Show Sidebar Log in

Protect security online with quantum mechanics

Cryptography is vital today to protect information online and keep it secure, whether that’s for ordinary folks doing online banking and shopping or for commercial organisations and governments wishing to keep commercial and state secrets confidential.

However, the advent of powerful quantum computers might leave such information vulnerable to attack.

To counter such a threat researchers at Bristol University’s Quantum Engineering Technology Labs (QETLabs) have developed tiny microchip circuits which exploit the strange world of quantum mechanics and provide a level of security enhanced by the laws of quantum physics.

These circuits distribute cryptographic keys using the quantum properties of entanglement, superposition and the absolute randomness provided by quantum behaviour, which is reproducible by no other means.

Principal investigator Professor Mark Thompson said: “The system we have developed allows information to be exchanged using single photons of light in a quantum state.

“If an eavesdropper hacks your transmission, they will collapse the fragile quantum states and the system will immediately alert you to their presence and terminate the transmission.”

This work, published in the February issue of Nature Communications, has demonstrated the world’s first chip-to-chip quantum secured communication system, using microchip circuits just a few millimetres in size.

This international collaboration, including researchers from Bristol, Glasgow and Japan’s NiCT in Japan, used commercial semiconductor chip manufacturers to make their devices – in much the same way as Intel pattern silicon to make the latest CPUs.

However, instead of using electricity these miniaturised devices used light to encode information at the single photon level, providing encryption keys with an unlimited lifetime.

The Bristol team has continued developing this technology, demonstrating an innovative design that allows the same functionality in a complementary metal-oxide-semiconductor (CMOS) compatible process, with the work being published in the February issue of Optica, the journal of the Optical Society.

Whereas the initial devices used a more expensive and complex manufacturing approach, these next generation devices are fabricated in standard silicon, paving the way for direct integration with microelectronic circuits.

This will ultimately lead to integration in everyday electrical devices, including laptops and mobile phones.

Marches “broadband” round-up

Russell George AMWelsh Assembly member Russell George, who is chair of the Assembly’s Economy, Infrastructure &Skills Committee, is hosting a Broadband Summit to be held Monday 20th March 2017.

Mr George has been a long-term campaigner for improved broadband coverage in North Powys and at the summit community leaders and representatives from across the area will be able to question the Welsh Government’s Minister for Skills & Science, Julie James AM, who has overall responsibility for the Superfast Cymru fibre broadband scheme.

The Summit follows a recent inquiry into broadband and mobile coverage, held by the National Assembly’s Economy, Infrastructure and Skills Committee.

Commenting on local broadband in his own and other areas, Mr George said: “It remains a significant concern to me that many rural communities across Montgomeryshire appear to be excluded from the fibre broadband upgrade or, at the very least, are at the back of the queue when it comes to receiving superfast speeds.”

“While the Superfast Cymru project has undoubtedly improved the availability of fibre broadband across Wales benefitting both residents and businesses, there are many areas of Montgomeryshire which still find themselves with inadequate broadband with only two thirds of premises able to receive superfast speeds.”

These remarks were also noticed on the eastern side of Offa’s Dyke in the Shropshire Star, which added additional information of recent developments in rural Shropshire, reporting that BT Openreach’s CEO Clive Selley visited areas of north Shropshire to see for himself the problems faced by rural communities, discussing problems in towns such as Market Drayton, Whitchurch and Oswestry.

A further comment on the terrible internet connection speeds in the Marches comes from newly-arrived Shropshire resident and broadcaster/actor Keith “Cheggers” Chegwin, who is quoted by the Shropshire Star as saying, “The mobile signal is fine, I can get 4G here, but the broadband – well, I could run faster than that, it’s so slow,” and, “One minute its 0.25 Mbps, the next its 0.26.”

Malmesbury – fast broadband takes the slow route

Malmesbury's market crossWhenever your correspondent visits Malmesbury in Wiltshire, it has an unhurried air. This is in spite of some past events that happened very quickly but added to its history, such as Eilmer, the local 11th century monk at the local abbey who made an early yet unsuccessful attempt at a gliding flight using wings, or the slightly later (18th century) Hannah Twynnoy, reputedly the first person killed in Britain by a tiger.

However, life in the slow lane is not always appreciated by Malmesbury residents. This is borne out by the Wilts & Gloucestershire Standard which has reported that members of Malmesbury Town Council are less than impressed with BT’s deployment of ‘superfast’ broadband in the town.

BT initially announced that Malmesbury would be getting ‘superfast’ broadband by 2015. However, its deployment has been subject to a number of false starts which deferred the deadline to spring 2017.

Deeming the good burgers of Malmesbury had not suffered enough, the deadline has now been postponed again to autumn this year, i.e. nearly 2 years after the town was promised it would have acceptable connection speeds.

On hearing this latest news, Malmesbury Town Council passed a resolution to write BT to express its unhappiness with the continued delays and and seek assurances that BT would now actually stick to its revised timetable.

