http://abc.com.au/news/stories/2008/04/21/2223348.htm ABC.com.au April 21, 2008 Quantum cryptography, a new technology until now considered 100 per cent secure against attacks on sensitive data traffic, has a flaw after all, Swedish researchers say. "In computer terms, we've found a bug," said Jan-Aake Larsson, an associate professor of applied mathematics at the Linkoeping University in southern Sweden. "It was surprising - we didn't expect to find a flaw," he said, adding that he and another researcher at the university had also discovered a way to fix the problem. Many experts hope quantum cryptography will be the answer to growing fears about data security on the Internet, providing a one-off code that would be unbreakable for hackers. Most sensitive data like money transactions have to date been transmitted over the internet using a so-called public key, which is considered safe because it consists of a string of some 2,000 data bits and requires enormous calculations to break. Meanwhile, an evolving technology called quantum cryptography has emerged as absolutely secure since quantum mechanical objects, according to the laws of physics, cannot be measured upon without being disturbed and setting off alarm bells that the transmitted data has been manipulated. "If somebody tries to copy a quantum-cryptographic key in transit, this will be noticeable as extra noise. An eavesdropper can cause problems, but not extract usable information," a statement from Linkoeping University said. Not quite airtight The technology, which requires special hardware, is considered absolutely airtight and is widely expected to revolutionise the field of secure data transmission. However at the moment, quantum cryptography is limited to short-range transmissions and is so pricey that only a handful of banks and businesses have so far begun testing the system. Contrary to current convictions, Assoc Professor Larsson said he and his student Joergen Cederloef had discovered a weakness in the supposedly flawless technology. "To send the key over the quantum channel, you must simultaneously send additional data over the traditional Internet channel, and then verify that the classical data has not been changed through an authentication process, he said. While all data travelling though the quantum channel was 100 per cent secure, "a gap appears because this is a combined system, which complicates things so much that the usual security system in some cases does not work," Assoc Professor Larsson said. He said the problem arises when the system had been running for a long period of time, adding he and Mr Cederloef proposed adding a so-called handshake between legitimate users. "All that's needed is a small addition to the authentication process to fill the security gap," Assoc Professor Larsson said. - AFP _______________________________________________ Subscribe to the InfoSec News RSS Feed http://www.infosecnews.org/isn.rss
This archive was generated by hypermail 2.1.3 : Tue Apr 22 2008 - 22:14:39 PDT