You may have seen our recent post discussing the top themes and stories that caught our eye during this year’s RSA Conference. One that truly stood out is the discussion around quantum cybersecurity, including quantum random.
As mentioned in that post, we had several conversations on this topic during RSAC, with interest in quantum resilience, quantum key distribution, and security applications that are particularly quantum-resilient. Unsurprisingly, the interest has grown along with the advancements in quantum computers in the past few years.
Here are a few things we believe companies can start doing to prepare for a quantum future:
Quantum random number generation – Pseudo-random number generators (PRNGs) are still used in everyday encryption practices and can increase the chances for attackers to breach a system. PRNGs begin with a base sequence known as a seed, drawn from a random-ish component such as measurements of mouse cursor movements or from a separate hardware random number generator. However, PRNGs may not be as random as one would like, and have been the source of several security breaches. Reduced randomness means that it is easier or faster for an attacker to guess a key, in turn reducing the strength of the encryption. If someone can measure that keystroke pattern or reverse-engineer one of the algorithms used (among other methods), they can predict the next numbers in the “random” sequence.
Generating truly random numbers is harder than one might think, but one way is to measure natural, truly random phenomena. At QuintessenceLabs, we’re harnessing an intriguing phenomenon called quantum tunneling, which uses a diode to measure quantum fluctuations, then generates true random numbers that form the basis for the strongest possible encryption keys, delivered at 1Gbit/s.
Quantum random number generation (QRNG) addresses the weaknesses of PRNG and is an important tool to enhance data security today, and to help build resilience against the coming quantum computing threats, contributing to give us peace of mind that our medical records, tax returns, classified government documents, and corporate secrets are safe now and well into the future.
Advanced key management and key wrapping – We know that key management is one of the biggest challenges in data security, which is why we’re committed to helping companies implement enterprise-wide solutions. Without proper key management policies in place, companies become more vulnerable and open for attack.
Some of the most important components of key management include separation of duties, which ensures that no one person among the system administrators is managing the encryption keys; support for industry-standard encryption algorithms to conform to government and other regulatory requirements, and third-party integration through APIs and solutions that facilitate it. qCrypt supports many encryption algorithms, and includes templates and object policies that make it easy to manage algorithm standardization and migration. Furthermore, it’s conformant with the OASIS Key Management Interoperability Protocol (KMIP) and is regularly tested for interoperability with other vendors’ encryption products.
Diving deeper, it’s crucial for a key management system to have key replication, should one management node (server) go offline, or lose or corrupt keys. Therefore, it’s also crucial to securely transfer keys between the nodes. TLS authentication is commonly used for this, including with qCrypt. However, qCrypt also employs symmetric-key encryption within its TLS payloads. In an ideal setup, random numbers are gathered from a quantum random number generator, then packaged as a symmetric key, which is then used to encapsulate or “wrap” the material to transfer (such as an RSA key or other cryptographic object). This is then carried as the payload in the TLS connection. The initial contribution of the QRNG combined with the symmetric encryption makes this network transfer inherently quantum-resistant.
Quantum key distribution (QKD) – QKD uses quantum properties to exchange secret information, including cryptographic keys, in a way that’s invulnerable to cyber threats we can anticipate in the future. The security of QKD doesn’t rely on algorithms; rather, it uses the fundamental characteristics of quantum mechanics, where measuring a quantum effect disturbs the system. This means an eavesdropper trying to intercept a quantum key exchange will inevitably leave traces, allowing the intended exchanging parties to reject the exposed information. QKD can also effectively add an additional layer of quantum-resistant protection to the aforementioned key wrapping. Since QKD is protected by the laws of physics, it will remain invulnerable to increasing computational power, including new attack algorithms and quantum computers.
Still interested in learning more about quantum-based cybersecurity and encryption? Check out our blog for plenty of information on quantum development or get in touch in with our team!