Secure Video Conferencing via Quantum Cryptography 163
Roland Piquepaille writes "If you use a webcam to talk with your mom, this tool is not for you. But if you're working for a company and that you have to routinely discuss about sensitive future projects or the possible acquisition of another company, you need more security, and this new video conferencing system based on quantum cryptography is a tool you need. According to this article from Nature, researchers from Toshiba have developed a system which can generate 100 quantum 'keys' every second, fast enough to protect every frame in a video exchange. This technology, which today is working over a distance of about 120 kilometers, could become commercially available within two years at an initial cost of $20,000. This overview contains more details and references."
The Star Wars Kid could have used this (Score:4, Funny)
Re:The Star Wars Kid could have used this (Score:1)
Hey Roland, I'm violating your copyright! SUCK IT! (Score:5, Interesting)
Secure Video Conferencing via Quantum Cryptography [primidi.com]
If you use a webcam to talk with your mom, this tool is not for you. But if you're working for a company and that you have to routinely discuss about sensitive future projects or the possible acquisition of another company, you need more security, and this new video conferencing system based on quantum cryptography is a tool you need. According to this article [nature.com] from Nature, researchers from Toshiba have developed a system which can generate 100 quantum 'keys' every second, fast enough to protect every frame in a video exchange. This technology, which today is working over a distance of about 120 kilometers, could become commercially available within two years at an initial cost of $20,000. Read more...
Here is the introduction from Nature.
Of course, today's videoconferencing tools using conventional encryption are already pretty secure. But if the NSA wants to check your conversation, I betit can. With quantum cryptography, this is a different story.
The Quantum Information Group [toshiba-europe.com] at Toshiba gives more details on this subject on this page about Security from Eavesdropping [toshiba-europe.com]. Below is a diagram illustrating the concept (Credit: Toshiba's Cambridge Research Laboratory).
The first commercial applications of quantum cryptography are now about one year old. However, this new system offers new levels of performances, according to Nature.
Toshiba has already built a Quantum Cryptography Prot [toshiba-europe.com]
excellent (Score:2)
Re:excellent (Score:3, Interesting)
Sure, it might use slightly more bandwidth than this, but come on, for that price....
Re:excellent (Score:1)
Re:excellent (Score:3, Informative)
Three words: Remote Military Applications. The benefits of this technology to the military stretch far beyond normal and even ultra secret communications; they could remotely control battle robots, or even properly equipped tanks, without fear of interference or subversion. This is especially interesting considering the latest drones in use by the US military.
You can find a lot of people to fight your wars, but they are expensive to train, unreliable, and to gain experience they need to risk serious inj
Re:excellent (Score:3, Insightful)
Re:excellent (Score:2)
First, you want to prevent the enemy from being able to jam your communications. This means you want some frequency hopping built in to your communications. This increases the amount of power needed by the enemy jammer by an amount equal to:
(hopping bandwidth)/(signal bandwidth)
The GPS system has a signal bandw
ECHELON is d00m3d! (Score:2)
told NSA/DoD/DHS to "read between the lines".
The USA's Dept. of Commerce is going to have a much
tougher time helping US-based companies to compete
in the world market if this techology becomes mainstream.
Not very cost effective, yet (Score:1, Insightful)
But I guess you could get the best of both worlds, by storing your OTP on Quantum hard disks. Nyuk, nyuk.
Hey, would you accept 20K... (Score:2)
I'd guess it can cost much more to SECURELY deliver anything from point A to point B...
Paul B.
Re:Hey, would you accept 20K... (Score:2, Insightful)
What's it going to cost to securely install the equipment? Maybe the guys installing it make some modifications so they can get the data before/after the optical link. If you're sending over disks you could send them in small batches. If you have any reason to believe one of them has been compromised, don't use the data on those disks. You'll have to trust the driver or the guys installing the quantum equipment either way.
After you have received the disks you'll have to protect them so no one retrieves th
It the carrier is intercepted (Score:1)
THE TRUTH ABOUT ROLAND PIQUEPAILLE (Score:3, Informative)
Roland Piquepaille's Technology Trends serves online advertisements through a service called Blogads, located at www.blogads.com. Blogads is not your traditional online advertiser; rather than base payments on click-throughs, Blogads pays a flat fee based on the level of traffic your online journal generates. This way Blogads can guarantee that an advertisement on a particular online journal will reach a particular number of users. So advertisements on high traffic online journals are appropriately more expensive to buy, but the advertisement is guaranteed to be seen by a large amount of people. This, in turn, encourages people like Roland Piquepaille to try their best to increase traffic to their journals in order to increase the going rates for advertisements on their web pages. But advertisers do have some flexibility. Blogads serves two classes of advertisements. The premium ad space that is seen at the top of the web page by all viewers is reserved for "Special Advertisers"; it holds only one advertisement. The secondary ad space is located near the bottom half of the page, so that the user must scroll down the window to see it. This space can contain up to four advertisements and is reserved for regular advertisers, or just "Advertisers".
Before we talk about money, let's talk about the service that Roland Piquepaille provides in his journal. He goes out and looks for interesting articles about new and emerging technologies. He provides a very brief overview of the articles, then copies a few choice paragraphs and the occasional picture from each article and puts them up on his web page. Finally, he adds a minimal amount of original content between the copied-and-pasted text in an effort to make the journal entry coherent and appear to add value to the original articles. Nothing more, nothing less.
Now let's talk about money. Visit BlogAds to check the following facts for yourself. As of today, December XX 2004, the going rate for the premium advertisement space on Roland Piquepaille's Technology Trends is $375 for one month. One of the four standard advertisements costs $150 for one month. So, the maximum advertising space brings in $375 x 1 + $150 x 4 = $975 for one month. Obviously not all $975 will go directly to Roland Piquepaille, as Blogads gets a portion of that as a service fee, but he will receive the majority of it. According to the FAQ, Blogads takes 20%. So Roland Piquepaille gets 80% of $975, a maximum of $780 each month. www.primidi.com is hosted by clara.net (look it up at Network Solutions ). Browsing clara.net's hosting solutions, the most expensive hosting service is their Clarahost Advanced ( link ) priced at £69.99 GBP. This is roughly, at the time of this writing, $130 USD. Assuming Roland Piquepaille pays for the Clarahost Advanced hosting service, he is out $130 leaving him with a maximum net profit of $650 each month. Keeping your website registered with Network Solutions cost $34.99 per year, or about $3 per month. This leaves Roland Piquepaille with $647 each month. He may pay for additional services related to his online journal, but I was unable to find any evidence of this.
All of the above are cold, hard, verifiable facts, except where stated otherwise. Now I will give you my personal opinion
Re:THE TRUTH ABOUT ROLAND PIQUEPAILLE (Score:1)
You think any of the other sites slashdot links to dont collect advertising revenues?
Even if its 'not a worthwhile service' Its NOT costing you anything, its information being shared, even if hes doing it for profit it's not at the readers expense.
Why should slashdot not accept GOOD submissions just becuase someones collect advertising revenues?
Its not Hurting the
Until your post I hadn't heard of or noticed anythin
What about PhysOrg? (Score:2)
Re:THE TRUTH ABOUT ROLAND PIQUEPAILLE (Score:5, Informative)
benjamin_pont's Recent Submissions
Title
Quantum leap in secure web video
Datestamp
Friday April 29, @02:09PM Rejected
Cross post an MLP to Kuro5hin.org to fight the man (Score:2)
This way, you get your chance to "break" the story first, and there is no cabal of editors to shut you down. If you put in some effort and do full story, you can even be the article that Slashdot itself links to, like the ID story posted the other day.
