Tag Archives: security

Government Lab Reveals Quantum Internet Operated for 2 Years

Sparkleoptic

One of the dreams for security experts is the creation of a quantum Internet that allows perfectly secure communication based on the powerful laws of quantum mechanics.

The basic idea here is that the act of measuring a quantum object, such as a photon, always changes it. So any attempt to eavesdrop on a quantum message cannot fail to leave telltale signs of snooping that the receiver can detect. That allows anybody to send a “one-time pad” over a quantum network which can then be used for secure communication using conventional classical communication.

That sets things up nicely for perfectly secure messaging known as quantum cryptography and this is actually a fairly straightforward technique for any half decent quantum optics lab. Indeed, a company called ID Quantique sells an off-the-shelf system that has begun to attract banks and other organisations interested in perfect security.

These systems have an important limitation, however. The current generation of quantum cryptography systems are point-to-point connections over a single length of fibre, So they can send secure messages from A to B but cannot route this information onwards to C, D, E or F.

That’s because the act of routing a message means reading the part of it that indicates where it has to be routed. And this inevitably changes it, at least with conventional routers. This makes a quantum Internet impossible with today’s technology

Various teams are racing to develop quantum routers that will fix this problem by steering quantum messages without destroying them. We looked at one of the first last year. But the truth is that these devices are still some way from commercial reality.

Today, Richard Hughes and his team at Los Alamos National Labs in New Mexico reveal an alternative quantum Internet, which they say they’ve been running for two and half years. Their approach is to create a quantum network based around a hub and spoke-type network. All messages get routed from any point in the network to another via this central hub.

This is not the first time this kind of approach has been tried. The idea is that messages to the hub rely on the usual level of quantum security. However, once at the hub, they are converted to conventional classical bits and then reconverted into quantum bits to be sent on the second leg of their journey.

So as long as the hub is secure, then the network should also be secure.

The problem with this approach is scalability. As the number of links to the hub increases, it becomes increasingly difficult to handle all the possible connections that can be made between one point in the network and another.

Hughes and co say they’ve solved this with their unique approach which equips each node in the network with quantum transmitters—ie lasers—but not with photon detectors which are expensive and bulky. Only the hub is capable of receiving a quantum message (although all nodes can send and receiving conventional messages in the normal way).

That may sound limiting but it still allows each node to send a one-time pad to the hub which it then uses to communicate securely over a classical link. The hub can then route this message to another node using another one time pad that it has set up with this second node. So the entire network is secure, provided that the central hub is also secure.

The big advantage of this system is that it makes the technology required at each node extremely simple—essentially little more than a laser. In fact, Los Alamos has already designed and built plug-and-play type modules that are about the size of a box of matches. “Our next-generation [module] will be an order of magnitude smaller in each linear dimension,” they say.

Their ultimate goal is to have one of these modules built in to almost any device connected to a fibre optic network, such as set top TV boxes, home computers and so on, to allow perfectly secure messaging.

Having run this system now for more than two years, Los Alamos are now highly confident in its efficacy.

Of course, the network can never be more secure than the hub at the middle of it and this is an important limitation of this approach. By contrast, a pure quantum Internet should allow perfectly secure communication from any point in the network to any other.

Another is that this approach will become obsolete as soon as quantum routers become commercially viable. So the question for any investors is whether they can get their money back in the time before then. The odds are that they won’t have to wait long to find out.

Image via iStockphoto, muratkoc

This article originally published at MIT Technology Review
here

Read more: http://mashable.com/2013/05/06/government-lab-quantum-internet/

You Can Now Use LastPass to Log Into Android Apps Automatically

Samsung-hands-on-mwc-117

The Samsung Galaxy S5 runs on Android software.

Password management service LastPass, which stores passwords on a secure online service to automatically log users into websites, has rolled out automatic password entry to Android apps and the smartphone’s Chrome browser.

So for LastPass users on Android, the days of manually entering passwords into apps and websites are over.

“It takes the concept of our desktop functionality — recognizing what page you’re on and looking for a match stored in your vault — but is adapted for the Android accessibility feature,” Amber Gott, a LastPass spokesperson, told Mashable. “Once the option is enabled in the LastPass Android app, LastPass can now ‘see’ when you’re on an app login page, and then can hover and let you know if you have a matching login.”

The news comes just a few weeks after competing password management service PasswordBox enabled a similar automatic entry feature. Previously, LastPass users needed to copy and paste passwords from the LastPass app to log into native apps and sites.

The feature is available for apps on devices with Android 4.1 and later and Chrome on smartphones running 4.3 and later. It also supports Dolphin HD and Firefox mobile browsers, too.

LastPass Netflix

Although the functionality adds a big convenience on Android, it’s unclear if and when the feature will ever come to iOS devices.

“Unfortunately, Apple doesn’t have an equivalent that allows us to hook into the OS and securely deliver users their data,” a LastPass spokesperson told Mashable. “We’re still looking into it and hope that further updates to iOS may allow us to implement something similar.”

Read more: http://mashable.com/2014/03/26/lastpass-autofill-android-app/

Finalists Exhibit Tech for $465 Million Virtual Border Fence

Surveillance-tower1

After holding demonstrations with select vendors, the Obama Administration is expected to pick a contractor by year’s end for a $465 million high-tech border barrier — a key component of any immigration reform deal.

The eight-and-a-half year Customs and Border Protection project aims to dot Arizona with video surveillance turrets that can spot illegal crossings. The “integrated fixed towers” will supersede an earlier attempt at a virtual fence costing more than $1 billion, the Secure Border Initiative network, that relied on many one-size-fits-all interconnected towers. SBInet, conceived in 2005 and cancelled in 2011, was plagued by malfunctioning cameras, delays and cost-overruns.

