Confidentiality is the basic pillar of information security. In sensitive deployments such as those concerning federal governments, military and defense agencies and large financial institutions, the demand for confidentiality exceeds a typical 5 to 10 years, often reaches 20 years or more.
The same also applied to telecommunications operators and businesses providing services of any of these critical agencies. For existing classic computers, this requirement for the secrets for encryption could be easily, as breaking asymmetric cryptography (deriving a private key for a given public key) would be far beyond the time -free time on holiday confidentiality.
However, this will change with the advent of quantum computers and especially once we have cryptographically available quantum computers (CQC). The time required to derive a private key for a given public key can go from seed years to several days or hours. This would mean that the time frame of confidentiality requirement 10 – 20 years for sensitive network deployment can no longer be met with existing cryptographic algorithms.
Although we do not have practical CRQC yet, due to the nature of the harvest now, it is now decrypting later (HNDL), where attackers can only click on sensitive flows today and later they could decipher the Therme later, federal / government agencies, financial institutions, etc. They must start acting now for this approaching quantum threat to encryption. The same was emphasized in the last executive order of the US government.
In addition to the threat to key bargaining protocols for transporting transport, such as Macsec / IPSEC, there are other aspects of network security that would impact on the advent of quantum computers as shown below:
- Picture signing: Digital signatures have been affected, which would mean that new quantum safe signatures must be accepted to sign the nose (network operating system) and other binary files.
- Secure Boot process: The whole security process must continue to be credible, which would mean accepting quantum safe signatures for each of the artifacts of time.
- Runtime integrity: Once the device is cooked, the measurement of the running time ensures that the credible state of the nose as Linux IMA must accept quantum safe algorithms.
- Operating Security: All operating security functions relying on SSH, TLS, etc. must accept newly approved PQC algorithms.
- Ensuring hardware credibility: Identities included cryptographic hardware identities such as Cisco Sudi must accept quantum safe algorithms.
- Hashing: Any safety feature that uses hash must begin to support at least SHA-384 or SHA-512 was secure quantum.
As can be seen above, before operators allow transport protocols such as Macsec or IPSEC, the fact that they have a router or switch in their network would mean they must start to evaluate the transition to a quantum safe solution. With such a wider range of threat, the transition day must now start the number of steps involved (listed below) when upgrading the device to a quantum safe solution.
Unlike selective upgrades of network devices based on what functions are needed in the field, quantum safety threat would require all devices to be upgraded. The impact is much greater in terms of network devices that manage critical tools that are often deployed in remote places where there could be operating challenges for upgrading.
In addition, they support CISCO routers such as Chipo Guard to help detect CPU or NPU manipulation during transit. This is possible using the Cisco Trust Anchor Module (there), which is present on every device. Cisco’s secure start -up process will verify that the router still has the same CPU or NPU when it has been settled from Cisco.
This kind of unique scale of hardware integrity must also be safe to maintain the same level of confidence in the era of quantum computational era. Any new hardware, which is currently in design and has expired in CY’2027 or further, will have to be in the field for at least another 10 – 15 years. It is therefore also necessary to integrate quantum secure measures into hardware is more chance that these devices are susceptible to quantum computational threat, which dares their deployment time. This is where network equipment dealers, silicon sellers, network operators, standards of standards, and end users must now connect to start planning to switch to quantum safe security solutions.
Finally, in my previous blog post on the quantum threat for network security, the protection of the protocol transport was highlighted by Alon using available solutions from Cisco. So far, a solution has been adding a threat to key negotiations, focused on various forms of quantum distribution of keys. However, with the recent publication of PQC algorithms (Post Quantum Cryptography) from NIST, it is time to natively implement these key negotiation algorithms.
Cisco is actively working on the solution of quantum safety security solutions and is also involved in various standards to solve quantum safe cryptographic solutions. For more details, see Post-Quantum CryptoGrapy Trust Center.
In the upcoming Quantum Networks Summit on this topic, the Quantum Networks Summit will be speakers. Take a look at the program and join us for the Educational Relations, along with the Cisco session on Quantum Reading for encryption.
We would like to hear what you think. Ask how below and stay in conjunction with Cisco Secure on Social!
Cisco Security Social Channels
Instagram
Facebook
Twitter
LinkedIn
Share: