The following discussion of the background of the invention is merely provided to aid the reader in understanding the invention and is not admitted to describe or constitute prior art to the present invention.
Encryption techniques have existed for thousands of years as a way to securely convey messages from one party to another. The process begins with the original message, called the plaintext message, being encrypted using a shared secret key. The key is meant to be known only to the party sending the message and the party receiving the message. Once encrypted, the message is difficult to decrypt without the encryption key. If the message were intercepted, an eavesdropper would be unable to decrypt the message or forge the message without significant effort since they do not know the encryption key. However, once the receiving party receives the encrypted message, they could decrypt the message quickly with the shared secret key to reveal the original plaintext message.
As computers developed toward the end of the twentieth century, it became much easier to decrypt messages. One method, known as “brute force,” utilized the processing power and speed of computers to decrypt a message by using random combinations of decryption keys. To use this method, an eavesdropper could intercept a message and quickly decrypt it if the eavesdropper's computer was sufficiently fast. This led to a competition between message-encryption techniques and message decryption—or cracking/hacking—techniques that continues to this day.
In the late 1970's, an encryption technique was developed based on the assumption that certain mathematical problems are challenging for computers to perform in reverse. Factoring prime numbers is one example. A computer can quickly compute that 179×181=32,399. However, it is much harder for an eavesdropper's computer to determine which two numbers can be multiplied together to equal 32,399 (a process called factoring). If the sender and receiver both share a knowledge of at least one of the numbers used in the factoring process (i.e. 179 or 181 in the example above) then it becomes simple for them to determine the other factored number and to recreate the encryption key utilized in encrypting the message. However, for an eavesdropper with no knowledge of either number, the eavesdropper's computer must try many, many more combinations and, therefore, it will take a long time for the eavesdropper to ultimately decrypt the message.
Consequently, encryption algorithms based on factoring methods were developed in the 1970's to create encryption solutions that could quickly be encrypted and decrypted by trusted parties—and were difficult to crack or decrypt by eavesdroppers with existing computational resources. As computational power grew, however, these algorithms became easier to defeat and larger and larger factored numbers were needed. Currently, 128-bit (numbers as large as 1038) are used for secure encryption over the Internet. These numbers are so large that typical computational resources are considered insufficient to crack this encryption within a reasonable amount of time. However, as computational resources increase, this number will need to be raised to 256-bit encryption, and then 512-bit, and so on. As such, encryption based on mathematical complexity is always vulnerable to computational advances and is not considered “future proof.”
Increasing the encryption complexity also creates an added burden on the message sender and receiver. To ensure secure communications, the sender and receiver must have the necessary computational power to implement the latest encryption and decryption methods. Likewise, their messages will be delayed by a certain amount of time —an effect referred to as “data latency”—as the message is encrypted and/or decrypted. For certain applications, these computational resources may not be available and/or the data latency introduced may be unacceptable. For applications where the hardware is deployed for many years, the on-board computational resources may be appropriate at the time of deployment but can quickly become antiquated and incompatible as newer requirements on encryption emerge.
One such application is in the field of distributed automation for infrastructure control. In many countries, the control of critical resources—like electricity, water, oil & gas, etc.—is controlled by a coordinated network of distributed machines. These machines often rely upon public communication channels—i.e. the Internet—to communicate (called machine-to-machine, or M2M, communications) and, therefore, are highly vulnerable to message interception and decryption. While robust methods of cyber security have been developed and are in use today for telecom applications (such as Internet financial transactions), these same techniques are unsuitable for M2M communications. As mentioned, M2M communications are used in the real-time control of distributed equipment and thus must impose strict requirements on data latency and message protocols. These requirements, unfortunately, make it impossible to use traditional methods of data authentication and encryption.
As an example, a data latency of less than 4 milliseconds is required for emergency-level announcements of electrical grid control equipment—such as a Remote Terminal Unit (or RTU) communicating with a Supervisory Control and Data Acquisition System (or SCADA). If the RTU takes too long to announce the emergency condition, an opportunity to respond to the emergency situation, and to limit damage to the system, will be compromised. With encryption methods based on mathematical complexity, the encryption process alone typically requires more than 4 milliseconds to encrypt, even for a short message, making this method of data protection incompatible with the needs of the electrical grid.
Because of the lack of compatible encryption options, many automated infrastructure systems communicate using weak encryption solutions or no encryption at all. This makes these critical infrastructure systems a relatively easy target for cybernetic attacks, hacking, and/or espionage known as “cyber attacks.” Of particular sensitivity is the North American electrical grid structure. Given the demand for electricity in the United States, the aging North American electrical grid requires automatic machine control in order to deliver the quantity and quality of electricity demanded in the United States. Studies by various United States government agencies and United States universities have estimated that a successful wide-scale cyber attack on the United States' electrical grid could cripple the country's financial, governance, and military capabilities for several months. With the number of successful cyber attacks increasing each year—and a growing number of countries developing sophisticated cyber warfare programs —infrastructure protection and secure machine-to-machine communications has become an urgent priority.
One method of encryption that has been developed over the past two decades that is not based on mathematical complexity is a technique called quantum encryption or quantum cryptography. Quantum cryptography delivers message security through physics rather than mathematical complexity. Examples of quantum cryptographic methods are disclosed in U.S. Pat. No. 7,831,048 to Kastella, et al.; WO/2012/044855 to Hughes et al., and US20130084079 to Nordholt et al.
In general, quantum encryption techniques using entangled photons have found limited adoption with telecommunication networks because they require dedicated optical communication links between the sending and receiving parties. The sending and receiving parties must each physically (through optical components) receive a photon prepared in a quantum superposition state and must either measure or act upon it. This requirement means that the communication channel between the two parties must be established to be “quantum friendly.” Therefore, it must not disturb—or decohere—the quantum state of the entangled photon. Unfortunately, photons decohere very easily which makes them unsuitable for use over traditional fiber optic networks where fiber optic switches, routers, and repeaters are often encountered.
Therefore, there is a need for a method of encryption that can provide for secure communications that are difficult to decrypt and can operate with an acceptable latency such that they will function within the parameters demanded by the systems within which they operate.