Wednesday, June 17, 2015

Personification of Physics with Software Engineering

Here we have a blog post from one of our core member Abhishek Bharadwaj.
So lets read in his words!
On the eve of the completion of thousand days of our portal career@physics on 17th June 2015, I was planning to write an article that relate software engineering with the tools, technique and technology of Physics. Being a Software Engineer by profession and a key researcher in Cyber Law and Fraud, we came to know the articulation of the theorem of physics to bind with the framework and hardware component in Software engineering and Programming methodology. So while relating and integrating Quantum Physics with modern Technology I find it quite interesting that “Quantum Physics can fight Fraud by making Card verification unspoofable “

This is a small article from my Research paper yet to be published as :             
 Personification of Physics with Software Engineering

While discussing and dealing with thousands of Researcher
 and Student across country, it was amazing to find out that Decades of data security research have brought us highly reliable, standardized tools for common tasks such as digital signatures and encryption. But hackers are constantly working to crack data security innovations. Current credit/debit card technologies put personal money at risk because they’re vulnerable to fraud .Physical security – which deals with anti-counterfeiting and the authentication of actual objects – is part of the problem too.
The good guys and bad guys are locked in a never-ending arms race: one side develops objects and structures that are difficult to copy; the other side tries to copy them, and often succeeds.

But we think our new invention has the potential to leave the hackers behind. This innovative security measure uses the quantum properties of light to achieve fraud-proof authentication of objects.

Imagine presenting your card to an ATM. The ATM fires a laser beam at the white paint on the card. The beam has an intricate, unpredictable “shape” (angle, focus, pixel pattern) randomly generated by the ATM, which serves as the challenge. Inside the PUF (a recent development called Physical Unclonable Functions), the light scatters many times, causing lots of interference. The exiting light is the response – a complex pattern of dark and bright spots known as speckle that the ATM can record with a camera. The ATM has access to the PUF enrollment database and thus knows the properties of your card’s PUF when you insert it. The ATM computes what the reflected speckle pattern should look like. If the resemblance is close enough, the ATM considers the card authentic.

Speckle is sensitive to tiny changes in the challenge and the PUF’s structure. Due to the complexity of speckle physics, PUFs are practically unclonable. Due to the laws of quantum physics, an attacker cannot accurately determine what the challenge is. If the hacker tries to watch the photon, he collapses the quantum state – any attempt at measurement destroys most of the information. And the No Cloning Theorem says that it’s impossible to create an identical copy of a quantum state.   The attacker is out of luck.!!!

The process for manufacturing PUFs does not have to be kept secret, precisely because of the unclonability: even if you know the manufacturing process, the uncontrollable randomness in the process still prevents you from cloning PUFs. One could organize open competitions and establish solid standards for physical security akin to those in cryptography.

Digital emulation still a problem

It’s conceivable a PUF could be cloned exactly, or physically emulated precisely, although it would be very, very difficult. With Optical PUFs the good guys are firmly on the winning side in the arms race.

A bigger risk for the authentication protocol is digital emulation. A digital emulation attack on a particular PUF would consist of three steps:

  • First, a hacker measures the challenge. In the ATM example, this is the laser beam.
  • Second, the hacker obtains the response to this challenge. This can be done either by looking it up in a previously compiled table, or by running emulation software. (Remember, the attacker knows everything about each PUF because this is public knowledge.)
  • Third, the hacker sends out laser light with what he’s determined the correct “response” speckle pattern to be.

We are interested in “remote” authentication, where the verifier has no direct control over the PUF, and the attacker knows everything about the PUF. This scenario typically requires the verifier to put in the field heavily defended hardware devices (like ATMs), whose task is to read PUFs without being spoofed. But this opens a second type of arms race, namely designing secure electronics versus hardware hacking and spoofing. In this kind of game the “good guys” often find themselves on the losing side.

Though the security of the Quantum concept has been rigorously proven, it was not immediately clear how to realize Quantum Readout in practice.

Manipulation of light

The funny thing about a photon is that it is both particle and wave. Since it is a particle you have to detect it as a single chunk of energy. And being a wave, it spreads out and interferes with itself, forming a speckle pattern response. Quantum light is like a complicated-looking ghost. But how do you verify a single-photon speckle pattern?

In 2012, researchers realized they held the answer in their hands. The magic ingredient is a Spatial Light Modulator (SLM), a programmable device that re-shapes the speckle pattern. In their experiments, they programmed an SLM such that the correct response from an Optical PUF gets concentrated and passes through a pinhole, where a photon detector notices the presence of the photon. An incorrect response, however, is transformed to a random speckle pattern that does not pass through the pinhole.

The method was dubbed Quantum-Secure Authentication (QSA).

Abhishek Bharadwaj

Software Developer (Cloud)

Protostar Consulting Services,

Pune, Maharashtra, India,

Tel: 020-33395657, Direct: +91 86 00 86 5722

Many many thanks to Sachin pandey for getting me an opportunity to connect with you guys

You can also get copy of research paper via Facebook or Gmail. Your feedback is very important to us; you can get me at   connection via mail. connection via Twitter connection via Blogging connection via Website (under cons)

No comments:

Post a Comment