Re:THE TRUTH ABOUT ROLAND PIQUEPAILLE (Score:1)
----
Video conferencing gets quantum security Thursday April 28, @04:27PM Rejected
Maybe Roland Piquepaille is Timothy. (Score:1)
Mod parent DOWN (Score:1)
Re:Mod parent DOWN (Score:2)
Re:THE TRUTH ABOUT ROLAND PIQUEPAILLE (Score:1)
Re:THE TRUTH ABOUT ROLAND PIQUEPAILLE (Score:2, Insightful)
Re:THE TRUTH ABOUT ROLAND PIQUEPAILLE (Score:1)
In fact, it pretty much looks like you just copy and pasted this comment from a previous comment, isn't it?
Re:THE TRUTH ABOUT ROLAND PIQUEPAILLE (Score:2)
Well, the censorware.org story is disturbing, but it isn't the Slashdot organization that did that, it was someone who also happens to work for Slashdot. And I don't really understand what you mean about Slashcode internals. It's open-source, right? Can you give some info to back up the innuendo?
Re:THE TRUTH ABOUT ROLAND PIQUEPAILLE (Score:1)
He means this post [slashdot.org] from 2 years ago, where all users who modded in that thread were banned from moderation, and the whole thread was modded -1. The post itself was moderated over 800 times. More info here [kuro5hin.org]
Re:THE TRUTH ABOUT ROLAND PIQUEPAILLE (Score:2)
Well, at the least that explains the "Suck It" post. Although I can see differing opinions existing regarding this practice, I don't believe the parent is a troll. Whatever I decide about Piquepaille, this is the first I've heard about him, and I find the information to be of value. I personally don't have a problem with someone else paying this guy. I doubt many
Re:THE TRUTH ABOUT ROLAND PIQUEPAILLE (Score:2)
Do you think my browser shows the ads?
billy - who has NEVER clicked an ad
Roland, here comes your killer (Score:1)
Well, /. submission FAQ warns about such a thing and asks me not to get pissed but to blame my stars, so I was mentally prepared for this.. but this Ronald unmasking brought an interesting thing..
what if one constantly sees a site like freshnews [freshnews.org], would it not increase the probability of a story getting posted.. I mean it has all sites from cnet to techdirt to porn-tec
Re:THE TRUTH ABOUT ROLAND PIQUEPAILLE (Score:2)
Not for webcam chatting with your mom... (Score:2)
Re:Not for webcam chatting with your mom... (Score:1)
Re:Not for webcam chatting with your mom... (Score:1)
But, eventually, if you are somewhere, talking and being seen by a camera, "they" will listen in on you, before your data enters the webcam. You'll have to move around, and take the $20,000 device with you. They'll still find you. Spy stuff.
Consider the Alantic Wall. [versatel.nl]
Didn't stop the Allies.
Re:Not for webcam chatting with your mom... (Score:2)
this isn't exactly stealthy as you'd need a DEDICATED SINGLE line of cable between the two points, otherwise, using this won't make any sense whatsoever. You can't route it, you can't do anything with it.
That's the whole point really
MPAA has got to be into this... (maybe?) (Score:1)
Not only the company (Score:1, Funny)
Not that the internet has such nefarious uses!
ah.. (Score:5, Funny)
Re:ah.. (Score:2)
Re:ah.. (Score:2)
Ever see that Sony commercial? [bordergate...otocol.net]
Great til machine/user is virused/wormed/phished (Score:3, Insightful)
Security is only as strong as its weakest link. This invention ensures that the network is not the weakest link. Its a step in the right direction, but other components are still pretty vulnerable.
Re:Great til machine/user is virused/wormed/phishe (Score:1)
Just becase they can (Score:2, Insightful)
Perhaps this is a 'just because we can' technology which ignores the 'should we?' question. (or, I lack the vision to see how this is useful
Re:Just becase they can (Score:1)
Re:Just becase they can (Score:2, Interesting)
So, why the need for 100 keys per second? One key at the start of the stream should be enough.
If the quantum channel were fast enough, I'm sure they'd want to use it to send the video directly. Since it isn't fast enough, they're doing the next best thing: Send the encrypted video over traditional (possibly hackable) channels, then send the keys 'securely' using quantum tech.
Rotating the key for every 1/100 sec minimizes the damage in case some of the video is decrypted: the hacker would only be able
Re:Just becase they can (Score:1)
Re:Just becase they can (Score:2)
I've always wondered if this is susceptible to a DoS attack, though.
Re:Just becase they can (Score:1)
The reason that quantum cryptography is "hack-proof" is that it's based on one-time pads; it just uses quantum physics to avoid the key distribution problem. The security of one-time pads, of course, depends on them being used only one time; there has to be a separate random bit used to scramble every bit of the video. Thus, the "100 keys per second" basically just means that each key is long enough to completely encrypt o
Re:Just becase they can (Score:1)
"100 keys per second" seems to imply that they use a standard symmetric crypto(AES) and just send the much smaller 128-256b keys over the quantum channel(via afforementioned one-time pad).
Re:Just becase they can (Score:2)
Re:Just becase they can (Score:2)
Re:Just becase they can (Score:3, Informative)
Re:Just becase they can (Score:1)
Bandwidth (Score:1, Interesting)
Limitations (Score:5, Interesting)
For this to be really useful, you would need to be able to send the photons via satellite, something which is hard as the interaction with the environment along the way can destroy the entangled state. This would probably be interpreted the same as eavesdropping, further muddling the water. Physicists are indeed trying to get this to work, but it may take some time.
Re:Limitations (Score:3, Insightful)
Is Roland a script ? (Score:4, Insightful)
because his "articles" sure read like them, check out a google search on this phrase
This overview contains more details and references [google.com]
perhaps Roland should spend his time and get a proper job (or perhaps nobody will employ him) and actually contribute something new to the internet instead of just leeching from others hard work.
Re:Is Roland a script ? (Score:2)
It would help you guys would stop adding to the post count for his stories by bitching about him. I wonder how many extra Slashdot ads are served when he posts a story.
Boycott Roland Piquepaille Stories (Score:5, Insightful)
There are a lot of us here who object to Roland Piquepaille's well-documented practice of using Slashdot to direct readers to his site and thereby generate ad revenue for himself.
Roland Piquepaille contributes none of his own work (it's ALL derivative of others' efforts), and Slashdot is more than willing to sell their readers out to this character.
So the next time a Roland Piquepaille-submitted story comes up, don't read it. Don't post replies. Don't even acknowledge that the story is there.
It's time we send Slashdot the message that we don't like being taken advantage of in this manner.
Re:Boycott Roland Piquepaille Stories (Score:5, Insightful)
Re:Boycott Roland Piquepaille Stories (Score:2)
The problem right now is that complaints about him end up only in the comments. Maybe if there's enough external attention, the powers at VA might reconsider their policies.
Re:Boycott Roland Piquepaille Stories (Score:1)
> kuro5hin, and got enough votes to make it on the front page.
It would mean another tedious, pointless, whiny article on Kuro5hin, representing just one more reason never to go there.
Re:Boycott Roland Piquepaille Stories (Score:2)
Re:Boycott Roland Piquepaille Stories (Score:2)
How are you being taken advantage of? He, like this site and numerous others, gather news they find interesting and aggregate it.
"Roland Piquepaille contributes none of his own work (it's ALL derivative of others' efforts), and Slashdot is more than willing to sell their readers out to this character."
Again, see here [slashdot.org]
I've heard he used to never document who he got his information from which is wro
Re:Boycott Roland Piquepaille Stories (Score:2)
True enough; Roland is certainly not doing anything wrong (seriously).
Nor is Slashdot doing anything wrong by transparently funding Roland's work-free lifestyle through it's immediate publication of anything Roland submits.
I've come around on this. It's not as is anyone seriously considers
How can Roland have any +ve Karma? (Score:2, Insightful)
Come on slashdot people -- its obvious that none of us like this parasitic-poster.
