There is an imminent threat to existing cryptography with the advent of quantum computers.
A quantum computer works with qubits, which can exist in multiple states simultaneously, based on the quantum mechanical principle of superposition.
Thus, a quantum computer could explore many possible permutations and combinations for a computational task, simultaneously and swiftly, transcending the limits of classical computing.
While a sufficiently large and commercially feasible quantum computer has yet to be built, there have been massive investments in quantum computing from many corporations, governments, and universities.
Quantum computers will empower compelling innovations in areas such as AI/ML and financial and climate modeling.
Quantum computers will also give bad actors the ability to break current cryptography.
The current public-key cryptography algorithms are based on mathematical problems, such as the factorization of large numbers, which are daunting for classical computers to solve.
Shor's algorithm provides a way for quantum computers to solve these mathematical problems much faster than classical computers.
Once a sufficiently large quantum computer is built, existing public-key cryptography will no longer be secure, which will render most current uses of cryptography vulnerable to attacks.
This shared session key is then used for symmetric encryption and decryption of the actual traffic.
It is an unacceptable risk to leave sensitive encrypted data susceptible to impending quantum threats.
The long-term solution is to adopt post-quantum cryptography algorithms to replace the current algorithms that are susceptible to quantum computers.
Cisco has introduced the Cisco session key import protocol, which enables a Cisco router to securely import a post-quantum pre-shared key from an external key source such as a quantum key distribution device or other source of key material.
For deployments that can use an external hardware-based key source, SKIP can be used to derive the session keys on both the routers establishing the MACsec connection.
The channel between the router and key source used by SKIP is also quantum-safe, as it uses TLS 1.2 with DHE-PSK cipher suite.
In addition to SKIP, Cisco has introduced the session key device, which is a unique solution that enables routers to derive session keys without having to use an external key source.
Routers establishing a secure connection like MACsec will derive the session keys directly from their respective SKS engines.
The engines are seeded with a one-time, out-of-band operation to make sure they derive the same session keys.
Unlike the traditional method, where the session keys are exchanged on the wire, only the key identifiers are sent on the wire with quantum key distribution.
Any attacker tapping the links will not be able to derive the session keys, as having just the key identifier is not sufficient.
This Cyber News was published on feedpress.me. Publication date: Mon, 05 Feb 2024 19:13:16 +0000