Internet – The Unknown Wild
Have you ever imagined what happens the moment your computer connects to the Internet? Its like your pet entering the wild – a zone of unknowns – friends, foes, hackers, crackers, frauds, spams, scams, purchase, sale, banking, phishing – all waiting to hack into your computer and steal your personal data.
Distinguishing between good and bad has never been more important than it is today on the Internet. There are hackers bombarding your computer with pings and telnets to detect open ports and other vulnerabilities, there are phishers trying to fool you into believing their fraud website to be your banking website, there are spammers who are talking to you as if they are your dearest and nearest friends, and using your bandwidth, mailbox size and time to make money…. And So..
Trust is the Keyword and the Lock icon assures that
Security is an integral part of all sensitive information sent over the Internet. Be it your credit card number, your personal profile, your mail accounts, your banking details, your search history, your preferences – all need to be secured. One single letter s which makes http exchange secure (https) makes all the difference.
Even though http or normal unsecured internet is the most common mode of sending and receiving data on the internet, if not for https (the famous lock icon indicating a secure connection) which protects your sensitive information, Internet would not have been what it is today.
Remember the initial skeptical days? The days when people thought a 100 times to enter their credit card number while making an online transaction over a website? Remember all those hacking news where hackers stole thousands of credit card numbers? Internet had a very bad reputation for commercial transactions in its initial days.
But as encrypting methods got more and more stronger, and as it became more and more difficult to crack encrypted data being sent over the Internet via https links (the secure layer) Internet became the most preferred medium for commercial transactions all over the world.
The Game of Encryption
Encryption is not an easy game. If you are able to guess the direction of encryption ie to guess the steps used to encrypt data, then following a reverse direction of those steps would enable to quickly decrypt the encrypted data.
Say for instance I want to encrypt a sentence by replacing every alphabet with its next alphabet – like replace a with b, b with c….. z with a. Now this is a pretty simple method not only to encrypt but also to decrypt. Just read a simple paragraph encrypted using the above method, and by looking out for common small word patterns like “if”,”it”,”is”,”a”,”an”,”the” etc you would be able to easily guess the method used to encrypt data and then decrypt it by doing the reverse ie replace b with a, c with b etc.
Now any hacker sitting out there somewhere in between the broad band connection lines or at some router, and trying to fish for sensitive information being exchanged can get hold of the encryption method quite easily in the above case and can collect loads of sensitive information every hour! All the encryption done goes for a toss!
So any such above encryption methods – no matter how complicated they are – wont work, since a dedicated guy out there will finally crack it. Patience and Persistence is the Key, and with the help of a bit of programming (infact a lot of it), it becomes even more easier to crack the code. Computers can after all outperform humans in mathematical calculations. Well yes, our brains are tuned to perform well to survive in the wild, not to calculate well! On the other hand, computers need not worry about surviving – as humans will take care about their survival – they just need to sit and calculate :)
So the way out for having safe and secure encryption over the Internet was to create an encryption whose decryption CANNOT be calculated by human beings in their life time. Say calculating whether a 1000 digit number is a prime number or not. Well, humans cannot do that lengthy calculations, isn’t it?
Now the next challenge was that, if not humans, computers would do that. So if you use one computer to create a very complicated encryption, then the hacker would use another computer to crack it. Probably the hacker might even get a better faster computer to crack the encryption!
So the challenge was to easily encrypt data, but at the same time also make decrypting the data so complicated that even the best of the modern day computers should take thousands of years to decrypt it (if they are not the intended recipients of the data). But how can the intended recipient computer of the data be identified from the hacker computers present all over the internet?
Well, tell a secret code to the intended recipient before sending out the data, and by using the secret code – decrypting of the received encrypted data should be possible within fraction of a second for the intended recipient. The hacker computers will not have the secret code and the encryption done is very complicated and hence will require thousands of years to try out all possible mathematical combinations to crack the encrypted data (which is called the Brute force method where in all possible combinations are tried out).
But we just need to make sure that our secret code is securely stored in the intended recipient before we send it the encrypted data. Now what if the hackers hack the secret code itself when we are sending it over the internet??
The requirement now becomes a little more complicated. The secret code which can be used to crack the encryption should not be sent everytime to the intended recipient computer. Infact it should never be sent over the Internet at all!! It should already be present on the Intended recipient. Something like sending it over an ordinary post :)
SSL Certificates
And that is what is called an SSL certificate or a security certificate which will already be present (installed) with the secret code on the Intended recipient. The secret code which is never sent over the Internet is called the private key, private meaning “never to be revealed outside”.