The latest council minutes reveal the deliberations as follows:

Councillor Grant explained that there had been numerous delays by Open Reach [sic] in providing fast broadband to the centre of Malmesbury, the latest date now being given as autumn 2017. Councillors Gundry and Budgen explained that fast broadband was available within some areas of the town but not in the central commercial area. It was proposed by Councillor Grant, seconded and RESOLVED that the Town Mayor write to the operational manager and managing director seeking a firm deadline and expressing concern at the numerous delays.

The Wilts & Gloucestershire Standard’s report quotes Councillor Gavin Grant, who describes the situation as “unacceptable” and goes on to say: “This has an implication, not only for people’s enjoyment, but also the businesses that are trying to operate in the internet age. Fast broadband is fundamental. It puts the centre of Malmesbury as a commercial destination at a disadvantage.”

A unnamed BT spokesperson is reported as saying that the company “remains committed to making superfast broadband available in Malmesbury”, but offers no explanation for the series of delays.

Longitude Explorer Prize accepting entries

In the spirit of the 18th Century Longitude Prize – a competition that set the task of determining a ship’s exact location at sea – NESTA‘s Longitude Explorer Prize focuses on how to solve a contemporary challenge using technology.

The Longitude Explorer Prize challenges young people to develop innovative, practical solutions that use the Internet of Things to improve the health and well-being of people in the UK.

Areas of particular focus for teams might include childhood obesity, physical activity, mental health and pollution, but ideas can relate to any health matter.

The prize is open to all secondary school pupils in the UK. Entries can be submitted until until 3 March 2017. Schools can submit their ideas here.

Some 10 teams will be shortlisted for the final stage and invited to an event in London on 28 April 2017. The finalists will be supported by experts from IBM to develop prototypes of their ideas.

German Federal Government drafts open data law

Germany’s Federal Government wants to make administrative data accessible as the “raw material of the future” and has published a draft for an open data law. Unprocessed electronically stored data from federal authorities should be made available to the public free of charge, transparently and in a machine-readable format. The Federal Cabinet also wants to include metadata such as information about the origin, structure and content of the data. It should be made available via the existing GovData portal, heise reports.

The new paragraph 12a of the planned reform of the E-government Law states that: “A requirement for this data to be made available is not hereby established”. However, there is a difference in comparison with the Federal Information Freedom Law in that citizens will not necessarily be able to achieve access to the data being sought via the courts.

Moreover, the open data “by design” specification is only applicable to data which is officially “stored electronically and is available in structured sets, in particular in spreadsheets or lists”. These may contain only facts “relating to circumstances outside the authority”. Data for research purposes is also not included, ostensibly not to impede further open access initiatives.

There shall also be obstacles to publishing data as there are in the comprehensive exceptions in the Information Freedom Law. These refer to the protection of industrial and commercial secrets, creative rights or privacy. There shall also not be a right of access due to IT security reasons or statistical confidentiality, national or public security or “the need to protect the interests” of the security services and police.

Update arms Raspbian against IoT attacks

Raspberry Pi + Debian = raspbianBecause the Internet of Things (IoT) has excelled in recent months as a risk not only for users’ own IT, but also as a botnet, Raspbian developers have now responded and given their operating system an update verpasst, German IT news site heise reports. This Debian-based Linux distribution is a popular base upon which to run a Raspberry Pi.

Steps to secure the Pi

In practice the developers have deactivated the SSH port and service which were previously activated as standard. According to the accompanying blog post, the developers had previously assumed that users would deactivate this port and service themselves when using a public network. To make matters worse, when first set up Raspbian pre-configures a default user account and password. This combination with the likewise pre-configured sudo could not have made it very difficult at all for attackers.

Users can activate SSH as usual via raspi-config. If anyone who wants to enable SSH, all they need to do is to put a file called ssh in the /boot/ directory. The contents of the file don’t matter: it can contain any text users like, or even nothing at all. It simply acts as a marker. When the Pi boots, it looks for this file; if it finds it, it enables SSH and then deletes the file. SSH can still be turned on or off from the Raspberry Pi Configuration application or raspi-config. However, as regards the problem of the pre-configured user account, the developers are providing a warning after the Pi has booted… if SSH is running.

Sadiq Khan unveils £7 mn. fund to help young Londoners access tech jobs

Sadiq KhanYesterday the Mayor of London, Sadiq Khan, announced a £7 mn. programme to arm young Londoners with the skills needed to get jobs in the city’s thriving digital, technology and creative sectors.

Called the Digital Talent Programme, the scheme will have a particular focus on boosting the proportion of women in the industry (currently just 17%), as well as working to raise the numbers of black, Asian and minority ethnic Londoners and those from disadvantaged communities employed in those sectors.

Furthermore, it will help Londoners access tech jobs by offering work placements, creating tailored learning opportunities, assisting university students and helping businesses to access the skills they need.

The Digital Talent Programme will boost the number of young Londoners finding tech sector employment by:

  • Increasing the number of high-quality learning opportunities for young people aged 15-24 years to study industry-designed courses in technology, digital and digital-creative disciplines that will lead to employment;
  • Supporting 1,000 young Londoners to access new, industry approved learning opportunities;
  • Assisting 500 university students to gain new skills and work experience through small business placements;
  • Helping 400 start-ups and small businesses to access higher level skills that will support business growth;
  • Supporting 400 school and Further Education teachers in providing industry-relevant digital skills learning and qualifications;
  • Assisting 2,000 young Londoners to access better information, sign-posting, careers guidance and events for digital, technology and digital-creative roles;
  • Working with organisations to organise events, careers advice, role models and more to change perceptions of tech being just for boys.

