If you're looking for the most secure way to send data, quantum cryptography, or to be more specific, quantum key distribution (QKD) is it, according to security experts. Based on the laws of physics, when executed properly, QKD promises iron-clad security since any attempt to steal a quantum cryptographic key not only changes it, but also tips off the sender and receiver. So why not use it to make mobile transactions more secure, if not, hack-proof?
There's a reason commercial QKD hardware is used mainly by large institutions such as banks and government agencies. For starters, quantum cryptography requires expensive equipment that's usually only found in optics labs and that only these large-scale organizations can afford. Secondly, said equipment between sender and receiver has to be carefully aligned so they can detect the transmitted photons, which is extremely sensitive to noise. Just the slightest movement is enough to change their polarization and mess up the encryption, which is why, while the idea of using quantum cryptography in mobile devices is appealing, the reality is a different story.
Issues such as arbitrary hand movements during transactions, device misalignment, and fluctuating light levels would make it impossible, while the cost of the gear involved would make it unaffordable.
However, a new study by University of Oxford scientists, with support from Nokia, shows that these obstacles are not unsurmountable. Using off-the-shelf equipment, they developed a compact and low-cost prototype that can send, via ultra-fast LEDs and moveable mirrors, unbreakable secret keys at a rate of more than 30 kilobytes per second over a distance of 0.5 meters to a terminal, regardless of hand movements.
"The idea is that this gadget would be a mobile object that talks to something that is fixed," says study author Iris Choi, a technology associate for the University of Oxford-led National Quantum Technology Hub.
The device makes use of a reference frame independent (RFI) QKD protocol that allows polarization encoding without the need for a point-to-point link connecting all the polarization bases. In their experiments, the researchers encoded qubits in three polarization bases: horizontal-vertical, diagonal-anti-diagonal, circular left-circular right.
"Only one of those bases needs to have a fixed alignment between the transmitter and the receiver," explain the researchers. "As the circular basis is unaffected by relative rotations of the transmitter and the receiver in polarization encoding, it is therefore used to transmit the secret keys. The two linear bases can have any relative alignment and are used to assess the security parameters of the quantum channel."
The system uses six resonant-cavity LEDs to produce these six optical states, each of which is filtered into a different polarization. A one-nanosecond pulse in a random pattern is produced by one of the channels every four nanoseconds. This is picked up by the six polarized receivers on the other end from their matching LEDs, and the photons are then converted into the key.
To prevent hackers from exploiting the variations in wavelengths to uncover the polarization of each channel, the researchers also equipped both the transmitter and the receiver with filters to mask their different wavelengths. This way, they would all shine with the same color, regardless of their polarization.
However, this still leaves one question: how do you generate a quantum key that will not be compromised by the user's hand motions? The answer lies in a beam-steering system to guide the photons to their intended destination so that the device can transmit a large number of bits in less than a second without losing too many of the particles.
To do this, the researchers first analyzed the fluctuating movements of a spot produced by a person holding a laser pointer and then used them to improve the efficiency of elements such as bandwidth and field of view in the beam-steering system. To ensure a tighter alignment between the transmitter and receiver, as well as further correction for hand movement, the researchers installed an independent LED beacon (of a different color than the QKD ones) and a position sensitive detector (PSD) at each terminal. The latter measures the precise location of the beacon and moves a microelectromechanical systems (MEMS) mirror to align the incoming light with the fiber optics of the detector.
While this proof-of-concept is the first to show that secret keys can be sent securely from a handheld device to a terminal, there's still room for improvement. As the researchers note, the design could be miniaturized further so it can be integrated into mobile phones. Other areas for further study include ways to increase the transmission rate, as well as the range of the device so that it can, for instance, connect with a Wi-Fi hub.
In any case, this demonstration is a step forward for a real-world security application. As it stands, there is an urgent need for a better banking security solution. ATM skimming attacks, for instance, are increasing worldwide, with the US alone experiencing a 546 percent increase from 2014 to 2015, and the global banking industry losing more than US$2 billion annually.
On a related note, quantum cryptography could also help boost the adoption of mobile payments among merchants and consumers by allaying security concerns. According to a study conducted by Oxford Economics and Charney Research, security fears are one of the biggest reasons people in developed countries (as opposed to developing countries like China and India) are reluctant to embrace mobile payments.
Of 2,000 consumers surveyed across 10 countries, including the US, UK and Germany, 55 percent believed that mobile money is less secure than a physical wallet; 70 percent worried about their information being stolen; and 74 percent said they were more likely to use it if there was greater protection against fraud losses. Quantum cryptography could very well be the solution to this issue, but as the Oxford researchers note, technology costs will have to be kept low in order to ensure mass adoption.
The study was published in Optics Express.
Source: The Optical Society