Network Security
The Quantum Computing Threat
Table of Contents
Expand All
|
Collapse All
Network Security Docs
The Quantum Computing Threat
Quantum computers will break classical cryptography with threats including harvest
now, decrypt later attacks.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Public Key Infrastructure (PKI) encryption and IKE key exchange mechanisms use classical
cryptographies such as Diffie-Hellman (DH), Elliptic Curve Cryptography (ECC), and
Elliptic Curve Diffie-Hellman (ECDH) extensively. Quantum computers (QCs) are likely to
break these technologies within 5-15 years of NIST's standardization of the first
post-quantum cryptographies (PQCs).
Post-quantum IKEv2 VPNs based on the RFC 8784, RFC 9242, and RFC 9370 open standards resist attacks based on quantum computing and PQCs.
With RFC 8784, instead of sending the key material to the IKE peer in the peering
handshake, the administrators configure and share the key material separately,
out-of-band. If attackers steal the data, they can't decrypt it because they don't have
the key material. RFC 9370 adds an additional seven optional KEM rounds to IKEv2 to
enable the creation of hybrid encryption keys that are formulated with different types
of KEM technologies. To break the hybrid key, all the KEMs used to create the key would
need to be compromised. Palo Alto Networks' solutions to resist quantum attacks are
based on open standards to enable and ensure interoperability with other equipment that
meets the standards.
The most immediate danger is Harvest Now, Decrypt Later attacks, where attackers steal
data (at rest or in transit) that they can't decrypt now and store it until a
cryptographically relevant quantum computer (CRQC) can decrypt it. A CRQC is a QC
optimized for using quantum algorithms to break encryption in seconds instead of in the
millions of years that a classical supercomputer would take. The data at highest risk is
long-lived data that will still be relevant when CRQCs become available.
- What Is A Quantum Computer?
- How Does the Quantum Threat Affect My Network?
- What to Do Now to Mitigate Harvesting Attacks
What Is A Quantum Computer?
Quantum computers (QCs) are essentially the next
generation of supercomputing platforms. QCs use the laws of quantum mechanics to
vastly decrease the amount of time it takes to process data and run algorithms,
including algorithms that can break classical decryption. Operations that would take
a classical computer hundreds or thousands of years to process take seconds or even
microseconds for a QC. Instead of being based on classical bits (zeros and ones)
that increase a supercomputer's power linearly, QCs use qubits, which are based on polarized photons (light) and increase a QC's
processing power exponentially.
There are several ways to create qubits and the method affects qubit quality—the
efficiency of the qubits. The higher the quality of the qubits, the faster and more
effective the QC. Because of their quantum nature, a qubit represents two states at
one time and those states can be replicated across great distances. This is due to
the quantum effects of superpositioning and entanglement:
-
Superpositioning—A qubit can represent both a one and a zero at the same time. Combining qubits results in escalating the number of states the qubits can represent because the number of states increases at a rate of 2**n, where “n” is the number of qubits. So two qubits can represent four states (2**2), three qubits can represent eight states (2**3), four qubits can represent 16 states (2**4), etc.As qubit density (the number of qubits that fit on a chip) increases, the number of states that the combined qubits can represent increases exponentially. The better the quality of the qubits, the closer the combined number of qubits come to a true exponential scale. Low-quality (noisy) qubits, when combined, don’t increase the number of states exponentially, but they still increase the number of states significantly compared to a classical computer. As the quality of qubits improves, QCs come closer and closer to a true exponential escalation of the number of states represented.
-
Entanglement—Entanglement is a quantum bond between qubits. Entangled qubits generate the same results from running the same quantum algorithm on them, no matter where they are, even if the qubits are halfway around the world from each other. So if you run a particular algorithm on entangled qubits that are located in Bangalore (India) and Los Angeles (United States), the entangled qubits in those locations yield the same result. The exact mechanism by which quantum entanglement works is unknown.
There are three types of QCs:
-
Quantum Annealers—These are available today. They are the least-powerful QCs with the narrowest use cases. However, attackers can use them to factor large numbers using quantum algorithms, which is how to break asymmetric encryption.
-
Analog Quantum Simulators—These solve physics problems that are beyond the ability of classical computers, such as quantum chemistry, materials sciences, optimization problems, factoring large numbers, sampling, and quantum dynamics.
-
Universal Quantum Computer—These are the hardest QCs to build because they require many physical qubits. They solve the broadest range of use cases and several companies are targeting the end of this decade for commercializing them. When they are developed, these are the computers that will be CRQCs.
