gemalto executive day 2016 quantum safe cryptography · china’s internet ‘hijacking’ creates...
TRANSCRIPT
![Page 1: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/1.jpg)
ID Quantique PROPRIETARY
Prague, June 2016
Gemalto Executive Day 2016
Quantum Safe Cryptography
![Page 2: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/2.jpg)
ID Quantique PROPRIETARY 2
ID Quantique
Photon
Counting
Technology
Quantum-Safe
Security
Services
Swiss company, founded 2001, based
in Geneva.
Spin-off of University of Geneva, Group of
Applied Physics.
World leaders in Quantum-Safe Crypto.
Quantum Key Generation
Quantum-safe high-performance layer 2 encryption
Quantum Key Distribution
Random
Number
Generation
![Page 3: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/3.jpg)
ID Quantique PROPRIETARY ID Quantique PROPRIETARY
Chapter I
How to protect mission-critical data into, and beyond, the era of quantum computer
![Page 4: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/4.jpg)
ID Quantique PROPRIETARY
▸ Why Encrypt?
▸ What Matters in Cryptography
▸ The New Threat !
AGENDA
![Page 5: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/5.jpg)
ID Quantique PROPRIETARY ID Quantique PROPRIETARY
WHY ENCRYPT?
5
![Page 6: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/6.jpg)
ID Quantique PROPRIETARY ID Quantique PROPRIETARY
HACKING IS EASY
(and everyone is doing it)
![Page 7: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/7.jpg)
ID Quantique PROPRIETARY
Mandiant Report 2013 on systematic Chinese government hacking:
▸ The Chinese government (PLA) employs an entire department of professional hackers – APT1
▸ APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations
▸ APT1 periodically revisits the victim’s network over several months or years (up to 4 years)
▸ They steal broad categories of intellectual property for industrial espionage
http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf
… and everyone’s doing it!
7
China’s Internet ‘Hijacking’ Creates Worries for Security Experts
▸ For 15 minutes in April 2010, network traffic from 15% of world-wide routes was diverted via China before reaching intended destination
▸ Using BGP messages, China Telecom supplied erroneous routing information that the fastest path for the diverted routes was through Chinese networks
http://www.bgpmon.net/chinese-isp-hijacked-10-of-the-internet/
![Page 8: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/8.jpg)
ID Quantique PROPRIETARY
▸ There are multiple ways to intercept an optical fiber
▸ The simplest method is fiber bending & coupling
- No link interruption
- Moderate insertion loss
- Trivial manipulation
Optical Tapping for under €500
Emitter
Receiver
Eavesdropper
Data interception over a live optical fiber
is feasible with equipment costing less
than €500 and available online
For example
• http://www.fods.com/optic_clip_on_coupler.html
• Proposed applications include:
o Test maintenance
o Fiber identification
o Voice communications
![Page 9: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/9.jpg)
ID Quantique PROPRIETARY
▸ Data is protected by volume… No!
- Snowden reports prove that intercepting and analyzing volume traffic is not a major hindrance
- 10Gbps data flows simply improve the ROI of the hacker
▸ WDM Networks cannot be tapped…No!
- Spectral filters and analysers with high separation exist and are cheap
▸ Fibre Channel protocols are safe… No!
- Network analyzers specialized in FC can sniff & reconstruct FC traffic
▸ Dark Fibers are Safe…No!
- Dark fiber have no inherent protection & can be accessed via multiple points, including telecom stations and manholes
▸ Attenuation Monitoring is adequate protection...No!
- Special hacking techniques do not trigger an alarm
▸ VPNs are inherently secure…No!
- There is no “privacy” to a VPN – it simply segments data virtually
False Perceptions of Network Security
![Page 10: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/10.jpg)
ID Quantique PROPRIETARY
▸ There is a general trend towards increasing penalties for data breaches
- Trend towards increasing penalties in all sectors & most geographies
- Include the possibility of criminal jail sentence if negligence demonstrated
▸ FTC urges data-breach penalties
- The Federal Trade Commission is hoping US Congress will see fit to legislate monetary consequences for breached companies
▸ US Congress wants to introduce ‘Personal Data Protection and Breach Accountability Act of 2014‘
▸ USA - HIPAA healthcare violation penalties rise
▸ EU - General Data Protection Regulation (GDPR) – to come in force 2018
- Requirement to report breach to national authority
- Proposed fine up to 4% of the annual worldwide turnover
- Unless data is encrypted!
