Story image

Microsoft, DigiCert, Utimaco tackle quantum computing threats

13 Feb 2019

Microsoft Research, DigiCert and hardware security module provider Utimaco have successfully piloted an algorithm that could bring the world one step closer to a secure internet of things.

The three companies ran a test implementation of the ‘Picnic’ algorithm, which also incorporated digital certificates for IoT encryption, authentication and integrity.

This could be the start of a full solution that will protect IoT from threats that quantum computing could pose to widely-used cryptographic algorithms.

Most IoT devices currently use RSA and ECC as security measures to protect confidentiality, integrity, and authenticity for device identities and communication.

According to Microsoft Research’s Dr Brian LaMacchia, large-scale quantum computers will soon be able to break RSA and ECC public key cryptography within 10-15 years. 

That’s not actually very far down the track, particularly when critical infrastructure like connected cities, smart homes, connected medical devices and other technologies will last longer than that, and they may take longer to update.

"The work that Microsoft Research is doing with DigiCert and Utimaco is important to develop quantum-secure cryptographic algorithms, protocols and solutions today so that in the near future enterprises will be able to transition to and deploy quantum-safe cryptography,” says LaMacchia. 

“Working to ensure that their solutions are cryptographically agile will help companies avoid expensive and unscalable security practices to protect their IoT devices against future security threats."

The certificates are issued by DigiCert using the Picnic quantum-safe digital signature algorithm developed by Microsoft Research. To implement this algorithm and issue certificates, DigiCert has used an Utimaco Hardware Security Module. 

The full solution, in development, would provide quantum-safe digital certificate issuance and secure key management, helping companies future-proof their IoT deployments.

For enterprises, it means they will be able to deploy IoT solutions that are future-proofed against quantum computing threats. The goal is to keep sensitive information and high-value assets safe.

Utimaco CTO Dr Thorsten Grötker says the successful test implantation is a fundamental building block for quantum-safe solution implantation.

"Using these solutions, IoT manufacturers and other large organisations can innovate and develop products that are well prepared against coming quantum threats."

DigiCert Labs head Avesta Hojjati adds, "DigiCert, Microsoft Research and Utimaco are collaborating today to solve tomorrow's problem of defending connected devices and their networks against the new security threats that the implementation of quantum computers will unleash.”

"Together, we are leading the market with development of hybrid certificates that inject quantum-resistant algorithms alongside RSA and ECC to ensure long-term protection."

Safety solutions startup wins ‘radical generosity’ funding
Guardian Angel Security was one of five New Zealand businesses selected by 500 women (SheEO Activators) who contributed $1100 each.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.