Secure Video Conferencing via Quantum Cryptography

Roland Piquepaille writes "If you use a webcam to talk with your mom, this tool is not for you. But if you're working for a company and that you have to routinely discuss about sensitive future projects or the possible acquisition of another company, you need more security, and this new video conferencing system based on quantum cryptography is a tool you need. According to this article from Nature, researchers from Toshiba have developed a system which can generate 100 quantum 'keys' every second, fast enough to protect every frame in a video exchange. This technology, which today is working over a distance of about 120 kilometers, could become commercially available within two years at an initial cost of $20,000. This overview contains more details and references."

Not very cost effective, yet

[Anonymous Coward]

..which today is working over a distance of about 120 kilometers, could become commercially available within two years at an initial cost of $20,000.

$20,000 is a lot more than what it costs to deliver a hard disk full of random numbers for use as a One Time Pad.

But I guess you could get the best of both worlds, by storing your OTP on Quantum hard disks. Nyuk, nyuk.

Great til machine/user is virused/wormed/phished

[G4from128k]

New encryption tools are cool, but they only secure the network. The end-terminals (and end-users) are still insecure. Holes in the OS, clicking on the wrong email, etc. can compromise one of the machines. And if either party likes chocolate, then we know that we can get the keys to crypto just by offering a tasty morsel.

Security is only as strong as its weakest link. This invention ensures that the network is not the weakest link. Its a step in the right direction, but other components are still pretty vulnerable.

Just becase they can

[eskwayrd]

Interesting. Quantum cryptography is supposed to be 'hack proof'. So, why the need for 100 keys per second? One key at the start of the stream should be enough. If your video gets scrambled, it tells you that you have an infrastructure problem, or someone is actively trying to hack into your stream. Either way, continuing the conversation seems kinda moot.

Perhaps this is a 'just because we can' technology which ignores the 'should we?' question. (or, I lack the vision to see how this is useful :)

Is Roland a script ?

[Anonymous Coward]

because his "articles" sure read like them, check out a google search on this phrase
This overview contains more details and references [google.com]

perhaps Roland should spend his time and get a proper job (or perhaps nobody will employ him) and actually contribute something new to the internet instead of just leeching from others hard work.

Boycott Roland Piquepaille Stories

[goldspider]

Yes, offtopic, I know. Moving on.

There are a lot of us here who object to Roland Piquepaille's well-documented practice of using Slashdot to direct readers to his site and thereby generate ad revenue for himself.

Roland Piquepaille contributes none of his own work (it's ALL derivative of others' efforts), and Slashdot is more than willing to sell their readers out to this character.

So the next time a Roland Piquepaille-submitted story comes up, don't read it. Don't post replies. Don't even acknowledge that the story is there.

It's time we send Slashdot the message that we don't like being taken advantage of in this manner.

Why?

[nacturation]

I don't see this as being really practical for security. So you've got all of this quantum-encrypted video which is infinitely better than an SSH-encrypted stream and you're feeling pretty smug about how unbreakable it is. Meanwhile, the janitor has planted a bug under your desk and is eavesdropping on everything you say. Or someone else hid a pinhole camera in a plant and is recording it all.

While I applaud the research and find the technology cool, I don't think a lack of decent encryption technology is the weakest link with regards to security.

Re:Boycott Roland Piquepaille Stories

[Quixote]

I keep seeing the same sort of responses to Roland's stories, and have finally begun to wonder: why doesn't Slashdot stop posting his stories? Will someone at Slashdot address the readers' concerns? It is about time that an official answer came from Slashdot central about their relationship with Roland. I find it hard to believe that each and every story of his gets accepted, while the rest of us have a much less success rate.

Re:excellent

[DoctorVic]

While that sounds all fine and dandy, if I understand this technology, it is not wireless. I am sure that the military could come up with some amazingly devious ideas with this, but I do not think this would be one. How could you transmit a stream of photons bearing the encryption to a remote location out of line of sight without some type of optical cable and maintain an error rate of around 9%? I am sure they have some other shit worked up for that!!!

How can Roland have any +ve Karma?

[weighn]

look at the ratings on his comments [slashdot.org].

Come on slashdot people -- its obvious that none of us like this parasitic-poster.

How often?

[Jobe_br]

So, maybe I haven't been following the news, but have there been many instances of corporate video conferences being tapped/monitored/etc.?!

I understand the need to develop these technologies, but at least admit that there isn't any immediate demand besides possibly military applications. I much rather have someone working on securing ChoicePoint, Lexus Nexus, and a few other large data warehousing systems ... maybe that's just me?

Re:THE TRUTH ABOUT ROLAND PIQUEPAILLE

[Anonymous Coward]

you know, people pay for Readers Digest. I say, If the man has an audence let him do his thing.

secure

[n2networksolutions]

What is secure? Nothing secure today will be secure tomorrow. Jeremy MCSE MCSA CCNA http://www.n2networksolutions.com/ [n2networksolutions.com] Arizona computer consulting

Re:Boycott Roland Piquepaille Stories

[goldspider]

Because SecurityFocus and The Register aren't submitting stories to Slashdot with links to their own websites.

Re:Limitations

[js7a]

If you've got a point-to-point fiber optic cable, then why would you need encryption?

Re:Why?

[Sancho]

Yeah, let's just stop worrying about security and transmit all our attack tactics in the open!

There's always going to be a security risk. The key is minimizing the risk for each component of the system in order to reduce the overall risk. With a setup like this, the network is considered to be 100% secure. Now we can begin to work on the other pieces of the puzzle.

And don't doubt that the government doesn't have sophisticated bug detectors....

Re:secure

[Anonymous Coward]

Unless by "insightful" you mean "complete bullshit", someone is being stupid with the mod points again.

Quantum cryptography is, barring our learning that our conception of physics is not just wrong but dramatically wrong, completely future-proof. It is a means of generating one-time pads (which have been proven totally secure. No, not secure-as-in-you'll-spend-millions-of-years-decodi ng-it secure. Secure as in attempting to brute-force it will generate literally every string of characters with the same size as the original plaintext. "Buy groceries" is totally indistinguishable from "KillPresident" after it's been through a one-time pad. Sure both ends are still going to be insecure (specifically the recipients and the location at which the one-time pad is received, as well as the device on which the decrypted plaintext is displayed), but the points in-between are totally secure, today, tomorrow, and long after that MCSE you're spouting about has lost even the apparent value it has now.

But hey, thanks for adding your "it sounds good so let's say it" uninformed opinion to the discussion!

Re:Hey, would you accept 20K...

[PowerKe]

What's it going to cost to securely install the equipment? Maybe the guys installing it make some modifications so they can get the data before/after the optical link. If you're sending over disks you could send them in small batches. If you have any reason to believe one of them has been compromised, don't use the data on those disks. You'll have to trust the driver or the guys installing the quantum equipment either way.

After you have received the disks you'll have to protect them so no one retrieves the data afterwards, but you'll have to protect your network/quantum link endpoints as well.