https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


NIST’s Quantum Security Protocols Near the Finish Line

The U.S. standards and technology authority is searching for a new encryption method to prevent the Internet of Things succumbing to quantum-enabled hackers
  • Written by Callum Cyrus
  • 28th June 2021

As quantum computing moves from academic circles to practical uses, it is expected to become the conduit for cybersecurity breaches.

The National Institute of Standards and Technology aims to nip these malicious attacks preemptively. Its new cybersecurity protocols would help shield networks from quantum computing hacks.

National Institute of Standards and Technology (NIST) has consulted with cryptography thought leaders on hardware and software options to migrate existing technologies to post-quantum encryption.

The consultation forms part of a wider national contest, which is due to report back with its preliminary shortlist later this year.

IT pros can download and evaluate the options through the open source repository at NIST’s Computer Security Resource Center.

“[The message] is to educate the market but also to try to get people to start playing around with [quantum computers] and understanding it because, if you wait until it’s a Y2K problem, then it’s too late,“ said Chris Sciacca, IBM’s communications manager for research in Europe, Middle East, Africa, Asia and South America. “So the message here is to … start adopting some of these schemes.”

Businesses need to know how to contend with quantum decryption, which could potentially jeopardize many Internet of Things (IoT) endpoints.

Quantum threatens society because IoT, in effect, binds our digital and physical worlds together. Worryingly, some experts believe hackers could already be recording scrambled IoT transmissions, to be ready when quantum decryption arrives.

Current protocols such as Transport Layer Security (TLS) will be difficult to upgrade, as they are often baked into the device’s circuitry or firmware,

Estimates for when a quantum computer capable of running Shor’s algorithm vary. An optimist in the field would say it may take 10 to 15 years. But then it could be another Y2K scenario, whose predicted problems never came to pass.

But it’s still worth getting the enterprise’s IoT network ready, to be on the safe side.

“Broadly speaking, all asymmetric encryption that’s in common use today will be susceptible to a future quantum computer with adequate quantum volume,” said Christopher Sherman, a senior analyst at Forrester Research, “Anything that uses prime factorization or discrete log to create separate encryption and decryption keys, those will all be vulnerable to a quantum computer potentially within the next 15 years.”

Why Do We Need Quantum Security?

Quantum computers would answer queries existing technologies cannot resolve, by applying quantum mechanics to compute various combinations of data simultaneously.

As the quantum computing field remains largely in the prototyping phase, current models largely perform only narrow scientific or computational objectives.

All asymmetric cryptography systems, however, could one day be overridden by a quantum mechanical algorithm known as Shor’s algorithm.

That’s because the decryption ciphers rely on mathematical complexities such as factorization, which Shor’s could hypothetically unravel in no time.

“In quantum physics, what you can do is construct a parameter that cancels some of the probabilities out,” explained Luca De Feo, a researcher at IBM who is involved with the NIST quantum-security effort, “Shor’s algorithm is such an apparatus. It makes many quantum particles interact in such a way that the probabilities of the things you are not interested in will cancel out.”

Will Quantum Decryption Spell Disaster For IoT?

Businesses must have safeguards against quantum decryption, which threatens IoT endpoints secured by asymmetric encryption.

A symmetric encryption technique, Advanced Encrypton Standard, is believed to be immune to Shor’s algorithm attacks, but is considered computationally expensive for resource-constrained IoT devices.

For businesses looking to quantum-secure IoT in specific verticals, there’s a risk assessment model published by University of Waterloo’s quantum technology specialist Dr. Michele Mosca. The model is designed to predict the risk and outline times for preparing a response, depending on the kind of organization involved.

As well as integrating a new quantum security standard, there’s also a need for mechanisms to make legacy systems quantum-secure. Not only can encryption be broken, but there’s also potential for quantum forgeries of digital identities, in sectors such as banking.

“I see a lot of banks now asking about quantum security, and definitely governments,” Sherman said, “They are not just focused on replacing RSA – which includes https and TLS – but also elliptic curve cryptography (ECC), for example blockchain-based systems. ECC-powered digital signatures will need to be replaced as well.”

One option, which NIST is considering, is to blend post-quantum security at network level with standard ciphers on legacy nodes. The latter could then be phased out over time.

“A hybrid approach published by NIST guidance around using the old protocols that satisfy regulatory requirements at a security level that’s been certified for a given purpose,” Sherman said, “But then having an encapsulation technique that puts a crypto technique on top of that. It wraps up into that overall encryption scheme, so that in the future you can drop one that’s vulnerable and just keep the post-quantum encryption.”

Governments Must Defend Against Quantum Hacks

For national governments, it’s becoming an all-out quantum arm’s race.  And the U.S. may well be losing. Russia and China have both already unveiled initial post-quantum security options, Sherman said.

“They finished their competitions over the past couple of years. I wouldn’t be surprised if the NIST standard also becomes something that Europe uses,” he added.

The threats against IoT devices have only grown more pronounced with current trends.

More virtual health and connected devices deployed in COVID-19, for example, will mean more medical practices are now quantum-vulnerable.

According to analyst firm Omdia, there are three major fault lines in defending the IoT ecosystem: endpoint security, network security and public cloud security. With 46 billion ‘things’ currently in operation globally, IoT already provides an enlarged attack surface for cybercriminals.

“The challenge is protecting any IoT device that’s using secure communications or symmetric protocols,” said Sherman, “Considering that by, 2025 there’s over a trillion IoT devices expected to be deployed. That’s obviously quite large in terms of potential exposure. Wherever RSA or TLS is being used with IoT, there’s a threat.”

Weighing Up Post-Quantum And Quantum Cryptography Methods

Post-quantum cryptography differs from methods such as quantum key distribution (QKD), which use quantum mechanics to secure technology against the coming threat.

QKD is already installed on some government and research communications lines, and hypothetically it’s impenetrable.

But the average business needs technology that can be implemented quickly and affordably. And, as we don’t even know how a quantum decryption device would work in practice, it’s unrealistic to transfer QKD onto every IoT network.

One of the main post-quantum cryptography standards in the frame is lattice-based cryptography, an approach that is thought to be more resilient against Shor’s algorithm.

While these are still based on mathematics and could be endangered by future quantum decryption algorithms, they might buy scientists enough time to come up with other economically viable techniques.

Another advantage would be in IoT applications that need the point-to-point security channel, such as connected vehicles, De Feo said.

“Probably the lattice-based schemes are the best right now to run on IoT devices. Some efforts will be needed in the chip design process to make these even easier to run,” he added, “But we should probably start thinking about this right now. Because it will probably take around five-to-seven years after the algorithms have been found for the chips to reach people’s homes or industrial systems.

“And then – potentially – [if the optimistic estimates are right,] quantum computers will have arrived.”

Tags: Artificial intelligence/machine learning Security Strategy

Related


  • FedEx, PepsiCo, Amazon, Ford Headline IoT World Silicon Valley
    MunichRe, PepsiCo and Levi Strauss are scheduled to present next week.
  • Digital lock icon and city background, concept of data security
    Malicious Attacks on IoT and Critical Infrastructure Gather Pace
    Assaults on IoT have blossomed as malicious attackers have learned there is much to gain in attacking critical infrastructure. The target is often weak and the payoff is great.
  • DevSecOps Brings Payoffs through Security by Design
    DevSecOps brings serious payoffs in the fragmented IoT engineering landscape by building in security by design.
  • Kudelski IoT Labs Fact Sheet
    Ensuring your product is “secure by design” right from the start is exponentially more cost effective than addressing security flaws after a product is launched. Independent evaluation of your device’s security can give you the information you need to prevent unexpected damage to revenues and reputation in the future. This fact sheet explains the end-to-end […]

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • LoB teams drive IoT projects, but infrastructure, ops crucial to success
  • Legislation introduced in U.S. to create IoT cybersecurity benchmarks
  • Juniper IoT security chief: Device threats could be devastating
  • How to protect against Bluetooth attack vector BlueBorne

Roundups

View all

IoT Product Roundup: PTC, Nokia, Arm and More

19th May 2022

IoT Deals, Partnerships Roundup: Intel, Nauto, Helium and more

14th May 2022

IoT Product Roundup: Amazon, Synaptics, Urban Control and More

27th April 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Dylan Kennedy of EMQ

Embedded IoT World 2022: Dylan Kennedy of EMQ

Dylan Kennedy, EMQ’s VP of global operations, sat down with Chuck Martin at Embedded IoT World 2022.

Embedded IoT World 2022: Omdia’s Sang Oh Talks Vehicle Chip Shortage

Omdia’s automotive semiconductor analyst sits down with Chuck Martin at this year’s event

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

Explore Emerging Tech For Enterprises at @TechXLR8 2022 this June ➡️ Join us from 1-3 June in harnessing the pow… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

Clearview AI has been fined $9.4 million for collecting images of people from social media platforms to add to its… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

Swiss-startup Airyacht is developing an eponymously named vehicle that it says will take the luxury-yacht experienc… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

@Tesla’s #Autopilot being investigated once again following fatal crash in Newport Beach, California. iotworldtoday.com/2022/05/23/tes…

23rd May 2022
IoTWorldToday, IoTWorldSeries

A new Kansas law will enable #driverless deliveries from @Walmart and its partner @Gatik_AI. #AVs… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

Access a world of opportunity in 2022 with @IoTWorldToday ➡️ Now is time to unlock ROI, by accessing a global com… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

3D Home Printer to Build 72 Residences for National Homebuilder dlvr.it/SQhWSF https://t.co/XJOs70DqzH

19th May 2022
IoTWorldToday, IoTWorldSeries

Microsoft Ramping up Cybersecurity Service Offerings dlvr.it/SQhPR0 https://t.co/nYzaDRnyVY

19th May 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X