gemalto executive day 2016 quantum safe cryptography · china’s internet ‘hijacking’ creates...

ID Quantique PROPRIETARY

Prague, June 2016

Gemalto Executive Day 2016

Quantum Safe Cryptography

ID Quantique PROPRIETARY 2

ID Quantique

Photon

Counting

Technology

Quantum-Safe

Security

Services

Swiss company, founded 2001, based

in Geneva.

Spin-off of University of Geneva, Group of

Applied Physics.

World leaders in Quantum-Safe Crypto.

Quantum Key Generation

Quantum-safe high-performance layer 2 encryption

Quantum Key Distribution

Random

Number

Generation

ID Quantique PROPRIETARY ID Quantique PROPRIETARY

Chapter I

How to protect mission-critical data into, and beyond, the era of quantum computer


▸ Why Encrypt?

▸ What Matters in Cryptography

▸ The New Threat !

AGENDA


WHY ENCRYPT?

5


HACKING IS EASY

(and everyone is doing it)


Mandiant Report 2013 on systematic Chinese government hacking:

▸ The Chinese government (PLA) employs an entire department of professional hackers – APT1

▸ APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations

▸ APT1 periodically revisits the victim’s network over several months or years (up to 4 years)

▸ They steal broad categories of intellectual property for industrial espionage

http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf

… and everyone’s doing it!

7

China’s Internet ‘Hijacking’ Creates Worries for Security Experts

▸ For 15 minutes in April 2010, network traffic from 15% of world-wide routes was diverted via China before reaching intended destination

▸ Using BGP messages, China Telecom supplied erroneous routing information that the fastest path for the diverted routes was through Chinese networks

http://www.bgpmon.net/chinese-isp-hijacked-10-of-the-internet/


▸ There are multiple ways to intercept an optical fiber

▸ The simplest method is fiber bending & coupling

- No link interruption

- Moderate insertion loss

- Trivial manipulation

Optical Tapping for under €500

Emitter

Receiver

Eavesdropper

Data interception over a live optical fiber

is feasible with equipment costing less

than €500 and available online

For example

• http://www.fods.com/optic_clip_on_coupler.html

• Proposed applications include:

o Test maintenance

o Fiber identification

o Voice communications


▸ Data is protected by volume… No!

- Snowden reports prove that intercepting and analyzing volume traffic is not a major hindrance

- 10Gbps data flows simply improve the ROI of the hacker

▸ WDM Networks cannot be tapped…No!

- Spectral filters and analysers with high separation exist and are cheap

▸ Fibre Channel protocols are safe… No!

- Network analyzers specialized in FC can sniff & reconstruct FC traffic

▸ Dark Fibers are Safe…No!

- Dark fiber have no inherent protection & can be accessed via multiple points, including telecom stations and manholes

▸ Attenuation Monitoring is adequate protection...No!

- Special hacking techniques do not trigger an alarm

▸ VPNs are inherently secure…No!

- There is no “privacy” to a VPN – it simply segments data virtually

False Perceptions of Network Security


▸ There is a general trend towards increasing penalties for data breaches

- Trend towards increasing penalties in all sectors & most geographies

- Include the possibility of criminal jail sentence if negligence demonstrated

▸ FTC urges data-breach penalties

- The Federal Trade Commission is hoping US Congress will see fit to legislate monetary consequences for breached companies

▸ US Congress wants to introduce ‘Personal Data Protection and Breach Accountability Act of 2014‘

▸ USA - HIPAA healthcare violation penalties rise

▸ EU - General Data Protection Regulation (GDPR) – to come in force 2018

- Requirement to report breach to national authority

- Proposed fine up to 4% of the annual worldwide turnover

- Unless data is encrypted!

Legal & Compliance Requirements Penalties for Data Breaches are also increasing


WHAT MATTERS IN

CRYPTOGRAPHY

11


Cryptography: The art of taking a message and rendering it unreadable to any unauthorized party

Cryptanalysis: The art of code breaking

Process: An encryption key is added to clear text to turn it into ciphertext. The key is then used to decipher the text to turn it back into plaintext

What is Cryptography?

Cryptology


▸ The security of the encryption keys are vital to protection of the data

▸ They must be unique & truly random

- How strong are the keys ?

- How unique are the keys?

- How easily are they copied?

- How easily can they be “brute forced ”?

- How often are they changed?

- Where are they stored who has access to them?

What Matters in Cryptography

Auguste Kerckhoffs

(19 January 1835 – 9 August 1903)

Kerckhoffs’ Principle

A cryptosystem should be secure even if everything about the

system, except the key, is public knowledge.


THE NEW THREAT

14

ID Quantique PROPRIETARY ID Quantique PROPRIETARY 15

Public Key Cryptography: Threats

Eve

Alice Bob

Message Message

Scrambled Message

Symmetric Cryptography

Theoretical Progress

Increase in Computing Power

Vulnerable to

Quantum Computers

Secret Key Secret Key


▸ Computation with Qubits

▸ Main difference: build coherent superposition of states

▸ Behaves like a massively parallel computer

▸ Solves problems in much fewer steps

▸ Opportunity: some “intractable” computations become feasible

▸ Threat: break current public key cryptographic primitives (RSA, ECC…)

↳ This is why Quantum Computing is now discussed in Information Security

The Quantum Computer


IBM invests $3B in research initiative that

includes quantum

computing

Microsoft starts Station Q at UC Santa Barbara

ID Quantique established and starts R&D on

quantum communication

Chinese government plans major

investment in quantum

computing

Lockheed Martin buys

D-Wave Two1

2000 2005 2010 2015

UK Government invests £270M in quan-tum

techno-logies in next 5 years

EU invests €50-75 M in

quantum technologies via

FET program over next 7

years

Canadian government

invests €78M in quantum

technologies over next 7

years

Google ab-sorbs John Martinis’

research group (UC Santa Barbara)

USA ARDA invests in Quantum

Information Science and Technology Roadmap

Intel invests $50M in QuTech

NL Government

invests €135M in QuTech Delft over next 10

years

EU investment

Increasing Interest in Quantum IT

2013 July 2014 Sep 2014 2015 2005 2001

1999 2004 2010 Dec 2013 Jun 2015 2015 201x

https://www.google.nl/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCMPn4IDL6ccCFQtZFAodGrcGcw&url=https://twitter.com/intelopensource&psig=AFQjCNHl7XPrGftPf7nNd9Kc7yspRxU7Fg&ust=1441875511177835

http://www.google.nl/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCLD-gbXp7scCFYnrFAodEIUALw&url=https://decorrespondent.nl/1143/Zo-maak-je-een-Stemfie-conform-de-EU-regels/70308216-eadbbfd4&psig=AFQjCNGsh5OgPjKcatBIMLrY3PcrIlE5qw&ust=1442055475400659


Grover’s Algorithm

▸ Lov Grover, 1996

▸ Quantum algorithm to perform search in an unsorted database

▸ O(n½) vs O(n)

▸ Key halfed for symmetric cryptography

AES-128 64 bits security

AES-256 128 bits security

Quantum Algorithms & Impact on Today’s Cryptography

Can break RSA, Elliptic Curve & Diffie Hellman

Shor’s Algorithm

▸ Peter Shor, 1994

▸ Quantum algorithm for integer factorization

O((log N)3) vs. O(e1.9 (log N)1/3 (log log N)2/3)


Why Is this Important? A Classical Risk Analysis

Probability of threat

currently low but increasing Risk

Impact of threat

Extremely high if no action

taken

– Start protecting data with long term confidentiality requirements –

– Use Quantum-Safe designs –

– Enter in the Post-Quantum Era –


▸ “Wait and see” approach is too risky

▸ Encrypted data can be (and is being) downloaded & analyzed offline

▸ Next generation of cryptographic infrastructure:

- Must have quantum-safe alternatives - Should have algorithmic agility built in

▸ If quantum computer available in 2030, and information lifetime is 10 years, then a cryptographic infrastructure needs to be in place by 2020

• Be quantum-ready by 2020!

When Do We Need to Start Worrying?

Information lifetime (based on legal, business or strategic constrains)

Time for Quantum-Safe migration (from a few months to several years)

Time

Vulnerability

Information Exchange


ETSI Proposes Move to Quantum-Safe Cryptography

▸ ETSI White Paper on Quantum Safe Cryptography published mid 2014 recommends moving to quantum-safe crypto.

▸ The ETSI whitepaper states:

Without quantum-safe encryption, everything that has been transmitted, or will ever be transmitted, over a network is vulnerable to eavesdropping and public disclosure.

