Protecting data now as the quantum era approaches

Startup QuSecure is the latest vendor to jump into the field with its as-a-service offering


Analysis Startup QuSecure will this week introduce a service aimed at addressing how to safeguard cybersecurity once quantum computing renders current public key encryption technologies vulnerable.

It's unclear when quantum computers will easily crack classical crypto – estimates range from three to five years to never – but conventional wisdom is that now's the time to start preparing to ensure data remains encrypted.

A growing list of established vendors like IBM and Google and smaller startups – Quantum Xchange and Quantinuum, among others – have worked on this for several years. QuSecure, which is launching this week after three years in stealth mode, will offer a fully managed service approach with QuProtect, which is designed to not only secure data now against conventional threats but also against future attacks from nation-states and bad actors leveraging quantum systems.

"The current and near-term capability in quantum computing, which would allow for the decryption, is the big threat," Mike Brown, a retired Navy rear admiral and former senior cybersecurity specialist with the Department of Defense (DoD) and Homeland Security (DHS), told The Register. "That's what we've been talking about for years."

Brown, founder and president of security consultancy Spinnaker Security, who now onsults with QuSecure and other companies, said there has been steady progress in building up the capabilities of quantum computers in the US and abroad. He points out that nation-states with a checkered history in cyberspace, such as China, are spending huge sums and mounting massive efforts to develop such systems.

Steal now, decrypt later

A key worry is what is known as "steal now, decrypt later," QuSecure co-founder and COO Skip Sanzeri told The Register.

"This is the biggest problem, where data gets exfiltrated and it sits on servers waiting to be decrypted. If that data has 50 or 75 years of life left in its value [and] you crack it in 10 years, that's 40 to 65 years of value. This is the problem," Sanzeri said.

"This is why things need to happen. We're getting a lot of inbound inquiries from both federal and commercial [entities]. We've got pilots going across both sides of it. People are now starting to take it seriously."

Chinese AI

Warning: China planning to swipe a bunch of data soon so quantum computers can decrypt it later

READ MORE

The Biden Administration earlier this month issued a national security memorandum to address quantum computing and security, including ordering federal agencies to begin a multi-year process of migrating computer systems to quantum-resistant cryptography.

In addition, a bipartisan bill – dubbed the Endless Frontiers Act – calls for spending $100 billion on emerging technologies, including quantum computing and artificial intelligence, to close the innovation gap with China. The bill is moving through Congress.

Another bill, the Quantum Computing Cybersecurity Preparedness Act, is also finding bipartisan support to ensure that government systems adopt post-quantum cryptography by securing systems with algorithms and encryption that will be difficult for even quantum computers to break.

The USA's National Institute of Standards and Technology (NIST) is undergoing a multi-year process of setting such standards, with the hopes of publishing those by 2024.

The promise of quantum

Quantum computers promise to solve problems that are out of reach of today's supercomputers.

Classical computing elements are bits, which can be either 0 or 1. Quantum computing uses qubits, can be 0, 1 or any combination – what's referred to as a superposition. The concern is quantum systems will easily be able to break encryption methods that would take the most powerful machines today years to crack.

Like other vendors, QuSecure is working to address these challenges. It's QuProtect as-a-service architecture includes a software suite that combines zero-trust, post-quantum cryptography, quantum-strength keys and active defense. It leverages Quantum Random Number Generation (QRNG) to create truer randomness in the encryption keys, which is central to secure encryption because patterns in keys can often be detected by cryptanalysts.

The architecture also relies on a proprietary technique that enables QuSecure to get this protection out to the various endpoints, from on-premises servers and web browsers to the Internet of Things and the edge, while also ensuring the security of the networks that data traverses.

"We now have a way to create a quantum channel without putting software out on all these devices," Sanzeri said. "This method that we've discovered and are using ... allows us to create quantum channels rapidly between any end devices. If you think of IoT and edge, a lot of time those little sensors don't have any storage capacity, almost no compute capacity aside from doing the one job they do. But we can still secure those."

That said, if an enterprise or government agency needed to keep its data behind a firewall, QuSecure will manage it on-premises or in a private cloud.

QuSecure also built software interfaces, a UI and protocol switch and developed the ability to send encryption keys. It also partners with companies like Quintessence Labs and ID Quantique for QRNG.

In addition, it has what Sanzeri called "crypto agility." The architecture is optimized for all the algorithm finalists in the NIST program, so it doesn't matter which ones the organization eventually chooses, it will be supported by the QuSecure service.


Other stories you might like

  • Beijing probes security at academic journal database
    It's easy to see why – the question is, why now?

    China's internet regulator has launched an investigation into the security regime protecting academic journal database China National Knowledge Infrastructure (CNKI), citing national security concerns.

    In its announcement of the investigation, the China Cyberspace Administration (CAC) said:

    Continue reading
  • Xi Jinping himself weighs in on how Big Tech should deploy FinTech
    Beijing also outlines its GovTech vision and gets very excited about data

    China's government has outlined its vision for digital services, expected behavior standards at China's big tech companies, and how China will put data to work everywhere – with president Xi Jinping putting his imprimatur to some of the policies.

    Xi's remarks were made in his role as director of China’s Central Comprehensively Deepening Reforms Commission, which met earlier this week. The subsequent communiqué states that at the meeting Xi called for "financial technology platform enterprises to return to their core business" and "support platform enterprises in playing a bigger role in serving the real economy and smoothing positive interplay between domestic and international economic flows."

    The remarks outline an attempt to balance Big Tech's desire to create disruptive financial products that challenge monopolies, against efforts to ensure that only licensed and regulated entities offer financial services.

    Continue reading
  • China is trolling rare-earth miners online and the Pentagon isn't happy
    Beijing-linked Dragonbridge flames biz building Texas plant for Uncle Sam

    The US Department of Defense said it's investigating Chinese disinformation campaigns against rare earth mining and processing companies — including one targeting Lynas Rare Earths, which has a $30 million contract with the Pentagon to build a plant in Texas.

    Earlier today, Mandiant published research that analyzed a Beijing-linked influence operation, dubbed Dragonbridge, that used thousands of fake accounts across dozens of social media platforms, including Facebook, TikTok and Twitter, to spread misinformation about rare earth companies seeking to expand production in the US to the detriment of China, which wants to maintain its global dominance in that industry. 

    "The Department of Defense is aware of the recent disinformation campaign, first reported by Mandiant, against Lynas Rare Earth Ltd., a rare earth element firm seeking to establish production capacity in the United States and partner nations, as well as other rare earth mining companies," according to a statement by Uncle Sam. "The department has engaged the relevant interagency stakeholders and partner nations to assist in reviewing the matter.

    Continue reading

Biting the hand that feeds IT © 1998–2022