Cyberattack by Breaking and Entering
Quantum cryptography promises secure communication by alerting users when their data has been spied on. But an eavesdropper might be able to bypass this security by tampering not with the data, but with the data-reading equipment. An example of this strong-arm tactic is reported in Physical Review Letters, in which high-powered laser light is used to damage photo-detectors, thus allowing a fake signal to be swapped into the communication line.
A common way for two parties, call them Alice and Bob, to share sensitive information is with a random encryption key. The problem is how to send the key without having it intercepted by an eavesdropper, Eve. One solution is quantum key distribution, in which Alice and Bob share, for example, entangled photon pairs. If Eve intercepts the transmission, she’ll irrevocably destroy the entanglement. Alice and Bob can recognize such a security breach by comparing a subset of their separate photon measurements.
However, Alice and Bob have to allow for a certain amount of errors, or mismatches, between their two measurements due to unavoidable imperfections in their equipment. Audun Nystad Bugge of the Norwegian University of Science and Technology in Trondheim, Norway, and colleagues realized that a change in severity of equipment imperfections could open the door to hacking. In tests, the researchers showed that high-powered laser illumination could partly cripple a commonly used photodiode. If Eve mounted such a laser attack on Bob’s optical system, she could then intercept Alice’s transmission and replace it with a well-crafted fake signal that Bob’s damaged system could no longer identify as phony. To counter this threat, the authors propose more frequent instrument verification procedures. – Michael Schirber