Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Quantum Cryptography – The Future of CyberSecurity
IP Expo, UKKelly Richdale, VP Quantum Safe Security ID Quantique
© 2015 ID Quantique SA, Switzerland | page 2 ID Quantique PROPRIETARY
ID Quantique
• Swiss company based in Geneva
• Founded in 2001 by Universityof Geneva researchers
• Focuses on the opportunities of quantum physics & photonics
• 3 business units
Random NumberGeneration
Quantum SafeCrypto
Photon Counting
© 2015 ID Quantique SA, Switzerland | page 3 ID Quantique PROPRIETARY
THREATS TO OUR CURRENT CRYPTO PRIMITIVES
© 2015 ID Quantique SA, Switzerland | page 4 ID Quantique PROPRIETARY
� Much of today’s cyber security is based on Public Key Systems(mainly RSA, ECC)
� Are they truly safe?
Cryptography – the Engine of Cyber Security
© 2015 ID Quantique SA, Switzerland | page 5 ID Quantique PROPRIETARY
Identical keysKey Exchange?
⊕
Message
Secret Key
ScrambledMessage
⊕
Message
Secret Key
Alice
BobSymmetric Crypto
eg. AES
Asymmetric (Public Key)Crypto eg. RSA & ECC
Today’s Crypto-Systems
© 2015 ID Quantique SA, Switzerland | page 6 ID Quantique PROPRIETARY
Grover’s Algorithm� Lov Grover, 1996� Quantum algorithm to perform
search in an unsorted database� O(n½) vs O(n)
� Key halved for symmetriccryptographyAES-128 � 64 bits securityAES-256 � 128 bits security
Shor’s Algorithm� Peter Shor, 1994� Quantum algorithm for integer
factorization� Breaks today’s public key crypto:
RSA, ECC, DHO((log N)3) vs O(e1.9 (log N)1/3 (log log N)2/3)
Quantum Algorithms… Just awaiting a Quantum Computer
© 2015 ID Quantique SA, Switzerland | page 7 ID Quantique PROPRIETARY 7
Today’s Public Key Crypto at Risk
Identical keysKey Exchange?
⊕
Message
Secret Key
ScrambledMessage
⊕
Message
Secret Key
Alice
BobSymmetric
Cryptography
AsymmetricCryptography
Quantum-Safeprovided key islong enough
At risk
© 2015 ID Quantique SA, Switzerland | page 8 ID Quantique PROPRIETARY
So What About the Quantum Computer?� Computation with Qubits� Main difference:
Coherent superposition of states � Behaves like a massively parallel compute
• Solves problems in much fewer steps
� Opportunity: some “intractable” computations become feasible � Threat: Quantum algorithms already exist which can break current public key
cryptographic primitives (RSA, ECC…)• This is why Quantum Computing is now discussed in Information Security …
© 2015 ID Quantique SA, Switzerland | page 9 ID Quantique PROPRIETARY
Quantum Computers in the News (1)
© 2015 ID Quantique SA, Switzerland | page 10 ID Quantique PROPRIETARY
Quantum Computers in the News (2)
© 2015 ID Quantique SA, Switzerland | page 11 ID Quantique PROPRIETARY
Government Funding for Quantum Tech
© 2015 ID Quantique SA, Switzerland | page 12 ID Quantique PROPRIETARY
NSA Announcement: 19 Aug 2015
“In the current global environment, rapid and secure information sharing is important to protect our Nation, its citizens and its interests. Strong cryptographic algorithms and secure protocol standards are vital tools that contribute to our national security and help address the ubiquitous need for secure, interoperable communications”.“IAD will initiate a transition to quantum resistant algorithms in the not too distant future.”“Our ultimate goal is to provide cost effective security against a potential quantum computer.”
