Quantum physics to help fight cyber crime

Physicists at Heriot-Watt University and University of Strathclyde have worked with tiny particles of light to create a new way of verifying electronic messages and transactions as authentic, helping address the huge cost of e-crime (£205.4 million in 2011-12 for the UK retail sector alone) and avoiding potentially catastrophic fraud, online hacking and theft of digital data.

The work shows how the fundamental particles of light, known as photons, can be used to verify security and authenticity of any transaction or communication with a 'digital signature'.

Currently, 'digital signatures' underpin internet shopping, electronic banking, electronic voting and many software updates. Whenever the padlock symbol is displayed in a web browser, digital signatures are in use.

However, with traditional online security, these signatures are based on mathematical formulae – and can be cracked, leading to fraud and other online security breaches. Quantum digital signatures use a different approach which ensures authenticity and origin of messages.

Professor Gerald S. Buller, from Heriot-Watt University, said, ''Computer virus attacks have shown that 'signatures' or specific codes can be hijacked, potentially causing chaos with systems being crippled, accounts hacked, and industry and consumers losing millions of pounds. Our new approach, using quantum mechanics rather than just maths to create signatures for multiple recipients (or customers), and could make hacking, fraud and theft near-impossible.''

Recent estimates of the value of 2011 online UK retail sales are at minimum £25 billion (according to the Office of National Statistics) and could be as high as £50.34 billion (Centre for Retail Research, 2011).

E-crime is the biggest emerging threat to the retail sector as the rapid growth in e-commerce in the UK sees new ways of shopping being accompanied by new types of crime, according to the British Retail Consortium's recent report.

Launching this report in August, BRC Director General Stephen Robertson said: ''The rapid growth of e-commerce in the UK shows it offers great benefits for customers but also new opportunities for criminals.... resources must be directed to e-crime in line with the emerging threat. This will encourage retailers to report more offences and allow the police to better identify and combat new threats.''

Quantum-based secure signatures mean that an 'eavesdropper' – a malevolent third party listening in – cannot fake a signed message which is being sent to multiple recipients.

• The sender writes the signature with encoded light particles and sends it to the receiver
  
• The receiver cannot yet read the signature. However, it can be sure it received an authentic signature
  
• To confirm a message is authentic and to also read it, the receiver has to receive both the message (the ''signature'') plus additional information required to decipher it
  
• The multiple receivers confirm that they have received identical signatures - only then does the sender provide the additional information required to read the signature
  
• This process takes place without the user (e.g. a shopper) being required to do anything differently to current security methods

The research was funded by the UK Engineering and Physical Sciences Research Council (EPSRC).