Cybersecurity In The Age Of Quantum Computing
By Jeff Koyen
Like black holes, quantum computing was for many years nothing more than a theoretical possibility. It was something that physicists believed could exist, but it hadn’t yet been observed or invented.
Today, not only is quantum computing a proven technology, it’s a radically new field with the potential to upend countless industries—not least being cybersecurity systems that rely on uncrackable encryption.
The threat is serious enough that it’s piqued the interest of the National Institute of Standards and Technology (NIST), a non-regulatory agency of the United States Department of Commerce.
In December 2016, NIST announced the Post-Crypto Quantum Project and began accepting submissions for “quantum-resistant public-key cryptographic algorithms."
While acknowledging that quantum computers are still 20 years away, NIST believes that we “must begin now to prepare our information security systems to be able to resist quantum computing.”
To know what this means for network security professionals, let’s start with quantum computing’s current state.
Quantum Leaps
Whether it’s plotting flight paths for a space probe or retouching a family photo, every computer is essentially “computing” something.
What sets quantum computers apart is the use of atomic particles to form quantum bits, or qubits for short, rather than silicon-based transistors. This makes them exponentially more powerful. It’s estimated that a single 50-qubit quantum computer would outperform today’s most powerful mainframes—without breaking a sweat.
First postulated in the 1970s by several research physicists, quantum computers didn’t become a reality until 2000, when scientists at IBM strung together five qubits to solve a simple mathematical problem. Their “computer" was roughly as powerful as a handheld calculator, Wired reported at the time.
In the years since, quantum computing has grown rapidly in both computational power and accessibility thanks to investment from both the private and public sectors. Among the major players are household names such as Lockheed Martin and Microsoft. In 2011, working with the University of Southern California, Lockheed Martin launched its own quantum research division. Microsoft got in the game in 2016.
Earlier this year, IBM Q was launched “to build commercially available universal quantum computers for business and science.” This new unit has already built functioning 16-qubit and 17-qubit computers. IBM is offering developers beta access to the smaller unit.
Meanwhile, Google’s Quantum A.I. Lab claims to have built a working 20-qubit computer. This same team is reportedly on track to announce the world’s first 49-qubit chip by the end of 2017.
Network Insecurity
What’s this got to do with network security?
Whether you’re sending money via Paypal or authorizing a user for root access, you’re relying on security systems based on cryptography. And modern cryptography relies on mathematical calculations so complex—using such large numbers—that attackers can’t crack them.
But these math problems are not technically impossible to crack; they are practically impossible. Using the most powerful computers available today, hackers would need hundreds, thousands, even millions of years to perform these calculations.
A quantum computer, on the other hand, might do the same work in just minutes, rendering modern cryptography obsolete. When cryptography collapses so, too, does network security.
Bikash Koley, CTO for Juniper Networks, explains cryptography’s basic premise as data which is secured using a combination of public and private keys; while the public key is widely distributed, private keys are computed using mathematical algorithms. “The algorithms are designed in a way that acquiring the private keys from the public keys is nearly impossible,” he said. “For traditional computers, for example, it would take thousands—to millions—of years, depending on how many bits there are in the keys. Quantum computers are very good at number crunching, especially for a specific type of problem.”
As quantum computers begin to crack this encryption, guessing the right private key may only take days or hours. At that point, he said, encryption, as we currently know it, is seriously vulnerable.
Fighting Quantum With Quantum
Fortunately, this threat to modern encryption isn’t taking anyone by surprise. In fact, long-standing quantum theory itself may offer a solution.
In the simplest terms, quantum cryptography relies on the Heisenberg Uncertainty Principle, which states that an observer cannot fully measure a moving object’s position and path without affecting one or the other.
Quantum cryptography was first proposed in the 1970s by Stephen Wiesner, a physicist who’s also credited with theorizing quantum computing around the same time. Building upon Weisner’s work, collaborative research by Charles H. Bennett, and Gilles Brassard of IBM’s Thomas J. Watson Research Center and the University of Montreal, respectively, proposed a method for secure communication titles BB84.
Koley explains that quantum key distribution (QKD) is theoretically a completely secure method of key distribution, and relies on quantum entanglement to transmit information in quantum states, or qbits.
“Typically, photons are used over a fiber-optic channel to achieve this,” he said. “Any attempt to measure one of the entangled photons leads to changes in the quantum state of the other, and therefore is detected. Thus, QKD offers a key distribution mechanism where any attempt to intercept the key by eavesdropping is revealed and the keys are discarded. QKD is not vulnerable to cracking attempts by quantum computers the same way that traditional cryptographic techniques are because any interception attempts in the QKD paradigm are readily detected. This is one of the reasons QKD is considered to be a good candidate for post-quantum security.”
Koley further explains that as a practical application, QKD distributes encoding information in such a manner that, should an eavesdropper attempt to intercept the message, the act of interception changes the encryption itself.