The encryption is done using a different secret code called the “public key” and can be used by anybody who wants to send encrypted information to the intended recipient. This encrypted data can be quickly and easily decrypted ONLY if the receiving computer has the corresponding private key. Else even the world’s most powerful computer today will have to spend thousands of years trying to crack the data. And the more lengthier you make the key, the more difficult it becomes to crack it, which is why we have 128 bit encryption, 256 bit encryption etc. The longer the given equation, the more difficult is calculus :)
So the next time you do a commercial transaction over the Internet over a secure layer, remember that your browser has received the public key from your banking server which already has its private key securely stored, and your browser uses the public key to encrypt the data being sent out to the banking server, which then decrypts the data received using its private key. Any other hacking computers which sniffed or read the encrypted data will have to work for thousands of years without sleep to break into your bank account, and I am sure you wont mind that.
ALLZ WELL till now. Without knowing the private key even the most powerful computer today will require thousands of years to crack a 256 bit encryption.
Why Not Secure all connections over the Internet?
Well, the first thing is that security costs money. And where money is not involved, not many spend money. Take this blog for instance, there is no sensitive information being published here, just some opinions of a jobless mind, and what is the need to secure this? Infact the articles are meant for everybody to read, not for any specific person or group, and so what is the point in securing information which in the first place is meant for public consumption?
Now the second and more important aspect is that, encrypting and decrypting costs time – more computing time slowing down the reading process, obviously enough a proper sentence can be read quickly compared to the same sentence being jumbled up with letters scattered here and there like – genmdirmayusevu
Enter Quantum Computing
As the name itself suggests, quantum computing is computing using the principles of quantum mechanics? Wrong.
The present day computers and all modern electronics use the principles of quantum mechanics without which computers would have never existed. And yet the present day computing is called Classical Computing.
Quantum Computing is doing computing at the level of quantum particles, like say using molecules as hard disks to store memory, protons and neutrons as processors and so on.
Ever since computers were invented, the race was to make them faster and faster. As the famous prediction by one of Intel’s founders Gordon E. Moore goes, “The processing speed or processing power of computers double every two years”.
And to make the processing faster, the circuits in the processors have to be made smaller and smaller allowing for more circuits to fit in without delaying data exchange speed, we have reached Giga hertz of speed from our ancient kilo hertz of speed. The parallel data carying capacity needs to be continuously increased as well, from 8 bit to present day 64 bit computers.
Now as you make your circuits smaller and smaller, obviously its not possible to do this forever became at some point of time you reach molecular dimensions where the actual atoms of the circuit start appearing!!
And this level, computing is not possible if we dont apply quantum mechanics because – Quantum Mechanical principles rule at Quantum Level. None of the principles from our school textbooks are applicable at this atomic level.
Now the fundamental difference between classical and quantum computing is that, when we say a 8 bit is present in a classical computer – its just any single value of a 8 bit data – like say 11111111 or 11011010 and so on.
But in quantum computing when we say a 8 bit information is present, what it actually means is that the same memory is storing ALL POSSIBLE VALUES which are 8 bit long!! What’s more, while you can do only a single calculation with a single set of information at a time in our present classical computing, in quantum computing on the other hand all possible calculations on that given data can be performed at the same time!!
And now here comes the threat to present day Internet Security.
If I were to have a quantum computer today, I would be able to crack and decrypt all the encrypted sensitive data that is being passed out in millions of numbers over the Internet today! Quantum computers can process data in fraction of a second, which present day computers would take thousands of years to process!! So while weather reports might get highly accurate when calcualted using quantum computing, the present day Internet security would simply vanish if quantum computers get attached to the Internet. Guessing the private key described above would be a child’s game to quantum computers.
So what next? Quantum Security?
Present day security principles simply cannot be applied to quantum computers. Any encryption, no matter how complicated or tedious will be cracked by quantum computers. So the only way out is to use quantum mechanical principles to secure data in an Internet full of quantum computers. And that is labeled Quantum Security.
So what is this Quantum Security?
Quantum mechanics is a completely different science where in as Niels Bohr once said, “If you say that you understand quantum mechanics, then you dont understand it”, or as John Wheeler said, “If you are not confused by quantum mechanics then you dont understand it”.
The major difference between other sciences and quantum mechanics is that
1. Uncertainity exists in all measurements of quantum mechanics and is a fundamental aspect of the quantum mechanical universe. In newtonian physics one can find both position and speed of a car at the same time, but not in quantum mechanics where in the more accurately you measure one property, the less accurate becomes the value of the other related property.
