Posted by Rob Slade on September 27, 2016.
The posited pattern matching capabilities of quantum computing may have a couple of different applications in access control.
Biometrics would likely benefit from improved abilities to match and compare. At the moment we don’t actually compare, for example, the fingerprint originally registered with the fingerprint presented. Biometric matching must be done on the basis of constructs and representations of biometric data that lose a great deal of information in the symbolization process. The complexity and detail of whatever biometric is used is reduced to a rather small number. In addition, the stored data may be fairly arbitrary, and therefore real similarities between samples and stored data may not be as evident. A quantum computer would still use a representation, but could use a much larger one, and could present a measure of “closeness of fit,” rather than presenting a simple “match” or “no match” option. The ability to do more direct comparisons may have implications for accuracy, as well as speed and new forms of data representation.
Traditional computers have been able to assist with identification of static biometrics, but it has been much more difficult to use behavioural biometrics effectively. Quantum computers will be able to identify behavioural patterns more readily, thus opening up a much wider range of access controls.
Intrusion detection relies on two major forms of analysis: the matching of patterns of known attacks, and the noting of deviations from normal operations. In both cases the ability to identify patterns would be of benefit. Quantum computing support for anomaly-based intrusion detection would be able to picture, more accurately, the normal state of affairs, as well as determining which deviations are significant. For example, brute force attacks are used in a very wide variety of situations. People, who can recognize patterns, can recognize them almost immediately, but it is remarkably difficult to get traditional computers to identity them, without giving specific directions for each specific case. Quantum computers would be able to recognize them quickly, and across a range of situations. Signature-based systems, also, would be able to use a baseline to identify new attack signatures, and also to note attacks that are similar to those already in the database.
As always, what technology gives with one hand, it takes away with the other. The ability to do pattern matching will allow those doing side-channel attacks and those involving radio-magnetic emanations to gain much more accurate information.
Information flow analysis is a useful exercise for determining possibilities for improper information disclosure. It is, however, a tedious and time-consuming business. The processing involved in finding potential flow paths requires the investigation of many possibilities, and is therefore quite similar to our least path problem. In addition, simulation type activity is involved. Therefore, on two counts, the analysis of flow paths, and determination of covert channels, could likely benefit from quantum computing.
Additional quantum computing tools could provide us with analysis for problems with separation of duties and least privilege issues. At the moment very little analysis is done in these areas, and most systems err on the side of providing far too much privilege, and allowing a single entity to control both function and assurance (and even the auditing of assurance).Submitted in: Expert Views, Perspectives, Rob Slade, Security |