quantum mechanics – itself a concept based on uncertainty – to keep our systems safe. Yet most of us are barely aware that these cryptographic systems exist, or what the consequences might be if these codes are cracked – if the house of cards falls down. As part of the codebreaking team at Bletchley Park during the second world war, which unpicked the German Enigma machine codes, Turing helped to win the war. A century after his birth, there’s a rather different war going on. It’s a war of Trojans, RSA keys, internet security protocols and algorithms, rather than of U-boats and bombs, but it’s a continuation of a battle that has been going on since Caesar sent coded messages to Cicero: a battle between the codebreakers and the codemakers. Codes used to be the business of governments and spies, and occasionally, gifted amateurs. Today, they are big business and they are part of our way of life. “Cryptography is an industry which wants to sell to the public,” says Simon Singh (Emmanuel 1987), author of The Code Book. “It has a very public face now, and that’s healthy, because people can say: here is my system, can you break it? Because if you can’t break it, then we all know that we’ve got a pretty good system.” Public-key cryptography, in the form of complex algorithms, underpins our email systems and mobile phones, is in our computers, and is deeply embedded in everything that keeps society functioning – transport systems, hospitals, personal records, banks. “We now have an altogether new level of people putting their private lives online,” says Ross Anderson, Professor of Security Engineering at the Cambridge Computer Laboratory. “But it’s not just the personal stake we have – it’s a stake in the infrastructure. “Go back 15 years to 1996, when people
were starting to worry about the millennium bug. We asked people what would happen if the internet fell over. And the answer was: hey, with no email, we’d get some work done. But nowadays, if the internet were to fall over, people would die. Without it, food won’t be delivered to the supermarket, or drugs to the chemist, and hospitals won’t get lab test reports.” In February 2011, Anderson’s team produced a report for the European Network Security Agency detailing threats to the internet. He says: “The sort of thing that we have to worry about is an attack by a nation state, or by an insurgent group, perhaps environmental extremists who want us to go back to a less energy-intensive way of life. The second possibility would be software bugs as we move to IPv6, the next suite of protocols for the internet. There will be all sorts of opportunities for people to get the software wrong.” He tells the cautionary tale of the Buncefield oil depot in Hemel Hempstead, Buckinghamshire. At 6.36am on 11 December 2005, a series of massive explosions at the depot, followed by a raging fire, shut down the area for miles around. “It also meant that Addenbrooke’s Hospital in Cambridge lost its admission and discharge system,” says Anderson. “They were kept in a server farm and both the circuits that went from the hospital to the data centre went through Buncefield. Of course, nobody realised that. People had gone and leased one circuit from this firm and another from that firm. Unbeknown to them, they both went through the same place.” Singh likes to begin his encryption talks by asking who among those present uses highquality, unbreakable, world-class encryption. “Obviously, nobody tends to put up their hands,” he says. ‘But actually everybody in the room uses it every day via their cellphone,
CAM 65 23