Your Computer is Leaking. Ian J. Malloy.

Similar documents
10 - February, 2010 Jordan Myronuk

The quantum threat to cryptography

Quantum Cryptography. Marshall Roth March 9, 2007

Everything is Quantum. Our mission is to keep KPN reliable & secure and trusted by customers, partners and society part of the vital infra of NL

Device-Independent Quantum Information Processing

Quantum Computing: it s the end of the world as we know it? Giesecke+Devrient Munich, June 2018

A New Wireless Quantum Key Distribution Protocol based on Authentication And Bases Center (AABC)

RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis. Daniel Genkin, Adi Shamir, Eran Tromer

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Hacking Quantum Cryptography. Marina von Steinkirch ~ Yelp Security

Quantum Key Distribution and the Future of Encryption

LECTURE NOTES ON Quantum Cryptography

Cyber Security in the Quantum Era

Cryptography in a quantum world

Quantum Wireless Sensor Networks

Quantum threat...and quantum solutions

A central problem in cryptography: the key distribution problem.

The Quantum Threat to Cybersecurity (for CxOs)

Quantum Information Transfer and Processing Miloslav Dušek

Device-Independent Quantum Information Processing (DIQIP)

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Managing the quantum risk to cybersecurity. Global Risk Institute. Michele Mosca 11 April 2016

A brief survey on quantum computing

Challenges in Quantum Information Science. Umesh V. Vazirani U. C. Berkeley

Quantum algorithms for computing short discrete logarithms and factoring RSA integers

8 Elliptic Curve Cryptography

ALICE IN POST-QUANTUM WONDERLAND; BOB THROUGH THE DIGITAL LOOKING-GLASS

The Relativistic Quantum World

The science behind these computers originates in

VIDEO Intypedia008en LESSON 8: SECRET SHARING PROTOCOL. AUTHOR: Luis Hernández Encinas. Spanish Scientific Research Council in Madrid, Spain

Information Security in the Age of Quantum Technologies

Quantum Technologies for Cryptography

9 Knapsack Cryptography

Ping Pong Protocol & Auto-compensation

Quantum Cryptography

Security of Quantum Key Distribution with Imperfect Devices

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1

Single and Entangled photons. Edward Pei

Cryptography in the Quantum Era. Tomas Rosa and Jiri Pavlu Cryptology and Biometrics Competence Centre, Raiffeisen BANK International

WHITE PAPER ON QUANTUM COMPUTING AND QUANTUM COMMUNICATION

Cryptography Lecture 4 Block ciphers, DES, breaking DES

+ = OTP + QKD = QC. ψ = a. OTP One-Time Pad QKD Quantum Key Distribution QC Quantum Cryptography. θ = 135 o state 1

Security Implications of Quantum Technologies

Simple Math: Cryptography

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

Quantum Technology: Challenges and Opportunities for Cyber Security. Yaoyun Shi University of Michigan

An Introduction. Dr Nick Papanikolaou. Seminar on The Future of Cryptography The British Computer Society 17 September 2009

Physics is becoming too difficult for physicists. David Hilbert (mathematician)

Introduction to Quantum Key Distribution

Public-key Cryptography and elliptic curves

Quantum Cryptography

High Fidelity to Low Weight. Daniel Gottesman Perimeter Institute

Lecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography

Ground-Satellite QKD Through Free Space. Steven Taylor

Detection of Eavesdropping in Quantum Key Distribution using Bell s Theorem and Error Rate Calculations

Quantum Computing: What s the deal? Michele Mosca ICPM Discussion Forum 4 June 2017

5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes

Public Key Cryptography

MAA509: Quantum Computing and Information Introduction

ECE 646 Lecture 9. RSA: Genesis, operation & security

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

Device-independent Quantum Key Distribution and Randomness Generation. Stefano Pironio Université Libre de Bruxelles

The Reality of Quantum Computing

Realization of B92 QKD protocol using id3100 Clavis 2 system

Attacks against a Simplified Experimentally Feasible Semiquantum Key Distribution Protocol

Number theory (Chapter 4)

Cryptographical Security in the Quantum Random Oracle Model

APPLICATIONS OF THE QUANTUM KEY DISTRIBUTION (QKD) METHOD

Public-key Cryptography and elliptic curves

PQ Crypto Panel. Bart Preneel Professor, imec-cosic KU Leuven. Adi Shamir Borman Professor of Computer Science, The Weizmann Institute, Israel

What are we talking about when we talk about post-quantum cryptography?

