Miguel Antonio Rey, profile picture
Uploaded byMiguel Antonio Rey
PPTX, PDF92 views

Quantum computing

The document discusses the impacts of quantum computing on security for large financial organizations. It outlines NIST's process for standardizing post-quantum cryptography to develop cryptographic systems secure against both quantum and classical computers. The timeline and evaluation criteria for candidate algorithms are presented, along with families of algorithms being considered like lattice-based, code-based, and hash-based signatures. The document also examines challenges for replacing cryptographic algorithms in legacy infrastructure, assessing the quantum resistance of routing and switching vendors, and the impact on common cryptographic algorithms used in applications.

Embed presentation

Download to read offline
Quantum Computing - Impacts on Security and Large-size Financial Organizations Miguel Antonio Rey Cyber Risk Manager, Deloitte & Touch, LLC June 1, 2019
Background  The Post-Quantum Computing standardization process is the National Institute of Standards and Technology’s (NIST) response to advances in the development of quantum computers.  These machines exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers.  If large-scale quantum computers are ever built, they will be able to break the public-key cryptosystems currently standardized by NIST, which consist of digital signatures and key-establishment schemes.  Quantum computers will have an impact on symmetric-key cryptosystems, however the impact will not be as drastic.  The goal of post-quantum cryptography is to develop cryptographic systems that are secure against both quantum and classical computers and can interoperate with existing protocols and networks.
NIST Standardization Timeline  • April 2-3, 2015 Workshop on Cybersecurity in a Post-Quantum World, NIST, Gaithersburg, MD  • February 24, 2016 PQC Standardization: Announcement and outline of NIST’s Call for Submissions presentation given at PQCrypto 2016  • April 28, 2016 NISTIR 8105, Report on Post-Quantum Cryptography, released  • August 2, 2016 Federal Register Notice - Proposed Requirements and Evaluation Criteria announced for public comment  • December 20, 2016 Federal Register Notice – Announcing Request for Nominations for Public- Key Post-Quantum Cryptographic Algorithms  • November 30, 2017 Submission Deadline for NIST PQC Standardization Process  • December 20, 2017 First-Round Candidates were announced. The public comment period on the first-round candidates began.  • April 11-13, 2018 First NIST PQC Standardization Conference, Ft. Lauderdale, FL  • January 30, 2019 The First Round ended and the Second Round began. Second- Round candidates announced. The public comment period on the second-round candidates began.  • March 15, 2019 Deadline for updated submission packages for the Second Round  • August 22-24, 2019 2nd NIST PQC Standardization Conference, Santa Barbara, CA
Goals, Evaluation Criteria & Steps Forward  The goal of post-quantum cryptography is to develop cryptographic systems that are secure against both quantum and classical computers and can interoperate with existing protocols and networks.  Identified three broad aspects of evaluation criteria that would be used to compare candidate algorithms throughout the NIST PQC Standardization Process. The three aspects are: 1) security, 2) cost and performance, and 3) algorithm and implementation characteristics.  When standards for quantum-resistant public key cryptography become available, NIST will reassess the imminence of the threat of quantum computers to existing standards, and may decide to deprecate or withdraw the affected standards thereafter as a result.  Agencies should therefore be prepared to transition away from these algorithms as early as 10 years from now. As the replacements for currently standardized public key algorithms are not yet ready, a focus on maintaining crypto agility is imperative. Until new quantum-resistant algorithms are standardized, agencies should continue to use the recommended algorithms currently specified in NIST standards.  International communities emerge - Through the European Union (EU), PQCrypto and SAFECrypto - In Japan, CREST Crypto-Math
Overview of the main families for which post- quantum primitives have been proposed  Lattice-based cryptography - Exciting new applications (such as fully homomorphic encryption, code obfuscation, and attribute-based encryption) have been made possible using lattice-based cryptography. Most lattice-based key establishment algorithms are relatively simple, efficient, and highly parallelizable. Also, the security of some lattice-based systems are provably secure under a worst-case hardness assumption, rather than on the average case. On the other hand, it has proven difficult to give precise estimates of the security of lattice schemes against even known cryptanalysis techniques.  Code-based cryptography – In 1978, the McEliece cryptosystem was first proposed, and has not been broken since. Since that time, other systems based on error-correcting codes have been proposed. While quite fast, most code- based primitives suffer from having very large key sizes. Newer variants have introduced more structure into the codes in an attempt to reduce the key sizes, however the added structure has also led to successful attacks on some proposals. While there have been some proposals for code-based signatures, code-based cryptography has seen more success with encryption schemes.
Cont’d  Multivariate polynomial cryptography – These schemes are based on the difficulty of solving systems of multivariate polynomials over finite fields. Several multivariate cryptosystems have been proposed over the past few decades, with many having been broken. While there have been some proposals for multivariate encryption schemes, multivariate cryptography has historically been more successful as an approach to signatures.  Hash-based signatures – Hash-based signatures are digital signatures constructed using hash functions. Their security, even against quantum attacks, is well understood. Many of the more efficient hash-based signature schemes have the drawback that the signer must keep a record of the exact number of previously signed messages, and any error in this record will result in insecurity. Another drawback is that they can produce only a limited number of signatures. The number of signatures can be increased, even to the point of being effectively unlimited, but this also increases the signature size.
Selection of Second Round Candidates  NIST selected 26 second-round candidates from the 69 first-round candidates using the evaluation criteria specified in FRN-Dec16.  In relative order of importance, NIST considered the security, cost and performance, and algorithm and implementation characteristics of a candidate in selecting the second-round candidates.  For the security evaluation of an algorithm, NIST studied the security arguments presented in the submission package, as well as external cryptanalysis submitted to NIST or published elsewhere. NIST researchers also conducted internal cryptanalysis.  NIST considered both the key/ciphertext/signature sizes as well as the computational estimates given by the submitters in their submission documentation and in their presentations at the First NIST PQC Standardization Conference.  NIST also performed internal performance benchmarks using the code from the submission packages. In addition, NIST considered the external feedback and performance estimates provided by the cryptographic community.
Second Round Candidates BIKE (PKI) - Lattice LEDAcrypt (PKI) - Code Rainbow (DigSig) - Multivariate Classic McEliece (PKI) - Code LUOV (DigSig) - Multivariate ROLLO (PKI) - Lattice CRYSTALS-DILITHIUM (DigSig) - Lattice MQDSS (DigSig) - Multivariate) Round5 (PKI) - Lattice CRYSTALS-KYBER (PKI) - Variant NewHope (PKI) - Lattice RQC (PKI) FALCON (DigSig) - Lattice NTRU (PKI) - Lattice SABER (PKI) - Lattice FrodoKEM (PKI) - Lattice NTRU Prime (PKI) - Lattice SIKE (PKI) GeMSS (DigSig) - Multivariate NTS-KEM (PKI) - Code SPHINCS+ (DigSig) - Hash HQC (PKI) - Code Picnic (DigSig) - Hash Three Bears (PKI) - Multivariate LAC (PKI) - Variant qTESLA (DigSig) - Lattice
Ramifications of Quantum Computing on technology at large-size financial organizations  Infrastructure (Routers & Switches)  Applications (PKI)  Databases (Data At Rest)
Common quantum computing challenges associated with legacy Infrastructure in a large-size financial organization  identification of cryptographic algorithms that are quantum-resistant and which algorithms should be replaced - identify legacy ciphers that are at the threat of being broken by advances in computing power of existing super- computers.  Upgrades to legacy system creates challenges due to the fact that such integrated services such as routers which are used at the edge of the network, in numerous companies’ branch offices and other remote locations. Therefore, the company needs to plan such upgrades not only from a technology perspective but also from the resource perspective.  Considerations to replacing legacy Cisco equipment with similar equipment from other vendors as other vendors may offer cheaper equipment and support options. However, Cisco as the market leader in routing and switching equipment, has issued and adopted more than 13,000 patents for proprietary protocols and technologies ranging from their core routing and switching to voice and wireless products. Some of these protocols are used to integrate various network infrastructures with routing and switching equipment, such as voice over IP phones and wireless access points.  evaluated on whether it is used in company’s routing and switching environment and whether these protocols can be replaced with industry’s open standard protocols, if the company is using ISR routers as branch or remote site routers, there is a good chance that the company is using Cisco’s proprietary routing protocol (Enhanced Interior Gateway Routing Protocol or EIGRP) as per Cisco’s branch connectivity design guide [68] . As no other networking company is using such routing protocol