Legal & Compliance Requirements Penalties for Data Breaches are also increasing
![Page 11: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/11.jpg)
ID Quantique PROPRIETARY ID Quantique PROPRIETARY
WHAT MATTERS IN
CRYPTOGRAPHY
11
![Page 12: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/12.jpg)
ID Quantique PROPRIETARY
Cryptography: The art of taking a message and rendering it unreadable to any unauthorized party
Cryptanalysis: The art of code breaking
Process: An encryption key is added to clear text to turn it into ciphertext. The key is then used to decipher the text to turn it back into plaintext
What is Cryptography?
Cryptology
![Page 13: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/13.jpg)
ID Quantique PROPRIETARY
▸ The security of the encryption keys are vital to protection of the data
▸ They must be unique & truly random
- How strong are the keys ?
- How unique are the keys?
- How easily are they copied?
- How easily can they be “brute forced ”?
- How often are they changed?
- Where are they stored who has access to them?
What Matters in Cryptography
Auguste Kerckhoffs
(19 January 1835 – 9 August 1903)
Kerckhoffs’ Principle
A cryptosystem should be secure even if everything about the
system, except the key, is public knowledge.
![Page 14: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/14.jpg)
ID Quantique PROPRIETARY ID Quantique PROPRIETARY
THE NEW THREAT
14
![Page 15: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/15.jpg)
ID Quantique PROPRIETARY ID Quantique PROPRIETARY 15
Public Key Cryptography: Threats
Eve
Alice Bob
Message Message
Scrambled Message
Symmetric Cryptography
Theoretical Progress
Increase in Computing Power
Vulnerable to
Quantum Computers
Secret Key Secret Key
![Page 16: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/16.jpg)
ID Quantique PROPRIETARY 16
▸ Computation with Qubits
▸ Main difference: build coherent superposition of states
▸ Behaves like a massively parallel computer
▸ Solves problems in much fewer steps
▸ Opportunity: some “intractable” computations become feasible
▸ Threat: break current public key cryptographic primitives (RSA, ECC…)
↳ This is why Quantum Computing is now discussed in Information Security
The Quantum Computer
![Page 17: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/17.jpg)
ID Quantique PROPRIETARY ID Quantique PROPRIETARY
IBM invests $3B in research initiative that
includes quantum
computing
Microsoft starts Station Q at UC Santa Barbara
ID Quantique established and starts R&D on
quantum communication
Chinese government plans major
investment in quantum
computing
Lockheed Martin buys
D-Wave Two1
2000 2005 2010 2015
UK Government invests £270M in quan-tum
techno-logies in next 5 years
EU invests €50-75 M in
quantum technologies via
FET program over next 7
years
Canadian government
invests €78M in quantum
technologies over next 7
years
Google ab-sorbs John Martinis’
research group (UC Santa Barbara)
USA ARDA invests in Quantum
Information Science and Technology Roadmap
Intel invests $50M in QuTech
NL Government
invests €135M in QuTech Delft over next 10
years
EU investment
Increasing Interest in Quantum IT
2013 July 2014 Sep 2014 2015 2005 2001
1999 2004 2010 Dec 2013 Jun 2015 2015 201x
![Page 18: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/18.jpg)
ID Quantique PROPRIETARY 18
Grover’s Algorithm
▸ Lov Grover, 1996
▸ Quantum algorithm to perform search in an unsorted database
▸ O(n½) vs O(n)
▸ Key halfed for symmetric cryptography
AES-128 64 bits security
AES-256 128 bits security
Quantum Algorithms & Impact on Today’s Cryptography
Can break RSA, Elliptic Curve & Diffie Hellman
Shor’s Algorithm
▸ Peter Shor, 1994
▸ Quantum algorithm for integer factorization
O((log N)3) vs. O(e1.9 (log N)1/3 (log log N)2/3)
![Page 19: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/19.jpg)
ID Quantique PROPRIETARY 19
Why Is this Important? A Classical Risk Analysis
Probability of threat
currently low but increasing Risk
Impact of threat
Extremely high if no action
taken
– Start protecting data with long term confidentiality requirements –
– Use Quantum-Safe designs –
– Enter in the Post-Quantum Era –
![Page 20: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/20.jpg)
ID Quantique PROPRIETARY 20
▸ “Wait and see” approach is too risky
▸ Encrypted data can be (and is being) downloaded & analyzed offline
▸ Next generation of cryptographic infrastructure:
- Must have quantum-safe alternatives - Should have algorithmic agility built in
▸ If quantum computer available in 2030, and information lifetime is 10 years, then a cryptographic infrastructure needs to be in place by 2020
• Be quantum-ready by 2020!