▸ Ongoing international efforts to develop standards around quantum-safe cryptography, eg. ETSI.

▸ Quantum-safe cryptography includes algorithms and techniques which are not vulnerable to quantum computing.

- Post Quantum Crypto (aka quantum-resistant algorithms)

- Quantum Key Distribution

21


Chapter II

Quantum-safe cryptography in action


▸ Quantum-Safe Cryptography at a Glance

▸ A couple of Use Cases

▸ How to Sell Quantum-Safe Cryptography (incl. HSE’s)

- What’s in for you !

AGENDA


QUANTUM-SAFE CRYPTOGRAPHY


“1” “1”

“0”

“0”

Fragile!

Alice Bob

Secret Key

Scrambled Message

Symmetric Cryptography

Secret Key

Quantum Cryptography = Quantum Key Distribution (QKD)



▸ Hardware solution.

▸ Typically no computational assumptions and thus known to be secure against future quantum attacks.

▸ Recommended for encryption of high-value information with requirement for long-term confidentiality.

− E.g. Data center interconnect, government data

Both sets of cryptographic tools can work together to form a quantum-safe cryptographic infrastructure

The Solution: Quantum-Safe Cryptographic Infrastructure

▸ “Post-quantum” algorithms (aka quantum-resistant algorithms)

▸ Classical codes deployable without quantum technologies. − Eg. Lattice, matrix -based algorithms

▸ Believed to be secure against Shor’s algorithm but no guarantee that there will not be other quantum attacks.

▸ Recommended for quantum-safe digital signatures & end point encryption.


▸ Supporting an existing encrypted link, IDQ QKD currently - Addresses distances up to 100km.

- Can be multiplexed up to distances of 30km, but requires a dark fiber for the actual quantum exchanges for distances between 30km-100km.

- Works in point-to-point mode.

▸ Suitable for layer 1 or layer 2 topologies - LAN / MAN / SAN

- Meshed WAN

▸ Use cases - Protection of mission critical data on data centre and MAN interconnections.

IDQ QKD Scenarios: Today

Metro Area Network

Storage Area

Network


▸ Provably secure key distribution - Distilled key distribution rate: 1000 bps over 25km/6dB

- Range: 100km

Quantum key server

Quantum Channel – Dark Fiber

or multiplexed

Quantum-Enabled Network Encryption: Today

xWDM

Local Area Network Local Area Network

▸ Transparent Layer 2 Encryption - AES-256 up to 100Gbps

- Multiprotocol (Ethernet, Fibre Channel)


QKD Dual Key Agreement


(QKD)

Public Key Agreement

Session Key Agreement

Bit-by-bit “XOR”

Encryption

Master Key

Session Key

“Super” Session Key for forward secrecy

Quantum Key

Internal or external CA ▸ Quantum keys are based on high quality entropy (encryption key) from provably random QRNG

▸ Quantum Key is mixed with the standard AES session key

▸ Advantages

- Maintains existing encryptor certifications (eg. FIPS, CC).

- Generates ''super session“ key which guarantees forward secrecy.

- Eavesdropping protection.

- No single point of vulnerability back to public-key exchange or manual key exchange (where the initial keys remain static for a long period of time). In contrast each quantum key is independent & uncorrelated, and automatically updated every minute.


USES CASES


Financial Services: QKD in Data Center Interconnect

IDQ Secures Network for Disaster Recovery

10G Ethernet Encryption with QKD

• Four 10 Gigabit Ethernet encryptors between headquarters and disaster recovery center

• QKD server provides forward-secrecy for the most sensitive long-term data

• The encryption platform is being rolled out to other areas of the company for both MAN and WAN applications

• Two-fold key security is provided and renewed in real-time

• Up to 60 times per hour in both directions

“Unlike classical encryption based on mathematical algorithms, QKD will not be compromised by mathematical progress or the continual increase in computing power and it is not vulnerable to passive attacks.”


High-Speed Network for Disaster Recovery 10G Ethernet Backbone Encryption

▸ Reliable field proven hardware

▸ Support for AES 256- bit keys

▸ Support for P2P and multipoint

▸ Leading FIPS & CC certification

▸ True full duplex wire speed encryption up to 10Gbps

▸ Low latency under 10 microseconds

▸ Advanced management & monitoring tools

Notenstein La Roche Private Bank Ltd.

“Our credibility and commitment to our customers depend on ensuring the ultimate protection of our data and availability of our services.”

