Security tool will help protect against ‘quantum’ hackers | #itsecurity | #infosec

A security tool picked up by the US Government is based on Auckland University research and will help protect against cyber attacks from “quantum” hackers.

Crystals-Dilithium is the name of one of four “quantum-resistant encryption systems” approved for use by the US National Institute of Standards and Technology last week.

“Quantum-resistant encryption” refers to security systems that can withstand attacks by quantum computers – a new generation of computers, hundreds of million times more powerful than the most advanced supercomputers today.

The system was built on research co-authored by Professor Steven Galbraith, Head of the Department of Mathematics at Auckland University.

Current cryptography methods rely on mathematical algorithms so complicated that even supercomputers would take millennia to solve, but the advance and wider accessibility of quantum computers would make this redundant.

In 2019, an algorithm expected to take IBM’s supercomputer Summit 10,000 years to compute was completed in a mere 200 seconds by Google’s quantum computer.

“A hacker with a quantum computer could decrypt a lot of sensitive information, including health records and national security information. They could also do industrial espionage by getting access to the intellectual property of companies,” Galbraith said.

New Zealand’s institutional cybersecurity (or lack of) was exposed when the Waikato District Health Board was hacked last year, leaving systems disabled and leaking confidential information.

The attack did not involve quantum computers, raising concerns regarding the inadequate cybersecurity practices in place now, let alone preventing attacks in the future.

“At the moment the only people with quantum computers are large governments and large companies like IBM and Google,” Galbraith said.

“Hackers do not have access to their own quantum computers. But the business model of IBM and Google will be to sell access to their quantum computers…much like how Amazon sells access to the AWS system for machine learning,” he told the Herald.

Post-quantum cryptography helps to prevent attacks by “quantum hackers”.

“Post-quantum cryptography is a more practical solution for the real world.

“[Post-quantum cryptography] can be used on current computers, phones and networks… but is based on different mathematics and so is secure against an attacker with a quantum computer.”

Crystals-Dilithium is based on a mathematical principle called structured lattices and is used for digital signatures.

Digital signatures are a secure way of authenticating the authenticity of a digital document, using mathematical algorithms.

The paper Galbraith co-authored in 2016 introduced a way to reduce the size of these certificates, improving their usability and ease of implementation in other systems.

Current applications of digital signatures include online credentials (e.g. passports, electronic driver’s licenses), electronic contracts, cryptocurrency, and automatic software updates.

Digital signatures are one of many systems constantly operating in the background, making access to secure online services possible.

“In the future, there will be changes in the software to make the system post-quantum, but people will not notice the difference. Cryptography is usually invisible to the users.”

Considering New Zealand’s limited investment in the field, the contribution of local research is an even greater achievement.

“I (together with my students) am the only person studying post-quantum cryptography [in New Zealand]. There is not a lot of investment. In 2014 I had no funding for the work from outside the university,” he says.

“I don’t think there is likely to be a lot of investment and innovation in post-quantum cryptography in New Zealand… but, there is hope for NZ to be a leader in cybersecurity more broadly.”

Last month G7 leaders called for “allied action” on a myriad of topics including technological standards, stating a commitment “to develop and implement robust international cyber norms”.

The leaders also addressed concerns surrounding China’s artificial intelligence development and potential technological dominance.

“Due to our size, if Government and industry were better at collaborating and sharing information we could drive innovation in a number of areas, such as threat detection and prevention, data sovereignty, protection of critical infrastructure, etc.”

Original Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Your email address will not be published.

twenty seven + = thirty two