Taken from Issue 20.
For nearly as long as we have been creating objects of value, we have been developing ways to keep them safe. Being a relatively untrusting species has meant that we have invested a significant amount of time developing security measures to keep our belongings out of the hands of other people. Apart from simply hiding objects or constantly looking after them, a method was required to secure objects from the prying hands of our neighbours. The result was the lock and key.
The first locks to be created were made from wood and thought to be in use around 4000 years ago. They worked in a way that is not too dissimilar from the locks and keys we currently use, employing a series of pins that drop into a corresponding series of openings in a bolt. Whilst the lock and key hasn’t always stopped the most determined of thieves, they have done a pretty good job of keeping us and our valuables safe so far.
But as we move further into the Digital Age, the emphasis in security has moved on from protecting tangible objects to securing the zeroes and ones that make up our digital assets. Not only have digital products such as music and film been the target of digital piracy, but sensitive information stored digitally has also come under threat, and is a growing area of concern for individuals and organisations alike.
RSA, one of the main algorithms used for cryptography, is essentially the digital equivalent of the padlock. It is based on the factoring problem – the supposed difficulty of factoring the result of two large prime numbers multiplied together. The product of the two prime numbers is known as a public key and can be used by anyone to encrypt a digital file. However, only the person with the private key – which contains the original prime numbers – can decrypt the file. The principal of RSA was recently thrown into question by researchers in Switzerland who have discovered a way to uncover the original prime numbers for a small fraction of public keys, putting around 200,000 embedded devices, such as routers, at risk.
The next big hope for digital cryptography is the exploitation of the effects of quantum mechanics to provide unconditional security. The use of quantum mechanics guarantees that any attempt to read quantum data disturbs that data, putting out the alert that the data has been interfered with. But quantum cryptography may not be as infallible as once thought. Researchers in Canada have recently shown that, in practice, quantum hacking could go undetected at the level the quantum keys are distributed.
It seems that as long as our digital systems rapidly continue to become more complex, digital security will have to adapt quickly and may struggle to keep up.
Image: Peter Larkin