Most modern cryptographic techniques ultimately stand on some pretty weak assumptions. The popular RSA public-key encryption algorithm gets its strength from the difficulty of factoring large numbers. But if a government or criminal organization has a mathematician who figures out how to factor large numbers quickly and efficiently, then much of the information that’s encrypted on today’s Internet — and almost everywhere else — will suddenly become vulnerable to eavesdropping and wiretapping.
Today’s cryptographic systems, which protect information moving over networks, are vulnerable to human error and attack. A new kind of cryptography based on quantum physics is now ready for serious consideration.
Called quantum cryptography, such systems have been the gist of academic conferences and physics journals since the basic scheme was invented by IBM in 1984. Now there’s a real-live quantum cryptography system that you can purchase for about US$70,000. It provides absolutely unbreakable security for any fibre link you want — provided that the link you need to secure is no more than 120 kilometres long — and the system is astoundingly easy to set up and administer. Unlike virtual private networks, or VPNs, which are based on conventional cryptography, quantum cryptography doesn’t require you to create keys and keep them secret, and there’s no need to distribute certificates. The system makes its own keys automatically. They’re absolutely random, and they change a dozen times every second.
MagiQ Technologies, the company that’s commercializing this technology, uses quantum cryptography to transfer encryption keys from a sender, which the company affectionately calls “Alice,” to a receiver, which the company calls “Bob.” Once Alice and Bob have used quantum cryptography to get that secret encryption key across the link, those keys are used to encrypt standard TCP/IP or UDP/IP packets sent across a single-mode optical fibre.
MagiQ calls this approach quantum key distribution (QKD), and they call the resulting VPN a quantum private network, or QPN.
It’s important to realize that the MagiQ system is not a pure solution: the keys generated using the quantum physics are used, in turn, to drive a conventional encryption system based on the advanced encryption standard (AES). But many mathematicians feel more comfortable with the security that’s provided by AES, which is a symmetric cipher, than by the security that’s offered by public-key algorithms like RSA. Besides, conventional VPN systems use AES as well. The real beauty of the MagiQ system is that you don’t need RSA.
The problem with RSA is that these systems typically need some kind of public-key infrastructure (PKI) for key management, and doing key management in a secure manner is really difficult. In order to be secure, the private keys in a PKI must be kept secret. But that’s tricky, because keys also need to be used frequently. For example, Web servers typically keep their private keys in a file; if somebody breaks into the Web server and steals that file, then all of the encrypted information that the Web server sent over the Internet can now be decrypted. If an attacker manages to steal the key from your organization’s certificate server, he can now impersonate anyone within your entire organization.
QKD eliminates these vulnerabilities by eliminating the long-lived private keys.
Of course, QKD can’t really provide unbreakable security because the MagiQ boxes are not the only component on your network. A well-funded and sufficiently motivated attacker could try to intercept your data before it goes into the QPN or when it comes out on the other end. There’s also a chance that MagiQ has some sort of flaw in its encryption devices — probably not in the quantum or the optical system but perhaps in the design of the packet encryptor that runs the QPN. And there’s a chance that the box might have some kind of radio emanations that reveal the raw, unencrypted data to an attacker who has a good radio and directional antenna.
To address these kinds of concerns, MagiQ is in the process of applying for federal certification of its project. Once the certification has been awarded, MagiQ will submit its device for evaluation. And the next generation of the company’s devices will use standard IPsec protocols. Steps like these go a long way toward addressing concerns that security experts might have with the part of the system that doesn’t rely on physics for its security.
If the MagiQ boxes are reliable, if they integrate well into existing networks, if they really are easy to manage, and if the company gets its certifications in place, then there is no reason why a CSO wouldn’t want to consider this approach to secure high-speed corporate links — especially those that go over the public fibre infrastructure.