CS Mar-Apr 2020
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
encryption systems<br />
THE QUANTUM CRYPTO REVOLUTION<br />
COMMERCIALLY AVAILABLE ENCRYPTION SYSTEMS ARE ALREADY WITH US AND THEIR POTENTIAL<br />
IS HUGE, ALTHOUGH THE TECHNOLOGY STILL HAS MANY ISSUES THAT MUST BE OVERCOME<br />
Imran Shaheem, Cyberis: quantum<br />
computers provide benefits in<br />
cryptographically significant ways.<br />
Quantum computing technology will<br />
"force a change to the landscape of<br />
cryptography," according to Imran<br />
Shaheem, cyber security consultant at Cyberis.<br />
It has come a long way since scientific and<br />
mathematical interest erupted in the 90s.<br />
"Quantum computers have serious<br />
consequences for classical cryptography<br />
and the future standards for secure<br />
communication," he states.<br />
Successful trials of quantum cryptography<br />
to secure communication through quantum<br />
physics have been undertaken already and<br />
progress in quantum technologies has been<br />
swift over the last decade, he points out.<br />
"Quantum Key Distribution (QKD) systems<br />
have been tested by banks and governments,<br />
while similar systems were deployed as far<br />
back as the 2010 FIFA World Cup in South<br />
Africa. In 2017, researchers held a QKDprotected<br />
video conference between China<br />
and Austria, using the quantum satellite<br />
Micius."<br />
Admittedly, while quantum computers won't<br />
be able to change everything, they provide<br />
benefits in cryptographically significant ways.<br />
One of these is factoring large numbers.<br />
"This is a technique central to the security<br />
of several algorithms, such as RSA, in which<br />
prime factors of large numbers underpin the<br />
encryption. As a consequence, RSA's security<br />
and other algorithms employing similar<br />
techniques, will be compromised by<br />
introducing disruptive quantum computers.<br />
This leaves a space within classical<br />
cryptography that its quantum counterpart<br />
attempts to solve," adds Shaheem.<br />
The benefits are numerous. "Information<br />
cannot be unknowingly intercepted, due to<br />
quantum principles, including the 'no cloning'<br />
theorem and quantum superposition, which<br />
provides natural resistance to eavesdropping.<br />
The security provided stems from underlying<br />
physical properties. It's baked into the universe<br />
and therefore isn't something that can be<br />
cracked through quantum computing power.<br />
As security is on the physical layer, quantum<br />
cryptography can secure the end-to-end<br />
connection, without needing an SSL or VPN,"<br />
he points out.<br />
However, there are some issues, the cyber<br />
security consultant concedes. "It's expensive,<br />
because this is at cryptography's cutting edge.<br />
R&D costs are high, as are the fabrication<br />
costs of specialist components. There is also<br />
a costly requirement for an independent<br />
infrastructure capable of supporting quantum<br />
cryptography. Many of these issues will be<br />
overcome in time as the technology matures."<br />
It's easy to think that quantum technology<br />
and its effect on current infrastructure<br />
is distant. However, there are already<br />
commercially available encryption systems,<br />
including ID Quantique's Cerberus3 system for<br />
key distribution. Many of these systems are<br />
based on the popular protocol, BB84. "Whilst<br />
there is still life in classical methods, the focus<br />
is shifting to next-generation technologies<br />
addressing solutions to tomorrow's problems.<br />
These don't always come with a quantum<br />
flavour, but post-quantum cryptography is<br />
seen as the answer to quantum computers'<br />
potential for massive changes and the<br />
associated cryptographic problems.<br />
"With the solutions we have now, quantum<br />
or classical, the biggest hurdle is their<br />
deployment," says Shaheem. "Poorly thoughtthrough<br />
implementations leave these systems<br />
vulnerable, as seen through the light injection<br />
attack, for example, which can defeat certain<br />
applications of BB84. Like modern-day<br />
systems, testing surrounding configuration<br />
will be crucial against inherent and<br />
implementation flaws."<br />
Companies should think seriously about how<br />
the transitionary process to quantum-secure<br />
systems will affect their business, he advises.<br />
"The time is now to look to the future and<br />
ensure tomorrow's world doesn't break today's<br />
encryption and expose sensitive data."<br />
28<br />
computing security <strong>Mar</strong>/<strong>Apr</strong> <strong>2020</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk