BT starts commercial trial of quantum secured London network BT and Toshiba have announced the trial of a commercial quantum secured metro network in London, set to run for three years to evaluate the use of the technology. The system, which is operational now, uses quantum key distribution (QKD) over standard fibre optic links to securely encrypt data. The London quantum secured metro …
I barely understand this stuff at all. However, this is a "metro" network and no "exchange" is involved, presumably for precisely the reason you state.
As far as I can make out, the security depends, in theory, on single photons being used to transmit individual bits of the encryption key. Reliably sending and detecting a single photon is quite hard even in perfect conditions: in practical fibres, the noise and attenuation grow as the fibre gets longer which means that there is a practical limit to the size of the network and indeed to the security (you may need to send more than a single photon to guarantee reception, raising the risk of undetected interception).
It will be interesting to see how it pans out in real world tests.
> It will be interesting to see how it pans out in real world tests.
Just watch out for the big headlines to come...
Unfortunately it's like I can read the future: A sound theory with a sloppy implementation and a lot of corners cut, resulting in the mandatory "We take the security of our clients very seriously" sound bite when eventually the digestion residue hits the ventilation device. Doesn't it always end like that?...
Who would had thought that leaving the back door wide open to better ventilate the server room (air conditioning is too expensive) would allow miscreants to enter illegally and commit heinous crimes? You can't foresee that, do you.
Who would had thought that leaving the back door wide open to better ventilate the server room (air conditioning is too expensive) would allow miscreants to enter illegally and commit heinous crimes? You can't foresee that, do you.
that's exactly what i saw at a Daisy DC in Reading ~ 2018. I went in to do an audit of some stuff in our "secure" cage & remove some old kit. I parked around the back and saw the back doors wide open and some vans in the vicinity, some work was obviously happening but i did not see anyone.
I thought about walking through but as this was my first visit & i didn't know where i was going i thought i'd better go through the front door.
The usual theatre was performed, long wait in reception, escort to our cage and i could see my parked car on the way as the doors where still open. i had a moan and was assured there where invisible people there.
I removed my stuff, borrowed a trolley and just took it out those open doors and into my car, still no evidence of work people.
i left through the main entrance to maintain the theatre.
When i got to my car i remembered i left my tool kit so in through those open back doors and to our secured cage that was still open (they had the lock) and retrieved my stuff.
Still no evidence of work people.
Single photon manipulation and sensing is a thing now, it's doable but yes the length of the fibre is a factor in its success. It's currently feasible over many 10s kms, the Chinese have claimed to have done it over far greater distances and in free space.
Sending multiple photons until one gets through isn't a big deal. The whole point is that the entangled half of the pair that you keep allows you to know if the other has got through successfully. If it hasn't, you change the key and retransmit until it does get through unchanged - then you use that key.
"I'm no expert in this, but it seems like security is just hop-by-hop and not end-to-end. So you're subject to MITM attacks at the exchange."
I think the diagram is potentially misleading. The core sites are "ends", where the data can be decrypted, used and then encrypted again before sending off to somewhere else. And if you look at the diagram, there is a route from customer site A to customer site B through the "core" sites via the WDM multiplexers and node repeaters where the data remains encrypted all the way.
But yes, a person in the middle attack or similar is still possible any point where the data is decrypted, same for any encryption scheme.
Yay, do we get to prefix everything with Quantum now we're bored with "i" and "turbo" again. This is basically equivalent to a bunch of SSH tunnels which if a single point to point is fine but this doesn't seem to be so are they end-to-end encrypting too? If not then i'm going to have to say its a failure (leave nothing to chance or monitoring)
Not really understanding why "the trick" was to have the keys and the data on the same fibre? The data is secured with standard public key encryption (it says) and, presumably, the keys for that are frequently changed and the exchange of those is done by the clever "quantum" bit. But that should mean that the data can go by any available route?
Perhaps the clever bit is that they already have the "any available route" in the form of fibres provided by OpenReach so being able to fit the quantum bit down that route too is actually quite convenient. Although as the appropriately named "A Non e-mouse" points out, this is actually hop-by-hop so presumable requires lots of physical security around each node...
The problem is you cant easily WDM the data (bright) and the single-photon quantum on the same fibre at the same time. So may demos would use one dark (literally!) fibre for the key-exchange and the bulk data transfer done on a 2nd. You can see how unpopular that is going to be with telcos and the customers who would be left waiting months or years for additional fibre capacity to be installed.
So it seems (without actually looking at the details) they TDM the key and data parts for this.
Of course, the "perfect security" promised by QKD also depends on the hardware implementing not having back doors, either deliberately or due to some error leading to key exposure. I would apply my own end-end security over the QKD-secured network for that reason...
The same government that this year also said the following about its intent to ban end to end encryption :
“There is a risk that end-to-end encryption, without the right safety capabilities, blinds companies and law enforcement, taking us backwards. Neither this government, nor society as a whole could accept that.”
Presumably quantum government means existing in a state of wanting to both encourage and ban something at the same time, and only when you observe whatever thoughts emerge from Priti Patel's brain at a particular moment in time do you discover what the current state is.
> Presumably quantum government means existing in a state of wanting to both encourage and ban something at the same time
The explanation is much simpler: Encryption is exclusively for the corporate world. The Great Unwashed are supposed to stay totally transparent so we can keep watching them (and potentially make a quick buck too).
no no, this is "quantum-enabled economy"... 'economy' with a fancy word in front, so it must be good... until it turns out to be bad, some time after being proved to be a white elephant and stupid
("it's the economy, stupid")
"EY will see all its data traffic between its two London sites carried over the quantum secured links"
Wouldn't it be better to build a dedicated "quantum" network and just use that for OOB key transmission?
I think that is the route the chinese are going down with satallites, if I remember an old el-reg article correctlly?
This seems a bit sledgehammer/nut to me. What is it that E&Y do that requires this level of security?
Yes, traffic about its customers should be encrypted in transit. However: what's the threat here? Are E&Y worried that someone with nation-state capabilities are going to want to read their correspondence, and therefore they should be implementing the interception detection as an additional security level?
The Tax Office(s) and the FCA might be interested in their workings perhaps, but neither of them would have the budget...
"QKD is a way to securely distribute encryption keys, which are then used to encrypt and decrypt data for end-to-end transmission using standard public key algorithms."
The point of public key cryptographic algorithms is that you can publish the algorithm and the public part of the key and keeping the secret part secret can transmit messages securely over unsecured links. However, all of the public key cryptographic algorithms are computationally intensive, requiring mathematical operations such as modular exponentiation with quite large numbers. Time was when the minimum length of an RSA public key modulus was 1024 bits, I expect that is much bigger now.
Public key encryption was implemented (see, e.g., PGP) to enable the exchange of the keys for more computationally easy symmetric (secret key) algorithms, initially DES and more recently AES*. This allows the actual message to be sent using an efficient algorithm with minimal message expansion. So my guess is that as the QKD is considered secure there is no point in using it to send a public key to anyone, just send the symmetric key directly.
Unless I am missing something here? (EL Reg's cryptography experts are politely requested to advise, opinionate, pontificate and correct.)
*https://www.techtarget.com/searchsecurity/definition/Advanced-Encryption-Standard
Yes, you would use the QKD to share a random symmetric key (probably 256 bits for AES or similar, but can be from "true" random source like noise generator).
The "secure" aspect of QKD is not that you can't intercept it, but that you know if it has been compromised by an eavesdropper so your shared key is not secure. Except here, where the key exchange nodes could be compromised and you would never know (as they are not quantum-passing but decode/recode).
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2022
