Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Management //

Encryption

7/5/2018
10:05 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt
50%
50%

How Quantum Physics Will Protect Against Quantum-Busting Encryption

The CEO of the startup Quantum Xchange envisions a nationwide dark fiber quantum network that protects encrypted data in transit with an on-demand Quantum Key Distribution service.

Quantum computing holds the promise of systems that are multiple times faster than today's most powerful supercomputers and can solve problems that are currently out of reach.

At the same time, there's the worry that these powerful systems and their particular computing capabilities will be able to blow through the public key cryptography technologies that are the basis of how data is protected today.

A startup called Quantum Xchange launched recently with $10 million in Series A funding and a vision of using the laws of quantum physics to protect data in transit from the threat posed by upcoming quantum computers.

The company's plan is to launch a fiber-optic dark fabric quantum network to drive its commercial Quantum Key Distribution (QKD) service that will address weaknesses in modern encryption methods that make them vulnerable to computers that will have the computational power to quickly break them, according to Quantum Xchange President and CEO John Prisco. (See Invisible Network Attacks: Good Encryption vs. Bad Encryption.)

"What we're doing is try to find a way to improve encryption and also make the sending of data a little safer compared to what's been going on and what might happen when people steal data today and then at some point have access to a quantum computer that can decrypt … any encryptions out there," Prisco told Securty Now. "What we're doing is taking RSA encryption and we're adding to it a photonic key, and the concept here that is, if somebody tries to eavesdrop on that transaction, the photonic key changes its state, and therefore the combined photonic key with the RSA key becomes useless for decryption purposes."

The concern is that most data now is protected by Secure Socket Layer (SSL) encryption, which relies on mathematical algorithms that might work well today but will be of little protection when quantum computers become available.

The QKD uses photons of light instead of mathematical algorithms. (See Seamless Cloud Security Depends on Encryption Done Right.)

"It's not relying on solving a difficult math problem, like factoring enormous numbers into two prime numbers," the CEO said. "It's relying on a property of physics, which says if you try to pin down a photon, the photon is going to change in a way that makes, in this case, a key useless to the eavesdropper."

Understanding quantum computing
Quantum computing has been talked about for decades and a growing number of tech vendors -- such as Intel, IBM, Google and Microsoft -- are putting enormous amounts of money and time into quantum technologies. At the same time, countries like China also are pouring a lot of resources into their own efforts.

It's still unclear how long it will be before a true quantum computer comes to market, with predictions ranging from a few years, to ten or more, to never.

The foundation of quantum computing are qubits. In current systems, bits can hold values of 0 or 1. But qubits -- or quantum bits -- can be 0 and 1 at the same time, which opens up the possibility of systems that can run through millions of calculations simultaneously and at high speeds, addressing problems that can't be solved by current supercomputers.

In the cybersecurity world, that means systems that can quickly solve encryption protocols. The problem is that attackers who steal data now may not yet be able to decrypt that data, but that could change with quantum computers, so the urgency to protect data today becomes even greater, Prisco said.

"People are going to steal data," he said. "There's no question that really smart nation-state actors are going to be able to steal the data and there's no trouble with storing that data. If it takes three years, five years or ten years for a quantum computer to be realized, at some point that data, if it's still relevant, is going to be decrypted."

Security concerns
Sending data over a network that leverages Quantum Xchange's technology today will not only help it from being stolen but also will make decrypting it in the future impossible, he said. The plan is to use dark fiber networks that already are in place to make the company's on-demand QKD service available to data being transmitted.

"We're not doing anything to the data transmission channel," Prisco said. "We're just transmitting keys. The data is going to be transmitted the same way it's always transmitted. It's going to be encrypted with the same encrypter, however with a slight firmware modification that will essentially take the key that's generated internally by the encrypter and combine it with the quantum key that we’re generating."

Quantum Xchange is partnering with ID Quantique, a Swiss company that has been using QKD solutions for more than ten years to secure elections in that country. Quantum Xchange is licensing quantum keys generated by QKD devices from ID Quantique. In addition, Quantum Xchange bought technology from Battelle that can extend the range of QKD technology, which will enable the company to create a nationwide network, Prisco said. The Battelle IP is the basis for Quantum Xchange's Trust Node technology.

Right now, the quantum keys can travel up to 80 to 100 kilometers.

With the Battelle technology, Quantum Xchange will be able to keep adding distance in up to 100 km increments in a modular approach that can handle the key without causing it to be changed. The goal is to use the $10 million in funding from New Technology Ventures to deploy dark fiber quantum networks on the Northeast Corridor from Boston to Washington DC, with the first network joining Manhattan with back-office operations in New Jersey.

The network should be nationwide between two and three years, Prisco said.


Boost your understanding of new cybersecurity approaches at Light Reading's Automating Seamless Security event on October 17 in Chicago! Service providers and enterprise receive FREE passes. All others can save 20% off passes using the code LR20 today!

The use cases are many, he said, from patent offices, banking systems and power utilities to data centers, campus networks and cloud environments, all of which transmit sensitive data that could hurt operations or threaten consumers if the data fell into the wrong hands.

"It's not really a question of if these quantum computers are going to be available, it's really when," the CEO said, adding that some companies are taking the threat seriously. "The argument isn't really, 'I can wait until quantum computers are available.' The argument is, 'Boy I better protect what I have now or people will just scrape and store it until they can decrypt it.' If you have the ability to safeguard now, I can't see a reason not to. It's the sort of thing bankrupts a lot of companies and certainly affects their stock price, so they're taking it very seriously. And as consumers, we want them to take it very seriously."

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7029
PUBLISHED: 2020-08-11
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged ...
CVE-2020-17489
PUBLISHED: 2020-08-11
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible f...
CVE-2020-17495
PUBLISHED: 2020-08-11
django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
CVE-2020-0260
PUBLISHED: 2020-08-11
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183
CVE-2020-16170
PUBLISHED: 2020-08-11
The Temi application 1.3.3 through 1.3.7931 for Android has hard-coded credentials.