CIO of Notenstein Private Bank Ltd.


IDQ Secures Global Wide Area Network Multipoint 100 Megabit Ethernet Encryption

▸ Headquarters uses two Gigabit Ethernet encryptors

▸ Branches are each equipped with a 1 Gigabit encryptor (rate-limited to 100 Megabit)

▸ Unicast (standard)

▸ Multicast (finance information to traders, secure videoconferencing, etc)

▸ Broadcast (automated equipment info exchange, etc)

▸ VLAN-based multicast traffic

- Intelligent group key system

International Global Bank


Colt & IDQ provide Managed Quantum Cryptography Service for high-security network encryption

▸ Combines quantum key distribution with high-speed encryption based on the leading 256-bit AES cipher

▸ Supports Ethernet, Fibre Channel and SONET/SDH

▸ Latency in single microseconds for real-time applications and data back-up

▸ Advanced monitoring solutions ensure absolute transparency for the end users

▸ Configurable real-time alerts and regular status reports for audit or forensic purposes

QKD as a Service

“Working together with ID Quantique allows Geneva based financial institutions and private companies to take advantage of a different type of key distribution to encrypt and protect their business critical data”

Colt Regional Sales Director Switzerland


Central Vote Counting Station

Ballots

Downtown Geneva

Cerberis QKD Solution

Mail Votes

4 km

QKD in Government & Public Administration

Geneva Government Data Center

▸ Geneva (Switzerland) uses QKD to guarantee confidentiality & integrity of data during federal & cantonal elections.

▸ Working since October 2007.


▸ Critical police & Joint Operations link secured during 2010 FIFA World Cup in South Africa.

▸ Secured communication for data, telephone, internet, video, and e-mail.

QKD in Sporting & Public Events


HOW TO SELL QUANTUM SAFE CRYPTO

(incl. HSE’s)


▸ Infrastructure refresh or change - the 5-10 year window

▸ Adoption of new technologies - e.g. Cloud

▸ Business change

▸ Regulatory environment - industry or government

▸ Move from Layer 3 to Layer 2 encryption

• Upgrade from DES

• Performance problems on real-time applications

1. Choose the Right Time


▸ Advantages of Layer 2 encryption

- No changes to network architecture required

- Easy installation & “set & forget” maintenance

- Transec to mask traffic patterns

▸ Transparent for the network

- 100% of bandwidth available for data transmission (no encryption tax)

- Low latency ≈ 10μs

- No frame loss

- Methodology RFC 2544

- Test reports available on request

▸ Compatible with existing L2 network architectures

- No need for link aggregation

- Agnostic to network equipment (no network vendor lock-in)

Advantages of Layer 2 Dedicated Encryption

0

10

20

30

40

50

60

70

80

90

100

110

64 128 256 512 1024 1280 1518 4096 8192 9216

Rx Throughput (% Line Rate)

0

1

2

3

4

5

6

7

64 128 256 512 1024 1280 1518 4096 8192 9216

Avg Latency per Link (microseconds)


▸ Layer 2 encryption occurs at the Ethernet frame layer

- Optimized for encryption on layer 2 networks

- Latency measured in microseconds

- Deterministic performance up to 10Gbps

▸ Layer 3 encryption occurs at the IP packet layer (ipsec)

- Latency measured in milliseconds

- Up to 50% loss of effective bandwidth

- For 64 bytes packets, IPSEC encryption induces a 100% overhead. 64 bytes packets typically represents up to 45% of all the IP traffic!

L2 versus L3 Network Encryption


▸ Zero Touch Core

▸ Non-disruptive Technology

▸ Low admin requirement (set & forget)

▸ Multicast encryption

▸ Deterministic Latency

HSE Value Proposition


2. Choose the Right Market

▸ Markets with regulatory requirements

- Finance

- Healthcare

▸ Markets with true security needs

- Government

- Finance & banking

- Companies needing to protect intellectual property

▸ Markets where adding “simple security” is a revenue generator

- Cloud & Data Center Providers

▸ Commercial & Industrial - risk motivators

- Financial cost

- Intellectual property

- Stakeholders

- Business interruption

- Reputation

- Asset damage

- Regulation


CN8000 Multi-Link Layer 2 Encryptor

▸ Solution Benefits of CN8000 - Support for 10 x 10G encryption

- Flexibility, Modularity & Extensibility

- Multiple protocol support in one encryptor

- 1-10G Ethernet card

- FC8 cards (for release Q3 2016)

