Just before the Thanksgiving break, reports emerged of a breakthrough in the world of quantum internet security. The idea of using quantum physics to prevent eavesdropping on data transmissions has been edging closer and closer to reality for some years now. The brains at Toshiba and Cambridge have apparently taken it too a new level.
It makes for very interesting reading. The idea of being able to use one-time pads for encryption while being able to ensure that the pad is delivered over the same medium as the message without interception is certainly attractive. Once made into an economically viable technology, it will probably make quick work of the various key/certificate mechanisms out there now keeping commerce safe.
But from the other point of view, it is actually quite rare that the weak point in the chain is within the fiber. Encryption methods today are quite good actually and especially when it comes to online commerce and government communications. Besides, just think about how hard it really is to successfully and usefully eavesdrop on 100Gbps of encrypted bits where the few bits you want are mixed in with YouTube clips, real time gaming data packets, illegally shared copies of the latest movies, and of course vast quantities of free porn. Most stolen data goes through the much more porous and carefully targeted parts of the process: unpatched server security holes where the data is stored and the humans who have or can grant access to such data. Quantum mechanics can't do too much on those fronts.
Another angle is just how governments will take to this new technology. Existing certificate mechanisms give them the ability to subpoena their way into the data. Turn it into an automated one time pad that can't be eavesdropped on and make it widely available, and you're going to give Homeland Security and it's global counterparts conniptions. You know how it is, it's only good encryption if it's our encryption!
And yet another random thought is that automated security via quantum methods like this could open the way for a new type of DDoS attack. If you want to disrupt a signal, forget flooding the IP layer. Just *attempt* to read the quantumly secured one time pads on key internet routes and set off the eavesdropping tripwire over and over again. Adversarial governments or terrorist organizations might put in place tiny passive devices attached to submarine cables that when triggered don't actually steal data, but rather just pretend to steal it by bending the cable slightly and detecting a few stray photons. The security of data being transferred would then be possibly compromised, causing systems worldwide to not accept the transmissions across the cables, and thereby take down the internet leading to global chaos. I feel a James Bond movie coming on, somebody call Daniel Craig or something.Fiber Networks · Security