“One of the unique and innovative approaches of this acquisition strategy is requiring demonstrations during source selection,” CBP spokeswoman Jenny Burke said. “The program has successfully completed the demonstration phase of the source selection process and is preparing for final proposal evaluation.”

A solicitation for bids in April 2012 attracted more proposals than anticipated so CBP pushed the scheduled award date from September to December, agency officials said this week.

Acquisition policies bar CBP from disclosing the number of submissions and the names of the finalists that presented their technologies. According to federal databases, interested vendors included EADS North America and Rapiscan.

The new tech strategy involves deploying “remote sensors on fixed towers, with communications bringing the sensor information back to a geographic display in a command center,” Burke said.

The system must able to generate maps depicting multiple, simultaneous incidents, according to last year’s solicitation. It should automatically flag any humans traveling on foot, being carried by animals or moving in vehicles. Video must be transmitted in near-real-time to CBP personnel at remote workstations so they can dispatch authorities.

The Senate passed an immigration overhaul late last month that would demand a lot more of this type of technology at a high price point, including 50 integrated fixed towers in Arizona; 33 in Texas and three in San Diego. Other reinforcements would include additional drones, thermal imaging systems and night vision goggles. Combined with law enforcement and physical fencing costs, the total border security tab would be $46 billion.

Odds that the Republican-dominated House will approve the same bill are reportedly low because the majority party opposes provisions granting legal status to almost 11 million foreigners here illegally. But the installation of more surveillance towers has drawn rare bipartisan, cross-chamber support.

Some former U.S. immigration officials say the Senate plan overlooks CBP’s accomplishments in high-tech surveillance during the past five years — accomplishments taxpayers have already paid for.

“There is such a great deal of investment that has already taken place along the border, with a tremendous amount of support, bipartisan support, through the appropriations process,” said Doris Meissner, former commissioner of the then U.S. Immigration and Naturalization Service during the Clinton administration. “SBInet really failed and it was a very large expenditure of money, most of which didn’t pay off, but they did learn from it, and they have since been employing these technologies that are available on the market.”

Today’s lawmakers have no real grasp of the ongoing efforts, she said.

The integrated fixed towers project is “an incredible example of the unreality of the debate that’s going on in the Congress as compared to the results and the return on investment,” said Meissner, now a senior fellow at the nonpartisan Migration Policy Institute. “I think that what the Senate has done on border technology is overkill” and largely fueled by politics.

However, government auditors and critics have expressed skepticism that the new plan will outperform SBInet because both initiatives have banked on equipment withstanding harsh terrains.

CBP officials say the second try will use only proven, ready-to-go technologies that can hold up in Arizona’s extreme environmental conditions and that are positioned where cameras have clear visibility.

The recent demonstrations were intended to evaluate each system’s “maturity,” or how prepared the technology is for manufacture and use, according to contracting materials. The trials were conducted to ensure the technology is stable and lives up to what each company proposed.

Image courtesy of United States Customs and Border Protection

This article originally published at Nextgov
here

Read more: http://mashable.com/2013/07/11/tech-virtual-border-fence/

Wear This Ring and a Touchscreen Will Identify You

Wear-this-ring-and-a-touchscreen-will-identify-you-9b03b774fb

Touching and finger-swiping are the dominant method of navigating on hundreds of millions of smartphones and tablet computers. The same touch might soon confirm your identity, too.

A new device dispatches a few bits of data, representing a password, from a special ring on your finger and sends the data as tiny voltage bursts through your skin for capture by the screen of the phone, so that your touch alone identifies you by the code from the ring.

Depending on the application, this could allow rapid switching between settings of people who share the same device, allow a game to distinguish between multiple players using the same screen, replace passwords, or provide an additional layer of protection atop passwords.

Currently a prototype at the Winlab of Rutgers University, the method “opens new directions in user interaction and authentication,” says Romit Roy Choudhury, a computer scientist at Duke University familiar with the research. “Imagine every electronic gadget knowing who you are and ‘adapting’ to your preferences, or even offering you personalized information” simply by knowing your touch, he adds.

Project leader Marco Gruteser, a computer scientist at Winlab, says he hopes to commercialize it within two years. The benchtop device used in the research is clunky, but it will be easy to miniaturize, he says.

The ring, in addition to conveying the information through your skin, can work in other ways as well. It can be applied directly to a touch screen to convey password data faster, or to convey more data for a stronger password.

The technology consists of a battery-powered ring with flash memory that holds a code, and a signal generator that transmits the code as tiny voltage spikes. Touchscreens —already designed to detect voltage changes from fingers touching and moving across the screen — pick up those spikes, and software on the phone reads them as password-like data.

There are other ways for a device to confirm who a user is: biometric-based approaches represent one class. The appeal of the Winlab approach is that so many devices use swiping already, whereas few commercial devices have retina-readers or finger-scanners (Motorola’s Atrix, one exception, includes a fingerprint sensor). A device that would use a voiceprint to identify its user, meanwhile, would require the owner to speak out loud.

A finger-swipe is not only discreet and specific, Gruteser says, it’s something people are already doing. “The key to figuring out who is using a device is to understand who is touching the screen, and that is what our technology can do,” he adds.

Of course, you now have to remember one more thing in the morning — to wear your ring (or whatever other form the token takes). And second, anybody who gets hold of your ring could use it to gain access to your device or settings until you reset the code your device is looking for.

At present, only a few bits of data per second can be transmitted quickly and accurately via such a ring. The equivalent of a pin code takes around two seconds for the ring to transmit, but Gruteser expects to speed that up by a factor of 10 by modifying touch-screen firmware in phones.

This article originally published at MIT Technology Review
here

Read more: http://mashable.com/2012/08/31/rutgers-touchscreen-ring/