We are at a critical inflection point in Network Security. The legacy public key exchange foundation of today’s pervasively deployed secure communications will soon be obsolete and rendered insecure by quantum computers. As networking and security experts are confronted with the impending reality of “Q-day” (the day when quantum computers will be able to defeat the Internet’s current security mechanisms), what are the potential solutions to such a catastrophic problem?
While there’s no real agreement on when Q-Day will occur (different experts predict that this may have already happened or could happen within the next 2 to 20 years), there is agreement that this will be a Quantum Apocalypse because quantum computers will be able to break asymmetric encryption like RSA, DSA, ECDSA, and Diffie-Hellman protocols. While most believe that today’s quantum computers are not large enough to break these protocols, these are not problems we can punt. In the past, encryption was enough to at least deter cybercriminals. Now, they are harvesting data, in the hopes that they will be able to decrypt it when a sufficiently powerful quantum computer exists. It’s a problem that has to be addressed now.
Three Primary Solutions for Protecting Data From Quantum Attacks
There are three main categories of solutions available to provide post quantum cybersecurity: Post Quantum Cryptography (PQC), Quantum Key Distribution (QKD), and Quantum Secure Communication (QSC).
Post Quantum Cryptography are new classical encryption algorithms based on different mathematical problems that essentially replaces today’s encryption standards for key establishment and digital signatures. The National Institute of Standards and Technology (NIST) in the United States released the first three new post-quantum encryption standards in August 2024, after 8 years of development. The primary benefit to PQC is that it’s a classical technology that can be integrated easily with legacy infrastructure and existing systems, and is interoperable with the classical bulk encryption and decryption hardware that organizations use today. Its main drawback is that this math-based problem that can’t be broken today, could potentially be broken by supercomputers in the future.
Quantum Key Distribution (QKD) relies on quantum physics for security. Quantum signals are used to communicate between two nodes on a network and establish a shared symmetric key. These systems are already commercially available and it can be mathematically proven that QKD protocols are unbreakable by both classical and quantum computers. QKD’s drawbacks are that these systems are incredibly complex, only support a single use case, and are only point-to-point. One of the biggest drawbacks is that they require vulnerable trusted relay nodes for longer distances and several side channel attack vectors have been discovered for actual QKD products.
Quantum Secure Communication (QSC) implements the innovative principle of entanglement found in quantum physics for security. Quantum entanglement can be used for a variety of cryptosystems, as well as a wide variety of other applications with complex topologies and over long distances. With QSC, entanglement-based quantum networking is used to make information available to endpoints on the network, and this information is never exposed on the network itself. The technology is developing fast and these new entanglement-based networks are appearing all around the world and bringing us to the cusp of a Quantum Internet.
Apples? Oranges? Bananas? No. Try Fruit Salad
But which method is best? In some ways, this is like comparing apples to oranges or whatever fruit you want to use for this analogy. The answer is dependent on the organization’s specific security needs and the applications it wants to enable on its network. The ideal solution needs to incorporate a more “future-proof” approach to cybersecurity. This includes layered defense-in-depth, diversified with math and physics, where any adversary or attacker on the network would have to break multiple protocols and crypto systems in order to gain access to the cryptographic key or decrypt any data on the network, as well as a cryptographically-agile strategy, capable of changing which cryptographic algorithms are employed and which attacks the network is protected from. To get the most return on investment, organizations will want to ensure that whatever cybersecurity solution they choose is also capable of supporting multiple additional use cases.
New attack vectors like Harvest Now Decrypt Later (HNDL), as well as Man-in-the-Middle attacks, data-in-transit threats, and cybersecurity risks we can’t even imagine yet in the quantum era, will require organizations to move away from relying on any single technology or protocol for protection. PQC combined with an entanglement-based quantum network architecture harnesses their collective strengths and can provide comprehensive security. Integration occurs across multiple layers: the physical layer, the cryptographic layer, the network architecture layer, and the application layer, offering unique intersection points where quantum and classical technologies can complement each other to create a robust, future-proof security system.
Combining classical methods with quantum methods of security will strengthen network security posture, helping protect the most sensitive virtual private network connections (i.e., data center backups, redundancy, and disaster recovery) as well as remote access and other moderately sensitive connections.
To learn more about What Happens When Encryption Becomes Obsolete, visit the Aliro website here.
Related News:
Cybersecurity Awareness Month : Security Expert Thoughts
IoT Technology Standards Paved by CSA and New “Participant” pSemi