Assessing the quantum-resistant cryptographic of routing and switching infrastructure in a large-size financial organization  This research study was limited to top three datacenter routing and switching vendors that hold 74% share in datacenter market globally.  NIST is still in the process of standardizing quantum-resistant protocols, migrating the infrastructure to NSA’s Suite B protocols will be a good start as it contains symmetric- key protocols that are believed to be secure.  Both Juniper Networks and Arista Networks do not seem to have a strategy or vision on overcoming a threat of quantum computing. Out of three organizations researched, Cisco has the strongest awareness and support of the development of quantum resistant protocols.  Cisco’s Next Generation Encryption project is tracking not only which protocols are secure enough to be used in current cryptographic applications, but also if these protocols are believed to be quantum-resistant and whether they are supported across all Cisco’s platforms.
NSA’s Commercial National Security Algorithm Suite The Suite B algorithms have been replaced by Commercial National Security Algorithm (CNSA) Suite algorithms:  Advanced Encryption Standard (AES), per FIPS 197, using 256 bit keys to protect up to TOP SECRET  Elliptic Curve Diffie-Hellman (ECDH) Key Exchange, per FIPS SP 800-56A, using Curve P- 384 to protect up to TOP SECRET.  Elliptic Curve Digital Signature Algorithm (ECDSA), per FIPS 186-4  Secure Hash Algorithm (SHA), per FIPS 180-4, using SHA-384 to protect up to TOP SECRET.  Diffie-Hellman (DH) Key Exchange, per RFC 3526, minimum 3072-bit modulus to protect up to TOP SECRET  RSA for key establishment (NIST SP 800-56B rev 1) and digital signatures (FIPS 186-4), minimum 3072-bit modulus to protect up to TOP SECRET
Transition algorithms Algorithm Function Transition parameters Quantum resistant Advanced Encryption Standard (AES) Symmetric block cipher used for information protection Use 256-bit keys to protect up to TOP SECRET YES Secure Hash Algorithm (SHA) Algorithm for message authentication and digital signature Use SHA-384 to protect up to TOP SECRET. YES Diffie–Hellman (DH) Asymmetric algorithm used for key establishment Minimum 3072-bit modulus to protect up to TOP SECRET NO Rivest-Shamir- Adleman (RSA) Asymmetric algorithm used for key establishment Minimum 3072-bit modulus to protect up to TOP SECRET NO Elliptic Curve Diffie–Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA) Asymmetric algorithm used for key establishment Use Curve P-384 to protect up to TOP SECRET. NO
Routing and switching cryptographic agility Routing switching technology Compliance Description Cisco Catalyst 30 0 0 (running IOS 16.2), 40 0 0, 60 0 0 & Nexus 90 0 0 Series switches (running NX-OS 7.0.3) FIFPS 140–2 certified Support Diffie–Hellman with 2048-bit, 3072-bit, and 4096-bit keys for IPSec. Support RSA with keys of 2048, 3072, and 4096 bits. AES with 256bit keys, and SHA with message digests of 384 bits and 512 bits ISR 1100 & ISR 4000 Series Routers (running XE 16.9) Cisco 7200 Series Routers Cisco 7200 (VSA) & (VAM2 + )Routers Catalyst 3750-X and 3560-X switch FIFPS 140–2 certified N/A FIFPS 140–2 certified 802.1AE MACsec Encryption Support IPSec DES, 3DES, and AES Support ended Sep 30, 2017 IPsec tunneling that supports DES, 3DES, AES (128-, 192-, 256- bit) encryption Support IPsec Algorithms: 3DES (168-bits/AES (128/196/256- bits), HMAC-SHA-1 (160-bits),RSA (2048/3072 bits) Cisco 6500 switches Cisco 7600 Routers Hardware Security Modules Hardware Security Modules No support for NGE Support ends Feb 29, 2022
Routing and switching cryptographic agility Routing switching technology Compliance Description Arista networks Arista 7500R 802.1AE MACsec Encryption 100 Gbps line card, No support for 256-bit encryption 7500E Switches 802.1AE MACsec Encryption 100 Gbps line card, No support for 256-bit encryption Aritsa 7050x, 7250x, 73300x, 7500E, 5150 Switches FIFPS 140–2 certified Supports SHA 512 (suite B protocol), RSA 2048-bit
Routing and switching cryptographic agility Routing switching technology Compliance Description Juniper Networks SRX340 0, SRX360 0, SRX560 0, SRX580 0 gateways Support for Suite B Protocols with Junos OS 12.1.X45-D30 release EX420 0, 40 0 and 4550 Switch 802.1AE MACsec Encryption AES-128 and AES-256 bit encryption, with Junos OS 12.1.X45-D30 release QFX10016 and QFX10 0 08 switches 802.1AE MACsec Encryption AES-128 and AES-256 bit encryption, with Jonus OS Release 17.2R1 EX430 0, EX460 0, EX9204 and EX9208 switches FIFPS 140–2 certified Support for AES-CBC-256 encryption for SSH, SHA2-256, SHA2-412
Summary of Impact of quantum computing on modern routing and switching infrastructure in a large-size financial organization  all three vendors have NIAP FIPS 140–2 certificates for their data center equipment that confirm compliance and security of equipment’s management plane and conforming to NSA’s Suite B  they are still vulnerable to an attack by quantum computer as they use management protocols such as SSH or HTTPS that rely heavily on RSA public-key encryption.  Cisco and Juniper offer IPSec VPN solution as part of their OS (software implementation) or in the form of Hardware Security Modules that perform acceleration of cryptographic functions. Both vendors provide information on which software versions and hardware modules support NSA’s Suite B protocols.  IPSec implementations support Suite B authentication algorithms, such as SHA2-384 and SHA2-512 as in the case with Cisco and Juniper, they are still vulnerable to a threat posed by the quantum computer as IPSec is using Diffie–Hellman protocol for key exchange, which can be broken by quantum computers.
Impact of Quantum Computing on Common Cryptographic Algorithms used in Applications Cryptographic Algorithm Type Purpose Impact from large-scale quantum computer AES Symmetric key Encryption Larger key sizes needed SHA-2, SHA-3 --------------- Hash functions Larger output needed RSA Public key Signatures, key establishment No longer secure ECDSA, ECDH (Elliptic Curve Cryptography) Public key Signatures, key exchange No longer secure DSA (Finite Field Cryptography) Public key Signatures, key exchange No longer secure
Importance of PKI to modern Web Browser communication  A study conducted in 2015 (Proofing the TLS Handshake Secure) exposes the vulnerabilities of TLS clients and servers offer many choices, and each run of the handshake involves a negotiation of the best protocol version, cipher-suite, and extensions available at both ends. Such a trade-o between flexibility and security creates several problems: 1. It makes the security of TLS depend on its correct configuration, inasmuch as some versions (e.g. SSL2) and algorithms (e.g. MD5 and RC4) are much weaker than others, and may also suffer from different implementation flaws. 2. It complicates the protocol logic, as the integrity of the negotiation itself relies on algorithms being negotiated; this is a persistent source of attacks, from protocol regression in SSL2 to version fallback in current browsers. 3. It demands stronger security assumptions, to reflect the fact that honest parties may use the same key materials with different algorithms, e.g. the same master secret may be used to key different pseudo-random functions. Intuitively, TLS on its own enables a range of chosen-protocol attacks whereby a weak algorithm (chosen by the attacker) may compromise the security of stronger algorithms (chosen by honest parties).
Empirical Results on TLS Configurations  Using an online analyzer (Qualys), we gathered extended information on server configurations for 215 of the top 500 domains, including the TLS versions, cipher-suites, certificates, and extensions they offer.  For instance, the commonly-used cipher-suite TLS RSA WITH AES 256 CBC SHA indicates an RSA handshake: the client sends a fresh premaster secret encrypted under the server public key; both parties use it to extract a master secret, used in turn as the seed of a SHA1-based PRF to derive 4 keys for SHA1-based MACs and AES encryption in CBC mode.  These servers accept 64 cipher-suites, with an average of 12 and standard deviation of 6. They accept on average more than 5 encryption algorithms and 2 hash methods. They still widely deploy weak algorithms: 70% accept at least one cipher-suite with MD5 and 90% at least one with RC4.  All servers but one offer several versions; 37% offer only SSL3 and TLS 1.0; 56% offer all 4 versions from SSL3 to TLS 1.2. Although now forbidden by the standard, 3% still accept SSL2 with compatible cipher-suites. They all disable TLS-level compression. 86% support the (mandatory) secure renegotiation extension, leaving the others vulnerable to attacks. 60% support session tickets for resumption.  tested 12 TLS clients, including major web browsers (Chrome, Firefox, Internet Explorer, Safari) and libraries (NSS, OpenSSL, SChannel, Secure Transport). These clients similarly propose a large number of cipher-suites, ranging from 19 to 36; they all propose weak hash (MD5) or encryption methods(RC4, or even no encryption). On the other hand, clients tend to support more recent cipher-suites than servers, notably those based on elliptic curves.