Lecture 14, Thurs March 2: Nonlocal Games

Quantum Communication

Nano and Biological Technology Panel: Quantum Information Science

Lecture 1: Introduction to Public key cryptography

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Introduction to Quantum Computing

Quantum Entanglement and Cryptography. Deepthi Gopal, Caltech

Selecting Elliptic Curves for Cryptography Real World Issues

C. QUANTUM INFORMATION 111

Entanglement. arnoldzwicky.org. Presented by: Joseph Chapman. Created by: Gina Lorenz with adapted PHYS403 content from Paul Kwiat, Brad Christensen

Quantum Cryptography and Security of Information Systems

Entanglement and Quantum Teleportation

Quantum Technologies: Threats & Solutions to Cybersecurity

Implementation Tutorial on RSA

Quantum Computation 650 Spring 2009 Lectures The World of Quantum Information. Quantum Information: fundamental principles

Quantum Computers. Peter Shor MIT

Quantum Computing 101. ( Everything you wanted to know about quantum computers but were afraid to ask. )

Mathematics of Public Key Cryptography

Secrets of Quantum Information Science

Quantum Key Distribution. The Starting Point

Further progress in hashing cryptanalysis

Classical Verification of Quantum Computations

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Quantum Cryptography

Everything is Quantum The EU Quantum Flagship

Introduction to Modern Cryptography. Benny Chor

Summary. The prospect of a factoring. Consumer key generation. Future long range key. Commercial systems. Metro Networks. exchange. machine. Spin-off.

An entangled LED driven quantum relay over 1km

University of Tokyo: Advanced Algorithms Summer Lecture 6 27 May. Let s keep in mind definitions from the previous lecture:

Transcription:

Your Computer is Leaking Ian J. Malloy Dennis Hollenbeck, 149 W Managed Services dennis.hollenbeck@149w-managed-services.com Abstract This presentation focuses on differences between quantum computing and quantum cryptography. Both are discussed related to classical computer systems in terms of vulnerability. Research concerning quantum cryptography is analyzed in terms of work done by the University of Cambridge in partnership with a division of Toshiba, and also attacks demonstrated by Swedish researchers against QKD of energy-time entangled systems. Quantum computing is covered in terms of classical cryptography related to weaknesses presented by Shor's algorithm. Previous classical vulnerabilities also discussed were conducted by Israeli researchers as a side-channel attack using parabolic curve microphones, which has since been patched. Keywords Post-quantum cryptography, encryption, quantum computing INTRODUCTION Before beginning, it's useful to introduce the fictional characters Alice, Bob, and Oscar. Alice and Bob are used in cryptography to make concepts easier to understand. Oscar is traditionally used as an adversary while Alice and Bob work to communicate securely. These characters will be referenced several times throughout this presentation. To set the background of this presentation, work done by researchers at Tel-Aviv University proved acoustic signals allowed side-channel attacks against several target computers [1]. Side-channel attacks are a form of cryptanalysis, or way to break encryption, that focuses on physical components as opposed to algorithmic weaknesses. Not only was it possible to conduct this attack, it was also possible to increase the distance the attack could be performed over using a parabolic reflector to amplify the signal. Figure 1. RSA GNuPG Side-Channel Microphone