Re:Boycott Roland Piquepaille Stories (Score:5, Interesting)
Both The Register and SecurityFocus show ads, and they're just rehashing some company's PR spam and profiting from readers. But this is all academic -- the more interesting question is why you don't seem to find it objectionable that the bulk of these articles, even if from reputable places, ARE ads themselves?
Re:Boycott Roland Piquepaille Stories (Score:2, Insightful)
Not Mature (Score:1)
A price tag of $20000 is not justifiable over 120km. You can drive that distance in a couple of hours, and that is a) cheaper and b) enables face-to-face interaction.
I wonder whather they are really expecting anyone to buy such a system, or rather they just really want to stir interest on the technology instead.
Its not really an advancement in cyrptography (Score:3, Interesting)
Basically what they are saying is their system has several thousand keys instead of just one. But that does not make the underlying transmission any more secure. If it is possible to brute force one key, it is possible to brute force many keys.
All they are doing is making it less pratical to use a brute force attack. I'd classify this as being closer to a "security through obscurity" technique rather than a real advancement.
Now if they sent the entire data stream using quatum bits, that would be something different.
Re:Its not really an advancement in cyrptography (Score:2)
Um, no. You might be able to brute force a single key, if you've got a supercomputer handy and a few months to spare. But brute forcing x keys will take x times as long.
With this technique, even if you did force a key, that'd only get you single lousy frame, which is a helluva lot more secure than the old way, where you would have gotten the whole stream. Now, to get the next frame, you've got to repeat the cracking proc
Re:Its not really an advancement in cyrptography (Score:1)
The only way brute forcing works is for an algorithm based encryption system with a given key. You try all the possible inputs of that key until the algorithm decrypts the text to something meaningful. With a one-time pad, the key is the same length as the encrypted text and each bit of the key is XORed to each bit of the cleartext. Si
Re:Its not really an advancement in cyrptography (Score:2)
The "quantum cryptography" bit is only to stop you from intercepting the keys, in the same way that PGP doesn't apply public-key encryption to the whole message, only the keys to a symmetric cypher.
As such, the 256 bit keyspace is eminently brute forceable.
Re:Its not really an advancement in cyrptography (Score:1)
Re:Its not really an advancement in cyrptography (Score:2)
What happened to Oscar? (Score:2, Funny)
Single photons do not split, so if the hacker (Eve) measures the photons on the fibre, they will not reach the intended recipient (Bob).
IIRC, "Oscar" was the traditional (wo)man-in-the-middle. If this new "Eve" is hot, she can have all the photons she wants.
Re:What happened to Oscar? (Score:1)
Everyone got kind of bored of nefarious villains with names beginning with 'O'.
Why? (Score:5, Insightful)
While I applaud the research and find the technology cool, I don't think a lack of decent encryption technology is the weakest link with regards to security.
Re:Why? (Score:3, Insightful)
There's always going to be a security risk. The key is minimizing the risk for each component of the system in order to reduce the overall risk. With a setup like this, the network is considered to be 100% secure. Now we can begin to work on the other pieces of the puzzle.
And don't doubt that the government doesn't have sophisticated bug detectors....
Those issues have always existed (Score:2)
I disagree. I think it is eminently practical (assuming, of course, the actual hardware is practical). Issues wit
How presumptuous! (Score:2)
But you don't know what Mom and I do over the webcam. She's SO Hot in those fishnet stockings!
Just kidding. I have no mother.
Let's use a buzzword! (Score:5, Informative)
Basically, they are trying to generate enough keys so any succesful breaking of the cipher used gets only one frame of video. The only "exciting" part is they are using quantum cryptography to do this. However, this is like using a sledgehammer to push in a thumb tack - It uses a lot more hardware, and isn't the easiest or best method.
Another way to do this would be to conduct a large number of Diffie-Hellman key exchanges [rsasecurity.com] or STS exchanges, (one for each frame), and use the new key for each frame.
