Q
Get started Bring yourself up to speed with our introductory content.

# Can quantum key distribution improve smartphone and tablet security?

## Application security expert Michael Cobb explains how quantum key distribution works, and whether it is a viable method of improving the security of smartphones and tablets.

I've read quantum key distribution (QKD) will help secure smartphones and tablets. Can you explain what QKD is...

and how it can help improve mobile security?

Anyone wishing to send an encrypted message has the problem of securely passing the key needed to decrypt the message to the recipient. In the past, this has involved using trusted couriers, diplomatic bags or some other channel -- all of which required making prior arrangements before the message could be sent. This "key exchange problem" was solved with the development of public key cryptography and the Diffie-Hellman method of exchanging cryptographic keys. These are widely used for securing communications over the Internet and Wi-Fi, as they allow two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.

Public key cryptography depends upon the existence of so-called "one-way functions" (or mathematical functions) that are easy to compute, but their inverse function is relatively difficult to compute (such as mathematical problems inherent in certain integer factorization, discrete logarithm and elliptic curve relationships). As computer processing power increases, so must the difficulty of these functions -- otherwise what was once a secure method of exchanging keys becomes susceptible to attacks. This is why Microsoft and others are forcing a move to 2048-bit keys as longer keys provide stronger encryption. The National Institute of Standards and Technologies speculates that 2048-bit keys will be valid up to about the year 2030.

However, note that public key cryptography can't provide any indication of eavesdropping or guarantee of key security, so if an attacker can break in on the key distribution process, they can circumvent the need to solve a mathematical problem to obtain the key.

Quantum key distribution relies on the foundations of quantum mechanics to provide key security as well as a way to detect eavesdropping attempts on the key exchange process. By exchanging bits encoded in a quantum system (typically a photon), two parties can generate a shared random secret key known only to them to encrypt communications. If a third party tries to obtain the key during this process, it must measure the photons, which will disturb the system and introduce detectable anomalies. This opens up the possibility to have a communication system that inherently detects eavesdropping.

The reason QKD is not widely used in enterprises is because of the cost of equipment and the lack of a real threat to existing key exchange protocols -- although this assumption may need revisiting in the light of revelations about the NSA's activities.

In addition, how far QKD can help improve mobile security is unclear. Miniaturizing the hardware involved isn't a long-term problem, nor will boosting its performance. However, detectors sensitive enough to measure individual photons tend to be expensive. A simple client/complex server model would shift most of the burden to a central server while requiring less expensive hardware from the client (such as a single-photon source to send randomly generated bits directly into an optical fiber connected to the server). The infrastructure for fiber-optic networks exists in many countries, but cost and convenience will determine which sorts of devices end up benefiting from this form of encryption. It's not entirely clear how much value there is in a handheld device that needs to be plugged into a fiber-optic cable for security.

Perplexed about application security? Send Michael Cobb your questions today! (All questions are anonymous.)

#### Next Steps

View this guide on mobile encryption techniques

This was last published in October 2014

## Content

Find more PRO+ content and other member only offers, here.

#### Have a question for an expert?

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

#### Start the conversation

Send me notifications when other members comment.

## SearchCloudSecurity

• ### How cloud access security brokers have evolved

Cloud access security brokers keep being acquired by bigger security companies. Expert Rob Shapland looks at how these ...

• ### SQL injection attacks: How to defend your enterprise

SQL injection attacks threaten enterprise database security, but the use of cloud services can reduce the risk. Here's a look at ...

• ### Cloud security lessons to learn from the Uber data breach

Any organization that uses cloud services can learn something from the 2016 Uber data breach. Expert Ed Moyle explains the main ...

## SearchNetworking

• ### Ruckus SmartZone to get IoT module

Ruckus plans to release a suite of technology for companies that want to support IoT devices on the WLAN. The suite includes an ...

• ### What are the top information security objectives for CISOs?

Bloggers delve into CISO information security objectives, Juniper's new product release and how self-sufficient networking teams ...

• ### Considerations for buying an application delivery controller

Before you buy an ADC device, learn which features you should look for and what questions you should ask prospective application ...

## SearchCIO

• ### Cybersecurity's shortage of skills leaves IT projects vulnerable

A recent study found that as IT projects proliferate, cybersecurity's shortage of skills is leaving tech vulnerable. Analyst and ...

• ### Relentless AI cyberattacks will require new protective measures

AI cyberattacks won't be particularly clever; instead, they'll be fast and fierce. Carnegie Mellon University's Jason Hong ...

• ### Deep learning algorithms power startup's beauty database

Deep learning algorithms are changing how we drive cars and navigate outer space. What about saving our skin? Silicon Valley ...

## SearchEnterpriseDesktop

• ### How to establish Windows 10 security baselines

IT should consider following Microsoft's Windows 10 security recommendations in the Security Compliance Toolkit to better protect...

• ### VMware Workspace One helps Western Digital organize 3,000 apps

The application portal in VMware Workspace One allowed IT to streamline app delivery, and the product's cloud-based model proved ...

• ### Three PC lifecycle management options IT should consider

IT pros can use PCs and laptops until they stop working, or they can set up a lifecycle management plan that retires them after a...

## SearchCloudComputing

• ### Prepare and manage enterprise apps for an IaaS model

A growing number of businesses see the value in infrastructure as a service. But without careful app migration and management ...

• ### Multi-cloud management still a work in progress for IT teams

Multi-cloud deployments are a mixed bag, providing both business value and complex management challenges. Fortunately, a number ...

• ### Bare-metal cloud services lure legacy workloads off premises

For some enterprises, bare-metal services in the cloud act as a crucial steppingstone to an IaaS deployment, and providers, ...

## ComputerWeekly.com

• ### GDPR is having positive impact on privacy profession, says IAPP

The EU’s new data protection rules are driving greater interest in the privacy profession, and provide an opportunity to develop ...

• ### More than a quarter of UK shoppers prepared for wearable contactless payments

Mastercard research shows a growing number of shoppers are prepared to make purchases with smartwatches, rings and bracelets

• ### Cloud DR: Key choices in cloud disaster recovery

Flexibility and low cost make the cloud well-suited to disaster recovery, but there is no one-size-fits-all route to cloud ...

Close