In a world where the reliance on electronic data transmission and processing is becoming every day more prevalent, it is of critical importance for organizations to guarantee the integrity and confidentiality of mission critical information exchanged over communication networks.
Contrary to a false perception, intercepting information transmitted over an optical fibre cable – an optical fibre is a thin glass fiber which transmits light to carry information – is not only possible but also not very difficult in practice. “Tapping a fibre-optic cable without being detected, and making sense of the information you collect isn’t trivial but has certainly been done by intelligence agencies for the past seven or eight years” explains John Pescatore, VP of Security at the Gartner Group and a former US National Security Agency analyst. “These days, it is within the range of a well-funded attacker, probably even a really curious college physics major with access to a fiber-optics lab and lots of time on his hands” adds Pescatore. Bending an optical fibre is indeed sufficient to extract light from it. Optical taps are readily available from a variety of manufacturers and inexpensive.
Optical fiber cables have replaced copper cables for all high bandwidth links and they become every day more prevalent in the telecommunication networks worldwide. Organizations almost certainly rely on optical fibers to transmit some, if not all, of their information. Because of this vulnerability, optical links carrying critical information must be identified and protected with appropriate countermeasures.
As telecommunication links are intrinsically vulnerable to eavesdropping, cryptography is routinely used to protect data transmission. Cryptography is a set of techniques that can be used to guarantee confidentiality and integrity of communications. Prior to its transmission, information is encrypted using a cryptographic algorithm and a key. After the information has been received, the recipient reverses the process and decrypts the information. Even if he intercepted the encrypted information, an eavesdropper would not be able to gain knowledge about it without knowing the cryptographic key.
Current cryptographic techniques are based on mathematical theories. In spite of the fact that they are very widespread, they do not offer a foolproof security. They are in particular vulnerable to increasing computing power and theoretical advances in mathematics. These techniques are thus inappropriate in applications where long-term confidentiality is of paramount importance (financial services, banking industry, governments, etc.).
Quantum cryptography was invented about twenty years ago and complements conventional cryptographic techniques to raise security of data transmission over optical fibre links to an unprecedented level. It exploits the laws of quantum physics to reveal the interception of the information exchanged between two stations. According to the Heisenberg Uncertainty Principle, it is not possible to observe a quantum object without modifying it. In quantum cryptography, single light particles – also known as a photons – which are described by the laws of quantum physics, are used to carry information over an optical fibre cable. By checking for the presence of disturbance, it is possible to verify if a transmission has been intercepted or not. Because of this, quantum cryptography was identified in 2002 by the MIT Technology Review and by the Newsweek magazine as one of the ten technologies that will change the world.
This technology can be used to exchange keys between two remote sites connected by an optical fibre cable, and to confirm their secrecy. The keys are then used with secret key algorithms to securely encrypt information. With such an approach it is possible to guarantee future-proof data confidentiality based on the laws of quantum physics. Its deployment on critical links allows thus to raise the information security level of an organization.