© 2015 ID Quantique SA, Switzerland | page 13 ID Quantique PROPRIETARY
QUANTUM-SAFE SOLUTIONS
© 2015 ID Quantique SA, Switzerland | page 14 ID Quantique PROPRIETARY
Quantum-Safe Crypto
� « Post-quantum » or «quantum-resistant» cryptography• Classical codes deployable without
quantum technologies (eg. Latticebased codes)
• Believed/hoped to be secureagainst quantum computer attacksof the future
� Quantum Key Distribution• Quantum codes requiring some
quantum technologies currentlyavailable
• Typically no computationalassumptions and thus known to besecure against quantum attacks
+
Both sets of cryptographic tools can work together to form a quantum-safe cryptographic infrastructurehttp://docbox.etsi.org/Workshop/2013/201309_CRYPTO/Quantum_Safe_Whitepaper_1_0_0.pdf
© 2015 ID Quantique SA, Switzerland | page 15 ID Quantique PROPRIETARY
Quantum-Resistant Algorithms Need to be Extensively Tested
© 2015 ID Quantique SA, Switzerland | page 16 ID Quantique PROPRIETARY
QUANTUM-SAFE SOLUTIONS PART 2:
WHERE QUANTUM PHYSICS CAN HELP
© 2015 ID Quantique SA, Switzerland | page 17 ID Quantique PROPRIETARY
Quantum Mechanics: Quantum-Safe Key Generation and Distribution
High speed cryptosystemimplementation
Key ManagementProcess
Crypto K
ey Lifecycle
© 2015 ID Quantique SA, Switzerland | page 18 ID Quantique PROPRIETARY
Random Numbers in Cryptography
� Kerckhoffs’ Principle : • A cryptosystem should be secure even if everything about
the system, except the key, is public knowledge.
� To provide adequate security the key must be:• Unique• Truly random (unpredictable)• Stored, distributed & managed security
� But what if it can be guessed? Or made less random?
Auguste Kerckhoffs(19 January 1835 – 9 August 1903)
Key
© 2015 ID Quantique SA, Switzerland | page 19 ID Quantique PROPRIETARY
Random Numbers in Cryptography
� Random numbers are difficult to produce• Computer programs are deterministic• Computers cannot produce random numbers without special
hardware
� Impossible to prove randomness of a finite sequence a posteriori• Possible only to test the statistical properties of the random
numbers• When generating random numbers, understanding the method
used is critical
� One of the easiest and most effective attack vectors is to ‘dumb down’ the RNG to make the keys predictable
© 2015 ID Quantique SA, Switzerland | page 20 ID Quantique PROPRIETARY
� Since 2007 NSA’s Bullrun program inserted vulnerabilities into commercial encryption systems through use of the compromised Dual EC DRBG
� A renowned report ‘Mining Your Ps and Qs’ foundsystematic weaknesses in network devices due to poor entropy from software-based RNGs• Keys served more than once: 60%• Weak keys: 5.6%• Vendors:Cisco, Dell, IBM, etc.
� Problems from use of software RNG’s• Not enough entropy due to isolation of devices• Poor implementation (key generation too early in boot
process)
Attacks on the Randomness of the RNG
N. Heninger et al., « Mining your Ps and Qs: Detection of widespread weak keys in network devices », Usenix Security 2012
© 2015 ID Quantique SA, Switzerland | page 21 ID Quantique PROPRIETARY
Source of photons
Detectors
Key Generation from Quantum Randomness � Classically: randomness is generated by
complexity� Quantum mechanics: randomness is
intrinsic� Advantages:
• Speed• Reliability• Instant entropy (randomness)
© 2015 ID Quantique SA, Switzerland | page 22 ID Quantique PROPRIETARY
Quantum Key Distribution: ProvableSecurity
⊕
Message
Secret Key
ScrambledMessage
⊕
Message
Secret Key
Alice
BobSymmetric
CryptographyIdentical keys
Key Exchange ?!?
