If a fraud suspect copies the numbers from your bank debit or credit cards, there’s little to stop them going on a shopping spree online. This kind of fraud — known as card-not-present — is a growing problem. It could also be one of the first consumer applications to benefit from quantum key distribution.
Quantum key distribution — or QKD for short — exploits the quantum mechanical properties of light particles (photons) to generate secret keys (strings of random numbers) that can be shared between two parties (for example, you and your bank) and used to encrypt data to safeguard it from snoopers.
Typically, QKD systems transmit a stream of differently oriented photons to represent 1s and 0s through an optical fibre or a free space link. The snooper-proofing is intrinsic because of the fragility of quantum states: if you try to measure them they collapse, which is a marker for tampering, alerting the legitimate users to the presence of an eavesdropper.
Using quantum keys to encrypt data is at present of interest only to banks, governments and defence organisations that might need to move lots of confidential information securely between sites. But a demonstration in Vienna last year took the technology to a different level by integrating quantum key distribution into a standard communications network.
The event showcased Voiceover Internet Protocol, videoconferencing and web services encrypted with constantly refreshed quantum keys. It also included a prototype solution to card-not-present fraud, developed by Professor John Rarity from the University of Bristol, England, and Hewlett Packard Research Labs. The idea is that we would fill up our mobile phones or similar handheld devices with secrets (random strings of digits) at a quantum ATM. During online transactions we would gradually consume this personal stash of secrets to encrypt information, such as our PIN, or to authenticate ourselves.
”The quantum part gives you the promise that, when you’ve topped up your secrets, only you and your service provider own this particular random digit string,” says Tim Spiller of HP. ”If you’re doing an internet transaction you send the merchant however many secret bits is deemed to be secure. The merchant sends them on to Visa, say, who checks they’re okay and if so authenticates the transaction.”
The Vienna event was the culmination of a four-year EU project called SECOQC (secure communication based on quantum cryptography) to bring QKD technology to the mainstream. The SECOQC partners – who are now defining a European technical standard – include Siemens, Toshiba, Hewlett Packard, ID Quantique, Thales and Qinetiq, as well as leading quantum scientists.
For the demo Siemens installed seven quantum key links into a standard metropolitan fibre-optic communications network that ran around Vienna and connected several of its sites. The network has been successfully running in test mode for several weeks now, according to Wolfgang Richter of Siemens.
Quantum keys won’t be able to encrypt data traffic in real-world networks until standards have been finalised. But SECOQC project leader Christian Monyk is optimistic. ”We could produce it in six months.”
When (or if) consumers enter the picture is difficult to predict. HP’s technology is ”on the banks’ radars”, according to Spiller. But the point about their system is that it’s potentially very cheap. HP’s vision is that mobile phones could easily include half a short-range QKD system (which they say can be built from some standard LEDS and a low-cost integrated optical circuit). ”Getting that into the market would depend on demand, but five years is reasonable,” says Spiller.
Meanwhile, quantum cryptography is gaining interest. Last year, ID Quantique’s simple point-to-point quantum key distribution technology was used to guarantee the security of votes cast in Geneva during the Swiss general election. The defence and security company Qinetiq did trials in London with network operator AboveNet, which provides fibre-optic connections for businesses. ”We’ve done some experiments sending polarised photons through part of their network,” says Dr Brian Lowans of Qinetiq. ”We didn’t have any hiccups.” —