When Do We Need to Start Worrying?
Information lifetime (based on legal, business or strategic constrains)
Time for Quantum-Safe migration (from a few months to several years)
Time
Vulnerability
Information Exchange
![Page 21: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/21.jpg)
ID Quantique PROPRIETARY
ETSI Proposes Move to Quantum-Safe Cryptography
▸ ETSI White Paper on Quantum Safe Cryptography published mid 2014 recommends moving to quantum-safe crypto.
▸ The ETSI whitepaper states:
Without quantum-safe encryption, everything that has been transmitted, or will ever be transmitted, over a network is vulnerable to eavesdropping and public disclosure.
▸ Ongoing international efforts to develop standards around quantum-safe cryptography, eg. ETSI.
▸ Quantum-safe cryptography includes algorithms and techniques which are not vulnerable to quantum computing.
- Post Quantum Crypto (aka quantum-resistant algorithms)
- Quantum Key Distribution
21
![Page 22: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/22.jpg)
ID Quantique PROPRIETARY ID Quantique PROPRIETARY
Chapter II
Quantum-safe cryptography in action
![Page 23: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/23.jpg)
ID Quantique PROPRIETARY
▸ Quantum-Safe Cryptography at a Glance
▸ A couple of Use Cases
▸ How to Sell Quantum-Safe Cryptography (incl. HSE’s)
- What’s in for you !
AGENDA
![Page 24: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/24.jpg)
ID Quantique PROPRIETARY ID Quantique PROPRIETARY 24
QUANTUM-SAFE CRYPTOGRAPHY
![Page 25: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/25.jpg)
ID Quantique PROPRIETARY ID Quantique PROPRIETARY 25
“1” “1”
“0”
“0”
Fragile!
Alice Bob
Secret Key
Scrambled Message
Symmetric Cryptography
Secret Key
Quantum Cryptography = Quantum Key Distribution (QKD)
![Page 26: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/26.jpg)
ID Quantique PROPRIETARY 26
Quantum Key Distribution
▸ Hardware solution.
▸ Typically no computational assumptions and thus known to be secure against future quantum attacks.
▸ Recommended for encryption of high-value information with requirement for long-term confidentiality.
− E.g. Data center interconnect, government data
Both sets of cryptographic tools can work together to form a quantum-safe cryptographic infrastructure
The Solution: Quantum-Safe Cryptographic Infrastructure
▸ “Post-quantum” algorithms (aka quantum-resistant algorithms)
▸ Classical codes deployable without quantum technologies. − Eg. Lattice, matrix -based algorithms
▸ Believed to be secure against Shor’s algorithm but no guarantee that there will not be other quantum attacks.
▸ Recommended for quantum-safe digital signatures & end point encryption.
![Page 27: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/27.jpg)
ID Quantique PROPRIETARY 27
▸ Supporting an existing encrypted link, IDQ QKD currently - Addresses distances up to 100km.
- Can be multiplexed up to distances of 30km, but requires a dark fiber for the actual quantum exchanges for distances between 30km-100km.
- Works in point-to-point mode.
▸ Suitable for layer 1 or layer 2 topologies - LAN / MAN / SAN
- Meshed WAN
▸ Use cases - Protection of mission critical data on data centre and MAN interconnections.
IDQ QKD Scenarios: Today
Metro Area Network
Storage Area
Network
![Page 28: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/28.jpg)
ID Quantique PROPRIETARY ID Quantique PROPRIETARY 28
▸ Provably secure key distribution - Distilled key distribution rate: 1000 bps over 25km/6dB
- Range: 100km
Quantum key server
Quantum Channel – Dark Fiber
or multiplexed
Quantum-Enabled Network Encryption: Today
xWDM
Local Area Network Local Area Network
▸ Transparent Layer 2 Encryption - AES-256 up to 100Gbps
- Multiprotocol (Ethernet, Fibre Channel)
![Page 29: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/29.jpg)
ID Quantique PROPRIETARY 29
QKD Dual Key Agreement
Quantum Key Distribution
(QKD)
Public Key Agreement
Session Key Agreement
Bit-by-bit “XOR”
Encryption
Master Key
Session Key
“Super” Session Key for forward secrecy
Quantum Key
Internal or external CA ▸ Quantum keys are based on high quality entropy (encryption key) from provably random QRNG
▸ Quantum Key is mixed with the standard AES session key
▸ Advantages
- Maintains existing encryptor certifications (eg. FIPS, CC).
- Generates ''super session“ key which guarantees forward secrecy.
- Eavesdropping protection.
- No single point of vulnerability back to public-key exchange or manual key exchange (where the initial keys remain static for a long period of time). In contrast each quantum key is independent & uncorrelated, and automatically updated every minute.
![Page 30: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/30.jpg)
ID Quantique PROPRIETARY ID Quantique PROPRIETARY 30
USES CASES
![Page 31: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/31.jpg)
ID Quantique PROPRIETARY 31
Financial Services: QKD in Data Center Interconnect
IDQ Secures Network for Disaster Recovery
10G Ethernet Encryption with QKD
• Four 10 Gigabit Ethernet encryptors between headquarters and disaster recovery center
• QKD server provides forward-secrecy for the most sensitive long-term data
• The encryption platform is being rolled out to other areas of the company for both MAN and WAN applications
• Two-fold key security is provided and renewed in real-time
• Up to 60 times per hour in both directions
“Unlike classical encryption based on mathematical algorithms, QKD will not be compromised by mathematical progress or the continual increase in computing power and it is not vulnerable to passive attacks.”
![Page 32: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/32.jpg)
ID Quantique PROPRIETARY
High-Speed Network for Disaster Recovery 10G Ethernet Backbone Encryption
▸ Reliable field proven hardware
▸ Support for AES 256- bit keys
▸ Support for P2P and multipoint
▸ Leading FIPS & CC certification
▸ True full duplex wire speed encryption up to 10Gbps
▸ Low latency under 10 microseconds
▸ Advanced management & monitoring tools
Notenstein La Roche Private Bank Ltd.
“Our credibility and commitment to our customers depend on ensuring the ultimate protection of our data and availability of our services.”
CIO of Notenstein Private Bank Ltd.
![Page 33: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/33.jpg)
ID Quantique PROPRIETARY
IDQ Secures Global Wide Area Network Multipoint 100 Megabit Ethernet Encryption
▸ Headquarters uses two Gigabit Ethernet encryptors
▸ Branches are each equipped with a 1 Gigabit encryptor (rate-limited to 100 Megabit)
▸ Unicast (standard)
▸ Multicast (finance information to traders, secure videoconferencing, etc)
▸ Broadcast (automated equipment info exchange, etc)
▸ VLAN-based multicast traffic
- Intelligent group key system
International Global Bank
![Page 34: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/34.jpg)
ID Quantique PROPRIETARY
Colt & IDQ provide Managed Quantum Cryptography Service for high-security network encryption
▸ Combines quantum key distribution with high-speed encryption based on the leading 256-bit AES cipher
▸ Supports Ethernet, Fibre Channel and SONET/SDH
▸ Latency in single microseconds for real-time applications and data back-up
▸ Advanced monitoring solutions ensure absolute transparency for the end users
▸ Configurable real-time alerts and regular status reports for audit or forensic purposes
QKD as a Service
“Working together with ID Quantique allows Geneva based financial institutions and private companies to take advantage of a different type of key distribution to encrypt and protect their business critical data”
Colt Regional Sales Director Switzerland
![Page 35: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/35.jpg)
ID Quantique PROPRIETARY 35
Central Vote Counting Station
Ballots
Downtown Geneva
Cerberis QKD Solution
Mail Votes
4 km
QKD in Government & Public Administration
Geneva Government Data Center
▸ Geneva (Switzerland) uses QKD to guarantee confidentiality & integrity of data during federal & cantonal elections.
▸ Working since October 2007.