� Quantum key distribution: Secure key distribution over insecure channels� Security based on the principles of quantum mechanics
• Observation causes perturbation• Provable forward secrecy
� Key can be used for all types of cryptographic applications
© 2015 ID Quantique SA, Switzerland | page 23 ID Quantique PROPRIETARY
Typical Deployment: Data Center Interconnect
xWDM
Quantum Channel– Dark Fiber
Primary Data Center Disaster Recovery Center
Ethernet
Fibre Channel
Multiple deployments in the banking and government sectors in Europe
© 2015 ID Quantique SA, Switzerland | page 24 ID Quantique PROPRIETARY
� Geneva (Switzerland) uses QKD to guarantee confidentiality & integrity of data during federal & cantonal elections
� Working since October 2007
CentralVote Counting Station
Geneva GovernmentData Center Ballots
Downtown Geneva
Cerberis Solution
Mail Votes
4 km
Elections in Geneva (2007 - 2015)
© 2015 ID Quantique SA, Switzerland | page 25 ID Quantique PROPRIETARY
Siemens/ATOS NL Deployment
� Data center link for large financial institution in Netherlands
� Securing key exahnge for high speed link encryption
� Installed in 2010
© 2015 ID Quantique SA, Switzerland | page 26 ID Quantique PROPRIETARY
2015: Towards Quantum-Safe Key Distribution Networks
© 2015 ID Quantique SA, Switzerland | page 27 ID Quantique PROPRIETARY
Towards Quantum-Safe Security: A Global QKD Network
© 2015 ID Quantique SA, Switzerland | page 28 ID Quantique PROPRIETARY
QUANTUM RISK ASSESSMENT FOR INDUSTRY
© 2015 ID Quantique SA, Switzerland | page 29 ID Quantique PROPRIETARY
Risk = Probability X Impact
Probability of quantum threatstill low…but increasing & seen to beinevitable (even by NSA)
Impact of threat: extremely high… if no action taken(all digital assets at risk)
So Who Cares? (A Classical Risk Analysis)
Is this risk management or business continuity?
© 2015 ID Quantique SA, Switzerland | page 30 ID Quantique PROPRIETARY
Timing Issues
Time
InformationExchange Information lifetime
(based on legal, business or strategic constraints)
Vulnerability
Time for migrationto Quantum-Safe
Today
• Probability of quantum computer: 10-20 years
• Time for migration: a few years
• Plus lifetime of data!
� ETSI: Need to plan now for information with long-term confidentiality
© 2015 ID Quantique SA, Switzerland | page 31 ID Quantique PROPRIETARY
Use QKD here
Use QRA here
Towards Quantum-Safe Security: QKD or QRA?
And use QKD for data with long-term secrecy….
© 2015 ID Quantique SA, Switzerland | page 32 ID Quantique PROPRIETARY
Use QRA-based
encryption here
Use QKD-based encryption and PQA authentication here…
…and here
Digitally sign with QRA here
Towards Quantum Safe Security: A Holistic Approach
© 2015 ID Quantique SA, Switzerland | page 33 ID Quantique PROPRIETARY
Conclusion: ETSI Recommendations
� Need to start thinking: Quantum-safe security now!• ETSI white paper on quantum-safe cryptography, 2014:
“Without quantum-safe encryption everything we have ever transmitted over a network, or will ever transmit over a network is vulnerable”
• Start protecting data with long term confidentiality requirements now
� Two directions: Use in complement to each other for holistic security• Quantum Resistant algorithms• Quantum Key Distribution
� Use Quantum-Safe designs• Require vendors to provide quantum-safe roadmap• Crypto-agility to upgrade
http://docbox.etsi.org/Workshop/2013/201309_CRYPTO/Quantum_Safe_Whitepaper_1_0_0.pdf
© 2015 ID Quantique SA, Switzerland | page 34 ID Quantique PROPRIETARY
Announcement: Winter School 2016
ID Quantique is proud to announce its 8th Winter School
� Topic: Quantum Cyber Security;� Date: Sunday, January 17th to Thursday, January 21st 2016;� Location: Les Diablerets, Switzerland;� Key speakers:
John Martinis, Google; Michele Mosca, IQC, Canada; Gilles Brassard, Uni. Montréal; Nicolas Gisin, UniGe.
� More information at: 8th-winter-school-on-quantum-cyber-security
� Contact: [email protected]
© 2015 ID Quantique SA, Switzerland | page 35 ID Quantique PROPRIETARY
Thank you for your attention
� Contact informationKelly [email protected]
ID Quantique SAChemin de la Marbrerie, 3CH-1227 Carouge/GenevaSwitzerland