- Hackers and protection from them gets into the centre of national politics.
- Elections in the US or in France have shown that some countries may employ hackers if there is a chance to influence the election.
- Development of systems for sensitive data protection is therefore of a key importance for both scientists and commercial companies.
- If security codes are incorrectly programmed, they can be detected just by monitoring the computer's sound or its power consumption.
"The world of computers keeps changing; governments and large agencies estimate that quantum computers will become widely available in the horizon of 20 years. They can break the secret codes used today to protect sensitive data. To communicate safely in the future via computers and the Internet, and to keep the data we are encrypting today protected even in 20 years’ time, we need to get ready for it. We have to create completely new codes", explains Tomas Fabšič, Ph.D. a graduate of the STU Faculty of Electrical Engineering and Informatics, Bratislava.
Tomáš won the Student Personality Award 2017. He studied at the University of Warwick and the University of Cambridge. He completed his PhD at the Slovak University of Technology in Bratislava under the supervision of Professor Otokar Grošek, who is devoted to cryptography - a scientific discipline dealing with the development of codes for data protection. The current topic in cryptography is the design of quantum-resistant codes, so called post quantum cryptography.
Professor Grošek’s team in the FEI STU has won an international competition where the acceptance rate is just about 10% and is currently starting the investigation within the new NATO project - Science for Peace and Security: Secure Communication in the Quantum Era. The goal is to design new secure encryption systems for the post quantum era in specific areas.
“Our aim is to design, analyse and implement secret key solutions for security agreement between ad hoc groups of participants. Currently, there is no replacement for the so called Diffie-Hellman-Merkle protocol to change a secret key resistant to quantum computer attacks. Novel solutions require greater memory and considerable time. In addition, future limitations regarding the memory and energy requirements are difficult to presume. Our international project team will seek an acceptable solution to this problem within the group communication. Group communication represents the discussion forums where groups try to avoid mutual “tapping” and “renegading”. Analogy with the military field is clear”, says Professor Otokar Grošek.
This is not the first NATO supported project of the team that had yet been involved in the Secure Implementation of Post-Quantum Cryptography project aimed at developing higher security secret codes and testing possibilities of their secure implementation. The project results have raised interest abroad, and, in 2016, Assoc. Professor Pavol Zajac was invited to Oslo for a workshop organised by the Norwegian Defence Research Establishment to present on the security code implementation to the Norwegian experts.
For secure encryption, the code must be correctly implemented in the computer. An inappropriate implementation may alternatively lead to an attack on an otherwise secure code. For example, the Israeli team from Technion, Tel Aviv University and the Weizmann Institute of Science have recently revealed a secret key to the RSA asymmetric code commonly used today, just by tapping the noise produced by the computer during decryption.
Team of the Slovak University of Technology in Bratislava have repeated the experiment. "We managed to replicate the acoustic attack on the RSA cryptosystem code, which was published by an Israeli research team. We, just like the Israeli scientists, used the fact that RSA code was carelessly implemented in the cryptographic library. This allowed us to perform an attack. If the RSA code is implemented professionally, performance of such an attack is impossible. In case of careless implementation of codes, the information on secret key may be specified based on the physical expressions of the computer during decryption. The attacks enabling to monitor physical behaviour of computer are called side-channel attacks, first described by an American cryptographer Paul Kocher (Paul Kocher) ten years ago. The attacks can be performed to get e.g. timing information, power consumption, electromagnetic leaks or changes in the electromagnetic field around the computer during the time the computer performs decryption. Moreover, the Israeli team discovered that even sound measurement could provide an extra source of information, which can be exploited for attack. The Israeli scientists proved that their attack could be performed just using a conventional smartphone microphone put next to your computer by the attacker", says Tomáš Fabšič.
The RSA code, however, will slowly become a history; quantum computers will break it without difficulty. The US National Institute of Standards and Technology has published the Report on Post-Quantum Cryptography, emphasizing the threat of quantum computers and calling for the development of secret codes for future. It is a key security issue; a quantum computer is currently being developed in the NASA and Google laboratories, as well as in the countries such as China or Russia.