Quantum Safe Security Workgroup Presentation Battelle / ID Quantique / QuantumCTek CSA EMEA Congress, Rome 19 November 2014
ID Quantique Photon Counters Services Quantum Random Number Generators Technology Quantum Safe Crypto Swiss company, founded 2001, based in Geneva Spin-off of University of Geneva, Group of Applied Physics Quantum Safe cryptography: High performance network encryption up to 100Gbps Quantum Key Distribution Quantum key Generation
Battelle Solving What Matters Most Serving a Broad Range of Clients With a Long History of Innovation
3-layers of quantum-safe security implementation Applications Quantum Security Service Service Platforms Infrastructures: Wide Area Quantum Communication Network Chinese company, founded 2009, based in Hefei Spin-off of University of Science and Technology of China (USTC) Provides of quantum multi-protocol network security products and services Forges quantum industry Cloud Security Alliance, 2014.
ETSI Quantum Safe White Paper http://www.etsi.org/news-events/events/770-etsi-cryptoworkshop-2014 Some problems that are considered difficult or impossible to solve using conventional computation platforms become fairly trivial for a quantum computer. Any information that has been encrypted, or will be encrypted using many of the industry s state-of-the-art cryptosystems based on computational hardness is now under threat of both eavesdropping and attack by future adversaries who have access to quantum computation. Without quantum-safe encryption, everything that has been transmitted, or will ever be transmitted, over a network is vulnerable to eavesdropping and public disclosure. The ETSI Quantum-Safe Whitepaper 2014, ISBN 979-10-92620-03-0 Cloud Security Alliance, 2014.
HACKING IS EASY (and everyone is doing it)
Optical Tapping for under 500 Eavesdropper Optical fiber bending & coupling Buy an optical tap legally online http://www.fods.com/optic_clip_on_coupler.html Emitter Receiver
Social Engineering A telecom company outsources the laying of new optical fibers for a bank to a maintenance team who do not understand the security issues. The naked optical fiber is accessible..and the detailed layout of the fiber network & the name of the bank is clearly visible for future hacking attempts
THE THREAT is to Public-Key CRYPTOGRAPHY
Public Key Cryptography: Threats Alice Message Public Key Scrambled Message Message Private Key Bob Different Keys What are the 2 prime factors of : 5313043722633707 Hint : http://primes.utm.edu/lists/small/
Public Key Cryptography: Threats Alice Message Public Key Scrambled Message Message Private Key Bob Different Keys 5313043722633707 = 86030827 * 61757441
Public Key Cryptography: Threats All of the following will render Public Key Cryptography vulnerable Alice Message Public Key Scrambled Message Message Private Key Bob Different Keys Use mathematical «one-way» functions Theoretical Progress Vulnerable to 2 357 x 4 201 =? A x B = 9 901 757 Increase in Computing Power Quantum Computers
Quantum Computing in Research America is building a quantum computer for cryptanalysis http://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantumcomputer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8defa33011492df2_story.html According to Snowden this is a major NSA initiative called Penetrating Hard Targets China Prepares for Quantum Age Source: http://www.hpcwire.com/2014/01/24/china-prepares-quantum-age/ The importance of building a quantum computer is such that the Chinese government funded 90 quantum related projects last year through the National Natural Science Foundation of China. Lazaridis (RIM cofounder) has invested $250 million+ into quantum computing at Waterloo Quantum Valley D-Wave raised funds from Jeff Bezos (Amazon), InQTel (NSA investment arm) and sells to Lockheed Martin, NASA Google is building a quantum computer http://www.technologyreview.com/news/530516/google-launches-effort-to-build-its-ownquantum-computer/ IBM investing $3 billion in quantum computing http://www.fastcompany.com/3032872/fast-feed/ibms-3-billion-investment-in-syntheticbrains-and-quantum-computing
Comparison of conventional and quantum security levels of some popular ciphers Algorithm Key Length Effective Key Strength / Security Level Conventional Computing Quantum Computing RSA-1024 1024 bits 80 bits 0 bits RSA-2048 2048 bits 112 bits 0 bits ECC-256 256 bits 128 bits 0 bits ECC-384 384 bits 256 bits 0 bits AES-128 128 bits 128 bits 64 bits AES-256 256 bits 256 bits 128 bits The ETSI Quantum-Safe Whitepaper 2014, ISBN 979-10-92620-03-0 When sufficiently powerful quantum computers are available, then all data protected with keys passed over the internet will be vulnerable Cloud Security Alliance, 2014.
