photon collides with the original, there is a release of energy, and this can be seen and recorded.

However, the act of hitting the photon, has changed its course, [rather like a pool ball, when struck by another.] the photon will not now arrive where it was expected. You will be aware that someone has attempted to observe your data, and all data on that photon is lost.

[edit] data carried per photon would be V small......... Earlier work on storage, using single molecules to store as a 1 or 0 worked until a certain 'soak' point, after which it became necessary to store vast amounts of data in the conventional way. The same would probably apply to Quantum kit, and I would expect there to be a cut off point for size, as in the ULF (Ultra LOW Freq, is around a minute per character TX rate.) TX used to communicate with submerged subs at any distance.
These use a code system to give the commander an instruction: to come to radio depth to get the whole message. for example.
I would expect to see Quantum Crypto used as an announcement that there is some MAJOR data coming. And therefore see no end in sight for the basement crypto kiddie just yet.........[/edit]

[Tim_axe]

The laws and theories of the quantum world do say that to observe is to change. As I understand it, somehow intercepting the data will change the "spin" or polarity or something of the photon. From a scientific standpoint, this is 100% detectable.

But when it comes to implementation, my stand is that it isn't possible to detect it was intercepted or changed during transmission.

-------------------------------------

Person 1 sends a photon, say it represents the letter "y", to Person 3. Photon is traveling...
...and ends up passing by Person 2's photon detector. He "intercepts" it, and as a side effect the photon now represents the letter "e". Photon is traveling...
...and goes to Person 3. He writes down the letter "e".
Repeat for the rest of the key.

Remember, quantum key distribution relies on 1) no redundant photons, and 2) detecting interception by the photon changing. My stand is, without redundancy, how can you tell if it was intercepted? There is nothing to compare the "change" against.

At the very end, Person 3 has a key like "ezbxopynma", which is a very random key and very strong. Person 3 tries to decrypt the data....and it fails! Only now do they realize that the key was intercepted. Simply because it isn't possible (implementation) to detect it earlier.

Person 2 has the real key "yiuplwabzm", and since they have the encrypted data that was transmitted via traditional networks, they can decrypt it readily.

-------------------------------------

I would love to get some information that discusses this in implementation. From a scientific standpoint, what you say is 100% true, the photon changes. But in implementation, how do you know if it changed or not? (That is my stand -- if someone can prove it is possible in implementation with the rules that there is no redundant information and only via the individual photons -- no traditional verification -- it will probably break my argument. But for now, I don't know of this implementation.)

I can think of at least one implementation that can comphensate for this problem, but it still leaves the problem that the key can only be sent via photons that can't be compared -- and is still vulnerable.




EDIT: This was typed before your edit and I didn't see it before posting. I don't quite understand what your edit means though

[neel]

how about the evil guy with the lots of money intercepts the photon, but then just sends a new photon instead of the original photon
if the original sender can somehow stick some kind of data to protons, why can't the evil guy do exactly the same if he knows the data