Quantum Technologies: Threats & Solutions to Cybersecurity

Similar documents
Quantum threat...and quantum solutions

The Quantum Threat to Cybersecurity (for CxOs)

+ = OTP + QKD = QC. ψ = a. OTP One-Time Pad QKD Quantum Key Distribution QC Quantum Cryptography. θ = 135 o state 1

Cyber Security in the Quantum Era

Cryptography in a quantum world

The quantum threat to cryptography

ETSI/IQC QUANTUM SAFE WORKSHOP TECHNICAL TRACK

Quantum Communication

Quantum Computing: What s the deal? Michele Mosca ICPM Discussion Forum 4 June 2017

Managing the quantum risk to cybersecurity. Global Risk Institute. Michele Mosca 11 April 2016

Enigma Marian Rejewski, Jerzy Róz ycki, Henryk Zygalski

Quantum Cryptography

Information Security in the Age of Quantum Technologies

C. QUANTUM INFORMATION 111

Quantum Wireless Sensor Networks

The science behind these computers originates in

Quantum Information Transfer and Processing Miloslav Dušek

C. QUANTUM INFORMATION 99

Quantum Computing: it s the end of the world as we know it? Giesecke+Devrient Munich, June 2018

Realization of B92 QKD protocol using id3100 Clavis 2 system

An Introduction. Dr Nick Papanikolaou. Seminar on The Future of Cryptography The British Computer Society 17 September 2009

Everything is Quantum. Our mission is to keep KPN reliable & secure and trusted by customers, partners and society part of the vital infra of NL

Cryptography in the Quantum Era. Tomas Rosa and Jiri Pavlu Cryptology and Biometrics Competence Centre, Raiffeisen BANK International

LECTURE NOTES ON Quantum Cryptography

A Genetic Algorithm to Analyze the Security of Quantum Cryptographic Protocols

PQ Crypto Panel. Bart Preneel Professor, imec-cosic KU Leuven. Adi Shamir Borman Professor of Computer Science, The Weizmann Institute, Israel

Post-Quantum Cryptography & Privacy. Andreas Hülsing

Applications of Quantum Key Distribution (QKD)

Quantum Cryptography

Quantum Cryptography. Marshall Roth March 9, 2007

Cryptographical Security in the Quantum Random Oracle Model

Security of Quantum Key Distribution with Imperfect Devices

Post-Quantum Cryptography & Privacy. Andreas Hülsing

QUANTUM COMPUTING & CRYPTO: HYPE VS. REALITY ABHISHEK PARAKH UNIVERSITY OF NEBRASKA AT OMAHA

How to Use Short Basis : Trapdoors for Hard Lattices and new Cryptographic Constructions

Research, Development and Simulation of Quantum Cryptographic Protocols

CS-E4320 Cryptography and Data Security Lecture 11: Key Management, Secret Sharing

Summary. The prospect of a factoring. Consumer key generation. Future long range key. Commercial systems. Metro Networks. exchange. machine. Spin-off.

Ping Pong Protocol & Auto-compensation

Device-Independent Quantum Information Processing

Entanglement and Quantum Key Distribution at ESA

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1

5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes

Standardization of Quantum Cryptography in China

Quantum Cryptography. Areas for Discussion. Quantum Cryptography. Photons. Photons. Photons. MSc Distributed Systems and Security

Quantum Cryptography and Security of Information Systems

Quantum Computing. Richard Jozsa Centre for Quantum Information and Foundations DAMTP University of Cambridge

Quantum Key Distribution and the Future of Encryption

POST-QUANTUM CRYPTOGRAPHY HOW WILL WE ENCRYPT TOMORROW?

Quantum Cryptography

Quantum Cryptography

ALICE IN POST-QUANTUM WONDERLAND; BOB THROUGH THE DIGITAL LOOKING-GLASS

A New Wireless Quantum Key Distribution Protocol based on Authentication And Bases Center (AABC)

Eavesdropping or Disrupting a Communication On the Weakness of Quantum Communications

Single Wavelength Entangled Pair in Quantum Channel Authentication for QKD

Research Proposal for Secure Double slit experiment. Sandeep Cheema Security Analyst, Vichara Technologies. Abstract

Physics is becoming too difficult for physicists. David Hilbert (mathematician)