Practical considerations how urgent? It depends on the category of information and how long it needs to be protected x: how many years we need our encryption to be secure y: how many years it will take us to make our IT infrastructure quantum-safe z: how many years before a large-scale quantum computer will be built Y X Z Secrets Divulged Time The value of x must be carefully considered: What are the practical consequences of a certain category of information becoming public knowledge after x number of years? The goal of the Quantum Safe Security Working Group is to shorten the time before our networks are safe Cloud Security Alliance, 2014.
THE SOLUTION: Quantum-safe Cryptography Cloud Security Alliance, 2014.
The Solution: Quantum-Safe Cryptographic Infrastructure «Post-quantum» Cryptography Classical codes deployable without quantum technologies Believed/hoped to be secure against quantum computer attacks of the future Quantum Key Distribution Quantum codes requiring some quantum technologies currently available Typically no computational + assumptions and thus known to be secure against quantum attacks Both sets of cryptographic tools can work together to form a quantum-safe cryptographic infrastructure
First SOLUTION: Post-quantum Cryptography
Post-Quantum Cryptography Public-key cryptographic systems based upon problems with no quantum algorithm known to break these systems more efficiently than classical computer architectures Approaches go back to the 1970s and 1980s Digital signatures based on One-Way Hash functions (e.g. XMSS) Digital signatures based on Multivariate Polynomial Equations (Rainbow signature scheme) Encryption and signature schemes based on Error Correcting Coding (e.g. McEliece 78, CFS 01) Encryption and signature schemes based on Lattices (e.g. NTRU 98, BLISS 13) Performance Most of these systems are comparably fast or even faster than conventional crypto systems Larger key sizes and/or larger cypher texts and signatures required Security (bits) Decryption/ Signing Time Encryption/ Verification Time Public-Key Size (bits) Secret-Key Size (bits) Cypher/ Signature Size (bits) RSA-3072 128 1.00 0.01 3,072 24,578 3,072 NTRU 128 0.05 0.05 4,939 1,398 4,939 McEliece 128 0.50 0.01 1,537,000 64,861 2,860 Rainbow 128 0.02 0.02 842,400 561,352 264 BLISS 128 0.02 0.01 7,000 2,000 5,600 The ETSI Quantum-Safe Whitepaper 2014, ISBN 979-10-92620-03-0 Cloud Security Alliance, 2014.
Second SOLUTION: Quantum Mechanics for Secure Encryption Keys
Change in Paradigm Network Encryption Key Management High speed cryptosystem implementation (typically AES) Crypto Key Lifecycle
THE SOLUTION (2A): Quantum Random Number Generation (QRNG)
Quantum Randomness Physical Random Number Generator exploiting a phenomenon described by quantum physics Detectors Truly random Photons Semi-transparent Mirror Advantages Speed Source of photons Simple process that can be modeled influence of environment can be ruled out Live monitoring of elementary components possible
Quantum Random Number Generator
THE SOLUTION (2B): Quantum Key Distribution (QKD)
Quantum Cryptography "0" "1" "1" "0" Fragile! Alice Message Scrambled Message Message Symmetric Cryptography Secret Key Secret Key Bob Identical keys Key Exchange?!?
Quantum-Enabled Network Encryption Transparent Layer 2 Encryption AES-256 in CFC and CTR modes Up to 100Gbps Multiprotocol (Ethernet, Fibre Channel) + Provably secure key distribution: QKD Distilled key distribution rate: 1000 bps over 25km/6dB Range: 100km xwdm Local Area Network Quantum Channel Dark Fiber Local Area Network
Today s Depoyments of QKD Hybrid solutions: Conventional encryption on wide area network QKD on DRC and backbone links (WAN) Classical Encryption Device Quantum Encryption Solution MAN/SAN
Conclusions Call To Actions Cloud Security Alliance, 2014.
Next Steps Join the QSS working group Attend or contribute to the work we will do White papers Webminars Conferences Spread the word Come talk to us tomorrow morning Table in Breakfast Area STAY CALM and QUANTUM SAFE ENCRYPT Cloud Security Alliance, 2014.
It s There! Cloud Security Alliance, 2014.