securing your data in transit for the long term · © 2014 id quantique sa, switzerland | page 2 id...

Securing Your Data In Transit For The Long Term

Or what happens when RSA encryption is finally broken by mathematicians or quantum computers?

October 2014

© 2014 ID Quantique SA, Switzerland | page 2 ID Quantique PROPRIETARY

Services

ID Quantique

Photon Counters

Quantum Random Number

Generators

Quantum Security Network

Encryption Technology

Swiss company, founded 2001, based in Geneva Spin-off of University of Geneva, Group of Applied Physics Offers encryption technology which is safe into the ‘quantum era’ Protection of long-term data in high-speed transit


Thank you!


HACKING IS EASY (AND EVERYONE IS DOING IT)


Optical fiber bending & coupling Buy an optical tap legally online

• http://www.fods.com/optic_clip_on_coupler.html

Optical Tapping for under €500

Emitter

Receiver

Eavesdropper

http://www.fods.com/optic_clip_on_coupler.html


Social Engineering

7

A telecom company outsources the laying of new optical fibers for a bank to a maintenance team who do not understand the security issues. The naked optical fiber is accessible….

….and the detailed layout of the fiber network & the name of the bank is clearly visible for future hacking attempts


THE THREAT: PUBLIC-KEY CRYPTOGRAPHY


Public Key Cryptography: Threats

9

Alice Bob

What are the 2 prime factors of :

5313043722633707

Hint : http://primes.utm.edu/lists/small/

http://primes.utm.edu/lists/small/



10

Alice Bob

5313043722633707 =

86030827 * 61757441


Use mathematical « one-way » functions


11

Alice Bob

2’357 x 4’201 = ? A x B = 9’901’757 Theoretical Progress

Increase in Computing Power

Vulnerable to…

Quantum Computers


Classical physics … - 1900 Describes the macroscopic world

Deterministic

Intuitive

Quantum physics 1900 - … Description of the microscopic

world

Probabilistic Central role of the observer Not very intuitive

Classical and Quantum Physics

Quantum physics Novel information processing possibilities Quantum Information Theory (QIT)


Quantum Computing Basics Uses quantum properties, not binary code (qubits vs. bits) Acts as a massively parallel computer Will render today’s public key encryption unsafe

The Threat: Quantum Computing


Shor’s Algorithm • Peter Shor, 1994 • Quantum algorithm for integer

factorization O((log N)3) vs O(e1.9 (log N)1/3 (log log N)2/3)

Can break RSA, Elliptic Curve & Diffie Hellman

Grover’s Algorithm • Lov Grover, 1996 • Quantum algorithm to perform

search in an unsorted database • O(n½) vs O(n)

• Key halfed for symmetric

cryptography AES-128 64 bits security AES-256 128 bits security

Quantum Computing and Cryptography


America is building a quantum computer for cryptanalysis • http://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-

quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_story.html

• According to Snowden this is a major NSA initiative called “Penetrating Hard Targets”

China Prepares for Quantum Age • Source: http://www.hpcwire.com/2014/01/24/china-prepares-quantum-age/ • “The importance of building a quantum computer is such that the Chinese

government funded 90 quantum related projects last year through the National Natural Science Foundation of China.”

Lazaridis (RIM cofounder) has invested $250 million+ into quantum

computing at Waterloo – Quantum Valley Dwave raised funds from Jeff Bezos (Amazon), InQTel (NSA investment arm)

and sells to Lockheed Martin, NASA

Quantum Computing in Research

http://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_story.html



http://www.hpcwire.com/2014/01/24/china-prepares-quantum-age/


« Wait and see » approach is too risky

Next generation of cryptographic infrastructure: • Must have quantum-safe alternatives • Should have algorithmic agility built in

When do we need to start worrying?

16

Time

Information Exchange

Information lifetime (based on legal, business or strategic constraints)

Vulnerability

Time for migration (from a few months to several years)


Quantum computers have more than 1000 qubits – OR – • Quantum computers have demonstrated that Shor’s algorithm to factor numbers works • D-Wave sold a 128-bit computer in 2011; announced a 512-bit computer • Lazaridis (RIM cofounder) has invested $250MM+ into quantum computing at Waterloo –

Quantum Valley RSA-1024 has been broken – OR –

• RSA-768 was cracked in December, 2009 using 5TB of data and 1500 CPU-years of a 2.2GHz Opteron

• NIST recommendation – stop using RSA-1024 before 12/31/2013 • U of Mich reported breaking RSA-1024 using a side channel attack

Large organized networks of computers can be formed to solve complex, time-consuming problems – OR – • Network bots, SETI-at-home • Bitcoin • Millions-to-billions of smart phones around the world with quad-core ARM processors all linked

over a common network (telecom systems) You transmit data over the network that needs to be protected for more than five years

Leading Signs That It’s Time To Adopt QKD


« Post-quantum » cryptography • Classical codes deployable

without quantum technologies • Believed/hoped to be secure

against quantum computer attacks of the future

Quantum Key Distribution • Quantum codes requiring

some quantum technologies currently available

• Typically no computational assumptions and thus known to be secure against quantum attacks