▸ Support for Multi-Tenancy

▸ Separate management GUI per encryption card or per chassis

▸ Physical separation of users per card

▸ Granular role-based access control per chassis or per encryption card

▸ CN8000 for Data Center Interconnect - Multiple P2P links

- Multiple protocols (Ethernet, FC)

- High performance backbone link

▸ CN4000-6000 encryptors for MAN or WAN - Dedicated CN at branch offices in MAN or WAN

- Connect to one CN8000 10G card at HQ

CN dedicated encryptors

IDQ CN8000 multilink encryptor

LAN/SAN

(MAN or WAN)

NETWORK

Typical CN8000 and HSE’s Installation

TRNG inside !


A Matrix Approach - rarely any one single attribute

▸ Size - $100m + Revenues

▸ Specific vertical sector profiles e.g. financial

▸ Multi-location

▸ Valuable IP

▸ Sensitive stakeholder data

▸ Layer 2 (and the intensive L3 upgrade business case)

▸ VPN

▸ Multiple data centers

▸ IT infrastructure profile

▸ Likelihood of high data volumes

3. Choose the Right Organization

▸ Business change?

▸ IT investment profile?

▸ Technology adoption?


Multiple interlocutors within each organization

▸ Sell networking advantages to the Network Team (+ Storage / SAN Team!)

- Advantages of layer 2 – set & forget, bump in the wire

- Easy local & remote provisioning & management (and secure)

- Able to work on any L2 networks, etc

▸ Sell security advantages to the Security Team

- Long term data protection into quantum era

- Separation of duties for best practices

- State of the art key generation & management, tamper proofing, etc

▸ Sell objective numbers to the Evaluators

- Industry studies, analyst reports, academic papers

▸ Sell risk management & ROI to the Risk Management team

- Business continuity in doubt if backbone networks tapped

- Security & investment protection as encryptors can be upgraded to QKD

- Lower total Cost of Ownership (low maintenance, QKD enabled)

- High ROI, especially where regulated industries have penalties for data breach

4. Choose the Right Message


▸ Happy customers to give references on

- Product

- Service & support

- Continued relationship

▸ If you don’t have customers then propose a Proof of Concept

- Head on trials with the competition

- Supported by IDQ

5. Customers are the Best Sales Tool


▸ Avoid “sticker shock” of upfront pricing

- Qualify deal first & find out what customer values

- Work with IDQ on financial models (leasing, etc) against low-cost competitors

▸ Total Cost of Ownership

- Product lifetime significantly longer than network equipment (only 3-5 years)

- Single security policy over enterprise (scalability)

- Product interoperability

- Backward compatibility

- Tailored bandwidth for upfront savings

- Uptime – reliability

- Ease of implementation

- Ease of on-going management

- Built for security - does not require regular firmware updates

▸ Investment Protection

- Long term data protection into quantum era

6. Sell Value Not Price


For the customer Innovation = Risk

▸ IDQ’s quantum products are tried & tested

- Customer references since 2007

- Years of uninterrupted functioning

- Built with COTS standards-based products

- Continual security reviews to ensure state of the art implementation

▸ Sell Quantum Key Distribution as an investment protection, not as an innovation!

7. How to Sell Quantum


▸ $$$ – New revenue streams around hot and high-growth topics

▸ $$$ – Better margins

▸ Differentiation factors → trusted security advisor role

▸ Great story to tell

▸ Added value services sales

▸ Innovation – break new ground

▸ Loyalty through appealing and motivating programs

What’s in for Gemalto resellers


THANK YOU!


Randomness Daemon Admin

Quantum RNG Appliance

Application #1

OpenSSL

RaaS Client

DATACENTER

Application #n

/dev/random

RaaS Client

…

Quantis Appliance: Randomness-as-a-Service

… PRNG QRNG

▸ Based on IDQ’s quantum RNG

▸ Hardware source of trust for cloud or distributed environments to provide secure keys for:

- Crypto key generation for cloud & network environments (virtual machines, VPNs, etc)

- Seeding of deterministic RNGs and commercial HSMs

- Randomness as a service

- Online gaming

gemalto executive day 2016 quantum safe cryptography · china’s internet ‘hijacking’ creates...

Documents