Apr 20, 2006

Quantum encryption - The new security frontier

What has Werner Heisenberg got to do with computer security? A lot, actually. Quantum encryption technology is maturing fast enough to replace the current encryption technologies employed in today's digital systems, and the best thing about this is that, it is theoretically unbreakable. The final frontier in security may not be too far.

We will go back to what Heisenberg has got to do with all of this. Werner Heisenberg, in 1927, discovered a very interesting property of elementary particles. Based on his experiments, he concluded that it was impossible to accurately measure the position and momentum of an elementary particle simultaneously. The key word is 'accurately'; you can predict either one accurately, but the other one would lend itself only with a degree of uncertainty. [Uncertainty principle]

Coming back to the normal world, current encryption technologies almost invariable use keys - public key encryption is the most preferred. However improbable breaking this security system may seem, with enough computing power on a parallel-processing system, it is possible to compromise the security by the classic "brute-force" attack.

Quantum encryption is immune to this because the photonic stream which carries the data is ruled by the Uncertianty principle and anyone trying to intercept the stream will alter the state of the photons in a way that it will be detected. Thus, in theory, it is impenetrable and can be proven mathematically.

Quantum encryption and NIST breakthrough

Apr 10, 2006

IBM joins the hardware encryption club

Let us face it. The world we live in is not a very secure one. You are not safe, nor is your precious data. Everyone, from multinational corporations to ordinary citizens doing their banking on the Net is paranoid when it comes to data security. And maybe it is this paranoia that is getting the big computer makers out there to build more and more hardware with built-in security. Soon after Intel's announcement of LaGrande technology that integrates encryption into the central processing functions, IBM is following suit with its SecureBlue system.

According to CNN, IBM researchers are of the opinion that as long as the CPU, essentially the brain of the computer and the encryption engine are two different systems, hackers can get in between the two and cause enough harm or steal whatever data he needs. Intel's implementation uses something known as a Trust Platform Module (TPM) and Apple's new Intel-based PCs are rumoured to carry these (Read more).

Hardware security, then again, is only as good as the chip designers have made it. Unlike software which can be upgraded for bug fixes or updated to include more features and tighter security, hardware implementation is something only the designers know about and is essentially a black box. If we believe that it is truly secure, our security is only as strong as that belief.

One interesting point noted in the article is the comment of Bruce Schneier, founder of Counterpane Internet Security Inc., on the new security system: "Security is a chain and it's as strong as its weakest link. They're talking about taking a very strong link and making it a little bit stronger, at best. Maybe."

Apr 8, 2006

DRM and hardware security

Did you just get a new Mac with an Intel chip inside or are you planning to get one soon? If so, you might find this article interesting.

I don't know a lot about how TPM (Trusted Platform Module) technology works, but if this article is even half right, you may think twice before getting that Mac.

The one thing in the article that caught my attention was the reference to the EFF's (Electronic Frontier Foundation) analysis of the Trusted Computing initiative, in which a significant portion of security implementations are based on hardware. (Read more about it here.)
It opens a very fundamental question - is hardware security really secure? Just consider the following hypothetical situations :

1. The hardware version has implementation errors - This is something very serious because it basically means you will have to throw out your whole hardware to ensure that it is secure. If the software had bugs or glitches, you can always replace it with an upgrade or a completely different system, much like changing the firmware of your cellphone. You would never even know this until you come up with something like what Intel faced with the Pentium FDIV bug. (And it wasn't pretty.)

2. The hardware vendor intentionally creates backdoors - This is an unlikely scenario, but far more dangerous than the previous one. While the former possibility would arise only when discovered by somebody accidentally and then find ways to misuse it, this option gives the vendor known pathways into the system. The possibilities of abuse are endless and I wouldn't even want to imagine what the vendor could do with such a kind of privilege.

I am no Mac expert and I wouldn't know RISC from CISC, but if the article is pointing to something really fishy, I would rather stay with my PC for now.