2. Observation impacts the outcome of the experiment. This is called the collapsing of the wave function. Unlike in the classical physics where no matter one observes an experiment or not, the result of the experiment remains the same. But in quantum mechanics there are no observers, all observers are participants here, and that is because mere observation of an experiment can lead to a completely different result.
The second aspect above is what will be used in Quantum Security. Mere observation of the data in transmission by a hacker will alter the data which can then be recognized by the recipient as a hacking attempt and the recipient can decide to abort the data transaction by informing the sender.
So how exactly does it work?
Quantum Entanglement is the key here. This is a quantum mechanical feature where in if you have two entangled particles (say like very close twins), and if you observe one particle no matter how far it is from its entangled twin, the property of the observed particle will change due to observation and this would cause the entangled twin to change its property correspondingly. And this happens instantaneously, no matter how far the two particles are.
So how do we use this in Quantum Security?
First the sender will generate a random secret key and send it to the recipient over the public internet using entangled polarized photons. Any observation in between by an eaves dropper will alter the key value in transition and the value received by the recipient will not match with the value which the sender originally sent. This is because any observation causes the photons to get polarized in the state they were measured in and the original information is lost.
So when the recipient sends back the secret key based on the received photons, the sender would observe that it is different from what it had actually sent to the recipient and so in this case the entire transaction would be aborted, and a new secret key will be generated by the sender and sent once again.
Once the key received back by the sender matches the original value which the sender had sent to the recipient, the key is said to have been securely transmitted to the recipient and is then used to transmit the remaining data.
NOTE: Practically speaking it is possible that the recipient uses a different basis to do the measurement of the photons than the one that was originally used by the sender to polarize it. So after receiving back the key from the recipient, the sender will again send the basis used to polarize each photon and the recipient will send back to basis used to measure the polarization of each photon, and the accuracy of the key will be checked only for those photons for which both the sender and receiver used the same basis to create and measure.
So it is actually a two step communication between the sender and the reciever
1. Sender sends the encrypted key in the form of entangled polarized photons
2. Recipients received the photons and measures the key value by measuring the polarization
3. Recipient sends back the measured key value ie the polarization values
4. Sender sends the basis on which each photon was polarized in
5. Recipient sends the basis on which each photon’s polarization was measured in
6. Sender compares the values of only those photons for which both the sender and receiver used the same basis to create and measure the polarization. Any discrepancy in these values means there is a possible eaves dropping by a third party and in that case the transaction is aborted and is started afresh.
What is interesting to note here is that, Internet security today relies on the inability of today’s computing machines to calculate and break the encryption key trying out all possible combinations, basically they make use of a lack of formulae to calculate prime numbers in mathematics :)
Where as in quantum security the principle used is that of detecting any attempt to read the security key being transferred and aborting all future data transfer in such case.
So while today’s classsical computing is like building a door strong enough so that the burglar cannot break in, quantum computing is all about identifying the very arrival of the burglar and raising an alarm!
Does this mean that quantum security will be as secure as the security today? Well, yes :)
Hacking is possible even today and so will be in the days of quantum mechanics, just how much can we trust the security statistically is of prime importance. Say one a million transactions are getting hacked today, it would be an acceptable level of security, and so would it be in the days of quantum computing, and there would always be a scope for improvement and thirst for perfection.
Happy Quantum surfing the Internet in the future.
Copyright secured by Digiprove © 2010
great article! thank you from austria ;)
Thank you for such an enlightening article on internet security. Loved your detailed explanation of encryptions/decryptions currently used in regards to personal information traffic on the internet. We as users perform functions by clicking here and clicking there but little do we realise the processes that go on which are out of our sight and definitely not within our means to comprehend. You have done a brilliant job of putting it in plain English where ever you could so the messages hit home. I have never heard of Quantum computers before and bet they would have arrived in the shops and perhaps into our homes without us noticing any major difference. It is so good to get a glimpse of the technology behind such inventions and Gurudev, you have done a marvelous job with this article, thank you, always appreciated
Surely the biggest problem for security will be the point when the first quantum computers are deployed, at which time all other security become obsolite. How long would it take the world to catch up and deploy quantum security everywhere.
Surely the biggest problem for security will be the point when the first quantum computers are deployed, at which time all other security become obsolite. How long would it take the world to catch up and deploy quantum security everywhere.
Surely the biggest problem for security will be the point when the first quantum computers are deployed, at which time all other security become obsolite. How long would it take the world to catch up and deploy quantum security everywhere.
Surely the biggest problem for security will be the point when the first quantum computers are deployed, at which time all other security become obsolite. How long would it take the world to catch up and deploy quantum security everywhere.
