• The QuintessenceLabs "qProtect" encrypts storage devices with a truly random number encryption key, making them essentially impervious to unauthorised attempts at data retrieval. Credit: Quintessence
    The QuintessenceLabs "qProtect" encrypts storage devices with a truly random number encryption key, making them essentially impervious to unauthorised attempts at data retrieval. Credit: Quintessence
Close×

When specialists at Canberra’s QuintessenceLabs sought a means of generating the Holy Grail of encryption, the “true random number” key, they found no earthly solution that would deliver the quality and performance they needed. So they looked to space instead.

Philip Smart | Adelaide

The true random number has long been a critical resource for every encryption developer, because adversaries (and their electronic decryption programs) break-in to encrypted data by searching for patterns that may help identify the method or “key” originally used to encrypt it. A true random number key, by definition, possesses no discernible pattern or formula to follow. QuintessenceLabs founder and CEO Vikram Sharma explained.

“Anything generated through a process by definition has some element of pattern to it, subtle though it might be,” he said. “In information security, you are potentially exposed if the numbers used to create your cryptographic keys are not truly random. If an adversary has some knowledge of your process and is clever enough to reverse engineer it, valuable information assets can be at risk.

“This would typically require a large amount of computing power, but when you are dealing with information which has high value and some period of longevity, the risk profile is elevated.”

Protection of information also gains importance when data needs to move outside an organisation’s secure IT environment. Data on a laptop, storage device, in the cloud or being streamed through a datalink is by definition more vulnerable to interception or outright theft. This was evidenced by the Royal Navy officer’s laptop stolen from his car in 2008 with the personal details of 600,000 potential British armed forces applicants on its hard drive, Taliban hackers intercepting the video feed from American surveillance UAVs in Afghanistan in 2009, and Iran’s capture of a US RQ-170 UAV in 2011 after cyber warfare experts broke in to its navigation system and landed it.

Data encrypted with a true random number would be impervious to such invasion, at best appearing as the data equivalent of radio static. Traditionally software algorithms have used pseudo random numbers for their encryption needs. But although various means exist to generate true random numbers, finding a method that does so to the assurance and performance levels demanded by high end security applications has been a challenge.

Until now. Enter quantum physics, deep space and the ability of QuintessenceLabs scientists to connect the dots.

“If you go to the quietest part of space and you have sensitive instrumentation to measure essentially the fabric of space, what you’ll find is that energy spontaneously creates and self-destructs,” Sharma explained to ADM.

“So there is, for want of a better term, a ‘crackle’ in the fabric of space. And if we accept the laws of quantum physics, that quantum noise crackle is something that is all pervasive and is also truly random.”

QuintessenceLabs has not only recreated the effect on earth, but has also developed it in to a marketable product. Firing a laser and accurately measuring certain properties of the transmission yields a high quality stream of true random numbers derived from quantum noise. These random numbers are subsequently used as raw material to generate an individual encryption key for a single piece of data. 


“If the asset is lost there are no mechanisms that an adversary can exploit, no matter the scale of computing power they possess."


One of QuintessenceLabs’ products, the “qProtect” system does that one billion times per second, inside a device about the size of a deck of cards that can be integrated in to existing data storage systems. And unlike previous systems that often hid a copy of the encryption key on the storage device, qProtect completes an encryption by moving all keys inside the organisation’s secure perimeter and destroying the storage asset’s key map as data is stored on the asset, leaving no telltale trace for a hacking program to find.

“If the asset is lost there are no mechanisms that an adversary can exploit, no matter the scale of computing power they possess or the sophistication of forensic methods they can apply to the storage device, to extract any information today or into the future from that asset.”

Applications

The ability to securely encrypt data has applications in fields as diverse as space travel, military systems, law enforcement, legal services and banking. And it will only become more critical as the world moves to storing and moving data via the cloud and the “Internet of Things”.

The company has taken every opportunity to find potential partners and customers, participating in both the Australian Government’s Priority Industry Capability and Global Supply Chain programs, which have resulted in at least one major prime contractor now moving to incorporate the company’s product into its own. In June this year Westpac Group became a major investor.

And in a “coals to Newcastle” scenario, the first focus and major market has been the security conscious US.

“Early adoption of cyber security is very much driven out of the US,” Sharma said. “And even in the domestic market, you often see that the lead is taken from what’s been done in the US.”

At NASA’s invitation, the company spent two years at the NASA Ames Research Park, Mountain View, California, right next to Google. And while developers worked at turning a scientific idea into a product, QuintessenceLabs has also established a strong US marketing presence by recruiting former sales and strategy executives with deep industry experience from the likes of Lockheed Martin, Cisco and Hewlett Packard. With the horsepower in place, a game-changing product and a marketplace at the start of its growth curve, Sharma is hoping that its years of hard work, risk and investment are about to create the classic “overnight success”.

“The last six and a half years have been largely about maturing the science to the stage where we now have commercial products with unique cyber defence capabilities and we’ve started to see the early adoption of those products,” Sharma said. “Looking over the next 12 months we are rolling out a number of opportunities which will ramp up to deployments of scale.”

comments powered by Disqus