Quantum cybersecurity covers the application of quantum technology to enhance cybersecurity. It includes quantum random number generation, which strengthens security through the delivery of stronger keys and other cryptographic objects, and quantum key distribution, which allows for the secure sharing of keys safe from the most sophisticated attacks, including from quantum computers. Increasingly, quantum cyber-security providers are combining these cutting edge quantum technologies with advanced classical security approaches, such as key and policy management, to deliver complete security solutions.
There is an increasing awareness of the threat that quantum computers pose to conventional cyber-security. Simply put, cyber security currently relies on the difficulty in factoring a large multiplication into its prime constituents, a problem that is beyond the reach of classic computers in a reasonable time frame. This approach will no longer work once quantum computers mature, since they will be able to crack this mathematical challenge very quickly, making one of the main foundations of our security vulnerable.
On the other hand, there seems to be less familiarity with the ways in which quantum technology, combined with state of the art classic approaches, can actually strengthen security, and address some of the major challenges that the security community has been grappling with.
The Random Problem
Even before quantum computers become available, poor random numbers are a well-known security vulnerability. Poor quality or insufficient quantity of random numbers effectively reduce security well below its designed level, making the overall system vulnerable and have been the cause of multiple breaches. As quantum computers develop, this risk becomes even more significant. When considering the development of quantum computers, recommendations from the NSA to enhance protection include moving as quickly as possible to using stronger and longer keys.
It has been much harder, than one would think, to develop random sources that are unpredictable, irreproducible, and cannot be manipulated by third parties, but recent developments in quantum technologies are helping. Quantum physics is fundamentally random, a fact that was very disturbing to physicists like Einstein who helped invent it. This intrinsic randomness has been confirmed over and over again by theoretical and experimental research, making quantum a natural choice in random number generator design. Over the past few years, a number of manufacturers have done just that, leveraging truly random quantum effects to deliver the highest quality random, at both high rates and competitive costs, effectively putting this issue to rest. These quantum technology solutions are starting to be integrated into security for the cloud, finance, and defense, a trend that is expected to increase over the coming years.
Sharing is Never Easy
Another area where quantum causes both risk and opportunity is key sharing. Securely sharing keys using current Public Key Infrastructure (PKI) will be severely challenged, if not impossible, when quantum computers become mainstream. On the other hand, quantum computers will not be able to compromise keys that are shared using quantum key distribution (QKD), since this is proven secure by the laws of quantum physics, independent of the processing power of the attacker. QKD offers a path to securely share strong symmetric encryption keys, or even one time pads, without relying on more vulnerable Public Key techniques. This is a developing technology with challenges to overcome, however commercial implementations are beginning to roll out, and research is under way to enable this technology to move beyond point to point fiber connections to free space and ultimately mobile devices. Certainly worth watching.
Making it Work
We are seeing signs that the idea of using quantum technologies to address some of these security challenges is coming into the main stream. The recent RSA conference in San Francisco showcased a number of providers offering commercial quantum cyber-security solutions and also included a very well attended panel session on Quantum Cyber Security. Ultimately, quantum techniques alone are not a silver bullet for security and need to be integrated with other tools in the CISO’s toolkit, such as key and policy management, the use of Hardware Security Modules, and so on. The companies behind these technologies are rising to that challenge, offering a broader range of integrated, interoperable solutions, such as advanced key and policy management, making the integration of these technologies relatively straightforward.
While quantum technology sounds expensive and complicated to implement, that is no longer the case. Industry sectors such as aerospace, government and defense, cloud storage, and financial institutions are already using quantum cybersecurity solutions to protect their sensitive data. As more become aware of the benefits of quantum-based cybersecurity, it’s only a matter of time before we see greater adoption into other sectors.