Although they’re widely considered to be the most cryptographically secure communication channels, there may be no defense against the 50-qubit quantum computers that are expected to come online in the next decade. That’s not to mention the 100,000-qubit crypto-killers that IBM plans to eventually build.
Don’t Panic — Yet
But not everyone is worried.
Steve Wilson, principal analyst at Constellation Research, has been throwing bombs at quantum boosters since 2012 and remains skeptical that we’ll witness the collapse of conventional cryptography anytime soon.
“It seems that practical engineering of quantum computers with large numbers of qubits will remain relatively expensive for a while yet,” said Wilson, who is a specialist on digital identity and privacy. “This means that crypto can probably buy some time, and stay ahead of quantum computing… The arms race between cryptographic key length and brute force attack may continue indefinitely."
While a security strategy—which includes the most secure encryption possible along with deploying the best firewalls—may start with preventing breaches, you have to expect that regardless of the strength of your security posture, some breaches may be inevitable.
“Quantum computing only makes the probability higher,” said Koley. “That means it’s equally important for network security professionals to deploy the right technology to very quickly detect breaches. The good news is that big data analytics, machine learning and artificial intelligence can really help. Quantum computers will be helpful in substantially reducing the time it takes for such detection.”
The Uncertainty Principle
There’s a lot at stake in the race for so-called “quantum supremacy."
Even the skeptics agree that quantum computing has the potential to revolutionize every industry, from finance to healthcare to national defense. Imagine using a 50-qubit computer to forecast the stock market or to sequence an entire population’s DNA; or how the military could use a machine that’s one million times more powerful than today’s supercomputers.
The most likely winners, according to Koley, are the companies that are making early and significant investments into quantum computing today, as the technology requires more than a decade of continuous investment and innovation. Companies like IBM, Google and Microsoft, with an appetite to continue such investment, will have a clear edge, he said.
Juniper is pioneering the concept of a software-defined secure network to stay ahead of the curve in the post-quantum security world. We believe it’ll be a key pillar in securing network infrastructures in the next decade.
For network security professionals, deploying the right technology to detect breaches quickly will continue to be key. “The good news is that big data analytics, machine learning and artificial intelligence can really help,” Koley said. “Quantum computers will be helpful in substantially reducing the time it takes for such detection.”
At the same time, the research, data and trade secrets that form the backbone of each of these industries must remain secure. In this chicken-and-egg paradox, quantum computing may deliver both salvation and damnation.
Like black holes, quantum computing was for many years nothing more than a theoretical possibility. It was something that physicists believed could exist, but it hadn’t yet been observed or invented.
Today, not only is quantum computing a proven technology, it’s a radically new field with the potential to upend countless industries—not least being cybersecurity systems that rely on uncrackable encryption.
The threat is serious enough that it’s piqued the interest of the National Institute of Standards and Technology (NIST), a non-regulatory agency of the United States Department of Commerce.
In December 2016, NIST announced the Post-Crypto Quantum Project and began accepting submissions for “quantum-resistant public-key cryptographic algorithms."
While acknowledging that quantum computers are still 20 years away, NIST believes that we “must begin now to prepare our information security systems to be able to resist quantum computing.”
To know what this means for network security professionals, let’s start with quantum computing’s current state.
Quantum Leaps
Whether it’s plotting flight paths for a space probe or retouching a family photo, every computer is essentially “computing” something.
What sets quantum computers apart is the use of atomic particles to form quantum bits, or qubits for short, rather than silicon-based transistors. This makes them exponentially more powerful. It’s estimated that a single 50-qubit quantum computer would outperform today’s most powerful mainframes—without breaking a sweat.
First postulated in the 1970s by several research physicists, quantum computers didn’t become a reality until 2000, when scientists at IBM strung together five qubits to solve a simple mathematical problem. Their “computer" was roughly as powerful as a handheld calculator, Wired reported at the time.
In the years since, quantum computing has grown rapidly in both computational power and accessibility thanks to investment from both the private and public sectors. Among the major players are household names such as Lockheed Martin and Microsoft. In 2011, working with the University of Southern California, Lockheed Martin launched its own quantum research division. Microsoft got in the game in 2016.
Earlier this year, IBM Q was launched “to build commercially available universal quantum computers for business and science.” This new unit has already built functioning 16-qubit and 17-qubit computers. IBM is offering developers beta access to the smaller unit.
Meanwhile, Google’s Quantum A.I. Lab claims to have built a working 20-qubit computer. This same team is reportedly on track to announce the world’s first 49-qubit chip by the end of 2017.
Network Insecurity
What’s this got to do with network security?
Whether you’re sending money via Paypal or authorizing a user for root access, you’re relying on security systems based on cryptography. And modern cryptography relies on mathematical calculations so complex—using such large numbers—that attackers can’t crack them.
