Apple hopes its new iPhone can replace credit cards, but many fear mobile transactions are vulnerable to digital pickpockets. New research now suggests that smartphone cameras could help keep credit card data, phone calls, and email secure with just an app.
The cryptographic systems that help protect digital transactions rely on random numbers, which are used to create "keys" to encrypt and decrypt confidential data. However, "if you want to break these cryptographic systems, the random number generator is one of the weakest links," says lead study author Bruno Sanguinetti, a quantum physicist at the University of Geneva in Switzerland. That’s because computer programs are completely deterministic, designed to do things predictably, and so cannot easily generate truly random numbers by themselves.
One could produce truly random numbers by monitoring intrinsically random quantum phenomena, such as when radioactive atoms decay. Now Sanguinetti and his colleagues reveal that smartphone cameras can serve as the basis of such a quantum random number generator.
The scientists experimented with an eight-megapixel camera from a Nokia N9, which like many smartphone cameras is sensitive enough to count the exact number of photons that strike each of its pixels. They illuminated the camera with a conventional LED. Due to quantum mechanics, the number of photons most light sources generate over any given time is random. Since the number of photons the camera’s pixels detects is random, it serves as the basis of the quantum random number generator.
The Geneva-based scientists built a system consisting of the CMOS camera chip from a Nokia smartphone and a processor that used knowledge of the camera’s properties to turn the amount of charge at each pixel into a series of random numbers. (They looked into trying out an iPhone and some other models, but those did not have camera application programming interfaces that allowed access to the raw data from the pixels.)
In experiments, the system could produce random numbers at up to 1.25 billion bits per second. In a real phone, the researchers expect the system could only deliver rates of a few million bits per second, but Sanguinetti said that should be enough for mobile applications, which should only need rates of several thousand bits per second. The scientists also calculated their random number generator would have to operate more than 1096 times before any deviation from a perfectly random string of bits was seen.
This quantum random number generator could be implemented several different ways on mobile devices. One version could rely on the smartphone's camera and ambient light. Another could involve a light sensor and an LED together on a standalone chip. The University of Geneva is now looking for companies to help commercialize the technology. The scientists will detail their findings in an upcoming issue of the journal Physical Review X.