December 10, 2018
Risk Versus Reward in the Legal Department. Encourage your legal office, or department, as it were, to get on-board with cybersecurity. Because quantum is coming. And it’s good to be secure with your clients’ data.
Less than 20 years to Quantum Supremacy. 20 or More Years to Implement Quantum Resistant Encryption. Adopting quantum-resistant encryption by your enterprise could take 20 years. By then, quantum computers could be in the hands of hackers or malicious nation-states. With your organization’s data and customer privacy in peril.
Keeping Quantum Computing Expectations In Perspective. An educated opinion stating “Given the current state of quantum computing and recent rates of progress, it is highly unexpected that a quantum computer that can compromise RSA 2048 or comparable discrete logarithm- based public key cryptosystems will be built within the next decade…” is brought to us by IEEE SPECTRUM’s contributor David Schneider.
December 4, 2018
Mitigating Data Exposure to Quantum Computing. A simplified risk-timeline has four influencing factors to consider; given you have made a complete cryptographic inventory. The four factors to consider are:
1/ Cryptographic strength of the algorithms in use to protect data and communications
2/ Length of time, in years, your data must be protected
3/ Cryptographic agility of the enterprise. How to quickly is the enterprise able to change the algorithms? Weeks? Months? Years?
4/ Quantum computing advancements, in terms of years to achieve (i.e. when will quantum supremacy arrive?)
The advent of quantum computing capable of cracking cryptography is nearing. “When?” is the bigger question. Anywhere from a bold 2 years to never are routinely discussed.
December 3, 2018
Basic Quantum Computing Discussion. New to quantum computing? Curious what it is all about. Here’s some questions and some answers… Discussion is found at EMN…
November 28, 2018
European Space Agency Sees Laser Communication as Next Revolution. With the use of satellites projected to double and spending to increase over $2B from 2020 to 2025, the ESA, views laser communication as the “basis for the next revolution in satcom.” This looks to be the basis for extensive use of secure communications via quantum cryptography.
November 25, 2018
Act Together or Hack Together? There is a difference in viewpoint on the efficacy of quantum computing and hacking, the ethics behind it, and the countries involved. Should we be prepared, cyber-armed, if you will, to protect ourselves? Russia and China are in control of their systems. The U.S. looks, or prefers, to have backdoors for law-enforcement. What has the E.U. done? Is Europe’s only choice “…to set an example and go for open systems?” With a real quantum computer not in the immediate offing, are we creating much to-do about nothing? Food for thought out of ComputerWeekly.
November 7, 2018
QKD Over Long Distance; Crucial to Data Security. Quantum Key Distribution, QKD, utilizes photon entanglement to distribute encryption keys with near-total security. Research conducted at the University of Geneva has taken QKD to new lengths, literally. Though only a small gain in distance has been achieved over the 404KM record, the 421KM distance attained showed improvements elsewhere. Namely, in encryption key-rate throughput – a much needed aspect to enabling QKD in the high-speed communication networks today. Security, distance, and key rate must all be considered. These studies are sorting out each of these aspects for the optimal QKD system.
Risk and Mitigations for Quantum Computing Enterprise Systems. What is the scope of the quantum computing risk to your cryptographic infrastructure? This report looks at the issues related to all of your business systems. It encompasses transaction systems including external businesses and those for the consumers; whether a cloud service or on an endpoint. The report demands your C-suite and security team act and provides recommendations on how to proceed.
Quantum-Resistant Signatures on Your Host. The vulnerabilities of prime number factorization posed by quantum computers is alarming as much of our PKI-based infrastructure relies on this method of encryption. There is an alternative, “Hash to Obtain Random Subset” (HoRS). It’s an option to consider to secure your communications against quantum computing.
November 5, 2018
Voting by Mobile Phone is Bad. Using Blockchain, Worse. West Virginia is set to test blockchain for voting. The ballot will be right in the palm of the voter’s hand on their mobile phone. Inherently insecure, the mobile phone as a ballot is a bad idea, today. Consider what happens when quantum computing arrives? If West Virginia incorporates blockchain, it could spell a bigger disaster. Concept is found here at LIVE BITCOIN NEWS…
Quantum-resistant Password-Authenticated Key Exchange Partners. Enhancing banking security with quantum-resistant password-authenticated key exchange (PAKE) is a goal for BANKEX and several academic and financial organizations. The dangers of quantum computing to asymmetric cryptography, such as that found in key exchanges, is providing research and technology development opportunities to the corporate, financial, and academic worlds. BANKEX, a top financial technology company, Canada’s University of Waterloo, InfoSec Global, a growing cryptographic company with quantum computing interests, and evolutionQ, an organization founded to provide consultation in the move from quantum-vulnerable to quantum-safe systems, are partnering to tackle PAKE’s quantum vulnerability. Reference is here at CNBCrypto…
October 31, 2018
CiViQ: Securing Quantum Communications Without the Photons. The Quantum Flagship initiative launched by the European Union will fund alternative cybersecurity and cryptography development through a project dubbed Continuous Variable Quantum Communications (CiViQ). Their mission is to develop “low-cost QKD systems that can be integrated easily into emerging telecommunication infrastructures.” Steering their study away from budget straining photon detection methods, CiViQ will focus efforts toward electric field amplitude detection.
Post-Quantum Cryptography, Primer Blog. PQC, or post-quantum cryptography, is becoming a more familiar term amongst cryptographic and cybersecurity communities. With the media-blitz of the coming quantum computing apocalypse, anyone involved in cybersecurity should add to their background some hows and whys for using post-quantum computing cryptographic methods. Though our Transport Layer Security (TLS) and Secure Socket Layer (SSL) methods are okay, today, any organization or nation-state hoarding data encrypted with these methods will likely be able to decrypt today’s data on Q-Day – the day when it is shown that quantum computers can break such cryptographic methods in short order. Having some knowledge of Shor’s Algorithm, Grover’s Algorithm, lattices, isogenies, and elliptic curve cryptography is wise. As suggested, if you deem the need for PQC for your organization is now, “get in touch with your friendly neighborhood cryptographer. Everyone else ought to wait until NIST has finished its standardization process.” For the Qubit Report, we recommend getting in touch with your neighborhood cryptographer or at least in touch with your quantum computing side…Because Quantum is Coming. This PQC guide is found here…
October 26, 2018
McAfee’s Chief Technology Officer Expresses Post-Quantum Concerns. If you’re going to build an airplane, you need to build wings, body, and engines; building them in parallel is logical. Shouldn’t this be applied to NIST’s post-quantum cryptography algorithm effort? This report is found here at Computer Weekly…
Cybersecurity, Quantum Resistant Algorithms: Humans are Still a Bigger Threat. NIST produced the “Report on Post-Quantum Cryptography” in 2016. It’s making some heads turn today. Cryptographic implementations and methods are wide and varied. SSL, AES-256, time needed for data storage, and crypto key length are all part of measuring your data’s risk to the quantum threat. Yet, there is still the threat of the human. This report is found at PCMag…
October 24, 2018
Quantum Key Distribution: Photons, Data Rates, Fibers. Research team from the Technical University of Denmark achieves multi-fold increase in quantum encryption key bitrates. From their earlier research, the team’s work “achieved low and stable quantum bit error rate” – a key challenge in quantum computing research and development. The team developed protocols maximizing multi-core optic fiber; in turn, they accomplished encoding greater amounts of information thus improving quantum key distribution throughput rates. Continued progress based on single-photon arrays is expected to produce improved data-rate through efficient protocols and scalable processes. Research has also continued into photon-pair generation with multi-mode “fiber optics and four-wave mixing.” Photon-pair generation has direct application to quantum communications.
October 23, 2018
Cybersecurity and the Electric Grid: Illusion? The author’s opinion presented challenges us to consider our reliance on the U.S. electrical grid; is its security an illusion? Many claim we have little to worry about. Those that do fit into the “Relax Camp.” The “We’re Doomed Camp” claims, according to this author, just that: The grid is doomed. What can quantum do? Perhaps add quantum-resistant security – to some of it. This the first of a two-part series, gives one reason to pause. What camp does the Qubit Report belong to? Take a look at the chapter on the grid failure in the Bronx during the summer of 1977 (“Ladies and Gentlemen, the Bronx Is Burning: 1977, Baseball, Politics, and the Battle for the Soul of a City”, Jonathan Mahler). Technology aside, the success of the grid when under duress, is intrinsically linked to the human operator in the control room. After all, the weak link in cybersecurity is the human, by far. Reference found at RSA Conference…
October 17, 2018
Don’t Think a VPN Will Be Safe from Quantum Computing. Quantum-safe virtual private networks require securing from quantum computing’s threat. Not only are VPNs vulnerable, but much of the cryptographic infrastructure affiliated with the VPN. The RSA cryptosystem and elliptic curve cryptographic methods will purportedly expose their weakness to quantum computing. Both of these are used widely, VPNs are no exclusion. This means data considered secure today, if captured today, stands to be decrypted at the advent of sufficiently strong quantum computers. The transition of VPNs to quantum-safe solutions is deemed “extremely complex.” The complexity demands government, academia, and industry to get started in planning to secure their authentication and confidentiality of systems and data from the quantum computing revolution.
October 15, 2018
Maybe NIST Will Save Us. Quick recap of what and why the concern for quantum supremacy. (And a thought that the U.S. National Institute of Standards and Technology will save us). The deep thoughts are found here at TechBeacon…
October 11, 2018
Blackberry CIO Comments. Breaking encryption employed today may be reality in 8 to 10 years. Blackberry CEO, John Chen, “…wants to get ahead of that.” More on Blackberry’s efforts… This report is found here at WSJ…
October 9, 2018
Industrial Immune System. The U.S. DoE has awarded $3.9M to General Electric to lead a quantum-secured project for industrial systems. The project’s mission is to integrate time-sensitive networking and quantum-key distribution. In accomplishing this goal, GE will secure industrial communications within a single network, resistant to quantum computer attacks. This report is found here at Global ENERGY World…
October 1, 2018
Quantum Xchange Producing First U.S. Quantum Network. To break a quantum key requires “extraordinary circumstances”. Quantum Xchange discusses its methods to enable use of quantum keys to produce a cybersecure quantum network in the U.S. This report is found here at DIGITAL TRENDS…
September 26, 2018
Quantum Resistant PKI and Key Management for IoT Devices. More corporations are working on the hard-problems created by the threat of quantum computers to current encryption methods to include PKI and key management and delivery. While NIST is developing post-quantum computer-resistant algorithms, the commercial sector is being mobilized to tackle the larger issue. DigiCert, Gemalto, and ISARA have teamed together to meet the challenges presented. Together they plan to develop quantum-resistant encryption algorithms and key management systems. Their goal is to be able to integrate the quantum-resistant systems into current encryption systems in use. “DigiCert, Gemalto and ISARA will be delivering a solution that provides the same protections that classical encryption and key management systems provide today, with the additional assurance that the data will not be at risk when quantum computers become a threat to classical algorithms like RSA or ECC (Elliptic Curve Cryptography).”
What each brings:
Gemalto: Hardware security module (HSM) provider. Provides cybersecurity for cryptographic key management, processing, and storage. Securely provisions encryption, decryption, digital signatures, and authentication.
DigiCert: Digital certificate trusted root services.
ISARA: Quantum-resistant (quantum-safe) algorithms integrated into current security protocols and services.
The partnership aims to provide enterprise cybersecurity for long-life products. Each of the companies believes integrating the resistant and safe components now will preclude retrofitting when quantum computers come to fruition; estimated anywhere from 3 to 10 years, depending. The bottom line to the partnership is to “develop technologies that can enable digital certificates and secure key management for internet of things (IoT) and other devices in the post-quantum era.
Quantum Computers To Be Treated as Nuclear Weapons? Editorial. Consider quantum computers being internationally controlled by only a few nations, as are nuclear weapons. This report is found here at THENEXTPLATFORM…
September 24, 2018
Concern Over Complexity of Cryptographic Methods May Ease. A new partnership between two commercial entities may be able to ease concern over implementing crypto-agile systems which also provide quantum safe (quantum resistant) cryptographic methods. Release is found at INFOSEC GLOBAL…
Quantum Risk Assessment? Recommendation is to conduct a QRA and invest in quantum-safe cryptographic methods. This report is found at Computer Business Review…
September 19, 2018
Quantum Computing and Cryptography; Bruce Schneier. With a crypto-apocalypse in the predictions within the next ten years (or 3 or 5 or 8 or 20 years), any IT security professional — of any level — would be wise to “keep it real”. Great discussion to that end from Bruce Schneier. This report is found at Schneier…
Post-Quantum Computing’s Importance. Cybersecurity today, and in 20 years no-cybersecurity with quantum computers. What some in industry are doing to prevent QC hacking. This report is found at nanalyze…
September 18, 2018
Cybersecurity Professional? Get Ready, Now. Sage advice for those in cybersecurity: Prepare now, get agile, quantum is coming. This report is found at CSO…