igor - Fotolia

Q
Get started Bring yourself up to speed with our introductory content.

# Can quantum key distribution improve smartphone and tablet security?

## Application security expert Michael Cobb explains how quantum key distribution works, and whether it is a viable method of improving the security of smartphones and tablets.

I've read quantum key distribution (QKD) will help secure smartphones and tablets. Can you explain what QKD is and how it can help improve mobile security?

Anyone wishing to send an encrypted message has the problem of securely passing the key needed to decrypt the message to the recipient. In the past, this has involved using trusted couriers, diplomatic bags or some other channel -- all of which required making prior arrangements before the message could be sent. This "key exchange problem" was solved with the development of public key cryptography and the Diffie-Hellman method of exchanging cryptographic keys. These are widely used for securing communications over the Internet and Wi-Fi, as they allow two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.

Public key cryptography depends upon the existence of so-called "one-way functions" (or mathematical functions) that are easy to compute, but their inverse function is relatively difficult to compute (such as mathematical problems inherent in certain integer factorization, discrete logarithm and elliptic curve relationships). As computer processing power increases, so must the difficulty of these functions -- otherwise what was once a secure method of exchanging keys becomes susceptible to attacks. This is why Microsoft and others are forcing a move to 2048-bit keys as longer keys provide stronger encryption. The National Institute of Standards and Technologies speculates that 2048-bit keys will be valid up to about the year 2030.

However, note that public key cryptography can't provide any indication of eavesdropping or guarantee of key security, so if an attacker can break in on the key distribution process, they can circumvent the need to solve a mathematical problem to obtain the key.

Quantum key distribution relies on the foundations of quantum mechanics to provide key security as well as a way to detect eavesdropping attempts on the key exchange process. By exchanging bits encoded in a quantum system (typically a photon), two parties can generate a shared random secret key known only to them to encrypt communications. If a third party tries to obtain the key during this process, it must measure the photons, which will disturb the system and introduce detectable anomalies. This opens up the possibility to have a communication system that inherently detects eavesdropping.

The reason QKD is not widely used in enterprises is because of the cost of equipment and the lack of a real threat to existing key exchange protocols -- although this assumption may need revisiting in the light of revelations about the NSA's activities.

In addition, how far QKD can help improve mobile security is unclear. Miniaturizing the hardware involved isn't a long-term problem, nor will boosting its performance. However, detectors sensitive enough to measure individual photons tend to be expensive. A simple client/complex server model would shift most of the burden to a central server while requiring less expensive hardware from the client (such as a single-photon source to send randomly generated bits directly into an optical fiber connected to the server). The infrastructure for fiber-optic networks exists in many countries, but cost and convenience will determine which sorts of devices end up benefiting from this form of encryption. It's not entirely clear how much value there is in a handheld device that needs to be plugged into a fiber-optic cable for security.

Perplexed about application security? Send Michael Cobb your questions today! (All questions are anonymous.)

#### Next Steps

View this guide on mobile encryption techniques

This was last published in October 2014

#### Start the conversation

Send me notifications when other members comment.

## SearchCloudSecurity

• ### Defining and evaluating SOC as a service

As cloud use increases, many enterprises outsource some security operations center functions. Evaluate if SOCaaS is the best ...

• ### Get to know the elements of Secure Access Service Edge

Cloud services use cases continue to expand, but implementation challenges remain. Discover Secure Access Service Edge, or SASE, ...

• ### Boost security with a multi-cloud workload placement process

IT must incorporate a multi-cloud workload placement process into its multi-cloud strategy in order to maintain or improve cloud ...

## SearchNetworking

• ### U-turn in network market forecast amid coronavirus pandemic

IDC predicts the global market for switches and wireless LAN products will fall in 2020, with revenues from switches below last ...

• ### 802.3cg standard extends single-pair Ethernet range and speed

IEEE 802.3cg is a single-pair Ethernet standard that aims to support speeds up to 10 Mbps, extend Ethernet range up to 1,000 ...

• ### 4 lasting effects of growing remote workforces on networks

In this roundup of network blogs, explore expert advice on increasing remote workers' efficiency, potential lasting effects of ...

## SearchCIO

• ### Successful digital ecosystems depend on cloud services

Business models are changing in the digital age, requiring companies to create sometimes unexpected partnerships, enabled by the ...

• ### Contract risk management: Focus on these 6 areas

Inspecting vendor contracts for risk is increasingly important as CIOs scramble to stay nimble in a volatile economy. ClearEdge ...

• ### How to write an RFP and statement of work for an IT services contract

Master how to write an RFP and statement of work to get the IT services you need using these best practices from consulting firm ...

## SearchEnterpriseDesktop

• ### 3 Mac remote management software options for enterprise use

IT pros may be forced to manage remote macOS desktops, so they should understand the options they have for remote desktop ...

• ### COVID-19 sparks software licensing issues with remote users

Organizations face a range of issues with the spread of COVID-19, including how to support a newly remote workforce. Learn how to...

• ### How zero-trust authentication and architecture have evolved

Zero-trust architecture has spread across the enterprise security software market, so IT pros should understand the latest ...

## SearchCloudComputing

• ### 7 Google Cloud database options to free up your IT team

Moving data to a cloud database is an effective way to optimize cost and performance for applications. Review seven of Google's ...

• ### Microsoft Azure capacity woes don't signal the worst

Microsoft Azure experienced capacity issues in Europe, with some users unable to spin up VMs. The company is taking 'proactive ...

• ### 4 hybrid cloud use cases that can help enterprises

A hybrid cloud can be more trouble than it's worth, but that doesn't mean your IT team shouldn't consider it. Learn about the ...

## ComputerWeekly.com

• ### How subpostmasters made legal history with biggest referral of potential miscarriages of justice

Subpostmasters seeking redress of prosecutions at the hands of an IT system force the biggest ever UK referral of cases of ...

• ### Coronavirus: Smartphone production to plummet 20%, over \$25bn lost in roaming revenue

Two studies reveal the huge hit on the mobile device and service industry that is likely to be caused by the Covid-19 outbreak

• ### IR35 reforms: Chancellor slammed for dig at self-employed tax habits during coronavirus briefing

Rishi Sunak under fire for making a veiled reference to self-employed people needing to pay their “fair share of tax” during the ...

Close