Tag Archive for: PostQuantum

Data and encryption strategies in a post-quantum world: Harvest now, decrypt later

/in


Paul German, CEO, Certes Networks, explains the risk associated with bulk encryption strategies and the importance of crypto-segmentation in reducing criminal exposure to data in a post-quantum world

It is now inevitable that the encryption algorithms used to secure vital data across the world – from defence and banking to infrastructure and air travel – will be breached. With the escalation in computing power enabled by quantum technology, the question is not if, but when potentially devastating breaches will occur.

With ‘harvest now, decrypt later’ hacking strategies currently in progress, criminals are banking on the power of quantum computing to allow them to unlock huge data resources. The onus is on companies not just to consider the future quantum threat but to determine how best to protect current resources today.

Here, I explain the risk associated with bulk encryption strategies and the importance of crypto-segmentation in reducing criminal exposure to data in a post-quantum world.

A quantum leap

Quantum computing is edging ever closer to reality, with venture capitalists investing almost $1.02 billion in quantum computing start-up companies in 2021 alone. While there is huge excitement around the step change in AI performance, there are issues such as the quantum computing power which could be unleashed– to which the security implications are potentially devastating.

Globally, security experts expect quantum computers to herald the breach of the asymmetric cryptography used to secure everything – from defence to infrastructure. While classical compute power would take billions of years to execute Shor’s Algorithm, which is proven to break the encryption strategies currently in place, the arrival of a quantum computer of sufficient size and complexity totally changes the game.

For companies reviewing security strategies, this post-quantum security threat is not in the future; it is not about considering how to respond when quantum computing becomes available. Criminal organisations globally are embarking upon mass data harvesting and breach schemes today on the basis that even though the information cannot be immediately decrypted, at some point in…

Source…

Hack Post-Quantum Cryptography Now So That Bad Actors Don’t Do It Later

/in


In February, a researcher sent a shock wave through the cryptography community by claiming that an algorithm that might become a cornerstone of the next generation of internet encryption can be cracked mathematically using a single laptop. This finding may have averted a massive cybersecurity vulnerability. But it also raises concerns that new encryption methods for securing internet traffic contain other flaws that have not yet been detected. One way to build trust in these new encryption methods—and to help catch any other weaknesses before they are deployed—would be to run a public contest to incentivize more people to look for weaknesses in these new algorithms.

 The new encryption algorithm that was just cracked was designed to be secure against quantum computers. A large-scale quantum computer may eventually be able to quickly break the encryption used to secure today’s internet traffic. If internet users don’t take any countermeasures, then anyone in possession of such a computer might be able to read all secure online communications—such as email, financial transactions, medical records, and trade secrets—with potentially catastrophic impacts for cybersecurity that the U.S. National Security Agency has described as “devastating to … our nation.”

 One defense against this future threat is post-quantum cryptography or PQC—a set of new cryptography algorithms that are expected to resist attacks from quantum computers. Since 2015, the U.S. National Institute for Standards and Technology (NIST) has been evaluating algorithms to design a new standard for this type of cryptography, which will likely be adopted eventually by communication systems worldwide. Although quantum computers powerful enough to threaten encryption are unlikely to arrive before 2030, upgrading to PQC will take years and cost billions of dollars. The U.S. government considers the swift and comprehensive adoption of PQC across its own communication systems to be an important national security imperative: Over the past two months, the White House has issued a National Security Memorandum directing all federal agencies to begin preparing for the transition. And related bills have

Source…

What China’s targeting of US telecoms means for post-quantum security

/in


Ceding the initiative to an adversary is a difficult position to recover from — even in cyberspace. Chinese state-sponsored cyber actors are seizing the initiative to exploit publicly known vulnerabilities to unpatched network devices, such as home office routers, to compromise major U.S. telecommunications companies and network service providers, the FBI and other agencies warn in the latest joint cybersecurity advisory

These cyber actors are infiltrating victims’ accounts by “using publicly available exploit code against virtual private network (VPN) services, or public facing applications — without using their own distinctive or identifying malware — so long as the actors acted before victim organizations updated their systems,” the advisory explained. 

While defending against common vulnerabilities is essential, the Biden administration must maintain the initiative against post-quantum cryptography threats. Post-quantum refers to the stage when quantum computers advance to “a sufficient size and level of sophistication” that they break the cryptography that secures our digital communications and financial transactions on the internet. These systems are cryptanalytically relevant quantum computers, meaning they could pose significant national, economic and cybersecurity risks to the United States by weakening the public-key cryptography we rely on to communicate.

It is not a question of if, but when cryptanalytically relevant quantum computers will be developed, according to the White House’s fact sheet on quantum technologies, which estimates this milestone is attainable “at some point in the not-too-distant future.”

Last May, the Biden administration enacted two directives to expand the 2018 National Quantum Initiative Act: an executive order establishing a committee to advise the White House about the National Quantum Initiative program; and the National Security Memorandum on Promoting United States Leadership in Quantum Computing. The memorandum warns that quantum information science presents significant security risks to cryptographic systems that safeguard critical infrastructure and secure military and civilian…

Source…

NSF tags FAU researcher for post-quantum cryp

/in


“RINGS: Bringing Post-Quantum Cryptography to Large-Scale NextG Systems.”

image: Florida Atlantic University’s Reza Azarderakhsh, Ph.D., in the College of Engineering and Computer Science, was among 34 investigators nationwide selected by the NSF.
view more 

Credit: Florida Atlantic University

The National Science Foundation (NSF) recently announced a new investment of more than $37 million aimed to develop intelligent, resilient and reliable next generation – of NextG – Networks. NextG promises faster cellular, Wi-Fi and satellite networks, all of which can be used to enhance data streaming, wireless communications, analytics and automation.

Florida Atlantic University’s Reza Azarderakhsh, Ph.D., in the College of Engineering and Computer Science, was among 34 investigators nationwide selected by the NSF. He has received a $1 million grant for his project titled, “RINGS: Bringing Post-Quantum Cryptography to Large-Scale NextG Systems.” FAU is the only institution working on taking post-quantum cryptography to next generation systems. Azarderakhsh is leading the research with collaborators from Florida International University and Marquette University in Wisconsin.

The NSF investment called RINGS, which is short for Resilient and Intelligent Next-Generation Systems, is a public-private partnership that focuses on accelerating research to increase the competitiveness of the United States in NextG networking and computing technologies and ensure the security and resilience of NextG technologies and infrastructure.

The RINGS program is NSF’s single largest effort to date to engage public and private partners to jointly support a research program and includes companies such as Apple, Google and Microsoft and agencies including the U.S. Department of Defense and National Institute of Standards and Technology.

For the NSF, this translates into improved national defense, education, public health and safety,…

Source…