• Credit: Shutterstock/Yurchanka Siarhei
     Credit: Shutterstock/Yurchanka Siarhei

Sponsored: Taking a Quantum Leap for Near-Term Defense

March 31, 2020
By Jerry Dotson, VP, Public Sector, Avaya

Quantum computers will revolutionize information technology, ushering in an era where certain types of calculations will be performed with almost unimaginable speed. Practical applications will include healthcare disciplines such as molecular biology and drug discovery; big data mining; financial services such as portfolio analysis and fraud detection; and artificial intelligence and machine learning.

The federal government is helping to create an environment in which quantum computing innovation and experimentation can flourish. The National Quantum Initiative Act puts $1.2 billion into the quantum research budgets of the Energy Department, the National Institute of Standards and Technology, NASA and the National Science Foundation. The law also outlines a 10-year plan to accelerate the development of quantum information science and technology applications.

Meanwhile, The White House’s Office of Science and Technology Policy is working to ensure that economic growth opportunities and opportunities for improving the world are baked into quantum policies and systems.  

However, quantum computing will also enable a major threat. Quantum computers will be able to “crack” much of the encryption used today in seconds or minutes. Encrypted and archived data will suddenly become highly vulnerable to future quantum computer cyber attacks. This could impact security across government in both civilian and defense agencies.

Already, it has been clearly demonstrated that cryptosystems such as RSA, Elliptic Curve Cryptography (ECC), and Diffie-Hellman can be compromised much faster by using quantum computing. Security protocols such as TLS/SSL and VPN/IPsec will also be affected. Quantum attacks on symmetric ciphers such as Advanced Encryption Standard (AES) can be effective, however AES can be made quite resistant to these attacks by doubling its key size.

Nevertheless, once large-scale, production quantum computers emerge it will be possible to compromise PKI keys in a very small fraction of the time it would have taken a conventional computer. Applications that securely interact across the internet today will be at risk and on-line purchases won’t be as secure with current security frameworks and technologies. Moreover, over-arching domains, including the internet, cloud computing and the Internet of Things (IoT) will ultimately become compromised.

Proven Countermeasures

Although these threats are disconcerting, proven countermeasures that are based on mathematics and physics can provide very effective protection for many decades. Some leading technologies and proposed solutions can be deployed to build a near-term defense against these new emerging threats, by using Quantum-Safe Security technologies.

These technologies are classified in the following way:

• Post-Quantum Algorithms: These are new and modified encryption algorithms that are highly resistant to quantum computer attacks.

• Quantum Key Distribution (QKD): This approach involves the use of physics to securely create and transmit encryption keys from one party to another.

Data Security in Contact Centers

Avaya has collaborated with leading post-quantum cryptography and quantum cryptography providers to define some practical quantum-secure innovations that can be deployed in the near-term, by using currently available technology.

Avaya has teamed with one such identity and cyber security specialist, to develop Avaya Mobile Identity (AMI). It is an Identity-as-a-Service (IDaaS) solution aimed at transforming and improving security in contact centers. Adversaries target contact centers to extract personal data that can be exploited elsewhere.

The ‘mobile-first’ IDaaS incorporates industry-leading biometrics to authenticate mobile callers. It unlocks sensitive data and uses blockchain to allow contact centers to authenticate the customer’s identity and data. The solution is fully quantum “ready” and will leverage quantum-resistant encryption to defend against future quantum computer attacks. Sensitive data is stored in a vault protected by full tokenization and encryption that can withstand attacks from quantum computers, securing data stored today against future threats.

Other areas where Avaya is working with partners include:

  • Virtual Private Network (VPN) based on Post-Quantum Key Exchanges within IKEv2
  • OpenVPN Based on TLS 1.3 Using Hybrid Post-Quantum Key Exchanges
  • Quantum-Secure Transport Layer Connectivity
  • Key Generation via Quantum Random Number
  • Quantum-Secure Certificate Authority (CA)

The Bottom Line

The emergence of production quantum computers poses a threat to public key cryptography at a time when much of the post quantum algorithmic work is still in the early stages of development. Adoption timelines can take several years depending upon acceptance by relevant standards bodies, and actual adoption by software providers. Yet, technologies are being developed, applying post quantum algorithms and quantum key distribution solutions, to provide near-term countermeasures to this threat. Waiting for proven and fully mature quantum-secure solutions will put organizations at substantial risk of being exposed to some form of successful quantum attack in the near future.

Interested in learning more about how quantum-secure solutions can defend your contact center?  Email John Young, Senior Director, Innovation Mobility Identity Services / Quantum-Safe Security / Blockchain at jayoung@avaya.com

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.


Share Your Thoughts: