Institutes Cracks Equipment To Cloak High Sensitive Comms

Researchers at Norwegian and German institutes claim to have successfully cracked the quantum cryptography equipment used to cloak high-sensitive communications by banks and defence agencies.

The researchers said they had remotely controlled the photon detectors used in commercially available photodiode quantum cryptography systems. This allowed them to eavesdrop on communications, the researchers said.

"The security of quantum cryptography relies on quantum physics but not only [on that]… It must also be properly implemented," said Gerd Leuchs of the University of Erlangen-Nürnberg in a statement on Sunday. "This fact was often overlooked in the past."

Quantum cryptography relies on Heisenberg's uncertainty principle - that observation of quantum particles alters their behaviour - to reveal eavesdropping. Quantum key distribution (QKD) uses entangled quantum bits to exchange secure keys to a cipher.

In the attack, the researchers used bright illumination to dazzle the photon detectors. The detectors were fooled by classical laser pulses superimposed over the quantum signal, the researchers said in a letter to Nature Photonics. According to the researchers, the attack will work for most QKD systems that use avalanche photodiodes, which are semiconductors that convert light to electricity. Most QKD systems use avalanche photodiodes.

The subverted QKD systems were the id3110 Clavis2 by vendor ID Quantique, and the QPN 5505, from MagiQ Technologies. The researchers said on a how-to page that they had disclosed their findings to the affected vendors seven months ago.

ID Quantique has developed and tested a countermeasure, according to the researchers.

The research team — Lars Lydersen, Carlos Wiechers, Christoffer Wittmann, Dominique Elser, Johannes Skaar, and Vadim Makarov — are from the Norwegian University of Science and Technology (NTNU), the University of Erlangen-Nürnberg, and the Max Planck Institute for the Science of Light in Erlangen.

print this article

Return to security news headlines
View Security News Archive

Share with: