clock menu more-arrow no yes

Filed under:

The camera on your phone might be the best defense you have

New, 27 comments

Could random data from your smartphone save you from hackers?

Could your cellphone camera give a boost to cryptography programs that help protect your data? That was the pitch that surfaced in a paper this week from a group of researchers at the University of Geneva. The paper studied the visual noise patterns from the camera on a Nokia smartphone, digging deep enough to track quantum fluctuations (tiny, temporary changes in the amount of energy at a point in space). If used right, those fluctuations could provide a source of perfectly random noise that would make a huge difference in future encryption protocols.

Traditional computing often has a hard time producing the necessary chaos

The group was trying to solve a persistent problem for cryptography software. For encryption to work, it needs a steady supply of random numbers to throw attackers off the scent. Traditional computation often has a hard time providing the necessary chaos. It's a problem that crypto coders have dealt with over and over, developing lots of answers that each come with their own unique weaknesses. One of the NSA's most infamous backdoors, confirmed in December, involved a secret pattern baked into a NIST-approved random-number generator, effectively breaking any program that relied on it.

Cellphone cameras could offer a clean way to fix the problem. The solution focuses on camera noise, the pixely haze that appears when you try to take a cellphone picture in low light. It changes from frame to frame, providing an easily accessible source of chaos. It's also remarkably robust, drawing from the perfect randomness of quantum-based fluctuations in the measurement of light. Measuring the noise on the N9 camera, the researchers found the pattern was a close match for the kind of quantum randomness predicted by theoretical physics. According to their data, the camera noise was drilling down to the basic chaotic properties of light itself.

"Random number generation is too important to be left to chance"

That's a potentially powerful tool, but it may be a while before it makes a difference in actual cryptography. The big problem is that, along with randomness, most cryptography problems also require numbers to be "pseudorandom" — passing statistical variance tests that genuinely random numbers don’t always pass. Pure chaos is often too messy to be workable. (This irony led to the classic 1969 paper, "Random number generation is too important to be left to chance.") It's easy to manage in a conventional random number generator, but it means the camera noise would have to be smoothed out through something called a "whitening" function. By the end, it might not be any more efficient or powerful than more conventional options. Porting the experiment to other phones might also be tricky since researchers used the Linux-based Nokia N9, which runs on the much-loved but now-abandoned Meego platform.

"The word 'quantum' sucks people's brains out."

But that hasn't stopped cryptographers from dreaming of programs powered by quantum chaos. Silent Circle's Jon Callas calls it "The Heisenberg-Schrodinger Credulity Effect." "The word 'quantum' sucks people's brains out," Callas says. "Once they hear it, they stop thinking." Still, he admits he's pitched his own camera-powered randomness engines more than a few times, even if they've never come to fruition.

More importantly, the idea may be on the right side of history. As more of our communications move to smartphones, encryption programs are following suit, and cryptographers are looking for ways to make use of the new platform's natural advantage. Given the high-ISO cameras that now come standard on even entry-level phones, it's only natural that mobile crypto will start looking to them for random numbers. It’s not practical yet, but it could be soon.