Page 30 - Cyber Defense Magazine - Global Print Edition 2018
P. 30
is beyond the reach of classic quantum tunneling, wherein the important data. Ensure your key
computers in a reasonable time activity of electrons travelling management infrastructure enables
frame. Quantum computers will (“tunnel”) unpredictably through a replication of keys between nodes.
be able to crack this math easily, semiconductor barrier, is measured Losing keys or not being able to
hampering one of the foundations and turned into streams of numbers. decrypt them can be disastrous!
of our current security structures. Given that this is a quantum physical
Alongside is symmetric encryption, phenomenon, not every electron
commonly used to protect data at passes the barrier, resulting in full- What’s Next
rest, but which will also be at risk entropy random numbers from The third step is to keep an eye
if the keys are not of a significant which form the strongest possible on the development of new
length and don’t have high enough keys. quantum resistant tools and
entropy (randomness). Secondly, symmetric encryption techniques, including quantum
It’s not just large IT enterprises are will retain its strength as long as the resistant encryption algorithms
concerned about their proprietary keys are at least doubled in length
information -- financial institutions, and generated from a high-entropy and quantum key distribution for
government agencies and other source like a QRNG. Making these exchanging keys.
organizations who value security are changes to your encryption keys
all looking for ways to prepare for and deploying a quantum random Today’s reliance on asymmetric
the future challenges of quantum number generator are good steps to protocols for key exchange such
before the technology breaks into protecting data at rest from quantum as RSA and ECC has brought us far.
the mainstream. attacks. The resilience of symmetric However, they use mathematical
“Safety First” – Prepping for Quantum encryption can be further leveraged formulas that are demonstrably
Perhaps the brightest side to to build up quantum resistance weak against quantum
this new world is that there are within an organization; for example, computers, so alternatives are
ways to “prepare” for quantum- by wrapping data as it is transferred being sought. NIST started
powered cyber attacks today, with between replication nodes. This a post-quantum algorithm
existing encryption approaches approach can successfully secure standardization process in 2017,
and methods – even some that use data exchanges between two
quantum-based tech. You’ll hear internal nodes using TLS, which is with recommendations expected
them called “quantum resistant,” a common mutually-authenticated to be published in 2022 or later.
“quantum resilient” or “quantum-
safe,” but they all have the same
goal of getting your infrastructure
suitably protected against what may
come.
An important first step to quantum
resilience involves the generation
of encryption keys from the
ground up using quantum random
number generation. Simply put,
strong encryption, whatever its
type, depends on using strong
random numbers to generate keys.
Some pseudo-random number
(or algorithmic) generators have
resulted in vulnerabilities and
breaches even before the threat of
quantum computers.
secure transfer protocol (along
High-entropy random numbers with RSA/ECC/AES encryption), Quantum key distribution (QKD)
protect you from this risk enabling that will otherwise be vulnerable to takes a different approach to
encryption to be delivered at its quantum attacks. In practice, a high- exchanging cryptographic keys
full strength. The best way to get entropy symmetric key can wrap securing this exchange using
high entropy is through a quantum the TLS transfer payload, providing physics, so parties can share keys
random number generator (QRNG). another layer of quantum-resilient
It’s not a quantum computer, protection. in a way that’s invulnerable to
but does use quantum physics As an aside, replication is a priority the typical cyber threats of today
to generate keys, for example practice to implement for all and ones we can anticipate in the
30 CYBER DEFENSE MAGAZINE – ANNUAL GLOBAL PRINT EDITION 2018 – SPONSORED BY TREND MICRO