Cont’d Supported Protocol Versions SSL2 7 3.26% SSL3 212 98.60% TSL 1 214 99.53 TSL 1.1 129 60.00% TSL 1.2 124 57.67% Hash Algorithms MD5 149 69.30% SHA 215 100.00% SHA256 103 47.91% SHA384 74 34.42% Signature algorithms ECDSA 13 6.05% RSA 215 100.00% Top Encryption Algorithms 3DES EDE CBC 207 96.28% AES 128 CBC 212 98.60% AES 128 GCM 78 36.28% AES 256 CBC 212 98.60% RC4 128 195 90.70% Agile Summary Cipher-suites count 64 Avg. per host 11.88 Cipher-suites std. dev Agile Summary Cont’d Avg. hash per host 2.52 Avg. encrypt per host 5.36 Avg. sig. per host 1.06 Avg. KEMs per host 1.73
Cryptographic Agility Determination of whether common hardware and software components, have enough flexibility and scalability to accommodate the change of cryptographic algorithms to the ones that do not exhibit vulnerability to quantum computing and to the ones that are compliant with National Security Agency (NSA) Suite B set of protocols. We pinpoint upstream or downstream impacts of a change in the encryption algorithms across various IT network infrastructure components and applications in terms of effort required to accomplish this transition.
Impact of Quantum Computing on Databases  Cryptographic agility is observed to work better with non-persisted transient data than persisted data.  Persisted (stored) data that is encrypted with an algorithm that is being replaced may not be recoverable once the algorithm is replaced.  This can also lead to Denial of Service(DoS) to legitimate users, when authentication relies on comparative matching of computed hashes, and the accounting credentials are stored after being computed using a hashing function that has been replaced.  It is important to plan for the storage size of the outputs as the algorithm used to replace the insecure one can yield an output with a different size. For example, the MD5 hash is always 128 bits in length, the SHA -2 function can yield a 256 bit (SHA-256), 384 bit (SHA-384) or 512 bit (SHA-512) bit length output and if storage is not planned for allocated in advance, the upgrade may not even be a possibility.
SAFEcrypto  SAFEcrypto will provide a new generation of practical, robust and physically secure postquantum cryptographic solutions that ensure long-term security for future Information and Communication Technology (ICT) systems, services and applications.  The project will focus on the remarkably versatile field of Lattice-based cryptography as the source of computational hardness, and will deliver optimized public key security primitives for digital signatures and authentication, as well identity based encryption (IBE) and attribute based encryption (ABE).  As the NIST and Technology (NIST) prepares for the transition to a post-quantum cryptographic suite B, urging organisations that build systems and infrastructures that require long-term security to consider this transition in architectural designs; the SAFEcrypto project will provide Proof-of-concept demonstrators of schemes for three practical real-world case studies with long-term security requirements, in the application areas of satellite communications, network security and cloud.  The goal is to affirm Lattice-based cryptography as an effective replacement for traditional number-theoretic public-key cryptography, by demonstrating that it can address the needs of resource-constrained embedded applications, such as mobile and battery-operated devices, and of real-time high performance applications for cloud and network management infrastructures.
Blockchain & Crypto currencies  quantum computing threatens all computer security systems that rely on public key cryptography, not just blockchain. blockchain’s seemingly immutable ledgers would be under threat.  What makes quantum-resistant or “post-quantum” cryptography, quantum resistant? When private keys are generated from public keys in ways that are much more mathematically complex than traditional prime factorization.  The Quantum Resistant Ledger team is working to implement hash-based cryptography, a form of post-quantum cryptography. In hash-based cryptography, private keys are generated from public keys using complex hash-based cryptographic structures, rather than prime number factorization.  The connection between the public and private key pair is therefore much more complex than in traditional public key cryptography and would be much less vulnerable to a quantum computer running Shor’s algorithm.
Cont’d
Virtualized Containers with Serverless platform  By default, TLS client authentication is turned off when TLS is enabled on a peer node. This means that the peer node will not verify the certificate of a client (another peer node, application, or the CLI) during a TLS handshake. To enable TLS client authentication on a peer node, set the peer configuration property peer.tls.clientAuthRequired to true and set the peer.tls.clientRootCAs.files property to the CA chain file(s) that contain(s) the CA certificate chain(s) that issued TLS certificates for your organization’s clients.  By default, a peer node will use the same certificate and private key pair when acting as a TLS server and client. To use a different certificate and private key pair for the client side, set the peer.tls.clientCert.file and peer.tls.clientKey.file configuration properties to the fully qualified path of the client certificate and key file, respectively.  Containers adheres to Crypto Agile design and architecture principles of scalability and extensibility (performance)  Leverages Defense-In-Depth principle, it’s not Single Point of Failure as it exposes services through API which can be monitored by signature-based tools.
Cont’d
Quantum Computing in Today’s Financial Services Industry  In November 2017, the same month it unveiled a 50-qubit computer, IBM put its 20- qubit machine online and began working with key customers to get them quantum- ready. The IBM Q Network currently has 12 members, including Barclays, JPMorgan, Mizuho Financial Group and MUFG Bank.  For Bob Stolte, managing director and head of post-trade technology at JPMorgan Corporate & Investment Bank, quantum computing has reached a point where the material science has caught up with the theoretical research. “This is where it starts to get interesting,” he says. “We can run our problems on a quantum computer and determine whether we can benefit from this technology in the future.”  Madhav Thattai, chief operating officer at Rigetti Computing, a full-stack quantum computing start-up expects some milestones to be passed in the next few years. First, the industry will cross the ‘quantum supremacy’ threshold, which is when a quantum computer can perform tasks that classical computers cannot. The next thing to happen will be the first examples of ‘quantum advantage’ applications. “This is where a quantum computer is used – most likely in a hybrid quantum-classical arrangement – in a way that provides commercial value for a particular application,” says Mr. Thattai, adding that these could be seen inside five years.  According to Dr. Lee Braine, the investment bank's chief technology officer at Barclays, the bank has an internal working group for quantum computing that includes stakeholders, the CTO’s office, statistical modeling teams and others. Some, like Braine, have Ph.D.s in mathematics. They’ve been writing short quantum programs, uploading them to an IBM quantum computer running on IBM’s cloud, and getting results back. Their programs have fallen mainly into two categories.
Conclusion and Next Steps  The next twelve to eighteen months will consist of a public review on the remaining 26 second-round post-quantum candidates.  With the number of candidates substantially reduced from the first round, we hope that the combined efforts of the cryptographic community will evaluate the remaining candidates and provide NIST with feedback that supports or refutes the security claims of the submitters.  NIST is interested in additional performance data on each of the candidates. This includes optimized implementations written in assembly code or using instruction set extensions, and analyses of implementation suitability of candidate algorithms in constrained platforms, as well as performance data for hardware implementations.  In 2020, NIST plans to either select finalists for a final round or select a small number of candidates for standardization.
Questions
Subtitle runs here Tree with circular text boxes .
Subtitle runs here Connectors with honeycomb Lorem ipsum This is dummy text it is not here to be read. This is dummy text it is not here to be read. Lorem ipsum This is dummy text it is not here to be read. This is dummy text it is not here to be read. Lorem ipsum This is dummy text it is not here to be read. This is dummy text it is not here to be read. Lorem ipsum This is dummy text it is not here to be read. This is dummy text it is not here to be read. Lorem ipsum This is dummy text it is not here to be read. This is dummy text it is not here to be read. Lorem ipsum This is dummy text it is not here to be read. This is dummy text it is not here to be read.
Subtitle runs here Connectors with puzzle pieces Lorem ipsum This is dummy text it is not here to be read this is dummy text it is not here to be read. Lorem ipsum This is dummy text it is not here to be read this is dummy text it is not here to be read. Lorem ipsum This is dummy text it is not here to be read this is dummy text it is not here to be read. Lorem ipsum This is dummy text it is not here to be read this is dummy text it is not here to be read.

