Aerosol Posted December 19, 2014 Report Posted December 19, 2014 SECURITY RESEARCHERS are making use of quantum physics to create fraud-proof credit cards.Called Quantum-Secure Authentication (QSA), the technology means hackers cannot determine what the information is. It centres on single particles of light, or photons, and their ability to encode data and exploits a property of photons that allows them to effectively be in multiple places at once, a phenomenon described in quantum physics."We experimentally demonstrate quantum-secure authentication (QSA) of a classical multiple-scattering key. The key is authenticated by illuminating it with a light pulse containing fewer photons than spatial degrees of freedom and verifying the spatial shape of the reflected light," explained the researchers in an Optica journal.Quantum-physical principles forbid an attacker from beign able to discern the incident light pulse so that they cannot emulate the key by digitally constructing the expected optical response, even if all information about the key is publicly known.The researchers explained that QSA uses a key that cannot be copied due to "technological limitations" and is also secure against digital emulation. It also does not depend on secrecy of stored data, nor upon unproven mathematical assumptions, being relatively simple to implement with current technology, the security experts claimed.Malwarebytes's head of malware intelligence, Adam Kujawa, said that while the Database could be hacked and the pairs could be stolen, the keys would not be in a form that could be digitally reproduced and therefore, virtually useless to the attacker."The problem is that even if the attacker were to obtain a correct challenge response, for a single challenge, it would be impossible for them to recreate that response in a way that would authenticate due to the properties of Quantum Physics," Kujawa said."In addition, they would need to know that the challenge response would be used again in a lock that has dynamically generated keyholes."Kujawa explained that the amount of effort required to ensure that any key would make it through authentication for a single QSA would require numerous tries and having access to both the client and server, something like that would throw flags faster than a working key could be calculated."Authentication at that point would be impossible," he added, suggesting that this technology could mean a future of truly secure data.Source Quote