Quantum cryptography and quantum hacking. Dr. Lars Lydersen

WHITE PAPER ON QUANTUM COMPUTING AND QUANTUM COMMUNICATION

Security Implications of Quantum Technologies

Quantum and quantum safe crypto technologies in Europe. Ales Fiala Future and Emerging Technologies European Commission

Technical Report Communicating Secret Information Without Secret Messages

Secrecy and the Quantum

Ground-Satellite QKD Through Free Space. Steven Taylor

Asymmetric Encryption

Cryptographic Hash Functions

Challenges in Quantum Information Science. Umesh V. Vazirani U. C. Berkeley

Quantum key distribution for the lazy and careless

Introduction to Quantum Computing

Asymptotic Analysis of a Three State Quantum Cryptographic Protocol

Quantum Cryptography Bertrand Bonnefoy-Claudet Zachary Estrada

Entanglement. arnoldzwicky.org. Presented by: Joseph Chapman. Created by: Gina Lorenz with adapted PHYS403 content from Paul Kwiat, Brad Christensen

Device-independent Quantum Key Distribution and Randomness Generation. Stefano Pironio Université Libre de Bruxelles

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

CPSC 467: Cryptography and Computer Security

This is a repository copy of Unite to build a quantum internet. White Rose Research Online URL for this paper:

Introduction to Quantum Cryptography

Quantum Technologies for Cryptography

Device-Independent Quantum Information Processing (DIQIP)

Lecture 1: Introduction to Public key cryptography

EU investment in Quantum Technologies

L7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015

Advanced Cryptography Quantum Algorithms Christophe Petit

10 - February, 2010 Jordan Myronuk

Information Security

Stop Conditions Of BB84 Protocol Via A Depolarizing Channel (Quantum Cryptography)

Fundamentals of Modern Cryptography

Public-Key Cryptosystems CHAPTER 4

Contents. ID Quantique SA Tel: Chemin de la Marbrerie 3 Fax : Carouge

Quantum Technology: Challenges and Opportunities for Cyber Security. Yaoyun Shi University of Michigan

Talk at 4th ETSI/IQC workshop on quantum-safe cryptography, September 19-21, 2016

Introduction to Quantum Key Distribution

Foundations of Network and Computer Security

Seminar Report On QUANTUM CRYPTOGRAPHY. Submitted by SANTHIMOL A. K. In the partial fulfillment of requirements in degree of

Entanglement and Quantum Teleportation

Quantum Key Distribution. The Starting Point

Chapter 13: Photons for quantum information. Quantum only tasks. Teleportation. Superdense coding. Quantum key distribution

Practical, Quantum-Secure Key Exchange from LWE

What are we talking about when we talk about post-quantum cryptography?

Quantum Networking: Deployments, Components and Opportunities September 2017

Transcription:

Quantum Technologies: Threats & Solutions to Cybersecurity Bruno Huttner ID Quantique & Cloud Security Alliance, Quantum-Safe Security Working Group NIAS2017; Mons, Oct. 2017

ID Quantique Company Profile Founded in 2001 Geneva, Switzerland By 4 quantum physicists from the University of Geneva 60 employees in CH, including 30 engineers/scientists Develops technologies and products based on quantum physics within 3 business units: Photon Counting & Instrumentation Quantis Quantum Random Number Generator Quantum-Safe Security Performs R&D, production, professional services, integration, support Clients : Governments / Banks / Gaming Industry / Universities / IT Security 2017 ID Quantique SA, Switzerland page 2

Outline The quantum threat to cybersecurity Need for quantum-safe security The tools: o Quantum Key Generation o Quantum-Resistant Algorithms o Quantum Key Distribution Practical implementations of QKD The future of QKD Summary 2017 ID Quantique SA, Switzerland page 3

The THREAT: QUANTUM COMPUTERS 2017 ID Quantique SA, Switzerland page 4

Principles of Quantum Computing Computation with Qubits. Main difference: build coherent superposition of states But a measurement always gives one of the two states only 2017 ID Quantique SA, Switzerland page 5

Classical Computing 2017 ID Quantique SA, Switzerland page 6

Computing with Quantum States Create superpositions Generate interferences Measure one possible outcome 2017 ID Quantique SA, Switzerland page 7

The Quantum Computer Behaves like a massively parallel computer. Solves problems in much fewer steps. Opportunity: some intractable computations become feasible. Threat: break current public key cryptographic primitives (DH, RSA, ECC ) This is why Quantum Computing is now discussed in Information Security. 2017 ID Quantique SA, Switzerland page 8