QCs create a multi-dimensional space comprised of many entangled qubits in which to
solve complex problems. For example, classical computers take each element of a
database, process it, and then combine it with other elements after processing all
the elements. QCs create an algorithm that solves for every state and outcome you're
looking for. They pass the entire database through the algorithm simultaneously,
analyzing the data for every outcome simultaneously. This makes QCs potentially
millions of times faster than classical computers and is one reason they are
excellent at solving complex mathematical problems such as breaking encryption.
How Does the Quantum Threat Affect My Network?
The vastly increased processing power and speed of QCs threaten to break classical
methods for encrypting data, which could compromise your public key infrastructure
(PKI).
The most immediate threat is Harvest Now, Decrypt Later attacks that steal your
encrypted data with the intention of using a CRQC to decrypt it in the future. Once
attackers steal your data and classical key material, there's no way to stop them
from decrypting the data in the future using a CRQC. If the stolen data is still
valid at that time, it is compromised.
Classical asymmetric encryption is based on prime numbers and relies on the
difficulty of factoring complex numbers to derive those prime numbers. A quantum
algorithm called Shor's algorithm can factor complex
numbers and solve discrete logarithm problems. Shor's algorithm threatens PKI
security, which is based on two very large prime numbers to produce the key.
However, Shor's algorithm can't break PKI security in less than millions of years
using a classical computer. Without CRQCs, Shor's algorithm wasn't a threat.
However, given the processing power of a CRQC, Shor's algorithm can factor complex
numbers and crack classical asymmetrical encryption (such as the key exchange
material needed to decrypt data) in seconds or less. This is why Harvest Now,
Decrypt Later attacks are an immediate threat.
The consequences of breaking classical encryption include compromising the security
of classical PKI cryptographies that were thought to be secure, such as
Diffie-Hellman (DH), Elliptic Curve Cryptography (ECC), and Elliptic Curve
Diffie-Hellman (ECDH). The key exchange is at greatest risk and is why you need to
configure post-quantum IKEv2 VPNs to secure the key exchange.
Certificates have been the foundation of how two endpoints establish trust. However,
CRQCs can also compromise RSA, which is used to create and secure digital
certificates. This means that attackers can steal or impersonate digital signatures
with a CRQC, so the server you think you're connecting to might actually be an
attacker's server. The ability to do this might come as soon as the next decade.
In addition, the sheer brute force processing power of QCs means that symmetric
encryption isn't safe either. Grover's algorithm is a quantum, quadratically
accelerated unstructured search algorithm that finds the unique input that produces
a particular output value. Grover's algorithm targets symmetric cryptography and
hash functions. It essentially halves the crypto strength of AES algorithms, so if
you use AES-128 bit encryption, Grover's algorithm drops it to the crypto strength
of 64-bit encryption. Because classical computers don't have anywhere near enough
processing power, they can't use Grover's algorithm to break symmetric encryption.
However, using a QC, Grover's algorithm can break AES-128 bit encryption.
Because of AES-128 bit encryption's vulnerability to Grover's algorithm, use
AES-256 bit encryption, which Grover's algorithm will not be able to break in
the near or mid-term future.
To help safeguard hash functions, use SHA-384 at a minimum.
Post-quantum cryptographies (PQCs) are available today and most security-savvy people
can download and set up PQCs, which can't be decrypted. If you allow unauthorized
PQCs on your network, an internal bad actor could introduce PQCs into your network.
If that happens, you have no visibility into traffic that uses a PQC and no
visibility into threats in that traffic. Use Decryption features to detect
unauthorized PQCs on your network and automatically block traffic that uses
PQCs.
What to Do Now to Mitigate Harvesting Attacks
Take these actions now to resist post-quantum Harvest Now, Decrypt Later attacks.
Review your VPN connections and harden them:
-
Follow RFC 6379 for Suite B Cryptographic Suites for IPsec to upgrade your VPN connections to tough cipher suites. Use Suite-B-GCM-256 and avoid weaker 128-bit AES algorithms, which are vulnerable to Grover's algorithm.
-
Upgrade your CA to 4K RSA key sizes to mitigate brute force attacks that can break smaller key sizes and migrate your VPN certificate authentication to new certificates.
-
Upgrade to higher-bit SHA hash sizes such as SHA-384 and SHA-512. Stop using weak hashes such as MD5 and SHA-1.
-
Implement RFC 8784 and/or RFC 9242 and RFC 9370 to create post-quantum VPNs that resist quantum attacks.
In addition, review your SSL/TLS connections and harden them:
-
Upgrade SSL/TLS connections to tough cipher suites; use TLSv1.3 with Perfect Forward Secrecy (PFS) ciphers.
-
Tunnel SSL/TLS sessions in hardened, client-to-server VPN sessions. Use a post-quantum desktop application to support Reverse Proxy.