Or, even easier, both sides could use identical Linear Feedback Shift Registers to generate the same keys that they need. They cost way less than $20k and since a compromise of the system at either end would destroy the privacy afforded by the quantum encryption, just as secure.
Or, they could exchange one-time pads on a DVD and use the bits on there as the key. If my math is right, then a 4GB CD could hold enough keys for over 1100 hours of video, assuming a 256 bit key and 30 frames/sec. Exchanging 2 or 3 DVDs a year (if that) doesn't seem unreasonable.
None of these methods require a dedicated fiber line connecting the two groups. It can be performed over regular Ethernet if the groups want to. Translation: I can use it to talk to someone more than 120km away.
This isn't to say that some groups wouldn't want quantum security for something - if I was a Swiss bank that made daily transfers of a billion dollars to a German or Italian or French bank, then sure, I should spend the extra couple hundred k for an obscenely secure system.
This also begs the question of why encrypt each frame differently? Since it is VIDEO, then something in the picture is probably important - like a PowerPoint slide or graph or something. Since a presenter usually spends a minute or two on each slide, this means that an attacker would only need to decrypt one out of every 1800 slides (assuming 30 frames/second) to get the information they wanted. I think that it is a good idea to change keys as often as possible, but you have to ask what is the benefit for the added cost/overhead. In this case, I don't think it is very much.
So nice use of the "quantum cryptography" buzzword, but bad application of crypto technology in general.
Re:Let's use a buzzword! (Score:1)
Re:Let's use a buzzword! (Score:2)
Diffie-Hellman slightly less secure (Score:2, Informative)
Diffie-Hellman and all other nominal one-way functions haven't been proven secure - it could well be possible that one-way functions don't exist, in which case all security based on them is worthless. Even if OWFs do exist and Diffie-Hellman is one it is still breakable in exponential time, which is vulnerable if quantum computers (or equivalent) are developed, and could potentially be vulnerable to a specially-designed supercomput
How often? (Score:3, Insightful)
I understand the need to develop these technologies, but at least admit that there isn't any immediate demand besides possibly military applications. I much rather have someone working on securing ChoicePoint, Lexus Nexus, and a few other large data warehousing systems
Go back to middle school, Roland Piquepaille (Score:1)
Wow.
How can an educated person write garbage like that? I would expect something similar from a 5th grader.
secure (Score:1, Insightful)
Re:secure (Score:1, Insightful)
Quantum cryptography is, barring our learning that our conception of physics is not just wrong but dramatically wrong, completely future-proof. It is a means of generating one-time pads (which have been proven totally secure. No, not secure-as-in-you'll-spend-millions-of-years-decod i ng-it secure. Secure as in attempting to brute-force it will generate literally every string of characters with the same s
Um, what about a VPN? (Score:2)
That way you could use MSN, iChat, Jabber, whatever over PPTP, IPSec, or whatever floats your boat.
Let me know if I'm way off base here.
Thanks,
Aardwolf
Re:Um, what about a VPN? (Score:1, Informative)
With quantum cryptography, an attack it basically impossible, as any attempt to intercept the communications (tapping the fiber) causes an interruption to the photons, and the entire exchange stops.
For the most part, using a VPN with stron
Pfft, that won't last for long. (Score:1)
Potential problem (Score:4, Funny)
Internet Joke (Score:1)
Are we forgetting something (Score:1)
done research on this:
http://www.vad1.com/qcr/present-attacks-via-optica l-loopholes-erlangen-200409/present-attacks-via-op tical-loopholes-erlangen-200409.pdf [vad1.com]
There goes my confidence for quantum cryptography.
Re:Are we forgetting something (Score:1)
Oh great... (Score:2)
I can just see the look of astonishment, $20,000+ later, and Fred in IT still can't get the conference call thingy to work...
Looks like they will have some work on their hands... finding a use that justifies the cost, as well as finding customer's who think spending that kind of money for a phone call is justified. Look at all the companies that are losing custom
Broken yet? (Score:1)
Quantum Key Distribution (Score:2)