There was a proclaimed patch issued that fixed this vulnerability, but there are always ways to improve attacks. This research is important to keep in mind because it demonstrates both creative ways to crack encryption and also how radio waves are potentially tied to acoustic signals generated by data processes. This specific attack covered a wide-range of devices but focused on a specific implementation of a specific algorithm. Regardless, the risks are real and have a potential to be increased significantly. Shifting from classical cryptography and communications, there is a strong focus on developing quantum computing and quantum cryptography. Quantum computing is based on the qubit, geometrically represented by a Bloch Sphere, and quantum cryptography which involves quantum key distribution (QKD) to secure communications between Alice and Bob. Figure 2. Bloch Sphere Representations RELEVANT LITERATURE The University of Cambridge partnered with a research division of Toshiba and were able to use a combination of "lit" and "dark" telecommunication fibers to effectively use QKD to secure communications [2]. Quantum key distribution is equivalent to a one-time pad but doesn't require Alice and Bob to physically meet to share keys beforehand. It was assumed that QKD was essentially bullet proof, or that it couldn't be hacked, since any attempt by Oscar to listen in on Alice and Bob would alert Alice and Bob immediately. Basically Alice and Bob are observing their communications so that if Oscar tried anything it would change measurements that Alice and Bob are conducting on particles. A demonstration of how Oscar can listen to Alice and Bob without triggering changes in measurement of the particles was conducted by researchers towards the end of 2015 [3]. Figure 3. Quantum Key Distribution Cambridge-Toshiba Experiment Essentially, it was shown that Oscar could hack Bell's inequality using classical light sources to spoof the measurements Alice and Bob expected. Bell's inequality is an expected statistical result that occurs after

particles are entangled and then separated. In Quantum Key Distribution, the difference from a one time pad is that QKD doesn't require a rendezvous between Alice and Bob to exchange keys. The expectation is that once Alice and Bob begin communicating, any attempts by Oscar will spoil the measurements of Alice and Bob. Figure 4. Quantum Key Distribution Swedish Bell Hack Alice and Bob rely on their measurements during communication to change if Oscar can tap into their conversation. If a Quantum Key Distribution system can be tapped into by using classical optical devices to manipulate the sensors used by Alice and Bob during communication, Oscar wins. If Alice and Bob trust that any interference by Oscar necessarily changes their measurements, it can be shown that Oscar can still tap into the device used by researchers at the University of Sweden in Stockholm for purposes of demonstration. Thankfully the researchers who demonstrated the ability to hack this form of QKD also proposed solutions to the problem [3]. The United States National Security Agency (NSA) and National Institute of Standards and Technology (NIST) have moved forward with requests for input on post-quantum cryptography [4]. Quantum computing was first conceptualized as a form of Turing machine, but a scientist named Peter Shor developed an algorithm, now known as Shor's Algorithm which advanced concepts of quantum computing by providing a verifiable algorithm a quantum computer could run. Shor's algorithm solves factorization problems very efficiently. VULNERABILITIES IN ENCRYPTION The weaknesses of discrete logarithm problems and cryptography based upon integer factorization problems become evident when you start to understand what a qubit is able to do computationally. If you think of a classical bit, some form of 0's or 1's, and then move to a qubit that can be both 0 and 1 the ability to combine calculations is significantly advanced. If you can keep several qubits in a state of coherence, and each can enter states of superposition to approximate solutions to problems, then breaking certain forms of encryption is simplified.