More Related Content

PDF
IRJET- A Survey on Quantum Key Distribution and Huffman Coding Compression Al...
byIRJET Journal
 
PPTX
ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...
byAsma Swapna
 
PDF
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...
byAsma Swapna
 
PDF
ANALYSIS OF SIDE CHANNEL ATTACKS ON VARIOUS CRYPTOGRAPHIC ALGORITHMS
byJournal For Research
 
DOCX
Antony's Final Draft v7
byAntony Law
 
PDF
A Survey on Generation and Evolution of Various Cryptographic Techniques
byIRJET Journal
 
DOCX
A lightweight secure scheme for detecting
byjpstudcorner
 
PDF
Cryptographic Protocol is and isn't like LEGO.
byShin'ichiro Matsuo
 
IRJET- A Survey on Quantum Key Distribution and Huffman Coding Compression Al...
byIRJET Journal
 
ICCIT_NSU_Comparative Security Analysis of Software Defined Wireless Networki...
byAsma Swapna
 
ICCES_2016_Security Analysis of Software Defined Wireless Network Monitoring ...
byAsma Swapna
 
ANALYSIS OF SIDE CHANNEL ATTACKS ON VARIOUS CRYPTOGRAPHIC ALGORITHMS
byJournal For Research
 
Antony's Final Draft v7
byAntony Law
 
A Survey on Generation and Evolution of Various Cryptographic Techniques
byIRJET Journal
 
A lightweight secure scheme for detecting
byjpstudcorner
 
Cryptographic Protocol is and isn't like LEGO.
byShin'ichiro Matsuo
 

What's hot

PDF
Three Party Authenticated Key Distribution using Quantum Cryptography
byIJMER
 
PDF
Study and implementation of DES on FPGA
byVenkata Kishore
 
PDF
A lightweight secure scheme for detecting provenance forgery and packet drop ...
byLeMeniz Infotech
 
PDF
A lightweight secure scheme for detecting provenance forgery and packet drop ...
byPvrtechnologies Nellore
 
DOC
Lightweight secure scheme for detecting provenance forgery and packet drop at...
byPvrtechnologies Nellore
 
PDF
State of the art realistic cryptographic
byijcsa
 
PDF
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
byDr. Amarjeet Singh
 
PDF
Design and implementation of proposed 320 bit RC6-cascaded encryption/decrypt...
byIJECEIAES
 
PDF
RSA and RC4 Cryptosystem Performance Evaluation Using Image and Text
byYekini Nureni
 
PDF
Certain Investigations on Security Issues in Smart Grid over Wireless Communi...
byIJTET Journal
 
PDF
Final report
byJagbir Kalirai
 
PDF
A Literature Review of Some Modern RSA Variants
byijsrd.com
 
PDF
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
byIRJET Journal
 
PDF
Survey of universal authentication protocol for mobile communication
byAhmad Sharifi
 
PPTX
Cryptographic File Systems
byAditya Karan
 
PDF
A novel authenticated cipher for rfid systems
byijcisjournal
 
PDF
SECURED TEXT MESSAGE TRANSMISSION IN A WIRELESS COMMUNICATION SYSTEM WITH THE...
bycaijjournal
 
PDF
G43053847
byIJERA Editor
 
PDF
Secured Paillier Homomorphic Encryption Scheme Based on the Residue Number Sy...
byijcisjournal
 
PDF
Reliability and-efficient-protocol-for-position-based-routing-in-vehicular-ad...
byIjcem Journal
 
Three Party Authenticated Key Distribution using Quantum Cryptography
byIJMER
 
Study and implementation of DES on FPGA
byVenkata Kishore
 
A lightweight secure scheme for detecting provenance forgery and packet drop ...
byLeMeniz Infotech
 
A lightweight secure scheme for detecting provenance forgery and packet drop ...
byPvrtechnologies Nellore
 
Lightweight secure scheme for detecting provenance forgery and packet drop at...
byPvrtechnologies Nellore
 
State of the art realistic cryptographic
byijcsa
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
byDr. Amarjeet Singh
 
Design and implementation of proposed 320 bit RC6-cascaded encryption/decrypt...
byIJECEIAES
 
RSA and RC4 Cryptosystem Performance Evaluation Using Image and Text
byYekini Nureni
 
Certain Investigations on Security Issues in Smart Grid over Wireless Communi...
byIJTET Journal
 
Final report
byJagbir Kalirai
 
A Literature Review of Some Modern RSA Variants
byijsrd.com
 
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
byIRJET Journal
 
Survey of universal authentication protocol for mobile communication
byAhmad Sharifi
 
Cryptographic File Systems
byAditya Karan
 
A novel authenticated cipher for rfid systems
byijcisjournal
 
SECURED TEXT MESSAGE TRANSMISSION IN A WIRELESS COMMUNICATION SYSTEM WITH THE...
bycaijjournal
 
G43053847
byIJERA Editor
 
Secured Paillier Homomorphic Encryption Scheme Based on the Residue Number Sy...
byijcisjournal
 
Reliability and-efficient-protocol-for-position-based-routing-in-vehicular-ad...
byIjcem Journal
 

Similar to Quantum computing

PPTX
Quantum Cryptography
byThe Cryptography Centre For Excellence
 
PDF
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
PDF
Quantum Computing Threats- A Guide for Cyber Security Auditors on Post-Quantu...
byCybernetic Global Intelligence
 
PDF
Post-Quantum Cryptography - Knowing the Unknown Cyber World | USCSI®
byUnited States Cybersecurity Institute (USCSI®)
 
PDF
Domen Zavrl - The Quantum Future of Cryptography
byDomen Zavrl
 
PPTX
Post Quantum Encryption Presentation by srm.pptx
byRod Medallon
 
PPTX
v2 Quantum_Safe_Cryptography_Presentation.pptx
bydyhodcse
 
PPTX
Quantum Safety in Certified Cryptographic Modules
byOnBoard Security, Inc. - a Qualcomm Company
 
PDF
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
byBlueHat Security Conference
 
PDF
Emily Stamm - Post-Quantum Cryptography
byCSNP
 
PDF
Quantum Knowledge Proofs and Post Quantum Cryptography - A Primer
byGokul Alex
 
PPTX
Shravani_PPT_cdffetgsfwith_imagssde.pptx
bydeadly1320
 
PPTX
FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography.pptx
byFIDO Alliance
 
PDF
Post Quantum Cryptography: Technical Overview
byRamesh Nagappan
 
PPTX
Post-Quantum Encryption (PQE) refers to cryptographic algorithms and protocols
byRod Medallon
 
PDF
Quantum_Safe_Crypto_Overview_v3.pdf
byRonSteinfeld1
 
PDF
Quantum Computing: Current Status and Future
byBob Marcus
 
PPTX
Joe Biden’s Memorandum Post-Quantum Cryptography
byThe Cryptography Centre For Excellence
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PPTX
Post-Quantum Cryptography… or how Kai almost hacked a banking app​
bymparramon1
 
Quantum Cryptography
byThe Cryptography Centre For Excellence
 
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
Quantum Computing Threats- A Guide for Cyber Security Auditors on Post-Quantu...
byCybernetic Global Intelligence
 
Post-Quantum Cryptography - Knowing the Unknown Cyber World | USCSI®
byUnited States Cybersecurity Institute (USCSI®)
 
Domen Zavrl - The Quantum Future of Cryptography
byDomen Zavrl
 
Post Quantum Encryption Presentation by srm.pptx
byRod Medallon
 
v2 Quantum_Safe_Cryptography_Presentation.pptx
bydyhodcse
 
Quantum Safety in Certified Cryptographic Modules
byOnBoard Security, Inc. - a Qualcomm Company
 
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
byBlueHat Security Conference
 
Emily Stamm - Post-Quantum Cryptography
byCSNP
 
Quantum Knowledge Proofs and Post Quantum Cryptography - A Primer
byGokul Alex
 
Shravani_PPT_cdffetgsfwith_imagssde.pptx
bydeadly1320
 
FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography.pptx
byFIDO Alliance
 
Post Quantum Cryptography: Technical Overview
byRamesh Nagappan
 
Post-Quantum Encryption (PQE) refers to cryptographic algorithms and protocols
byRod Medallon
 
Quantum_Safe_Crypto_Overview_v3.pdf
byRonSteinfeld1
 
Quantum Computing: Current Status and Future
byBob Marcus
 
Joe Biden’s Memorandum Post-Quantum Cryptography
byThe Cryptography Centre For Excellence
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
Post-Quantum Cryptography… or how Kai almost hacked a banking app​
bymparramon1
 

Recently uploaded

PDF
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
PDF
Teaching Robots how to Read 1/2: AI Center & Classic Document Understanding (...
byanabulhac
 
PDF
Getting the Best of TrueDEM – January News & Updates
bypanagenda
 
PDF
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
PPTX
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
PDF
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
PDF
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
PPTX
AI and Digital Transformation Solutions.
byBuildingblocks
 
PDF
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
DOCX
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
PPT
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
PPTX
CRM for the Insurance Industry Lessons for Insurance CIOs and Digital Leaders...
byKerry Millar
 
PDF
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
PPTX
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
PDF
B2SMB SaaS Philosophy Lab: Simplicity vs Options
byAnton Shulke
 
PDF
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
PDF
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
PDF
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
PDF
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
DOCX
Mathematical reviewer gor mmw in theofern
byyeojlevantinojesalva
 
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
Teaching Robots how to Read 1/2: AI Center & Classic Document Understanding (...
byanabulhac
 
Getting the Best of TrueDEM – January News & Updates
bypanagenda
 
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
AI and Digital Transformation Solutions.
byBuildingblocks
 
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
CRM for the Insurance Industry Lessons for Insurance CIOs and Digital Leaders...
byKerry Millar
 
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
B2SMB SaaS Philosophy Lab: Simplicity vs Options
byAnton Shulke
 
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
Mathematical reviewer gor mmw in theofern
byyeojlevantinojesalva
 