Surely the biggest problem for security will be the point when the first quantum computers are deployed, at which time all other security become obsolite. How long would it take the world to catch up and deploy quantum security everywhere.
Surely the biggest problem for security will be the point when the first quantum computers are deployed, at which time all other security become obsolite. How long would it take the world to catch up and deploy quantum security everywhere.
Guess the quantum security should be in place before the first quantum computers arrive, just like parachutes were invented before aeroplanes :)
Else all banks and credit card companies will have to close shops.
Hi Gurudev,
I am writing for the first time however, i must be one of the regular vistor to your website.
When you say ” Take this blog for instance, there is no sensitive information being published here, just some opinions of a jobless mind, and what is the need to secure this? Infact the articles are meant for everybody to read, not for any specific person or group, and so what is the point in securing information which in the first place is meant for public consumption?”. I beg to differ slightly, even though the encryption is not required but ensuring security is quite vital. The security issues such as cross-site scripting and SQL injection are still posing the security risk. Because these might breach the integrity of the information posted and deface the website. The risk gets compounded by the fact that your website is quite interactive.
Regards,
Vineet
Read more @ HitXP » Quantum Computing and the Future of Internet Security – by Gurudev
Thanks for your comments Vineet. yes very true, security should always be a part of the core design and not an aftermath decorative layer. I was only talking here in terms of the need to encrypt data being sent from the server to the browser. For public information like a blog which anybody can read there is no need to encrypt the data, data security is required only for private or personal information like account details, one-to-one messages etc. That is what I meant :)
A truly secure computer on the internet is the one which has its network cable physically removed – and of course no wireless card either ;)
Thanks again Gurudev for the reply and quick updates in the content :)
Thanks for observing that Sainath, yes it was misleading a bit, have updated that part completely trying to be more detailed, the difficulty with explaining quantum mechanics is that to explain it completely you need to be more and more technical in the description which I was trying to avoid :)
Thanks Gurudev for the quick :D reply…. ;)
In your reply the most IMP sentence is
“This is because you can read it correctly ONLY ONCE after which the wave function is SAID to COLLAPSE.”
I feel this sentence should be the part of the main content….
but again to add to or clear my confusion
Only Once means when sender has created it he has observed it that time only the wave function should get collapsed.. before recipient receives the key.. ??
And
the 2nd question arose because of below statement –
“Once the key received by the recipient matches with the value sent by the sender, the key is said to have been securely transmitted to the recipient and is then used to transmit the remaining data”
Nice article http://www.hitxp.com/articles/software/quantum-computing-internet-security-rsa-https-public-private-cryptography/
RT @hitxp: Quantum Computing and the Future of Internet Security http://bit.ly/aBpKIq
Gurudev,
Immediate Paragraph below line or question (So how do we use this in Quantum Security?),
I didn’t find it correct or is confusing to me. Can you recheck it or explain it in more detail because
1. if receiver also tries to observe the key, the key should change and vice-versa as per the quantum mechanics or entanglement
2. Also how come receiver will have key at first to match with the senders sent key, since it was generated by sender.
might be silly questions :) ?
Sainath,
It goes like this. First sender sends the key, recipient reads it and sends back what he read. Then sender checks whether recipient has sent back exactly what the sender had sent initially in which case it means only recipient has read it.
This is because you can read it correctly only once after which the wave function is said to collapse. So if anybody other than the recipient has read it in between, then recipient upon reading it will not find the correct key which sender sent, and so the recipient will send back the wrong key to the sender in which case the sender will come to know that somebody in between has read the key.
The matching of the key is done by sender, not the recipient.
Hope this clarifies it :)
HitXP » Quantum Computing and the Future of Internet Security http://bit.ly/a4H3jO
Quantum Entanglement is also being used in teleportation experiments.
BTW..the LHC has started chugging along again. Looking forward to some interesting article from you on Higg’s Boson.
Sure Sachin, will definitely write one on Higg’s Boson, have been long waiting to find some time for that :)
Very interesting article. Just that I am still stuck up with the mystery of the instantaneous action at a distance. The EPR Thought Experiment continues to intrigue me and am not yet convinced with Copenhagen Interpretation, though I have come to terms with it.
Yes Sachin, I am not convinced with Copenhagen interpretation either, I strongly believe it is not correct. Instant action at a distance only proves to me that the entire universe is interconnected and physical distances we see are illusions. Remember that this vast universe started as a simple speck and so its possible that all particles and connected to all say via a higher dimension or via some medium unknown to modern science yet.
One of security expert frnd said years ago… nothing is secured in computing world…in true sense…trust is the basis in any transaction…