How quantum key technology may prevent online card fraud | Technology | The Guardian
The solace of quantum key technology
Encryption based on the fragility of quantum states could be used to protect consumers from card fraud
* Christine Evans-Pughe * The Guardian, Thursday October 9 2008If a fraudster copies the numbers from your bank debit or credit cards, there's little to stop them going on a shopping spree online. This kind of fraud - known as card-not-present (CNP)- exceeded £290m in the UK last year and is a growing problem. It could also be one of the first consumer applications to benefit from quantum key distribution.
Quantum key distribution - or QKD for short - exploits the quantum mechanical properties of light particles (photons) to generate secret keys (strings of random numbers) that can be shared between two parties (for example, you and your bank) and used to encrypt data to safeguard it from snoopers. Typically, QKD systems transmit a stream of differently oriented photons to represent 1s and 0s through an optical fibre or a free space link. The snooper-proofing is intrinsic due to the fragility of quantum states: if you try to measure them they collapse, which is a marker for tampering, alerting the legitimate users to the presence of an eavesdropper.
Can you keep a secret?
Using quantum keys to encrypt data is at present only of interest to banks, governments and defense organizations which might need to move lots of confidential information securely between sites. But a demonstration in Vienna this week takes the technology to a different level, by integrating quantum key distribution into a standard communications network.
The event will show VoIP, videoconferencing and web services encrypted with constantly refreshed quantum keys. It will also include a prototype solution to card-not-present fraud, developed by Professor John Rarity from the University of Bristol and Hewlett Packard Research Labs.
The idea is that we would fill up our mobile phones or similar handheld devices with secrets (random strings of digits) at a quantum ATM. During online transactions, we would gradually consume this personal stash of secrets to encrypt information, such as our PIN, or to authenticate ourselves.
"The quantum part gives you the promise that when you've topped up your secrets, only you and your service provider own this particular random digit string," says Tim Spiller of HP. "If you're doing an internet transaction, you send the merchant however many secret bits is deemed to be secure. The merchant sends them on to Visa, say, who checks they're OK and if so authenticates the transaction."
The Vienna event is the culmination of a four-year EU project called SECOQC (Secure Communication based on Quantum Cryptography) to bring QKD technology to the mainstream. The SECOQC partners - who are now defining a European technical standard - include Siemens, Toshiba, Hewlett Packard, ID Quantique, Thales and Qinetiq as well as leading quantum scientists.
For the demo, Siemens has installed seven quantum key links into a standard metropolitan fiber-optic communications network that runs around Vienna and connects several of its sites. The network has been successfully running in test mode for several weeks now, according to Wolfgang Richter of Siemens.
Quantum keys won't be able to encrypt data traffic in real-world networks until standards have been finalized. However, SECOQC project leader Christian Monyk is optimistic. " We could produce it in six months."
When (or if) consumers enter the picture is difficult to predict. Rarity and HP's technology is "on the banks' radars", according to Spiller. But the point about their system is that it's potentially very cheap. HP's vision is that mobile phones could easily include half a short-range QKD system (which they say can be built from some standard LEDS and a low-cost integrated optical circuit). "Getting that into the market would depend on demand but five years is reasonable," says Spiller.
No hiccups
Meanwhile, quantum cryptography is gaining interest. Last year, ID Quantique's simple point-to-point quantum key distribution technology was used to guarantee the security of votes cast in Geneva during the Swiss general election. This summer, the defence and security company Qinetiq has been doing trials in London with network operator AboveNet, which provides fibre-optic connections for businesses. "We've done some experiments sending polarised photons through part of their network," says Dr Brian Lowans of Qinetiq. "We didn't have any hiccups."