Disclosures by Edward Snowden revealed an interest of the NSA to actively research the feasibility and requirements to build a quantum computer specifically designed to break encryption [5]. The NSA has also released a notice of adjustments to their Suite-B cryptography which first appeared as a desire to seek post-quantum cryptography in the "not too distant future," which appears to be now given the move for NIST requesting expert advice. NIST is interested in proposals for new standards in encryption that will survive in a post-quantum world. CHALLENGES IN QUANTUM COMPUTING Vulnerable cryptography in a post-quantum world shares the same threat in common, Shor's algorithm. Any system now or in the future that relies on either integer factorization or discrete logarithm problems will be vulnerable to cryptanalysis from quantum computers implementing Shor's algorithm. There are still issues with controlling enough qubits to factor numbers as large as those used in modern cryptography, and this is a critical challenge for researchers in quantum computing. While the NSA has been working on establishing the feasibility of a quantum computer to break encryption, whether they succeed or not still raises the question of how they would deploy this type of system. With the move from seeking "in the near future" to the current request released by NIST concerning post-quantum cryptography, anticipating quantum computing advances is important. There are a lot of fast-paced discoveries being made by several teams in quantum computing research, and it's a good idea to begin taking steps to address this now. DISCUSSION There are too many networks with open vulnerabilities that have had the patches available but weren't updated to address these same vulnerabilities. Most security professionals have experienced this directly. Stories released by the SANS Institute in their "Newsbites" have editorial comments, and many involve these types of issues. Quantum mechanics is really weird science, the word "quantum" itself can complicate any discussion that follows. One of the hardest components of cyber security hinges on educating people about why they need to invest in security, and educating these same people on what they can do to address the problem. If a company doesn't think they could be targeted, or think they haven't been targeted it's easy to imagine how hard it would be to explain this new threat. A CEO might not easily believe that networks could be threatened by a computer that works with just a few a particles of light. This is an exaggeration, but also a threat the NSA takes seriously. Then again, companies might think their data doesn't need the same level of security that a government agency would recommend. By working with a Riemann-Hilbert intersection and developing algorithms, it was possible to derive a potential way to mitigate quantum based attacks [6]. By relying on radio waves, which are a form of electromagnetism as well as a form of light, it seems plausible enough to research further. The Riemann sphere transitions over time from spherical to a single point, leading to a complex algorithm producing several vectors perpendicular to the surface, and repeating the process. While this is a preliminary finding, it remains promising.

Figure 5. Riemann-Hilbert Intersection The threats to encryption posed by Shor's algorithm dominate most news articles aimed at general audiences, but there are important things to keep in mind. First, news articles about science aimed at the general public tend to water down the science. Second, Shor's algorithm requires several qubits to maintain coherence long enough to factor numbers and this is a difficulty in quantum computing. A researcher at the University of New South Wales explained quantum computing using the analogy of the discovery of the laser. The scientist responsible for the laser didn't envision it being used to read data from a c.d., but oftentimes the scientific community advances discoveries through novel applications. CONCLUSION A discovery doesn't grant omniscience in terms of its applications, you have to hold it in your hand first to start to see how it could be used. Computation might seem different, but security isn't and you can't hold cyber security in your hand. If the threats today advance as dynamically as they are known too, when quantum computing transitions fully from exploration to application we won't know all the changes that will occur across a threat-landscape. Even though security professionals don't have complete foresight, it doesn't mean the threat shouldn't be anticipated in some form. REFERENCES [1] Daniel Genkin, Adi Shamir and Eran Tromer, "RSA Key Extraction Via Low-Bandwidth Acoustic Cryptanalysis" 2013. [2] Patel, K. A., J. F. Dynes, I. Choi, A. W. Sharpe, A. R. Dixon, Z. L. Yuan, R. V. Penty, and A. J. Shields. 2012. Coexistence of high-bit-rate quantum key distribution and data on optical fiber. Physical Review Letters X. [3] Jogenfors, Jonathan, Ashraf Mohamed Elhassan, Johan Ahrens, Mohamed Bourennane, and Jan-Ake Larsson. 2015. Hacking the bell test using classical light in energy-time entanglement-based quantum key distribution. Scientific Advances 1. [4] Moody, Dustin. 2016. Post-quantum cryptography: NIST's plan for the future. National Institute of Standards and Technology,. [5] Rich, Steven, and Barton Gellman. 2014. NSA seeks to build quantum computer that could crack most types of encryption. The Washington Post2014, sec National Security. [6] Malloy, Ian. 2016. Computer network defense through radial wave functions. Master of Science., Utica College.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback