Taking The Best Path To Post-Quantum Security
Quantum computing offers the potential to solve certain types of complex problems faster than classical computers by taking advantage of quantum mechanical effects. These quantum algorithms also have the ability to crack traditional cryptographic keys that protect today’s data.
The threat potential has led to a rise in cases of harvest now, decrypt later (HNDL) attacks that could severely jeopardize personal data, destabilize the IT industry and threaten future security, impacting everything from smart cities and national grids to autonomous vehicles, industrial operations and financial markets. In this article, we look at the security issues at play with quantum computing and the benefits of collaborating with quantum experts and taking a software approach to post-quantum cryptography.
Ensuring future data protections
The trend toward quantum computing is well underway and while still highly experimental, mainstream adoption is inevitable. Research from Gartner indicates that in 2018, less than one percent of companies were budgeting to undertake quantum deployments. However, that figure is expected to increase to 20% by 20231. The upward trend underlies the concern because quantum algorithms have the potential to recover the key of the currently used public key infrastructure (PKI).
Cybercriminals are threatening to take advantage of deficiencies in quantum security by disrupting national safety nets and using HNDL attacks to eventually decrypt the personal data of millions of users. Quantum computing also has the ability to crack traditional cryptographic keys that protect today’s data.
In response, C-suite leaders need to consider a number of areas for post-quantum risk assessment that extend to infrastructure, networking and software. Their goal should be to immediately achieve robust data and infrastructure protections that ensure Secure Now, Undecryptable Later (SNUL) results.
Building a roadmap to quantum agility and security
Today, the scope and potential of post-quantum cryptography (PQC) solutions has expanded. Organizations and international standards bodies are identifying effective algorithms and developing cryptographic systems that can defend against both quantum and classical attacks.
Indeed, for a number of technical reasons, software based PQC is attracting increased attention. It’s expected to take up a much larger market share in the future, because QKD (Quantum Key Distribution) requires substantial financial investments and IT resources. By contrast, software based PQC provides more security at a lower cost with reduced manpower and time.
For business leaders, following a security roadmap includes several key steps to build robust crypto-agility. From the outset, it’s important to design a quantum-safe infrastructure along with applications and PQC solutions. The first step is to assess the level of organization-wide quantum risk and ensure that system-wide changes don’t alienate end users or adversely effect functionality.
Preparing a secured system for quantum computing also requires devoting IT resources and significant financial investments. Since a full-scale transition to quantum security is expensive, decision-makers can choose one of three solution paths most appropriate to their organization’s needs.
Choosing the right PQC solution path
Full-scale adoption of a PQC environment across a company’s infrastructure represents the first option for deployment. However, organizational leaders need to consider the safety risks associated with new technology adoptions and the costs associated with full-scale conversions. A PQC approach also entails a difficult learning curve for IT teams as well as creating time and resource obstacles.
The second deployment option is for IT administrators to change their standard system ciphers to PQC quality. It offers a way to retain legacy technology and hardware while moving forward with quantum innovations that can meet evolving standards.
However, this approach can lead to unexpected issues related to compatibility standards between legacy systems and ciphers, resulting in additional costs. Moreover, each revision will generate resource and infrastructure effects that are the same as adopting a full-fledged PQC environment.
The third approach entails modifying the PQC algorithm, such as increasing key length or adding further security measures to the current system. However, this approach is not a fundamental solution and introduces problems that can require more resources, such as increased processor speed and additional memory.
Gaining cryptographic agility and quantum tolerance
For companies developing solutions with PQC technology, it’s recommended to use existing systems and new solutions in parallel with the expertise provided by a professional consulting firm. In turn, organizations gain economic benefits by minimizing trial and error, reducing adoption costs and increasing efficiencies.
As part of the effort to bring quantum technology to the mainstream, IoT security provider Norma offers the Q Care series as an algorithm-agnostic solution that provides size optimization and side-channel immunity implementation of all NIST-configured PQC algorithms, from hardware and software.
Norma’s goal is not only to protect sensitive data and critical infrastructure, but also to help implement secure IoT infrastructure with quantum security technology. The company’s Q Care series is designed to enable companies to upgrade their hardware deployments (sensors, hardware security modules, etc.) to software (PKI, TLS, VPN, etc.) and achieve cryptographic agility and quantum tolerance as well as comply with current encryption standards.
To learn more about how your organization can begin the journey to post-quantum security, visit: https://www.norma.co.kr/eng/
This content is sponsored by Norma.
1The CIO's Guide to Quantum Computing