Bank transfer via quantum crypto

Ian Grigg iang at systemics.com
Sun Apr 25 14:47:25 EDT 2004 

Ivan Krstic wrote:

> I have to agree with Perry on this one: I simply can't see a compelling 
> reason for the push currently being given to ridiculously overpriced 
> implementations of what started off as a lab toy, and what offers - in 
> all seriousness - almost no practical benefits over the proper use of 
> conventional techniques.


You are looking at QC from a scientific perspective.
What is happening is not scientific, but business.

There are a few background issues that need to be
brought into focus.

1) The QC business is concentrated in the finance
industry, not national security.  Most of the
fiber runs are within range.  10 miles not 100.

2) Within the finance industry, the security
of links is done majorly by using private lines.
Put in a private line, and call it secure because
only the operator can listen in to it.

3) This model has broken down somewhat due to the
arisal of open market net carriers, open colos, etc.
So, even though the mindset of "private telco line
is secure" is still prevalent, the access to those
lines is much wider than thought.

4) there is eavesdropping going on.  This is clear,
although it is difficult to find confirmable
evidence on it or any stats:

   “Security forces in the US discovered an illegally installed fiber
   eavesdropping device in Verizon’s optical network. It was placed at a
   mutual fund company…..shortly before the release of their quarterly
   numbers”   Wolf Report March, 2003

(some PDF that google knows about.)  These things
are known as vampire taps.  Anecdotal evidence
suggests that it is widespread, if not exactly
rampant.  That is, there are dozens or maybe hundreds
of people capable of setting up vampire taps.  And,
this would suggest maybe dozens or hundreds of taps
in place.  The vampires are not exactly cooperating
with hard information, of course.

5) What's in it for them?  That part is all too
clear.

The vampire taps are placed on funds managers to
see what they are up to.  When the vulnerabilities
are revealed over the fibre, the attacker can put
in trades that take advantage.  In such a case,
the profit from each single trade might be in the
order of a million (plus or minus a wide range).

6) I have not as yet seen any suggestion that an
*active* attack is taking place on the fibres,
so far, this is simply a listening attack.  The
use of the information happens elsewhere, some
batch of trades gets initiated over other means.

7) Finally, another thing to bear in mind is that
the mutual funds industry is going through what
is likely to be the biggest scandal ever.  Fines
to date are at 1.7bn, and it's only just started.
This is bigger than S&L, and LTCM, but as the
press does not understand it, they have not
presented it as such.  The suggested assumption
to draw from this is that the mutual funds are
*easy* to game, and are being gamed in very many
and various fashions.  A vampire tap is just one
way amongst many that are going on.



So, in the presence of quite open use of open
lines, and in the presence of quite frequent
attacking on mutual funds and the like in order
to game their systems (endemic), the question
has arisen how to secure the lines.

Hence, quantum cryptogtaphy.  Cryptographers and
engineers will recognise that this is a pure FUD
play.  But, QC is cool, and only cool sells.  The
business circumstances are ripe for a big cool
play that eases the fears of funds that their
info is being collected with impunity.  It shows
them doing something.

Where we are now is the start of a new hype
cycle.  This is to be expected, as the prior
hype cycle(s) have passed.  PKI has flopped and
is now known in the customer base (finance
industry and government) as a disaster.  But,
these same customers are desparate for solutions,
and as always are vulnerable to a sales pitch.

QC is a technology who's time has come.  Expect
it to get bigger and bigger for several years,
before companies work it out, and it becomes the
same disputed, angry white elephant that PKI is
now.

If anyone is interested in a business idea, now
is the time to start building boxes that do "just
like QC but in software at half the price."  And
wait for the bubble to burst.

iang

PS:  Points 1-7 are correct AFAIK.  Conclusions,
beyond those points, are just how I see it, IMHO.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list