Wed, Mar 16, 2022

Quantum Computing & Security: What Does the Future Hold?

Quantum computing gives us an unprecedented opportunity to begin to solve intrinsic security problems in today’s internet protocols and architecture. With a sprawling internet built on classical computers, it’s practically impossible to rebuild that infrastructure from the ground up. However, attackers keep expanding their activity. The need to fight back has never been so strong, but there will always be a limit to the effectiveness if the underlying protocols have flaws.

Quantum computing has security advantages that do not exist in classical computing, such as truly random numbers and intrinsic abilities to detect interference. Those capabilities are becoming real today. There are hardware components that harness this power of quantum computing to make our systems more secure.

Just as exciting, since we are at the beginning of defining conventions and protocols in the quantum world. Though we are still far from full-featured quantum computers or a fully quantum internet, we are at an exciting place as those technologies take clearer shape. We can begin by laying a more secure foundation, improving on the methods that have tried and failed in the classical world. If we think about security now, we can re-architect the quantum internet of the future to be more useful and more secure than ever.

What Is Quantum Computing?

Quantum computing is a new, faster paradigm for computing. Instead of using traditional binary bits (like typical classical computers do) and electronic logic gates that process those binary bits, quantum computers process data using quantum bits (qubits) and quantum properties of those qubits. This new type of computing has the potential to perform operations up to 100 million times faster than classical computers. This speed is particularly attractive for complex computing problems that involve questions such as factoring, search algorithms, or scientific simulations.

Quantum computers have been part of the future of computing since a 1980 paper by Paul Benioff that proposed a quantum model for a Turing machine. Since then they have been a fertile ground for research, though many people in the industry have continued to view them as the purview of academic and research computing. It is true that quantum computers are not yet a replacement for all of our classical computers. However, the goal is that quantum computers will be able to replace more functions of classical computers, and be able to do so more energy-efficiently.

What Is the State of Quantum Computing?

Quantum computers have not yet reached the point of general application and replacement of classical computers. Due to the properties of quantum mechanics, quantum computers need a sterile, supercooled environment to function. Qubits can also be easily disturbed by things as classically innocuous as attempting to observe them.

Even with these limitations, we are already beginning to see the dawn of practical applications of quantum mechanics in computing. In some specific circumstances, quantum technologies are already coming to market and providing useful results. And, several of these applications tie into making our world even more secure.

Quantum Random Number Generators (QRNG)

In the classical world, we often use pseudorandom number generators for authentication, encryption, and key management. Classical computers have a difficult time extracting truly random numbers, and discerning the patterns behind pseudorandom numbers can lead to the compromise of data encryption built with those non-random numbers.

However, quantum mechanics gives us the ability to generate truly random numbers based on physical processes like light beam scattering or quantum fluctuations in a vacuum. Unlike pseudorandom numbers generated by classical algorithms, these physical processes return truly unpredictable numbers. We are seeing quantum random number generators on the market already. This includes randomness-as-a-service platforms that provide quantum-generated random numbers. There are also QRNG chips on the market, and the Samsung Galaxy Quantum phone has adopted such a chip to strengthen its encryption.

Quantum Key Distribution (QKD)

The properties of quantum mechanics mean that observing or measuring  a quantum system actually disrupts the system. Therefore, if an eavesdropper attempts to read a key created and disseminated via Quantum Key Distribution (QKD), the creator and intended recipient will be able to detect that the key has been compromised, meaning quantum properties offer a built-in way to determine whether a key has been transmitted securely enough to use. This requires dedicated equipment and circuits, but is possible in the present day and several companies do offer commercial QKD services.

Quantum as a Service (QaaS) Platforms

Even though quantum computers are beyond the reach of many companies and individuals,

Quantum as a Service (QaaS) platforms allow people to both learn about quantum computing and experiment with designing and running quantum code. Though quantum computers are not widely available, open-source SDKs such as Qiskit allow people to use their classical computers to write code intended to run on quantum computers. Then, they can rent time on a quantum computer via a QaaS platform to run that code on an actual quantum computer.

Quantum Computing Security Concerns

As quantum computing’s practical abilities expand, the question becomes more pressing: what quantum computing security implications must we consider?

Post-Quantum Safe Cryptography

One of the main concerns is cryptography. Quantum computing is an exciting frontier for designing stronger cryptography, but its position on the horizon also raises questions about the security of cryptographic methods currently being used. After all, its more powerful ability to factor large numbers will eventually compromise the integrity of cryptographic algorithms that are currently secure against classical computers.

NIST is actively working to identify a standard for post-quantum safe cryptography, and some companies are already testing post-quantum algorithms. Whether your company is on the brink of adopting quantum technology or not, you will need to make plans to adopt post-quantum safe cryptography.

Design Flaws

One of the most exciting parts of quantum computing is its potential as a new paradigm. Commonly adopted protocols, design patterns, languages, and operating system safety features are so common in the classical computing world to seem almost intrinsic, since so many people and companies depend on them to communicate.

Quantum computing, on the other hand, is still new enough that there are not agreed-upon or default design patterns. It is still at a very low level compared to fully realized classical computing systems, and the classical internet. Quantum computing is not yet at a point where its design patterns are as developed as classical ones. There are not yet full quantum analogues to packet structures, communication protocols, or even things as classically low-level as the operating system safety features that lie at its interaction with hardware. In the classical world, attackers look to these places as fertile grounds for attack. As quantum computing capabilities grow, attackers will begin to look to these places in quantum systems, as well.

As technology allows quantum computing to extend to more real-world problems, those who are creating and implementing that technology need to keep in mind the security shortcomings from the world of classical computing. Taking care to ask tough security questions now can lead to a stronger, more secure future in quantum computing.

Some quantum devices are already beginning to improve the state of security. QRNG chips are improving random number creation for cryptography, and QKD systems are providing a key distribution option with built-in detection of snooping and tampering. However, vulnerabilities are already being discovered in QKD implementations. This underscores the fact that even with the exciting security possibilities of quantum computing technologies, we must think about the architecture and implementation of these technologies.

Future Benefits of Quantum Computing for Security

Even in the classical world, security teams are having an increasingly difficult time tracking the security landscape. New vulnerabilities are coming out every day. And, it is not just a question of new instances of familiar vulnerabilities. As technology changes, new categories of vulnerabilities arise, and the learning curve for security professionals gets ever steeper.

One of the most exciting things about quantum computing is its ability to process more data more quickly than classical computers, while using less energy. As quantum computing capabilities increase, security teams can put this to good use.  Quantum data processing technologies have the exciting possibility to help security teams make sense of massive amounts of security data more quickly than ever, and could make quantum computers an important tool to help keep pace with the sprawling threat landscape.

The possibility of more securely designed protocols in a quantum future is an exciting one for security teams in the future, too. With the possibility of improving upon classical protocols and software design patterns in the quantum world, well designed quantum computing could help put systems and networks on a more secure footing than classical ones. This is both an exciting possibility for quantum computing, and an exciting reason for security researchers to get involved in research and design from the ground level of quantum computing.

Prepare for a Quantum Future

As your company evolves, emerging technologies can give you a competitive advantage. However, as you adopt them, you need the expertise and confidence to make sure you are embracing them securely. This is the case with quantum computing.

Though it has exciting applications, and its power and speed make it a great fit to work alongside other emerging technologies like AI, Blockchain, 5G, Internet of Things, and cloud computing, it is unwise to jump in without thinking about quantum computing security. Thinking about that now, while quantum computing is still young, can both make sure you are implementing technologies in the safest way possible, and help make sure that your influence on this still-young technology is positive.

When choosing an emerging technology security partner, it matters to work with a partner with a proven history of both researching and securing new technologies. Kroll has a long history of software and enterprise security, at the forefront of research into emerging technologies. Our Emerging Technology practice brings that experience to your business, helping you adopt, implement, and secure what will keep you ahead of the competition.

Threat Exposure and Validation

Proactively identify your highest-risk exposures and address key gaps in your security posture. As the No. 1 Incident Response provider, Kroll leverages frontline intelligence from 3000+ IR cases a year with adversary intel from deep and dark web sources to discover unknown exposures and validate defenses.

Penetration Testing Services

Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.

Cloud Security Services

Kroll’s multi-layered approach to cloud security consulting services merges our industry-leading team of AWS and Azure-certified architects, cloud security experts and unrivalled incident expertise.

Cyber Governance and Strategy

Manage cyber risk and information security governance issues with Kroll’s defensible cyber security strategy framework.