The Solution: Quantum-Safe Cryptographic Infrastructure

+ Both sets of cryptographic tools can work together to form a quantum-safe cryptographic infrastructure


ONE SOLUTION: QUANTUM MECHANICS FOR SECURE

ENCRYPTION KEYS


Change in Paradigm

20

Network Encryption

High speed cryptosystem implementation (typically AES)

Key Management Crypto K

ey Lifecycle


THE SOLUTION (1): QUANTUM RANDOM NUMBER

GENERATION (QRNG)


Physical Random Number Generator exploiting a phenomenon described by quantum physics

Truly random

Quantum Randomness

Advantages • Speed • Simple process that can be modeled influence of environment can be ruled out • Live monitoring of elementary components possible

Source of photons

Photons

Detectors

Semi-transparent Mirror


Quantum Random Number Generator

23


THE SOLUTION (2): QUANTUM KEY DISTRIBUTION (QKD)


Quantum Cryptography

Fragile ! "0"

"1" "1" "0"

⊕

Message

Secret Key

Scrambled Message

⊕

Message

Secret Key

Alice

Bob

Symmetric Cryptography

Identical keys Key Exchange ?!?


Transparent Layer 2 Encryption • AES-256 in CFC and CTR modes • Up to 100Gbps • Multiprotocol (Ethernet, Fibre Channel)

Provably secure key distribution: QKD • Distilled key distribution rate: 1000 bps

over 25km/6dB • Range: 100km

Quantum-Enabled Network Encryption

xWDM

Quantum Channel – Dark Fiber

Local Area Network

Local Area Network

+


Today’s Depoyments of QKD

(WAN)

MAN/SAN

Hybrid solutions: • Conventional encryption on wide area network

• QKD on DRC and backbone links

Classical Encryption Device

Quantum Encryption Solution


Sporting & Public Events

Critical police & Joint Operations link secured during 2010 FIFA World Cup in South Africa

Secured communication for data, telephone, internet, video, and e-mail


European Banks: Data Center Interconnect

European banks secure critical links between bank headquarters and data recovery centers


Data Centers for Financial Companies

QKD-secured data center link large financial institution in Netherlands

Installed in 2010 • High-speed encryption • 4 x Ethernet 1G links • 2 x FC-4 links


Geneva (Switzerland) uses QKD to guarantee confidentiality & integrity of data during federal & cantonal elections

Working since October 2007

Government & Public Administration

Central Vote Counting Station

Geneva Government Data Center Ballots

Downtown Geneva

Cerberis Solution

Mail Votes

4 km


Quantum Keys-as-a-Service by Telecom Operators

World-first QKD-as-a-Service offered by Colt

Data link between Swiss financial district and critical DRC 70 kms away • Eg. 10Gigabit FCoIP link

Colt provides quantum-secured link as a monthly service for banks & enterprises • Easy to set up & maintain

under existing SLAs • First step towards a

QuantumCloud

Data Recovery Center

Bank

Server Room Bank

Client B

Client C

Client D

Server Room

Client B

Server Room

Client C

Server Room

Client D

Ethernet or FC connection for data

QKD fiber


Enterprise: Corporate Data & IP

Battelle USA • World’s largest nonprofit R&D

organization • Over 22,000 employees at more than 130

locations globally Requirement to protect mission critical

corporate, financial information & intellectual property (designs, drawings, etc)

IDQ’s quantum cryptography used to secure critical links between headquarters in Columbus Ohio and satellite office in Dublin Ohio

By 2015 will connect Battelle building in Washington DC with QKD-secured link • Working with IDQ to develop trusted nodes

for increased distance of QKD


QKD IN THE FUTURE


Battelle in 2015

Battelle Main Campus

Battelle Aberdeen Office

Battelle QKD Backbone • Columbus Ohio to Washington DC area

• > 770 km • Deployment in 2015


2015: IDQ-Battelle quantum backbone for long-term inter-datacenter security

36

Columbus, OH QKD pilot network (showing four Battelle-IDQ prototype Trusted Nodes operating today) illustrates multi-access metro topology


QKD Networks

37

© 2014 ID Quantique SA, Switzerland | page 38 ID Quantique PROPRIETARY 38

Thank you for your attention

7th Winter School on Practical Quantum Communications

Dates: January or February 2015 Location: Les Diablerets, Switzerland More: www.idquantique.com or [email protected]

38

Pictures from previous editions

2014 key note speakers included: • Gilles Brassard • Nicolas Gisin • Vadim Makarov • Sandu Popescu • Renato Renner 2015 will include • Whitfield Diffie • Nicolas Gisin • Catherine Mc Geoch • Colin Williams • … and more!


Gilles Gravier Director Product Management Email: [email protected]

Our team today :

Pierre-Alain Hinnen Key Account Manager

Email: [email protected]

ID Quantique SA http://www.idquantique.com/

mailto:[email protected]

mailto:[email protected]

http://www.idquantique.com/

securing your data in transit for the long term · © 2014 id quantique sa, switzerland | page 2 id...

Documents