Quantum computing

  • 1.
    Quantum Computing - Impactson Security and Large-size Financial Organizations Miguel Antonio Rey Cyber Risk Manager, Deloitte & Touch, LLC June 1, 2019
  • 2.
    Background  The Post-QuantumComputing standardization process is the National Institute of Standards and Technology’s (NIST) response to advances in the development of quantum computers.  These machines exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers.  If large-scale quantum computers are ever built, they will be able to break the public-key cryptosystems currently standardized by NIST, which consist of digital signatures and key-establishment schemes.  Quantum computers will have an impact on symmetric-key cryptosystems, however the impact will not be as drastic.  The goal of post-quantum cryptography is to develop cryptographic systems that are secure against both quantum and classical computers and can interoperate with existing protocols and networks.
  • 3.
    NIST Standardization Timeline • April 2-3, 2015 Workshop on Cybersecurity in a Post-Quantum World, NIST, Gaithersburg, MD  • February 24, 2016 PQC Standardization: Announcement and outline of NIST’s Call for Submissions presentation given at PQCrypto 2016  • April 28, 2016 NISTIR 8105, Report on Post-Quantum Cryptography, released  • August 2, 2016 Federal Register Notice - Proposed Requirements and Evaluation Criteria announced for public comment  • December 20, 2016 Federal Register Notice – Announcing Request for Nominations for Public- Key Post-Quantum Cryptographic Algorithms  • November 30, 2017 Submission Deadline for NIST PQC Standardization Process  • December 20, 2017 First-Round Candidates were announced. The public comment period on the first-round candidates began.  • April 11-13, 2018 First NIST PQC Standardization Conference, Ft. Lauderdale, FL  • January 30, 2019 The First Round ended and the Second Round began. Second- Round candidates announced. The public comment period on the second-round candidates began.  • March 15, 2019 Deadline for updated submission packages for the Second Round  • August 22-24, 2019 2nd NIST PQC Standardization Conference, Santa Barbara, CA
  • 4.
    Goals, Evaluation Criteria& Steps Forward  The goal of post-quantum cryptography is to develop cryptographic systems that are secure against both quantum and classical computers and can interoperate with existing protocols and networks.  Identified three broad aspects of evaluation criteria that would be used to compare candidate algorithms throughout the NIST PQC Standardization Process. The three aspects are: 1) security, 2) cost and performance, and 3) algorithm and implementation characteristics.  When standards for quantum-resistant public key cryptography become available, NIST will reassess the imminence of the threat of quantum computers to existing standards, and may decide to deprecate or withdraw the affected standards thereafter as a result.  Agencies should therefore be prepared to transition away from these algorithms as early as 10 years from now. As the replacements for currently standardized public key algorithms are not yet ready, a focus on maintaining crypto agility is imperative. Until new quantum-resistant algorithms are standardized, agencies should continue to use the recommended algorithms currently specified in NIST standards.  International communities emerge - Through the European Union (EU), PQCrypto and SAFECrypto - In Japan, CREST Crypto-Math
  • 5.
    Overview of themain families for which post- quantum primitives have been proposed  Lattice-based cryptography - Exciting new applications (such as fully homomorphic encryption, code obfuscation, and attribute-based encryption) have been made possible using lattice-based cryptography. Most lattice-based key establishment algorithms are relatively simple, efficient, and highly parallelizable. Also, the security of some lattice-based systems are provably secure under a worst-case hardness assumption, rather than on the average case. On the other hand, it has proven difficult to give precise estimates of the security of lattice schemes against even known cryptanalysis techniques.  Code-based cryptography – In 1978, the McEliece cryptosystem was first proposed, and has not been broken since. Since that time, other systems based on error-correcting codes have been proposed. While quite fast, most code- based primitives suffer from having very large key sizes. Newer variants have introduced more structure into the codes in an attempt to reduce the key sizes, however the added structure has also led to successful attacks on some proposals. While there have been some proposals for code-based signatures, code-based cryptography has seen more success with encryption schemes.
  • 6.
    Cont’d  Multivariate polynomialcryptography – These schemes are based on the difficulty of solving systems of multivariate polynomials over finite fields. Several multivariate cryptosystems have been proposed over the past few decades, with many having been broken. While there have been some proposals for multivariate encryption schemes, multivariate cryptography has historically been more successful as an approach to signatures.  Hash-based signatures – Hash-based signatures are digital signatures constructed using hash functions. Their security, even against quantum attacks, is well understood. Many of the more efficient hash-based signature schemes have the drawback that the signer must keep a record of the exact number of previously signed messages, and any error in this record will result in insecurity. Another drawback is that they can produce only a limited number of signatures. The number of signatures can be increased, even to the point of being effectively unlimited, but this also increases the signature size.
  • 7.
    Selection of SecondRound Candidates  NIST selected 26 second-round candidates from the 69 first-round candidates using the evaluation criteria specified in FRN-Dec16.  In relative order of importance, NIST considered the security, cost and performance, and algorithm and implementation characteristics of a candidate in selecting the second-round candidates.  For the security evaluation of an algorithm, NIST studied the security arguments presented in the submission package, as well as external cryptanalysis submitted to NIST or published elsewhere. NIST researchers also conducted internal cryptanalysis.  NIST considered both the key/ciphertext/signature sizes as well as the computational estimates given by the submitters in their submission documentation and in their presentations at the First NIST PQC Standardization Conference.  NIST also performed internal performance benchmarks using the code from the submission packages. In addition, NIST considered the external feedback and performance estimates provided by the cryptographic community.
  • 8.
    Second Round Candidates BIKE(PKI) - Lattice LEDAcrypt (PKI) - Code Rainbow (DigSig) - Multivariate Classic McEliece (PKI) - Code LUOV (DigSig) - Multivariate ROLLO (PKI) - Lattice CRYSTALS-DILITHIUM (DigSig) - Lattice MQDSS (DigSig) - Multivariate) Round5 (PKI) - Lattice CRYSTALS-KYBER (PKI) - Variant NewHope (PKI) - Lattice RQC (PKI) FALCON (DigSig) - Lattice NTRU (PKI) - Lattice SABER (PKI) - Lattice FrodoKEM (PKI) - Lattice NTRU Prime (PKI) - Lattice SIKE (PKI) GeMSS (DigSig) - Multivariate NTS-KEM (PKI) - Code SPHINCS+ (DigSig) - Hash HQC (PKI) - Code Picnic (DigSig) - Hash Three Bears (PKI) - Multivariate LAC (PKI) - Variant qTESLA (DigSig) - Lattice
  • 9.
    Ramifications of QuantumComputing on technology at large-size financial organizations  Infrastructure (Routers & Switches)  Applications (PKI)  Databases (Data At Rest)
  • 10.
    Common quantum computingchallenges associated with legacy Infrastructure in a large-size financial organization  identification of cryptographic algorithms that are quantum-resistant and which algorithms should be replaced - identify legacy ciphers that are at the threat of being broken by advances in computing power of existing super- computers.  Upgrades to legacy system creates challenges due to the fact that such integrated services such as routers which are used at the edge of the network, in numerous companies’ branch offices and other remote locations. Therefore, the company needs to plan such upgrades not only from a technology perspective but also from the resource perspective.  Considerations to replacing legacy Cisco equipment with similar equipment from other vendors as other vendors may offer cheaper equipment and support options. However, Cisco as the market leader in routing and switching equipment, has issued and adopted more than 13,000 patents for proprietary protocols and technologies ranging from their core routing and switching to voice and wireless products. Some of these protocols are used to integrate various network infrastructures with routing and switching equipment, such as voice over IP phones and wireless access points.  evaluated on whether it is used in company’s routing and switching environment and whether these protocols can be replaced with industry’s open standard protocols, if the company is using ISR routers as branch or remote site routers, there is a good chance that the company is using Cisco’s proprietary routing protocol (Enhanced Interior Gateway Routing Protocol or EIGRP) as per Cisco’s branch connectivity design guide [68] . As no other networking company is using such routing protocol
  • 11.
