CyberWeek Recap: Quantum Computing Security Risks and Moving Target Defense

This week, CryptoMove has the opportunity to attend CyberWeek, a conference of leading cybersecurity experts from around the world, and present on a panel about “Security in the Quantum Age.”

The march towards quantum computing poses new risks for protecting digital assets, and there remains considerable uncertainty regarding the future of data security in the post-quantum world.

In today’s post, we’ll review the relationship between quantum computing and cryptography and recap our CyberWeek presentation about how moving target defense (MTD) can play a part in implementing quantum-safe data storage solutions in both the short- and long-term.

What is Quantum Computing and How Could it Impact Data Security?

Quantum computing refers to a predicted revolutionary expansion in computational power that takes advantage of innovations in quantum mechanics. Classic computing works with bits, but quantum computing utilizes qubits that have unique properties, including superposition and entanglement, that unlock dramatic increases in processing power.

Decryption is one way that this processing power could be deployed. Shor’s Algorithm, published in 1994, demonstrated that a quantum computer can factor large numbers rapidly enough to crack many existing RSA encryption algorithms. As a result, quantum computing poses a threat to encryption systems that have been relied upon for decades.

At this point, quantum computing remains theoretical, and there are a handful of open questions that will have a huge bearing on the post-quantum future:

• How soon is it coming? No one knows exactly how long it will take to develop a functional quantum computer. Some believe that it could happen within the next few years while others think it could take 8–10 years or perhaps multiple decades. As a committee convened by the National Academies of Sciences, Engineering, and Medicine concluded, the remaining list of technical hurdles “makes it impossible to project the time frame for a large error-corrected quantum computer.”
• Who will develop it first? The implications of this sea change in computing may depend on who first succeeds in building a quantum machine. Governments, private companies, and academia are actively involved in R&D but have diverging imperatives with regard to transparency and how the technology would be applied. Who gets there first could have a tremendous effect on the consequences that quantum computing has for data security.
• What will be the consensus quantum-safe solutions? While there is plenty of doomsaying about what quantum computing means for encryption, the truth is that there are already algorithms that are quantum-safe, including lattice cryptography. The process of getting those standards accepted and ready for widespread implementation is another matter. The Post-Quantum Cryptographic Standardization project of the National Institute of Standards and Technology (NIST) isn’t expected to finish until 2022–2024, and full roll-out may require another 5–10 years.

For CSOs and other data security leaders, these uncertainties pose serious strategic challenges. Many organizations with sensitive data are large, complex, and utilize multiple systems, making the transition to quantum-safe technologies appear to be an arduous and costly undertaking. Without clarity about the risks, timeline, or solutions, many decision-makers may find it hard to accept the short-term costs of implementing quantum-safe technologies, which puts data at risk should quantum computing come about sooner than predicted.

How Does MTD Contribute to Quantum-Resistant Data Security?

Moving target defense applies the principles of movement and fragmentation to data at rest in order to keep it out of the reach of attackers. CryptoMove’s patented MTD technology turns stored data into a constantly shifting target, and the math behind it shows that it exponentially increases the number of computations required to access encrypted data. Academic research indicates that this capability is effective even against quantum-based attacks.

MTD has both immediate and long-term applications for achieving quantum-resistant data security.

In the near-term, MTD serves two critical functions for organizations planning for the quantum age. First, it offers enhanced protection to existing data at rest. While it is natural to think that quantum-safe solutions matter most years down the line, the fact is that present-day data is vulnerable to “steal now, decrypt later” attacks. In other words, even if attackers cannot decrypt data that they steal today, they can hold onto this data until quantum processing power enables them to penetrate its encryption. By better protecting existing data in the first place, CryptoMove stymies these attacks.

Second, MTD offers a simplified and future-proof implementation strategy. A critical feature of the CryptoMove technology is its ability to plug-and-play with different cryptographic algorithms. No matter what algorithm is used, CryptoMove adds entropy to the data store and makes it harder to crack. In this way, MTD offers an immediate fortification strategy for data that is currently protected by algorithms that are vulnerable to quantum-computing attacks as soon as they become a reality.

Over the longer-term, as quantum-safe algorithms become standardized and widely accepted, the CryptoMove back-end can be modified to deploy them and to continue adding layers of protection that maintain an asymmetrical advantage against attackers.

CryptoMove’s data security technology functions as a bridge to get past the uncertainty surrounding the quantum era. Organizations can use MTD today to hedge against a more rapid arrival of quantum computing without locking themselves into an algorithm that may become obsolete with future standardization.

Facing a future of quantum computing, CSOs can feel forced to choose between suffering high short-term costs to protect against an undefined threat or rolling the dice by delaying change until the threat is better understood. MTD eliminates this forced choice and provides a powerful, cost-effective, and flexible solution for quantum-resistant data protection now and in the future.

To learn more about CryptoMove, you can read about wide-ranging use cases, and developers can get immediate access to try out the CryptoMove vault for protecting keys, access tokens, and other sensitive secrets.