Status of Cybersecurity The hacker s point of view today and after the Quantum Computer 2017 ID Quantique SA, Switzerland page 9

When NSA goes Public In the current global environment, rapid and secure information sharing is important to protect our Nation, its citizens and its interests. Strong cryptographic algorithms and secure protocol standards are vital tools that contribute to our national security and help address the ubiquitous need for secure, interoperable communications. IAD will initiate a transition to quantum resistant algorithms in the not too distant future. Our ultimate goal is to provide cost effective security against a potential quantum computer. 2017 ID Quantique SA, Switzerland page 10

Timeline for the Quantum Computer Large-scale quantum computing is 10-15 years away 1 in 7 chance of crypto primitives being affected by quantum attacks in 2026 1 in 2 chance by 2031. Estimates by Prof. Michele Mosca Institute for Quantum Computing (at ETSI/IQC workshop 09/2017) 2017 ID Quantique SA, Switzerland page 11

What is at risk? Data at rest All current Public Key cryptosystems Data in transit 2017 ID Quantique SA, Switzerland page 12 Two requirements: Authentication Confidentiality

Short aside: Blockchains Blockchain Hash functions Public key crypto Blockchains today are not Quantum-Safe! 2017 ID Quantique SA, Switzerland page 13

Timing issues Transaction time Time Authentication requirement Confidentiality requirement Future possible attacks Cybersecurity systems should guarantee confidentiality for a long time 2017 ID Quantique SA, Switzerland page 14

Trust levels for PKIs Current PKI s o Confidentiality for 15 years: LOW o Authentication today: HIGH o Authentication in 15 years: LOW Next Gen PKI s (new algorithms) o Which algorithm to choose? o What can we deploy today? o Long-term security? 2017 ID Quantique SA, Switzerland page 15

All links are NOT born equal! Safety has to be adapted to the communication links. 2017 ID Quantique SA, Switzerland page 16

The SOLUTION: QUANTUM SAFE CRYPTO 2017 ID Quantique SA, Switzerland page 17

So What do we do now? Need to expand our toolbox, with different Quantum-Safe tools: o Quantum Key Generation o Quantum Resistant Algorithms o Quantum Key Distribution 2017 ID Quantique SA, Switzerland page 18

THE TOOLS (1): QUANTUM KEY GENERATION 2017 ID Quantique SA, Switzerland page 19

Random Numbers in Cryptography 1 1 0 1 0 0 0 1 1 1 0 1 1 0 0 1 0 1 1 1 0 1 0 1 0 1 1 1 0 1 0 1 0 1 1 0 1 1 1 0 1 0 2017 ID Quantique SA, Switzerland page 20 1 1 1 0 1 0 1 0 0 0 1 1 Random numbers are used at the source of ALL crypto systems But : they are are difficult to produce. Computer programs are deterministic. Computers cannot produce random numbers without special hardware. And: it is impossible to prove randomness of a finite sequence a posteriori. Possible only to test the statistical properties of the random numbers. When generating random numbers, understanding the method used is critical.

True Random Number Generator based on Quantum Physics Physical Random Number Generator exploiting a phenomenon described by quantum physics: 0 0 1 1 0 1 Provably random Advantages Speed. Simple process that can be modelled influence of environment can be ruled out. Photons Live monitoring of elementary components possible to detect total failure. Source of photons Semi-transparent mirror 1 Instant full entropy. 2017 ID Quantique SA, Switzerland page 21

QRNGs today And a new QRNG chip soon! 2017 ID Quantique SA, Switzerland page 22

THE TOOLS (2): QUANTUM RESISTANT ALGORITHMS 2017 ID Quantique SA, Switzerland page 23

Quantum-Resistant algorithms Name of method Application Resilience against Quantum Computer RSA Encryption, signature No ECC Encryption, signature No AES Encryption Widely believed Hash-based Authentication Widely believed Lattice-based (NTRU) Code-based (Mc Eliece) Encryption; signature Encryption Believed Believed Multivariate polynomials Encryption; signature Uncertain so far High level of confidence Under investigation 2017 ID Quantique SA, Switzerland page 24

Post-Quantum PK Algorithms: Pros & Cons Pros Cons Direct replacement of current PKs No proof of security Keep all infrastructure Not yet well-studied May be easily adapted to security protocols Interesting approach: hybrid systems, e.g. RSA + NTRU Resilience against QC not proven Might be only a temporary solution Probably the easiest to implement and most appealing solution Use for medium security levels But concerns about long-term security 2017 ID Quantique SA, Switzerland page 25

THE TOOLS (3): QUANTUM KEY DISTRIBUTION 2017 ID Quantique SA, Switzerland page 26

The scenario: Symmetric Cryptography Eve Message Message Scrambled Message Alice Bob Secret Key Secret Key Secret key distribution methods: Trusted courier ( ) Public key cryptography (not quantum-safe today ) Quantum key distribution 2 7 2017 ID Quantique SA, Switzerland page 27

Quantum Key Distribution (QKD): Basic idea Scrambled Message Alice Bob Symmetric Cryptography Secret Key Secret Key Fragile! 2017 ID Quantique SA, Switzerland page 28

QKD: Pros & Cons Pros Based on different principle (physics) Not impacted by QC Provable security of transmission Real-time eavesdropping possible only Adds one layer of security Cons Need physical infrastructure Limited distance between nodes (to date) Only part of the solution: Needs conventional crypto to use the key (e.g. symmetric key encryption); And post-quantum Authentication More complicated and costly to implement Useful for high-level and long-term security 2017 ID Quantique SA, Switzerland page 29

A Quantum-safe transmission scheme Scrambled Message Alice Bob AES encryption Secret Key Secret Key Fragile! Ingredients: QKD for key distribution AES for encryption Hash-based signature scheme for authentication (e.g.: Merkle scheme) 2017 ID Quantique SA, Switzerland page 30

PRACTICAL IMPLEMENTATIONS OF QKD 2017 ID Quantique SA, Switzerland page 31

Practical systems: IDQ s Cerberis Quantum Key Distribution Servers 2017 ID Quantique SA, Switzerland page 32 3 2 Cerberis QKD Server launched 2006 - Used in multiple mission critical installations in government & financial sectors since 2007 QKD Blade launched Oct 2015 - Integrated into ATCA network devices - Other form factors possible (ETSI) - Building block for Trusted Nodes (2 blades linked by a trusted controller in scalable networks)

Quantum-Enabled Network Encryption: Today Local Area Network Local Area Network xwdm Quantum Channel Dark Fiber or multiplexed Multiple deployments in the banking and government sectors in Europe 2017 ID Quantique SA, Switzerland page 33

State of the Art: Long Distance QKD 2017 ID Quantique SA, Switzerland page 34

Implementation: Encryption in Default Mode Key exchange interoperable for all encryptors State-of-the-art FIPS approved key management RSA-2048 or ECC for public key agreement AES 256 CTR or GCM mode for high-speed data encryption AES Master and session keys, with session key updated up to once per minute Fully automatic set and forget High quality key material generated by IDQ s Quantum True Random Number Generator (selected encryptors) May be upgraded to QKD Public Key Agreement Session Key Agreement Encryption Internal or external CA Master Key Session Key 2017 ID Quantique SA, Switzerland page 35

36 Implementation: Encryption with QKD Dual Key Agreement Internal or external CA Quantum keys are based on high quality entropy (encryption key) from provably random QRNG. Quantum Key is mixed with the standard AES session key. Advantages: - Maintains existing encryptor certifications (eg. FIPS, CC). - Generates ''super session key which guarantees forward secrecy. - Eavesdropping protection. Quantum Key Distribution (QKD) Quantum Key Public Key Agreement Master Key Session Key Agreement Session Key Bit-by-bit XOR Encryption Super Session Key 2017 ID Quantique SA, Switzerland page 36

Real implementation: Practical QKD in Government & Public Administration Geneva (Switzerland) uses QKD to guarantee confidentiality & integrity of data during federal & cantonal elections. Downtown Geneva Working since October 2007. Geneva Government Data Center Central Vote Counting Station 4 km Ballots Mail Votes Cerberis QKD Solution 2017 ID Quantique SA, Switzerland page 37

Real Implementation: QKD in Data Center Interconnect European banks secure critical links between bank headquarters and Data Recovery Centers, and inside MAN. Data Centre or DRC Dedicated quantum channel Headquarter s o All digital assets of bank pass over DRC link. Supports AES 256 bit key exchange every hour, with additional quantum key buffer. Quantum channel: o Either on dedicated dark fibre (up to 100km). o Or multiplexed with data over single fibre (up to ~30 kms). DWDM Site A Passiv e DWD M Multiplexed quantum channel Data links Data links Data & SC Data+SC+Q C DWDM Site B Passiv e DWD M 2017 ID Quantique SA, Switzerland page 38

ROADMAP FOR QKD QKD for Access Networks Trusted Nodes for long-distance QKD Free Space QKD with satellites Global QKD Network based on Quantum Memories 2017 ID Quantique SA, Switzerland page 39

2017 ID Quantique SA, Switzerland page 40 4 0 QKD for Access Network: one Bob, many Alices Site A1 Site A2 WDM NETWORK (MAN or WAN) Data link & SC Data link & SC Site B WDM ALICE WDM QC BOB Site A3 ALICE Optical switch WDM ALICE

Long distance QKD with Trusted Nodes Cambridge Exchange Ipswich Exchange Cambridge University BT Labs Adastral Park Testbed between BT Labs at Adastral Park and Cambridge University 2017 ID Quantique SA, Switzerland page 41 Adva FSP 3000

What about longer links: The Chinese Quantum Backbone 2017 ID Quantique SA, Switzerland page 42

2017 ID Quantique SA, Switzerland page 43 4 3 A Global Network Based on Free Space QKD Free Space QKD QKD links with LEO satellites LEO acts as a trusted node to transport the key to the necessary location. Free space QKD is moving out of the lab & into industry Chinese have launched a QKD satellite in August 2016 and QKD system in space station in September. Worldwide interest at the academic/government level IDQ feasibility studies for practical systems (Eurostars and Swiss Space Office)

The first QKD in Space experiments again in China! QKD satellite Launched: 15/08/2016 2017 ID Quantique SA, Switzerland page 44 QKD in Chinese Space station Launched: 15/09/2016

Global QKD Network based on Quantum Memories: A world-wide QKD infrastructure Build a QM infrastructure Each node exchanges QMs with the others Customers come to any node to recharge their QMs (similar to bank notes and ATM infrastructure) 2017 ID Quantique SA, Switzerland page 45

Summary The risk on cyber-security caused by the Quantum Computer has become real Need new solutions now Improve key quality with QRNG s Quantum Resistant Algorithms and QKD should be used together to provide Quantum- Safe security QKD can and should be used today to improve security on high-value links requiring long-term security No risk, only adds one (very different) layer of security World-wide QKD now feasible 2017 ID Quantique SA, Switzerland page 46

2017 ID Quantique SA, Switzerland page 47 For more information http://www.idquantique.com

Announcement: Winter school on Quantum Cybersecurity ID Quantique is proud to announce its 10 th Winter School Topic: The coming of age of Quantum Cyber Security; Date: Saturday, January 20 th, to Friday, January 26 th, 2017; Location: Les Diablerets, Switzerland; Some confirmed speakers: Charles Bennett; Gilles Brassard; Artur Ekert; Nicolas Gisin; Michele Mosca Come, learn and have fun with us! Contact: ws@idquantique.com 2017 ID Quantique SA, Switzerland page 48

2017 ID Quantique SA, Switzerland page 49 EXTRA SLIDES

QKD example: the BB84 protocol 2017 ID Quantique SA, Switzerland page 50

QKD: Proof of Security 4 assumptions: 1. Alice and Bob operate in a protected environment 2. Public channel is authentified 3. Eve cannot use the QC to probe Alice and Bob s setup 4. QC only carries quantum states within the pre-defined Hilbert space Proof of security 2017 ID Quantique SA, Switzerland page 51

Global QKD Network based on Quantum Memories: 1. Building blocks 1. Generate and store entangled states in quantum memories source 2. Distribute entangled memories A 1 B 1 A 2 B 2 entangled memories Physical distribution channel A 1 B 1 3. Teleport states upon request A 1 Classical communication channel B 1 B 2 B 2 2017 ID Quantique SA, Switzerland page 52

Global QKD Network based on Quantum Memories: 2. Implementation Alice Issuing Authority 2 Issuing Authority 1 Issuing Authority 3 2017 ID Quantique SA, Switzerland page 53 Bob exchange memories teleport states

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback