Quantum resilience on software-based networks
Sincere thanks to my co-author Duncan Jones, Head of Quantum Cybersecurity at Cambridge Quantum, for his contributions to this article.
Quantum computer attacks on encrypted data is a serious future threat that concerns all information processing systems, including the supporting networks that are critical to system connectivity and interoperability. Networks use cryptography and encryption for protecting their data, which must remain resilient against targeted quantum attacks. SD-WAN software defined network capability has a pivotal role in supporting information systems that operate in cloud, with a large attack surface including quantum. SD-WANs must be protected and assured in the post-quantum world, but are there any risks to their integration with the Quantum Security Technologies?
National Institute of Standards and Technology (NIST) and National Cyber Security Centre (NCSC) are the US and UK Government leading organisations that are providing advice and guidance on the quantum threats and approaches for responding to these threats through papers and publications on their websites. On 11 November 2020, NCSC updated its 2016 whitepaper titled “Preparing for Quantum-Safe Cryptography” with the latest guidance on mitigations to the threat of quantum computing advances to cryptography. NCSC’s 24 March 2020 whitepaper titled “Quantum Security Technologies” has stated the potential vulnerabilities of the traditional public key cryptography algorithms to a future large-scale quantum computer, and the need for new approaches that eliminate these vulnerabilities. In the US, NIST has been running a competition to identify the best quantum-proof encryption algorithm from a number of different approaches. The competition has identified the following three ‘families’ of quantum-proof approaches and final submissions are undergoing further evaluation:
- Lattice – using geometric structures represented as mathematical arrays
- Code-based – using error-correcting codes
- Multivariate – a system of quadratic polynomial equations
The NCSC “Quantum Security Technologies” paper also contains a positioning statement on the use of Quantum Random Number Generators (QRNGs), which generate random numbers that at ideal state are unpredictable, and construct entropy using quantum mechanical effects. The NCSC paper explains why commercial QRNGs have failed to provide value in terms of unpredictability, mainly due to the impact of the electronic noise pollution on the quantum state and randomness. The paper has encouraged further research in the following areas that includes the challenge of QRNG integration with larger systems:
- Modelling and evidencing the real-world properties of physical QRNGs.
- Engineering and integration of QRNGs into larger systems.
- Understanding changes in behaviour of QRNGs under various physical stresses and through aging.
- Vulnerability research to explore new technical risks.
Fujitsu and Cambridge Quantum Collaborate on QRNG Integration Research
Fujitsu is a global leading supplier of IT infrastructure, hosted applications and networking services. SD-WAN technology is strategic for hosted IT services on cloud, by enabling application defined networking solutions to optimise performance and other benefits such as edge routing and built-in security. The security enhancements for resilience against quantum attacks on SD-WAN solutions is therefore a major concern for Fujitsu, and has been instrumental to collaborations with Cambridge Quantum on a joint response to the NCSC’s QRNG integration research challenge on the Fujitsu SD-WAN system configuration.
Cambridge Quantum is a global leader in quantum software and quantum algorithms, enabling clients to achieve the most out of rapidly evolving quantum computing hardware. Cambridge Quantum’s Quantum Origin key generation platform is based on the world’s only source of verifiable quantum entropy. Unlike the QRNG solutions criticised in the NCSC paper, Quantum Origin creates cryptographic keys using quantum entropy unpolluted by electronic noise .
Fujitsu and Cambridge Quantum Demonstrate QRNG Integration on the Fujitsu SD-WAN Solution
Fujitsu and Cambridge Quantum have recently completed their collaborations on a Proof of Concept (PoC) investigation for the integration of Cambridge Quantum’s Quantum Origin quantum-powered key generation platform with the Fujitsu SD-WAN solution configuration.
The PoC demonstrates the successful integration of the Fujitsu’s SD-WAN solution configuration with the cloud-hosted Quantum Origin platform, responsible for generating keys using NIST and NCSC approved classical cryptographic algorithms seeded with verifiable quantum entropy. The following diagram is a high-level illustration of the integration architecture and the functional components provided by each company.
For the purpose of integration, the Fujitsu SD-WAN configuration has been adapted by replacing the native VPN with the OpenVPN software. Specifically, the SD-WAN OpenVPN implementation uses the OpenSSL, which obtains the keys seeded with quantum entropy over a simple web API distribution service from Quantum Origin. The keys are used in the generation of certificates in the OpenVPN and other Fujitsu SD-WAN network components. The following diagram shows the OpenVPN tunnel providing the SD-WAN secure communications, based on the certificates generated using the Quantum Origin keys.
The PoC demonstration will enable Fujitsu’s customers to gain confidence and tangible appreciation of the QRNG integration into existing SD-WAN solution architecture, as an important element of the Quantum Security Technologies.
What are the future aims?
The PoC for quantum resilience is limited in scope to a network centric security context of the SD-WAN, and with QRNG integration on classical cryptographic algorithms. Quantum resilience and its wider security contexts on custom applications’ and services’ data and information are the future aims for scenario driven application-based PoCs. The future aims on Quantum Security Technologies will be guided by the NIST’s recommendations on new solution methods with new cryptographic algorithms that are expected not before 2022.
Find out more…
For more details and insights on the PoC and our wider initiatives on quantum resilience, please contact us via – firstname.lastname@example.org .
Duncan Jones is Head of Quantum Cybersecurity at Cambridge Quantum. He leads a team developing advanced cybersecurity products based on quantum technology, which deliver value today. Duncan has 14 years’ experience in cybersecurity and has held senior technical and product-focused roles in companies such as Thales, Arm and Worldpay.
Latest posts by Dr Houtan Houshmand (see all)
- Can software networks be protected in a post-quantum world? - December 7, 2021