Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Typical digital technology users are often unaware of the cryptographic capabilities they utilize daily. The
implications of quantum computers for various digital technologies and environments are discussed, and
potential threat actor behaviors are explored.
14 July/August 2017 Copublished by the IEEE Computer and Reliability Societies 1540-7993/17/$33.00 2017 IEEE
communications but also provides these to organiza- Different variants of public-key technology are embed-
tions and individuals who want to hide illegal or rep- ded in most of the digital devices, applications, services,
rehensible activities. This has led to debates between and protocols that we use daily.
technology and privacy experts who advocate for it, Confidence in the security of public-key crypto
and law enforcement officials concerned about the graphy is very high, and cyberthreat actors seldom
impact it will have on their functions. attempt direct attacks on these virtually impenetrable
Beyond this debate, the average person is most con- systems. Instead, they exploit poor implementations
cerned with obtaining cryptographys benefits without (bugs and configuration errors), bad practices (poor
significantly impacting the ease of use or performance or reused passwords), or human nature (phishing), all
of the technology. Additional passwords, key manage- of which are far more lucrative ways to breach a com-
ment processes, or steps added to routine processes all puter or telecommunications system. The mathematical
detract from the end-user experience. The procedures foundations of public-key cryptography dont promise
that are so necessary to proper security are often the perfect security, but its unlikely that attackers using cur-
very reason many avoid traditional cryptography. rent computing technologies will be able to penetrate a
Fortunately, in the past few decades, cryptography properly implemented public-key system.
has evolved to supply tools that avoid its traditional Public-key cryptography has been so successful and
pitfalls. The oldest form of cryptographyprivate-key, ubiquitous because it functions in the background, with
or symmetric-key, encryptioninvolves some form of the average person seldom aware of its operation. An
shared secret. Relatively easy to implement and oper- icon or a color change on an applications taskbar might
ate, private-key encryption suffers from two difficulties. be the only visible indication that a secure process has
First, the communicating been initiated. In matters
parties must share of security, many
secret information, The average person is most concerned with people rely on assur-
which then becomes obtaining cryptographys benefits without ances from their ser-
the basis for the secu- vice providers. Few
significantly impacting the ease of use or
rity of the encryp- have the knowledge
tion process. To do performance of the technology. or tools to verify that
so, they must meet their information is
in person or have actually protected
some other secure channel they can use to share the by encryption or understand the circumstances that
secret. The second difficulty is that the secret should be enable or prevent cryptography use. Nonetheless, orga-
changed frequently or attackers might discover it. How nizations and individuals routinely perform sensitive or
long it takes for attackers to discover it depends on the valuable digital transactions that rely on this security.
nature of the secret, but reusing the same secret cre- But what if we couldnt rely on the security fur-
ates patterns that cryptanalysts can eventually exploit. nished by public-key cryptography? How realistic is this
These two problems result in much of the management scenario?
overhead associated with traditional cryptography.
Private-key cryptography is popular among those orga- Quantum Computers and Cryptography
nizations that truly value their security and are willing The security of public-key systems depends on the
to undertake the key distribution and management pro- computational difficulty of one of several mathematical
cesses that it entails. problems. These are called one-way functions because
Public-key cryptography, also called asymmetric they are relatively easy to compute but extremely hard
cryptography, doesnt require a shared secret. Security to reverse. RSA, one of the earliest public-key algo-
relies on a mathematical relationship between multiple rithms, uses one such problem: the difficulty of fac-
keys, some of which are public and some of which are toring large numbers.1 Security here relies on the ease
private. Public-key methods are generally less efficient of multiplying two large prime numbers to compute a
to operate than private key, so theyre typically used to result; its exceedingly difficult to take the result and
establish a secure channel and exchange a secret key determine which two primes were used to produce
that symmetric algorithms then use to protect sensi- it. Different mathematics based on the discrete loga-
tive information. However, the unique capabilities of rithm problem lie at the core of Diffie-Hellman algo-
public-key cryptography include the creation and shar- rithms2 and the digital signature algorithm (DSA).3
ing of secret keys and the provision of secure authenti- When applied to certain elliptic curves, the discrete
cation and nonrepudiation services. Hence, its a critical logarithm problem is also the basis of elliptic curve
tool that underpins the security of our digital economy. cryptographic algorithms.4
www.computer.org/security 15
POSTQUANTUM CRYPTOGRAPHY, PART 1
www.computer.org/security 17
POSTQUANTUM CRYPTOGRAPHY, PART 1
courier) and ultimately reside in secure storage devices. At the organizational level, the implications are even
Even so, these keys could be protected by public-key greater. Few organizations operate in isolation; they rely
cryptography for at least some portion of their transfer on digital networks to connect their distributed sites,
between organizations. their partners, and their clients. Theyre dependent on
Blockchains are being used and considered for a the security of supply chains, distribution networks,
wide range of applications such as Bitcoin and other financial management systems, and communications
digital currency.16,17 Although blockchain technol- and control systems, which all rely to some degree on
ogy mostly relies on symmetric-key cryptography, public-key cryptography. Technology organizations
public-key crypto graphy remains important. For could appear to be distributing malware once threat
example, public-key technologies are used to manage actors are able to forge their digital signatures. To avoid
the addresses of bitcoin wallets, and the public key is major losses, financial organizations would need to
exposed when one spends bitcoins. The quantum vul- review their symmetric-key cryptographic algorithms
nerabilities can be avoided with careful management. and devices and ensure that their key distribution pro-
cesses avoid processes or distribution networks pro-
Critical Infrastructures tected using public-key cryptography.
Major critical infrastructure systems such as oil, gas, These threats could be extended to the level of
water, and electrical distribution are composed of het- nation-states, if one considers the potential for threat
erogeneous, geographically distributed equipment that actors to disrupt the operation of major financial or
must operate virtually instantly in response to real-time infrastructure networks.
events. Traditionally, these were predominantly net- How great is this risk? How will threat actors take
works of largely analog devices controlled from advantage of quantum technology once its available?
manned operational control centers, but this is chang-
ing as equipment is updated and replaced with digital Threat Actors and Their Behavior
versions. Even so, the widespread and remote distribu- Its always difficult to predict adversaries actions,
tion of equipment, the performance and response time because theyre constantly morphing their behavior to
requirements, and the need for near-100-percent avail- stay ahead of security practitioners and their tools. It
ability make these systems quite different from typical will be particularly difficult to predict their actions in
IT environments. However, security in these networks the quantum era, because there arent historical records
relies on public-key technology. VPNs could be used to showing how threat actors will access and apply quan-
secure remote access connections, secure versions of tum technology. Nonetheless, certain features of quan-
standard protocols like File Transfer Protocol Secure tum computers will likely influence how different threat
(FTPS) for file transfers and Simple Mail Transfer Pro- actors will employ them.
tocol Secure (SMTPS) could be applied, and TLS/SSL In the early stages of the quantum era (once quan-
could be employed to protect network traffic. tum computers can run Shors algorithm), access to such
technology will be extremely limited. Nation-states will
Implications for the Digital Ecosystem likely be the earliest to obtain access, and this might
Vulnerabilities in any one of the systems and processes happen even before the technology breakthrough
discussed above will certainly have a damaging effect on becomes common knowledge. However, it wont be
modern life. But if these vulnerabilities occur simulta- long before quantum computing time becomes avail-
neously, they could lead to the destruction of the secu- able to researchers in large labs, and to the general com-
rity fabric that connects much of modern society. munity in some shared manner. Its likely that organized
Without public-key cryptography, we could no lon- crime will obtain access by buying time on these com-
ger trust in the privacy or proper functioning of our puters or using coercion.
devices and systems. Software updates could be replaced The threat actor must still obtain access to the
with versions that include malware, possibly turning our networks and data containing the information to be
mobile and home automation devices into tools under decrypted. In many cases, sensitive or valuable informa-
the control of threat actors. The credentials used to access tion will reside unencrypted in an organizations data
our bank and payment card accounts could be captured. servers, protected by access controls and insecure tun-
Electronic identities could be spoofed, and we couldnt nels while moving on internal networks. The challenge
be sure that our messages werent intercepted, changed, will be obtaining the information and then filtering it
or redirected on their way to the intended recipient. The down to acceptable volumes for processing on limited
history of where we go and what we do while carrying quantum resources.
or using mobile technology could be available to suffi- We can make some predictions. First, trusted insid-
ciently motivated threat actors. ers will become a much more powerful threat, especially
www.computer.org/security 19
POSTQUANTUM CRYPTOGRAPHY, PART 1
No amount of finger-pointing will remedy the fact that July 2013; nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS
quantum computing will collapse the cryptographic .186-4.pdf.
security structures that weve erected to protect our 4. Public Key Cryptography for the Financial Services Industry:
information and systems. The Elliptic Curve Digital Signature Algorithm (ECDSA),
Dealing with this problem will require strategic Am. Natl Standard for Financial Services, ANSI
thinking and long-term planning. Researchers have X9.62-2005, 2005.
already begun looking at quantum-safe cryptographic 5. P. Shor, Polynomial-Time Algorithms for Prime Fac-
algorithms to replace or, more likely, to complement torization and Discrete Logarithms on a Quantum
existing public-key algorithms that are deemed safe Computer, SIAM J. Computing, vol. 26, no. 5, 1997, pp.
against classical computer attacks.17 But this thinking 14841509.
needs to move outside the research labs. We need to 6. L.K. Grover, A Fast Quantum Mechanical Algorithm for
implement these algorithmic tools into real products Database Search, Proc. 28th ACM Symp. Theory of Com-
that can be deployed and tested in real-world environ- puting (STOC 96), 1996, pp. 212219.
ments. Only with years of real-world testing will we be 7. Announcing the Advanced Encryption Standard (AES),
able to demonstrate the security and performance char- NIST-FIPS 1-51, Fed. Information Processing Standards
acteristics of proposed quantum-safe approaches. Publication 197, NIST, 26 Nov. 2001; nvlpubs.nist.gov
Quantum technologies also furnish a solution to /nistpubs/FIPS/NIST.FIPS.197.pdf.
the problem, in the form of quantum-key distribution 8. W.C. Barker and E.B. Barker, Recommendation for
(QKD).18 This technology is already deployed in a few the Triple Data Encryption Algorithm (TDEA) Block
locations in the world, but it has limitations that make it Cipher, NIST Special Publication 800-67, revision 1,
difficult to use as a plug-and-play replacement for cur- 23 Jan. 2012; nvlpubs.nist.gov/nistpubs/Legacy/SP
rent computer security methods. Research is ongoing to /nistspecialpublication800-67r1.pdf.
overcome QKDs performance, distance, and usability 9. M. Mosca, Cybersecurity in an Era with Quantum Com-
restrictions, but there are situations in which QKD can puters: Will We Be Ready?, Intl Assoc. for Cryptologic
be deployed to overcome some of the problems out- Research, 2015; http://eprint.iacr.org/2015/1075.
lined here. 10. D. Evans, Top 25 Technology Predictions, CISCO
What we cant do is ignore the public-key problem. Internet Business Solutions Group, 2009; www.cisco
Ten to 15 years might seem the distant future, but it will .com/c/dam/en_us/about/ac79/.../Top_25_Predictions
take considerable time for the necessary changes to be _121409rev.pdf.
deployed throughout our digital ecosystems. To name 11. B. Bauer et al., Hybrid Quantum-Classical Approach to
just one, consider the complex network of devices and Correlated Materials, Physical Rev. X, Sept. 2016; journals
systems in the payment card network that enables vir- .aps.org/prx/abstract/10.1103/PhysRevX.6.031045.
tually all noncash transactions today. Its possible that 12. D. Cooper et al., Internet X.509 Public Key Infrastruc-
most of these devices will need to be changed to imple- ture Certificate and Certificate Revocation List (CRL)
ment quantum-safe cryptographic capabilities. We Profile, RFC 5280 (proposed standard, updated by RFC
might already be too late to start the changes required 6818), May 2008; www.ietf.org/rfc/rfc5280.txt.
to ensure cyber safety in the quantum era. 13. T. Dierks and E. Rescorla, The Transport Layer Secu-
rity (TLS) Protocol Version 1.2, RFC 5246 (proposed
standard, updated by RFCs 5746, 5878, 6176, 7465,
Now theres
Read all your IEEE magazines
and journals your WAY on
even more to
love about your
membership...