Story image

Microsoft, DigiCert, Utimaco tackle quantum computing threats

13 Feb 2019

Microsoft Research, DigiCert and hardware security module provider Utimaco have successfully piloted an algorithm that could bring the world one step closer to a secure internet of things.

The three companies ran a test implementation of the ‘Picnic’ algorithm, which also incorporated digital certificates for IoT encryption, authentication and integrity.

This could be the start of a full solution that will protect IoT from threats that quantum computing could pose to widely-used cryptographic algorithms.

Most IoT devices currently use RSA and ECC as security measures to protect confidentiality, integrity, and authenticity for device identities and communication.

According to Microsoft Research’s Dr Brian LaMacchia, large-scale quantum computers will soon be able to break RSA and ECC public key cryptography within 10-15 years. 

That’s not actually very far down the track, particularly when critical infrastructure like connected cities, smart homes, connected medical devices and other technologies will last longer than that, and they may take longer to update.

"The work that Microsoft Research is doing with DigiCert and Utimaco is important to develop quantum-secure cryptographic algorithms, protocols and solutions today so that in the near future enterprises will be able to transition to and deploy quantum-safe cryptography,” says LaMacchia. 

“Working to ensure that their solutions are cryptographically agile will help companies avoid expensive and unscalable security practices to protect their IoT devices against future security threats."

The certificates are issued by DigiCert using the Picnic quantum-safe digital signature algorithm developed by Microsoft Research. To implement this algorithm and issue certificates, DigiCert has used an Utimaco Hardware Security Module. 

The full solution, in development, would provide quantum-safe digital certificate issuance and secure key management, helping companies future-proof their IoT deployments.

For enterprises, it means they will be able to deploy IoT solutions that are future-proofed against quantum computing threats. The goal is to keep sensitive information and high-value assets safe.

Utimaco CTO Dr Thorsten Grötker says the successful test implantation is a fundamental building block for quantum-safe solution implantation.

"Using these solutions, IoT manufacturers and other large organisations can innovate and develop products that are well prepared against coming quantum threats."

DigiCert Labs head Avesta Hojjati adds, "DigiCert, Microsoft Research and Utimaco are collaborating today to solve tomorrow's problem of defending connected devices and their networks against the new security threats that the implementation of quantum computers will unleash.”

"Together, we are leading the market with development of hybrid certificates that inject quantum-resistant algorithms alongside RSA and ECC to ensure long-term protection."

Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Deakin Uni scores double win with Exabeam partnership
Australia’s Deakin University is partnering with SIEM security company Exabeam in an effort to boost the university’s cybersecurity degree program and strengthen its SIEM capabilities.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Voter vulnerabilities: Cybersecurity risks impact national elections
The outcome of elections have an enormous impact on the political and cultural landscape of any democratic society. 
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."