Gemalto is now part of the Thales Group, find out more.
연락처

The Threat

The threat and arrival of quantum computers is ever-present with physics breakthroughs, more Qubits, quantum “supremacy”, and cloud service providers designing quantum computers, but what does it really mean to data protection? Is it really the end of encryption as we know it? 

What is Quantum Computing? 

Answer: Quantum computing uses quantum bits, or qubits, based on quantum physics to break barriers currently limiting the speed of today’s common computers. It does not give you more processing power, instead it relies on superposition (ability to be in multiple states at the same time) and entanglement (the perfect unison of two or more quantum particles) to process large quantities of information including numbers. The first real use for quantum computers will likely be for advancements in areas such as material design, pharmaceuticals, and optimizing the power grid.

How will Quantum Affect Today’s Cryptography?

Answer: Today’s public key cryptography is based on factorization for RSA algorithms, or discrete log problems with DSA, Diffie-Hellman, and Elliptic-Curve Cryptography (ECC). Although these hard problems are sufficient today, as soon as a hacker has access to a quantum computer they will be able to weaken these algorithms with quantum algorithms such as Shor’s or Lov Grovers, by breaking them or reducing the strength of the symmetric crypto keys and crypto hashes. As a result, everything we rely on today to secure our connections and transactions will be threatened by quantum cryptography, compromising keys, certificates and data. 

Timeline

Today no quantum computer can run quantum algorithms, but once it does, a multitude of public key-based protocols including TLS / SSL, IPSEC, SSH, Internet of Things (IoT), digital signing and code signing will become vulnerable to eavesdropping and public disclosure as they are not strong enough to resist a quantum attack. No one has a concrete date as to when we will hit the post-quantum era, but there are strong indicators that it will start somewhere between 2023 and 2030. If these dates are in fact true, then in some cases, it might already be too late. For example: 

  • Root Certificate Authorities (CAs) – are valid from 2028 to 2038 which is well beyond when quantum computing will arrive
  • Data Retention Requirements – an enterprise that stores and keeps data safe for a determined period of time for compliance or business reasons must take into account the post-quantum era as it may only be 4 years away
  • Code Signing Certificates - most will expire in 2021, but any data you transferred over TLS will be potentially decryptable with perfect forward secrecy
  • Document Signing Solutions – anything signed now will not have integrity in the post-quantum era

Post-Quantum Risk Assessment

In just 5 minutes you will gain a better understanding of your organization's post-quantum breach risk.

Read more

What top actions can my organization take today as quantum computing becomes more prevalent?

Crypto algorithms don’t require quantum to be broken – most break over time and it happens without warning. The post-quantum era just adds another level of concern. A few items you can start practicing today include: 

1. Practice Crypto Agility:

Crypto Agility provides you with the ability to quickly react to cryptographic threats by implementing alternative methods of encryption. As a result you will:

  • have the agility to respond to incidents 
  • have a definitive inventory of all certs and keys from all issuing authorities
  • know how you are using your keys
  • be able to automate management of server/appliance trust stores and key stores
  • allow for remote updating of device roots, keys, and certificates
  • ensure your PKI can be quickly migrated to new post-quantum resistant PKI root and new algorithms

2. Secure the Enterprise with Quantum Key Distribution

Start protecting your mission-critical connected devices today using advanced quantum-safe digital certificates and secure key management for IoT connected devices. Together Gemalto and ISARA are partnering to ensure connected systems for automobiles, industrial control systems, medical devices, nuclear power plants and other critical infrastructure are safe from threats in five, 10 and 20 years. Learn more.

3. Protect Applications with Quantum Random Number Generation

Generating unique and truly random numbers is a powerful combination to securing an enterprise. High entropy and secure key storage addresses critical applications where high quality random numbers are absolutely vital such as: cryptographic services; numerical simulations; cloud; compliance; gaming; and IoT-scale device authentication and managed end-to-end encryption.

4. Take our Post-Quantum Risk Assessment

Without quantum-safe encryption, everything that has been transmitted, or will ever be transmitted over a network is vulnerable to eavesdropping and public disclosure. Take our free Post-Quantum Risk Assessment and in under 5 minutes you will have a better understanding if your organization is at risk to a post-quantum breach, learn about the scope of work required, and what you should be doing today to be post-quantum ready.

Act Now

Although the post-quantum era is still a few years away, practicing crypto agility now will help avoid expensive security retrofitting in the future as quantum computing becomes more prevalent.

Don’t risk a compromise of your private root keys. Contact us to learn how Gemalto’s SafeNet Luna Hardware Security Modules, Gemalto’s Data Protection on Demand, and SafeNet High Speed Encryptors, together with ISARA’s Quantum-Safe Security Solutions can help you get prepared.

Preparing for Quantum

We've all heard that quantum computers are coming; beyond being a boon for materials science they're going to wreak havoc for cybersecurity. Part 3 of this series from Gemalto will outline the scope of the problem (it's more than just algorithms) as well as the work required and being done to protect data through the upcoming transition.

Watch the Webinar

요청 정보

 

당사의 제품에 관심을 보여주셔서 감사합니다. 해당 항목들을 기재해주시면 Gemalto 에 대한 상세 자료나 Gemalto 전문가가 연락드리겠습니다.

 

개인 정보

* 이메일 주소:  
* 이름:  
* 성:  
* 회사:  
* 전화:  
* 국가:  
* State (US Only):  
* Province (Canada/Australia Only):  
* 시:  
내용:  
 

우리의 개인정보 보호 준칙에 기술되는 있는 바와 같이 다운로드를 클릭함은 젬알토로부터 이메일 수신을 동의한 것으로 인정됩니다.