![Page 36: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/36.jpg)
ID Quantique PROPRIETARY ID Quantique PROPRIETARY 36
▸ Critical police & Joint Operations link secured during 2010 FIFA World Cup in South Africa.
▸ Secured communication for data, telephone, internet, video, and e-mail.
QKD in Sporting & Public Events
![Page 37: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/37.jpg)
ID Quantique PROPRIETARY ID Quantique PROPRIETARY 37
HOW TO SELL QUANTUM SAFE CRYPTO
(incl. HSE’s)
![Page 38: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/38.jpg)
ID Quantique PROPRIETARY
▸ Infrastructure refresh or change - the 5-10 year window
▸ Adoption of new technologies - e.g. Cloud
▸ Business change
▸ Regulatory environment - industry or government
▸ Move from Layer 3 to Layer 2 encryption
• Upgrade from DES
• Performance problems on real-time applications
1. Choose the Right Time
![Page 39: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/39.jpg)
ID Quantique PROPRIETARY 39
▸ Advantages of Layer 2 encryption
- No changes to network architecture required
- Easy installation & “set & forget” maintenance
- Transec to mask traffic patterns
▸ Transparent for the network
- 100% of bandwidth available for data transmission (no encryption tax)
- Low latency ≈ 10μs
- No frame loss
- Methodology RFC 2544
- Test reports available on request
▸ Compatible with existing L2 network architectures
- No need for link aggregation
- Agnostic to network equipment (no network vendor lock-in)
Advantages of Layer 2 Dedicated Encryption
0
10
20
30
40
50
60
70
80
90
100
110
64 128 256 512 1024 1280 1518 4096 8192 9216
Rx Throughput (% Line Rate)
0
1
2
3
4
5
6
7
64 128 256 512 1024 1280 1518 4096 8192 9216
Avg Latency per Link (microseconds)
![Page 40: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/40.jpg)
ID Quantique PROPRIETARY
▸ Layer 2 encryption occurs at the Ethernet frame layer
- Optimized for encryption on layer 2 networks
- Latency measured in microseconds
- Deterministic performance up to 10Gbps
▸ Layer 3 encryption occurs at the IP packet layer (ipsec)
- Latency measured in milliseconds
- Up to 50% loss of effective bandwidth
- For 64 bytes packets, IPSEC encryption induces a 100% overhead. 64 bytes packets typically represents up to 45% of all the IP traffic!
L2 versus L3 Network Encryption
![Page 41: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/41.jpg)
ID Quantique PROPRIETARY
▸ Zero Touch Core
▸ Non-disruptive Technology
▸ Low admin requirement (set & forget)
▸ Multicast encryption
▸ Deterministic Latency
HSE Value Proposition
![Page 42: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/42.jpg)
ID Quantique PROPRIETARY
2. Choose the Right Market
▸ Markets with regulatory requirements
- Finance
- Healthcare
▸ Markets with true security needs
- Government
- Finance & banking
- Companies needing to protect intellectual property
▸ Markets where adding “simple security” is a revenue generator
- Cloud & Data Center Providers
▸ Commercial & Industrial - risk motivators
- Financial cost
- Intellectual property
- Stakeholders
- Business interruption
- Reputation
- Asset damage
- Regulation
![Page 43: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/43.jpg)
ID Quantique PROPRIETARY 43
CN8000 Multi-Link Layer 2 Encryptor
▸ Solution Benefits of CN8000 - Support for 10 x 10G encryption
- Flexibility, Modularity & Extensibility
- Multiple protocol support in one encryptor
- 1-10G Ethernet card
- FC8 cards (for release Q3 2016)
▸ Support for Multi-Tenancy
▸ Separate management GUI per encryption card or per chassis
▸ Physical separation of users per card
▸ Granular role-based access control per chassis or per encryption card
▸ CN8000 for Data Center Interconnect - Multiple P2P links
- Multiple protocols (Ethernet, FC)
- High performance backbone link
▸ CN4000-6000 encryptors for MAN or WAN - Dedicated CN at branch offices in MAN or WAN
- Connect to one CN8000 10G card at HQ
CN dedicated encryptors
IDQ CN8000 multilink encryptor
LAN/SAN
(MAN or WAN)
NETWORK
Typical CN8000 and HSE’s Installation
TRNG inside !
![Page 44: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/44.jpg)
ID Quantique PROPRIETARY
A Matrix Approach - rarely any one single attribute
▸ Size - $100m + Revenues
▸ Specific vertical sector profiles e.g. financial
▸ Multi-location
▸ Valuable IP
▸ Sensitive stakeholder data
▸ Layer 2 (and the intensive L3 upgrade business case)
▸ VPN
▸ Multiple data centers
▸ IT infrastructure profile
▸ Likelihood of high data volumes
3. Choose the Right Organization
▸ Business change?
▸ IT investment profile?
▸ Technology adoption?
![Page 45: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/45.jpg)
ID Quantique PROPRIETARY
Multiple interlocutors within each organization
▸ Sell networking advantages to the Network Team (+ Storage / SAN Team!)
- Advantages of layer 2 – set & forget, bump in the wire
- Easy local & remote provisioning & management (and secure)
- Able to work on any L2 networks, etc
▸ Sell security advantages to the Security Team
- Long term data protection into quantum era
- Separation of duties for best practices
- State of the art key generation & management, tamper proofing, etc
▸ Sell objective numbers to the Evaluators
- Industry studies, analyst reports, academic papers
▸ Sell risk management & ROI to the Risk Management team
- Business continuity in doubt if backbone networks tapped
- Security & investment protection as encryptors can be upgraded to QKD
- Lower total Cost of Ownership (low maintenance, QKD enabled)
- High ROI, especially where regulated industries have penalties for data breach
4. Choose the Right Message
![Page 46: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/46.jpg)
ID Quantique PROPRIETARY
▸ Happy customers to give references on
- Product
- Service & support
- Continued relationship
▸ If you don’t have customers then propose a Proof of Concept
- Head on trials with the competition
- Supported by IDQ
5. Customers are the Best Sales Tool
![Page 47: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/47.jpg)
ID Quantique PROPRIETARY
▸ Avoid “sticker shock” of upfront pricing
- Qualify deal first & find out what customer values
- Work with IDQ on financial models (leasing, etc) against low-cost competitors
▸ Total Cost of Ownership
- Product lifetime significantly longer than network equipment (only 3-5 years)
- Single security policy over enterprise (scalability)
- Product interoperability
- Backward compatibility
- Tailored bandwidth for upfront savings
- Uptime – reliability
- Ease of implementation
- Ease of on-going management
- Built for security - does not require regular firmware updates
▸ Investment Protection
- Long term data protection into quantum era
6. Sell Value Not Price
![Page 48: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/48.jpg)
ID Quantique PROPRIETARY
For the customer Innovation = Risk
▸ IDQ’s quantum products are tried & tested
- Customer references since 2007
- Years of uninterrupted functioning
- Built with COTS standards-based products
- Continual security reviews to ensure state of the art implementation
▸ Sell Quantum Key Distribution as an investment protection, not as an innovation!
7. How to Sell Quantum
![Page 49: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/49.jpg)
ID Quantique PROPRIETARY
▸ $$$ – New revenue streams around hot and high-growth topics
▸ $$$ – Better margins
▸ Differentiation factors → trusted security advisor role
▸ Great story to tell
▸ Added value services sales
▸ Innovation – break new ground
▸ Loyalty through appealing and motivating programs
What’s in for Gemalto resellers
![Page 50: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/50.jpg)
ID Quantique PROPRIETARY
THANK YOU!
![Page 51: Gemalto Executive Day 2016 Quantum Safe Cryptography · China’s Internet ‘Hijacking’ Creates Worries for Security Experts For 15 minutes in April 2010, network traffic from](https://reader033.vdocument.in/reader033/viewer/2022042302/5ecd416ab2b0ca48e26af918/html5/thumbnails/51.jpg)
ID Quantique PROPRIETARY 51
Randomness Daemon Admin
Quantum RNG Appliance
Application #1
OpenSSL
RaaS Client
DATACENTER
Application #n
/dev/random
RaaS Client
…
Quantis Appliance: Randomness-as-a-Service
… PRNG QRNG
▸ Based on IDQ’s quantum RNG
▸ Hardware source of trust for cloud or distributed environments to provide secure keys for:
- Crypto key generation for cloud & network environments (virtual machines, VPNs, etc)
- Seeding of deterministic RNGs and commercial HSMs
- Randomness as a service
- Online gaming