South Korea is taking a step forward in achieving its goal of protecting data in public institutions through quantum technology as the country witnesses the debut of a security-certified quantum cryptographic device.
On Tuesday, the National Intelligence Service (NIS) greenlighted a quantum key management system (QKMS) product, making it the first such equipment to pass the national security requirements on quantum cryptography communication technology. Accordingly, the product received a security verification from the Electronic and Telecommunications Research Institute (ETRI), which is the government’s designated quantum internet laboratory.
The security testing started in April of this year when the intelligence agency disclosed its plan to apply quantum cryptograph devices that passed the national security requirements in public organizations. Due to the absence of official security testing protocols, it was impossible to verify the security of the products and adopt them to protect sensitive public sector information. The NIS also revealed the national security requirements which classify the devices into three categories: quantum key distributor (QKD), quantum key management system (QKMS), and quantum encryptor (QENC).
The MSIT explained that quantum cryptography communication technology uses the law of quantum mechanics to generate and safely transfer keys between two trusted points. They employed the analogy of a bubble to explain just what, exactly, the keys are and what they do. Just as a bubble will pop when someone touches it, a key is automatically destroyed once someone tries to wiretap it. Not only will this prevent attackers from getting their hands on sensitive data, but it will also inform the targets that an attempt was made to breach their system.
“Quantum cryptography communication technology is regarded as the ultimate security technology due to its due to its ability to all but completely prevent wiretapping,” said an official of the MSIT to The Readable. “However, there was no certification to verify the security of the devices to be installed in public sector systems. Therefore, this system resolved this blind spot.” The official added that government agencies are working on obtaining security verification for two other quantum cryptographic devices, the QKD and the QENC.