securing your data in transit for the long term · © 2014 id quantique sa, switzerland | page 2 id...
TRANSCRIPT
Securing Your Data In Transit For The Long Term
Or what happens when RSA encryption is finally broken by mathematicians or quantum computers?
October 2014
© 2014 ID Quantique SA, Switzerland | page 2 ID Quantique PROPRIETARY
Services
ID Quantique
Photon Counters
Quantum Random Number
Generators
Quantum Security Network
Encryption Technology
Swiss company, founded 2001, based in Geneva Spin-off of University of Geneva, Group of Applied Physics Offers encryption technology which is safe into the ‘quantum era’ Protection of long-term data in high-speed transit
© 2014 ID Quantique SA, Switzerland | page 3 ID Quantique PROPRIETARY
Thank you!
© 2014 ID Quantique SA, Switzerland | page 4 ID Quantique PROPRIETARY
HACKING IS EASY (AND EVERYONE IS DOING IT)
© 2014 ID Quantique SA, Switzerland | page 5 ID Quantique PROPRIETARY
© 2014 ID Quantique SA, Switzerland | page 6 ID Quantique PROPRIETARY
Optical fiber bending & coupling Buy an optical tap legally online
• http://www.fods.com/optic_clip_on_coupler.html
Optical Tapping for under €500
Emitter
Receiver
Eavesdropper
© 2014 ID Quantique SA, Switzerland | page 7 ID Quantique PROPRIETARY
Social Engineering
7
A telecom company outsources the laying of new optical fibers for a bank to a maintenance team who do not understand the security issues. The naked optical fiber is accessible….
….and the detailed layout of the fiber network & the name of the bank is clearly visible for future hacking attempts
© 2014 ID Quantique SA, Switzerland | page 8 ID Quantique PROPRIETARY
THE THREAT: PUBLIC-KEY CRYPTOGRAPHY
© 2014 ID Quantique SA, Switzerland | page 9 ID Quantique PROPRIETARY
Public Key Cryptography: Threats
9
Alice Bob
What are the 2 prime factors of :
5313043722633707
Hint : http://primes.utm.edu/lists/small/
© 2014 ID Quantique SA, Switzerland | page 10 ID Quantique PROPRIETARY
Public Key Cryptography: Threats
10
Alice Bob
5313043722633707 =
86030827 * 61757441
© 2014 ID Quantique SA, Switzerland | page 11 ID Quantique PROPRIETARY
Use mathematical « one-way » functions
Public Key Cryptography: Threats
11
Alice Bob
2’357 x 4’201 = ? A x B = 9’901’757 Theoretical Progress
Increase in Computing Power
Vulnerable to…
Quantum Computers
© 2014 ID Quantique SA, Switzerland | page 12 ID Quantique PROPRIETARY
Classical physics … - 1900 Describes the macroscopic world
Deterministic
Intuitive
Quantum physics 1900 - … Description of the microscopic
world
Probabilistic Central role of the observer Not very intuitive
Classical and Quantum Physics
Quantum physics Novel information processing possibilities Quantum Information Theory (QIT)
© 2014 ID Quantique SA, Switzerland | page 13 ID Quantique PROPRIETARY
Quantum Computing Basics Uses quantum properties, not binary code (qubits vs. bits) Acts as a massively parallel computer Will render today’s public key encryption unsafe
The Threat: Quantum Computing
© 2014 ID Quantique SA, Switzerland | page 14 ID Quantique PROPRIETARY
Shor’s Algorithm • Peter Shor, 1994 • Quantum algorithm for integer
factorization O((log N)3) vs O(e1.9 (log N)1/3 (log log N)2/3)
Can break RSA, Elliptic Curve & Diffie Hellman
Grover’s Algorithm • Lov Grover, 1996 • Quantum algorithm to perform
search in an unsorted database • O(n½) vs O(n)
• Key halfed for symmetric
cryptography AES-128 64 bits security AES-256 128 bits security
Quantum Computing and Cryptography
© 2014 ID Quantique SA, Switzerland | page 15 ID Quantique PROPRIETARY
America is building a quantum computer for cryptanalysis • http://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-
quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_story.html
• According to Snowden this is a major NSA initiative called “Penetrating Hard Targets”
China Prepares for Quantum Age • Source: http://www.hpcwire.com/2014/01/24/china-prepares-quantum-age/ • “The importance of building a quantum computer is such that the Chinese
government funded 90 quantum related projects last year through the National Natural Science Foundation of China.”
Lazaridis (RIM cofounder) has invested $250 million+ into quantum
computing at Waterloo – Quantum Valley Dwave raised funds from Jeff Bezos (Amazon), InQTel (NSA investment arm)
and sells to Lockheed Martin, NASA
Quantum Computing in Research
© 2014 ID Quantique SA, Switzerland | page 16 ID Quantique PROPRIETARY
« Wait and see » approach is too risky
Next generation of cryptographic infrastructure: • Must have quantum-safe alternatives • Should have algorithmic agility built in
When do we need to start worrying?
16
Time
Information Exchange
Information lifetime (based on legal, business or strategic constraints)
Vulnerability
Time for migration (from a few months to several years)
© 2014 ID Quantique SA, Switzerland | page 17 ID Quantique PROPRIETARY
Quantum computers have more than 1000 qubits – OR – • Quantum computers have demonstrated that Shor’s algorithm to factor numbers works • D-Wave sold a 128-bit computer in 2011; announced a 512-bit computer • Lazaridis (RIM cofounder) has invested $250MM+ into quantum computing at Waterloo –
Quantum Valley RSA-1024 has been broken – OR –
• RSA-768 was cracked in December, 2009 using 5TB of data and 1500 CPU-years of a 2.2GHz Opteron
• NIST recommendation – stop using RSA-1024 before 12/31/2013 • U of Mich reported breaking RSA-1024 using a side channel attack
Large organized networks of computers can be formed to solve complex, time-consuming problems – OR – • Network bots, SETI-at-home • Bitcoin • Millions-to-billions of smart phones around the world with quad-core ARM processors all linked
over a common network (telecom systems) You transmit data over the network that needs to be protected for more than five years
Leading Signs That It’s Time To Adopt QKD
© 2014 ID Quantique SA, Switzerland | page 18 ID Quantique PROPRIETARY
« Post-quantum » cryptography • Classical codes deployable
without quantum technologies • Believed/hoped to be secure
against quantum computer attacks of the future
Quantum Key Distribution • Quantum codes requiring
some quantum technologies currently available
• Typically no computational assumptions and thus known to be secure against quantum attacks
The Solution: Quantum-Safe Cryptographic Infrastructure
+ Both sets of cryptographic tools can work together to form a quantum-safe cryptographic infrastructure
© 2014 ID Quantique SA, Switzerland | page 19 ID Quantique PROPRIETARY
ONE SOLUTION: QUANTUM MECHANICS FOR SECURE
ENCRYPTION KEYS
© 2014 ID Quantique SA, Switzerland | page 20 ID Quantique PROPRIETARY
Change in Paradigm
20
Network Encryption
High speed cryptosystem implementation (typically AES)
Key Management Crypto K
ey Lifecycle
© 2014 ID Quantique SA, Switzerland | page 21 ID Quantique PROPRIETARY
THE SOLUTION (1): QUANTUM RANDOM NUMBER
GENERATION (QRNG)
© 2014 ID Quantique SA, Switzerland | page 22 ID Quantique PROPRIETARY
Physical Random Number Generator exploiting a phenomenon described by quantum physics
Truly random
Quantum Randomness
Advantages • Speed • Simple process that can be modeled influence of environment can be ruled out • Live monitoring of elementary components possible
Source of photons
Photons
Detectors
Semi-transparent Mirror
© 2014 ID Quantique SA, Switzerland | page 23 ID Quantique PROPRIETARY
Quantum Random Number Generator
23
© 2014 ID Quantique SA, Switzerland | page 24 ID Quantique PROPRIETARY
THE SOLUTION (2): QUANTUM KEY DISTRIBUTION (QKD)
© 2014 ID Quantique SA, Switzerland | page 25 ID Quantique PROPRIETARY
Quantum Cryptography
Fragile ! "0"
"1" "1" "0"
⊕
Message
Secret Key
Scrambled Message
⊕
Message
Secret Key
Alice
Bob
Symmetric Cryptography
Identical keys Key Exchange ?!?
© 2014 ID Quantique SA, Switzerland | page 26 ID Quantique PROPRIETARY
Transparent Layer 2 Encryption • AES-256 in CFC and CTR modes • Up to 100Gbps • Multiprotocol (Ethernet, Fibre Channel)
Provably secure key distribution: QKD • Distilled key distribution rate: 1000 bps
over 25km/6dB • Range: 100km
Quantum-Enabled Network Encryption
xWDM
Quantum Channel – Dark Fiber
Local Area Network
Local Area Network
+
© 2014 ID Quantique SA, Switzerland | page 27 ID Quantique PROPRIETARY
Today’s Depoyments of QKD
(WAN)
MAN/SAN
Hybrid solutions: • Conventional encryption on wide area network
• QKD on DRC and backbone links
Classical Encryption Device
Quantum Encryption Solution
© 2014 ID Quantique SA, Switzerland | page 28 ID Quantique PROPRIETARY
Sporting & Public Events
Critical police & Joint Operations link secured during 2010 FIFA World Cup in South Africa
Secured communication for data, telephone, internet, video, and e-mail
© 2014 ID Quantique SA, Switzerland | page 29 ID Quantique PROPRIETARY
European Banks: Data Center Interconnect
European banks secure critical links between bank headquarters and data recovery centers
© 2014 ID Quantique SA, Switzerland | page 30 ID Quantique PROPRIETARY
Data Centers for Financial Companies
QKD-secured data center link large financial institution in Netherlands
Installed in 2010 • High-speed encryption • 4 x Ethernet 1G links • 2 x FC-4 links
© 2014 ID Quantique SA, Switzerland | page 31 ID Quantique PROPRIETARY
Geneva (Switzerland) uses QKD to guarantee confidentiality & integrity of data during federal & cantonal elections
Working since October 2007
Government & Public Administration
Central Vote Counting Station
Geneva Government Data Center Ballots
Downtown Geneva
Cerberis Solution
Mail Votes
4 km
© 2014 ID Quantique SA, Switzerland | page 32 ID Quantique PROPRIETARY
Quantum Keys-as-a-Service by Telecom Operators
World-first QKD-as-a-Service offered by Colt
Data link between Swiss financial district and critical DRC 70 kms away • Eg. 10Gigabit FCoIP link
Colt provides quantum-secured link as a monthly service for banks & enterprises • Easy to set up & maintain
under existing SLAs • First step towards a
QuantumCloud
Data Recovery Center
Bank
Server Room Bank
Client B
Client C
Client D
Server Room
Client B
Server Room
Client C
Server Room
Client D
Ethernet or FC connection for data
QKD fiber
© 2014 ID Quantique SA, Switzerland | page 33 ID Quantique PROPRIETARY
Enterprise: Corporate Data & IP
Battelle USA • World’s largest nonprofit R&D
organization • Over 22,000 employees at more than 130
locations globally Requirement to protect mission critical
corporate, financial information & intellectual property (designs, drawings, etc)
IDQ’s quantum cryptography used to secure critical links between headquarters in Columbus Ohio and satellite office in Dublin Ohio
By 2015 will connect Battelle building in Washington DC with QKD-secured link • Working with IDQ to develop trusted nodes
for increased distance of QKD
© 2014 ID Quantique SA, Switzerland | page 34 ID Quantique PROPRIETARY
QKD IN THE FUTURE
© 2014 ID Quantique SA, Switzerland | page 35 ID Quantique PROPRIETARY
Battelle in 2015
Battelle Main Campus
Battelle Aberdeen Office
Battelle QKD Backbone • Columbus Ohio to Washington DC area
• > 770 km • Deployment in 2015
© 2014 ID Quantique SA, Switzerland | page 36 ID Quantique PROPRIETARY
2015: IDQ-Battelle quantum backbone for long-term inter-datacenter security
36
Columbus, OH QKD pilot network (showing four Battelle-IDQ prototype Trusted Nodes operating today) illustrates multi-access metro topology
© 2014 ID Quantique SA, Switzerland | page 37 ID Quantique PROPRIETARY
QKD Networks
37
© 2014 ID Quantique SA, Switzerland | page 38 ID Quantique PROPRIETARY 38
Thank you for your attention
7th Winter School on Practical Quantum Communications
Dates: January or February 2015 Location: Les Diablerets, Switzerland More: www.idquantique.com or [email protected]
38
Pictures from previous editions
2014 key note speakers included: • Gilles Brassard • Nicolas Gisin • Vadim Makarov • Sandu Popescu • Renato Renner 2015 will include • Whitfield Diffie • Nicolas Gisin • Catherine Mc Geoch • Colin Williams • … and more!
© 2014 ID Quantique SA, Switzerland | page 39 ID Quantique PROPRIETARY
Gilles Gravier Director Product Management Email: [email protected]
Our team today :
Pierre-Alain Hinnen Key Account Manager
Email: [email protected]
ID Quantique SA http://www.idquantique.com/