Computers are ultimately not very intelligent things. They can only really do what they are told to do and this also means they see what they get told to see. This is why there is always the danger of someone simply setting up their laptop on a public network, that doesn’t have proper security, and having their laptop announce “I am a router.” Computers will simply believe this statement and so will start sending information to this laptop which can copy any data before sending it on its way. This is why entity identification is such an important part of cryptography, making sure it is certainly the individual you think it is.
Identification can be done in three primary ways: Information that an individual should know (a password); an object the individual should possess (an authorisation card); or something inherent about the individual (a fingerprint). Some more dynamic authentication protocols involve the server or host constantly sending strings of numbers that are mathematically combined with, say, the user’s password or any set code that has to be kept secret. The resultant combination is returned and the server checks that this matches its own prediction of what the combination should be. If a discrepancy occurs the connection is likely being faked.
Of course a would-be hacker, who is monitoring all communication lines carefully, can have the ability to clone any communication and information given the time and resources. Attempting to develop an authentication protocol that is resistant or maybe even immune to cloning is the long term goal. One of the finest successes is that of the physical unclonable keys. These are physical keys developed in an optically scattering random medium which can then be probed with light pulses to detail the key. These keys are effectively random and unrepeatable as there are so many random variations and defects in each one. However, a wily hacker, realising they can’t reproduce the key, will simply alter the reading taken from it. If the malcontent has access to the light probes they will be able to fake and manipulate their output information with impunity.
The solution to this problem, as suggested by today’s paper, is to carry this information in the quantised electromagnetic field of the probe instead. Due to Heisenberg’s uncertainly principle the data encoded this way would be protected as the components of the electric field cannot be accessed simultaneously while knowing them to infinite accuracy. Even if an attacker tried to grab what data they could, they would have to disturb the quantum state of the probe to do so and so would be almost instantly noticed. The technology required to design this scheme is already possible and so this could possibly be the way entity authentication goes in the future.