There are now around 40,000 tech businesses in London, employing almost 200,000 people, 3.5% of the capital’s total workforce.

However, there is a growing gap between the skills of young Londoners and those that the capital’s digital and technology businesses need if they are to continue to thrive.

Overall, the Digital Talent Programme will invest £5 mn. from the London Local Enterprise Partnership (LEP) and £2 mn. from the European Social Fund.

Any Londoners reading this who are keen to register their interest for the Digital Talent programme can do so at www.london.gov.uk/DigitalTalent.

Kaspersky launches its own secure OS

Russian security software company Kaspersky has announced the development of a secure operating system. Installed on a network switch, this K-OS has been designed from scratch without borrowing from Linux, yesterday’s Le Monde Informatique reports

In security as doubtless elsewhere we are never better looked after than by ourselves. That’s what Kaspersky must be thinking when raising the curtain on its own secure operating system. Announced by company founder Eugene Kaspersky, this secure operating system has been loaded for the time being onto a layer 3 switch and it will also be used to secure IoT environments. “This OS just so happens to be ideal for applications where a small, optimized and secure platform is required,” Kaspersky remarked.

Few technical details have so far been released. One of the these is that the Kaspersky OS is based on a microkernel architecture enabling various changes to the operating system to be assembled according to specific customer requirements. In addition, a security system controls the behaviour of the OS’ applications and modules. “In order to hack this platform a cyber-baddie would need to break the digital signature, which – any time before the introduction of quantum computers – would be exorbitantly expensive”, Eugene Kaspersky warned.

Finally the software publisher pointed out that the Kaspersky OS is not based on any Linux component, thinking it was simpler and more secure to start from nothing when designing it, a process which started no less than 14 years ago.

Feeling Insecure at the Engine Shed

Bristol Wireless member Nigel Legg writes:

The focus of the fourth Bristol & Bath IoT meetup on Monday 21st November was security – making your things secure. There have been some DDoS attacks that used insecure internet-connected consumer goods to create botnets, and Carl Shaw from Cerberus Security Labs talked us through a process to ensure that our deployments would not succumb. He highlighted the recent example of Philips Hue lightbulbs all having the same encryption keys for connection as a failing.

Jon Hatton-Brown from Dyson used Carpy, a wall-mounted, WiFi-connected talking fish which uses the Amazon Alexa system, as an example of security failings in consumer IoT: in order to use Carpy, you have to send passwords through an unencrypted connection, which I insecure. He explained the more complex system for getting started with the Dyson autonomous vacuum cleaner, and agreed that a system that could “just work” would be best from the consumer point of view, but probably not secure enough.

It’s important to remember that Internet of Things security is not just about stopping someone from doing your cleaning or playing with your lights; once a hacker has control of your device they can use it to attack other sites on the internet. As security between nodes and the Gateway is embedded in the LoRaWAN protocol, and between gateway and back-end is covered by the https connection, we should not have too many issues with this, though it is always important to consider.

Mike Bartley, founder of Test and Verification Solutions, gave a lightning talk, outlining their services, and I (Nigel Legg) gave a rapid covering the content on the Bristol LoRaWAN slide I’d been asked to prepare. There was a lot of interest afterwards over beer and pizza (kindly provided by Dyson), I was able to answer most of the questions put to me. I think we will have a good turn out for the second LoRaWAN Bristol meetup (sign up here), where hopefully more questions will be answered.

Stoke to provide residents with cheap broadband

Some 15,000 households in Stoke-on-Trent (population: 251,000) don’t have an internet connection at present, but Stoke-on-Trent City Council wants to change that, according to yesterday’s Sentinel, by offering cut-price broadband deals.

Stoke-on-Trent photo montage

The local authority estimates estimates this “digital divide” is costing the Potteries’ poorest families up to £21 mn. per annum and is looking to secure cheap connectivity deals for its 19,000 tenants and other residents on low incomes.

The measure forms part of the council’s new digital inclusion strategy which seeks to support those who have been “left behind by the pace and scale of digital transformation“.

The digital inclusion strategy states that not being able to afford broadband one of four main barriers to digital inclusion, the others being a lack of basic IT skills, physical or learning disabilities and a lack of awareness of the potential financial and social benefits of being online.

Other elements of the council’s strategy include the following:

  • Providing basic ICT courses for to 4,500 people a year;
  • Offering family learning sessions in schools to train 800 parents annually in basic ICT skills;
  • Training library staff to help claimants fill out Universal Credit application forms (this benefit can only be claimed online. Ed.);
  • Exploring options for providing free internet access in children’s centres.

In addition to this scheme, Stoke-on-Trent City Council is still contemplating the provision of wi-fi hotspots in the city centre and public buildings to improve residents’ connectivity further.