    Assessing the quantum-resistantcryptographic of routing and switching infrastructure in a large-size financial organization  This research study was limited to top three datacenter routing and switching vendors that hold 74% share in datacenter market globally.  NIST is still in the process of standardizing quantum-resistant protocols, migrating the infrastructure to NSA’s Suite B protocols will be a good start as it contains symmetric- key protocols that are believed to be secure.  Both Juniper Networks and Arista Networks do not seem to have a strategy or vision on overcoming a threat of quantum computing. Out of three organizations researched, Cisco has the strongest awareness and support of the development of quantum resistant protocols.  Cisco’s Next Generation Encryption project is tracking not only which protocols are secure enough to be used in current cryptographic applications, but also if these protocols are believed to be quantum-resistant and whether they are supported across all Cisco’s platforms.
  • 12.
    NSA’s Commercial NationalSecurity Algorithm Suite The Suite B algorithms have been replaced by Commercial National Security Algorithm (CNSA) Suite algorithms:  Advanced Encryption Standard (AES), per FIPS 197, using 256 bit keys to protect up to TOP SECRET  Elliptic Curve Diffie-Hellman (ECDH) Key Exchange, per FIPS SP 800-56A, using Curve P- 384 to protect up to TOP SECRET.  Elliptic Curve Digital Signature Algorithm (ECDSA), per FIPS 186-4  Secure Hash Algorithm (SHA), per FIPS 180-4, using SHA-384 to protect up to TOP SECRET.  Diffie-Hellman (DH) Key Exchange, per RFC 3526, minimum 3072-bit modulus to protect up to TOP SECRET  RSA for key establishment (NIST SP 800-56B rev 1) and digital signatures (FIPS 186-4), minimum 3072-bit modulus to protect up to TOP SECRET
  • 13.
    Transition algorithms Algorithm FunctionTransition parameters Quantum resistant Advanced Encryption Standard (AES) Symmetric block cipher used for information protection Use 256-bit keys to protect up to TOP SECRET YES Secure Hash Algorithm (SHA) Algorithm for message authentication and digital signature Use SHA-384 to protect up to TOP SECRET. YES Diffie–Hellman (DH) Asymmetric algorithm used for key establishment Minimum 3072-bit modulus to protect up to TOP SECRET NO Rivest-Shamir- Adleman (RSA) Asymmetric algorithm used for key establishment Minimum 3072-bit modulus to protect up to TOP SECRET NO Elliptic Curve Diffie–Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA) Asymmetric algorithm used for key establishment Use Curve P-384 to protect up to TOP SECRET. NO
  • 14.
    Routing and switchingcryptographic agility Routing switching technology Compliance Description Cisco Catalyst 30 0 0 (running IOS 16.2), 40 0 0, 60 0 0 & Nexus 90 0 0 Series switches (running NX-OS 7.0.3) FIFPS 140–2 certified Support Diffie–Hellman with 2048-bit, 3072-bit, and 4096-bit keys for IPSec. Support RSA with keys of 2048, 3072, and 4096 bits. AES with 256bit keys, and SHA with message digests of 384 bits and 512 bits ISR 1100 & ISR 4000 Series Routers (running XE 16.9) Cisco 7200 Series Routers Cisco 7200 (VSA) & (VAM2 + )Routers Catalyst 3750-X and 3560-X switch FIFPS 140–2 certified N/A FIFPS 140–2 certified 802.1AE MACsec Encryption Support IPSec DES, 3DES, and AES Support ended Sep 30, 2017 IPsec tunneling that supports DES, 3DES, AES (128-, 192-, 256- bit) encryption Support IPsec Algorithms: 3DES (168-bits/AES (128/196/256- bits), HMAC-SHA-1 (160-bits),RSA (2048/3072 bits) Cisco 6500 switches Cisco 7600 Routers Hardware Security Modules Hardware Security Modules No support for NGE Support ends Feb 29, 2022
  • 15.
    Routing and switchingcryptographic agility Routing switching technology Compliance Description Arista networks Arista 7500R 802.1AE MACsec Encryption 100 Gbps line card, No support for 256-bit encryption 7500E Switches 802.1AE MACsec Encryption 100 Gbps line card, No support for 256-bit encryption Aritsa 7050x, 7250x, 73300x, 7500E, 5150 Switches FIFPS 140–2 certified Supports SHA 512 (suite B protocol), RSA 2048-bit
  • 16.
    Routing and switchingcryptographic agility Routing switching technology Compliance Description Juniper Networks SRX340 0, SRX360 0, SRX560 0, SRX580 0 gateways Support for Suite B Protocols with Junos OS 12.1.X45-D30 release EX420 0, 40 0 and 4550 Switch 802.1AE MACsec Encryption AES-128 and AES-256 bit encryption, with Junos OS 12.1.X45-D30 release QFX10016 and QFX10 0 08 switches 802.1AE MACsec Encryption AES-128 and AES-256 bit encryption, with Jonus OS Release 17.2R1 EX430 0, EX460 0, EX9204 and EX9208 switches FIFPS 140–2 certified Support for AES-CBC-256 encryption for SSH, SHA2-256, SHA2-412
  • 17.
    Summary of Impactof quantum computing on modern routing and switching infrastructure in a large-size financial organization  all three vendors have NIAP FIPS 140–2 certificates for their data center equipment that confirm compliance and security of equipment’s management plane and conforming to NSA’s Suite B  they are still vulnerable to an attack by quantum computer as they use management protocols such as SSH or HTTPS that rely heavily on RSA public-key encryption.  Cisco and Juniper offer IPSec VPN solution as part of their OS (software implementation) or in the form of Hardware Security Modules that perform acceleration of cryptographic functions. Both vendors provide information on which software versions and hardware modules support NSA’s Suite B protocols.  IPSec implementations support Suite B authentication algorithms, such as SHA2-384 and SHA2-512 as in the case with Cisco and Juniper, they are still vulnerable to a threat posed by the quantum computer as IPSec is using Diffie–Hellman protocol for key exchange, which can be broken by quantum computers.
  • 18.
    Impact of QuantumComputing on Common Cryptographic Algorithms used in Applications Cryptographic Algorithm Type Purpose Impact from large-scale quantum computer AES Symmetric key Encryption Larger key sizes needed SHA-2, SHA-3 --------------- Hash functions Larger output needed RSA Public key Signatures, key establishment No longer secure ECDSA, ECDH (Elliptic Curve Cryptography) Public key Signatures, key exchange No longer secure DSA (Finite Field Cryptography) Public key Signatures, key exchange No longer secure
  • 19.
    Importance of PKIto modern Web Browser communication  A study conducted in 2015 (Proofing the TLS Handshake Secure) exposes the vulnerabilities of TLS clients and servers offer many choices, and each run of the handshake involves a negotiation of the best protocol version, cipher-suite, and extensions available at both ends. Such a trade-o between flexibility and security creates several problems: 1. It makes the security of TLS depend on its correct configuration, inasmuch as some versions (e.g. SSL2) and algorithms (e.g. MD5 and RC4) are much weaker than others, and may also suffer from different implementation flaws. 2. It complicates the protocol logic, as the integrity of the negotiation itself relies on algorithms being negotiated; this is a persistent source of attacks, from protocol regression in SSL2 to version fallback in current browsers. 3. It demands stronger security assumptions, to reflect the fact that honest parties may use the same key materials with different algorithms, e.g. the same master secret may be used to key different pseudo-random functions. Intuitively, TLS on its own enables a range of chosen-protocol attacks whereby a weak algorithm (chosen by the attacker) may compromise the security of stronger algorithms (chosen by honest parties).
  • 20.
    Empirical Results onTLS Configurations  Using an online analyzer (Qualys), we gathered extended information on server configurations for 215 of the top 500 domains, including the TLS versions, cipher-suites, certificates, and extensions they offer.  For instance, the commonly-used cipher-suite TLS RSA WITH AES 256 CBC SHA indicates an RSA handshake: the client sends a fresh premaster secret encrypted under the server public key; both parties use it to extract a master secret, used in turn as the seed of a SHA1-based PRF to derive 4 keys for SHA1-based MACs and AES encryption in CBC mode.  These servers accept 64 cipher-suites, with an average of 12 and standard deviation of 6. They accept on average more than 5 encryption algorithms and 2 hash methods. They still widely deploy weak algorithms: 70% accept at least one cipher-suite with MD5 and 90% at least one with RC4.  All servers but one offer several versions; 37% offer only SSL3 and TLS 1.0; 56% offer all 4 versions from SSL3 to TLS 1.2. Although now forbidden by the standard, 3% still accept SSL2 with compatible cipher-suites. They all disable TLS-level compression. 86% support the (mandatory) secure renegotiation extension, leaving the others vulnerable to attacks. 60% support session tickets for resumption.  tested 12 TLS clients, including major web browsers (Chrome, Firefox, Internet Explorer, Safari) and libraries (NSS, OpenSSL, SChannel, Secure Transport). These clients similarly propose a large number of cipher-suites, ranging from 19 to 36; they all propose weak hash (MD5) or encryption methods(RC4, or even no encryption). On the other hand, clients tend to support more recent cipher-suites than servers, notably those based on elliptic curves.
  • 21.
    Cont’d Supported Protocol Versions SSL27 3.26% SSL3 212 98.60% TSL 1 214 99.53 TSL 1.1 129 60.00% TSL 1.2 124 57.67% Hash Algorithms MD5 149 69.30% SHA 215 100.00% SHA256 103 47.91% SHA384 74 34.42% Signature algorithms ECDSA 13 6.05% RSA 215 100.00% Top Encryption Algorithms 3DES EDE CBC 207 96.28% AES 128 CBC 212 98.60% AES 128 GCM 78 36.28% AES 256 CBC 212 98.60% RC4 128 195 90.70% Agile Summary Cipher-suites count 64 Avg. per host 11.88 Cipher-suites std. dev Agile Summary Cont’d Avg. hash per host 2.52 Avg. encrypt per host 5.36 Avg. sig. per host 1.06 Avg. KEMs per host 1.73
  • 22.
    Cryptographic Agility Determination ofwhether common hardware and software components, have enough flexibility and scalability to accommodate the change of cryptographic algorithms to the ones that do not exhibit vulnerability to quantum computing and to the ones that are compliant with National Security Agency (NSA) Suite B set of protocols. We pinpoint upstream or downstream impacts of a change in the encryption algorithms across various IT network infrastructure components and applications in terms of effort required to accomplish this transition.
  • 23.
    Impact of QuantumComputing on Databases  Cryptographic agility is observed to work better with non-persisted transient data than persisted data.  Persisted (stored) data that is encrypted with an algorithm that is being replaced may not be recoverable once the algorithm is replaced.  This can also lead to Denial of Service(DoS) to legitimate users, when authentication relies on comparative matching of computed hashes, and the accounting credentials are stored after being computed using a hashing function that has been replaced.  It is important to plan for the storage size of the outputs as the algorithm used to replace the insecure one can yield an output with a different size. For example, the MD5 hash is always 128 bits in length, the SHA -2 function can yield a 256 bit (SHA-256), 384 bit (SHA-384) or 512 bit (SHA-512) bit length output and if storage is not planned for allocated in advance, the upgrade may not even be a possibility.
  • 24.
    SAFEcrypto  SAFEcrypto willprovide a new generation of practical, robust and physically secure postquantum cryptographic solutions that ensure long-term security for future Information and Communication Technology (ICT) systems, services and applications.  The project will focus on the remarkably versatile field of Lattice-based cryptography as the source of computational hardness, and will deliver optimized public key security primitives for digital signatures and authentication, as well identity based encryption (IBE) and attribute based encryption (ABE).  As the NIST and Technology (NIST) prepares for the transition to a post-quantum cryptographic suite B, urging organisations that build systems and infrastructures that require long-term security to consider this transition in architectural designs; the SAFEcrypto project will provide Proof-of-concept demonstrators of schemes for three practical real-world case studies with long-term security requirements, in the application areas of satellite communications, network security and cloud.  The goal is to affirm Lattice-based cryptography as an effective replacement for traditional number-theoretic public-key cryptography, by demonstrating that it can address the needs of resource-constrained embedded applications, such as mobile and battery-operated devices, and of real-time high performance applications for cloud and network management infrastructures.
  • 25.
    Blockchain & Cryptocurrencies  quantum computing threatens all computer security systems that rely on public key cryptography, not just blockchain. blockchain’s seemingly immutable ledgers would be under threat.  What makes quantum-resistant or “post-quantum” cryptography, quantum resistant? When private keys are generated from public keys in ways that are much more mathematically complex than traditional prime factorization.  The Quantum Resistant Ledger team is working to implement hash-based cryptography, a form of post-quantum cryptography. In hash-based cryptography, private keys are generated from public keys using complex hash-based cryptographic structures, rather than prime number factorization.  The connection between the public and private key pair is therefore much more complex than in traditional public key cryptography and would be much less vulnerable to a quantum computer running Shor’s algorithm.
  • 26.
  • 27.
    Virtualized Containers withServerless platform  By default, TLS client authentication is turned off when TLS is enabled on a peer node. This means that the peer node will not verify the certificate of a client (another peer node, application, or the CLI) during a TLS handshake. To enable TLS client authentication on a peer node, set the peer configuration property peer.tls.clientAuthRequired to true and set the peer.tls.clientRootCAs.files property to the CA chain file(s) that contain(s) the CA certificate chain(s) that issued TLS certificates for your organization’s clients.  By default, a peer node will use the same certificate and private key pair when acting as a TLS server and client. To use a different certificate and private key pair for the client side, set the peer.tls.clientCert.file and peer.tls.clientKey.file configuration properties to the fully qualified path of the client certificate and key file, respectively.  Containers adheres to Crypto Agile design and architecture principles of scalability and extensibility (performance)  Leverages Defense-In-Depth principle, it’s not Single Point of Failure as it exposes services through API which can be monitored by signature-based tools.
  • 28.
  • 29.
    Quantum Computing inToday’s Financial Services Industry  In November 2017, the same month it unveiled a 50-qubit computer, IBM put its 20- qubit machine online and began working with key customers to get them quantum- ready. The IBM Q Network currently has 12 members, including Barclays, JPMorgan, Mizuho Financial Group and MUFG Bank.  For Bob Stolte, managing director and head of post-trade technology at JPMorgan Corporate & Investment Bank, quantum computing has reached a point where the material science has caught up with the theoretical research. “This is where it starts to get interesting,” he says. “We can run our problems on a quantum computer and determine whether we can benefit from this technology in the future.”  Madhav Thattai, chief operating officer at Rigetti Computing, a full-stack quantum computing start-up expects some milestones to be passed in the next few years. First, the industry will cross the ‘quantum supremacy’ threshold, which is when a quantum computer can perform tasks that classical computers cannot. The next thing to happen will be the first examples of ‘quantum advantage’ applications. “This is where a quantum computer is used – most likely in a hybrid quantum-classical arrangement – in a way that provides commercial value for a particular application,” says Mr. Thattai, adding that these could be seen inside five years.  According to Dr. Lee Braine, the investment bank's chief technology officer at Barclays, the bank has an internal working group for quantum computing that includes stakeholders, the CTO’s office, statistical modeling teams and others. Some, like Braine, have Ph.D.s in mathematics. They’ve been writing short quantum programs, uploading them to an IBM quantum computer running on IBM’s cloud, and getting results back. Their programs have fallen mainly into two categories.
  • 30.
    Conclusion and NextSteps  The next twelve to eighteen months will consist of a public review on the remaining 26 second-round post-quantum candidates.  With the number of candidates substantially reduced from the first round, we hope that the combined efforts of the cryptographic community will evaluate the remaining candidates and provide NIST with feedback that supports or refutes the security claims of the submitters.  NIST is interested in additional performance data on each of the candidates. This includes optimized implementations written in assembly code or using instruction set extensions, and analyses of implementation suitability of candidate algorithms in constrained platforms, as well as performance data for hardware implementations.  In 2020, NIST plans to either select finalists for a final round or select a small number of candidates for standardization.
  • 31.
  • 32.
    Subtitle runs here Treewith circular text boxes .
  • 33.
    Subtitle runs here Connectorswith honeycomb Lorem ipsum This is dummy text it is not here to be read. This is dummy text it is not here to be read. Lorem ipsum This is dummy text it is not here to be read. This is dummy text it is not here to be read. Lorem ipsum This is dummy text it is not here to be read. This is dummy text it is not here to be read. Lorem ipsum This is dummy text it is not here to be read. This is dummy text it is not here to be read. Lorem ipsum This is dummy text it is not here to be read. This is dummy text it is not here to be read. Lorem ipsum This is dummy text it is not here to be read. This is dummy text it is not here to be read.
  • 34.
    Subtitle runs here Connectorswith puzzle pieces Lorem ipsum This is dummy text it is not here to be read this is dummy text it is not here to be read. Lorem ipsum This is dummy text it is not here to be read this is dummy text it is not here to be read. Lorem ipsum This is dummy text it is not here to be read this is dummy text it is not here to be read. Lorem ipsum This is dummy text it is not here to be read this is dummy text it is not here to be read.