Quantum Safe Security Workgroup Presentation
Battelle / ID Quantique / QuantumCTek
CSA EMEA Congress, Rome
19 November 2014
Services
Photon
Counters
Quantum
Random
Number
Generators
Quantum Safe
Crypto
Technology
Swiss company, founded 2001, based in Geneva
Spin-off of University of Geneva, Group of Applied Physics
Quantum Safe cryptography:
• High performance network encryption up to 100Gbps
• Quantum Key Distribution
• Quantum key Generation
ID Quantique
Battelle – Solving What Matters Most™
Serving a Broad Range of Clients
With a Long History of Innovation
3-layers of quantum-safe security implementation
© Cloud Security Alliance, 2014.
Chinese company, founded 2009, based in Hefei
Spin-off of University of Science and Technology of China (USTC)
Provides of quantum multi-protocol network security products and services
Forges quantum industry
Service Platforms
Applications
Infrastructures:
Wide Area Quantum Communication Network
Quantum
Security
Service
• http://www.etsi.org/news-events/events/770-etsi-crypto-workshop-2014
• Some problems that are considered difficult or impossible to solve using conventional computation platforms become fairly trivial for a quantum computer. Any information that has been encrypted, or will be encrypted using many of the industry’s state-of-the-art cryptosystems based on computational hardness is now under threat of both eavesdropping and attack by future adversaries who have access to quantum computation.
• Without quantum-safe encryption, everything that has been transmitted, or will ever be transmitted, over a network is vulnerable to eavesdropping and public disclosure.
© Cloud Security Alliance, 2014.
ETSI Quantum Safe White Paper
The ETSI Quantum-Safe Whitepaper 2014, ISBN 979-10-92620-03-0
HACKING IS EASY (and everyone is
doing it)
• Optical fiber bending & coupling
• Buy an optical tap legally online • http://www.fods.com/optic_clip_on_coupler.html
Optical Tapping for under €500
Emitter
Receiver
Eavesdropper
Social Engineering
A telecom company outsources the
laying of new optical fibers for a
bank to a maintenance team who
do not understand the security
issues. The naked optical fiber is
accessible….
….and the detailed layout of the
fiber network & the name of the
bank is clearly visible for future
hacking attempts
THE THREAT is to Public-Key
CRYPTOGRAPHY
Public Key Cryptography: Threats
Message
Public Key
ScrambledMessage
Message
Private Key
Different Keys
Alice Bob
What are the 2 prime factors of :
5313043722633707
Hint : http://primes.utm.edu/lists/small/
Public Key Cryptography: Threats
Message
Public Key
ScrambledMessage
Message
Private Key
Different Keys
Alice Bob
5313043722633707
=
86030827 * 61757441
Public Key Cryptography: Threats
• Use mathematical « one-way » functions
Message
Public Key
ScrambledMessage
Message
Private Key
Different Keys
Alice Bob
2’357 x 4’201 = ? A x B = 9’901’757 Theoretical Progress
Increase in Computing Power
Vulnerable to…
Quantum Computers
All of the following will render Public Key Cryptography vulnerable
• America is building a quantum computer for cryptanalysis
• http://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_story.html
• According to Snowden this is a major NSA initiative called “Penetrating Hard Targets”
• China Prepares for Quantum Age
• Source: http://www.hpcwire.com/2014/01/24/china-prepares-quantum-age/
• “The importance of building a quantum computer is such that the Chinese government funded 90 quantum related projects last year through the National Natural Science Foundation of China.”
• Lazaridis (RIM cofounder) has invested $250 million+ into quantum computing at Waterloo – Quantum Valley
• D-Wave raised funds from Jeff Bezos (Amazon), InQTel (NSA investment arm) and sells to Lockheed Martin, NASA
• Google is building a quantum computer
• http://www.technologyreview.com/news/530516/google-launches-effort-to-build-its-own-quantum-computer/
• IBM investing $3 billion in quantum computing
• http://www.fastcompany.com/3032872/fast-feed/ibms-3-billion-investment-in-synthetic-brains-and-quantum-computing
Quantum Computing in Research
Comparison of conventional and quantum security levels of some popular ciphers
Algorithm Key Length Effective Key Strength / Security Level
Conventional Computing Quantum Computing
RSA-1024 1024 bits 80 bits 0 bits
RSA-2048 2048 bits 112 bits 0 bits
ECC-256 256 bits 128 bits 0 bits
ECC-384 384 bits 256 bits 0 bits
AES-128 128 bits 128 bits 64 bits
AES-256 256 bits 256 bits 128 bits
• When sufficiently powerful quantum computers are
available, then all data protected with keys passed over the internet will be vulnerable
© Cloud Security Alliance, 2014.
