Securing the Net – Quantum Cryptography

Since the early 2000s, private industries, government and defence agencies alike have been hiding behind the steel wall of encryption offered by the Advanced Encryption Standard, otherwise known as AES, a specification for encryption so secure a brute force attack, even by China’s Tianhe-2, the world’s fastest supercomputer, would be unable to break the cipher of AES256 encryption before the universe is to reach its eventual heat death. However, now there’s a new technology that could turn everything we have come to know about encryption on its head, and that technology is quantum cryptography, but before we get into that, a little more about encryption.

Encryption and cryptography is the process of encoding a message so that information, even if it has been intercepted, cannot be read by unauthorised parties. But how do they work? A great explanation comes from the team at Numberphile who explain that the system is akin to the bank providing you with a lock to store your sensitive data, but both the box and the key is held by the bank alone, so if someone steals your box or tries to open the lock, they will have no key. Imagine you wanted to share secret information with your bank. The keys are made up of two numbers, the first is an RSA number. These numbers are area known as ‘semi-primes’, which are numbers with exactly two prime factors (i.e. are divisible by two prime numbers, no more, no less). These RSA numbers are publicly available and can be accessed by anyone, but the second number is held only by the second party, the bank in this example, and is created by multiplying together two huge prime numbers.

To decode this key, the only practical system is to know the two prime numbers used.  If you don’t have these prime numbers, you will need to factorise this number, and that can take a very long time. So long in fact, that even the most power supercomputers would be unable to break the current level of encryption used by banks before the death of our universe!

So what’s the risk?

There’s a paradigm shift in computing on the horizon. A type of computer which does not abide standard ‘bits’, the ‘0’s and ‘1’s that the computers of today are built upon. These computers introduce the possibility of ‘qubits’ which not only accept these ‘1’s and ‘0’s, but also any possible superposition of these states.  These are quantum computers.

Our present day encryption methods rely upon the belief that a computer will have to carry out huge numbers of processes sequentially.  Each process should take a certain length of time to complete, and the number of processes that it’ll need to complete will take so long that cracking the key in this way becomes effectively impossible.

Quantum computers however do not need to carry out these processes in sequence. Instead, when posed with such a question, they consider all the possible answers simultaneously to arrive at the right answer in what is in essence one process, meaning that it could crack any conventional form of encryption in moments rather than millions of years.

So what can we do?

Fortunately, that same technology which threatens to render our current encryption obsolete also offers us a solution. Quantum Encryption makes use of the strange properties of qubits to create the key which is used to access private information, and these keys can be designed in the same way as our encryption is today, to take thousands if not millions of years for a quantum computer to be able to break the code.

Furthermore, a system for sharing these keys, known as ‘Quantum Key Distribution’ is in development, allowing for the key to be shared between two parties without a third party being able to know anything else about the key, even if the message is intercepted, by encoding the key as quantum data.

Quantum computing looks set to change our cyber security landscape and, I for one am hoping that we get the encryption right before the hackers create any exploits.  I think this technology will revolutionise how we keep our information secure, avoid the recent high-profile attacks repeating themselves and improve national security.

What are your thoughts? Leave a reply below or contact me by email.

Personal best

Our propensity for feeding internet services with personal data is exploding

In 2014 we made 2.4 million posts on Facebook, sent 204 million emails, sent 277,000 tweets and made 4 million searches on Google – every minute.

For users of the Ashley Madison extra-marital dating site, personal data was meant to be just that: personal. The recent hacking and exposure of data is an unfortunate example of how much private information we are willingly, and sometimes unknowingly, giving away about ourselves.

So what is personal data, and why is it so important?

To get an idea of scale we have to understand that not only are we talking about your search history, social media and emails which you knowingly generate, but also a vast amount of other data from your smartphone tracking your location and your medical history to your buying habits. The scale of this data is so huge that it’s recorded in terms of Exabytes – a unit of storage 1 billion times the size of a gigabyte (and, if written, contains 18 zeros).

For years businesses have been decidedly opaque in the value they extract from personal data.  What we are now seeing is that customers are becoming more aware of this data and its value. And this is leading to them being more protective and selective when giving it away and more concerned over the security and privacy surrounding their personal data.

In Europe the midata initiative is exploring this growing change by putting tools and processes in place for people to access their own data and understand the value that is holds. One early project has been brought together by midata and GoCompare for the financial services industry – who has used personal data to enhance the value of their products for a long time.

By understanding their customers’ spending and living habits they have been able to carefully select specific products and market them to the right customers with the right risk appetite. The GoCompare tool however lets consumers conduct the same kind of analysis on their spending data as banks, running this data through a catalogue of financial products to tell customers clearly and visually what the best product should be for them and exactly how much they could save, demonstrating the financial benefit and personalisation they can receive through access and control of their personal data.

The key to the future of personal data lies with a clear appreciation of its value. In the future people like you and I should have access to our own data and a full understanding of how sharing our data can benefit us. We should be able to personalise the amount of data that we are sharing, decide how it’s used and understand the level of security and risks that it brings. Whether you are engaging in a relationship you shouldn’t be or building your nest egg, you should know what you’re giving away and to what end.

So is the future of personal data ownership a bright one?

Personally, I think the data points that way.  The age of Big Data has already arrived, but the era of Small Data is yet to begin.

If you’re interested in this subject and want to join the conversation, leave a message below or contact me in the the Aurora team.