An international team of IT security experts, led by the Max Planck Institute for Security and Privacy (MPI-SP) and Ruhr University Bochum, have developed a way of using radio signals to verify the location of nuclear weapon stockpiles.
Arms control treaties provide the world with some assurance that nuclear weapons can at least be kept track of and that an unscrupulous nation can, through inspection and monitoring, be prevented from secretly amassing a stockpile of warheads with hostile intent.
The headache is that such agreements often rest on a paradox. If two nations trust one another enough to enter into such an agreement in good faith, then verification becomes a mere pointless formality. After all, Britain and France both have nuclear arsenals, yet they don’t have an arms control agreement because they don’t need one and they don’t need verification.
On the other hand, if two nations who don’t trust one another enter into such an agreement, then verification becomes imperative. But verification requires trust, the lack of which is the whole point of the agreement. Unless there are very strong incentives, such as existed after the collapse of the USSR, it can quickly become an ongoing game of deception and double dealing.
The other difficulty is technological. How do you produce monitoring equipment that cannot be scammed or spoofed? If you have devices watching a bunker full of nuclear warheads, how do you make sure they haven’t been secretly shifted about or replaced with dummies? How do you manage this if human inspectors are forbidden to visit?
A research team have has upon the idea of using radio signatures as a way to monitor arms stockpiles. The idea is to set up antennas in a room with the warheads. One antenna transmits a signal, which is reflected off the walls of the room, and the second receives and records it. According to the team, this signature is precise, so if anything in the room is moved, even minutely, it could be detected by taking another signature.
In practice, the country holding the stockpile would be required by the verifying country to send a new radio signature on demand over the internet for comparison with the original. If they match, everything is fine. If not, then there’s been some monkey business going on.
However, this is very easy to get around if the holding nation just sends a copy of the original signature – rather like sticking a photo in front of a monitor camera. To prevent this, the team has introduced a neat little twist. When the first radio signal is taken, a series of 20 randomly shaped rotating mirrors are set up in the room.
These mirrors reflect the radio wave and generate a signature that produce 10⁴⁶ possible configurations. To be spoofed, the holding nation would have to know precisely when the radio signature was taken or would require eight weeks to work out the math. Since the verifier can demand that a reply comes in seconds, this isn’t much help. In addition, security can be expanded by adding mirrors and sending fake verification demands to prevent the holding nation from deducing the signature using machine learning.
“The technology combines cyber-physical security assessments, previously only possible on data and security chips, with cross-system physics in a completely new way,” said Professor Christian Zenger, head of the Secure Mobile Communication research group at Ruhr University Bochum and CEO of PHYSEC GmbH. “This enables new levels of trust, especially for the Internet of Things,”
The research was published in Nature Communications.