But these math problems are not technically impossible to crack; they are practically impossible. Using the most powerful computers available today, hackers would need hundreds, thousands, even millions of years to perform these calculations.
A quantum computer, on the other hand, might do the same work in just minutes, rendering modern cryptography obsolete. When cryptography collapses so, too, does network security.
Bikash Koley, CTO for Juniper Networks, explains cryptography’s basic premise as data which is secured using a combination of public and private keys; while the public key is widely distributed, private keys are computed using mathematical algorithms. “The algorithms are designed in a way that acquiring the private keys from the public keys is nearly impossible,” he said. “For traditional computers, for example, it would take thousands—to millions—of years, depending on how many bits there are in the keys. Quantum computers are very good at number crunching, especially for a specific type of problem.”
As quantum computers begin to crack this encryption, guessing the right private key may only take days or hours. At that point, he said, encryption, as we currently know it, is seriously vulnerable.
Fighting Quantum With Quantum
Fortunately, this threat to modern encryption isn’t taking anyone by surprise. In fact, long-standing quantum theory itself may offer a solution.
In the simplest terms, quantum cryptography relies on the Heisenberg Uncertainty Principle, which states that an observer cannot fully measure a moving object’s position and path without affecting one or the other.
Quantum cryptography was first proposed in the 1970s by Stephen Wiesner, a physicist who’s also credited with theorizing quantum computing around the same time. Building upon Weisner’s work, collaborative research by Charles H. Bennett, and Gilles Brassard of IBM’s Thomas J. Watson Research Center and the University of Montreal, respectively, proposed a method for secure communication titles BB84.
Koley explains that quantum key distribution (QKD) is theoretically a completely secure method of key distribution, and relies on quantum entanglement to transmit information in quantum states, or qbits.
“Typically, photons are used over a fiber-optic channel to achieve this,” he said. “Any attempt to measure one of the entangled photons leads to changes in the quantum state of the other, and therefore is detected. Thus, QKD offers a key distribution mechanism where any attempt to intercept the key by eavesdropping is revealed and the keys are discarded. QKD is not vulnerable to cracking attempts by quantum computers the same way that traditional cryptographic techniques are because any interception attempts in the QKD paradigm are readily detected. This is one of the reasons QKD is considered to be a good candidate for post-quantum security.”
Koley further explains that as a practical application, QKD distributes encoding information in such a manner that, should an eavesdropper attempt to intercept the message, the act of interception changes the encryption itself.
Although they’re widely considered to be the most cryptographically secure communication channels, there may be no defense against the 50-qubit quantum computers that are expected to come online in the next decade. That’s not to mention the 100,000-qubit crypto-killers that IBM plans to eventually build.
Don’t Panic — Yet
But not everyone is worried.
Steve Wilson, principal analyst at Constellation Research, has been throwing bombs at quantum boosters since 2012 and remains skeptical that we’ll witness the collapse of conventional cryptography anytime soon.
“It seems that practical engineering of quantum computers with large numbers of qubits will remain relatively expensive for a while yet,” said Wilson, who is a specialist on digital identity and privacy. “This means that crypto can probably buy some time, and stay ahead of quantum computing… The arms race between cryptographic key length and brute force attack may continue indefinitely."
While a security strategy—which includes the most secure encryption possible along with deploying the best firewalls—may start with preventing breaches, you have to expect that regardless of the strength of your security posture, some breaches may be inevitable.
“Quantum computing only makes the probability higher,” said Koley. “That means it’s equally important for network security professionals to deploy the right technology to very quickly detect breaches. The good news is that big data analytics, machine learning and artificial intelligence can really help. Quantum computers will be helpful in substantially reducing the time it takes for such detection.”
The Uncertainty Principle
There’s a lot at stake in the race for so-called “quantum supremacy."
Even the skeptics agree that quantum computing has the potential to revolutionize every industry, from finance to healthcare to national defense. Imagine using a 50-qubit computer to forecast the stock market or to sequence an entire population’s DNA; or how the military could use a machine that’s one million times more powerful than today’s supercomputers.
The most likely winners, according to Koley, are the companies that are making early and significant investments into quantum computing today, as the technology requires more than a decade of continuous investment and innovation. Companies like IBM, Google and Microsoft, with an appetite to continue such investment, will have a clear edge, he said.
Juniper is pioneering the concept of a software-defined secure network to stay ahead of the curve in the post-quantum security world. We believe it’ll be a key pillar in securing network infrastructures in the next decade.
For network security professionals, deploying the right technology to detect breaches quickly will continue to be key. “The good news is that big data analytics, machine learning and artificial intelligence can really help,” Koley said. “Quantum computers will be helpful in substantially reducing the time it takes for such detection.”
At the same time, the research, data and trade secrets that form the backbone of each of these industries must remain secure. In this chicken-and-egg paradox, quantum computing may deliver both salvation and damnation.
No comments:
Post a Comment