Quantum Computing Poses 'Accelerating' Threat to Network Security
The use of quantum computing is emerging as a threat to public key infrastructure technology and other methods of encryption used to protect data on the internet, speakers said Tuesday during a Mobile World Live webinar. The National Institute of Standards and Technology has a long-standing project, launched in 2016, to develop post-quantum encryption standards.
Quantum computation can very quickly recover the keys that are used to protect data, said Daniel Shiu, chief cryptographer at software company Arqit. “All of a sudden we’ve got to completely rethink encryption on the internet to deal with that imminent threat,” which also is "accelerating,” he said.
There’s a lot we still don’t know and governments are probably making big investments in quantum technologies that they’re not announcing, Shiu said. There are probably research programs we know nothing about, he said. Companies like IBM have been making announcements about the growth of the use of quantum technologies, he said. As wireless moves to 5G and open networks “there’s a lot more interconnection, a lot more transfer of trust going on, and that leads to a much greater attack surface,” Shiu said.
Customers are asking for a “quantum-safe network,” said Melchior Aelmans, chief architect at Juniper Networks. While quantum computers are still being developed, we need to make networks more secure now, he said. Juniper is investigating how to develop quantum-safe connections between mobile devices and between different clouds.
Carriers face vulnerabilities as a result of quantum computing but also have “early visibility” into the problem, said Scott Alexander, Arqit chief product officer. Service providers are “fundamental” to how security and gear vendors move forward to stay “ahead of the curve,” he said. “The one thing we mustn’t do as an industry is leave this to the last minute,” he said.
“The most important thing is that we regularly check authentication and that we rotate the actual credentials,” Alexander said: “That’s one way of making the network much more robust to man-in-the-middle attacks and also any form of component spoofing,” such as databases “that aren't actually who we think they are.” Protections are especially important to get right as wireless carriers segment their networks through slicing, he said.
Post-quantum encryption tends to be complicated with “many more lines of code, many more sophisticated mathematical details to get right,” Shiu said. “Security is easiest when things are kept as simple as possible,” he said. The level of complexity can in itself make systems vulnerable, he said. The process of transforming the entire internet to a “post-quantum state” is “likely to take decades,” he warned.
“Although quantum computers powerful enough to defeat current encryption algorithms do not yet exist, security experts say that it’s important to plan ahead, in part because it takes years to integrate new algorithms across all computer systems,” NIST said last year. In November, NIST completed a comment cycle on three algorithms designed to better protect networks.