The ETSI Quantum-Safe Whitepaper 2014, ISBN 979-10-92620-03-0
Practical considerations – how urgent?
© Cloud Security Alliance, 2014.
• It depends on the category of information and how long it needs to be protected
• x: how many years we need our encryption to be secure
• y: how many years it will take us to make our IT infrastructure quantum-safe
• z: how many years before a large-scale quantum computer will be built
• The value of x must be carefully considered: • What are the practical consequences of a certain category of information becoming
public knowledge after x number of years?
• The goal of the Quantum Safe Security Working Group is to shorten the time before our networks are safe
Y X
Z Secrets Divulged
Time
THE SOLUTION:
Quantum-safe Cryptography
© Cloud Security Alliance, 2014.
The Solution: Quantum-Safe Cryptographic Infrastructure
• « Post-quantum » Cryptography
• Classical codes deployable without quantum technologies
• Believed/hoped to be secure against quantum computer attacks of the future
• Quantum Key Distribution
• Quantum codes requiring some quantum technologies currently available
• Typically no computational assumptions and thus known to be secure against quantum attacks
+
Both sets of cryptographic tools can work together to form a quantum-safe
cryptographic infrastructure
First SOLUTION: Post-quantum Cryptography
• Public-key cryptographic systems based upon problems with no quantum algorithm known to break these systems more efficiently than classical computer architectures
• Approaches go back to the 1970s and 1980s
• Digital signatures based on One-Way Hash functions (e.g. XMSS)
• Digital signatures based on Multivariate Polynomial Equations (Rainbow signature scheme)
• Encryption and signature schemes based on Error Correcting Coding (e.g. McEliece’78, CFS’01)
• Encryption and signature schemes based on Lattices (e.g. NTRU’98, BLISS’13)
• Performance
• Most of these systems are comparably fast or even faster than conventional crypto systems
• Larger key sizes and/or larger cypher texts and signatures required
© Cloud Security Alliance, 2014.
Post-Quantum Cryptography
Security
(bits)
Decryption/
Signing Time
Encryption/
Verification Time
Public-Key
Size (bits)
Secret-Key
Size (bits)
Cypher/ Signature
Size (bits)
RSA-3072 128 1.00 0.01 3,072 24,578 3,072
NTRU 128 0.05 0.05 4,939 1,398 4,939
McEliece 128 0.50 0.01 1,537,000 64,861 2,860
Rainbow 128 0.02 0.02 842,400 561,352 264
BLISS 128 0.02 0.01 7,000 2,000 5,600
The ETSI Quantum-Safe Whitepaper 2014, ISBN 979-10-92620-03-0
Second SOLUTION: Quantum Mechanics for Secure Encryption Keys
Change in Paradigm
Network Encryption
High speed
cryptosystem
implementation
(typically AES)
Key Management
Cry
pto
Key L
ifecycle
THE SOLUTION (2A): Quantum Random
Number Generation (QRNG)
• Physical Random Number Generator exploiting a phenomenon described by quantum physics
• Truly random
Quantum Randomness
Advantages
• Speed
• Simple process that can be modeled influence of environment can be ruled out
• Live monitoring of elementary components possible
Source of photons
Photons
Detectors
Semi-transparent
Mirror
Quantum Random Number Generator
THE SOLUTION (2B): Quantum Key
Distribution (QKD)
Quantum Cryptography
Fragile ! "0"
"1" "1" "0"
Message
Secret Key
Scrambled Message
Message
Secret Key
Alice
Bob
Symmetric
Cryptography
Identical keys Key Exchange ?!?
Quantum-Enabled Network Encryption
• Transparent Layer 2 Encryption
• AES-256 in CFC and CTR modes
• Up to 100Gbps
• Multiprotocol (Ethernet, Fibre Channel)
• Provably secure key distribution: QKD
• Distilled key distribution rate: 1000 bps over 25km/6dB
• Range: 100km
xWDM
Quantum Channel
– Dark Fiber
Local
Area Network Local
Area Network
+
Today’s Depoyments of QKD
(WAN)
MAN/SAN
Hybrid solutions: • Conventional encryption on
wide area network
• QKD on DRC and backbone
links
Classical Encryption Device
Quantum Encryption Solution
Conclusions Call To Actions
© Cloud Security Alliance, 2014.
•Join the QSS working group • Attend or contribute to the work we will do
• White papers • Webminars • Conferences
•Spread the word •Come talk to us tomorrow morning
• Table in Breakfast Area
STAY CALM and QUANTUM SAFE ENCRYPT
© Cloud Security Alliance, 2014.
Next Steps
It’s There !
© Cloud Security Alliance, 2014.